yunuscadirci / callstranger Goto Github PK

View Code? Open in Web Editor NEW

402.0 402.0 67.0 1.25 MB

Vulnerability checker for Callstranger (CVE-2020-12695)

License: MIT License

Python 98.93% PHP 1.07%

callstranger's People

Contributors

Stargazers

Watchers

Forkers

monaxgt cybermonitor uuuunotfound studiomax raminat luton1507 gent79reid gnebbia rahmiy froztbyte f1d094 mayang gavz ademonisis bigbigx lubyruffy hashtagassist kemmo68 aselvan kfriesth alexferl inspectordidi jakommo navarin shaunstanislauslau sec-js psytester yusa sh1nu11bi camexp flatl1neapt jermainlaforce l1ves mmg1 ectoo haidao brotherbear arryboom pirenga rajivraj 3v1lw1th1n aakbarsyed suvrajeet01 futurebody novostary y0d4a actorexpose odcdockers jstocode jackyvan malwr-io gprime31 nebyat19 sasqwatch quinn-yan soumyadeepdutta bitcoinben1 call-stranger dongxingshui tjt263 savetheword hxlxmjxbbxs 5l1v3r1 any0n3 nelsontu weijunzhang nullze

callstranger's Issues

The stranger host server is down.

Only two devices found on the network

Hi,

I have over 180 devices running on the same LAN (VMWare), all devices installed from the same template. CallStranger.py only shows two devices found, always the same two IP Addresses.
Here's the output:

4 devices found:
iRMCB55D19 http://192.168.2.54:50000 ( http://192.168.2.54:50000/ )
0 service(s) found for iRMCB55D19
iRMCB55D19 http://192.168.2.54:50000 ( http://192.168.2.54:50000/ )
0 service(s) found for iRMCB55D19
iRMCB55D1D http://192.168.2.58:50000 ( http://192.168.2.58:50000/ )
0 service(s) found for iRMCB55D1D
iRMCB55D1D http://192.168.2.58:50000 ( http://192.168.2.58:50000/ )
0 service(s) found for iRMCB55D1D
Total 0 service(s) found. do you want to continue to VERIFY if service(s) are vulnerable?

Why are the other computers not found, as long as they run the same OS, same GPO, same firewall settings, etc?

Thanks in advance.

AttributeError: 'NoneType' object has no attribute 'nodeValue'

Slightly modified version of https://github.com/5kyc0d3r/upnpy used for base UPnP communication
Stranger Host: http://20.42.105.45
Stranger Port: 80
Traceback (most recent call last):
File "/CallStranger/upnpy/ssdp/SSDPDevice.py", line 158, in _get_services_request
service_string = service.getElementsByTagName('serviceType')[0].firstChild.nodeValue

_During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "CallStranger.py", line 113, in
devices = upnp.discover()
File "/CallStranger/upnpy/upnp/UPnP.py", line 33, in discover
for device in self.ssdp.m_search(discover_delay=delay, st='upnp:rootdevice', **headers):
File "/CallStranger/upnpy/ssdp/SSDPRequest.py", line 49, in m_search
devices = self._send_request(self._get_raw_request())
File "/CallStranger/upnpy/ssdp/SSDPRequest.py", line 100, in _send_request
device = SSDPDevice(addr, response.decode())
File "/CallStranger/upnpy/ssdp/SSDPDevice.py", line 86, in init
self._get_services_request()
File "/CallStranger/upnpy/ssdp/SSDPDevice.py", line 21, in wrapper
return func(device, *args, **kwargs)
File "/CallStranger/upnpy/ssdp/SSDPDevice.py", line 52, in wrapper
return func(instance, *args, **kwargs)
File "/CallStranger/upnpy/ssdp/SSDPDevice.py", line 176, in get_services_request
print('!Error in service definition',self.base_url,service_string)
UnboundLocalError: local variable 'service_string' referenced before assignment

!Error in service definition http://192.168.1.8:80 urn:www-seagate-com:service:NAS:1

Attempting to run CallStranger on a Seagate Personal Cloud Nas and am getting the error:

!Error in service definition http://192.168.1.8:80 urn:www-seagate-com:service:NAS:1 Traceback (most recent call last): File "CallStranger.py", line 115, in <module> print(colored(len(devices),'blue') , colored(' devices found:','blue')) File "/opt/lib/python3.8/site-packages/termcolor.py", line 110, in colored text = re.sub(COLORS_RE + '(.*?)' + RESET_RE, r'\1', text) File "/re.py", line 208, in sub TypeError: expected string or bytes-like object

[Errno 11] Resource temporarily unavailable

Affected System: WSL2 Ubuntu 18.04 LTS, RaspBian Buster

Issue: [Errno 11] Resource temporarily unavailable

Steps to reproduce:

Install requirements as per documentation
sudo pip3 install -r requirements.txt
Run script python3 Callstranger.py
Script aborts with error

Log:

Stranger Host: http://20.42.105.45
Stranger Port: 80
Traceback (most recent call last):
  File "/usr/lib/python3.6/urllib/request.py", line 1325, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib/python3.6/http/client.py", line 1264, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1310, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1259, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1038, in _send_output
    self.send(msg)
  File "/usr/lib/python3.6/http/client.py", line 976, in send
    self.connect()
  File "/usr/lib/python3.6/http/client.py", line 948, in connect
    (self.host,self.port), self.timeout, self.source_address)
  File "/usr/lib/python3.6/socket.py", line 724, in create_connection
    raise err
  File "/usr/lib/python3.6/socket.py", line 713, in create_connection
    sock.connect(sa)
BlockingIOError: [Errno 11] Resource temporarily unavailable

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "CallStranger.py", line 113, in <module>
    devices = upnp.discover()
  File "/home/mplogas/CallStranger/upnpy/upnp/UPnP.py", line 33, in discover
    for device in self.ssdp.m_search(discover_delay=delay, st='upnp:rootdevice', **headers):
  File "/home/mplogas/CallStranger/upnpy/ssdp/SSDPRequest.py", line 49, in m_search
    devices = self._send_request(self._get_raw_request())
  File "/home/mplogas/CallStranger/upnpy/ssdp/SSDPRequest.py", line 100, in _send_request
    device = SSDPDevice(addr, response.decode())
  File "/home/mplogas/CallStranger/upnpy/ssdp/SSDPDevice.py", line 82, in __init__
    self._get_description_request(utils.parse_http_header(response, 'Location'))
  File "/home/mplogas/CallStranger/upnpy/ssdp/SSDPDevice.py", line 115, in _get_description_request
    device_description = utils.make_http_request(url).read()
  File "/home/mplogas/CallStranger/upnpy/utils.py", line 80, in make_http_request
    return urllib.request.urlopen(request)
  File "/usr/lib/python3.6/urllib/request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.6/urllib/request.py", line 1353, in http_open
    return self.do_open(http.client.HTTPConnection, req)
  File "/usr/lib/python3.6/urllib/request.py", line 1327, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 11] Resource temporarily unavailable>

HTTP Error 401: Unauthorized

I receive this error when running python3 CallStranger.py

Traceback (most recent call last):
File "CallStranger.py", line 113, in
devices = upnp.discover()
File "/home/amaccuish/CallStranger/upnpy/upnp/UPnP.py", line 33, in discover
for device in self.ssdp.m_search(discover_delay=delay, st='upnp:rootdevice', **headers):
File "/home/amaccuish/CallStranger/upnpy/ssdp/SSDPRequest.py", line 49, in m_search
devices = self._send_request(self._get_raw_request())
File "/home/amaccuish/CallStranger/upnpy/ssdp/SSDPRequest.py", line 100, in _send_request
device = SSDPDevice(addr, response.decode())
File "/home/amaccuish/CallStranger/upnpy/ssdp/SSDPDevice.py", line 82, in init
self._get_description_request(utils.parse_http_header(response, 'Location'))
File "/home/amaccuish/CallStranger/upnpy/ssdp/SSDPDevice.py", line 115, in _get_description_request
device_description = utils.make_http_request(url).read()
File "/home/amaccuish/CallStranger/upnpy/utils.py", line 80, in make_http_request
return urllib.request.urlopen(request)
File "/usr/lib/python3.8/urllib/request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.8/urllib/request.py", line 531, in open
response = meth(req, response)
File "/usr/lib/python3.8/urllib/request.py", line 640, in http_response
response = self.parent.error(
File "/usr/lib/python3.8/urllib/request.py", line 569, in error
return self._call_chain(*args)
File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
result = func(*args)
File "/usr/lib/python3.8/urllib/request.py", line 649, in http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 401: Unauthorized

missing requirement: setuptools

setuptools should be added to requirements.txt. At least it was missing on my Raspbian installation.

My Output

2020-06-20 Output.txt

all i got was Unverified vulnerable services ... so am i safe or what ?

also when testing it on another device i got this error

`Traceback (most recent call last):
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 421, in _make_request
    six.raise_from(e, None)
  File "<string>", line 3, in raise_from
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 416, in _make_request
    httplib_response = conn.getresponse()
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\http\client.py", line 1321, in getresponse
    response.begin()
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\http\client.py", line 296, in begin
    version, status, reason = self._read_status()
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\http\client.py", line 265, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\adapters.py", line 449, in send
    timeout=timeout
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\util\retry.py", line 400, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\packages\six.py", line 734, in reraise
    raise value.with_traceback(tb)
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 421, in _make_request
    six.raise_from(e, None)
  File "<string>", line 3, in raise_from
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\connectionpool.py", line 416, in _make_request
    httplib_response = conn.getresponse()
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\http\client.py", line 1321, in getresponse
    response.begin()
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\http\client.py", line 296, in begin
    version, status, reason = self._read_status()
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\http\client.py", line 265, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "CallStranger.py", line 140, in <module>
    subscribe(serv,path)
  File "CallStranger.py", line 38, in subscribe
    req = requests.request('SUBSCRIBE', URL,headers=myheaders)
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\PC\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

Verified vulnerable services, but manufacturer says not affected

Hi,

Thanks for the work and this tool.

I just ran it in my home network, which has a FRITZ!Box as the gateway, and it came up as Verified vulnerable services.

The manufacturer however lists it as not affected here https://en.avm.de/service/current-security-notifications/, explaining that

There are currently reports of a security vulnerability involving the keyword "Callstranger." Security researchers have found a way to send an amplified amount of traffic using the UPnP protocol. FRITZ!Box is not affected as its UPnP service cannot be accessed or used from the Internet.

So I'm confused. How does this tool work: does it get a remote server to try to connect to the router's public IP address? Or tries to exploit the vulnerability locally using the remote server as a target.

Judging by the reported IP addresses, this seems to be a local test. So this might mean that my router IS indeed vulnerable, but only to attacks started from inside. Is this correct?

Connection errors occur (TimeoutError [Errno 110])

Connection errors occur when running CallStanger.py even though it was possible when I ran it on the 26th of november 2020.

Do you want to continue? y/N y
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 159, in _new_conn
    conn = connection.create_connection(
  File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 84, in create_connection
    raise err
  File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 74, in create_connection
    sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python3.8/http/client.py", line 1255, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1301, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1250, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.8/http/client.py", line 1010, in _send_output
    self.send(msg)
  File "/usr/lib/python3.8/http/client.py", line 950, in send
    self.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 187, in connect
    conn = self._new_conn()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 171, in _new_conn
    raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f2ac68dfbb0>: Failed to establish a new connection: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='20.42.105.45', port=80): Max retries exceeded with url: /CallStranger.php?c=getsession (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f2ac68dfbb0>: Failed to establish a new connection: [Errno 110] Connection timed out'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "CallStranger.py", line 54, in getsession
    getses=requests.request('PUT',path)
  File "/usr/lib/python3/dist-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='20.42.105.45', port=80): Max retries exceeded with url: /CallStranger.php?c=getsession (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f2ac68dfbb0>: Failed to establish a new connection: [Errno 110] Connection timed out'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "CallStranger.py", line 132, in <module>
    ss=getsession(StrangerHost+':'+StrangerPort+getSessionPath)
  File "CallStranger.py", line 58, in getsession
    print(colored('Could not  contact server',path,' for vulnerability confirmation','red'))
  File "/usr/local/lib/python3.8/dist-packages/termcolor.py", line 105, in colored
    text = fmt_str % (COLORS[color], text)
KeyError: 'http://20.42.105.45:80/CallStranger.php?c=getsession'

IndexError: list index out of range

Merhaba Yunus,

I'm running into a IndexError: list index out of range on my MBP then I try to scan in my home network.

Installed python and libs:

❯ python --version
Python 3.7.4
❯ pip3 list
Package      Version
------------ ----------
certifi      2020.4.5.2
cffi         1.14.0
chardet      3.0.4
cryptography 2.9.2
idna         2.9
pip          19.0.3
pycparser    2.20
requests     2.23.0
setuptools   40.8.0
six          1.15.0
termcolor    1.1.0
urllib3      1.25.9

Then starting I run into an error:

python CallStranger.py
...
Stranger Host: http://20.42.105.45
Stranger Port: 80
Traceback (most recent call last):
  File "CallStranger.py", line 113, in <module>
    devices = upnp.discover()
  File "/Users/hag/workspaces/others/CallStranger/upnpy/upnp/UPnP.py", line 33, in discover
    for device in self.ssdp.m_search(discover_delay=delay, st='upnp:rootdevice', **headers):
  File "/Users/hag/workspaces/others/CallStranger/upnpy/ssdp/SSDPRequest.py", line 49, in m_search
    devices = self._send_request(self._get_raw_request())
  File "/Users/hag/workspaces/others/CallStranger/upnpy/ssdp/SSDPRequest.py", line 100, in _send_request
    device = SSDPDevice(addr, response.decode())
  File "/Users/hag/workspaces/others/CallStranger/upnpy/ssdp/SSDPDevice.py", line 83, in __init__
    self._get_type_request()
  File "/Users/hag/workspaces/others/CallStranger/upnpy/ssdp/SSDPDevice.py", line 21, in wrapper
    return func(device, *args, **kwargs)
  File "/Users/hag/workspaces/others/CallStranger/upnpy/ssdp/SSDPDevice.py", line 128, in _get_type_request
    device_type = root.getElementsByTagName('deviceType')[0].firstChild.nodeValue
IndexError: list index out of range
~/workspaces/others/CallStranger master ❯

I run this on macOS 10.15.5, tried it with enabled and disabled firewall.

edit: used commit 8280064 from master.

Fixed

Fixed.

urllib.error.HTTPError: HTTP Error 404: Not Found

Sometimes it finds more hosts, but mostly it just fails with the below stacktrace.

Ubuntu 18.04 w/ Python3 VENV, Python v3.6.9

Traceback (most recent call last):
  File "CallStranger.py", line 113, in <module>
    devices = upnp.discover()
  File "/opt/callstranger/upnpy/upnp/UPnP.py", line 33, in discover
    for device in self.ssdp.m_search(discover_delay=delay, st='upnp:rootdevice', **headers):
  File "/opt/callstranger/upnpy/ssdp/SSDPRequest.py", line 49, in m_search
    devices = self._send_request(self._get_raw_request())
  File "/opt/callstranger/upnpy/ssdp/SSDPRequest.py", line 100, in _send_request
    device = SSDPDevice(addr, response.decode())
  File "/opt/callstranger/upnpy/ssdp/SSDPDevice.py", line 82, in __init__
    self._get_description_request(utils.parse_http_header(response, 'Location'))
  File "/opt/callstranger/upnpy/ssdp/SSDPDevice.py", line 115, in _get_description_request
    device_description = utils.make_http_request(url).read()
  File "/opt/callstranger/upnpy/utils.py", line 80, in make_http_request
    return urllib.request.urlopen(request)
  File "/usr/lib/python3.6/urllib/request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.6/urllib/request.py", line 532, in open
    response = meth(req, response)
  File "/usr/lib/python3.6/urllib/request.py", line 642, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python3.6/urllib/request.py", line 570, in error
    return self._call_chain(*args)
  File "/usr/lib/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.6/urllib/request.py", line 650, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 404: Not Found

A typo on callstranger.com website

You need to patch your devices' UPnP stack depending on new UPnP Spesification on OCF Web site. Some UPnP stacks like miniupnp (after 2011) are not vulnerable

Spesification -> Specification

(didn't found the source of this page, so I've posted there)

[linux] CallStranger.py does not detect anything. however other tool can see bonjour devices on the LAN

Hey there. On ubuntu 19.10 linux (kernel 5.6.11) with multiple network interfaces.

Install steps - no errors.
Usage step - no errors.
Usage step - nothing found.

However when I run avahi-browse cmdline on my machine, it will detect at least some bonjour devices on my lan. For example iOS devices, sonos, etc. Isn't that the same kind of a thing? What with Bonjour requiring multicast packets to work.

Here is the output from CallStranger.py

________        .__  .__    _________ __                                              
\_   ___ \_____  |  | |  |  /   _____//  |_____________    ____    ____   ___________  
/    \  \/\__  \ |  | |  |  \_____  \   __\_  __ \__  \  /    \  / ___\_/ __ \_  __ \ 
\     \____/ __ \|  |_|  |__/        \|  |  |  | \// __ \|   |  \/ /_/  >  ___/|  | \/ 
 \______  (____  /____/____/_______  /|__|  |__|  (____  /___|  /\___  / \___  >__|    
        \/     \/                  \/                  \/     \//_____/      \/        
This script created by Yunus Çadırcı (https://twitter.com/yunuscadirci) to check against CallStranger (CVE-2020-12695) vulnerability. An attacker can use this vulnerability for:
* Bypassing DLP for exfiltrating data
* Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood
* Scanning internal ports from Internet facing UPnP devices
You can find detailed information on https://www.callstranger.com  https://kb.cert.org/vuls/id/339275 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695
Slightly modified version of https://github.com/5kyc0d3r/upnpy used for base UPnP communication
Stranger Host: http://20.42.105.45
Stranger Port: 80
No UPnP device found. Possible reasons: 
* You just connected to network.
* UPnP stack is too slow. Restart this script
* UPnP is disabled on OS.
* UPnP is disabled on devices.
* There is no UPnP supported device.
* Your OS works on VM with NAT configuration.

	Visit https://www.CallStranger.com for updates

In regards to some of those things it's asking me to check up on:

"upnp stack too slow"... On an intel 8700K ? Not sure what is actually required to be sufficient.
"upnp disabled in os"... Well how do I check that?

I have multiple nics on this host. Couldn't that be the issue instead? Because when I checkthe interface of the least hop route with ip route, that interface (that the default traffic is going through). Well that says:

ifconfig enp0s31f6
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

Which seems to indicate at least the MULTICAST flag is enabled on that network interface. So what else is actually necessary to be enabled? (for the scanning host)

"UPnP is disabled on devices"... Well what about on those bonjour devices? Isn't that also within the category of being a uPNP device?
"Your OS works on VM with NAT configuration"... Well this is a real host. Not a Virtual Machine. Which is connected to the LAN via a real NIC. And no VLAN id or anything segmented like that.

So what else should I be checking here? I was expecting at least something detected going on local LAN. There are quite a few devices. Including a SAT>IP receiver. Which also uses multicast for it's service advertising.

BTW My router has the following settings:

If any other ideas or insights then please let me know.

IndexError: list index out of range

I try to scan my home network but this error keeps coming up:
Traceback (most recent call last):
File "D:\Programming\WongoMessenger\wongoIM.pyw", line 15, in
upnp.discover()
File "D:\Programming\WongoMessenger\upnpy\upnp\UPnP.py", line 33, in discover
for device in self.ssdp.m_search(discover_delay=delay, st='upnp:rootdevice', **headers):
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPRequest.py", line 50, in m_search
devices = self._send_request(self._get_raw_request())
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPRequest.py", line 100, in _send_request
device = SSDPDevice(addr, response.decode())
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPDevice.py", line 87, in init
self._get_services_request()
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPDevice.py", line 23, in wrapper
return func(device, *args, **kwargs)
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPDevice.py", line 54, in wrapper
return func(instance, *args, **kwargs)
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPDevice.py", line 173, in _get_services_request
device_services[parsed_service_id] = self.Service(
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPDevice.py", line 259, in init
self._get_actions_request()
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPDevice.py", line 39, in wrapper
return func(service, *args, **kwargs)
File "D:\Programming\WongoMessenger\upnpy\ssdp\SSDPDevice.py", line 331, in _get_actions_request
argument_name = argument.getElementsByTagName('name')[0].firstChild.nodeValue
IndexError: list index out of range
[Finished in 1.0s with exit code 1]

Here's my code:
upnp = upnpy.UPnP()
upnp.discover()

Meaning of the output

Hi~!

Please can I ask meaning of words from output?

What do these mean from output of this program?

Verified vulnerable services:
==> Does it mean services is vulnerable?
Unverified services:
==> Dose it mean services hasn't been verified from remote server?

Thanks.

UnicodeEncodeError: 'ascii' codec can't encode character '\xc7'

Hello,

Running as sudo, on Odroid XU4, Ubuntu Mate, ARMv7-A architecture
Uname gives Linux odroid 4.14.180-176

Traceback (most recent call last): File "CallStranger.py", line 24, in <module> print('This script created by Yunus \xc7ad\u0131rc\u0131 (https://twitter.com/yunuscadirci) to check against CallStranger (CVE-2020-12695) vulnerability. An attacker can use this vulnerability for:') UnicodeEncodeError: 'ascii' codec can't encode character '\xc7' in position 29: ordinal not in range(128)

No module named "setuptools"

Attempting to install CallStranger on a Ubuntu 18.04.3 LTS device, and getting the error:

Traceback (most recent call last):
file "setup.py", line 1, in
from setuptools import setup
ModuleNotFoundError: No module named 'setuptools'

ModuleNotFoundError: No module named 'requests'

Hello,

I tried to call " python3 CallStranger.py" on an Raspberry PI Debiasn Buster, but got the error below.

Traceback (most recent call last):
  File "CallStranger.py", line 4, in <module>
    import requests
ModuleNotFoundError: No module named 'requests'

Any Idea to solve the problem ?

Thank you very much.

Regards

Thorsten