-
Notifications
You must be signed in to change notification settings - Fork 13
/
ntpscanner.py
executable file
·65 lines (58 loc) · 2.01 KB
/
ntpscanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/env python
import sys
import socket
import threading
import time
import re
import urllib2
#NTP Amplification vulnerability scanner
#by dani87
#usage ntpdos.py <domain or ip> or -f <server list> or -m <url> <file>
#AUTHOR DOES NOT TAKE ANY LEGAL RESPONSIBILITY FOR DAMAGE CAUSED BY THIS PROGRAM
def vuln(server):
ntppacket = "\x17\x00\x03\x2a" + "\x00" * 4
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(60)
try:
sock.sendto(ntppacket,(socket.gethostbyname(server), 123))
datarecv = sock.recvfrom(255)
print(datarecv)
if str(datarecv).find("\\x48") != -1:
print("Server is vulnerable: " + server)
else:
print("Server not vulnerable: " + server)
sock.close()
except socket.timeout:
print("Connection to server: " + server + " timed out")
except socket.error as e:
print("Socket error: " + str(e))
threads = []
if len(sys.argv) < 2:
print("NTP Amplification Vulnerability Scanner by dani87")
print("Usage: ntpscanner.py <server domain or ip>")
print("Options: -f <server list> includes servers from file")
print("-m <url> <file> gathers ip or domain from url into file")
sys.exit()
elif sys.argv[1] == "-m":
if len(sys.argv) < 4:
print("Not enough arguments supplied")
get_url = sys.argv[2]
read_url = urllib2.urlopen(get_url).read()
ip_regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
find_ip = re.findall(ip_regex,read_url)
with open(sys.argv[3], "wb") as file:
for ip in find_ip:
print("Adding IP: " + ip + " to file: " + sys.argv[3])
file.write(ip + "\n")
file.close()
elif sys.argv[1] == "-f":
serverlist = []
with open(sys.argv[2]) as file:
serverlist = file.readlines()
for i in serverlist:
i = i.rstrip("\n")
thread = threading.Thread(target=vuln, args=(i,))
threads.append(thread)
thread.start()
else:
vuln(sys.argv[1])