trxtxx Posted January 6, 2010 Report Posted January 6, 2010 [-]Exploit Suggester BY FB1H2S Exploitsug.py -->:An Update 4 my serverchk.py -->:http://darkc0de.com/others/Serverchk.py[+]Port scan -->:Tcp scan + SIN-ACK scan (using scapy not shiped default ping me if u wann SIN-ACK)[+]Advance Banner Graber -->:Captures banners perfectly[+]Port Based and Banner Based Exploit Finder -->:Finds Matching exploits form exploitdb based on ports nd Banner[+]Looks for Backdoor's -->:Default Port opned On previous intrusions[+]Tool give a good structure of possible exploits in a single screen#!/usr/bin/python ################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ########################################################################################### # Greetz to all Darkc0de Andhra Hackers,ICW Memebers # #Darkc0de : d3hydra,rasuron,nd all darkcode crew # #Hackers Grage : Mr_B0nd,Wipu,GOdwinAugstin,beenu,hubysoft,Mr_H@x0r,r45c4l # #Shoutz ICw : SMART_HAX0R,j4ckh4x0r,41w@r10r,micro,MR xxxx,Hackin,Hoodlum,Dark_blue,# ########################################################################################### ############################FB1h2s######################################################### # [-]Exploit Suggester BY FB1H2S Exploitsug.py -->:An Update 4 my serverchk.py # http://darkc0de.com/others/Serverchk.py #[+]Port scan -->:Tcp scan + SIN-ACK scan (using scapy not shiped default ping # me if u wann SIN-ACK) #[+]Advance Banner Graber -->:Captures banners perfectly #[+]Port Based and Banner Based Exploit Finder -->:Finds Matching exploits form exploitdb based on ports nd # Banner #[+]Looks for Backdoor's -->:Default Port opned On previous intrusions #[+]Tool give a good structure of working exploits import string, sys, time, urllib2,urllib,cookielib,re,random,threading,socket,httplib,os port=0 def banner_match(banner): try: banner_r=banner.strip('\n') FILE=open("vuln.txt","r") banner_rf=FILE.readlines() for banners in banner_rf: if re.search(banners[:-1].lower(),banner.lower()): return banners else: en_banner=raw_input("Enter the Service Version If u have any idea:") if (en_banner !=None): return en_banner else: return except: pass def fetch_exp(banner,port): #banner_rec="OpenSSH" #port=0 print "\nFetching Exploits:"+banner header = ['Mozilla/5.0 (compatible; MSIE 5.5; Windows NT 5.0)', 'Mozilla/5.0 (compatible; MSIE 7.0b; Windows NT 5.1)', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)', 'Microsoft Internet Explorer/4.0b1 (Windows NT 5.0)'] cj = cookielib.FileCookieJar("cookies") des=banner.strip('\n') port=port if(port==0): result_0web ='http://www.exploit-db.com/list.php?description='+des+'&author=&platform=&type=&port=&osvdb=&cve=' elif(len(des)==0 and port!=0): result_0web ='http://www.exploit-db.com/list.php?description=&author=&platform=&type=&port='+repr(port)+'&osvdb=&cve=' elif(len(des)==0 and port==0): return else: result_0web ='http://www.exploit-db.com/list.php?description='+des+'&author=&platform=&type=&port='+repr(port)+'&osvdb=&cve=' exp_url=result_0web.replace(" ","+") #print exp_url try: exp_request = urllib2.Request(exp_url) agent = random.choice(header) exp_request.add_header('User-Agent', agent) exp_open = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) text = exp_open.open(exp_request).read() text=text.replace("\n","end") strreg = re.compile("(?<=href=')(.*?)(?=')") li=re.findall("(?<=_blank)(.*?)(?<=end)",text) li1=re.findall("(?<=_blank)(.*?)(?<=/a)",text) names = strreg.findall(text) li.append(li1) i=0 j=0 for name in names: try: if '/exploit' in name: print '-->'+name.strip('rss.php') print i print '[-]'+li[i].replace("end","---->") i=i+1 #else: print "Nothing Found:' except: pass except:print "Failed:Check Internet Connection" def http_b(ip): try: conn = httplib.HTTPConnection(ip) conn.request("HEAD", "/") res = conn.getresponse() return res.getheader("server") except():print 'error' def exploitscaner(ip): ports=([21,22,23,24,25,63,80,110,135,139,143,445,8080,1433,1723,3306,3389,5900])#These are the ports i alway find sucess with so just limitin the scan http = "80"#21,22,23,24,25,63,80,110,135,139,143,445,8080,1433,1723,3306,3389,5900 #webbdrs=([31373,4444,5555])#c99,metsploit,addmore port_based=[] banner_baser=[] #22,23,24,25,63,80,110,80,139,445,8080,1433,1723,5900,1433,3306,3389, for scanport in ports: sockp = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sockp.connect((ip,scanport)) print "*"*70 print "%s:%d OPEN" % (ip,scanport) li.append(scanport) #BOP--:Based on Port no if scanport==80: sockp.close() banner=http_b(ip) banner=banner.replace("-","+") banner=banner.replace("/","+") fetch_exp(banner,port=0) elif scanport==135: sockp.close() print "[+]Microsft ds port" fetch_exp(banner='',port=135) elif scanport==139: sockp.close() print "[+]Microsoft Netbios" fetch_exp(banner='',port=139) elif scanport==445: sockp.close() print "[+]Microsoft smb_tcp" fetch_exp(banner='',port=445) elif scanport==3389: print "[+]Microsoft Remote Desktop" print "\nTry MS05-041, MS09-044" elif scanport==5900: print "[+]Remote Desktop Vnc Viewer" fetch_exp(banner='vnc',port=5900) elif scanport==1433: sockp.close() print "[+]Microsoft SQL Server" r="microsoft+sql" fetch_exp(banner=r,port=0) elif scanport==1521: sockp.close() print "[+]Oracle SQL Server" fetch_exp(banner='oracle',port=1521) elif scanport==3306: sockp.close() print "[+]MYSQL Server" fetch_exp(banner='mysql',port=3306) else: #sockp.send('sas sas') taught of sending some packets : #BOB-:Based On Banner banner = sockp.recv(50) sockp.close() if(len(banner)>3): print "[+] Running:",banner,"\n" banner=banner_match(banner) port=scanport fetch_exp(banner,scanport) print "*"*70 except: pass def back_dor(ip): try: ip=ip webbdrs=([31373,4444,5555])#c99,metsploit,add more for po in webbdrs: sockb = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sockb.connect((ip,po)) print "%s:%d OPEN" % (ip,po) except:pass print "[+]Exploit Suggester Version 1.0 by FB1H2S" print "[+]Port scan a Host and List All Matching exploit form Exploit_db" print "[+]Report Bugs at fbone@in.com" print "[+]Now find all Remote Root or Remote DOS Exploits with Exploit-Suggester" if os.path.isfile("vuln.txt"): ip=raw_input("Enter the IP/Domain:") file = open(ip+'.txt', "a") file.write("\n|------------------------------------------------|") file.write("\n| FB1H2S Exploit_Suggester Ver 1.0 |") file.write("\n| Port Scan and Find all Eatching Exploits |") file.write("\n| Uses Exploit_db to Match Exploits |") if len(ip) >3: li=[] exploitscaner(ip) print '\n[+]open ports:' for portop in li: print portop print "\n[+]Scanning Backdoor's " back_dor(ip) print ip+".txt For the Scan details" else: print "\n:( Banner matching File 'Vuln.txt' missing\n" print ":) Download it and put it in the running directory" print "http://www.ziddu.com/download/8031492/vuln.txt.html"pastebin - collaborative debugging toolDaca nu va merge sa ma anuntati foloseste exploit-db pt a verifica daca ip-ul e vulnerabil pt vreun exploit.Have Fun Quote
MrRip Posted January 6, 2010 Report Posted January 6, 2010 ti-ai tot ascuns numele la site si pe ultimul rand a ramas descoperit nice try Quote
trxtxx Posted January 6, 2010 Author Report Posted January 6, 2010 RipKid gata am inteles scriptu e luat de pe darkcode...ala saracu a incercat sa ascunda si eu care imi trecusem si numele meu real ma gandeam ca zxici ca imi ascund eu numele praf sunt Quote
