Scans the internet for open FTP servers looking for common malware bot droppers and grabs them for analysis. Downloads stored in output/ dir.
Scanning based on https://github.com/kennell/ftpknocker Copyright (c) 2014, kevin@fileperms.org All rights reserved.
Bot Hunting capabilities added by Hunter Gregal
The netaddr module must be installed, on Debian/Ubuntu systems simply run:
sudo apt-get install python-pip
sudo pip install -r requirements.txt
Clone this repository or save botHunter.py on your machine and make it executable:
wget https://github.com/huntergregal/botHunter/botHunter.py
chmod +x ./botHunter.py
usage: botHunter.py [-h] [-t MAXTHREADS] [-w TIMEOUT] [-s]
[targets [targets ...]]
positional arguments:
targets
optional arguments:
-h, --help show this help message and exit
-t MAXTHREADS, --threads MAXTHREADS
Number of threads to use, default is 10
-w TIMEOUT, --wait TIMEOUT
Seconds to wait before timeout, default is 2
-s, --shuffle Shuffle the target list
The syntax for specifying targets is similar to nmap. Here are some examples:
Scan three individual IPs:
./botHunter.py 192.168.1.1 192.168.1.2 192.168.1.3
Scan an entire IP-block using CIDR notation (in this example, all hosts from 192.168.1.1 - 192.168.1.254 will be scanned, a total of 254 hosts):
./botHunter.py 192.168.1.0/24
Feed targets from a other programm using a pipe (must be IPs, seperated by newlines!):
cat mytargets.txt | ./botHunter.py