main.go

1. package main
2.  
3. import (
4.     "flag"
5.     "fmt"
6.     "math/rand"
7.     "net/http"
8.     "os"
9.     "os/signal"
10.     "runtime"
11.     "strconv"
12.     "strings"
13.     "sync"
14.     "syscall"
15.     "time"
16.  
17.     "github.com/logrusorgru/aurora"
18.     log "github.com/sirupsen/logrus"
19. )
20.  
21. const logo = `
22.  
23.         zoom scanner
24.  
25. ▄▄▄▄▄ ▄▄▄·  ▐ ▄  ▄▄ •  ▄▄▄· ▄▄▌   ▄▄▄·  ▐ ▄  ▄▄ •  ▄▄▄·
26. •██  ▐█ ▀█ •█▌▐█▐█ ▀ ▪▐█ ▀█ ██•  ▐█ ▀█ •█▌▐█▐█ ▀ ▪▐█ ▀█
27.  ▐█.▪▄█▀▀█ ▐█▐▐▌▄█ ▀█▄▄█▀▀█ ██▪  ▄█▀▀█ ▐█▐▐▌▄█ ▀█▄▄█▀▀█
28.  ▐█▌·▐█ ▪▐▌██▐█▌▐█▄▪▐█▐█ ▪▐▌▐█▌▐▌▐█ ▪▐▌██▐█▌▐█▄▪▐█▐█ ▪▐▌
29.  ▀▀▀  ▀  ▀ ▀▀ █▪·▀▀▀▀  ▀  ▀ .▀▀▀  ▀  ▀ ▀▀ █▪·▀▀▀▀  ▀  ▀
30.  
31.         made with 💀 by @cuerbot
32.  
33. `
34.  
35. const zoomUrl = "https://www3.zoom.us/conf/j"
36.  
37. // added at compile time
38. var version string
39. var baked string
40.  
41. var color aurora.Aurora
42. var tangalanga *Tangalanga
43. var wg sync.WaitGroup
44. var ids chan int
45. var start time.Time
46.  
47. var token = flag.String("token", availableToken(), "zpk token to use")
48. var colorFlag = flag.Bool("colors", true, "enable or disable colors")
49. var censorFlag = flag.Bool("censor", false, "enable or disable stdout censorship")
50. var outputFile = flag.String("output", "", "output file for successful finds")
51. var debugFlag = flag.Bool("debug", false, "show error messages")
52. var torFlag = flag.Bool("tor", false, "connect via tor")
53. var proxyAddr = flag.String("proxy", "socks5://127.0.0.1:9150", "socks url to use as proxy")
54. var hiddenFlag = flag.Bool("hidden", false, "connect via embedded tor")
55. var rateCount = flag.Int("rate", runtime.NumCPU(), "worker count. defaults to CPU count")
56.  
57. func init() {
58.     var t *http.Transport
59.  
60.     rand.Seed(time.Now().UnixNano())
61.  
62.     color = aurora.NewAurora(*colorFlag)
63.     ids = make(chan int)
64.     start = time.Now()
65.  
66.     fmt.Println(color.Green(logo))
67.  
68.     flag.Parse()
69.  
70.     if *token == "" {
71.         fmt.Printf("%s is required.\n", color.Red("-token="))
72.         fmt.Println()
73.  
74.         fmt.Printf("%s can also be defined in the ENV.\n", color.Red("TOKEN"))
75.         fmt.Println()
76.  
77.         info := "token can be found by sniffing the traffic trying to join any meeting\n" +
78.             "currently i can't find how the token is generated but any lives for ~24 hours.\n" +
79.             "the token can be found as part of the Cookie header.\n" +
80.             "there's no need for authentication, anonymous join attempt will generate the cookie."
81.  
82.         fmt.Printf("%s %s\n", color.Red("zpk"), color.Yellow(info))
83.         fmt.Println()
84.  
85.         os.Exit(1)
86.     }
87.  
88.     fmt.Printf("build is %s\n", color.Yellow(version))
89.  
90.     if *outputFile != "" {
91.         file, err := os.OpenFile(*outputFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
92.  
93.         if err != nil {
94.             log.SetOutput(os.Stdout)
95.         } else {
96.             fmt.Printf("output is %s\n", color.Yellow(*outputFile))
97.             log.SetOutput(file)
98.         }
99.     }
100.  
101.     fmt.Printf("worker pool size %d\n", color.Yellow(*rateCount))
102.  
103.     transports := new(Transport)
104.  
105.     switch true {
106.     case *hiddenFlag:
107.         fmt.Printf("connecting to the TOR network... %s\n", color.Yellow("please wait"))
108.         t = transports.InteralTOR()
109.  
110.     case *torFlag:
111.         fmt.Printf("connecting to the TOR network via proxy %s...\n", color.Yellow(*proxyAddr))
112.         t = transports.Proxy(*proxyAddr)
113.  
114.     default:
115.         t = transports.Default()
116.     }
117.  
118.     tangalanga, _ = NewTangalanga(
119.         WithTransport(t),
120.     )
121.  
122. }
123.  
124. func availableToken() string {
125.     switch {
126.     case os.Getenv("TOKEN") != "":
127.         return os.Getenv("TOKEN")
128.     case baked != "":
129.         return baked
130.     default:
131.         return ""
132.     }
133. }
134.  
135. func randId() int {
136.     min := 50000000000 // Just to avoid a sea of non existent ids
137.     max := 99999999999
138.  
139.     return rand.Intn(max-min+1) + min
140. }
141.  
142. func hide(msg string) string {
143.     return censor(msg, 3)
144. }
145.  
146. func censor(msg string, n int) string {
147.     text := []rune(msg)
148.     x := strings.Repeat("#", len(msg)-n)
149.  
150.     return string(text[0:n]) + x
151. }
152.  
153. func find(id int) {
154.     m, err := tangalanga.FindMeeting(id)
155.  
156.     if err != nil && *debugFlag {
157.         fmt.Printf("%s\n", err)
158.     }
159.  
160.     if err == nil {
161.         r := m.GetRoom()
162.  
163.         roomId := strconv.FormatUint(r.GetRoomId(), 10)
164.         roomName := r.GetRoomName()
165.         user := r.GetUser()
166.         link := r.GetLink()
167.  
168.         msg := "\nRoom ID: %s.\n" +
169.             "Room: %s.\n" +
170.             "Owner: %s.\n" +
171.             "Link: %s\n\n"
172.  
173.         if !*censorFlag || *outputFile != "" {
174.             log.WithFields(log.Fields{
175.                 "room_id":   roomId,
176.                 "room_name": roomName,
177.                 "owner":     user,
178.                 "link":      link,
179.             }).Info(r.GetPhoneNumbers())
180.         }
181.  
182.         if *censorFlag {
183.             roomId = hide(roomId)
184.             roomName = hide(roomName)
185.             user = hide(user)
186.             link = censor(link, 10)
187.         }
188.  
189.         fmt.Printf(msg,
190.             color.Green(roomId),
191.             color.Green(roomName),
192.             color.Green(user),
193.             color.Yellow(link),
194.         )
195.     }
196.  
197. }
198.  
199. func pool() {
200.     for i := 0; i < *rateCount; i++ {
201.         go func() {
202.             for id := range ids {
203.                 find(id)
204.                 wg.Done()
205.             }
206.         }()
207.     }
208. }
209.  
210. func main() {
211.     c := make(chan os.Signal, 1)
212.     done := 0
213.  
214.     signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
215.  
216.     fmt.Printf("searching for open meetings... %s\n", color.Yellow("please wait"))
217.     fmt.Println()
218.  
219.     go func() {
220.         <-c
221.         tangalanga.Close()
222.  
223.         fmt.Println()
224.         fmt.Printf("run for %s\n", color.Blue(time.Since(start)))
225.         fmt.Printf("attempted %d times \n", color.Yellow(done))
226.         fmt.Printf("found %d meetings. \n", color.Green(tangalanga.Found))
227.         fmt.Println()
228.         fmt.Printf("💣 with care. thank you for using %s!\n", color.Green("tangalanga"))
229.         fmt.Println()
230.         os.Exit(0)
231.     }()
232.  
233.     go pool()
234.  
235.     for h := 0; ; h++ {
236.         for i := 0; i < *rateCount; i++ {
237.             wg.Add(1)
238.             ids <- randId()
239.             done++
240.  
241.             if done%200 == 0 && h > 0 && *debugFlag == false {
242.                 // Just to show something if no debug
243.                 m := "found %d open meetings after %d attempts. the search continues\n"
244.                 fmt.Printf(m, color.Green(tangalanga.Found), color.Yellow(done))
245.             }
246.         }
247.  
248.         if tangalanga.ExpiredToken {
249.             m := "the %s expired, you need to sniff join traffic for a new one\n"
250.             fmt.Printf(m, color.Red("token"))
251.  
252.             m = "you need to pass %s with the new token\n"
253.             fmt.Printf(m, color.Red("-token="))
254.             c <- syscall.SIGINT
255.         }
256.  
257.         // If there are too many suspicious "not found" try restarting the ...
258.         if tangalanga.Suspicious > 1000 {
259.             fmt.Println(color.Yellow("more than 1000 suspicious results. changing random"))
260.             rand.Seed(time.Now().UnixNano())
261.             tangalanga.Suspicious = 0
262.         }
263.  
264.         if *debugFlag {
265.             fmt.Println(color.Yellow("waiting for queue to drain..."))
266.         }
267.  
268.         wg.Wait()
269.  
270.     }
271. }