├── README.md ├── hackingteam_hunter └── screenshot.jpg /README.md: -------------------------------------------------------------------------------- 1 | # TheItalianJob 2 | Uses Shodan to locate HackingTeam C&C Servers. 3 | 4 | Only releasing the fingerprints because they are burned to the fucking ground now. Fuck those HackingTeam Scumlords. It now returns no valid results due to C&C server shutdown, but releasing for historical reasons. 5 | 6 | Greetz to Phineas Fisher, you fucking hero. 7 | 8 | ![Fuck HackingTeam](https://raw.githubusercontent.com/0x27/TheItalianJob/master/screenshot.jpg) 9 | 10 | Licence: WTFPL. 11 | 12 | More fingerprints to add now that their sekret sauce is public thanks to our lord and saviour. If you go looking at other state surveillance malwares though, you can fingerprint their C&C servers just as easily. Most of them use either a wierdly configured webserver, or a fake webserver that presents a particular banner as the C&C service. Hence, are easy to locate via shodan or by zmapping the internet. 13 | 14 | Requirements: Shodan python module, Shodan API key from [Shodan, obviously](https://shodan.io) 15 | ``` 16 | pip install shodan 17 | ``` 18 | 19 | Examples of past C&C servers... 20 | ``` 21 | 106.187.88.154 22 | 106.187.93.203 23 | 108.161.130.88 24 | 108.166.112.17 25 | 109.235.193.83 26 | 124.217.238.91 27 | 124.217.245.26 28 | 14.136.236.147 29 | 14.136.236.163 30 | 14.136.236.165 31 | 158.255.215.87 32 | 173.230.130.68 33 | 173.230.137.84 34 | 173.255.212.72 35 | 176.58.102.128 36 | 176.58.102.218 37 | 176.58.121.242 38 | 178.79.159.242 39 | 184.106.244.36 40 | 184.75.250.118 41 | 189.177.47.222 42 | 192.30.161.219 43 | 193.232.60.238 44 | 198.101.232.37 45 | 198.101.232.81 46 | 198.136.60.208 47 | 198.58.101.251 48 | 202.157.184.22 49 | 209.140.24.194 50 | 209.140.24.195 51 | 209.140.24.196 52 | 216.118.249.92 53 | 216.224.174.48 54 | 217.29.123.184 55 | 41.248.248.181 56 | 41.248.248.183 57 | 46.166.162.138 58 | 46.166.162.148 59 | 46.166.163.179 60 | 46.183.220.222 61 | 46.251.239.122 62 | 46.251.239.125 63 | 46.251.239.130 64 | 46.251.239.131 65 | 62.251.188.193 66 | 65.111.180.124 67 | 65.111.181.108 68 | 69.164.222.128 69 | 79.172.249.110 70 | 91.148.168.162 71 | 95.228.202.101 72 | 95.228.202.104 73 | 95.228.202.108 74 | 95.228.202.114 75 | 95.228.202.120 76 | 200.63.96.250 77 | ``` 78 | -------------------------------------------------------------------------------- /hackingteam_hunter: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | # coding: utf-8 3 | import shodan 4 | 5 | print """ 6 | /$$$$$$$$ /$$ /$$$$$$ /$$ /$$ /$$ /$$$$$ /$$ 7 | |__ $$__/| $$ |_ $$_/| $$ | $$|__/ |__ $$ | $$ 8 | | $$ | $$$$$$$ /$$$$$$ | $$ /$$$$$$ /$$$$$$ | $$ /$$ /$$$$$$ /$$$$$$$ | $$ /$$$$$$ | $$$$$$$ 9 | | $$ | $$__ $$ /$$__ $$ | $$|_ $$_/ |____ $$| $$| $$ |____ $$| $$__ $$ | $$ /$$__ $$| $$__ $$ 10 | | $$ | $$ \ $$| $$$$$$$$ | $$ | $$ /$$$$$$$| $$| $$ /$$$$$$$| $$ \ $$ /$$ | $$| $$ \ $$| $$ \ $$ 11 | | $$ | $$ | $$| $$_____/ | $$ | $$ /$$ /$$__ $$| $$| $$ /$$__ $$| $$ | $$ | $$ | $$| $$ | $$| $$ | $$ 12 | | $$ | $$ | $$| $$$$$$$ /$$$$$$| $$$$/| $$$$$$$| $$| $$| $$$$$$$| $$ | $$ | $$$$$$/| $$$$$$/| $$$$$$$/ 13 | |__/ |__/ |__/ \_______/ |______/ \___/ \_______/|__/|__/ \_______/|__/ |__/ \______/ \______/ |_______/ 14 | Using the SHODAN API to identify HackingTeam C&C Servers. 15 | """ 16 | 17 | SHODAN_API_KEY = "" #API Key Here 18 | api = shodan.Shodan(SHODAN_API_KEY) 19 | try: 20 | # Search Shodan 21 | results = api.search('Apache/2.4.4 (Unix) OpenSSL/1.0.0g 290') 22 | 23 | # Show the results 24 | print '{+} ITALIANS FOUND: %s' % results['total'] 25 | for result in results['matches']: 26 | print '{!} ITALIAN DISCOVERED: %s' % result['ip_str'] 27 | # hack(result['ip_str'].strip()) # h4v3 j00 th3 0bay w4r3z?! 28 | except shodan.APIError, e: 29 | print 'Error: %s' % e 30 | -------------------------------------------------------------------------------- /screenshot.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x27/TheItalianJob/92f4f8e0ff1767877e8d91a6306ceb33d23eab85/screenshot.jpg --------------------------------------------------------------------------------