exploit the possibilities

darkb0t IRC Python Bot 0.2

darkb0t IRC Python Bot 0.2
Posted Feb 25, 2012
Authored by baltazar

darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.

Changes: Various updates.
tags | sql injection, python
MD5 | 2f8298b032e4d22a3b64e1d34730a30c

darkb0t IRC Python Bot 0.2

Change Mirror Download
#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname : darkb0t.py
# Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version : 0.2
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft, c0ax, b0ne and all members of ex darkc0de.com, ljuska.org & darkartists.info

import sys, subprocess, socket, string, httplib, urlparse, urllib, re, urllib2, random, threading, cookielib
from sgmllib import SGMLParser
from xml.dom.minidom import parse, parseString
from time import sleep

try:
set
except NameError:
from sets import Set as set


def logo():
print "\n|---------------------------------------------------------------|"
print "| b4ltazar[@]gmail[dot]com |"
print "| 02/2012 darkb0t.py v.0.2 |"
print "| darkartists.info & ljuska.org |"
print "| |"
print "|---------------------------------------------------------------|\n"

def cmd():
print "[!] Commands the bot understands: "
print "\n[+] !help : Help"
print "[+] !usage : Examples of usage"
print "[+] !over : Bot quits"
print "[+] !clear : Clearing the urls in array!"
print "[+] !status : Show status of finished threads"
print "[+] !reverse : List domains hosted on the same IP"
print "[+] !srvinfo : Some info about target server"
print "[+] !sub : Checking for subdomains"
print "[+] !check : Crawl links from target and check for SQLi"
print "[+] !dork : Using dork for collecting links and then check for SQLi"

if sys.platform == 'linux' or sys.platform == 'linux2':
subprocess.call('clear', shell=True)
logo()
cmd()
else:
subprocess.call('cls', shell=True)
logo()
cmd()
if len(sys.argv) != 5:
print "[!] Usage: python darkb0t.py <host> <port> <nick> <channel>"
print "[!] Exiting, thx for using script"
sys.exit(1)

subdomains = ['adm','admin','admins','agent','aix','alerts','av','antivirus','app','apps','appserver','archive','as400','auto','backup','banking','bbdd','bbs','bea','beta','blog','catalog','cgi','channel','channels','chat','cisco','client','clients','club','cluster','clusters','code','commerce','community','compaq','conole','consumer','contact','contracts','corporate','ceo','cso','cust','customer','cpanel','data','bd','db2','default','demo','design','desktop','dev','develop','developer','device','dial','digital','dir','directory','disc','discovery','disk','dns','dns1','dns2','dns3','docs','documents','domain','domains','dominoweb','download','downloads','ecommerce','e-commerce','edi','edu','education','email','enable','engine','engineer','enterprise','error','event','events','example','exchange','extern','external','extranet','fax','field','finance','firewall','forum','forums','fsp','ftp','ftp2','fw','fw1','gallery','galleries','games','gateway','gopher','guest','gw','hello','helloworld','help','helpdesk','helponline','hp','ibm','ibmdb','ids','ILMI','images','imap','imap4','img','imgs','info','intern','internal','intranet','invalid','iphone','ipsec','irc','ircserver','jobs','ldap','link','linux','lists','listserver','local','localhost','log','logs','login','lotus','mail','mailboxes','mailhost','management','manage','manager','map','maps','marketing','device','media','member','members','messenger','mngt','mobile','monitor','multimedia','music','my','names','net','netdata','netstats','network','news','nms','nntp','ns','ns1','ns2','ns3','ntp','online','openview','oracle','outlook','page','pages','partner','partners','pda','personal','ph','pictures','pix','pop','pop3','portal','press','print','printer','private','project','projects','proxy','public','ra','radio','raptor','ras','read','register','remote','report','reports','root','router','rwhois','sac','schedules','scotty','search','secret','secure','security','seri','serv','serv2','server','service','services','shop','shopping','site','sms','smtp','smtphost','snmp','snmpd','snort','solaris','solutions','support','source','sql','ssl','stats','store','stream','streaming','sun','support','switch','sysback','system','tech','terminal','test','testing','testing123','time','tivoli','training','transfers','uddi','update','upload','uploads','video','vpn','w1','w2','w3','wais','wap','web','webdocs','weblib','weblogic','webmail','webserver','webservices','websphere','whois','wireless','work','world','write','ws','ws1','ws2','ws3','www1','www2','www3']

header = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
'Microsoft Internet Explorer/4.0b1 (Windows 95)',
'Opera/8.00 (Windows NT 5.1; U; en)',
'amaya/9.51 libwww/5.4.0',
'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]']

sqlerrors = {'MySQL': 'error in your SQL syntax',
'MiscError': 'mysql_fetch',
'MiscError2': 'num_rows',
'Oracle': 'ORA-01756',
'JDBC_CFM': 'Error Executing Database Query',
'JDBC_CFM2': 'SQLServer JDBC Driver',
'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server',
'MSSQL_Uqm': 'Unclosed quotation mark',
'MS-Access_ODBC': 'ODBC Microsoft Access Driver',
'MS-Access_JETdb': 'Microsoft JET Database',
'Error Occurred While Processing Request' : 'Error Occurred While Processing Request',
'Server Error' : 'Server Error',
'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error',
'Invalid Querystring' : 'Invalid Querystring',
'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC',
'VBScript Runtime' : 'VBScript Runtime',
'ADODB.Field' : 'ADODB.Field',
'BOF or EOF' : 'BOF or EOF',
'ADODB.Command' : 'ADODB.Command',
'JET Database' : 'JET Database',
'mysql_fetch_array()' : 'mysql_fetch_array()',
'Syntax error' : 'Syntax error',
'mysql_numrows()' : 'mysql_numrows()',
'GetArray()' : 'GetArray()',
'FetchRow()' : 'FetchRow()',
'Input string was not in a correct format' : 'Input string was not in a correct format',
'Not found' : 'Not found'}


timeout = 300
socket.setdefaulttimeout(timeout)
threads = []
urls = []

host = sys.argv[1]
port = int(sys.argv[2])
nick = sys.argv[3]
chan = sys.argv[4]

def revip():
sites = [target]
appid = '01CDBCA91C590493EE4E91FAF83E5239FEF6ADFD'
ip = socket.gethostbyname(target)
offset = 50
num = 1
while offset < 300:
url ="/xml.aspx?AppId=%s&Query=ip:%s&Sources=Web&Version=2.0&Market=en-us&Adult=Moderate&Options=EnableHighlighting&Web.Count=50&Web.Offset=%s&Web.Options=DisableQueryAlterations" % (appid, ip, offset)
conn = httplib.HTTPConnection("api.bing.net")
conn.request("GET", url)
res = conn.getresponse()
data = res.read()
conn.close()
xmldoc = parseString(data)
name = xmldoc.getElementsByTagName('web:DisplayUrl')
for n in name:
temp = n.childNodes[0].nodeValue
temp = temp.split("/")[0]
if temp.find('www.') == -1:
sites.append(temp)
offset += 50
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Target: ", target))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] IP: ", ip))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] Reverse IP LookUp ..."))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] Please wait!"))
s.send("PRIVMSG %s :%s%s%s\r\n" % (chan, "[!] Total: ",len(sites), " domain(s)"))
for si in sites:
s.send("PRIVMSG %s :%s%s%s%s%s%s\r\n" % (chan,"[",num,"/",len(sites),"] http://", si))
sleep(2)
num += 1

def srvinfo():
conn = httplib.HTTPConnection(target, 80)
try:
conn.request("HEAD", "/")
except socket.timeout:
print "[-] Server Timeout"
s.send("PRIVMSG %s :%s\r\n" % (chan, "[-] Server Timeout"))
except(KeyboardInterrupt, SystemExit):
pass
r1 = conn.getresponse()
conn.close()
ip = socket.gethostbyname(target)
server = r1.getheader('Server')
xpoweredby = r1.getheader('x-powered-by')
date = r1.getheader('date')
if xpoweredby == None:
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Ip of server: ", ip))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Server info: ", server))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Server date: ", date))
else:
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Ip of server: ", ip))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Server info: ", server))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Xpoweredby: ", xpoweredby))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Server date: ", date))

def sub():
w00t = 0
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Target: ", domain))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] Checking for subdomains"))
for sub in subdomains:
subdomain = sub+'.'+domain
try:
target = socket.gethostbyname(subdomain)
w00t = w00t+1
s.send("PRIVMSG %s :%s\r\n" % (chan, subdomain))
except:
pass
s.send("PRIVMSG %s :%s%s%s\r\n" % (chan, "[!] Found ",w00t, " subdomain(s)!"))

def SQLi(u):
host = u + "'"
try:
source = urllib2.urlopen(host).read()
for type, eMSG in sqlerrors.items():
if re.search(eMSG, source):
s.send("PRIVMSG %s :%s%s%s%s%s\r\n" % (chan, "[!] w00t,w00t!: ", host, " Error: ", type, " ---> SQL Injection"))
sleep(2)
else:
pass
except:
pass


def search(inurl, maxc):
counter = 0
while counter < int(maxc):
jar = cookielib.FileCookieJar("cookies")
query = inurl+'+site:'+site
results_web = 'http://www.search-results.com/web?q='+query+'&hl=en&page='+repr(counter)+'&src=hmp'
request_web = urllib2.Request(results_web)
agent = random.choice(header)
request_web.add_header('User-Agent', agent)
opener_web = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
text = opener_web.open(request_web).read()
stringreg = re.compile('(?<=href=")(.*?)(?=")')
names = stringreg.findall(text)
counter += 1
for name in names:
if name not in urls:
if re.search(r'\(',name) or re.search("<", name) or re.search("\A/", name) or re.search("\A(http://)\d", name):
pass
elif re.search("google",name) or re.search("youtube", name) or re.search("phpbuddy", name) or re.search("iranhack",name) or re.search("phpbuilder",name) or re.search("codingforums", name) or re.search("phpfreaks", name) or re.search("%", name) or re.search("facebook", name) or re.search("twitter", name):
pass
else:
urls.append(name)

tmplist = []
finallist = []
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Urls collected: ", len(urls)))
for u in urls:
try:
host = u.split("/", 3)
domain = host[2]
if domain not in tmplist and "=" in u:
finallist.append(u)
tmplist.append(domain)
except:
pass
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Urls for checking: ", len(finallist)))
return finallist

class injThread(threading.Thread):
def __init__(self,hosts):
self.hosts=hosts;self.fcount = 0
self.check = True
threading.Thread.__init__(self)

def run (self):
urls = list(self.hosts)
for u in urls:
try:
if self.check == True:
SQLi(u)
else:
break
except(KeyboardInterrupt,ValueError):
pass
self.fcount+=1

def stop(self):
self.check = False

class URLLister(SGMLParser):
def reset(self):
SGMLParser.reset(self)
self.urls = []

def start_a(self, attrs):
href = [v for k, v in attrs if k == 'href']
if href:
self.urls.extend(href)

def parse_urls(links):
urls = []
for link in links:
num = link.count("=")
if num > 0:
for x in range(num):
x = x + 1
if link[0] == "/" or link[0] == "?":
u = site+link.rsplit("=",x)[0]+"="
else:
u = link.rsplit("=",x)[0]+"="
if u.find(site.split(".",1)[1]) == -1:
u = site+u
if u.count("//") > 1:
u = "http://"+u[7:].replace("//","/",1)
urls.append(u)
urls = list(set(urls))
return urls

ircmsg = ""
s = socket.socket( )
s.connect((host, port))
s.send("NICK %s\r\n" % nick)
s.send("USER %s %s baltazar :%s\r\n" % (nick,nick,nick))
s.send("JOIN :%s\r\n" % chan)

while 1:
ircmsg = ircmsg+s.recv(2048)
temp = string.split(ircmsg, "\n")
ircmsg = temp.pop()
for line in temp:
line = string.rstrip(line)
line = string.split(line)
try:
if line[1] == "JOIN":
name = str(line[0].split("!")[0])
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "Welcome, ", name.replace(":","")))
s.send("PRIVMSG %s :%s\r\n" % (chan, "b4ltazar@gmail.com"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "darkb0t.py v.0.2"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "Visit ljuska.org & darkartists.info"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "For help type: !help"))

if line[3] == ":!help":
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] Commands the b0t understands:"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !help : Help"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !usage : Examples of usage"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !over : Bot quits"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !clear : Clearing the urls in array!"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !status : Show status of finished threads"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !reverse : List domains hosted on the same IP"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !srvinfo : Some info about target server"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !sub : Checking for subdomains"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !check : Crawl links from target and check for SQLi"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[+] !dork : Using dork for collecting links and then check for SQLi"))

if line[3] == ":!usage":
s.send("PRIVMSG %s :%s\r\n" % (chan, "[!] !reverse target.com"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[!] !srvinfo target.com"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[!] !sub target.com"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[!] !check http://www.target.com"))
s.send("PRIVMSG %s :%s\r\n" % (chan, "[!] !dork index.php?id= com 10 10"))

if line[3] == ":!over":
s.send("PRIVMSG %s :%s\r\n" % (chan, "[!] darkb0t leaves, visit ljuska.org & darkartists.info"))
print "\n[!] Thx for using darkb0t, visit ljuska.org & darkartists.info"
sys.exit(1)

if line[3] == ":!clear":
urls = []
s.send("PRIVMSG %s :%s\r\n" % (chan, "[!] Array cleared!"))

if line[3] == ":!status":
mainthread = 0
if threads != []:
for thread in threads:
mainthread += thread.fcount
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Number of threads finished scanning: ", mainthread))

if line[3] == ":!reverse":
target = line[4]
revip()
if line[3] == ":!srvinfo":
target = line[4]
srvinfo()
if line[3] == ":!sub":
domain = line[4]
sub()
if line[3] == ":!check":
site = line[4]
site = site.replace("http://","").rsplit("/",1)[0]+"/"
site = "http://"+site.lower()
try:
usock = urllib.urlopen(site)
parser = URLLister()
parser.feed(usock.read().lower())
parser.close()
usock.close()
except:
pass
urls = parse_urls(parser.urls)
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[!] Links Found: ", len(urls)))
for u in urls:
try:
SQLi(u)
except(KeyboardInterrupt, SystemExit):
print "[!] CTRL+C activated, now exiting! Thx for using darkb0t.py!"

if line[3] == ":!dork":
inurl = line[4]
site = line[5]
maxc = line[6]
numthreads = line[7]
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Dork: ", inurl))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Domain: ", site))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Number of page to search: ", maxc))
s.send("PRIVMSG %s :%s%s\r\n" % (chan, "[+] Number of threads: ", numthreads))
usearch = search(inurl, maxc)
i = len(usearch) / int(numthreads)
m = len(usearch) % int(numthreads)
z = 0
if len(threads) <= numthreads:
for x in range(0, int(numthreads)):
sliced = usearch[x*i:(x+1)*i]
if (z<m):
sliced.append(usearch[int(numthreads)*i+z])
z += 1
thread = injThread(sliced)
thread.start()
threads.append(thread)
for thread in threads:
thread.join()


except(IndexError):
pass

if(line[0] == "PING"):
sleep(1)
s.send("PONG %s\r\n" % line[1])
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close