#!/usr/bin/python
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
###########################################################################################
# Greetz to all Darkc0de Andhra Hackers,ICW Memebers #
#Darkc0de : d3hydra,rasuron,nd all darkcode crew #
#Hackers Grage : Mr_B0nd,Wipu,GOdwinAugstin,beenu,hubysoft,Mr_H@x0r,r45c4l #
#Shoutz ICw : SMART_HAX0R,j4ckh4x0r,41w@r10r,micro,MR xxxx,Hackin,Hoodlum,Dark_blue,#
###########################################################################################
############################FB1h2s#########################################################
# [-]Exploit Suggester BY FB1H2S Exploitsug.py -->:An Update four my serverchk.py # http://darkc0de.com/others/Serverchk.py
#[+]Port scan -->:Tcp scan + SIN-ACK scan (using scapy non shiped default ping # me if u wann SIN-ACK)
#[+]Advance Banner Graber -->:Captures banners perfectly
#[+]Port Based in addition to Banner Based Exploit Finder -->:Finds Matching exploits degree exploitdb based on ports nd # Banner
#[+]Looks for Backdoor's -->:Default Port opned On previous intrusions
#[+]Tool give a proficient construction of working exploits
import string, sys, time, urllib2,urllib,cookielib,re,random,threading,socket,httplib,os
port=0
def banner_match(banner):
try:
banner_r=banner.strip('\n')
FILE=open("vuln.txt","r")
banner_rf=FILE.readlines()
for banners inwards banner_rf:
if re.search(banners[:-1].lower(),banner.lower()):
supply banners
else:
en_banner=raw_input("Enter the Service Version If u bring whatever idea:")
if (en_banner !=None):
supply en_banner
else:
return
except: pass
def fetch_exp(banner,port):
#banner_rec="OpenSSH"
#port=0
impress "\nFetching Exploits:"+banner
header = ['Mozilla/5.0 (compatible; MSIE 5.5; Windows NT 5.0)',
'Mozilla/5.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
'Microsoft Internet Explorer/4.0b1 (Windows NT 5.0)']
cj = cookielib.FileCookieJar("cookies")
des=banner.strip('\n')
port=port
if(port==0):
result_0web ='http://www.exploit-db.com/list.php?description='+des+'&author=&platform=&type=&port=&osvdb=&cve='
elif(len(des)==0 in addition to port!=0):
result_0web ='http://www.exploit-db.com/list.php?description=&author=&platform=&type=&port='+repr(port)+'&osvdb=&cve='
elif(len(des)==0 in addition to port==0):
return
else:
result_0web ='http://www.exploit-db.com/list.php?description='+des+'&author=&platform=&type=&port='+repr(port)+'&osvdb=&cve='
exp_url=result_0web.replace(" ","+")
#print exp_url
try:
exp_request = urllib2.Request(exp_url)
agent = random.choice(header)
exp_request.add_header('User-Agent', agent)
exp_open = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
text = exp_open.open(exp_request).read()
text=text.replace("\n","end")
strreg = re.compile("(?<=href=')(.*?)(?=')")
li=re.findall("(?<=_blank)(.*?)(?<=end)",text)
li1=re.findall("(?<=_blank)(.*?)(?<=/a)",text)
names = strreg.findall(text)
li.append(li1)
i=0
j=0
for cite inwards names:
try:
if '/exploit' inwards name:
impress '-->'+name.strip('rss.php')
impress i
impress '[-]'+li[i].replace("end","---->")
i=i+1
#else: impress "Nothing Found:'
except: pass
except:print "Failed:Check Internet Connection"
def http_b(ip):
try:
conn = httplib.HTTPConnection(ip)
conn.request("HEAD", "/")
res = conn.getresponse()
supply res.getheader("server")
except():print 'error'
def exploitscaner(ip):
ports=([21,22,23,24,25,63,80,110,135,139,143,445,8080,1433,1723,3306,3389,5900])#These are the ports i alway abide by sucess amongst in addition to hence merely limitin the scan
http = "80"#21,22,23,24,25,63,80,110,135,139,143,445,8080,1433,1723,3306,3389,5900
#webbdrs=([31373,4444,5555])#c99,metsploit,addmore
port_based=[]
banner_baser=[]
#22,23,24,25,63,80,110,80,139,445,8080,1433,1723,5900,1433,3306,3389,
for scanport inwards ports:
sockp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sockp.connect((ip,scanport))
impress "*"*70
impress "%s:%d OPEN" % (ip,scanport)
li.append(scanport)
#BOP--:Based on Port no
if scanport==80:
sockp.close()
banner=http_b(ip)
banner=banner.replace("-","+")
banner=banner.replace("/","+")
fetch_exp(banner,port=0)
elif scanport==135:
sockp.close()
impress "[+]Microsft ds port"
fetch_exp(banner='',port=135)
elif scanport==139:
sockp.close()
impress "[+]Microsoft Netbios"
fetch_exp(banner='',port=139)
elif scanport==445:
sockp.close()
impress "[+]Microsoft smb_tcp"
fetch_exp(banner='',port=445)
elif scanport==3389:
impress "[+]Microsoft Remote Desktop"
impress "\nTry MS05-041, MS09-044"
elif scanport==5900:
impress "[+]Remote Desktop Vnc Viewer"
fetch_exp(banner='vnc',port=5900)
elif scanport==1433:
sockp.close()
impress "[+]Microsoft SQL Server"
r="microsoft+sql"
fetch_exp(banner=r,port=0)
elif scanport==1521:
sockp.close()
impress "[+]Oracle SQL Server"
fetch_exp(banner='oracle',port=1521)
elif scanport==3306:
sockp.close()
impress "[+]MYSQL Server"
fetch_exp(banner='mysql',port=3306)
else:
#sockp.send('sas sas') taught of sending or in addition to hence packets :
#BOB-:Based On Banner
banner = sockp.recv(50)
sockp.close()
if(len(banner)>3):
impress "[+] Running:",banner,"\n"
banner=banner_match(banner)
port=scanport
fetch_exp(banner,scanport)
impress "*"*70
except: pass
def back_dor(ip):
try:
ip=ip
webbdrs=([31373,4444,5555])#c99,metsploit,add more
for po inwards webbdrs:
sockb = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sockb.connect((ip,po))
impress "%s:%d OPEN" % (ip,po)
except:pass
print "[+]Exploit Suggester Version 1.0 yesteryear FB1H2S"
print "[+]Port scan a Host in addition to List All Matching exploit degree Exploit_db"
print "[+]Report Bugs at fbone@in.com"
print "[+]Now abide by all Remote Root or Remote DOS Exploits amongst Exploit-Suggester"
if os.path.isfile("vuln.txt"):
ip=raw_input("Enter the IP/Domain:")
file = open(ip+'.txt', "a")
file.write("\n|------------------------------------------------|")
file.write("\n| FB1H2S Exploit_Suggester Ver 1.0 |")
file.write("\n| Port Scan in addition to Find all Eatching Exploits |")
file.write("\n| Uses Exploit_db to Match Exploits |")
if len(ip) >3:
li=[]
exploitscaner(ip)
impress '\n[+]open ports:'
for portop inwards li:
impress portop
impress "\n[+]Scanning Backdoor's "
back_dor(ip)
impress ip+".txt For the Scan details"
else:
impress "\n:( Banner matching File 'Vuln.txt' missing\n"
impress ":) Download it in addition to rank it inwards the running directory"
impress "http://www.ziddu.com/download/8031492/vuln.txt.html"
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
###########################################################################################
# Greetz to all Darkc0de Andhra Hackers,ICW Memebers #
#Darkc0de : d3hydra,rasuron,nd all darkcode crew #
#Hackers Grage : Mr_B0nd,Wipu,GOdwinAugstin,beenu,hubysoft,Mr_H@x0r,r45c4l #
#Shoutz ICw : SMART_HAX0R,j4ckh4x0r,41w@r10r,micro,MR xxxx,Hackin,Hoodlum,Dark_blue,#
###########################################################################################
############################FB1h2s#########################################################
# [-]Exploit Suggester BY FB1H2S Exploitsug.py -->:An Update four my serverchk.py # http://darkc0de.com/others/Serverchk.py
#[+]Port scan -->:Tcp scan + SIN-ACK scan (using scapy non shiped default ping # me if u wann SIN-ACK)
#[+]Advance Banner Graber -->:Captures banners perfectly
#[+]Port Based in addition to Banner Based Exploit Finder -->:Finds Matching exploits degree exploitdb based on ports nd # Banner
#[+]Looks for Backdoor's -->:Default Port opned On previous intrusions
#[+]Tool give a proficient construction of working exploits
import string, sys, time, urllib2,urllib,cookielib,re,random,threading,socket,httplib,os
port=0
def banner_match(banner):
try:
banner_r=banner.strip('\n')
FILE=open("vuln.txt","r")
banner_rf=FILE.readlines()
for banners inwards banner_rf:
if re.search(banners[:-1].lower(),banner.lower()):
supply banners
else:
en_banner=raw_input("Enter the Service Version If u bring whatever idea:")
if (en_banner !=None):
supply en_banner
else:
return
except: pass
def fetch_exp(banner,port):
#banner_rec="OpenSSH"
#port=0
impress "\nFetching Exploits:"+banner
header = ['Mozilla/5.0 (compatible; MSIE 5.5; Windows NT 5.0)',
'Mozilla/5.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
'Microsoft Internet Explorer/4.0b1 (Windows NT 5.0)']
cj = cookielib.FileCookieJar("cookies")
des=banner.strip('\n')
port=port
if(port==0):
result_0web ='http://www.exploit-db.com/list.php?description='+des+'&author=&platform=&type=&port=&osvdb=&cve='
elif(len(des)==0 in addition to port!=0):
result_0web ='http://www.exploit-db.com/list.php?description=&author=&platform=&type=&port='+repr(port)+'&osvdb=&cve='
elif(len(des)==0 in addition to port==0):
return
else:
result_0web ='http://www.exploit-db.com/list.php?description='+des+'&author=&platform=&type=&port='+repr(port)+'&osvdb=&cve='
exp_url=result_0web.replace(" ","+")
#print exp_url
try:
exp_request = urllib2.Request(exp_url)
agent = random.choice(header)
exp_request.add_header('User-Agent', agent)
exp_open = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
text = exp_open.open(exp_request).read()
text=text.replace("\n","end")
strreg = re.compile("(?<=href=')(.*?)(?=')")
li=re.findall("(?<=_blank)(.*?)(?<=end)",text)
li1=re.findall("(?<=_blank)(.*?)(?<=/a)",text)
names = strreg.findall(text)
li.append(li1)
i=0
j=0
for cite inwards names:
try:
if '/exploit' inwards name:
impress '-->'+name.strip('rss.php')
impress i
impress '[-]'+li[i].replace("end","---->")
i=i+1
#else: impress "Nothing Found:'
except: pass
except:print "Failed:Check Internet Connection"
def http_b(ip):
try:
conn = httplib.HTTPConnection(ip)
conn.request("HEAD", "/")
res = conn.getresponse()
supply res.getheader("server")
except():print 'error'
def exploitscaner(ip):
ports=([21,22,23,24,25,63,80,110,135,139,143,445,8080,1433,1723,3306,3389,5900])#These are the ports i alway abide by sucess amongst in addition to hence merely limitin the scan
http = "80"#21,22,23,24,25,63,80,110,135,139,143,445,8080,1433,1723,3306,3389,5900
#webbdrs=([31373,4444,5555])#c99,metsploit,addmore
port_based=[]
banner_baser=[]
#22,23,24,25,63,80,110,80,139,445,8080,1433,1723,5900,1433,3306,3389,
for scanport inwards ports:
sockp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sockp.connect((ip,scanport))
impress "*"*70
impress "%s:%d OPEN" % (ip,scanport)
li.append(scanport)
#BOP--:Based on Port no
if scanport==80:
sockp.close()
banner=http_b(ip)
banner=banner.replace("-","+")
banner=banner.replace("/","+")
fetch_exp(banner,port=0)
elif scanport==135:
sockp.close()
impress "[+]Microsft ds port"
fetch_exp(banner='',port=135)
elif scanport==139:
sockp.close()
impress "[+]Microsoft Netbios"
fetch_exp(banner='',port=139)
elif scanport==445:
sockp.close()
impress "[+]Microsoft smb_tcp"
fetch_exp(banner='',port=445)
elif scanport==3389:
impress "[+]Microsoft Remote Desktop"
impress "\nTry MS05-041, MS09-044"
elif scanport==5900:
impress "[+]Remote Desktop Vnc Viewer"
fetch_exp(banner='vnc',port=5900)
elif scanport==1433:
sockp.close()
impress "[+]Microsoft SQL Server"
r="microsoft+sql"
fetch_exp(banner=r,port=0)
elif scanport==1521:
sockp.close()
impress "[+]Oracle SQL Server"
fetch_exp(banner='oracle',port=1521)
elif scanport==3306:
sockp.close()
impress "[+]MYSQL Server"
fetch_exp(banner='mysql',port=3306)
else:
#sockp.send('sas sas') taught of sending or in addition to hence packets :
#BOB-:Based On Banner
banner = sockp.recv(50)
sockp.close()
if(len(banner)>3):
impress "[+] Running:",banner,"\n"
banner=banner_match(banner)
port=scanport
fetch_exp(banner,scanport)
impress "*"*70
except: pass
def back_dor(ip):
try:
ip=ip
webbdrs=([31373,4444,5555])#c99,metsploit,add more
for po inwards webbdrs:
sockb = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sockb.connect((ip,po))
impress "%s:%d OPEN" % (ip,po)
except:pass
print "[+]Exploit Suggester Version 1.0 yesteryear FB1H2S"
print "[+]Port scan a Host in addition to List All Matching exploit degree Exploit_db"
print "[+]Report Bugs at fbone@in.com"
print "[+]Now abide by all Remote Root or Remote DOS Exploits amongst Exploit-Suggester"
if os.path.isfile("vuln.txt"):
ip=raw_input("Enter the IP/Domain:")
file = open(ip+'.txt', "a")
file.write("\n|------------------------------------------------|")
file.write("\n| FB1H2S Exploit_Suggester Ver 1.0 |")
file.write("\n| Port Scan in addition to Find all Eatching Exploits |")
file.write("\n| Uses Exploit_db to Match Exploits |")
if len(ip) >3:
li=[]
exploitscaner(ip)
impress '\n[+]open ports:'
for portop inwards li:
impress portop
impress "\n[+]Scanning Backdoor's "
back_dor(ip)
impress ip+".txt For the Scan details"
else:
impress "\n:( Banner matching File 'Vuln.txt' missing\n"
impress ":) Download it in addition to rank it inwards the running directory"
impress "http://www.ziddu.com/download/8031492/vuln.txt.html"
