#!/bin/sh
#
# Name: dpl4hydra
# Version: 0.9.9
# Date: 2012-04-16
# Author: Roland Kessler / Twitter: @rokessler
# Synopsis: Generates a (d)efault (p)assword (l)ist as input for THC hydra.
# Credits: Thanks to van Hauser for support and fixing portability issues.
# "The universe is an intelligence test." -Timothy Leary (R.I.P.)
INSTALLDIR=/usr/local
LOCATION=etc
usage ()
{
cat <<EOF
dpl4hydra v0.9.9 (c) 2012 by Roland Kessler (@rokessler)
Syntax: `basename $0` [help] | [refresh] | [BRAND] | [all]
This script depends on a local (d)efault (p)assword (l)ist called
${FULLFILE}. If it is not available, regenerate it with
'`basename $0` refresh'. Source of the default password list is
$SITE
Options:
help Help: Show this message
refresh Refresh list: Download the full (d)efault (p)assword (l)ist
and generate a new local ${FULLFILE} file. Takes time!
BRAND Generates a (d)efault (p)assword (l)ist from the local file
${FULLFILE}, limiting the output to BRAND systems, using
the format username:password (as required by THC hydra).
The output file is called dpl4hydra_BRAND.lst.
all Dump list of all systems credentials into dpl4hydra_all.lst.
Example:
# `basename $0` linksys
File dpl4hydra_linksys.lst was created with 20 entries.
# hydra -C ./dpl4hydra_linksys.lst -t 1 192.168.1.1 http-get /index.asp
EOF
}
refresh ()
{
echo
echo "Trying to locate wget or curl... " | tr -d "\n"
which wget >/dev/null 2>&1 && FETCH="wget -q -O -"
which curl >/dev/null 2>&1 && FETCH="curl -s"
if [ -n "$FETCH" ]; then
echo "done."
echo "Using `echo $FETCH | cut -d ' ' -f 1` for downloading data."
echo
else
echo
echo "ERROR: Cannot refresh the list without wget or curl. Aborting." >&2
echo
exit 1
fi
echo "Trying to download list of vendors from"
echo "${SITE}... " | tr -d "\n"
$FETCH $SITE > $INDEXSITE 2>/dev/null || { echo; echo; echo "ERROR: Downloading data to disk failed. Network down?" >&2; echo; rm $INDEXSITE; exit 1; }
echo "done."
echo
cat $INDEXSITE | grep -i 'href=./passwd-' | sed 's/.*href=.\/passwd-/\/passwd-/' | sed 's/".*//' > $SUBSITES
rm $INDEXSITE
if [ -r $FULLFILE ]; then
echo "Moving existing password list to ${OLDFILE}."
echo
mv $FULLFILE $OLDFILE || { echo "ERROR: Moving file $FULLFILE failed. Please check." >&2; echo; exit 1; }
fi
for SUBSITE in `cat $SUBSITES`; do
VENDOR=`echo $SUBSITE | sed 's/\.htm*//' | sed 's/.*-//'`
echo "Downloading default passwords for ${VENDOR} ... " | tr -d "\n"
$FETCH "${SITE}${SUBSITE}" | tr -d '\n\r' | sed 's/<tr/\n/gi' | sed 's/<\/tr/\n/gi' | \
grep -iw celltext | sed 's/.*celltext">/,/i' | sed 's/<\/td>/,/g' | sed 's/<[a-z =/":;-]*>//gi' | \
sed 's/[\t ]*,[\t ]*/,/g' | sed 's/&[a-z]*;//gi' | sed 's/(unknown)//gi' | sed 's/(none)//gi' | sed 's/,unknown,/,,/gi' | sed 's/,none,/,,/gi' > dpl4hydra_${VENDOR}.tmp
cat dpl4hydra_${VENDOR}.tmp | awk -F, '{print"'$VENDOR',"$2","$3","$4","$5","$6","$7","$8","$9}' >> $FULLFILE
rm dpl4hydra_${VENDOR}.tmp
echo "done."
done
rm $SUBSITES
if [ ! -r $LOCALFILE ]; then
echo
echo "ERROR: Cannot access local file ${LOCALFILE}. Skipping." >&2
echo
else
echo
echo "Merging download with ${LOCALFILE}... " | tr -d "\n"
cat $LOCALFILE >> $FULLFILE || { echo; echo "ERROR: Merging of $FULLFILE and $LOCALFILE failed. Please check." >&2; echo; exit 1; }
echo "done."
fi
echo "Cleaning up and sorting ${FULLFILE}... " | tr -d "\n"
cat $FULLFILE | sed 's/(null)//g' | sed 's/(Null)//g' | sed 's/(NULL)//g' | sed 's/(blank)//g' | sed 's/(Blank)//g' | sed 's/(BLANK)//g' | sed 's/(none)//g' | sed 's/(None)//g' | sed 's/(NONE)//g' | sed 's/none//g' | sed 's/n\/a//g' | sed 's/</</g' | sed 's/>/>/g' | sed 's/ //g' | sort | uniq > $CLEANFILE
mv $CLEANFILE $FULLFILE
echo "done."
echo
echo "Refreshed (d)efault (p)assword (l)ist $FULLFILE"
echo "was created with `wc -l $FULLFILE | awk '{ print $1 }'` entries."
echo
}
generate ()
{
HYDRAFILE=`echo "dpl4hydra_${BRAND}.lst" | tr '/ =:@\\|;<>"'"'" '_____________'`
if [ ! -r $FULLFILE ]; then
echo
echo "ERROR: Cannot access input file ${FULLFILE}" >&2
echo " You can rebuild it with '`basename $0` refresh'." >&2
echo
echo " Trying to use $LOCALFILE instead... " | tr -d "\n"
if [ -r $LOCALFILE ]; then
FULLFILE=$LOCALFILE
echo "done."
else
echo
echo "ERROR: Cannot access local file ${LOCALFILE}. Aborting." >&2
echo
exit 1
fi
fi
cat $FULLFILE 2>/dev/null | grep -i "$PATTERN" | awk -F"," '{ print $5":"$6 }' | sed 's/^[ \t]*//' | sed 's/[ \t]*$//' | sort | uniq > $HYDRAFILE
ENTRIES=`wc -l $HYDRAFILE | awk '{ print $1 }'`
if [ "$ENTRIES" -eq 0 ]; then
rm -f $HYDRAFILE
echo
echo "ERROR: No matching entries found for $BRAND systems." >&2
echo " File $HYDRAFILE was not created." >&2
echo
exit 1
else
if [ "$ENTRIES" -eq 1 ]; then
echo
echo "File $HYDRAFILE was created with one entry."
echo
else
echo
echo "File $HYDRAFILE was created with $ENTRIES entries."
echo
fi
fi
}
LC_ALL=C
export LC_ALL
DPLPATH="."
test -r "$DPLPATH/dpl4hydra_full.csv" || DPLPATH="$INSTALLDIR/$LOCATION"
FULLFILE="$DPLPATH/dpl4hydra_full.csv"
OLDFILE="$DPLPATH/dpl4hydra_full.old"
LOCALFILE="$DPLPATH/dpl4hydra_local.csv"
INDEXSITE="$DPLPATH/dpl4hydra_index.tmp"
SUBSITES="$DPLPATH/dpl4hydra_subs.tmp"
CLEANFILE="$DPLPATH/dpl4hydra_clean.tmp"
SITE="http://open-sez.me"
case $# in
0) usage
exit 0;;
1) OPT=`echo $1 | tr "[A-Z]" "[a-z]"`;;
*) echo
echo "ERROR: Too many options." >&2
usage
exit 1;;
esac
case "$OPT" in
"-h" | "help" | "-help" | "--help") usage;;
"-r" | "refresh" | "-refresh" | "--refresh") refresh;;
"-a" | "all" | "-all" | "--all") PATTERN=","
BRAND="all"
generate;;
*) PATTERN="${OPT}"
BRAND="$OPT"
generate;;
esac
