-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathMultiThread.py
151 lines (106 loc) · 3.6 KB
/
MultiThread.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/usr/bin/env python
#-*- coding: utf-8 -*-
#
#
# MongoPWN
# A simple script to find open mongoDB instances
# on the internet using shodan
#
# by: Assassin umz
import os, platform, requests, time
import argparse, shodan, threading
from pymongo import MongoClient
from colorama import init, Fore, Style
init(convert=True)
red = Fore.RED
green = Fore.GREEN
yellow = Fore.YELLOW
end = Style.RESET_ALL
open_instances = 0
start = time.perf_counter()
parser = argparse.ArgumentParser()
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('-i', '--input', help="Hosts IPs file path, must be in seperate lines")
group.add_argument('-s', '--shodan', help="Get a list of hosts from shodan, provide the API key")
parser.add_argument('-o', '--output', help='Output open Hosts IPs to a file')
args = parser.parse_args()
try:
requests.get('https://google.com')
pass
except:
print(f"{red}[-]{end} Network Issue, make sure your network connection is working and retry")
exit(0)
def cls():
if platform.system().lower() == "windows":
return os.system('cls')
else:
return os.system('clear')
def banner():
cls()
print('''
{0} |{1} ______ _ _ _ _
{0} .'|'.{1} | ___ \ | | | \ | |
{0}/.'|\ \{1} _ __ ___ ___ _ __ __ _ ___ | |_/ / | | | \| |
{0}| /|'.|{1} | '_ ` _ \ / _ \| '_ \ / _` |/ _ \| __/| |/\| | . ` |
{0} \ |\/{1} | | | | | | (_) | | | | (_| | (_) | | \ /\ / |\ |
{0} \|/{1} |_| |_| |_|\___/|_| |_|\__, |\___/\_| \/ \/\_| \_/
{0} `{1} __/ |
|___/
{0}By: Assassinumz{1}
'''.format(green, end))
def Check(ip):
global open_instances
client = MongoClient(str(ip), socketTimeoutMS=1000, serverSelectionTimeoutMS=1000)
#if client is None:
# return
try:
dbs = client.list_database_names()
print(f"{green}[+]{end} {ip}\r")
if args.output != None:
with open(args.output, 'a') as f:
f.write(f"{ip}\n")
open_instances+=1
except Exception:
pass
def InputFile(file):
if not os.path.isfile(file):
print(f"{red}[-]{end} File Does not exist")
exit(0)
print(f"{yellow}[=]{end} Reading hosts from {args.input}\n")
with open(file, 'r') as f:
lines = f.readlines()
return lines
def Shodan():
print(f"{yellow}[=]{end} Getting MongoDB Hosts from shodan\n")
api = shodan.Shodan(args.shodan)
lines = []
results = api.search("MongoDB", limit=1000)
for result in results['matches']:
ip = result['ip_str']
lines.append(ip)
return lines
def main():
banner()
if args.input != None:
lines = InputFile(args.input)
elif args.shodan != None:
lines = Shodan()
else:
exit(0)
threads = []
#TODO: Add Counter
print(f"{yellow}[=]{end} Scanning {len(lines)} hosts\n")
for line in lines:
ip = line.strip('\n')
t = threading.Thread(target=Check, args=[ip])
t.start()
threads.append(t)
for thread in threads:
thread.join()
print(f"{green}[+]{end} Found {open_instances} open hosts out of {len(lines)}")
print("Thank You")
#TODO: Add masscan
if __name__ == "__main__":
main()
end = time.perf_counter()
print(f"Finished in {round(end-start, 3)} seconds")