-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathintruder.py
101 lines (85 loc) · 3.17 KB
/
intruder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/usr/bin/env python2
from scapy.all import *
import sys
import telnetlib
import string
import threading
target = sys.argv[1]
port = sys.argv[2]
logfile = sys.argv[3]
commandlist = sys.argv[4]
command = []
#Setup banner
def usage():
print("Intruder v1.1")
print("")
print("Usage:")
print(" ")
print(" >> python2 intruder.py (host) (port) (log file) (command file) (response file) (type)")
print(" ")
#Define the response analysis
def response_analyse(resp,fuzz):
if "AAA41" in resp:
ee = hexdump(resp)
with open(logfile, "a") as myfile:
myfile.write("Port "+str(port)+" "+"String: "+str(fuzz)+"\n"+str(ee)+"\n")
print("Potential vuln")
print(fuzz)
hexdump(resp)
if "PATH=" in resp:
ee = hexdump(resp)
with open(logfile, "a") as myfile:
myfile.write("Port "+str(port)+" "+"String: "+str(fuzz)+"\n"+str(ee)+"\n")
print("Potential vuln")
print(fuzz)
hexdump(resp)
if "segmentation" in resp:
ee = hexdump(resp)
with open(logfile, "a") as myfile:
myfile.write("Port "+str(port)+" "+"String: "+str(fuzz)+"\n"+str(ee)+"\n")
print("Potential vuln")
print(fuzz)
hexdump(resp)
if "core" in resp:
ee = hexdump(resp)
with open(logfile, "a") as myfile:
myfile.write("Port "+str(port)+" "+"String: "+str(fuzz)+"\n"+str(ee)+"\n")
print("Potential vuln")
print(fuzz)
hexdump(resp)
#Define the engine
def engine(target,port,command):
for i in range(1,10000):
format_strings = ["AAA%08$x","AAA%08%h","AAA%08$s","AAA%08$n","%s"*i,"AAA%080$u"]
buffer_overflows = ["00"*i,"FF"*i,"%"*i]
remote_code = ["set","'set",":set","|set","$set"]
integer_overflow = [str(i)*i]
exploits = [format_strings,buffer_overflows,remote_code,integer_overflow]
for c in command[:]:
for exp in exploits[0:]:
for ex in exp[:]:
for g in range(1,10):
gen = ex+" "
fuzz = str(c[:])+' '+gen*g+'\n'
tn = telnetlib.Telnet(target,port)
tn.read_until("\r\n") # --uncomment for FTP
print("Sending "+fuzz)
tn.write(fuzz)
d = tn.read_until("\r\n")
hexdump(d)
response_analyse(d,fuzz)
if "ftp" == commandlist:
command = ["USER ","PASS ", "CDUP ","SMNT ","STOU ","XSEN ","XSEM ,","XRSQ ","XRMD ","XRCP ","XPWD ","XMKD ","XCUP ","LANG ","FEAT ","EPSV ","ADAT ",
"STRU ","STAT ","SIZE ","SITE ","RNTO ","RNFR ","RMD ","RETR ","REST ","PROT ","PBSZ ","OPTS ","NLST ","MLST ","MLSD ","MIC ","LPRT ", "EPRT ","CCC ",
"RMD ","MKD ","PWD ","SYST ","REIN ","PORT ","PASV ","TYPE","MODE ","RETR", "STOR ","APPE ","ALLO ","REST ","RNFR ","MDTM ","LPSV ","ENC ","CONF ","CDUP "]
engine(target,port,command)
elif "pop3" == commandlist:
command = ["POP3: ","USER ","PASS ","QUIT ","STAT ","RETR ","DELE ","NOOP ","LAST ","RSET ","TOP ","RPOP "]
engine(target,port,command)
elif "http" == commandlist:
command = ["HTTP: ","GET /","HEAD /","PUT /","TRACE /","DELETE /","LINK /","UNLINK /", "CONNECT","request-header "]
engine(target,port,command)
else:
for line in open(commandfile,"r"):
command.append(line)
engine(target,port,command)