Let freedom ring! 🔔 Scan and copy anonymous FTP server data to your local disk 💿, and leave a note 📓 behind if you're feeling nice. 🤗
This tool allows you to set up an automated client to scrape the internet for anonymous FTP servers, copy their data (if you specifically choose to), compress it locally (if you specifically choose to), and notify the server of its nakedness. You can also get notifications (if you specifically choose to)! 📫
"The choices are yours and yours alone!" 🗿
Before proceeding, please consider the ethics of choosing to opt into the --scrape or --silencer options at runtime, listed below.
A list of features, in no particular order:
- ☑️ Threaded and independent scanning, downloading, uploading, etc.
- ☑️ Compression of incoming content for efficient storage.
- ☑️ Limitations on scraped data size (i.e., disk-overconsumption resistance).
- ☑️ Send an email notification when a new target is discovered.
- ☑️ Alternate-port scanning. Scan for FTP services on more than just port 21.
- ☑️ Specific selection of IPv4-only, IPv6-only, or both.
- ☑️ Specify IP ranges to search within (required for IPv6 scanning).
- ☑️ Statistics tracking (amount of servers visited, ports tried, etc.).
- ☑️ Maintain a list of discovered targets, so they aren't "discovered" again. Clear this list at any time. Export it to report it to someone with more authority.
(usage guide coming soon)
Hi! Welcome to an ethical gray area - you've successfully placed yourself in the epicenter of a moral dilemma by considering the use of this tool. 👏
📣 📣 📣 THE MAINTAINERS OF THIS SOFTWARE ARE NOT RESPONSIBLE FOR WHAT YOU DO WITH IT. YOU REALLY SHOULDN'T USE THIS WITH THE --scrape OPTION; THIS IS SOMETIMES PEOPLE'S VERY PERSONAL DATA. This must be explicitly noted: it is the sole responsibility of the host of an FTP server and its data to secure it against unauthorized access. Access to an anonymous FTP server is not (and by definition cannot be) considered unauthorized. This tool defaults to both (1) immediately notifying server administrators, in good faith, of the affected server's public visibility via a file upload; and (2) leaving the data untouched (and un-downloaded). This tool does not provide the capabilities for brute-force or other means of unauthorized FTP server access; that is illegal.
❗ HEY, THIS IS ALSO IDEAL FOR EDUCATIONAL PURPOSES. ❗ It sounds like a cop-out; it's not. This tool is a harmless, hacker-lite, imagination-less, trivial demonstration of complex and real-world adversarial tools that malicious actors would use. As such, it's great for showing exactly how a real hacker might craft a tool that can do actual harm.
The following actions of this tool are opt-in only, meaning you have consciously chosen to use them.
- The
--scrapeoption, which clones all remote data to a local storage medium before notifying the remote server.- This is effectively copying data which you are authorized to [anonymously] access.
- The
--silenceroption, which suppresses the good-faith upload of the anonymous-access notification to the remote server.- This is a bit mean-spirited, but is provided in case the local workstation has upload limits, or the remote server cannot accept anonymous writes.
You can simply download a Release package for your operating system, if you'd like to get the job done quickly.
If you're the more meticulous, cautious, or cozy-vibes type, here's how you can build this:
- Clone and build (or just install) the C3 compiler.
- Clone this repo and change your working directory to it.
- Run
c3c build(orc3c.exefor Windows users) to build the final application.
Once you have a runnable executable, simple type hookshot --help to get started.