def setVirtualHost(self, tmac, smac, ipaddr):
self.log.info('Virtual host: %s (%s)'%(ipaddr,smac))
self.log.info('Target MAC: %s'%(tmac))
self.virtualhost_mac = smac
self.virtualhost_ip = ipaddr
self.targethost_mac = tmac
eth.DEFAULT_TARGET_MAC = tmac
ip.DEFAULT_SOURCE_ADDR = ipaddr
eth.DEFAULT_SOURCE_MAC = smac
if (self.arp_demon != None) and (self.arp_demon.is_running()):
self.arp_demon.stop()
self.arp_demon = ARPDemon(ipaddr, smac, iface=self.interface)
class Engine:
def __init__(self):
# reverse arp demon. Used to simulate the virtual host
self.arp_demon = None
# the exploit currently loaded
self.exploit = None
# the module containing the current exploit
self.exp_module = None
# the interface used to generate and receive packets
self.interface = 'eth0'
# Mutant operators manager
self.opmanager = OpManager()
# List of alert collectors
self.collectors = []
# Mutant factory
self.factory = None
# True if the alerts must be collected after each mutant execution
self.collect_sync = False
# True if the log messages must be redirected during the exploit execution
self.redirect = True
self.virtualhost_mac = 'undefined'
self.virtualhost_ip = 'undefined'
self.targethost_mac = 'undefined'
self.targethost_ip = '127.0.0.1'
self.log = logger.main.newSource("ENGINE")
# Load the default mutant factory
self.set_factory(utils.load_factory("factories/NullFactory.py"))
# Load the mutant operators
self.opmanager.load_operators()
# Scapy configuration
scapy.scapy.conf.padding = 0
def clean_up(self):
self.log.info("Cleaning up.\nBye Bye")
if (self.arp_demon != None) and (self.arp_demon.is_running()):
self.arp_demon.stop()
if self.exploit:
del self.exploit
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Alert Collectors
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def get_selected_collectors(self):
return self.collectors
def add_collector(self, collector):
if collector in self.collectors:
return
self.collectors.append(collector)
def remove_collector(self, collector):
try:
self.collectors.remove(collector)
except:
pass
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Interfaces
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def get_interfaces(self):
temp = scapy.scapy.get_if_list()
temp.remove('lo')
return temp
def get_iface(self):
return self.interface
def set_iface(self, iface):
self.interface = iface
tcp.interface = iface
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Mutant factories
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def set_factory(self, factory):
if factory == None:
self.log.error('Attempt to set Factory to "None".')
self.factory = factory
self.factory.set_opmanager(self.opmanager)
if self.factory.require_sync_collectors():
self.collect_sync = True
else:
self.collect_sync = False
self.log.debug('Mutant Factory sets to: %s'%self.factory.__class__)
def get_factory(self):
return self.factory
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Hosts
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def setVirtualHost(self, tmac, smac, ipaddr):
self.log.info('Virtual host: %s (%s)'%(ipaddr,smac))
self.log.info('Target MAC: %s'%(tmac))
self.virtualhost_mac = smac
self.virtualhost_ip = ipaddr
self.targethost_mac = tmac
eth.DEFAULT_TARGET_MAC = tmac
ip.DEFAULT_SOURCE_ADDR = ipaddr
eth.DEFAULT_SOURCE_MAC = smac
if (self.arp_demon != None) and (self.arp_demon.is_running()):
self.arp_demon.stop()
self.arp_demon = ARPDemon(ipaddr, smac, iface=self.interface)
def start_demon(self):
if self.arp_demon == None:
self.log.error('Attempt to start the ARP demon before configuring it')
return False
if self.arp_demon.is_running()==False:
self.arp_demon.start()
return True
def stop_demon(self):
self.arp_demon.stop()
def setTargetHost(self,ipaddr):
self.log.info('Target host: %s'%ipaddr)
self.targethost_ip = ipaddr
ip.DEFAULT_TARGET_ADDR = ipaddr
def getTargetHost(self):
return (self.targethost_ip, self.targethost_mac)
def getVirtualHost(self):
return (self.virtualhost_ip, self.virtualhost_mac)
def set_userland_socket(self, bool):
if bool==False:
tcp.TCPSocket.DEFAULT_SOCKET = tcp.PythonTCPSocket
else:
tcp.TCPSocket.DEFAULT_SOCKET = tcp.UserSpaceTCPSocket
def is_userland_socket_enabled(self):
if tcp.TCPSocket.DEFAULT_SOCKET == tcp.PythonTCPSocket:
return False
else:
return True
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Exploit
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def load_exploit(self, filename):
loaded = False
try:
if self.exp_module != None:
del sys.modules[self.exp_module.__name__]
directory, f = os.path.split(filename)
sys.path.append(directory)
if f[-3:]=='.py':
self.exp_module = __import__(f[:-3])
elif f[-4:]=='.pyc':
self.exp_module = __import__(f[:-4])
else:
self.log.warning('Bad file name %s'%filename)
content = dir(self.exp_module)
for x in content:
try:
obj = self.exp_module.__dict__[x]
if issubclass(obj, interfaces.exploit.Exploit):
self.exploit = obj()
loaded = True
self.log.info('%s exploit loaded'%filename)
break
except Exception, msg:
#print "Error loading exploit file %s:\r\n%s"%(filename,msg)
#junk1, junk2, trace = sys.exc_info()
#print "Line number: %d"%trace.tb_lineno
pass
sys.path.remove(directory)
except Exception, msg:
self.log.error("Error loading exploit file %s:\r\n%s"%(filename,msg))
