Python UDP Reflector receiver for amps.py

1. #Features
2. # Fast catch-save reflectors. (Less than 0.05s).
3. # Chargen, NTP, SSDP, SNMP, DNS, LDAP, MEMCACHED, TFTP, PortMap supported.
4. # Anti-Duplication feature.
5. # Filter bytes of each packet.
6. # Custom output syntax support.
7. # Lightweight.
8. #Installation
9. #wget -O xstealer.py https://github.com/Alemalakra/xStealer/raw/master/xstealer.py && chmod 777 xstealer.py
10. #
11. #Usage
12. #[!] xStealer 1.0 by Alemalakra.
13. #[!] Usage: python xstealer.py <OUTPUT> <PROTOCOL> <MIN BYTES> <OUTPUT SYNTAX>
14. #[!] Protocols: ldap, ntp, memcached, tftp, portmap, snmp, dns, ssdp, chargen
15. #[!] Output syntax variables: [space], [ip], [bytes]
16. #Sample Usage
17. #python xstealer.py ntp.txt ntp 400 [ip][space][bytes]
18.  
19. #Requeriments
20. # Python 2.*
21. # Root access.
22.  
23.  
24. #!usr/bin/python
25. # -*- coding: utf-8 -*-
26.  
27. # xStealer 1.0 by Alemalakra - Python UDP Reflector receiver for amplification lists.
28. #
29. # @author Alemalakra
30. # @version 1.0
31.  
32. import socket, sys
33. from struct import *
34.  
35. if len(sys.argv) < 2:
36.         print '[!] xStealer 1.0 by Alemalakra.'
37.         print '[!] Usage: python xstealer.py <OUTPUT> <PROTOCOL> <MIN BYTES> <OUTPUT SYNTAX>'
38.         print '[!] Protocols: ldap, ntp, memcached, tftp, portmap, snmp, dns, ssdp, chargen'
39.         print '[!] Output syntax variables: [space], [ip], [bytes]'
40.         sys.exit()
41.  
42. # Starting stealer.
43.  
44. print '[!] Listening at: ANY PORT UDP.'
45. print '[!] Reciving protocol: ' + sys.argv[2].upper()
46. print '[!} For exit please use CTRL + C.'
47.  
48. # Arguments set by user.
49.  
50. output_file = sys.argv[1] # Output
51. proto = sys.argv[2] # Protocol.
52. min_reply = sys.argv[3] # Min bytes reply.
53. syntax = sys.argv[4] # Synax out reflector.
54. newfile = open(output_file, 'w')
55.  
56. if proto == 'ldap':
57.     sourceport_check = 389
58. elif proto == 'ntp':
59.     sourceport_check = 123
60. elif proto == 'memcached':
61.     sourceport_check = 11211
62. elif proto == 'tftp':
63.     sourceport_check = 69
64. elif proto == 'portmap':
65.     sourceport_check = 111
66. elif proto == 'snmp':
67.     sourceport_check = 161
68. elif proto == 'dns':
69.     sourceport_check = 53
70. elif proto == 'ssdp':
71.     sourceport_check = 1900
72. elif proto == 'chargen':
73.     sourceport_check = 19
74. else:
75.         print '[!] Protocol is not available'
76.         sys.exit()
77.  
78. def eth_addr (a) : # Decode MAC Ethernet Adress.
79.     b = "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x" % (ord(a[0]) , ord(a[1]) , ord(a[2]), ord(a[3]), ord(a[4]) , ord(a[5]))
80.     return b
81.  
82. try:
83.         s = socket.socket( socket.AF_PACKET , socket.SOCK_RAW , socket.ntohs(0x0003))
84. except socket.error , msg:
85.         print '[!] Error creating Socket, Youre a root user?'
86.         sys.exit()
87.  
88. servers = []
89. servers_pps = {}
90. completed_servers = 0
91. while True:
92.     packet = s.recvfrom(65565) # Recive all packets, Including TCP/UDP/ICMP.
93.     packet = packet[0]
94.     eth_length = 14  
95.     eth_header = packet[:eth_length]
96.     eth = unpack('!6s6sH' , eth_header)
97.     eth_protocol = socket.ntohs(eth[2])
98.     if eth_protocol == 8: # IPv4 Packet.
99.         ip_header = packet[eth_length:20+eth_length]
100.         iph = unpack('!BBHHHBBH4s4s' , ip_header)
101.         version_ihl = iph[0]
102.         version = version_ihl >> 4
103.         ihl = version_ihl & 0xF
104.         iph_length = ihl * 4
105.         ttl = iph[5]
106.         protocol = iph[6]
107.         s_addr = socket.inet_ntoa(iph[8]);
108.         d_addr = socket.inet_ntoa(iph[9]);
109.         if protocol == 17: # UDP.
110.             syntax_output = ""
111.             u = iph_length + eth_length
112.             udph_length = 8
113.             udp_header = packet[u:u+8]
114.             udph = unpack('!HHHH' , udp_header) # Unpack UDP header, For get information like Source Port.
115.             source_port = udph[0] # Important thing.
116.             h_size = eth_length + iph_length + udph_length # Header size.
117.             data_size = len(packet) - h_size
118.             checksum = udph[3]
119.             if source_port == sourceport_check:
120.                 if int(data_size) >= int(min_reply):
121.                     if any(s_addr in s for s in servers):
122.                         # Already writed to Output.
123.                         # Add to Packets count by Reflector.
124.                         new_count = servers_pps[s_addr] + 1
125.                         servers_pps.update({s_addr : new_count})
126.                         # TEMPORALLY BETA, Filter PPS for Each Reflector, Maybe future version.
127.                         #print '[!] Recived Packet-From-Reflector: ' + s_addr + ' - Recived Bytes: ' + str(data_size) + ' - PPS/This reflector: ' + str(new_count)
128.                     else:
129.                         completed_servers += 1
130.                         print '[!] Recived working server: ' + s_addr + ' - Recived Bytes: ' + str(data_size) + ' - Servers found: ' + str(completed_servers)
131.                         syntax_output = syntax.replace("[space]", " ", 5) # 5 is fine.
132.                         syntax_output = syntax_output.replace("[bytes]", str(data_size), 5) # 5 is fine.
133.                         syntax_output = syntax_output.replace("[ip]", str(s_addr), 5) # 5 is fine.
134.                         newfile.write(str(syntax_output)+'\n')
135.                         servers.append(s_addr)
136.                         servers_pps.update({s_addr : 1})
137.  
138. # Infinite loop, until guy press CTRL + C, xStealer by Alemalakra :)