05-27-2012, 06:19 AM
selamat pagi...salam IBT, dah lama ga share copas2 hasil kerja org,, tp gpp lah, nma nya juga belajar..
ini saya nemu tool yg lumayan bagus buat aktifitas pentesting,
tool ini berfungsi untuk scan service secara random yg sedang berjalan di komp target,
seperti apache, mysql, portgesql dan mgkin masih bnyak lg.
(cuma sgitu yg ane tau, soal ny blm coba semua fitur ny)
ini ss ny :
dan skript ny jg berjalan dgn lancar, saya coba tes scan ip rannge, trnyata emg bner di scan scara random ip.
sumber : http://b4ltazar.wordpress.com/
sekian dulu...
mksih dah mmpir..
ini saya nemu tool yg lumayan bagus buat aktifitas pentesting,
tool ini berfungsi untuk scan service secara random yg sedang berjalan di komp target,
seperti apache, mysql, portgesql dan mgkin masih bnyak lg.
(cuma sgitu yg ane tau, soal ny blm coba semua fitur ny)
Spoiler! :
Code:
#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname : randomChecker.py
# Coder : baltazar a.k.a b4ltazar < [email protected]>
# Version : 0.1
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, r45c4l, fx0, Soul, MikiSoft, c0ax, b0ne and all members of ex darkc0de.com, ljuska.org
import sys, subprocess, socket, httplib, threading, re
from time import sleep
import random as ran
timeout = 5
socket.setdefaulttimeout(timeout)
port = int(80)
num_threads = 5
def logo():
print "\n|---------------------------------------------------------------|"
print "| b4ltazar[@]gmail[dot]com |"
print "| 04/2012 randomChecker.py v.0.1 |"
print "| b4ltazar.wordpress.com & ljuska.org |"
print "| |"
print "|---------------------------------------------------------------|\n"
if sys.platform == 'linux' or sys.platform == 'linux2':
subprocess.call("clear", shell=True)
logo()
else:
subprocess.call("cls", shell=True)
logo()
if len(sys.argv) not in [3,4]:
print "[!] Usage: python randomChecker.py -random NUM"
print "[!] Example : python randomChecker.py -random 10000"
print "[!] Usage: python randomChecker.py -iprange RANGE"
print "[!] Example: python randomChecker.py -iprange 192.168.1.1-255"
print "[!] Please visit b4ltazar.wordpress.com & ljuska.org"
print "[!] Thx for using this script, now exiting!"
sys.exit(1)
def randomIP():
ran1 = ran.randrange(255) + 1
ran2 = ran.randrange(255) + 1
ran3 = ran.randrange(255) + 1
ran4 = ran.randrange(255) + 1
randIP = "%d.%d.%d.%d" % (ran1, ran2, ran3, ran4)
return randIP
def getrange(iprange):
lst = []
iplist = []
iprange = iprange.rsplit(".",2)
if len(iprange[1].split("-",1)) ==2:
for i in range(int(iprange[1].split("-",1)[0]),int(iprange[1].split("-",1)[1])+1,1):
lst.append(iprange[0]+"."+str(i)+".")
for ip in lst:
for i in range(int(iprange[2].split("-",1)[0]),int(iprange[2].split("-",1)[1])+1,1):
iplist.append(ip+str(i))
return iplist
if len(iprange[1].split("-",1)) ==1:
for i in range(int(iprange[2].split("-",1)[0]),int(iprange[2].split("-",1)[1])+1,1):
iplist.append(iprange[0]+"."+str(iprange[1].split("-",1)[0])+"."+str(i))
return iplist
def srvscan(lock, ip):
try:
if ran != 0:
lock.acquire()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
s.close()
srvcheck(ip)
except:
pass
if ran != 0:
lock.release()
def srvcheck(ip):
conn = httplib.HTTPConnection(ip, port)
try:
conn.request("HEAD", "/")
except socket.timeout:
print "\n[-] Server Timeout", ip
except(KeyboardInterrupt, SystemExit):
print "[!] Now exiting, thx for using this script!"
sys.exit(1)
r1 = conn.getresponse()
conn.close()
server = r1.getheader('Server')
xpoweredby = r1.getheader('x-powered-by')
date = r1.getheader('date')
if xpoweredby == None:
print "\n[+] Ip of server: "+ip
print "[+] Server info: "+server
print "[+] Server date: "+date
else:
print "\n[+] Ip of server: "+ip
print "[+] Server info: "+server
print "[+] Xpoweredby: "+xpoweredby
print "[+] Server date: "+date
if server:
if re.search("microsoft", server.lower()):
print "\t[!] IIS Found"
webdav(ip)
if re.search("apache", server.lower()) or re.search("a p a c h e", server.lower()):
print "\t[!] Apache Found"
if re.search("akamaighost", server.lower()):
print "\t[!] AkamaiGHost Found"
if re.search("nginx", server.lower()):
print "\t[!] Nginx Found"
if re.search("micro_httpd", server.lower()):
print "\t[!] Micro_httpd Found"
if re.search("plesklin", xpoweredby.lower()):
print "\t[!] PleskLin Found"
if re.search("cisco", server.lower()):
print "\t[!] Cisco Found"
if re.search("ipoffice", server.lower()):
print "\t[!] IPOffice Found"
if re.search("uc-httpd", server.lower()):
print "\t[!] Uc-httpd Found"
if re.search("rompager", server.lower()):
print "\t[!] RomPager Found"
if re.search("net-dk", server.lower()):
print "\t[!] NET-DK Found"
if re.search("mini_httpd", server.lower()):
print "\t[!] Mini httpd Found"
if re.search("sonicwall", server.lower()):
print "\t[!] SonicWALL Found"
if re.search("realtron", server.lower()):
print "\t[!] Realtron WebServer Found"
if re.search("goahead-webs", server.lower()):
print "\t[!] GoAhead-Webs"
if re.search("nyob", server.lower()):
print "\t[!] NYOB Found"
def webdav(ip):
print "[!] Checking for Web Dav exploit!\n"
#s = socket.socket(socket.AF_INET, socket.sock_STREAM)
#s.connect((ip, port))
req = "OPTIONS / HTTP/1.1\r\n"
req += "Host: " + ip + "\r\n"
req += "Connection: close\r\n"
req += "\r\n\r\n"
print req
s.send(req)
data = s.recv(1024)
s.close()
r1 = re.compile('DAV')
result = r1.findall(data)
if result == []:
print "[-] Sorry, nothing here, Web Dav is not open!"
else:
print "[!] w00t,w00t!: Web Dav Open!"
return None
for arg in sys.argv[1:]:
if arg.lower() == "-iprange":
iprange = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-random":
number = sys.argv[int(sys.argv[1:].index(arg))+2]
try:
if iprange:
iplist = getrange(iprange)
print "[!] Range Loaded:", iprange
except(NameError):
iprange = 0
pass
except(IndexError):
print "[-] Misconfigured IPRANGE"
sys.exit(1)
try:
if number:
print "[!] There is %s random IP for scan" % number
number = int(number)
except(NameError):
number = 0
pass
if __name__ == "__main__":
print "[!] Port for checking: %s" % str(port)
print "[!] Max. number of threads: %s" % num_threads
print "[!] Let's start ...\n"
if iprange != 0:
for ip in iplist:
#print "[!] Testing:", ip
lock = threading.Lock()
srvscan(lock, ip)
if ran != 0:
while number >= 0:
for x in xrange(num_threads):
lock = threading.Lock()
threading.Thread(target = srvscan, args=(lock, randomIP())).start()
sleep(1)
number -= 1
sleep(1)
print "\n[!] Scanning finished!"
print "[!] Please visit b4ltazar.wordpress.com & ljuska.org"
sys.exit(1)
ini ss ny :
Spoiler! :
dan skript ny jg berjalan dgn lancar, saya coba tes scan ip rannge, trnyata emg bner di scan scara random ip.
Spoiler! :
sumber : http://b4ltazar.wordpress.com/
sekian dulu...
mksih dah mmpir..