diff --git a/find_ntp_nolib.py b/find_ntp_nolib.py new file mode 100755 index 0000000..8595588 --- /dev/null +++ b/find_ntp_nolib.py @@ -0,0 +1,121 @@ +#!/usr/bin/env python2 +# +# ./find_ntp_nolib.py -l IPs.txt -t 500 -o ntpservers.txt +# +# simple ntp server finder by dash +# this one is not dependend on ntplib as it uses socket only and default payload +# +# [*] Found 148 entries +# [*] Entries 148 in queue +# [*] Running with 50 threads +# ================================================== +# IP +# ================================================== +# 103.x.x.x +# 157.x.x.x +# +# + +import os +import sys +import Queue +import socket +import argparse +import threading + +global rQ +rQ = Queue.Queue() + +def openFile(hostList): + fr = open(hostList,'r') + rBuf = fr.readlines() + return rBuf + +def openWriteFile(outfile): + fw = open(outfile,'wb') + return fw + +def checkNTP(host): + payload = '\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd9\x15$\xf6Iw\x98\x00' + # settimeout so recv is not block + try: + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.settimeout(3) + s.connect((host,123)) + s.send(payload) + rBuf = s.recv(1024) + print '%s' % (host) + data = '%s\n' % (host) + rQ.put(data) + except socket.error,e: +# print e + pass + return + +def run(args): + """ mighty mighty function """ + + if not args.thrCnt: + thrCnt=50 + else: + thrCnt = int(args.thrCnt) + + if args.outfile: + fw = openWriteFile(args.outfile) + + hostList = args.hostList + + q = Queue.Queue() + rBuf = openFile(hostList) + print '[*] Found %d entries' % len(rBuf) + for r in rBuf: + r = r.rstrip('\n') + r = r.rstrip('\r') + q.put(r) + + print '[*] Entries %d in queue' % q.qsize() + print '[*] Running with %d threads' % thrCnt + print '='*50 + print 'IP' + print '='*50 + thrList = [] + while q.qsize()>0: + + if len(thrList) < thrCnt: + thrNtp = threading.Thread(target = checkNTP, args = (q.get(),)) + thrNtp.daemon = True + thrNtp.start() + thrList.append(thrNtp) + + for entry in thrList: + if entry.isAlive()==False: + entry.join() + thrList.remove(entry) + + if args.outfile and rQ.qsize()>0: + i = rQ.get() + data = "%s" % (i) + fw.write(data) + fw.flush() + else: + if rQ.qsize()>0: + rQ.get() + + fw.close() + print '='*50 + print '[*] Done' + print '='*50 + + +def main(): + parser_desc = 'ntp server finder, prints found ip not using ntplib, by dash' + prog_desc = 'find_ntp_nolib.py' + parser = argparse.ArgumentParser( prog = prog_desc, description = parser_desc) + parser.add_argument("-l",action='store',required=True,help='host list with ips',dest='hostList') + parser.add_argument('-t',action='store',required=False,help='thread count', dest='thrCnt') + parser.add_argument('-o',action='store',required=False,help='write found data to file', dest='outfile') + args = parser.parse_args() + run(args) + +if __name__ == "__main__": + main() diff --git a/readme.txt b/readme.txt new file mode 100644 index 0000000..c51422b --- /dev/null +++ b/readme.txt @@ -0,0 +1,18 @@ +PGPemails.py +============ +script for harvesting emails of domain targets @pgp.mit.edu + +find_ntp.py +=========== +find ntp servers, it is a threaded script, using ntplib +as a result it prints out the ntpserver and the version running + +find_ntp_nolib.py +================= +this one is not using ntplib, instead it is building up its own socket and sending a simple ntp request +to see if ntp is answering. also threaded. + +generateRandomIP.sh +=================== +generate random ips with nmap +