-->

Exploit-Suggester

Exploit-Suggester

#!/usr/bin/python
################################################################
#       .___             __          _______       .___        #
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    #
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   #
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   #
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   #
#        \/                  \/             \/                 #
#                   ___________   ______  _  __                #
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                #
#                 \  \___|  | \/\  ___/\     /                 #
#                  \___  >__|    \___  >\/\_/                  #
#      est.2007        \/            \/   forum.darkc0de.com   #
###########################################################################################
# Greetz to all Darkc0de Andhra Hackers,ICW Memebers                                      #
#Darkc0de      : d3hydra,rasuron,nd all darkcode crew                                     #
#Hackers Grage  : Mr_B0nd,Wipu,GOdwinAugstin,beenu,hubysoft,Mr_H@x0r,r45c4l               #
#Shoutz ICw       : SMART_HAX0R,j4ckh4x0r,41w@r10r,micro,MR xxxx,Hackin,Hoodlum,Dark_blue,#
###########################################################################################
############################FB1h2s#########################################################
# [-]Exploit Suggester BY FB1H2S Exploitsug.py    -->:An Update four my serverchk.py #             http://darkc0de.com/others/Serverchk.py
#[+]Port scan                                    -->:Tcp scan + SIN-ACK scan (using scapy non shiped default ping #                                                    me if u wann SIN-ACK)
#[+]Advance Banner Graber                        -->:Captures banners perfectly
#[+]Port Based in addition to Banner Based Exploit Finder   -->:Finds Matching exploits degree exploitdb based on ports nd #                                                    Banner
#[+]Looks for Backdoor's                         -->:Default Port opned On previous intrusions
#[+]Tool give a proficient construction of working exploits
import string, sys, time, urllib2,urllib,cookielib,re,random,threading,socket,httplib,os
port=0
def banner_match(banner):
      try:
            banner_r=banner.strip('\n')
            FILE=open("vuln.txt","r")
            banner_rf=FILE.readlines()
            for banners inwards banner_rf:
                  if re.search(banners[:-1].lower(),banner.lower()):
                        supply banners
            else:
                  en_banner=raw_input("Enter the Service Version If u bring whatever idea:")
                  if (en_banner !=None):
                        supply en_banner
                  else:
                        return
      except: pass
     

def fetch_exp(banner,port):
      #banner_rec="OpenSSH"
      #port=0
      impress "\nFetching Exploits:"+banner
      header = ['Mozilla/5.0 (compatible; MSIE 5.5; Windows NT 5.0)',
                'Mozilla/5.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
                'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
                'Microsoft Internet Explorer/4.0b1 (Windows NT 5.0)']
      cj = cookielib.FileCookieJar("cookies")
      des=banner.strip('\n')
      port=port
      if(port==0):
            result_0web ='http://www.exploit-db.com/list.php?description='+des+'&author=&platform=&type=&port=&osvdb=&cve='
      elif(len(des)==0 in addition to port!=0):
        result_0web ='http://www.exploit-db.com/list.php?description=&author=&platform=&type=&port='+repr(port)+'&osvdb=&cve='
      elif(len(des)==0 in addition to port==0):
        return
      else:     
            result_0web ='http://www.exploit-db.com/list.php?description='+des+'&author=&platform=&type=&port='+repr(port)+'&osvdb=&cve='
      exp_url=result_0web.replace(" ","+")
      #print exp_url
      try:
           
            exp_request = urllib2.Request(exp_url)
            agent = random.choice(header)
            exp_request.add_header('User-Agent', agent)
            exp_open = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
            text = exp_open.open(exp_request).read()
            text=text.replace("\n","end")
            strreg = re.compile("(?<=href=')(.*?)(?=')")
            li=re.findall("(?<=_blank)(.*?)(?<=end)",text)
            li1=re.findall("(?<=_blank)(.*?)(?<=/a)",text)
            names = strreg.findall(text)
            li.append(li1)
            i=0
            j=0
            for cite inwards names:
                  try:
                        if '/exploit' inwards name:
                              impress '-->'+name.strip('rss.php')
                              impress i
                              impress '[-]'+li[i].replace("end","---->")
                              i=i+1
            #else: impress "Nothing Found:'                               
                  except: pass
      except:print "Failed:Check Internet Connection"
     
def http_b(ip):
      try:
        conn = httplib.HTTPConnection(ip)
        conn.request("HEAD", "/")
        res = conn.getresponse()
            supply res.getheader("server")
      except():print 'error'

def exploitscaner(ip):
      ports=([21,22,23,24,25,63,80,110,135,139,143,445,8080,1433,1723,3306,3389,5900])#These are the ports i alway abide by sucess amongst in addition to hence merely limitin the scan
      http = "80"#21,22,23,24,25,63,80,110,135,139,143,445,8080,1433,1723,3306,3389,5900
      #webbdrs=([31373,4444,5555])#c99,metsploit,addmore
      port_based=[]
      banner_baser=[]
      #22,23,24,25,63,80,110,80,139,445,8080,1433,1723,5900,1433,3306,3389,
      for scanport inwards ports:
        sockp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        try:
          sockp.connect((ip,scanport))
          impress "*"*70
          impress "%s:%d OPEN" % (ip,scanport)
          li.append(scanport)
          #BOP--:Based on Port no
          if scanport==80:
            sockp.close()
            banner=http_b(ip)
            banner=banner.replace("-","+")
            banner=banner.replace("/","+")
                fetch_exp(banner,port=0)
          elif scanport==135:
            sockp.close()
            impress "[+]Microsft ds port"
            fetch_exp(banner='',port=135)
          elif scanport==139:
            sockp.close()
            impress "[+]Microsoft Netbios"
            fetch_exp(banner='',port=139)
          elif scanport==445:
            sockp.close()
            impress "[+]Microsoft smb_tcp"
            fetch_exp(banner='',port=445)
          elif scanport==3389:
            impress "[+]Microsoft Remote Desktop"
            impress "\nTry MS05-041, MS09-044"
          elif scanport==5900:
            impress "[+]Remote Desktop Vnc Viewer"
            fetch_exp(banner='vnc',port=5900)
          elif scanport==1433:
            sockp.close()
            impress "[+]Microsoft SQL Server"
            r="microsoft+sql"
            fetch_exp(banner=r,port=0)
          elif scanport==1521:
            sockp.close()
            impress "[+]Oracle SQL Server"
            fetch_exp(banner='oracle',port=1521)
          elif scanport==3306:
            sockp.close()
            impress "[+]MYSQL Server"   
            fetch_exp(banner='mysql',port=3306)
          else:
            #sockp.send('sas sas') taught of sending or in addition to hence packets :
            #BOB-:Based On Banner
            banner = sockp.recv(50)
            sockp.close()
            if(len(banner)>3):
                  impress "[+] Running:",banner,"\n"
                  banner=banner_match(banner)
                  port=scanport
                  fetch_exp(banner,scanport)
           
              impress "*"*70
            except: pass     
def back_dor(ip):
      try:
        ip=ip
        webbdrs=([31373,4444,5555])#c99,metsploit,add more
        for po inwards webbdrs:
          sockb = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
          sockb.connect((ip,po))
          impress "%s:%d OPEN" % (ip,po)
       
      except:pass
       
print "[+]Exploit Suggester Version 1.0 yesteryear FB1H2S"
print "[+]Port scan a Host in addition to List All Matching exploit degree Exploit_db"
print "[+]Report Bugs at fbone@in.com"
print "[+]Now abide by all Remote Root or Remote DOS Exploits amongst Exploit-Suggester"
if os.path.isfile("vuln.txt"):
      ip=raw_input("Enter the IP/Domain:")
      file = open(ip+'.txt', "a")
      file.write("\n|------------------------------------------------|")
      file.write("\n|   FB1H2S Exploit_Suggester   Ver 1.0           |")
      file.write("\n|   Port Scan in addition to Find all Eatching Exploits     |")
      file.write("\n|   Uses Exploit_db to Match Exploits            |")
      if len(ip) >3:
       
        li=[]
        exploitscaner(ip)
        impress '\n[+]open ports:'
        for portop inwards li:
          impress portop
        impress "\n[+]Scanning Backdoor's "
        back_dor(ip)
        impress ip+".txt For the Scan details"
else:
      impress "\n:( Banner matching File 'Vuln.txt' missing\n"
      impress ":) Download it in addition to rank it inwards the running directory"
      impress "http://www.ziddu.com/download/8031492/vuln.txt.html"
Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser