-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathphishruffus.py
104 lines (83 loc) · 10.9 KB
/
phishruffus.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# -------------------------------------------------
# Author: Jhonathan Davi A.K.A jh00nbr
# Insightl4b: lab.insightsecurity.com.br
# jh00nbr: http://jhonathandavi.com.br
# Github: github.com/jh00nbr
# Twitter @jh00nbr
# -------------------------------------------------
import requests,json,argparse,subprocess,sys,dns.resolver,os.path
from datetime import datetime
__colors__ = {'MAGENTA':'\033[35mMagenta','BLUE': '\033[34m', 'OK' : '\033[92m', 'ERRO' : '\033[91m', 'WARNING' : '\033[93m', 'UNDERLINE':'\033[4m','ENDC' : '\033[0m'}
parser = argparse.ArgumentParser(prog='Phishruffus v1.0')
parser.add_argument("-l", "--listdns", help="Set list file DNS Servers", default="dns_servers.conf", required=True)
parser.add_argument("-t", "--timeout", help="Set timeout", required=True)
args = parser.parse_args()
file_servers = args.listdns
timeout = args.timeout # Default time 4 secounds
if os.path.exists(file_servers):
dns_servers = [_.strip() for _ in open(file_servers,"r").readlines()]
else:
sys.exit(1)
white_list_bb = ['170.66.0', '170.66.1', '170.66.2', '170.66.3', '170.66.4', '170.66.5', '170.66.6', '170.66.7', '170.66.8', '170.66.9', '170.66.10', '170.66.11', '170.66.12', '170.66.13', '170.66.14', '170.66.15', '170.66.16', '170.66.17', '170.66.18', '170.66.19', '170.66.20', '170.66.21', '170.66.22', '170.66.23', '170.66.24', '170.66.25', '170.66.26', '170.66.27', '170.66.28', '170.66.29', '170.66.30', '170.66.31', '170.66.32', '170.66.33', '170.66.34', '170.66.35', '170.66.36', '170.66.37', '170.66.38', '170.66.39', '170.66.40', '170.66.41', '170.66.42', '170.66.43', '170.66.44', '170.66.45', '170.66.46', '170.66.47', '170.66.48', '170.66.49', '170.66.50', '170.66.51', '170.66.52', '170.66.53', '170.66.54', '170.66.55', '170.66.56', '170.66.57', '170.66.58', '170.66.59', '170.66.60', '170.66.61', '170.66.62', '170.66.63', '170.66.64', '170.66.65', '170.66.66', '170.66.67', '170.66.68', '170.66.69', '170.66.70', '170.66.71', '170.66.72', '170.66.73', '170.66.74', '170.66.75', '170.66.76', '170.66.77', '170.66.78', '170.66.79', '170.66.80', '170.66.81', '170.66.82', '170.66.83', '170.66.84', '170.66.85', '170.66.86', '170.66.87', '170.66.88', '170.66.89', '170.66.90', '170.66.91', '170.66.92', '170.66.93', '170.66.94', '170.66.95', '170.66.96', '170.66.97', '170.66.98', '170.66.99', '170.66.100', '170.66.101', '170.66.102', '170.66.103', '170.66.104', '170.66.105', '170.66.106', '170.66.107', '170.66.108', '170.66.109', '170.66.110', '170.66.111', '170.66.112', '170.66.113', '170.66.114', '170.66.115', '170.66.116', '170.66.117', '170.66.118', '170.66.119', '170.66.120', '170.66.121', '170.66.122', '170.66.123', '170.66.124', '170.66.125', '170.66.126', '170.66.127', '170.66.128', '170.66.129', '170.66.130', '170.66.131', '170.66.132', '170.66.133', '170.66.134', '170.66.135', '170.66.136', '170.66.137', '170.66.138', '170.66.139', '170.66.140', '170.66.141', '170.66.142', '170.66.143', '170.66.144', '170.66.145', '170.66.146', '170.66.147', '170.66.148', '170.66.149', '170.66.150', '170.66.151', '170.66.152', '170.66.153', '170.66.154', '170.66.155', '170.66.156', '170.66.157', '170.66.158', '170.66.159', '170.66.160', '170.66.161', '170.66.162', '170.66.163', '170.66.164', '170.66.165', '170.66.166', '170.66.167', '170.66.168', '170.66.169', '170.66.170', '170.66.171', '170.66.172', '170.66.173', '170.66.174', '170.66.175', '170.66.176', '170.66.177', '170.66.178', '170.66.179', '170.66.180', '170.66.181', '170.66.182', '170.66.183', '170.66.184', '170.66.185', '170.66.186', '170.66.187', '170.66.188', '170.66.189', '170.66.190', '170.66.191', '170.66.192', '170.66.193', '170.66.194', '170.66.195', '170.66.196', '170.66.197', '170.66.198', '170.66.199', '170.66.200', '170.66.201', '170.66.202', '170.66.203', '170.66.204', '170.66.205', '170.66.206', '170.66.207', '170.66.208', '170.66.209', '170.66.210', '170.66.211', '170.66.212', '170.66.213', '170.66.214', '170.66.215', '170.66.216', '170.66.217', '170.66.218', '170.66.219', '170.66.220', '170.66.221', '170.66.222', '170.66.223', '170.66.224', '170.66.225', '170.66.226', '170.66.227', '170.66.228', '170.66.229', '170.66.230', '170.66.231', '170.66.232', '170.66.233', '170.66.234', '170.66.235', '170.66.236', '170.66.237', '170.66.238', '170.66.239', '170.66.240', '170.66.241', '170.66.242', '170.66.243', '170.66.244', '170.66.245', '170.66.246', '170.66.247', '170.66.248', '170.66.249', '170.66.250', '170.66.251', '170.66.252', '170.66.253', '170.66.254','201.33.0', '201.33.1', '201.33.2', '201.33.3', '201.33.4', '201.33.5', '201.33.6', '201.33.7', '201.33.8', '201.33.9', '201.33.10', '201.33.11', '201.33.12', '201.33.13', '201.33.14', '201.33.15', '201.33.16', '201.33.17', '201.33.18', '201.33.19', '201.33.20', '201.33.21', '201.33.22', '201.33.23', '201.33.24', '201.33.25', '201.33.26', '201.33.27', '201.33.28', '201.33.29', '201.33.30', '201.33.31', '201.33.32', '201.33.33', '201.33.34', '201.33.35', '201.33.36', '201.33.37', '201.33.38', '201.33.39', '201.33.40', '201.33.41', '201.33.42', '201.33.43', '201.33.44', '201.33.45', '201.33.46', '201.33.47', '201.33.48', '201.33.49', '201.33.50', '201.33.51', '201.33.52', '201.33.53', '201.33.54', '201.33.55', '201.33.56', '201.33.57', '201.33.58', '201.33.59', '201.33.60', '201.33.61', '201.33.62', '201.33.63', '201.33.64', '201.33.65', '201.33.66', '201.33.67', '201.33.68', '201.33.69', '201.33.70', '201.33.71', '201.33.72', '201.33.73', '201.33.74', '201.33.75', '201.33.76', '201.33.77', '201.33.78', '201.33.79', '201.33.80', '201.33.81', '201.33.82', '201.33.83', '201.33.84', '201.33.85', '201.33.86', '201.33.87', '201.33.88', '201.33.89', '201.33.90', '201.33.91', '201.33.92', '201.33.93', '201.33.94', '201.33.95', '201.33.96', '201.33.97', '201.33.98', '201.33.99', '201.33.100', '201.33.101', '201.33.102', '201.33.103', '201.33.104', '201.33.105', '201.33.106', '201.33.107', '201.33.108', '201.33.109', '201.33.110', '201.33.111', '201.33.112', '201.33.113', '201.33.114', '201.33.115', '201.33.116', '201.33.117', '201.33.118', '201.33.119', '201.33.120', '201.33.121', '201.33.122', '201.33.123', '201.33.124', '201.33.125', '201.33.126', '201.33.127', '201.33.128', '201.33.129', '201.33.130', '201.33.131', '201.33.132', '201.33.133', '201.33.134', '201.33.135', '201.33.136', '201.33.137', '201.33.138', '201.33.139', '201.33.140', '201.33.141', '201.33.142', '201.33.143', '201.33.144', '201.33.145', '201.33.146', '201.33.147', '201.33.148', '201.33.149', '201.33.150', '201.33.151', '201.33.152', '201.33.153', '201.33.154', '201.33.155', '201.33.156', '201.33.157', '201.33.158', '201.33.159', '201.33.160', '201.33.161', '201.33.162', '201.33.163', '201.33.164', '201.33.165', '201.33.166', '201.33.167', '201.33.168', '201.33.169', '201.33.170', '201.33.171', '201.33.172', '201.33.173', '201.33.174', '201.33.175', '201.33.176', '201.33.177', '201.33.178', '201.33.179', '201.33.180', '201.33.181', '201.33.182', '201.33.183', '201.33.184', '201.33.185', '201.33.186', '201.33.187', '201.33.188', '201.33.189', '201.33.190', '201.33.191', '201.33.192', '201.33.193', '201.33.194', '201.33.195', '201.33.196', '201.33.197', '201.33.198', '201.33.199', '201.33.200', '201.33.201', '201.33.202', '201.33.203', '201.33.204', '201.33.205', '201.33.206', '201.33.207', '201.33.208', '201.33.209', '201.33.210', '201.33.211', '201.33.212', '201.33.213', '201.33.214', '201.33.215', '201.33.216', '201.33.217', '201.33.218', '201.33.219', '201.33.220', '201.33.221', '201.33.222', '201.33.223', '201.33.224', '201.33.225', '201.33.226', '201.33.227', '201.33.228', '201.33.229', '201.33.230', '201.33.231', '201.33.232', '201.33.233', '201.33.234', '201.33.235', '201.33.236', '201.33.237', '201.33.238', '201.33.239', '201.33.240', '201.33.241', '201.33.242', '201.33.243', '201.33.244', '201.33.245', '201.33.246', '201.33.247', '201.33.248', '201.33.249', '201.33.250', '201.33.251', '201.33.252', '201.33.253', '201.33.254']
white_list_caixa = ['200.201.160', '200.201.161', '200.201.162', '200.201.163', '200.201.164', '200.201.165', '200.201.166', '200.201.167', '200.201.168', '200.201.169', '200.201.170', '200.201.171', '200.201.172', '200.201.173', '200.201.174']
domains = ['bb.com.br','caixa.com.br']
def banner():
banner = "\n\t\t[ Phishruffus v1.0 - Intelligent threat hunter and phishing servers ]\n"
banner += "\t\tAuthor: Jhonathan Davi @jh00nbr\tInsightl4b - lab.insightsecurity.com.br\n\n"
banner += "Phishruffus is a tool designed for the identification of DNS servers and Internet threats used for the illegal practice of phishing.\n"
return banner
def check_theat(dns_server,domains):
try:
response_threats = {}
dns_srv = [dns_server]
response_threats['dns_server'] = dns_srv[0]
resolver = dns.resolver.Resolver(configure=True)
resolver.nameservers = dns_srv
resolver.lifetime = float(timeout)
for domain in domains:
result = resolver.query(str(domain),'A')
ip_response = result.response.answer[0].items[0].address.encode('utf-8')
prefixie_response = '.'.join(ip_response.split('.')[0:3])
response_threats[domain] = {'ip_response': ip_response,'prefixie_response': prefixie_response}
response_threats['status'] = True
return response_threats
except Exception as f:
response_threats['status'] = False
print f
return response_threats
pass
def time():
now = datetime.now()
result = {'hour':str(now.hour)+':'+str(now.minute)+':'+str(now.second),'date':str(now.day)+'/'+str(now.month)+ "/"+str(now.year)}
return result
def get_informations(ip_address):
_req = requests.get("http://ip-api.com/json/{0}".format(ip_address))
content = _req.content
informations = {key.encode('utf-8'): str(json.loads(content)[key]).encode('utf-8') for key in set(json.loads(content))}
return informations
def main():
print banner()
if dns_servers:
while dns_servers:
result_check = check_theat(dns_servers[0],domains)
if result_check['status']:
response = [result_check[x] for x in domains if result_check[x]]
sys.stdout.write("\n\n[!] [ {0} ] [ {1} ] - DNS Server: [ {2} ] \n\t".format(time()['date'],time()['hour'],result_check['dns_server']))
sys.stdout.flush()
for d in domains:
prefixie = result_check[d]['prefixie_response']
ip_address = result_check[d]['ip_response']
if prefixie in white_list_bb:
sys.stdout.write("[ {0} ] response to --> [ {1} ] \t\t\t\t [ {2} ]".format(__colors__['WARNING']+d+__colors__['ENDC'],ip_address,__colors__['OK']+"OK"+__colors__['ENDC']))
sys.stdout.flush()
elif prefixie in white_list_caixa:
sys.stdout.write("\n\t[ {0} ] response to --> [ {1} ] \t\t\t [ {2} ]".format(__colors__['WARNING']+d+__colors__['ENDC'],ip_address,__colors__['OK']+"OK"+__colors__['ENDC']))
sys.stdout.flush()
else:
sys.stdout.write("\n\t[ {0} ] response to [ {1} ] \t\t\t\t [ {2} ]".format(__colors__['ERRO']+d+__colors__['ENDC'],ip_address,__colors__['ERRO']+"THREAT"+__colors__['ENDC']))
sys.stdout.flush()
del dns_servers[0]
if __name__ == '__main__':
main()