Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Features
- # Fast catch-save reflectors. (Less than 0.05s).
- # Chargen, NTP, SSDP, SNMP, DNS, LDAP, MEMCACHED, TFTP, PortMap supported.
- # Anti-Duplication feature.
- # Filter bytes of each packet.
- # Custom output syntax support.
- # Lightweight.
- #Installation
- #wget -O xstealer.py https://github.com/Alemalakra/xStealer/raw/master/xstealer.py && chmod 777 xstealer.py
- #
- #Usage
- #[!] xStealer 1.0 by Alemalakra.
- #[!] Usage: python xstealer.py <OUTPUT> <PROTOCOL> <MIN BYTES> <OUTPUT SYNTAX>
- #[!] Protocols: ldap, ntp, memcached, tftp, portmap, snmp, dns, ssdp, chargen
- #[!] Output syntax variables: [space], [ip], [bytes]
- #Sample Usage
- #python xstealer.py ntp.txt ntp 400 [ip][space][bytes]
- #Requeriments
- # Python 2.*
- # Root access.
- #!usr/bin/python
- # -*- coding: utf-8 -*-
- # xStealer 1.0 by Alemalakra - Python UDP Reflector receiver for amplification lists.
- #
- # @author Alemalakra
- # @version 1.0
- import socket, sys
- from struct import *
- if len(sys.argv) < 2:
- print '[!] xStealer 1.0 by Alemalakra.'
- print '[!] Usage: python xstealer.py <OUTPUT> <PROTOCOL> <MIN BYTES> <OUTPUT SYNTAX>'
- print '[!] Protocols: ldap, ntp, memcached, tftp, portmap, snmp, dns, ssdp, chargen'
- print '[!] Output syntax variables: [space], [ip], [bytes]'
- sys.exit()
- # Starting stealer.
- print '[!] Listening at: ANY PORT UDP.'
- print '[!] Reciving protocol: ' + sys.argv[2].upper()
- print '[!} For exit please use CTRL + C.'
- # Arguments set by user.
- output_file = sys.argv[1] # Output
- proto = sys.argv[2] # Protocol.
- min_reply = sys.argv[3] # Min bytes reply.
- syntax = sys.argv[4] # Synax out reflector.
- newfile = open(output_file, 'w')
- if proto == 'ldap':
- sourceport_check = 389
- elif proto == 'ntp':
- sourceport_check = 123
- elif proto == 'memcached':
- sourceport_check = 11211
- elif proto == 'tftp':
- sourceport_check = 69
- elif proto == 'portmap':
- sourceport_check = 111
- elif proto == 'snmp':
- sourceport_check = 161
- elif proto == 'dns':
- sourceport_check = 53
- elif proto == 'ssdp':
- sourceport_check = 1900
- elif proto == 'chargen':
- sourceport_check = 19
- else:
- print '[!] Protocol is not available'
- sys.exit()
- def eth_addr (a) : # Decode MAC Ethernet Adress.
- b = "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x" % (ord(a[0]) , ord(a[1]) , ord(a[2]), ord(a[3]), ord(a[4]) , ord(a[5]))
- return b
- try:
- s = socket.socket( socket.AF_PACKET , socket.SOCK_RAW , socket.ntohs(0x0003))
- except socket.error , msg:
- print '[!] Error creating Socket, Youre a root user?'
- sys.exit()
- servers = []
- servers_pps = {}
- completed_servers = 0
- while True:
- packet = s.recvfrom(65565) # Recive all packets, Including TCP/UDP/ICMP.
- packet = packet[0]
- eth_length = 14
- eth_header = packet[:eth_length]
- eth = unpack('!6s6sH' , eth_header)
- eth_protocol = socket.ntohs(eth[2])
- if eth_protocol == 8: # IPv4 Packet.
- ip_header = packet[eth_length:20+eth_length]
- iph = unpack('!BBHHHBBH4s4s' , ip_header)
- version_ihl = iph[0]
- version = version_ihl >> 4
- ihl = version_ihl & 0xF
- iph_length = ihl * 4
- ttl = iph[5]
- protocol = iph[6]
- s_addr = socket.inet_ntoa(iph[8]);
- d_addr = socket.inet_ntoa(iph[9]);
- if protocol == 17: # UDP.
- syntax_output = ""
- u = iph_length + eth_length
- udph_length = 8
- udp_header = packet[u:u+8]
- udph = unpack('!HHHH' , udp_header) # Unpack UDP header, For get information like Source Port.
- source_port = udph[0] # Important thing.
- h_size = eth_length + iph_length + udph_length # Header size.
- data_size = len(packet) - h_size
- checksum = udph[3]
- if source_port == sourceport_check:
- if int(data_size) >= int(min_reply):
- if any(s_addr in s for s in servers):
- # Already writed to Output.
- # Add to Packets count by Reflector.
- new_count = servers_pps[s_addr] + 1
- servers_pps.update({s_addr : new_count})
- # TEMPORALLY BETA, Filter PPS for Each Reflector, Maybe future version.
- #print '[!] Recived Packet-From-Reflector: ' + s_addr + ' - Recived Bytes: ' + str(data_size) + ' - PPS/This reflector: ' + str(new_count)
- else:
- completed_servers += 1
- print '[!] Recived working server: ' + s_addr + ' - Recived Bytes: ' + str(data_size) + ' - Servers found: ' + str(completed_servers)
- syntax_output = syntax.replace("[space]", " ", 5) # 5 is fine.
- syntax_output = syntax_output.replace("[bytes]", str(data_size), 5) # 5 is fine.
- syntax_output = syntax_output.replace("[ip]", str(s_addr), 5) # 5 is fine.
- newfile.write(str(syntax_output)+'\n')
- servers.append(s_addr)
- servers_pps.update({s_addr : 1})
- # Infinite loop, until guy press CTRL + C, xStealer by Alemalakra :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement