This repository has been archived by the owner on Jan 16, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathbotHunter.py
executable file
·112 lines (98 loc) · 2.83 KB
/
botHunter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/usr/bin/env python
'''
Scanning code based on https://github.com/kennell/ftpknocker
'''
import ftplib
import sys, os, urllib
import threading
from argparse import ArgumentParser
from netaddr import IPSet
from random import shuffle
KNOWN_BOTS = ["pbot.php", "pma.php", "lol.php", "kok.php", "bot", "bot2", "nmlt1.sh", "bobo", "dxd2.txt",
"bot.php", "go.php"]
COMMON_DIRS = ["pub", "bots", "bot"]
#check for known bots
def bot_check(ftp, host):
fileList = ftp.nlst()
for fileName in fileList:
if fileName.lower() in KNOWN_BOTS:
outputFile = "output/%s-%s_%s" % (host, urllib.quote_plus(ftp.pwd()), fileName)
print("[+] Potential bot found: %s @@ %s") % (ftp.pwd()+"/"+fileName, host)
with open(outputFile, 'w') as f:
try:
ftp.retrbinary('RETR %s' % fileName, f.write)
except Exception as e:
print("Error getting file: %s" % repr(e))
if fileName.lower() in COMMON_DIRS:
try:
ftp.cwd(fileName)
bot_check(ftp, host)
except Exception as e:
print repr(e)
#output dir
def check_output():
if not os.path.exists("output"):
os.makedirs("output")
# Split list
def split_list(l, parts):
newlist = []
splitsize = 1.0/parts*len(l)
for i in range(parts):
newlist.append(l[int(round(i*splitsize)):int(round((i+1)*splitsize))])
return newlist
# Try anonymous FTP login
def try_ftp_login(hosts):
for host in hosts:
host = host.strip()
try:
ftp = ftplib.FTP()
ftp.connect(host=host, timeout=args.timeout)
if '230' in ftp.login():
#check for bots, if so download the bot
bot_check(ftp, host)
ftp.quit()
except ftplib.all_errors:
pass
# Init Argument parser
argparser = ArgumentParser(description="Scans targets for anonymous ftp servers - looking for known botnet files.")
argparser.add_argument('targets',
nargs='*')
argparser.add_argument('-t', '--threads',
action='store',
default=10,
type=int,
dest='maxThreads',
help='Number of threads to use, default is 10')
argparser.add_argument('-w', '--wait',
action='store',
default=2,
type=int,
dest='timeout',
help='Seconds to wait before timeout, default is 2')
argparser.add_argument('-s', '--shuffle',
action='store_true',
default=False,
dest='shuffle',
help='Shuffle the target list')
args = argparser.parse_args()
# Check if we are running in a pipe and read from STDIN
if not sys.stdin.isatty():
args.targets = sys.stdin.readlines()
# Add target IPs/Networks to a netaddr-IPSet
targetSet = IPSet()
for t in args.targets:
targetSet.add(t)
#output dir
check_output()
# Render IPSets to a list
targetlist = list()
for ip in targetSet:
targetlist.append(str(ip))
# Check for shuffle argument
if args.shuffle:
shuffle(targetlist)
# Split list into [maxThreads] smaller batches
targetlist = split_list(targetlist, args.maxThreads)
# Launch threads
for batch in targetlist:
threading.Thread(target=try_ftp_login, args=(batch,)).start()