07-21-2024, 09:23 PM
(This post was last modified: 07-21-2024, 09:53 PM by AFS_Nemesis.)
You'll need to not use AFS_DB
---------
import os, socket, random, secrets, dns.resolver, time, sys, argparse
from datetime import datetime
from afs_database import AFS_DB # <----- not today homies
def print_cli(*args,**kwargs):
prepend_text = "[" + str(datetime.now()) + "] "
print(prepend_text,*args,**kwargs)
def get_lock(process_name):
get_lock._lock_socket = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
try:
get_lock._lock_socket.bind('\0' + process_name)
print_cli('Locking The Domain Socket for this Process.')
except socket.error:
sys.exit(0)
if __name__ == '__main__':
get_lock(os.path.basename(__file__))
parser = argparse.ArgumentParser(description='Bruteforce DNS Records.')
parser.add_argument('--domain', type=str, help='Target Domain Name.',required=True)
args = parser.parse_args()
root_dns = []
def loadDNSServers() -> None:
with open("dns_servers.txt","r") as f:
for server in f:
root_dns.append(server.strip())
print_cli("DNS Server List Len:",len(root_dns)," "*50)
def baseN(num, b=26, numerals="abcdefghijklmnopqrstuvwxyz"):
return ((num == 0) and numerals[0]) or (baseN(num // b, b, numerals).lstrip(numerals[0]) + numerals[num % b])
def dns_resolve(hostname:str, i:int, retry:int=0):
retry_limit = 100
root_server = [secrets.choice(root_dns)] #secure random
dns.resolver.default_resolver = dns.resolver.Resolver(configure=False)
dns.resolver.default_resolver.nameservers = root_server
dns.resolver.default_resolver.timeout = 20
dns.resolver.default_resolver.lifetime = 20
try:
res = dns.resolver.resolve(hostname,tcp=True)
return res
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer) as e:
return None
except (dns.resolver.LifetimeTimeout, dns.resolver.NoNameservers) as e:
if "SERVFAIL" in str(e):
return None
print_cli("DNS Server Error:",root_server[0],e)
if retry < retry_limit:
delay = 3*(retry+1)
if delay > 30:
delay = 30
time.sleep(delay)
#print_cli("Retrying",str(retry+1)+":",hostname,i," "*30,end="\r")
print_cli("Retrying",str(retry+1)+":",hostname,i,"DNS",root_server[0]," "*30,end="\r")
return dns_resolve(hostname,i,retry=(retry+1))
print_cli("Exception Retries Beyond Limit:",hostname,i," "*50)
raise e
target = args.domain
db = AFS_DB(db_type="mysql",load_known_asns=False)
latest_rec = db.get_dns_bruteforce_record(target)
print_cli("Latest Successful Record Tested:",latest_rec['latest_record_tested'])
loadDNSServers()
for i in range((latest_rec['latest_record_tested']+1),1000000):
hostname = baseN(i).zfill(1) + "." + target
res = dns_resolve(hostname,i)
if res is not None:
print_cli("Adding Hostname to Targets:",hostname,i,[r for r in res])
db.add_target(targets=["http://"+hostname+"/","https://"+hostname+"/"],confirm=True)
else:
print_cli("Hostname:",hostname,i,res," "*30,end="\r")
db.update_dns_bruteforce_record(target,i)
$ ./exploit_engine.py
___ __ _ ______ __ _____
/ | ____ / /_(_) ____/__ ____ / /___ __/ ___/___ _____
/ /| | / __ \/ __/ / /_ / _ \/ __ \/ __/ / / /\__ \/ _ \/ ___/
/ ___ |/ / / / /_/ / __/ / __/ / / / /_/ /_/ /___/ / __/ /__
/_/ |_/_/ /_/\__/_/_/ \___/_/ /_/\__/\__, //____/\___/\___/
/____/
______ __ _ __ ______ _
/ ____/ ______ / /___ (_) /_ / ____/___ ____ _(_)___ ___
/ __/ | |/_/ __ \/ / __ \/ / __/ / __/ / __ \/ __ `/ / __ \/ _ \
/ /____> </ /_/ / / /_/ / / /_ / /___/ / / / /_/ / / / / / __/
/_____/_/|_/ .___/_/\____/_/\__/ /_____/_/ /_/\__, /_/_/ /_/\___/
/_/ /____/
[2024-07-21 22:25:54.501508] Loading DB Credentials.
AFS Exploit Engine Shell Info
┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Category ┃ Command ┃
┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ Archives │ archives_status, archives_add, archives_del, archives_list │
│ CronTab │ crontab_status, crontab_enable SCRIPT, crontab_disable SCRIPT │
│ Database │ database_status, database_show_latest, database_shell │
│ HoneyPot │ honeypot_add, honeypot_show, honeypot_sus, honeypot_autoadd │
│ PortScans │ portscan_add PORTS/COMMONPORTS START_PORT END_PORT, portscan_del, portscan_show, portscan_start, portscan_stop PID, portscan_targets │
│ Search │ search EX PHP 1.7.30 Fentanyl 9050 │
│ Services │ service_enable SCRIPT, service_start SCRIPT, service_stop SCRIPT, service_status SCRIPT │
│ System Status │ system_status, system_tools, heads_up_display │
│ Targets │ target_add, target_del, target_show │
│ Processes │ process_test, process_usage │
│ Whats Going On │ whats_running, whats_running USERNAME, whats_running_afs │
└────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
AFS Exploit Engine > database_status
[2024-07-21 22:26:59.765986] Generating Exploit Pipeline Statistics.
[2024-07-21 22:26:59.795181] Target Country: MX
Database Status
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┓
┃ DB Info ┃ Value ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━┩
│ ASNNets Count │ 1,209,601 │
│ ASNNets in Country │ 8,603 │
│ IP Count in Country │ 17,094,656 │
│ OpenPort Tested │ 233,870,405 │
│ OpenPort Combined │ 21,394,218 │
│ OpenPort w/is_open │ 120,368 │
│ OpenPort w/Serviced │ 120,368 │
│ OpenPort w/Serviced Open │ 75,468 │
│ HoneyPot Count: │ 67 │
│ HTTPPageArchive Count │ 50,429 │
│ ArchiveBoxRecords │ 20,613 │
│ ExploitAttempts Total │ 4,547,483 │
│ ExploitAttempts Unique Exploits │ 3,596 │
│ ExploitAttempts Launched │ 0 │
│ ExploitAttempts Worked │ 0 │
│ Shells Popped │ 0 │
│ Root Shells Popped │ 0 │
└─────────────────────────────────┴─────────────┘
# updates
AFS Exploit Engine > service_status
[2024-07-21 22:51:02.377154] Service Status:
AFS Script Status
┏━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Script Name ┃ Proc Count ┃ Script Desc ┃
┡━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ ArchiveBox │ 0 │ Third Party Software that scans & archives web sites for later analysis. │
│ synthesize.py │ 2 │ Gets HTTP Pages and Archives Them. Can test & connect via socks proxies. │
│ savory.py │ 1 │ Bruteforces DNS Records Against Target Domain Names. │
│ scrap.py │ 2 │ Runs Multiple Binary Analysis Tools & Extracts Filesystem for Analysis. │
│ scrape.py │ 0 │ Runs Multiple Scans Against Firmware Extracted by scrap.py. │
│ serviced.py │ 3 │ Conducts an NMap Service scan against a detected open port. │
│ slap.py │ 0 │ Runs HTTP/Web Scans from Preset System Commands. │
│ smash.py │ 2 │ Determines possible exploits & launches exploit attempts. │
│ storm.py │ 2 │ Connects to Onion addresses and randomly makes communication. Used to offset traffic analysis. │
│ swamp.py │ 2 │ Loads Known Web Servers into ArchiveBox for archiving and searching. │
│ swim.py │ 2 │ Conducts ASN Network Discovery using Whois Queries. │
│ swing.py │ 0 │ Conducts Port Scans against Countries, Networks, IPs & Web Addresses. │
│ swole.py │ 2 │ Combines Port Scan Results Using Start and End Port Ranges. This Helps Save Disk Space. │
└───────────────┴────────────┴────────────────────────────────────────────────────────────────────────────────────────────────┘
# for posterity
AFS Exploit Engine > service_start swing.py
[2024-07-21 22:52:34.183710] Starting Services.
Start Services
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Command ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ proxychains python /home/nemesis/Desktop/AFS_Port_Scanner/swing.py --country MX --ports_common -v --thread_prescan 7 --thread_portscan 256 │
└────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
> Are You Sure You Want to Execute These Commands? (y/N): y
[2024-07-21 22:52:41.789211] Executing Commands.
Executing Command: proxychains python /home/nemesis/Desktop/AFS_Port_Scanner/swing.py --country MX --ports_common -v --thread_prescan 7 --thread_portscan 256
# for health
---------
import os, socket, random, secrets, dns.resolver, time, sys, argparse
from datetime import datetime
from afs_database import AFS_DB # <----- not today homies
def print_cli(*args,**kwargs):
prepend_text = "[" + str(datetime.now()) + "] "
print(prepend_text,*args,**kwargs)
def get_lock(process_name):
get_lock._lock_socket = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
try:
get_lock._lock_socket.bind('\0' + process_name)
print_cli('Locking The Domain Socket for this Process.')
except socket.error:
sys.exit(0)
if __name__ == '__main__':
get_lock(os.path.basename(__file__))
parser = argparse.ArgumentParser(description='Bruteforce DNS Records.')
parser.add_argument('--domain', type=str, help='Target Domain Name.',required=True)
args = parser.parse_args()
root_dns = []
def loadDNSServers() -> None:
with open("dns_servers.txt","r") as f:
for server in f:
root_dns.append(server.strip())
print_cli("DNS Server List Len:",len(root_dns)," "*50)
def baseN(num, b=26, numerals="abcdefghijklmnopqrstuvwxyz"):
return ((num == 0) and numerals[0]) or (baseN(num // b, b, numerals).lstrip(numerals[0]) + numerals[num % b])
def dns_resolve(hostname:str, i:int, retry:int=0):
retry_limit = 100
root_server = [secrets.choice(root_dns)] #secure random
dns.resolver.default_resolver = dns.resolver.Resolver(configure=False)
dns.resolver.default_resolver.nameservers = root_server
dns.resolver.default_resolver.timeout = 20
dns.resolver.default_resolver.lifetime = 20
try:
res = dns.resolver.resolve(hostname,tcp=True)
return res
except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer) as e:
return None
except (dns.resolver.LifetimeTimeout, dns.resolver.NoNameservers) as e:
if "SERVFAIL" in str(e):
return None
print_cli("DNS Server Error:",root_server[0],e)
if retry < retry_limit:
delay = 3*(retry+1)
if delay > 30:
delay = 30
time.sleep(delay)
#print_cli("Retrying",str(retry+1)+":",hostname,i," "*30,end="\r")
print_cli("Retrying",str(retry+1)+":",hostname,i,"DNS",root_server[0]," "*30,end="\r")
return dns_resolve(hostname,i,retry=(retry+1))
print_cli("Exception Retries Beyond Limit:",hostname,i," "*50)
raise e
target = args.domain
db = AFS_DB(db_type="mysql",load_known_asns=False)
latest_rec = db.get_dns_bruteforce_record(target)
print_cli("Latest Successful Record Tested:",latest_rec['latest_record_tested'])
loadDNSServers()
for i in range((latest_rec['latest_record_tested']+1),1000000):
hostname = baseN(i).zfill(1) + "." + target
res = dns_resolve(hostname,i)
if res is not None:
print_cli("Adding Hostname to Targets:",hostname,i,[r for r in res])
db.add_target(targets=["http://"+hostname+"/","https://"+hostname+"/"],confirm=True)
else:
print_cli("Hostname:",hostname,i,res," "*30,end="\r")
db.update_dns_bruteforce_record(target,i)
$ ./exploit_engine.py
___ __ _ ______ __ _____
/ | ____ / /_(_) ____/__ ____ / /___ __/ ___/___ _____
/ /| | / __ \/ __/ / /_ / _ \/ __ \/ __/ / / /\__ \/ _ \/ ___/
/ ___ |/ / / / /_/ / __/ / __/ / / / /_/ /_/ /___/ / __/ /__
/_/ |_/_/ /_/\__/_/_/ \___/_/ /_/\__/\__, //____/\___/\___/
/____/
______ __ _ __ ______ _
/ ____/ ______ / /___ (_) /_ / ____/___ ____ _(_)___ ___
/ __/ | |/_/ __ \/ / __ \/ / __/ / __/ / __ \/ __ `/ / __ \/ _ \
/ /____> </ /_/ / / /_/ / / /_ / /___/ / / / /_/ / / / / / __/
/_____/_/|_/ .___/_/\____/_/\__/ /_____/_/ /_/\__, /_/_/ /_/\___/
/_/ /____/
[2024-07-21 22:25:54.501508] Loading DB Credentials.
AFS Exploit Engine Shell Info
┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Category ┃ Command ┃
┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ Archives │ archives_status, archives_add, archives_del, archives_list │
│ CronTab │ crontab_status, crontab_enable SCRIPT, crontab_disable SCRIPT │
│ Database │ database_status, database_show_latest, database_shell │
│ HoneyPot │ honeypot_add, honeypot_show, honeypot_sus, honeypot_autoadd │
│ PortScans │ portscan_add PORTS/COMMONPORTS START_PORT END_PORT, portscan_del, portscan_show, portscan_start, portscan_stop PID, portscan_targets │
│ Search │ search EX PHP 1.7.30 Fentanyl 9050 │
│ Services │ service_enable SCRIPT, service_start SCRIPT, service_stop SCRIPT, service_status SCRIPT │
│ System Status │ system_status, system_tools, heads_up_display │
│ Targets │ target_add, target_del, target_show │
│ Processes │ process_test, process_usage │
│ Whats Going On │ whats_running, whats_running USERNAME, whats_running_afs │
└────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
AFS Exploit Engine > database_status
[2024-07-21 22:26:59.765986] Generating Exploit Pipeline Statistics.
[2024-07-21 22:26:59.795181] Target Country: MX
Database Status
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┓
┃ DB Info ┃ Value ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━┩
│ ASNNets Count │ 1,209,601 │
│ ASNNets in Country │ 8,603 │
│ IP Count in Country │ 17,094,656 │
│ OpenPort Tested │ 233,870,405 │
│ OpenPort Combined │ 21,394,218 │
│ OpenPort w/is_open │ 120,368 │
│ OpenPort w/Serviced │ 120,368 │
│ OpenPort w/Serviced Open │ 75,468 │
│ HoneyPot Count: │ 67 │
│ HTTPPageArchive Count │ 50,429 │
│ ArchiveBoxRecords │ 20,613 │
│ ExploitAttempts Total │ 4,547,483 │
│ ExploitAttempts Unique Exploits │ 3,596 │
│ ExploitAttempts Launched │ 0 │
│ ExploitAttempts Worked │ 0 │
│ Shells Popped │ 0 │
│ Root Shells Popped │ 0 │
└─────────────────────────────────┴─────────────┘
# updates
AFS Exploit Engine > service_status
[2024-07-21 22:51:02.377154] Service Status:
AFS Script Status
┏━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Script Name ┃ Proc Count ┃ Script Desc ┃
┡━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ ArchiveBox │ 0 │ Third Party Software that scans & archives web sites for later analysis. │
│ synthesize.py │ 2 │ Gets HTTP Pages and Archives Them. Can test & connect via socks proxies. │
│ savory.py │ 1 │ Bruteforces DNS Records Against Target Domain Names. │
│ scrap.py │ 2 │ Runs Multiple Binary Analysis Tools & Extracts Filesystem for Analysis. │
│ scrape.py │ 0 │ Runs Multiple Scans Against Firmware Extracted by scrap.py. │
│ serviced.py │ 3 │ Conducts an NMap Service scan against a detected open port. │
│ slap.py │ 0 │ Runs HTTP/Web Scans from Preset System Commands. │
│ smash.py │ 2 │ Determines possible exploits & launches exploit attempts. │
│ storm.py │ 2 │ Connects to Onion addresses and randomly makes communication. Used to offset traffic analysis. │
│ swamp.py │ 2 │ Loads Known Web Servers into ArchiveBox for archiving and searching. │
│ swim.py │ 2 │ Conducts ASN Network Discovery using Whois Queries. │
│ swing.py │ 0 │ Conducts Port Scans against Countries, Networks, IPs & Web Addresses. │
│ swole.py │ 2 │ Combines Port Scan Results Using Start and End Port Ranges. This Helps Save Disk Space. │
└───────────────┴────────────┴────────────────────────────────────────────────────────────────────────────────────────────────┘
# for posterity
AFS Exploit Engine > service_start swing.py
[2024-07-21 22:52:34.183710] Starting Services.
Start Services
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Command ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ proxychains python /home/nemesis/Desktop/AFS_Port_Scanner/swing.py --country MX --ports_common -v --thread_prescan 7 --thread_portscan 256 │
└────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
> Are You Sure You Want to Execute These Commands? (y/N): y
[2024-07-21 22:52:41.789211] Executing Commands.
Executing Command: proxychains python /home/nemesis/Desktop/AFS_Port_Scanner/swing.py --country MX --ports_common -v --thread_prescan 7 --thread_portscan 256
# for health