├── requirements.txt ├── client.py ├── botnet.py ├── README.md └── ssh_botnet.py /requirements.txt: -------------------------------------------------------------------------------- 1 | pexpect 2 | python-nmap 3 | termcolor 4 | datetime 5 | optparse 6 | -------------------------------------------------------------------------------- /client.py: -------------------------------------------------------------------------------- 1 | from pexpect import pxssh 2 | 3 | class Client: 4 | 5 | def __init__(self, host, user, password, por): 6 | self.host = host 7 | self.user = user 8 | self.password = password 9 | self.por = por 10 | self.session = self.connect() 11 | 12 | def connect(self): 13 | try: 14 | s = pxssh.pxssh() 15 | s.login(self.host, self.user, self.password, port = self.por) 16 | return s 17 | except Exception, e: 18 | print e 19 | print '[-] Error Connecting' 20 | exit() 21 | 22 | def send_command(self, cmd): 23 | self.session.sendline(cmd) 24 | self.session.prompt() 25 | return self.session.before 26 | -------------------------------------------------------------------------------- /botnet.py: -------------------------------------------------------------------------------- 1 | from client import Client 2 | from datetime import datetime,date 3 | 4 | class Botnet: 5 | 6 | def __init__(self): 7 | self.botnet=[] 8 | self.f = open('logs.txt', 'a') 9 | 10 | def addBot(self, host, user, password, por): 11 | if por != -1: 12 | client = Client(host, user, password, por) 13 | self.botNet.append(client) 14 | else: 15 | print '[-] ssh server not running on ' + host 16 | 17 | def sendCommandsToBots(self, command): 18 | self.f.write(" -> " + str(date.today().strftime("%B %d, %Y")) + " ( " + datetime.now().strftime("%H:%M:%S") + ' ) ' + '\n\n') 19 | 20 | for client in self.botNet: 21 | output = client.send_command(command) 22 | print '[*] Output from ' + client.host 23 | print '[+] ' + output 24 | self.f.write('[*] Output from ' + client.host + '\n') 25 | self.f.write('[+] ' + output + '\n') 26 | 27 | self.f.write(100*'-' + '\n') 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SSH-botnet 2 | A python tool(automation) for automatically finding SSH servers on the network and adding them to the botnet for mass administration and control. 3 | 4 | ## Installation 5 | ``` 6 | $ pip install -r requirements.txt --user 7 | ``` 8 | 9 | ## Usage 10 | ``` 11 | $ python ssh_botnet.py -u msfadmin -p msfadmin -i vboxnet0 12 | 13 | Author : Goutham R 14 | GitHub : https://github.com/G0uth4m 15 | 16 | - This is a simple tool handy for linux administrators 17 | in schools, colleges, etc where all the systems used by students 18 | in the lab or elsewhere have same usernames and passwords. 19 | 20 | - Future releases will be having a choice to input different usernames 21 | and passwords via a file. 22 | 23 | - This code was tested on a bunch metasploitable 2 servers. 24 | 25 | - Using this tool for illegal stuff is highly not recommended. 26 | 27 | - 'sudo' is unsupported. You can use root as username for superuser access. 28 | 29 | _ _ _ _ 30 | ___ ___| |__ | |__ ___ | |_ _ __ ___| |_ 31 | / __/ __| '_ \ | '_ \ / _ \| __| '_ \ / _ \ __| 32 | \__ \__ \ | | | | |_) | (_) | |_| | | | __/ |_ 33 | |___/___/_| |_|___|_.__/ \___/ \__|_| |_|\___|\__| 34 | |_____| 35 | 36 | 37 | [*] Scanning network for ssh servers ... 38 | [+] Scan complete 39 | 40 | Running ssh servers : 41 | Host : 192.168.56.105 port : 22 42 | Host : 192.168.56.106 port : 22 43 | Host : 192.168.56.107 port : 22 44 | 45 | Continue adding bots to the botnet?[Y/n] y 46 | 47 | ssh@botnet:~$ ls 48 | [*] Output from 192.168.56.105 49 | [+] ls 50 | vulnerable 51 | 52 | [*] Output from 192.168.56.106 53 | [+] ls 54 | vulnerable 55 | 56 | [*] Output from 192.168.56.107 57 | [+] ls 58 | vulnerable 59 | 60 | ssh@botnet:~$ uname -a 61 | [*] Output from 192.168.56.105 62 | [+] uname -a 63 | Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux 64 | 65 | [*] Output from 192.168.56.106 66 | [+] uname -a 67 | Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux 68 | 69 | [*] Output from 192.168.56.107 70 | [+] uname -a 71 | Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux 72 | 73 | ssh@botnet:~$ id 74 | [*] Output from 192.168.56.105 75 | [+] id 76 | uid=1000(msfadmin) gid=1000(msfadmin) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),111(lpadmin),112(admin),119(sambashare),1000(msfadmin) 77 | 78 | [*] Output from 192.168.56.106 79 | [+] id 80 | uid=1000(msfadmin) gid=1000(msfadmin) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),111(lpadmin),112(admin),119(sambashare),1000(msfadmin) 81 | 82 | [*] Output from 192.168.56.107 83 | [+] id 84 | uid=1000(msfadmin) gid=1000(msfadmin) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),111(lpadmin),112(admin),119(sambashare),1000(msfadmin) 85 | 86 | ssh@botnet:~$ exit 87 | 88 | [*] History of commands stored in logs.txt 89 | 90 | 91 | ``` 92 | 93 | ## Author 94 | * **Goutham** - [G0uth4m](https://github.com/G0uth4m) 95 | -------------------------------------------------------------------------------- /ssh_botnet.py: -------------------------------------------------------------------------------- 1 | import os 2 | import nmap 3 | from termcolor import colored 4 | from botnet import Botnet 5 | import optparse 6 | 7 | def get_arguments(): 8 | parser = optparse.OptionParser() 9 | parser.add_option("-u", "--username", dest="user", help="Specify common username") 10 | parser.add_option("-p", "--password", dest="password", help="Specify common password") 11 | parser.add_option("-i", "--interface", dest="interface", help="Network interface") 12 | 13 | (options, arguments) = parser.parse_args() 14 | if not options.user: 15 | print "[-] Specify common username accross ssh servers\n" 16 | print parser.print_help() 17 | exit() 18 | 19 | if not options.password: 20 | print "[-] Specify common password accross ssh servers\n" 21 | print parser.print_help() 22 | exit() 23 | 24 | if not options.interface: 25 | print "[-] Specify network interface\n" 26 | print parser.print_help() 27 | exit() 28 | 29 | return options 30 | 31 | def getSshServers(myip): 32 | nm = nmap.PortScanner() 33 | 34 | print "\n[*] Scanning network for ssh servers ..." 35 | nm.scan(myip + '/24') 36 | print "[+] Scan complete\n" 37 | 38 | hosts = nm.all_hosts() 39 | hosts.remove(myip) 40 | 41 | if len(hosts) == 0: 42 | print "[-] No live hosts other than you found on this network" 43 | exit() 44 | 45 | ssh_servers = {} 46 | for i in hosts: 47 | openPorts = list(nm[i]['tcp'].keys()) 48 | for j in openPorts: 49 | if nm[i]['tcp'][j]['name'] == 'ssh': 50 | por = j 51 | ssh_servers[i] = j 52 | break 53 | por = -1 54 | 55 | return ssh_servers 56 | 57 | def listSshServers(ssh_servers): 58 | print("Running ssh servers : ") 59 | f2 = open('session.txt', 'w') 60 | 61 | for i, j in ssh_servers.items(): 62 | print "Host : " + i + "\t\t" + "port : " + str(j) 63 | f2.write(i + ":" + str(j) + '\n') 64 | print '\n' 65 | 66 | f2.close() 67 | 68 | def main(): 69 | options = get_arguments() 70 | print(""" 71 | Author : Goutham R 72 | GitHub : https://github.com/G0uth4m 73 | 74 | - This is a simple tool handy for linux administrators 75 | in schools, colleges, etc where all the systems used by students 76 | in the lab or elsewhere have same usernames and passwords. 77 | 78 | - Future releases will be having a choice to input different usernames 79 | and passwords via a file. 80 | 81 | - This code was tested on a bunch metasploitable 2 servers. 82 | 83 | - Using this tool for illegal stuff is highly not recommended. 84 | 85 | - 'sudo' is unsupported. You can use root as username for superuser access. 86 | 87 | _ _ _ _ 88 | ___ ___| |__ | |__ ___ | |_ _ __ ___| |_ 89 | / __/ __| '_ \ | '_ \ / _ \| __| '_ \ / _ \ __| 90 | \__ \__ \ | | | | |_) | (_) | |_| | | | __/ |_ 91 | |___/___/_| |_|___|_.__/ \___/ \__|_| |_|\___|\__| 92 | |_____| 93 | """) 94 | 95 | interface = options.interface 96 | user = options.user 97 | password = options.password 98 | 99 | myip = os.popen("ifconfig " + interface + " | grep \"inet \" | awk \'{print $2}\'").read().replace("\n", "") 100 | ssh_servers = getSshServers(myip) 101 | listSshServers(ssh_servers) 102 | 103 | choice = raw_input("Continue adding bots to the botnet?[Y/n] ") 104 | print("\n") 105 | if(choice in ["n", "N", "no"]): 106 | exit() 107 | 108 | botnet = Botnet() 109 | for i,j in ssh_servers.items(): 110 | botnet.addBot(i, user, password, j) 111 | 112 | while True: 113 | strr = colored('ssh@botnet:~$ ', 'red', None, ['bold']) 114 | a = raw_input(strr) 115 | 116 | if a == "exit()" or a == "exit": 117 | botnet.f.close() 118 | print("\n[*] History of commands stored in logs.txt") 119 | break; 120 | else: 121 | botnet.sendCommandsToBots(a) 122 | 123 | if __name__ == "__main__": 124 | main() 125 | --------------------------------------------------------------------------------