├── datastore ├── controller │ ├── model │ └── creds.json └── wordlists │ └── hydra │ └── top-1000.txt ├── containers ├── scanner │ ├── scan │ ├── startup.sh │ ├── server │ │ ├── websocket_server │ │ │ ├── __init__.py │ │ │ └── websocket_server.py │ │ └── server.py │ └── Dockerfile ├── attacker │ ├── startup.sh │ ├── server │ │ ├── websocket_server │ │ │ ├── __init__.py │ │ │ └── websocket_server.py │ │ └── server.py │ └── Dockerfile └── controller │ ├── startup.sh │ ├── DateFilter.py │ ├── Dockerfile │ ├── app.py │ └── handler.py ├── ReconPal.pdf ├── docker-compose.yml ├── README.md └── LICENSE /datastore/controller/model: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /containers/scanner/scan: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | python3 /root/server/server.py 4 | -------------------------------------------------------------------------------- /ReconPal.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pentesteracademy/reconpal/HEAD/ReconPal.pdf -------------------------------------------------------------------------------- /containers/attacker/startup.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | python3 /root/server/server.py 4 | -------------------------------------------------------------------------------- /containers/scanner/startup.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | python3 /root/server/server.py 4 | -------------------------------------------------------------------------------- /containers/attacker/server/websocket_server/__init__.py: -------------------------------------------------------------------------------- 1 | from .websocket_server import * 2 | -------------------------------------------------------------------------------- /containers/scanner/server/websocket_server/__init__.py: -------------------------------------------------------------------------------- 1 | from .websocket_server import * 2 | -------------------------------------------------------------------------------- /containers/controller/startup.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | sed -i 's/TOKEN_API/'$TELEGRAM_BOT_TOKEN'/g' ./app.py 3 | python3 ./app.py 4 | -------------------------------------------------------------------------------- /containers/controller/DateFilter.py: -------------------------------------------------------------------------------- 1 | from typing import Union, Dict, Optional 2 | 3 | from telegram.ext import MessageFilter 4 | from datetime import datetime, timezone 5 | 6 | 7 | class DateFilter(MessageFilter): 8 | def filter(self, message) -> Optional[Union[bool, Dict]]: 9 | return (datetime.now(timezone.utc) - message.date).days <= 3 10 | -------------------------------------------------------------------------------- /containers/scanner/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kalilinux/kali-rolling:latest 2 | 3 | # Installing required tools 4 | RUN apt update \ 5 | && apt install -y python3 python3-pip nmap dirb nikto hydra sqlmap 6 | 7 | 8 | RUN pip3 install asyncio websockets 9 | 10 | # Server scripts for inter module communications 11 | COPY server /root/server 12 | 13 | COPY scan /bin/ 14 | 15 | COPY startup.sh /startup.sh 16 | 17 | RUN chmod +x /startup.sh \ 18 | && chmod +x /bin/scan 19 | 20 | CMD ["/startup.sh"] 21 | -------------------------------------------------------------------------------- /datastore/controller/creds.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "XXXXXXXXXXXXXXXXXXX", 3 | "project_id": "XXXXXXXXXXXXXXXXXXX", 4 | "private_key_id": "XXXXXXXXXXXXXXXXXXX", 5 | "private_key": "-----BEGIN PRIVATE KEY-----\nXXXXXXXXXXXXXXXXXXX\n-----END PRIVATE KEY-----\n", 6 | "client_email": "XXXXXXXXXXXXXXXXXXX", 7 | "client_id": "XXXXXXXXXXXXXXXXXXX", 8 | "auth_uri": "XXXXXXXXXXXXXXXXXXX", 9 | "token_uri": "XXXXXXXXXXXXXXXXXXX", 10 | "auth_provider_x509_cert_url": "XXXXXXXXXXXXXXXXXXX", 11 | "client_x509_cert_url": "XXXXXXXXXXXXXXXXXXX 12 | } 13 | -------------------------------------------------------------------------------- /containers/controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | # Installing requirements 4 | RUN apt-get update \ 5 | && apt-get install python3 python3-pip supervisor sqlite3 vim libmediainfo-dev -y 6 | # Installing required tools 7 | RUN pip3 install shodan python-telegram-bot websocket-client openai google-cloud-speech==2.12.0 google-cloud-storage==2.1.0 pymediainfo==5.1.0 8 | 9 | # Copy logic scripts to container 10 | COPY app.py / 11 | 12 | COPY handler.py / 13 | 14 | COPY DateFilter.py / 15 | 16 | COPY startup.sh / 17 | 18 | RUN chmod +x /startup.sh 19 | 20 | # Run ReconPal logic 21 | CMD ["/startup.sh"] 22 | -------------------------------------------------------------------------------- /containers/attacker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kalilinux/kali-rolling:latest 2 | 3 | # Installing required tools 4 | RUN apt update \ 5 | && apt install -y python3 python3-pip metasploit-framework sqlmap screen hydra nmap dirb 6 | 7 | # ttyd for future plans of an interactive shell 8 | RUN apt-get install build-essential cmake git libjson-c-dev libwebsockets-dev -y\ 9 | && cd /tmp \ 10 | && git clone https://github.com/tsl0922/ttyd.git \ 11 | && cd ttyd && mkdir build && cd build \ 12 | && cmake .. \ 13 | && make && make install \ 14 | && rm -rf /tmp/ttyd 15 | 16 | RUN apt-get install docker -y 17 | RUN pip3 install asyncio websockets 18 | 19 | # Server scripts for inter module communications 20 | COPY server /root/server 21 | 22 | COPY startup.sh /startup.sh 23 | 24 | RUN chmod +x /startup.sh 25 | 26 | CMD ["/startup.sh"] 27 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | controller: 5 | image: pentesteracademy/reconpal:controller 6 | environment: 7 | - OPENAI_API_KEY=XXXXXXXXXXXXXXXXXXX 8 | - SHODAN_API_KEY=XXXXXXXXXXXXXXXXXXX 9 | - TELEGRAM_BOT_TOKEN=XXXXXXXXXXXXXXXXXXX 10 | networks: 11 | reconpal: 12 | ipv4_address: 10.131.131.5 13 | volumes: 14 | - /home/ubuntu/reconpal/datastore/controller/:/datastore/ 15 | - /var/run/docker.sock:/var/run/docker.sock 16 | 17 | scanner: 18 | image: pentesteracademy/reconpal:scanner 19 | depends_on: 20 | - controller 21 | networks: 22 | reconpal: 23 | ipv4_address: 10.131.131.4 24 | volumes: 25 | - /home/ubuntu/reconpal/datastore/wordlists/:/usr/share/wordlists/ 26 | 27 | attacker: 28 | image: pentesteracademy/reconpal:attacker 29 | depends_on: 30 | - scanner 31 | networks: 32 | reconpal: 33 | ipv4_address: 10.131.131.6 34 | volumes: 35 | - /home/ubuntu/datastore/wordlists/:/usr/share/wordlists/ 36 | - /var/run/docker.sock:/var/run/docker.sock 37 | 38 | networks: 39 | reconpal: 40 | driver: bridge 41 | ipam: 42 | config: 43 | - subnet: 10.131.131.0/24 44 | gateway: 10.131.131.1 45 | 46 | -------------------------------------------------------------------------------- /containers/attacker/server/server.py: -------------------------------------------------------------------------------- 1 | from websocket_server import WebsocketServer 2 | import subprocess 3 | import datetime 4 | 5 | 6 | def shell(cmd, client, server): 7 | """Called to execute shell commands received from controller module""" 8 | process = subprocess.Popen( 9 | [cmd], shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT 10 | ) 11 | current_time = datetime.datetime.now() 12 | while True: 13 | output = process.stdout.readline() 14 | if output is not None: 15 | output = output.rstrip().decode("utf-8", "ignore") 16 | if output == "" and process.poll() is not None: 17 | server.send_message(client, "--END--") 18 | break 19 | if output != "": 20 | server.send_message(client, output) 21 | if current_time < datetime.datetime.now() - datetime.timedelta( 22 | minutes=2 23 | ): 24 | server.send_message(client, "--END--") 25 | break 26 | 27 | 28 | def new_client(client, server): 29 | """Called for every client connecting (after handshake)""" 30 | print("New client connected and was given id %d" % client["id"]) 31 | 32 | 33 | def client_left(client, server): 34 | """Called for every client disconnecting""" 35 | print("Client(%d) disconnected" % client["id"]) 36 | 37 | 38 | def message_received(client, server, message): 39 | """Called when a client sends a message""" 40 | if len(message) > 200: 41 | message = message[:200] + ".." 42 | print("Client(%d) command: %s" % (client["id"], message)) 43 | command_output = shell(message, client, server) 44 | server.send_message(client, command_output) 45 | 46 | 47 | PORT = 50000 48 | IPADDR = "0.0.0.0" 49 | server = WebsocketServer(PORT, IPADDR) 50 | server.set_fn_new_client(new_client) 51 | server.set_fn_client_left(client_left) 52 | server.set_fn_message_received(message_received) 53 | server.run_forever() 54 | -------------------------------------------------------------------------------- /containers/scanner/server/server.py: -------------------------------------------------------------------------------- 1 | from websocket_server import WebsocketServer 2 | import subprocess 3 | import datetime 4 | 5 | 6 | def shell(cmd, client, server): 7 | """Called to execute shell commands received from controller module""" 8 | process = subprocess.Popen( 9 | [cmd], shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT 10 | ) 11 | current_time = datetime.datetime.now() 12 | while True: 13 | output = process.stdout.readline() 14 | if output is not None: 15 | output = output.rstrip().decode("utf-8", "ignore") 16 | if output == "" and process.poll() is not None: 17 | server.send_message(client, "--END--") 18 | break 19 | if output != "": 20 | server.send_message(client, output) 21 | if current_time < datetime.datetime.now() - datetime.timedelta( 22 | minutes=2 23 | ): 24 | server.send_message(client, "--END--") 25 | break 26 | 27 | 28 | def new_client(client, server): 29 | """Called for every client connecting (after handshake)""" 30 | print("New client connected and was given id %d" % client["id"]) 31 | 32 | 33 | def client_left(client, server): 34 | """Called for every client disconnecting""" 35 | print("Client(%d) disconnected" % client["id"]) 36 | 37 | 38 | def message_received(client, server, message): 39 | """Called when a client sends a message""" 40 | if len(message) > 200: 41 | message = message[:200] + ".." 42 | print("Client(%d) command: %s" % (client["id"], message)) 43 | command_output = shell(message, client, server) 44 | server.send_message(client, command_output) 45 | 46 | 47 | PORT = 49000 48 | IPADDR = "0.0.0.0" 49 | server = WebsocketServer(PORT, IPADDR) 50 | server.set_fn_new_client(new_client) 51 | server.set_fn_client_left(client_left) 52 | server.set_fn_message_received(message_received) 53 | server.run_forever() 54 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![0](https://user-images.githubusercontent.com/25884689/169852572-c774ead7-069b-4d35-abcb-a52e349144f2.png) 2 | 3 | # ReconPal: Leveraging NLP for Infosec 4 | Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon professional to do, but for rest, it is still near to magic. How cool it will be to ask a simple question like "Find me an open Memcached server in Singapore with UDP support?" or "How many IP cameras in Singapore are using default credentials?" in a chat and get the answer? 5 | 6 | The integration of GPT-3, deep learning-based language models to produce human-like text, with well-known recon tools like Shodan, is the foundation of ReconPal. ReconPal also supports using voice commands to execute popular exploits and perform reconnaissance. 7 | 8 | ## Built With 9 | 10 | * OpenAI GPT-3 11 | * Shodan API 12 | * Speech-to-Text 13 | * Telegram Bot 14 | * Docker Containers 15 | * Python 3 16 | 17 | 18 | # Getting Started 19 | 20 | To get ReconPal up and running, follow these simple steps. 21 | 22 | ### Prerequisites 23 | 24 | * Telegram Bot Token 25 | Use BotFather and create a new telegram bot. Refer to the documentation at https://core.telegram.org/bots 26 | * Shodan API: 27 | Create a shodan Account and create a new API Key from https://account.shodan.io/ 28 | * Google Speech-to-Text API: 29 | Enable Speech-to-Text in GCP and get the credentials. Refer to these steps from the documentation https://cloud.google.com/speech-to-text/docs/before-you-begin 30 | * OpenAI API Key: 31 | Create a free openAI account to try out the API. https://beta.openai.com/account/api-keys 32 | * Docker 33 | 34 | ```sh 35 | sudo apt-get updates​ 36 | sudo apt-get install docker.io​ 37 | sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o​ /usr/local/bin/docker-compose​ 38 | chmod +x /usr/local/bin/docker-compose 39 | ``` 40 | 41 | ### Installation 42 | 43 | 1. Clone the repo 44 | 45 | ```sh 46 | git clone https://github.com/pentesteracademy/reconpal.git 47 | ``` 48 | 49 | 2. Enter your OPENAI, SHODAN API keys, and TELEGRAM bot token in `docker-compose.yml` 50 | 51 | ```yml 52 | OPENAI_API_KEY= 53 | SHODAN_API_KEY= 54 | TELEGRAM_BOT_TOKEN= 55 | ``` 56 | 57 | 3. Start reconpal 58 | 59 | ```sh 60 | docker-compose up 61 | ``` 62 | 63 | # Usage 64 | 65 | Open the telegram app and select the created bot to use ReconPal. 66 | 67 | 1. Click on start or just type in the input box. 68 | 69 | ``` 70 | /start 71 | ``` 72 | 73 | 2. Register the model. 74 | 75 | ``` 76 | /register 77 | ``` 78 | 79 | 3. Test the tool with some commands. 80 | 81 | ``` 82 | scan 10.0.0.8 83 | ``` 84 | 85 | # Tool featured at 86 | 87 | - Blackhat Asia Arsenal 2022 88 | 89 | - Demonstration Video 90 | 91 | # Contributors 92 | 93 | Jeswin Mathai, Senior Security Researcher, INE 94 | 95 | Nishant Sharma, Security Research Manager, INE 96 | 97 | Shantanu Kale, Cloud Developer, INE 98 | 99 | Sherin Stephen, Cloud Developer, INE 100 | 101 | Sarthak Saini (Ex-Pentester Academy) 102 | 103 | # Documentation 104 | 105 | For more details, refer to the "ReconPal.pdf" PDF file. This file contains the slide deck used for presentations. 106 | 107 | 108 | # Screenshots 109 | 110 | Starting reconpal and registering model 111 | 112 | ![1](https://user-images.githubusercontent.com/25884689/169850014-ea2dd47a-327c-4bd0-8e5e-3ab3cad2e102.png) 113 | 114 | Finder module in action 115 | 116 | ![2](https://user-images.githubusercontent.com/25884689/169850035-f278f58a-78d6-4ebb-b6da-8cf26a472f93.png) 117 | 118 | Scanner module in action 119 | 120 | ![3](https://user-images.githubusercontent.com/25884689/169850066-cbc498f3-9a0f-4bb0-bc2d-88c5b0d576bb.png) 121 | 122 | Attacker module in action 123 | 124 | ![4](https://user-images.githubusercontent.com/25884689/169851366-818b52c9-64c3-46fe-8c3b-76e3cb2105fb.png) 125 | 126 | Voice Support 127 | 128 | ![5](https://user-images.githubusercontent.com/25884689/169850168-8c6d74ec-9ed8-47b8-adc9-463c60edc628.png) 129 | 130 | # License 131 | 132 | This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License v2 as published by the Free Software Foundation. 133 | 134 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. 135 | 136 | You should have received a copy of the GNU General Public License along with this program. If not, see . -------------------------------------------------------------------------------- /containers/controller/app.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from typing import List 3 | from google.cloud.speech import ( 4 | SpeechClient, 5 | RecognitionConfig, 6 | RecognitionAudio, 7 | RecognizeResponse, 8 | ) 9 | from pymediainfo import MediaInfo 10 | from telegram.ext import Updater, CommandHandler, MessageHandler, Filters 11 | from telegram.constants import MAX_MESSAGE_LENGTH 12 | from handler import Controller 13 | import os 14 | import io 15 | import re 16 | from DateFilter import DateFilter 17 | 18 | 19 | SUPPORTED_SAMPLE_RATES = [8000, 12000, 16000, 24000, 48000] 20 | RESAMPLE_RATE = 48000 21 | UPLOAD_LIMIT = 20 22 | MY_NERVES_LIMIT = 20 23 | POLITE_RESPONSE = "Sorry, but no messages longer than 20 seconds" 24 | 25 | speech_client = SpeechClient.from_service_account_file("datastore/creds.json") 26 | 27 | handlers = Controller() 28 | 29 | 30 | def start(update, context): 31 | """Send a message when the command /start is issued.""" 32 | update.message.reply_text( 33 | "Welcome Pentester \U0001F601\nRegister OpenAI model with /register" 34 | ) 35 | 36 | 37 | def register(update, context): 38 | """Send a message when the command /register is issued.""" 39 | handlers.register_commands(update.message.text, update) 40 | 41 | 42 | def voice_to_text(update, context) -> None: 43 | """Convert voice commands to text""" 44 | message = update.effective_message 45 | if message.voice.duration > MY_NERVES_LIMIT: 46 | message.reply_text(POLITE_RESPONSE, quote=True) 47 | return 48 | 49 | chat_id = update.effective_message.chat.id 50 | file_name = "%s_%s%s.ogg" % ( 51 | chat_id, 52 | update.message.from_user.id, 53 | update.message.message_id, 54 | ) 55 | download_and_prep(file_name, message) 56 | 57 | transcriptions = transcribe(file_name, update.message) 58 | 59 | if len(transcriptions) == 0 or transcriptions[0] == "": 60 | message.reply_text( 61 | "Transcription results are empty. Try Again", quote=True 62 | ) 63 | return 64 | 65 | # Format incorrect ip address transcriptions 66 | for transcription in transcriptions: 67 | re_search = re.search( 68 | r"(\d{1,3}\s?\..*\s?\d{1,3}\s?\..*\s?\d{1,3}\s?\..*\s?\d{1,3})", 69 | transcription, 70 | ) 71 | 72 | if re_search is not None: 73 | ip_index = re_search.span() 74 | ip_address = transcription[ip_index[0]: ip_index[1]] 75 | ip_address = re.sub( 76 | r"(.)\1+", r"\1", ip_address.strip(". ").replace(" ", ".") 77 | ) 78 | transcription = ( 79 | transcription[: ip_index[0]] 80 | + ip_address 81 | + transcription[ip_index[1]:] 82 | ) 83 | message.reply_text( 84 | "Interpreted message: " + str(transcription), quote=True 85 | ) 86 | handlers.process_input(transcription, update) 87 | 88 | 89 | def transcribe( 90 | file_name: str, 91 | message, 92 | lang_code: str = "en-US", 93 | alternatives: List[str] = ["uk-UA"], 94 | ) -> List[str]: 95 | """Transcribe received voice message""" 96 | media_info = MediaInfo.parse(file_name) 97 | if len(media_info.audio_tracks) != 1 or not hasattr( 98 | media_info.audio_tracks[0], "sampling_rate" 99 | ): 100 | os.remove(file_name) 101 | raise ValueError("Failed to detect sample rate") 102 | actual_duration = round(media_info.audio_tracks[0].duration / 1000) 103 | 104 | sample_rate = media_info.audio_tracks[0].sampling_rate 105 | encoding = RecognitionConfig.AudioEncoding.OGG_OPUS 106 | if sample_rate not in SUPPORTED_SAMPLE_RATES: 107 | message.reply_text( 108 | "Your voice message has a sample rate of {} Hz which is not in " 109 | "the supported sample rates ({}).\n\n".format( 110 | sample_rate, 111 | ", ".join( 112 | str(int(rate / 1000)) + " kHz" 113 | for rate in SUPPORTED_SAMPLE_RATES 114 | ), 115 | ), 116 | quote=True, 117 | ) 118 | config = RecognitionConfig( 119 | encoding=encoding, 120 | sample_rate_hertz=sample_rate, 121 | enable_automatic_punctuation=True, 122 | language_code=lang_code, 123 | alternative_language_codes=alternatives, 124 | ) 125 | 126 | try: 127 | response = regular_upload(file_name, config) 128 | except Exception as e: 129 | print(e) 130 | os.remove(file_name) 131 | return ["Failed"] 132 | os.remove(file_name) 133 | 134 | message_text = "" 135 | for result in response.results: 136 | message_text += result.alternatives[0].transcript + "\n" 137 | 138 | return split_long_message(message_text) 139 | 140 | 141 | def regular_upload( 142 | file_name: str, config: RecognitionConfig 143 | ) -> RecognizeResponse: 144 | """Upload Voice message for recognition""" 145 | with io.open(file_name, "rb") as audio_file: 146 | content = audio_file.read() 147 | audio = RecognitionAudio(content=content) 148 | return speech_client.recognize(config=config, audio=audio) 149 | 150 | 151 | def split_long_message(text: str) -> List[str]: 152 | """Split long transcriptions to max supported length""" 153 | length = len(text) 154 | if length < MAX_MESSAGE_LENGTH: 155 | return [text] 156 | 157 | results = [] 158 | for i in range(0, length, MAX_MESSAGE_LENGTH): 159 | results.append(text[i:MAX_MESSAGE_LENGTH]) 160 | 161 | return results 162 | 163 | 164 | def download_and_prep(file_name: str, message) -> None: 165 | """Get voice file from telegram chat""" 166 | message.voice.get_file().download(file_name) 167 | 168 | 169 | def controller(update, context): 170 | """Relay user message to reconPal logic.""" 171 | handlers.process_input(update.message.text, update) 172 | 173 | 174 | def main(): 175 | """Start the bot.""" 176 | updater = Updater("TOKEN_API", use_context=True) 177 | dp = updater.dispatcher 178 | 179 | voice_handler = MessageHandler( 180 | Filters.voice & DateFilter(), voice_to_text, run_async=True 181 | ) 182 | 183 | dp.add_handler(CommandHandler("start", start)) 184 | dp.add_handler(CommandHandler("register", register)) 185 | dp.add_handler(MessageHandler(Filters.text & ~Filters.command, controller)) 186 | dp.add_handler(voice_handler) 187 | 188 | updater.start_polling() 189 | updater.idle() 190 | 191 | 192 | if __name__ == "__main__": 193 | main() 194 | -------------------------------------------------------------------------------- /containers/controller/handler.py: -------------------------------------------------------------------------------- 1 | from shodan import Shodan 2 | from websocket import create_connection 3 | import os 4 | import openai 5 | 6 | api = Shodan(os.getenv("SHODAN_API_KEY")) 7 | openai.api_key = os.getenv("OPENAI_API_KEY") 8 | REGISTER_FLAG = 0 9 | trained_model_name = "" 10 | 11 | 12 | class Controller: 13 | """Class to encapsulate reconpal logic""" 14 | 15 | def scan(command, update): 16 | """Communicate with Scanner module""" 17 | print("trying connection") 18 | ws = create_connection("ws://10.131.131.4:49000") 19 | print("Started Connection") 20 | ws.send(command) 21 | for message in ws: 22 | if message == "--END--": 23 | break 24 | else: 25 | # Split message according to max telegram message length 26 | if len(message) > 4096: 27 | for x in range(0, len(message), 4096): 28 | update.message.reply_text( 29 | message[x: x + 4096] + "\n", 30 | disable_web_page_preview=True, 31 | ) 32 | else: 33 | update.message.reply_text( 34 | message + "\n", disable_web_page_preview=True 35 | ) 36 | 37 | ws.close() 38 | update.message.reply_text("Done \U0001F601\n") 39 | 40 | def attack(command, update): 41 | """Communicate with Attacker module""" 42 | print("trying connection") 43 | ws = create_connection("ws://10.131.131.6:50000") 44 | print("Started Connection") 45 | ws.send(command) 46 | for message in ws: 47 | if message == "--END--": 48 | break 49 | else: 50 | # Split message according to max telegram message length 51 | if len(message) > 4096: 52 | for x in range(0, len(message), 4096): 53 | update.message.reply_text( 54 | message[x: x + 4096] + "\n", 55 | disable_web_page_preview=True, 56 | ) 57 | else: 58 | update.message.reply_text( 59 | message + "\n", disable_web_page_preview=True 60 | ) 61 | 62 | ws.close() 63 | update.message.reply_text("Done \U0001F601\n") 64 | 65 | def process_input(self, raw_input, update): 66 | """Process input received from telegram""" 67 | query = "" 68 | global trained_model_name, REGISTER_FLAG 69 | if REGISTER_FLAG == 0: 70 | # Check if OpenAI model has been registered 71 | update.message.reply_text("Please register model with /register\n") 72 | elif raw_input.startswith(">"): 73 | # Process custom commands 74 | Controller.scan(raw_input[2:], update) 75 | else: 76 | update.message.reply_text("Processsing.. Please wait!\n") 77 | # Generate text to code completion 78 | full_response = openai.Completion.create( 79 | model=trained_model_name, 80 | prompt=[raw_input + "\n"], 81 | temperature=0, 82 | max_tokens=100, 83 | top_p=1, 84 | frequency_penalty=0.2, 85 | presence_penalty=0, 86 | stop=["\n"], 87 | ) 88 | response_text = full_response["choices"][0]["text"] 89 | selected_module = response_text[: response_text.find("~")] 90 | response_text = response_text[response_text.find("~") + 1:] 91 | 92 | # Route commands to appropriate modules 93 | if selected_module == "scanner": 94 | update.message.reply_text( 95 | "Interpreted command: " + response_text 96 | ) 97 | Controller.scan(response_text, update) 98 | elif selected_module == "finder": 99 | query = response_text 100 | """Temporary fix for incorrect openAI response""" 101 | count_rep = query.count("country") 102 | if count_rep > 1: 103 | c_index = query.find("country") 104 | query = query[: c_index + 12] 105 | 106 | update.message.reply_text("Interpreted command: " + query) 107 | dump = api.search( 108 | query, 109 | page=None, 110 | limit=None, 111 | offset=8, 112 | facets=None, 113 | minify=True, 114 | ) 115 | 116 | if query.find("search") != -1: 117 | query = query.replace("shodan search", " ") 118 | query = query.strip() 119 | dump = api.search(query) 120 | update.message.reply_text( 121 | "Total Results: " + str(len(dump["matches"])) + " \n" 122 | ) 123 | for match in dump["matches"]: 124 | update.message.reply_text( 125 | "{}\n".format( 126 | ( 127 | "IP: {}\nOS: {}\nISP: {}\nRegion Code: {}\ 128 | \nCity Name: {}\ 129 | \nCountry Name: {}".format( 130 | match["ip_str"], 131 | match["os"], 132 | match["isp"], 133 | match["location"]["region_code"], 134 | match["location"]["city"], 135 | match["location"]["country_name"], 136 | ) 137 | ) 138 | ) 139 | ) 140 | update.message.reply_text("Done \U0001F601\n") 141 | elif query.find("host") != -1: 142 | update.message.reply_text("Interpreted command: " + query) 143 | query = query.replace("shodan host", " ") 144 | query = query.strip() 145 | dump = api.host(query) 146 | update.message.reply_text( 147 | "{}\n".format( 148 | ( 149 | "IP: {}\nOS: {}\nISP: {}\nHostname: {}\ 150 | \nPorts: {}\nCity Name: {}\ 151 | \nCountry Name: {}".format( 152 | dump["ip_str"], 153 | dump["os"], 154 | dump["isp"], 155 | dump["hostnames"], 156 | dump["ports"], 157 | dump["city"], 158 | dump["country_name"], 159 | ) 160 | ) 161 | ) 162 | ) 163 | update.message.reply_text("Done \U0001F601\n") 164 | else: 165 | update.message.reply_text( 166 | "Sorry ReconPal is unable to understand your \ 167 | request \U0001F61E\n" 168 | ) 169 | 170 | elif selected_module == "attacker": 171 | update.message.reply_text( 172 | "Interpreted command: " + response_text 173 | ) 174 | Controller.attack(response_text, update) 175 | 176 | else: 177 | update.message.reply_text( 178 | "Sorry ReconPal is unable to understand your \ 179 | request \U0001F61E\n" 180 | ) 181 | 182 | def register_commands(self, data, update): 183 | """Function to upload training file and train model""" 184 | global trained_model_name, REGISTER_FLAG 185 | f = open("datastore/model", "r") 186 | model_name = f.read() 187 | f.close() 188 | if model_name[:7] == "davinci": 189 | # Check if trained model is already available 190 | trained_model_name = model_name 191 | update.message.reply_text( 192 | "Model " + trained_model_name + " in use\n" 193 | ) 194 | REGISTER_FLAG = 1 195 | elif model_name[:2] == "ft": 196 | # Check if model has finished fine tune 197 | retrieve_response = openai.FineTune.retrieve(id=model_name) 198 | if retrieve_response["status"] == "succeeded": 199 | trained_model_name = retrieve_response["fine_tuned_model"] 200 | update.message.reply_text( 201 | "Fine Tuned model created with name\n" + trained_model_name 202 | ) 203 | f = open("datastore/model", "w") 204 | f.write(trained_model_name) 205 | f.close() 206 | REGISTER_FLAG = 1 207 | else: 208 | update.message.reply_text("Please wait for fine tune\n") 209 | else: 210 | # Upload dataset for fine tune 211 | update.message.reply_text("Uploading dataset for fine tune\n") 212 | file_create_response = openai.File.create( 213 | file=open("datastore/dataset_reconpal.jsonl"), 214 | purpose="fine-tune", 215 | ) 216 | training_file_id = file_create_response["id"] 217 | finetune_create_response = openai.FineTune.create( 218 | training_file=training_file_id, model="davinci" 219 | ) 220 | update.message.reply_text("Started fine-tune\n") 221 | 222 | finetune_id = finetune_create_response["id"] 223 | f = open("datastore/model", "w") 224 | f.write(finetune_id) 225 | f.close() 226 | -------------------------------------------------------------------------------- /containers/attacker/server/websocket_server/websocket_server.py: -------------------------------------------------------------------------------- 1 | # Author: Johan Hanssen Seferidis 2 | # License: MIT 3 | 4 | import sys 5 | import struct 6 | from base64 import b64encode 7 | from hashlib import sha1 8 | import logging 9 | from socket import error as SocketError 10 | import errno 11 | 12 | if sys.version_info[0] < 3: 13 | from SocketServer import ThreadingMixIn, TCPServer, StreamRequestHandler 14 | else: 15 | from socketserver import ThreadingMixIn, TCPServer, StreamRequestHandler 16 | 17 | logger = logging.getLogger(__name__) 18 | logging.basicConfig() 19 | 20 | ''' 21 | +-+-+-+-+-------+-+-------------+-------------------------------+ 22 | 0 1 2 3 23 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 24 | +-+-+-+-+-------+-+-------------+-------------------------------+ 25 | |F|R|R|R| opcode|M| Payload len | Extended payload length | 26 | |I|S|S|S| (4) |A| (7) | (16/64) | 27 | |N|V|V|V| |S| | (if payload len==126/127) | 28 | | |1|2|3| |K| | | 29 | +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + 30 | | Extended payload length continued, if payload len == 127 | 31 | + - - - - - - - - - - - - - - - +-------------------------------+ 32 | | Payload Data continued ... | 33 | +---------------------------------------------------------------+ 34 | ''' 35 | 36 | FIN = 0x80 37 | OPCODE = 0x0f 38 | MASKED = 0x80 39 | PAYLOAD_LEN = 0x7f 40 | PAYLOAD_LEN_EXT16 = 0x7e 41 | PAYLOAD_LEN_EXT64 = 0x7f 42 | 43 | OPCODE_CONTINUATION = 0x0 44 | OPCODE_TEXT = 0x1 45 | OPCODE_BINARY = 0x2 46 | OPCODE_CLOSE_CONN = 0x8 47 | OPCODE_PING = 0x9 48 | OPCODE_PONG = 0xA 49 | 50 | 51 | # -------------------------------- API --------------------------------- 52 | 53 | class API(): 54 | 55 | def run_forever(self): 56 | try: 57 | logger.info("Listening on port %d for clients.." % self.port) 58 | self.serve_forever() 59 | except KeyboardInterrupt: 60 | self.server_close() 61 | logger.info("Server terminated.") 62 | except Exception as e: 63 | logger.error(str(e), exc_info=True) 64 | exit(1) 65 | 66 | def new_client(self, client, server): 67 | pass 68 | 69 | def client_left(self, client, server): 70 | pass 71 | 72 | def message_received(self, client, server, message): 73 | pass 74 | 75 | def set_fn_new_client(self, fn): 76 | self.new_client = fn 77 | 78 | def set_fn_client_left(self, fn): 79 | self.client_left = fn 80 | 81 | def set_fn_message_received(self, fn): 82 | self.message_received = fn 83 | 84 | def send_message(self, client, msg): 85 | self._unicast_(client, msg) 86 | 87 | def send_message_to_all(self, msg): 88 | self._multicast_(msg) 89 | 90 | 91 | # ------------------------- Implementation ----------------------------- 92 | 93 | class WebsocketServer(ThreadingMixIn, TCPServer, API): 94 | """ 95 | A websocket server waiting for clients to connect. 96 | 97 | Args: 98 | port(int): Port to bind to 99 | host(str): Hostname or IP to listen for connections. By default 127.0.0.1 100 | is being used. To accept connections from any client, you should use 101 | 0.0.0.0. 102 | loglevel: Logging level from logging module to use for logging. By default 103 | warnings and errors are being logged. 104 | 105 | Properties: 106 | clients(list): A list of connected clients. A client is a dictionary 107 | like below. 108 | { 109 | 'id' : id, 110 | 'handler' : handler, 111 | 'address' : (addr, port) 112 | } 113 | """ 114 | 115 | allow_reuse_address = True 116 | daemon_threads = True # comment to keep threads alive until finished 117 | 118 | clients = [] 119 | id_counter = 0 120 | 121 | def __init__(self, port, host='127.0.0.1', loglevel=logging.WARNING): 122 | logger.setLevel(loglevel) 123 | TCPServer.__init__(self, (host, port), WebSocketHandler) 124 | self.port = self.socket.getsockname()[1] 125 | 126 | def _message_received_(self, handler, msg): 127 | self.message_received(self.handler_to_client(handler), self, msg) 128 | 129 | def _ping_received_(self, handler, msg): 130 | handler.send_pong(msg) 131 | 132 | def _pong_received_(self, handler, msg): 133 | pass 134 | 135 | def _new_client_(self, handler): 136 | self.id_counter += 1 137 | client = { 138 | 'id': self.id_counter, 139 | 'handler': handler, 140 | 'address': handler.client_address 141 | } 142 | self.clients.append(client) 143 | self.new_client(client, self) 144 | 145 | def _client_left_(self, handler): 146 | client = self.handler_to_client(handler) 147 | self.client_left(client, self) 148 | if client in self.clients: 149 | self.clients.remove(client) 150 | 151 | def _unicast_(self, to_client, msg): 152 | to_client['handler'].send_message(msg) 153 | 154 | def _multicast_(self, msg): 155 | for client in self.clients: 156 | self._unicast_(client, msg) 157 | 158 | def handler_to_client(self, handler): 159 | for client in self.clients: 160 | if client['handler'] == handler: 161 | return client 162 | 163 | 164 | class WebSocketHandler(StreamRequestHandler): 165 | 166 | def __init__(self, socket, addr, server): 167 | self.server = server 168 | StreamRequestHandler.__init__(self, socket, addr, server) 169 | 170 | def setup(self): 171 | StreamRequestHandler.setup(self) 172 | self.keep_alive = True 173 | self.handshake_done = False 174 | self.valid_client = False 175 | 176 | def handle(self): 177 | while self.keep_alive: 178 | if not self.handshake_done: 179 | self.handshake() 180 | elif self.valid_client: 181 | self.read_next_message() 182 | 183 | def read_bytes(self, num): 184 | # python3 gives ordinal of byte directly 185 | bytes = self.rfile.read(num) 186 | if sys.version_info[0] < 3: 187 | return map(ord, bytes) 188 | else: 189 | return bytes 190 | 191 | def read_next_message(self): 192 | try: 193 | b1, b2 = self.read_bytes(2) 194 | except SocketError as e: # to be replaced with ConnectionResetError for py3 195 | if e.errno == errno.ECONNRESET: 196 | logger.info("Client closed connection.") 197 | self.keep_alive = 0 198 | return 199 | b1, b2 = 0, 0 200 | except ValueError as e: 201 | b1, b2 = 0, 0 202 | 203 | fin = b1 & FIN 204 | opcode = b1 & OPCODE 205 | masked = b2 & MASKED 206 | payload_length = b2 & PAYLOAD_LEN 207 | 208 | if opcode == OPCODE_CLOSE_CONN: 209 | logger.info("Client asked to close connection.") 210 | self.keep_alive = 0 211 | return 212 | if not masked: 213 | logger.warn("Client must always be masked.") 214 | self.keep_alive = 0 215 | return 216 | if opcode == OPCODE_CONTINUATION: 217 | logger.warn("Continuation frames are not supported.") 218 | return 219 | elif opcode == OPCODE_BINARY: 220 | logger.warn("Binary frames are not supported.") 221 | return 222 | elif opcode == OPCODE_TEXT: 223 | opcode_handler = self.server._message_received_ 224 | elif opcode == OPCODE_PING: 225 | opcode_handler = self.server._ping_received_ 226 | elif opcode == OPCODE_PONG: 227 | opcode_handler = self.server._pong_received_ 228 | else: 229 | logger.warn("Unknown opcode %#x." % opcode) 230 | self.keep_alive = 0 231 | return 232 | 233 | if payload_length == 126: 234 | payload_length = struct.unpack(">H", self.rfile.read(2))[0] 235 | elif payload_length == 127: 236 | payload_length = struct.unpack(">Q", self.rfile.read(8))[0] 237 | 238 | masks = self.read_bytes(4) 239 | message_bytes = bytearray() 240 | for message_byte in self.read_bytes(payload_length): 241 | message_byte ^= masks[len(message_bytes) % 4] 242 | message_bytes.append(message_byte) 243 | opcode_handler(self, message_bytes.decode('utf8')) 244 | 245 | def send_message(self, message): 246 | self.send_text(message) 247 | 248 | def send_pong(self, message): 249 | self.send_text(message, OPCODE_PONG) 250 | 251 | def send_text(self, message, opcode=OPCODE_TEXT): 252 | """ 253 | Important: Fragmented(=continuation) messages are not supported since 254 | their usage cases are limited - when we don't know the payload length. 255 | """ 256 | 257 | # Validate message 258 | if isinstance(message, bytes): 259 | message = try_decode_UTF8(message) # this is slower but ensures we have UTF-8 260 | if not message: 261 | logger.warning("Can\'t send message, message is not valid UTF-8") 262 | return False 263 | elif sys.version_info < (3,0) and (isinstance(message, str) or isinstance(message, unicode)): 264 | pass 265 | elif isinstance(message, str): 266 | pass 267 | else: 268 | logger.warning('Can\'t send message, message has to be a string or bytes. Given type is %s' % type(message)) 269 | return False 270 | 271 | header = bytearray() 272 | payload = encode_to_UTF8(message) 273 | payload_length = len(payload) 274 | 275 | # Normal payload 276 | if payload_length <= 125: 277 | header.append(FIN | opcode) 278 | header.append(payload_length) 279 | 280 | # Extended payload 281 | elif payload_length >= 126 and payload_length <= 65535: 282 | header.append(FIN | opcode) 283 | header.append(PAYLOAD_LEN_EXT16) 284 | header.extend(struct.pack(">H", payload_length)) 285 | 286 | # Huge extended payload 287 | elif payload_length < 18446744073709551616: 288 | header.append(FIN | opcode) 289 | header.append(PAYLOAD_LEN_EXT64) 290 | header.extend(struct.pack(">Q", payload_length)) 291 | 292 | else: 293 | raise Exception("Message is too big. Consider breaking it into chunks.") 294 | return 295 | 296 | self.request.send(header + payload) 297 | 298 | def read_http_headers(self): 299 | headers = {} 300 | # first line should be HTTP GET 301 | http_get = self.rfile.readline().decode().strip() 302 | assert http_get.upper().startswith('GET') 303 | # remaining should be headers 304 | while True: 305 | header = self.rfile.readline().decode().strip() 306 | if not header: 307 | break 308 | head, value = header.split(':', 1) 309 | headers[head.lower().strip()] = value.strip() 310 | return headers 311 | 312 | def handshake(self): 313 | headers = self.read_http_headers() 314 | 315 | try: 316 | assert headers['upgrade'].lower() == 'websocket' 317 | except AssertionError: 318 | self.keep_alive = False 319 | return 320 | 321 | try: 322 | key = headers['sec-websocket-key'] 323 | except KeyError: 324 | logger.warning("Client tried to connect but was missing a key") 325 | self.keep_alive = False 326 | return 327 | 328 | response = self.make_handshake_response(key) 329 | self.handshake_done = self.request.send(response.encode()) 330 | self.valid_client = True 331 | self.server._new_client_(self) 332 | 333 | @classmethod 334 | def make_handshake_response(cls, key): 335 | return \ 336 | 'HTTP/1.1 101 Switching Protocols\r\n'\ 337 | 'Upgrade: websocket\r\n' \ 338 | 'Connection: Upgrade\r\n' \ 339 | 'Sec-WebSocket-Accept: %s\r\n' \ 340 | '\r\n' % cls.calculate_response_key(key) 341 | 342 | @classmethod 343 | def calculate_response_key(cls, key): 344 | GUID = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11' 345 | hash = sha1(key.encode() + GUID.encode()) 346 | response_key = b64encode(hash.digest()).strip() 347 | return response_key.decode('ASCII') 348 | 349 | def finish(self): 350 | self.server._client_left_(self) 351 | 352 | 353 | def encode_to_UTF8(data): 354 | try: 355 | return data.encode('UTF-8') 356 | except UnicodeEncodeError as e: 357 | logger.error("Could not encode data to UTF-8 -- %s" % e) 358 | return False 359 | except Exception as e: 360 | raise(e) 361 | return False 362 | 363 | 364 | def try_decode_UTF8(data): 365 | try: 366 | return data.decode('utf-8') 367 | except UnicodeDecodeError: 368 | return False 369 | except Exception as e: 370 | raise(e) 371 | -------------------------------------------------------------------------------- /containers/scanner/server/websocket_server/websocket_server.py: -------------------------------------------------------------------------------- 1 | # Author: Johan Hanssen Seferidis 2 | # License: MIT 3 | 4 | import sys 5 | import struct 6 | from base64 import b64encode 7 | from hashlib import sha1 8 | import logging 9 | from socket import error as SocketError 10 | import errno 11 | 12 | if sys.version_info[0] < 3: 13 | from SocketServer import ThreadingMixIn, TCPServer, StreamRequestHandler 14 | else: 15 | from socketserver import ThreadingMixIn, TCPServer, StreamRequestHandler 16 | 17 | logger = logging.getLogger(__name__) 18 | logging.basicConfig() 19 | 20 | ''' 21 | +-+-+-+-+-------+-+-------------+-------------------------------+ 22 | 0 1 2 3 23 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 24 | +-+-+-+-+-------+-+-------------+-------------------------------+ 25 | |F|R|R|R| opcode|M| Payload len | Extended payload length | 26 | |I|S|S|S| (4) |A| (7) | (16/64) | 27 | |N|V|V|V| |S| | (if payload len==126/127) | 28 | | |1|2|3| |K| | | 29 | +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + 30 | | Extended payload length continued, if payload len == 127 | 31 | + - - - - - - - - - - - - - - - +-------------------------------+ 32 | | Payload Data continued ... | 33 | +---------------------------------------------------------------+ 34 | ''' 35 | 36 | FIN = 0x80 37 | OPCODE = 0x0f 38 | MASKED = 0x80 39 | PAYLOAD_LEN = 0x7f 40 | PAYLOAD_LEN_EXT16 = 0x7e 41 | PAYLOAD_LEN_EXT64 = 0x7f 42 | 43 | OPCODE_CONTINUATION = 0x0 44 | OPCODE_TEXT = 0x1 45 | OPCODE_BINARY = 0x2 46 | OPCODE_CLOSE_CONN = 0x8 47 | OPCODE_PING = 0x9 48 | OPCODE_PONG = 0xA 49 | 50 | 51 | # -------------------------------- API --------------------------------- 52 | 53 | class API(): 54 | 55 | def run_forever(self): 56 | try: 57 | logger.info("Listening on port %d for clients.." % self.port) 58 | self.serve_forever() 59 | except KeyboardInterrupt: 60 | self.server_close() 61 | logger.info("Server terminated.") 62 | except Exception as e: 63 | logger.error(str(e), exc_info=True) 64 | exit(1) 65 | 66 | def new_client(self, client, server): 67 | pass 68 | 69 | def client_left(self, client, server): 70 | pass 71 | 72 | def message_received(self, client, server, message): 73 | pass 74 | 75 | def set_fn_new_client(self, fn): 76 | self.new_client = fn 77 | 78 | def set_fn_client_left(self, fn): 79 | self.client_left = fn 80 | 81 | def set_fn_message_received(self, fn): 82 | self.message_received = fn 83 | 84 | def send_message(self, client, msg): 85 | self._unicast_(client, msg) 86 | 87 | def send_message_to_all(self, msg): 88 | self._multicast_(msg) 89 | 90 | 91 | # ------------------------- Implementation ----------------------------- 92 | 93 | class WebsocketServer(ThreadingMixIn, TCPServer, API): 94 | """ 95 | A websocket server waiting for clients to connect. 96 | 97 | Args: 98 | port(int): Port to bind to 99 | host(str): Hostname or IP to listen for connections. By default 127.0.0.1 100 | is being used. To accept connections from any client, you should use 101 | 0.0.0.0. 102 | loglevel: Logging level from logging module to use for logging. By default 103 | warnings and errors are being logged. 104 | 105 | Properties: 106 | clients(list): A list of connected clients. A client is a dictionary 107 | like below. 108 | { 109 | 'id' : id, 110 | 'handler' : handler, 111 | 'address' : (addr, port) 112 | } 113 | """ 114 | 115 | allow_reuse_address = True 116 | daemon_threads = True # comment to keep threads alive until finished 117 | 118 | clients = [] 119 | id_counter = 0 120 | 121 | def __init__(self, port, host='127.0.0.1', loglevel=logging.WARNING): 122 | logger.setLevel(loglevel) 123 | TCPServer.__init__(self, (host, port), WebSocketHandler) 124 | self.port = self.socket.getsockname()[1] 125 | 126 | def _message_received_(self, handler, msg): 127 | self.message_received(self.handler_to_client(handler), self, msg) 128 | 129 | def _ping_received_(self, handler, msg): 130 | handler.send_pong(msg) 131 | 132 | def _pong_received_(self, handler, msg): 133 | pass 134 | 135 | def _new_client_(self, handler): 136 | self.id_counter += 1 137 | client = { 138 | 'id': self.id_counter, 139 | 'handler': handler, 140 | 'address': handler.client_address 141 | } 142 | self.clients.append(client) 143 | self.new_client(client, self) 144 | 145 | def _client_left_(self, handler): 146 | client = self.handler_to_client(handler) 147 | self.client_left(client, self) 148 | if client in self.clients: 149 | self.clients.remove(client) 150 | 151 | def _unicast_(self, to_client, msg): 152 | to_client['handler'].send_message(msg) 153 | 154 | def _multicast_(self, msg): 155 | for client in self.clients: 156 | self._unicast_(client, msg) 157 | 158 | def handler_to_client(self, handler): 159 | for client in self.clients: 160 | if client['handler'] == handler: 161 | return client 162 | 163 | 164 | class WebSocketHandler(StreamRequestHandler): 165 | 166 | def __init__(self, socket, addr, server): 167 | self.server = server 168 | StreamRequestHandler.__init__(self, socket, addr, server) 169 | 170 | def setup(self): 171 | StreamRequestHandler.setup(self) 172 | self.keep_alive = True 173 | self.handshake_done = False 174 | self.valid_client = False 175 | 176 | def handle(self): 177 | while self.keep_alive: 178 | if not self.handshake_done: 179 | self.handshake() 180 | elif self.valid_client: 181 | self.read_next_message() 182 | 183 | def read_bytes(self, num): 184 | # python3 gives ordinal of byte directly 185 | bytes = self.rfile.read(num) 186 | if sys.version_info[0] < 3: 187 | return map(ord, bytes) 188 | else: 189 | return bytes 190 | 191 | def read_next_message(self): 192 | try: 193 | b1, b2 = self.read_bytes(2) 194 | except SocketError as e: # to be replaced with ConnectionResetError for py3 195 | if e.errno == errno.ECONNRESET: 196 | logger.info("Client closed connection.") 197 | self.keep_alive = 0 198 | return 199 | b1, b2 = 0, 0 200 | except ValueError as e: 201 | b1, b2 = 0, 0 202 | 203 | fin = b1 & FIN 204 | opcode = b1 & OPCODE 205 | masked = b2 & MASKED 206 | payload_length = b2 & PAYLOAD_LEN 207 | 208 | if opcode == OPCODE_CLOSE_CONN: 209 | logger.info("Client asked to close connection.") 210 | self.keep_alive = 0 211 | return 212 | if not masked: 213 | logger.warn("Client must always be masked.") 214 | self.keep_alive = 0 215 | return 216 | if opcode == OPCODE_CONTINUATION: 217 | logger.warn("Continuation frames are not supported.") 218 | return 219 | elif opcode == OPCODE_BINARY: 220 | logger.warn("Binary frames are not supported.") 221 | return 222 | elif opcode == OPCODE_TEXT: 223 | opcode_handler = self.server._message_received_ 224 | elif opcode == OPCODE_PING: 225 | opcode_handler = self.server._ping_received_ 226 | elif opcode == OPCODE_PONG: 227 | opcode_handler = self.server._pong_received_ 228 | else: 229 | logger.warn("Unknown opcode %#x." % opcode) 230 | self.keep_alive = 0 231 | return 232 | 233 | if payload_length == 126: 234 | payload_length = struct.unpack(">H", self.rfile.read(2))[0] 235 | elif payload_length == 127: 236 | payload_length = struct.unpack(">Q", self.rfile.read(8))[0] 237 | 238 | masks = self.read_bytes(4) 239 | message_bytes = bytearray() 240 | for message_byte in self.read_bytes(payload_length): 241 | message_byte ^= masks[len(message_bytes) % 4] 242 | message_bytes.append(message_byte) 243 | opcode_handler(self, message_bytes.decode('utf8')) 244 | 245 | def send_message(self, message): 246 | self.send_text(message) 247 | 248 | def send_pong(self, message): 249 | self.send_text(message, OPCODE_PONG) 250 | 251 | def send_text(self, message, opcode=OPCODE_TEXT): 252 | """ 253 | Important: Fragmented(=continuation) messages are not supported since 254 | their usage cases are limited - when we don't know the payload length. 255 | """ 256 | 257 | # Validate message 258 | if isinstance(message, bytes): 259 | message = try_decode_UTF8(message) # this is slower but ensures we have UTF-8 260 | if not message: 261 | logger.warning("Can\'t send message, message is not valid UTF-8") 262 | return False 263 | elif sys.version_info < (3,0) and (isinstance(message, str) or isinstance(message, unicode)): 264 | pass 265 | elif isinstance(message, str): 266 | pass 267 | else: 268 | logger.warning('Can\'t send message, message has to be a string or bytes. Given type is %s' % type(message)) 269 | return False 270 | 271 | header = bytearray() 272 | payload = encode_to_UTF8(message) 273 | payload_length = len(payload) 274 | 275 | # Normal payload 276 | if payload_length <= 125: 277 | header.append(FIN | opcode) 278 | header.append(payload_length) 279 | 280 | # Extended payload 281 | elif payload_length >= 126 and payload_length <= 65535: 282 | header.append(FIN | opcode) 283 | header.append(PAYLOAD_LEN_EXT16) 284 | header.extend(struct.pack(">H", payload_length)) 285 | 286 | # Huge extended payload 287 | elif payload_length < 18446744073709551616: 288 | header.append(FIN | opcode) 289 | header.append(PAYLOAD_LEN_EXT64) 290 | header.extend(struct.pack(">Q", payload_length)) 291 | 292 | else: 293 | raise Exception("Message is too big. Consider breaking it into chunks.") 294 | return 295 | 296 | self.request.send(header + payload) 297 | 298 | def read_http_headers(self): 299 | headers = {} 300 | # first line should be HTTP GET 301 | http_get = self.rfile.readline().decode().strip() 302 | assert http_get.upper().startswith('GET') 303 | # remaining should be headers 304 | while True: 305 | header = self.rfile.readline().decode().strip() 306 | if not header: 307 | break 308 | head, value = header.split(':', 1) 309 | headers[head.lower().strip()] = value.strip() 310 | return headers 311 | 312 | def handshake(self): 313 | headers = self.read_http_headers() 314 | 315 | try: 316 | assert headers['upgrade'].lower() == 'websocket' 317 | except AssertionError: 318 | self.keep_alive = False 319 | return 320 | 321 | try: 322 | key = headers['sec-websocket-key'] 323 | except KeyError: 324 | logger.warning("Client tried to connect but was missing a key") 325 | self.keep_alive = False 326 | return 327 | 328 | response = self.make_handshake_response(key) 329 | self.handshake_done = self.request.send(response.encode()) 330 | self.valid_client = True 331 | self.server._new_client_(self) 332 | 333 | @classmethod 334 | def make_handshake_response(cls, key): 335 | return \ 336 | 'HTTP/1.1 101 Switching Protocols\r\n'\ 337 | 'Upgrade: websocket\r\n' \ 338 | 'Connection: Upgrade\r\n' \ 339 | 'Sec-WebSocket-Accept: %s\r\n' \ 340 | '\r\n' % cls.calculate_response_key(key) 341 | 342 | @classmethod 343 | def calculate_response_key(cls, key): 344 | GUID = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11' 345 | hash = sha1(key.encode() + GUID.encode()) 346 | response_key = b64encode(hash.digest()).strip() 347 | return response_key.decode('ASCII') 348 | 349 | def finish(self): 350 | self.server._client_left_(self) 351 | 352 | 353 | def encode_to_UTF8(data): 354 | try: 355 | return data.encode('UTF-8') 356 | except UnicodeEncodeError as e: 357 | logger.error("Could not encode data to UTF-8 -- %s" % e) 358 | return False 359 | except Exception as e: 360 | raise(e) 361 | return False 362 | 363 | 364 | def try_decode_UTF8(data): 365 | try: 366 | return data.decode('utf-8') 367 | except UnicodeDecodeError: 368 | return False 369 | except Exception as e: 370 | raise(e) 371 | -------------------------------------------------------------------------------- /datastore/wordlists/hydra/top-1000.txt: -------------------------------------------------------------------------------- 1 | 123456 2 | 123456789 3 | 111111 4 | password 5 | qwerty 6 | abc123 7 | 12345678 8 | password1 9 | 1234567 10 | 123123 11 | 1234567890 12 | 000000 13 | 12345 14 | iloveyou 15 | 1q2w3e4r5t 16 | 1234 17 | 123456a 18 | qwertyuiop 19 | monkey 20 | 123321 21 | dragon 22 | 654321 23 | 666666 24 | 123 25 | myspace1 26 | a123456 27 | 121212 28 | 1qaz2wsx 29 | 123qwe 30 | 123abc 31 | tinkle 32 | target123 33 | gwerty 34 | 1g2w3e4r 35 | gwerty123 36 | zag12wsx 37 | 7777777 38 | qwerty1 39 | 1q2w3e4r 40 | 987654321 41 | 222222 42 | qwe123 43 | qwerty123 44 | zxcvbnm 45 | 555555 46 | 112233 47 | fuckyou 48 | asdfghjkl 49 | 12345a 50 | 123123123 51 | 1q2w3e 52 | qazwsx 53 | computer 54 | aaaaaa 55 | 159753 56 | iloveyou1 57 | fuckyou1 58 | princess 59 | 789456123 60 | 11111111 61 | 123654 62 | princess1 63 | 888888 64 | linkedin 65 | michael 66 | sunshine 67 | football 68 | 11111 69 | 777777 70 | 1234qwer 71 | 999999 72 | j38ifUbn 73 | monkey1 74 | football1 75 | daniel 76 | azerty 77 | a12345 78 | 123456789a 79 | 789456 80 | asdfgh 81 | love123 82 | abcd1234 83 | jordan23 84 | 88888888 85 | 5201314 86 | 12qwaszx 87 | FQRG7CS493 88 | ashley 89 | asdf 90 | asd123 91 | superman 92 | jessica 93 | love 94 | samsung 95 | shadow 96 | blink182 97 | 333333 98 | michael1 99 | babygirl1 100 | jesus1 101 | qwert 102 | k.: 103 | baseball 104 | charlie 105 | 0 106 | hello1 107 | soccer 108 | killer 109 | 131313 110 | master 111 | 1111111 112 | gfhjkm 113 | 0123456789 114 | 987654 115 | iloveyou2 116 | angel1 117 | jordan 118 | 147258369 119 | bitch1 120 | michelle 121 | q1w2e3r4 122 | jessica1 123 | qwer1234 124 | 159357 125 | soccer1 126 | liverpool 127 | 101010 128 | zxcvbn 129 | thomas 130 | asdasd 131 | fuckyou2 132 | justin 133 | nicole 134 | 1111111111 135 | 1 136 | 1111 137 | qazwsxedc 138 | baseball1 139 | andrew 140 | hello 141 | apple 142 | 0987654321 143 | anthony1 144 | 102030 145 | money1 146 | parola 147 | abc 148 | 147258 149 | anthony 150 | 111222 151 | jennifer 152 | number1 153 | naruto 154 | 123456q 155 | 696969 156 | 00000000 157 | joshua 158 | golfer 159 | 29rsavoy 160 | myspace 161 | andrea 162 | basketball 163 | qwerty12 164 | charlie1 165 | passw0rd 166 | asshole1 167 | hunter 168 | marina 169 | welcome 170 | 010203 171 | superman1 172 | password12 173 | xbox360 174 | sunshine1 175 | ashley1 176 | lovely 177 | babygirl 178 | ! 179 | trustno1 180 | 666 181 | asdf1234 182 | chocolate 183 | buster 184 | summer 185 | tigger 186 | purple 187 | freedom 188 | loveme 189 | matthew 190 | 50cent 191 | password2 192 | maggie 193 | george 194 | chelsea 195 | 12341234 196 | amanda 197 | hannah 198 | q1w2e3 199 | friends 200 | shadow1 201 | william 202 | abcdefg 203 | samantha 204 | 12344321 205 | nicole1 206 | q1w2e3r4t5y6 207 | robert 208 | mother 209 | jordan1 210 | secret 211 | letmein 212 | qweasdzxc 213 | 212121 214 | pokemon 215 | $HEX 216 | internet 217 | batman 218 | love12 219 | a123456789 220 | VQsaBLPzLa 221 | qweqwe 222 | hello123 223 | 232323 224 | butterfly 225 | martin 226 | flower 227 | forever 228 | mustang 229 | 1qazxsw2 230 | iloveu 231 | cjmasterinf 232 | orange 233 | harley 234 | user 235 | brandon1 236 | london 237 | 1234567891 238 | pepper 239 | chris1 240 | lol123 241 | abcdef 242 | whatever 243 | 1342 244 | alexander 245 | loveyou 246 | 290966 247 | wall.e 248 | junior 249 | 12413 250 | qweasd 251 | PE#5GZ29PTZMSE 252 | tudelft 253 | dpbk1234 254 | DIOSESFIEL 255 | U38fa39 256 | 147852 257 | cookie 258 | family 259 | jasmine 260 | dragon1 261 | 12345q 262 | nikita 263 | pakistan 264 | 123654789 265 | 123789 266 | amanda1 267 | joseph 268 | happy1 269 | ginger 270 | : 271 | matthew1 272 | snoopy 273 | justin1 274 | lastfm 275 | 3rJs1la7qE 276 | пїЅпїЅпїЅпїЅпїЅпїЅ 277 | antonio 278 | barcelona 279 | matrix 280 | computer1 281 | hottie1 282 | sophie 283 | sandra 284 | michelle1 285 | 12345678910 286 | qqqqqq 287 | arsenal 288 | 444444 289 | brandon 290 | daniel1 291 | jonathan 292 | killer1 293 | liverpool1 294 | mickey 295 | ghbdtn 296 | purple1 297 | mercedes 298 | patrick 299 | 11223344 300 | diamond 301 | 456789 302 | victoria 303 | asshole 304 | taylor 305 | qwertyu 306 | andrew1 307 | red123 308 | lucky1 309 | eminem 310 | 12345qwert 311 | 111222tianya 312 | yellow 313 | william1 314 | bailey 315 | angel 316 | chicken1 317 | richard 318 | 0000 319 | banana 320 | 0000000000 321 | jasmine1 322 | benjamin 323 | welcome1 324 | starwars 325 | hunter1 326 | cheese 327 | melissa 328 | angela 329 | christian 330 | 1234554321 331 | oliver 332 | chocolate1 333 | butterfly1 334 | peanut 335 | 55555 336 | hockey 337 | mylove 338 | natasha 339 | NULL 340 | mommy1 341 | 1234561 342 | q1w2e3r4t5 343 | america 344 | 252525 345 | monster 346 | school 347 | 456123 348 | james1 349 | slipknot 350 | hannah1 351 | zaq12wsx 352 | chicken 353 | 147852369 354 | gabriel 355 | elizabeth 356 | cookie1 357 | Status 358 | 87654321 359 | robert1 360 | ferrari 361 | nathan 362 | 1password 363 | buddy1 364 | 1314520 365 | america1 366 | metallica 367 | chelsea1 368 | zzzzzz 369 | prince 370 | adidas 371 | jackson 372 | morgan 373 | rainbow 374 | silver 375 | 1234567a 376 | angels 377 | iw14Fi9j 378 | loveme1 379 | juventus 380 | jennifer1 381 | !~!1 382 | bubbles 383 | samuel 384 | fuckoff 385 | lovers 386 | cheese1 387 | 0123456 388 | 123asd 389 | 999999999 390 | madison 391 | elizabeth1 392 | music 393 | buster1 394 | lauren 395 | david1 396 | tigger1 397 | 123qweasd 398 | taylor1 399 | carlos 400 | tinkerbell 401 | samantha1 402 | Sojdlg123aljg 403 | joshua1 404 | poop 405 | stella 406 | myspace123 407 | asdasd5 408 | freedom1 409 | whatever1 410 | xxxxxx 411 | 00000 412 | valentina 413 | a1b2c3 414 | 741852963 415 | austin 416 | monica 417 | qaz123 418 | lovely1 419 | music1 420 | harley1 421 | family1 422 | spongebob1 423 | steven 424 | nirvana 425 | 1234abcd 426 | hellokitty 427 | thomas1 428 | 7654321 429 | madison1 430 | daddy1 431 | summer1 432 | cocacola 433 | nicholas 434 | zxc123 435 | 123456m 436 | qwertyui 437 | spiderman 438 | vanessa 439 | diamond1 440 | 142536 441 | danielle 442 | badoo 443 | 7758521 444 | bandit 445 | pokemon1 446 | mustang1 447 | 1qaz2wsx3edc 448 | alexis 449 | loulou 450 | justinbieb 451 | yamaha 452 | qwert1 453 | scooter 454 | rachel 455 | tennis 456 | ronaldo 457 | i 458 | mexico1 459 | friends1 460 | victor 461 | maggie1 462 | asdfasdf 463 | qwerty12345 464 | lover1 465 | jesus 466 | 123hfjdk147 467 | nicolas 468 | batman1 469 | weed420 470 | password123 471 | loser1 472 | 123456j 473 | iloveyou! 474 | pepper1 475 | fuckoff1 476 | 555666 477 | iloveu2 478 | sabrina 479 | pussy1 480 | bubbles1 481 | 098765 482 | master1 483 | smokey 484 | a1b2c3d4 485 | 123456789q 486 | qwaszx 487 | heather 488 | jasper 489 | booboo 490 | heather1 491 | 4815162342 492 | peanut1 493 | chester 494 | 123456s 495 | 123456b 496 | google 497 | edward 498 | yankees1 499 | canada 500 | Exigent 501 | destiny 502 | success 503 | nigger1 504 | 135790 505 | asdfghjkl1 506 | 124578 507 | casper 508 | lalala 509 | mother1 510 | sexy123 511 | qazxsw 512 | naruto1 513 | 1q2w3e4r5t6y 514 | david 515 | money 516 | yellow1 517 | patrick1 518 | flower1 519 | 12121212 520 | alexander1 521 | raiders1 522 | Password1 523 | sebastian 524 | 134679 525 | zxcvbnm1 526 | dennis 527 | 852456 528 | hahaha 529 | daniela 530 | ginger1 531 | olivia 532 | melissa1 533 | 010101 534 | slipknot1 535 | spiderman1 536 | cowboys1 537 | 0000000 538 | rebecca 539 | 741852 540 | jeremy 541 | a1234567 542 | dakota 543 | 123456d 544 | 1a2b3c 545 | apple1 546 | november 547 | alexandra 548 | 159951 549 | iloveu1 550 | veronica 551 | fuckme1 552 | baby123 553 | yankees 554 | stupid1 555 | cristina 556 | newyork1 557 | jackson1 558 | playboy 559 | friend 560 | iloveyou12 561 | sammy1 562 | pimpin1 563 | phoenix 564 | PolniyPizdec0211 565 | rocky1 566 | password! 567 | joseph1 568 | 753951 569 | p 570 | a838hfiD 571 | richard1 572 | beautiful1 573 | mickey1 574 | carolina 575 | j123456 576 | 202020 577 | newyork 578 | patricia 579 | charles 580 | stephanie 581 | orange1 582 | m123456 583 | 421uiopy258 584 | myspace2 585 | cameron 586 | spider 587 | barbie 588 | woaini 589 | vincent 590 | mexico 591 | scorpion 592 | monster1 593 | aaaaa 594 | elephant 595 | asdf123 596 | 963852741 597 | zk.: 598 | guitar 599 | fucker1 600 | destiny1 601 | hotmail 602 | johnny 603 | doudou 604 | q123456 605 | bailey1 606 | asdfgh1 607 | fucker 608 | louise 609 | sparky 610 | sweety 611 | 123456abc 612 | shorty1 613 | booboo1 614 | december 615 | 9876543210 616 | manchester 617 | midnight 618 | 246810 619 | jessie 620 | dallas 621 | austin1 622 | s123456 623 | pass 624 | 12345678a 625 | claudia 626 | пїЅпїЅпїЅпїЅпїЅпїЅпїЅ 627 | kristina 628 | lakers 629 | lovelove 630 | crazy1 631 | tiger1 632 | thunder 633 | dolphin 634 | a 635 | gangsta1 636 | jackie 637 | 151515 638 | charlotte 639 | scooter1 640 | caroline 641 | fuck 642 | merlin 643 | junior1 644 | super123 645 | scooby 646 | marseille 647 | aaaa 648 | metallica1 649 | kitty1 650 | chris 651 | beautiful 652 | black1 653 | danielle1 654 | blessed1 655 | skater1 656 | 1029384756 657 | qazwsx123 658 | 456456 659 | b123456 660 | genius 661 | guitar1 662 | tyler1 663 | peaches 664 | california 665 | sakura 666 | tigers 667 | soleil 668 | lauren1 669 | green1 670 | smokey1 671 | cooper 672 | 520520 673 | muffin 674 | christian1 675 | love13 676 | fucku2 677 | arsenal1 678 | lucky7 679 | diablo 680 | apples 681 | george1 682 | babyboy1 683 | crystal 684 | 1122334455 685 | player1 686 | aa123456 687 | vfhbyf 688 | forever1 689 | Password 690 | winston 691 | chivas1 692 | sexy 693 | hockey1 694 | 1a2b3c4d 695 | pussy 696 | playboy1 697 | stalker 698 | cherry 699 | tweety 700 | toyota 701 | creative 702 | gemini 703 | pretty1 704 | пїЅпїЅпїЅпїЅпїЅпїЅпїЅпїЅ 705 | maverick 706 | brittany1 707 | nathan1 708 | letmein1 709 | cameron1 710 | secret1 711 | google1 712 | heaven 713 | martina 714 | murphy 715 | spongebob 716 | uQA9Ebw445 717 | fernando 718 | pretty 719 | startfinding 720 | softball 721 | dolphin1 722 | fuckme 723 | test123 724 | qwerty1234 725 | kobe24 726 | alejandro 727 | adrian 728 | september 729 | aaaaaa1 730 | bubba1 731 | isabella 732 | abc123456 733 | password3 734 | jason1 735 | abcdefg123 736 | loveyou1 737 | shannon 738 | 100200 739 | manuel 740 | leonardo 741 | molly1 742 | flowers 743 | 123456z 744 | 007007 745 | password. 746 | 321321 747 | miguel 748 | samsung1 749 | sergey 750 | sweet1 751 | abc1234 752 | windows 753 | qwert123 754 | vfrcbv 755 | poohbear 756 | d123456 757 | school1 758 | badboy 759 | 951753 760 | 123456c 761 | 111 762 | steven1 763 | snoopy1 764 | garfield 765 | YAgjecc826 766 | compaq 767 | candy1 768 | sarah1 769 | qwerty123456 770 | 123456l 771 | eminem1 772 | 141414 773 | 789789 774 | maria 775 | steelers 776 | iloveme1 777 | morgan1 778 | winner 779 | boomer 780 | lolita 781 | nastya 782 | alexis1 783 | carmen 784 | angelo 785 | nicholas1 786 | portugal 787 | precious 788 | jackass1 789 | jonathan1 790 | yfnfif 791 | bitch 792 | tiffany 793 | rabbit 794 | rainbow1 795 | angel123 796 | popcorn 797 | barbara 798 | brandy 799 | fuckyou! 800 | starwars1 801 | barney 802 | natalia 803 | hiphop 804 | tiffany1 805 | shorty 806 | poohbear1 807 | simone 808 | albert 809 | marlboro 810 | hardcore 811 | cowboys 812 | sydney 813 | alex 814 | scorpio 815 | 1234512345 816 | q12345 817 | qq123456 818 | onelove 819 | bond007 820 | abcdefg1 821 | eagles 822 | crystal1 823 | azertyuiop 824 | winter 825 | sexy12 826 | angelina 827 | james 828 | svetlana 829 | fatima 830 | 123456k 831 | icecream 832 | popcorn1 833 | 121314 834 | john316 835 | qazwsx1 836 | victoria1 837 | twilight 838 | iloveme 839 | 9379992 840 | pass123 841 | dancer 842 | brittany 843 | beauty 844 | bonjour 845 | maxwell 846 | coffee 847 | dexter 848 | 454545 849 | qazqaz 850 | snickers 851 | love11 852 | samson 853 | aaaaaaaa 854 | swordfish 855 | fyfcnfcbz 856 | abcd123 857 | aaa111 858 | natalie 859 | hottie 860 | passion 861 | alyssa 862 | rockstar1 863 | lovers1 864 | florida 865 | alicia 866 | happy 867 | blue123 868 | 123456t 869 | ranger 870 | yourmom1 871 | pumpkin 872 | denise 873 | edward1 874 | tweety1 875 | christine 876 | august 877 | 54321 878 | bella1 879 | marie1 880 | seven7 881 | steelers1 882 | aaaaa1 883 | shannon1 884 | amber1 885 | cutie1 886 | peaches1 887 | florida1 888 | bonnie 889 | stephanie1 890 | lollipop 891 | cassie 892 | k. 893 | rachel1 894 | greenday1 895 | krishna 896 | teresa 897 | october 898 | iverson3 899 | motorola 900 | rockstar 901 | hahaha1 902 | police 903 | lakers24 904 | fylhtq 905 | andrey 906 | loveme2 907 | turtle 908 | southside1 909 | baby 910 | bismillah 911 | pa55word 912 | blessed 913 | emmanuel 914 | 666999 915 | 012345 916 | fluffy 917 | 5555555555 918 | stupid 919 | karina 920 | fishing 921 | musica 922 | password11 923 | love4ever 924 | melanie 925 | greenday 926 | isabelle 927 | nothing 928 | abcd 929 | chicago 930 | cowboy 931 | mnbvcxz 932 | andrea1 933 | 242424 934 | babygurl1 935 | santiago 936 | ssssss 937 | kevin1 938 | lakers1 939 | chester1 940 | 321654 941 | kimberly 942 | carlos1 943 | z123456 944 | daisy1 945 | jackass 946 | m 947 | 5555555 948 | zoosk 949 | boston 950 | happy123 951 | 55555555 952 | satan666 953 | 111111a 954 | pamela 955 | 090909 956 | francesco 957 | horses 958 | 456852 959 | qwer 960 | vanessa1 961 | redsox 962 | pookie 963 | a12345678 964 | 110110 965 | tucker 966 | marley 967 | corvette 968 | 778899 969 | realmadrid 970 | raiders 971 | rangers 972 | people 973 | 1123581321 974 | soccer12 975 | sayang 976 | shelby 977 | christ 978 | 12345t 979 | fktrcfylh 980 | kitten 981 | player 982 | c123456 983 | qwert12345 984 | baby12 985 | trinity 986 | 1v7Upjw3nT 987 | p@ssw0rd 988 | thunder1 989 | zxcvbnm123 990 | midnight1 991 | lebron23 992 | golden 993 | strawberry 994 | orlando 995 | love1234 996 | lucky13 997 | asdfg1 998 | marine 999 | soccer10 1000 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | , 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | --------------------------------------------------------------------------------