added ntpsearcher without ntplib support

find_ntp_nolib.py

@@ -0,0 +1,121 @@
+#!/usr/bin/env python2
+#
+# ./find_ntp_nolib.py -l IPs.txt -t 500 -o ntpservers.txt
+#
+# simple ntp server finder by dash
+# this one is not dependend on ntplib as it uses socket only and default payload
+#
+# [*] Found 148 entries
+# [*] Entries 148 in queue
+# [*] Running with 50 threads
+# ==================================================
+# IP
+# ==================================================
+# 103.x.x.x
+# 157.x.x.x
+#
+#
+
+import os
+import sys
+import Queue
+import socket
+import argparse
+import threading
+
+global rQ
+rQ = Queue.Queue()
+
+def openFile(hostList):
+	fr = open(hostList,'r')
+	rBuf = fr.readlines()
+	return rBuf
+
+def openWriteFile(outfile):
+	fw = open(outfile,'wb')
+	return fw
+
+def checkNTP(host):
+	payload = '\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd9\x15$\xf6Iw\x98\x00'
+	# settimeout so recv is not block
+	try:
+		s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+		s.settimeout(3)
+		s.connect((host,123))
+		s.send(payload)
+		rBuf = s.recv(1024)
+		print '%s' % (host)
+		data = '%s\n' % (host)
+		rQ.put(data)
+	except socket.error,e:
+#		print e
+		pass
+	return
+		
+def run(args):
+	""" mighty mighty function """
+
+	if not args.thrCnt:
+		thrCnt=50
+	else:
+		thrCnt = int(args.thrCnt)
+	
+	if args.outfile:
+		fw = openWriteFile(args.outfile)
+	
+	hostList = args.hostList
+
+	q = Queue.Queue()
+	rBuf = openFile(hostList)
+	print '[*] Found %d entries' % len(rBuf)
+	for r in rBuf:
+		r = r.rstrip('\n')
+		r = r.rstrip('\r')
+		q.put(r)
+
+	print '[*] Entries %d in queue' % q.qsize()
+	print '[*] Running with %d threads' % thrCnt
+	print '='*50
+	print 'IP'
+	print '='*50
+	thrList = []
+	while q.qsize()>0:
+		
+		if len(thrList) < thrCnt:
+			thrNtp = threading.Thread(target = checkNTP, args = (q.get(),))
+			thrNtp.daemon = True
+			thrNtp.start()
+			thrList.append(thrNtp)
+		
+		for entry in thrList:
+			if entry.isAlive()==False:
+				entry.join()
+				thrList.remove(entry)
+
+		if args.outfile and rQ.qsize()>0:
+			i = rQ.get()
+			data = "%s" % (i)
+			fw.write(data)
+			fw.flush()
+		else:
+			if rQ.qsize()>0:
+				rQ.get()
+
+	fw.close()
+	print '='*50
+	print '[*] Done'
+	print '='*50
+	
+
+def main():
+	parser_desc = 'ntp server finder, prints found ip not using ntplib, by dash'
+	prog_desc = 'find_ntp_nolib.py'
+	parser = argparse.ArgumentParser(	prog = prog_desc, description = parser_desc)
+	parser.add_argument("-l",action='store',required=True,help='host list with ips',dest='hostList')
+	parser.add_argument('-t',action='store',required=False,help='thread count', dest='thrCnt')
+	parser.add_argument('-o',action='store',required=False,help='write found data to file', dest='outfile')
+	args = parser.parse_args()
+	run(args)
+
+if __name__ == "__main__":
+	main()

readme.txt

@@ -0,0 +1,18 @@
+PGPemails.py
+============
+script for harvesting emails of domain targets @pgp.mit.edu
+
+find_ntp.py
+===========
+find ntp servers, it is a threaded script, using ntplib
+as a result it prints out the ntpserver and the version running
+
+find_ntp_nolib.py
+=================
+this one is not using ntplib, instead it is building up its own socket and sending a simple ntp request
+to see if ntp is answering. also threaded.
+
+generateRandomIP.sh
+===================
+generate random ips with nmap
+