Beispiel #1
0
 def test_out_of_bounds_negative_index_should_raise(self):
     i = IPRange(IP('10.0.42.0'), IP('10.0.42.127'))
     self.assertRaises(IndexError, lambda x: i[x], -129)
Beispiel #2
0
 def __init__(self, ip_addr, net_type):
     super(IpNode, self).__init__()
     self._ip = IP(ip_addr)
     self.net_type = net_type
Beispiel #3
0
    def packet_in_handler(self,ev):
        msg = ev.msg
        datapath = msg.datapath
        ofproto = datapath.ofproto
        ofp_parser = datapath.ofproto_parser

        in_port = msg.match['in_port']
        dpid = datapath.id
        pkt = packet.Packet(msg.data)
        eth_pkt = pkt.get_protocol(ethernet.ethernet)
        src = eth_pkt.src
        dst = eth_pkt.dst
        out_port = datapath.ofproto.OFPP_FLOOD

        if eth_pkt.ethertype == ether_types.ETH_TYPE_ARP:
            arp_pkt = pkt.get_protocol(arp)
            src_ip = arp_pkt.src_ip
            dst_ip = arp_pkt.dst_ip
            self.arp_table[src_ip] = src
            if src_ip not in self.network and src_ip!='66.66.66.66':
                self.network.add_node(src_ip)
                # switch和主机之间的链路及switch转发端口
                self.network.add_edge(dpid, src_ip, attr_dict={'port':in_port})
                self.network.add_edge(src_ip, dpid)
                self.paths.setdefault(src_ip, {})
            for arr in GATEWAY_IP.values():
                if dst_ip in arr:
                    self.reply_arp(datapath,eth_pkt,arp_pkt,src_ip,in_port)
                    return
            # if arp_pkt.opcode == 2:
            #     self.arp_table[src_ip] = src
            #     # print(dpid)
            #     self.network.add_node(src_ip)
            #     # switch和主机之间的链路及switch转发端口
            #     self.network.add_edge(dpid, src_ip, attr_dict={'port':in_port})
            #     self.network.add_edge(src_ip, dpid)
            #     self.paths.setdefault(src_ip, {})
            #     return

        if eth_pkt.ethertype == ether_types.ETH_TYPE_IP:
            # self.handle_ip(msg,datapath,pkt,eth,in_port)
            ipv4_pkt = pkt.get_protocol(ipv4.ipv4)
            dst_ip = ipv4_pkt.dst
            src_ip = ipv4_pkt.src
            
            for ele in GATEWAY_IP[dpid]:
                if IP(dst_ip).make_net('255.255.255.0') == IP(ele).make_net('255.255.255.0'):
                    if dst_ip not in self.arp_table:
                        src = "00:00:00:00:00:66"
                        src_ip = "66.66.66.66"
                        dst = "ff:ff:ff:ff:ff:ff"
                        out_port = ofproto.OFPP_FLOOD
                        self.send_arp(datapath, 1, src, src_ip, dst, dst_ip, out_port)
                        return
                    else:
                        dst = self.arp_table[dst_ip]
                        out_port = self.get_out_port(datapath,src_ip,dst_ip,in_port)
                        print(out_port)
                        actions = [ofp_parser.OFPActionSetField(eth_dst=dst)]
                        actions.append(ofp_parser.OFPActionSetField(eth_src=self.switches[dpid][out_port]))
                        actions.append(ofp_parser.OFPActionOutput(out_port))
                        out = ofp_parser.OFPPacketOut(
                                    datapath=datapath,buffer_id=msg.buffer_id,in_port=in_port,
                                    actions=actions,data=msg.data)
                        datapath.send_msg(out)
                        match = ofp_parser.OFPMatch(in_port=in_port, eth_type=ether_types.ETH_TYPE_IP, eth_dst=dst, eth_src=src)
                        self.add_flow(datapath, 1, match, actions)
                        return
                else:
                    out_port = self.get_out_port(datapath,src_ip,dst_ip,in_port)

        # out_port = self.get_out_port(datapath,src,dst,in_port)
        actions = [ofp_parser.OFPActionOutput(out_port)]

        # if out_port != ofproto.OFPP_FLOOD:
        #     match = ofp_parser.OFPMatch(in_port=in_port,eth_dst=dst)
        #     self.add_flow(datapath,1,match,actions)

        out = ofp_parser.OFPPacketOut(
                datapath=datapath,buffer_id=msg.buffer_id,in_port=in_port,
                actions=actions,data=msg.data
        )

        datapath.send_msg(out)
def parse_network_CF(resources_data):
    """Parses the CloudFormation resources data for network information.

    Various checks are conducted on the Cloudformation template within the scope
    of network related issues. The various Type keys are used from the JSON
    which is passed and they are iterated over, various criteria is checked if
    they are present. Any issue will cause the pipeline to fail and a
    dictionary, data_response, containing the checks and other log information
    will be returned. The pipeline will receive a successful job if the end of
    the function is reached without any issues, data_response is also returned
    in this case for logging purposes.


    Args:
        <job_id on live Lambda>: Job_id from CodePipeline.
        resources_data: The relevant data contained from the 'Resources' key
        from the JSON CloudFormation template.

    Returns:
        data_response: A dictionary which contains the data property
        that is checked, the key, and a log about the particular property,
        this is the value. If there are any errors the job will fail and a value
        of "ERROR: [message here]" will be tied to the corresponding key.

    """
    data_response = {}
    error_counter = 0
    error_keys = []
    for key in resources_data.keys():

        if 'AWS::EC2::VPC' == resources_data[key]['Type']:
            data_response['{}-VPC'.format(key)] = "Present"
            try:
                vpc_properties = resources_data[key]['Properties']
                data_response['{}-VPC Properties'.format(
                    key)] = "Properties exist"
                if 'CidrBlock' in vpc_properties:
                    if IP(vpc_properties['CidrBlock']).iptype() != "PRIVATE":
                        error_counter += 1
                        data_response['{}-VPC-CidrBlock'.format(key)] = {
                            "Error":
                            "IP Addresses should only be RFC1918 compliant.",
                            "Address Type":
                            IP(vpc_properties['Cidr_block']).iptype()
                        }
                        error_keys.append(key)
                    else:
                        data_response['{}-VPC-CidrBlock'.format(key)] = \
                            {vpc_properties['CidrBlock']: IP(vpc_properties['CidrBlock']).iptype()}

            except KeyError:
                data_response['{}-VPC'.format(key)] = {
                    "Error": "VPC Property was not present."
                }
                error_counter += 1
                error_keys.append(key)

        if 'AWS::EC2::Route' == resources_data[key]['Type']:
            if 'RouteTableId' in resources_data[key]['Properties'] and \
                    'VpcPeeringConnectionId' in resources_data[key]['Properties']:
                data_response['{}-RouteTableId-VpcPeeringConnection'.format(
                    key)] = "Valid Route"

            elif 'RouteTableId' in resources_data[key]['Properties'] and \
                    'VpcId' in resources_data[key]['Properties']:
                data_response['{}-RouteTableId-VpcId'.format(
                    key)] = "Valid Route"

            elif 'RouteTableId' in resources_data[key]['Properties']:
                data_response['{}-RouteTableId-VpcId'.format(
                    key)] = "Valid Route"

            else:
                data_response['{}-RouteTableId'.format(key)] = \
                    {"Error": "Either property was not present in the EC2::Route."}
                error_counter += 1
                error_keys.append(key)

        if 'EC2::InternetGateway' in resources_data[key]['Type']:
            try:
                # InternetGateway must have a Properties key, even if it is blank with an empty dict {}.
                should_exist = resources_data[key]['Properties']
                data_response['{}-InternetGateway'.format(
                    key)] = "Properties exist"
            except KeyError:
                data_response['{}-InternetGateway'.format(key)] = {
                    "Error": "VpnGatewayId or InternetGatewayId not present."
                }
                error_counter += 1
                error_keys.append(key)

        if 'EC2::VPCGatewayAttachment' in resources_data[key]['Type']:
            if 'VpcId' in resources_data[key]['Properties']:
                data_response['VPCGWAttach-VpcId'] = "VpcId referenced"
            if 'VpnGatewayId' in resources_data[key]['Properties'] or \
                    'InternetGatewayId' in resources_data[key]['Properties']:
                data_response[
                    'VPCGWAttach-VPN/IGW'] = "VpnGatewayId or InternetGatewayId present"
            else:
                data_response['{}-VPCGWAttach'.format(key)] = {
                    "Error": "VpnGatewayId or InternetGatewayId not present."
                }
                error_keys.append(key)
                error_counter += 1

        if 'AWS::EC2::VPNGateway' == resources_data[key]['Type']:
            if 'Type' in resources_data[key]['Properties']:
                if resources_data[key]['Properties']['Type'] != "ipsec.1":
                    data_response['{}-VPNGateway'.format(key)] = {
                        "Error": "The only allowed type is 'ipsec.1'."
                    }
                    error_keys.append(key)
                    error_counter += 1
                else:
                    data_response['{}-VPNGateway'.format(
                        key)] = "Valid VPN type present."

        if 'AWS::EC2::VPNGatewayRoutePropagation' == resources_data[key][
                'Type']:
            if 'RouteTableIds' in resources_data[key]['Properties']:
                if isinstance(
                        resources_data[key]['Properties']['RouteTableIds'],
                        list):
                    data_response['{}-VPNGatewayRoutePropagation'.format(
                        key)] = "Value is list of strings."
                else:
                    data_response['{}-VPNGatewayRoutePropagation'.format(
                        key
                    )] = {
                        "Error":
                        "Value must be list of string corresponding to RouteTableIds."
                    }
                    error_counter += 1
                    error_keys.append(key)
            if 'VpnGatewayId' in resources_data[key]['Properties']:
                data_response['{}-VPNGatewayRoutePropagation'.format(
                    key)] = "VpnGatewayId present."
            else:
                data_response['{}-VPNGatewayRoutePropagation'.format(key)] = {
                    "Error": "VpnGatewayId is required."
                }
                error_counter += 1
                error_keys.append(key)

        if 'AWS::EC2::VPNConnection' == resources_data[key]['Type']:
            if 'CustomerGatewayId' in resources_data[key]['Properties']:
                data_response['{}-VPNConnection'.format(
                    key)] = "CustomerGatewayId present."

            if 'TransitGatewayId' in resources_data[key]['Properties'] and \
                'VpnGatewayId' in resources_data[key]['Properties']:
                data_response['{}-Transit_AND_VPNGW'.format(key)] = {
                    "Error":
                    "Both TransitGatewayId AND VpnGatewayId cannot be used within the VPNConnection Type."
                }
                error_keys.append(key)
                error_counter += 1

            if 'TransitGatewayId' in resources_data[key]['Properties'] or \
                'VpnGatewayId' in resources_data[key]['Properties']:
                data_response['{}-Transit_OR_VPNGW'.format(
                    key
                )] = "Either TransitGatewayId or VpnGatewayId present, but not both."

    if error_counter == 0:
        data_response['Errors'] = {
            "Count": "{}".format(error_counter),
            "Keys with errors": error_keys
        }
        pipeline_job_success(job)
    else:
        data_response['Errors'] = {
            "Count": "{}".format(error_counter),
            "Keys with errors": error_keys
        }
        pipeline_job_fail(job)
    print("End of function")
    print(data_response)
    return data_response
Beispiel #5
0
    def cook_response(self, d, qname, fake_records):
        fake_record = fake_records[qtype]

        # Create a custom response to the query
        response = DNSRecord(DNSHeader(id=d.header.id,
                                       bitmap=d.header.bitmap,
                                       qr=1,
                                       aa=1,
                                       ra=1),
                             q=d.q)
        self.log("cooking the response of type '%s' for %s to %s" %
                 (qtype, qname, fake_record))

        # IPv6 needs additional work before inclusion:
        if qtype == "AAAA":
            ipv6 = IP(fake_record)
            ipv6_bin = ipv6.strBin()
            ipv6_hex_tuple = [
                int(ipv6_bin[i:i + 8], 2) for i in xrange(0, len(ipv6_bin), 8)
            ]
            response.add_answer(
                RR(qname,
                   getattr(QTYPE, qtype),
                   rdata=RDMAP[qtype](ipv6_hex_tuple)))
        elif qtype == "SOA":
            mname, rname, t1, t2, t3, t4, t5 = fake_record.split(" ")
            times = tuple([int(t) for t in [t1, t2, t3, t4, t5]])
            mname, rname = rmdots(mname), rmdots(rname)
            response.add_answer(
                RR(qname,
                   getattr(QTYPE, qtype),
                   rdata=RDMAP[qtype](mname, rname, times)))
        elif qtype == "NAPTR":
            order, preference, flags, service, regexp, replacement = fake_record.split(
                " ")
            order = int(order)
            preference = int(preference)
            replacement = rmdots(replacement)
            response.add_answer(
                RR(qname,
                   getattr(QTYPE, qtype),
                   rdata=RDMAP[qtype](order, preference, flags, service,
                                      regexp, DNSLabel(replacement))))
        elif qtype == "SRV":
            priority, weight, port, target = fake_record.split(" ")
            priority = int(priority)
            weight = int(weight)
            port = int(port)
            target = rmdots(target)
            response.add_answer(
                RR(qname,
                   getattr(QTYPE, qtype),
                   rdata=RDMAP[qtype](priority, weight, port, target)))
        elif qtype == "DNSKEY":
            flags, protocol, algorithm, key = fake_record.split(" ")
            flags = int(flags)
            protocol = int(protocol)
            algorithm = int(algorithm)
            key = b64decode(("".join(key)).encode('ascii'))
            response.add_answer(
                RR(qname,
                   getattr(QTYPE, qtype),
                   rdata=RDMAP[qtype](flags, protocol, algorithm, key)))
        elif qtype == "RRSIG":
            covered, algorithm, labels, orig_ttl, sig_exp, sig_inc, key_tag, name, sig = fake_record.split(
                " ")
            covered = getattr(QTYPE, covered)  # NOTE: Covered QTYPE
            algorithm = int(algorithm)
            labels = int(labels)
            orig_ttl = int(orig_ttl)
            sig_exp = int(mktime(strptime(sig_exp + 'GMT', "%Y%m%d%H%M%S%Z")))
            sig_inc = int(mktime(strptime(sig_inc + 'GMT', "%Y%m%d%H%M%S%Z")))
            key_tag = int(key_tag)
            name = rmdots(name)
            sig = b64decode(("".join(sig)).encode('ascii'))
            response.add_answer(
                RR(qname,
                   getattr(QTYPE, qtype),
                   rdata=RDMAP[qtype](covered, algorithm, labels, orig_ttl,
                                      sig_exp, sig_inc, key_tag, name, sig)))
        else:
            fake_record = rmdots(fake_record)
            response.add_answer(
                RR(qname,
                   getattr(QTYPE, qtype),
                   rdata=RDMAP[qtype](fake_record)))

        response = response.pack()
        return response
 def set_ipv4_address(self, address):
     self.__ipv4_address = IP(address)
     start = int(self.__ipv4_address.len() / 2)
     end = self.__ipv4_address.len() - 2
     self.__ipv4_start = str(self.__ipv4_address[start])
     self.__ipv4_end = str(self.__ipv4_address[end])
Beispiel #7
0
 def ver_address(self, version=4):
     try:
         ip_obj = IP(self.address)
         return True if ip_obj.version() == version else False
     except ValueError:
         return False
Beispiel #8
0
 def getAddress(self):
     ip, port = AbstractChecker.getAddress(self)
     addr = IP(ip)
     if addr.version() == 6:
         ip = '[%s]' % ip
     return ip, port
 def get_ip(self):
     #获取待扫描地址段
     iplist = IP(self.target)
     for ip in list(iplist):
         self.ips.append(str(ip))
Beispiel #10
0
def IPauto(ipl):
    ipr = IP(ipl)
    for ip in ipr:
        ipList.append(str(ip))
 def check_IP(self):
     try:
         IP(self.target)
         return self.target
     except ValueError:
         return socket.gethostbyname(self.target)
Beispiel #12
0
 def test_assembled_ipv4_range_should_parse(self):
     i = IPRange.from_string('10.0.42.0-127')
     self.assertEquals(i[0], IP('10.0.42.0'))
     self.assertEquals(i[-1], IP('10.0.42.127'))
Beispiel #13
0
 def test_simple_ipv6_range_should_parse(self):
     i = IPRange.from_string('fe80:700:1::-fe80:700:1::f')
     self.assertEquals(i[0], IP('fe80:700:1::'))
     self.assertEquals(i[-1], IP('fe80:700:1::f'))
Beispiel #14
0
 def test_simple_ipv4_range_should_parse(self):
     i = IPRange.from_string('10.0.42.0-10.0.42.63')
     self.assertEquals(i[0], IP('10.0.42.0'))
     self.assertEquals(i[-1], IP('10.0.42.63'))
Beispiel #15
0
                    fake_record = fake_records[qtype]

                    response = DNSRecord(DNSHeader(id=d.header.id,
                                                   bitmap=d.header.bitmap,
                                                   qr=1,
                                                   aa=1,
                                                   ra=1),
                                         q=d.q)

                    print "[%s] %s: cooking the response of type '%s' for %s to %s" % (
                        time.strftime("%H:%M:%S"), self.client_address[0],
                        qtype, qname, fake_record)

                    # IPv6 needs additional work before inclusion:
                    if qtype == "AAAA":
                        ipv6 = IP(fake_record)
                        ipv6_bin = ipv6.strBin()
                        ipv6_hex_tuple = [
                            int(ipv6_bin[i:i + 8], 2)
                            for i in xrange(0, len(ipv6_bin), 8)
                        ]
                        response.add_answer(
                            RR(qname,
                               QTYPE[qtype],
                               rdata=RDMAP[qtype](ipv6_hex_tuple)))

                    elif qtype == "SOA":
                        mname, rname, t1, t2, t3, t4, t5 = fake_record.split(
                            " ")
                        times = tuple([int(t) for t in [t1, t2, t3, t4, t5]])
Beispiel #16
0
print "\===============Auto Upload Shell=================="
print "\n[1] Check the Vulnerability"
#IP=raw_input("enter your target ip like 1.1.1.0/24:")
#inp = raw_input("enter your choice:")
#if inp == '1':
# options()
# if options() is None:
#   put()
#    move()

#IP=raw_input("enter your txt position:")
#f=open(IP,'r')
#lines=f.readlines()
#print "input info" + IP
lines = IP("61.139.94.0/24")

#b = 'nmap'+' '+'--open '+''+'-p 80 ' + '' + IP
#print b +'\r\n'+'Now go for find the dork server'
#a = str(os.popen(b).readlines())
#r1 = re.compile("\d*\.\d*\.\d*\.\d*")
#ip = r1.findall(a)
ips = []

#if ip==[]:
#   sys.exit()
for x in lines:
    #x=x.strip()
    ips.append(x)
"""
for y in ips:
Beispiel #17
0
def isIP(str):
    try:
        IP(str)
    except ValueError:
        return False
    return True
Beispiel #18
0
 def from_db_value(self, value, expression, connection, context):
     if value is None:
         return value
     return IP(value)
Beispiel #19
0
#_*_ coding:utf-8_*_
from IPy import IP
import xlrd,xlwt
from xlutils.copy import copy

# 向sheet页中写入数据,copy模版样式
oldWb = xlrd.open_workbook('input.xls',formatting_info=True)
wb = copy(oldWb)
oldsheet = oldWb.sheets()[0]
sheet1 = wb.get_sheet(0)
nrows = oldsheet.nrows
for i in range(1, nrows):
    ip_net = oldsheet.cell_value(i, 0)
    try:
        ip = IP(ip_net)
    except:
        continue
    ips = ''
    for x in ip:
        ips = ips+str(x)+'\n'
    sheet1.write(i, 1, ips.strip())
wb.save('output.xls')
print("It is done!")

'''ip = IP('36.111.89.0/24')
f = open('1','w')
for x in ip:
    #print(x)
    f.write(str(x)+'\n')
print('over')'''
Beispiel #20
0
def Ip_address():
    try:
        print('\n')
        print('===' * 10)
        iprange = input(
            "Enter the IP range(either format: x.x.x.x/24 or x.x.x.x/255.255.255.0): "
        )
        print('===' * 10)
        user_input = input(
            "Enter '1' to display the file or '2' to print to csv file: ")
        while user_input != ' ':
            if user_input == '1':
                try:
                    print('\n')
                    if '/' in iprange:
                        n = ipaddress.ip_network(iprange.strip())
                        first, last = n[0], n[-1]
                        print('===' * 5 + ' ' + "Network Address: " +
                              str(first) + ' ' + '===' * 5)
                        print("Available adresses:")
                        for x in n.hosts():
                            print(x)
                        print('===' * 5 + ' ' + "Broadcast Address: " +
                              str(last) + ' ' + '===' * 5)
                        print('===' * 5 + ' ' + 'Mask: ' +
                              str(IP(iprange).netmask()) + ' ' + '===' * 5)
                        menu1()
                    else:
                        print('===' * 10)
                        print("\nIvalid Ip and Mask!. Try again...")
                        print('===' * 10)
                        Ip_address()
                except ValueError:
                    print('===' * 10)
                    print("\nIvalid Ip and Mask!. Try again...")
                    print('===' * 10)
                    Ip_address()
            elif user_input == '2':
                try:
                    if '/' in iprange:
                        print('===' * 10)
                        path = input(
                            'Provide the path to the "IPranges" folder in the main  folder(copy/paste from the folder) or any folder you want:\n'
                        )
                        path = path.split(',')
                        dst = os.path.join(*path)
                        outputfile = str(date.today())
                        file1 = ('IP_range_' + outputfile + ".csv")
                        f = open(file1, 'w')
                        writer = csv.DictWriter(f,
                                                fieldnames=[
                                                    "  IP ADDRESSES ",
                                                    "  NETWORK", "  BROADCAST",
                                                    "  MASK"
                                                ],
                                                lineterminator='\n',
                                                delimiter=',')
                        writer.writeheader()
                        network = IP(iprange)
                        n = ipaddress.IPv4Network(iprange)
                        first, last = n[0], n[-1]
                        mask = str(IP(iprange).netmask())
                        f.write('{0},{1},{2},{3}\n'.format(
                            'Usable Addresses', first, last, mask))
                        f.flush()
                        for ip in list(network)[1:-1]:
                            f.write('{0}\n'.format(ip))
                            f.flush()
                        f.close()
                        print('   ' * 30)
                        print('===' * 30)
                        print('***' * 8 + '  Completed! The file: ' + file1 +
                              ' has been created!' + '***' * 8)
                        print('===' * 30)
                        print('   ' * 30)
                        for filecsv in os.listdir():
                            #if filecsv.endswith(".csv"):
                            if 'IP_range_' in filecsv:
                                shutil.move(filecsv,
                                            os.path.join(dst, filecsv))
                        menu1()
                    else:
                        print('===' * 10)
                        print("\nIvalid Ip and Mask!. Try again...")
                        print('===' * 10)
                        Ip_address()
                except ValueError:
                    print("\n\nIvalid Ip and Mask!. Try again...\n")
                    Ip_address()
            else:
                print('===' * 10)
                print("Ivalid Entry!. Try again...")
                print('===' * 10)
                user_input = input(
                    "Enter '1' to display the file or '2' to print to csv file: "
                )
    except KeyboardInterrupt:
        print("\n\nProgram aborted by user. Exiting...\n")
        sys.exit()
Beispiel #21
0
def taskfunc(scannode, printed):
    '''
    ### task线程函数,定时从数据库读取未完成任务,设置好参数后调用插件执行任务
    - 参数说明
     - scannode:调用本线程函数的scanNode类实例
     - printed:上次打印的信息
    - 这个线程函数一放在类里面就报错,exec语句无法执行,所以放外面了,拿scannode做参数传过来
    '''
    tag = 'task线程->'
    dbo = dboperator(scannode.dbpath)
    # 先删除标记成删除的任务

    task = dbo.getOneTaskForExecute()
    r = '目前无可执行任务。'
    # 如果无任务,打印信息,定时下一次执行
    if task == None:
        if printed != r:
            logging.info(tag + r)
            printed = r
        timer = threading.Timer(
            scannode.do_task_inteval, taskfunc, (scannode, printed))
        timer.start()
        return
    # 如果有任务
    nodeTaskId, taskName, plugin, ipranges_str, iptotal = task  # 获取task各字段(task是个元组)
    # 把后缀名.py去掉
    plugin = plugin[0:len(plugin) - 3]

    r = '未找到插件:'
    try:
        exec("from plugin import " + plugin + " as scanning_plugin")
    # 如果未找到插件(执行exec出错),则打印信息,定时下一次执行
    except:
        if printed != r:
            logging.info(tag + r + plugin)
            printed = r
        timer = threading.Timer(
            scannode.do_task_inteval, taskfunc, (scannode, printed))
        timer.start()
        return
    r = "开始任务%s" % (nodeTaskId)
    logging.info(tag + r)
    printed = r
    ipranges = eval(ipranges_str)  # 获取ip集
    lastip = dbo.getLastIpById(nodeTaskId)  # 加载执行进度

    # 计算需要扫描的ip集,已经扫描的个数
    ipRangesForScan, ipOkCount = caculateScaningIpRange(
        ipranges, lastip)
    stepcounter = 0  # 每满step个存储一次进度
    # 构造multiThread的一个参数,详见multiThread类的说明

    dp=multiThread(scannode.thread_count,scanning_plugin.scan,recordResult)
    f = open('result/' + taskName + '_' + nodeTaskId + '.txt', 'a')
    for iprange in ipRangesForScan:
        start, end = iprange
        for i in range(start, end + 1):
            # 计数,到step个时,存储扫描到哪里,扫描了几个
            stepcounter = stepcounter + 1
            ipOkCount = ipOkCount + 1
            p=str(IP(i))
            dp.dispatch((p,),(f,))
            #个数达到指定个数后保存执行进度
            if stepcounter == scannode.step_recoard_progress:
                r=dp.getAllThreadProcess()#获取每个线程执行到哪
                #取得最小
                p,=r[0]
                least=IP(p).int()
                for item in r:
                    p,=item
                    x=IP(p).int()
                    if x<least:
                        least=x
                str_least=str(IP(least))
                dbo.updateLastIpById(nodeTaskId, str_least)  # 保存执行进度
                dbo.updateIpFinishedById(nodeTaskId, ipOkCount)
                stepcounter = 0
                print '任务%s扫描完成进度:' % (nodeTaskId) + str(ipOkCount) + '/' + str(iptotal) + '\r',
                sys.stdout.flush()
            
            # 查看任务的指令是否变化
            newInstruction = dbo.getInstructionById(nodeTaskId)
            # 如果指令不是执行
            if newInstruction != instructionOptions['执行']:
                # 等5秒 再执行
                timer = threading.Timer(
                    5, taskfunc, (scannode, printed))
                timer.start()
                # 本次任务退出,等5秒,确保线程都结束了,再关闭文件
                sleep(5)
                f.close()
                return
    f.close()
    dbo.updateStatusById(nodeTaskId, statusOptions['完成'])
    # todo:删除lastip表中的这个id记录,因为已经完成了
    logging.info(tag + "完成任务%s" % (nodeTaskId))
    # 完成一个后,直接执行下一个
    timer = threading.Timer(
        0, taskfunc, (scannode, printed))
    timer.start()
import datetime
import socket

try:
    from IPy import IP
except ImportError:
    try:
        command_to_execute = "pip install IPy || easy_install IPy"
        os.system(command_to_execute)
    except OSError:
        print "Can NOT install IPy, Aborted!"
        sys.exit(1)
    except Exception as e:
        print "Uncaught exception, %s" % e.message
        sys.exit(1)
    from IPy import IP

i = datetime.datetime.now()
print i.strftime('%Y/%m/%d %H:%M:%S')

hostname = socket.getfqdn(socket.gethostname())
print hostname

# TODO(Guodong Ding) Get A Wrong IP Address When There Are More Than One NIC Adapter Or IP Address!!!
ip = socket.gethostbyname(hostname)
print ip

print IP(ip).version()

print IP(ip).reverseName()
Beispiel #23
0
    def cook_response_any(self, d, qname, fake_records):
        self.log(
            "cooking the response of type ANY for %s with all known fake records."
            % qname)
        response = DNSRecord(DNSHeader(id=d.header.id,
                                       bitmap=d.header.bitmap,
                                       qr=1,
                                       aa=1,
                                       ra=1),
                             q=d.q)

        for qtype, fake_record in fake_records.items():
            if fake_record:
                # NOTE: RDMAP is a dictionary map of qtype strings to handling classses
                # IPv6 needs additional work before inclusion:
                if qtype == "AAAA":
                    ipv6 = IP(fake_record)
                    ipv6_bin = ipv6.strBin()
                    fake_record = [
                        int(ipv6_bin[i:i + 8], 2)
                        for i in xrange(0, len(ipv6_bin), 8)
                    ]
                elif qtype == "SOA":
                    mname, rname, t1, t2, t3, t4, t5 = fake_record.split(" ")
                    times = tuple([int(t) for t in [t1, t2, t3, t4, t5]])
                    mname, rname = rmdots(mname), rmdots(rname)
                    response.add_answer(
                        RR(qname,
                           getattr(QTYPE, qtype),
                           rdata=RDMAP[qtype](mname, rname, times)))
                elif qtype == "NAPTR":
                    order, preference, flags, service, regexp, replacement = fake_record.split(
                        " ")
                    order = int(order)
                    preference = int(preference)
                    replacement = rmdots(replacement)
                    # if replacement and replacement[-1] == ".": replacement = replacement[:-1]
                    response.add_answer(
                        RR(qname,
                           getattr(QTYPE, qtype),
                           rdata=RDMAP[qtype](order, preference, flags,
                                              service, regexp, replacement)))
                elif qtype == "SRV":
                    priority, weight, port, target = fake_record.split(" ")
                    priority = int(priority)
                    weight = int(weight)
                    port = int(port)
                    target = rmdots(target)
                    response.add_answer(
                        RR(qname,
                           getattr(QTYPE, qtype),
                           rdata=RDMAP[qtype](priority, weight, port, target)))
                elif qtype == "DNSKEY":
                    flags, protocol, algorithm, key = fake_record.split(" ")
                    flags = int(flags)
                    protocol = int(protocol)
                    algorithm = int(algorithm)
                    key = b64decode(("".join(key)).encode('ascii'))
                    response.add_answer(
                        RR(qname,
                           getattr(QTYPE, qtype),
                           rdata=RDMAP[qtype](flags, protocol, algorithm,
                                              key)))
                elif qtype == "RRSIG":
                    covered, algorithm, labels, orig_ttl, sig_exp, sig_inc, key_tag, name, sig = fake_record.split(
                        " ")
                    covered = getattr(QTYPE, covered)  # NOTE: Covered QTYPE
                    algorithm = int(algorithm)
                    labels = int(labels)
                    orig_ttl = int(orig_ttl)
                    sig_exp = int(
                        mktime(strptime(sig_exp + 'GMT', "%Y%m%d%H%M%S%Z")))
                    sig_inc = int(
                        mktime(strptime(sig_inc + 'GMT', "%Y%m%d%H%M%S%Z")))
                    key_tag = int(key_tag)
                    name = rmdots(name)
                    sig = b64decode(("".join(sig)).encode('ascii'))
                    response.add_answer(
                        RR(qname,
                           getattr(QTYPE, qtype),
                           rdata=RDMAP[qtype](covered, algorithm, labels,
                                              orig_ttl, sig_exp, sig_inc,
                                              key_tag, name, sig)))
                else:
                    fake_record = rmdots(fake_record)
                    response.add_answer(
                        RR(qname,
                           getattr(QTYPE, qtype),
                           rdata=RDMAP[qtype](fake_record)))

        response = response.pack()
        return response
Beispiel #24
0
from IPy import IP
import xlrd

filename = 'ip.xlsx'
f = xlrd.open_workbook(filename)  # 打开excel
table = f.sheet_by_name("Sheet1")  # 打开sheet
nrows = table.nrows  # sheet的行数
print(nrows)

net_list = list()
for i in range(nrows):
    # print(table.row_values(i)[0])
    net_list.append(IP(table.row_values(i)[0]))

while True:
    count = 0
    for i in range(len(net_list)):
        try:
            net_list[i] += net_list[i + 1]
        except:
            count += 1
            continue
        net_list.pop(i + 1)

    if count == len(net_list):
        break

print(net_list)
Beispiel #25
0
def local_audit(audit_ip, user_name, pem_file, password):
    win_path = 'tools/Windows-Workstation-and-Server-Audit'
    lyn_path = 'tools/lynis'
    ip = IP(audit_ip)
    type = ip.iptype()
    default_region = subprocess.check_output(
        ['aws', 'configure', 'get', 'region']).strip()
    if type == 'PUBLIC':
        operating_sys = subprocess.check_output([
            'aws', 'ec2', 'describe-instances', '--region',
            '%s' % default_region, '--filters',
            'Name=ip-address,Values=%s' % (audit_ip), '--query',
            'Reservations[*].Instances[*].[Platform]', '--output', 'text'
        ]).strip()
        private_ip = subprocess.check_output([
            'aws', 'ec2', 'describe-instances', '--region',
            '%s' % default_region, '--filters',
            'Name=ip-address,Values=%s' % (audit_ip), '--query',
            'Reservations[*].Instances[*].[PrivateIpAddress]', '--output',
            'text'
        ]).strip()
        public_ip = audit_ip
    elif type == 'PRIVATE':
        operating_sys = subprocess.check_output([
            'aws', 'ec2', 'describe-instances', '--region',
            '%s' % default_region, '--filters',
            'Name=network-interface.addresses.private-ip-address,Values=%s' %
            (audit_ip), '--query', 'Reservations[*].Instances[*].[Platform]',
            '--output', 'text'
        ]).strip()
        public_ip = subprocess.check_output([
            'aws', 'ec2', 'describe-instances', '--region',
            '%s' % default_region, '--filters',
            'Name=network-interface.addresses.private-ip-address,Values=%s' %
            (audit_ip), '--query',
            'Reservations[*].Instances[*].[PublicIpAddress]', '--output',
            'text'
        ]).strip()
        private_ip = audit_ip
    if public_ip == 'None':
        public_ip = ""
    else:
        dns_name = subprocess.check_output(['host',
                                            public_ip]).strip().split(' ')[4]
    if operating_sys == 'windows':
        print("WINDOWS BOX FOUND!!!")
        if (audit_ip and not (user_name or pem_file or password)):
            subprocess.call([
                './windows_remote.sh', account_name, dns_name, private_ip,
                public_ip
            ],
                            cwd=win_path)
        elif audit_ip and user_name and not (pem_file or password):
            subprocess.call([
                './windows_remote.sh', account_name, dns_name, private_ip,
                public_ip, user_name
            ],
                            cwd=win_path)
        elif audit_ip and pem_file and not (user_name or password):
            subprocess.call([
                './windows_remote.sh', account_name, dns_name, private_ip,
                public_ip, "", pem_file
            ],
                            cwd=win_path)
        elif audit_ip and password and not (user_name or pem_file):
            subprocess.call([
                './windows_remote.sh', account_name, dns_name, private_ip,
                public_ip, "", "", password
            ],
                            cwd=win_path)
        elif audit_ip and user_name and password and not (pem_file):
            subprocess.call([
                './windows_remote.sh', account_name, dns_name, private_ip,
                public_ip, user_name, "", password
            ],
                            cwd=win_path)
        elif audit_ip and user_name and pem_file and not (password):
            subprocess.call([
                './windows_remote.sh', account_name, dns_name, private_ip,
                public_ip, user_name, pem_file
            ],
                            cwd=win_path)
        elif audit_ip and password and pem_file and not (password):
            subprocess.call([
                './windows_remote.sh', account_name, dns_name, private_ip,
                public_ip, "", pem_file, password
            ],
                            cwd=win_path)
        else:
            subprocess.call([
                './windows_remote.sh', account_name, dns_name, private_ip,
                public_ip, user_name, pem_file, password
            ],
                            cwd=win_path)
    else:
        print("LINUX BOX FOUND!!!")
        if (audit_ip and not (user_name or pem_file or password)):
            subprocess.call([
                './lynis_remote.sh', account_name, dns_name, private_ip,
                public_ip
            ],
                            cwd=lyn_path)
        elif audit_ip and user_name and not (pem_file or password):
            subprocess.call([
                './lynis_remote.sh', account_name, dns_name, private_ip,
                public_ip, user_name
            ],
                            cwd=lyn_path)
        elif audit_ip and pem_file and not (user_name or password):
            subprocess.call([
                './lynis_remote.sh', account_name, dns_name, private_ip,
                public_ip, "", pem_file
            ],
                            cwd=lyn_path)
        elif audit_ip and password and not (user_name or pem_file):
            subprocess.call([
                './lynis_remote.sh', account_name, dns_name, private_ip,
                public_ip, "", "", password
            ],
                            cwd=lyn_path)
        elif audit_ip and user_name and password and not (pem_file):
            subprocess.call([
                './lynis_remote.sh', account_name, dns_name, private_ip,
                public_ip, user_name, "", password
            ],
                            cwd=lyn_path)
        elif audit_ip and user_name and pem_file and not (password):
            subprocess.call([
                './lynis_remote.sh', account_name, dns_name, private_ip,
                public_ip, user_name, pem_file, ""
            ],
                            cwd=lyn_path)
        elif audit_ip and password and pem_file and not (password):
            subprocess.call([
                './lynis_remote.sh', account_name, dns_name, private_ip,
                public_ip, "", pem_file, password
            ],
                            cwd=lyn_path)
        else:
            subprocess.call([
                './lynis_remote.sh', account_name, dns_name, private_ip,
                public_ip, user_name, pem_file, password
            ],
                            cwd=lyn_path)
Beispiel #26
0
    def run(self, conf, args, plugins):
        if "subcommand" in args:
            if args.subcommand == "info":
                if not is_ip(unbracket(args.IP)):
                    print("Invalid IP address")
                    sys.exit(1)
                # FIXME: move code here in a library
                ip = unbracket(args.IP)
                try:
                    ipy = IP(ip)
                except ValueError:
                    print("Invalid IP format, quitting...")
                    return
                ipinfo = self.ipinfo(ip)
                print("MaxMind: Located in %s, %s" %
                      (ipinfo["city"], ipinfo["country"]))
                if ipinfo["asn"] == 0:
                    print("MaxMind: IP not found in the ASN database")
                else:
                    print("MaxMind: ASN%i, %s" %
                          (ipinfo["asn"], ipinfo["asn_name"]))
                    print("CAIDA Type: %s" % ipinfo["asn_type"])
                try:
                    asndb2 = pyasn.pyasn(self.asncidr)
                    res = asndb2.lookup(ip)
                except OSError:
                    print("Configuration files are not available")
                    print("Please run harpoon update before using harpoon")
                    sys.exit(1)
                if res[1] is None:
                    print("IP not found in ASN database")
                else:
                    # Search for name
                    f = open(self.asnname, "r")
                    found = False
                    line = f.readline()
                    name = ""
                    while not found and line != "":
                        s = line.split("|")
                        if s[0] == str(res[0]):
                            name = s[1].strip()
                            found = True
                        line = f.readline()

                    print("ASN %i - %s (range %s)" % (res[0], name, res[1]))
                if ipinfo["hostname"] != "":
                    print("Hostname: %s" % ipinfo["hostname"])
                if ipinfo["specific"] != "":
                    print("Specific: %s" % ipinfo["specific"])
                if ipy.iptype() == "PRIVATE":
                    "Private IP"
                print("")
                if ipy.version() == 4:
                    print("Censys:\t\thttps://censys.io/ipv4/%s" % ip)
                    print("Shodan:\t\thttps://www.shodan.io/host/%s" % ip)
                    print("IP Info:\thttp://ipinfo.io/%s" % ip)
                    print("BGP HE:\t\thttps://bgp.he.net/ip/%s" % ip)
                    print(
                        "IP Location:\thttps://www.iplocation.net/?query=%s" %
                        ip)
            elif args.subcommand == "intel":
                if not is_ip(unbracket(args.IP)):
                    print("Invalid IP address")
                    sys.exit(1)
                # Start with MISP and OTX to get Intelligence Reports
                print("###################### %s ###################" %
                      unbracket(args.IP))
                passive_dns = []
                urls = []
                malware = []
                files = []
                # MISP
                misp_e = plugins["misp"].test_config(conf)
                if misp_e:
                    print("[+] Downloading MISP information...")
                    server = ExpandedPyMISP(conf["Misp"]["url"],
                                            conf["Misp"]["key"])
                    misp_results = server.search("attributes",
                                                 value=unbracket(args.IP))
                # Binary Edge
                be_e = plugins["binaryedge"].test_config(conf)
                if be_e:
                    try:
                        print("[+] Downloading BinaryEdge information...")
                        be = BinaryEdge(conf["BinaryEdge"]["key"])
                        # FIXME: this only get the first page
                        res = be.domain_ip(unbracket(args.IP))
                        for d in res["events"]:
                            passive_dns.append({
                                "domain":
                                d["domain"],
                                "first":
                                parse(d["updated_at"]).astimezone(pytz.utc),
                                "last":
                                parse(d["updated_at"]).astimezone(pytz.utc),
                                "source":
                                "BinaryEdge",
                            })
                    except BinaryEdgeException:
                        print(
                            "BinaryEdge request failed, you need a paid subscription"
                        )
                # OTX
                otx_e = plugins["otx"].test_config(conf)
                if otx_e:
                    print("[+] Downloading OTX information....")
                    otx = OTXv2(conf["AlienVaultOtx"]["key"])
                    res = otx.get_indicator_details_full(
                        IndicatorTypes.IPv4, unbracket(args.IP))
                    otx_pulses = res["general"]["pulse_info"]["pulses"]
                    # Get Passive DNS
                    if "passive_dns" in res:
                        for r in res["passive_dns"]["passive_dns"]:
                            passive_dns.append({
                                "domain":
                                r["hostname"],
                                "first":
                                parse(r["first"]).astimezone(pytz.utc),
                                "last":
                                parse(r["last"]).astimezone(pytz.utc),
                                "source":
                                "OTX",
                            })
                    if "url_list" in res:
                        for r in res["url_list"]["url_list"]:
                            if "result" in r:
                                urls.append({
                                    "date":
                                    parse(r["date"]).astimezone(pytz.utc),
                                    "url":
                                    r["url"],
                                    "ip":
                                    r["result"]["urlworker"]["ip"] if "ip"
                                    in r["result"]["urlworker"] else "",
                                    "source":
                                    "OTX",
                                })
                            else:
                                urls.append({
                                    "date":
                                    parse(r["date"]).astimezone(pytz.utc),
                                    "url":
                                    r["url"],
                                    "ip":
                                    "",
                                    "source":
                                    "OTX",
                                })
                # RobTex
                print("[+] Downloading Robtex information....")
                rob = Robtex()
                try:
                    res = rob.get_ip_info(unbracket(args.IP))
                except RobtexError:
                    print("Error with Robtex")
                else:
                    for d in ["pas", "pash", "act", "acth"]:
                        if d in res:
                            for a in res[d]:
                                passive_dns.append({
                                    "first":
                                    a["date"].astimezone(pytz.utc),
                                    "last":
                                    a["date"].astimezone(pytz.utc),
                                    "domain":
                                    a["o"],
                                    "source":
                                    "Robtex",
                                })

                # PT
                pt_e = plugins["pt"].test_config(conf)
                if pt_e:
                    out_pt = False
                    print("[+] Downloading Passive Total information....")
                    client = DnsRequest(conf["PassiveTotal"]["username"],
                                        conf["PassiveTotal"]["key"])
                    try:
                        raw_results = client.get_passive_dns(
                            query=unbracket(args.IP))
                        if "results" in raw_results:
                            for res in raw_results["results"]:
                                passive_dns.append({
                                    "first":
                                    parse(res["firstSeen"]).astimezone(
                                        pytz.utc),
                                    "last":
                                    parse(res["lastSeen"]).astimezone(
                                        pytz.utc),
                                    "domain":
                                    res["resolve"],
                                    "source":
                                    "PT",
                                })
                        if "message" in raw_results:
                            if "quota_exceeded" in raw_results["message"]:
                                print("Quota exceeded for Passive Total")
                                out_pt = True
                                pt_osint = {}
                    except requests.exceptions.ReadTimeout:
                        print("Timeout on Passive Total requests")
                    if not out_pt:
                        try:
                            client2 = EnrichmentRequest(
                                conf["PassiveTotal"]["username"],
                                conf["PassiveTotal"]["key"],
                            )
                            # Get OSINT
                            # TODO: add PT projects here
                            pt_osint = client2.get_osint(
                                query=unbracket(args.IP))
                            # Get malware
                            raw_results = client2.get_malware(
                                query=unbracket(args.IP))
                            if "results" in raw_results:
                                for r in raw_results["results"]:
                                    malware.append({
                                        "hash":
                                        r["sample"],
                                        "date":
                                        parse(r["collectionDate"]),
                                        "source":
                                        "PT (%s)" % r["source"],
                                    })
                        except requests.exceptions.ReadTimeout:
                            print("Timeout on Passive Total requests")
                # Urlhaus
                uh_e = plugins["urlhaus"].test_config(conf)
                if uh_e:
                    print("[+] Checking urlhaus data...")
                    try:
                        urlhaus = UrlHaus(conf["UrlHaus"]["key"])
                        res = urlhaus.get_host(unbracket(args.IP))
                    except UrlHausError:
                        print("Error with the query")
                    else:
                        if "urls" in res:
                            for r in res["urls"]:
                                urls.append({
                                    "date":
                                    parse(r["date_added"]).astimezone(
                                        pytz.utc),
                                    "url":
                                    r["url"],
                                    "source":
                                    "UrlHaus",
                                })
                # VT
                vt_e = plugins["vt"].test_config(conf)
                if vt_e:
                    if conf["VirusTotal"]["type"] != "public":
                        print("[+] Downloading VT information....")
                        vt = PrivateApi(conf["VirusTotal"]["key"])
                        res = vt.get_ip_report(unbracket(args.IP))
                        if "results" in res:
                            if "resolutions" in res["results"]:
                                for r in res["results"]["resolutions"]:
                                    passive_dns.append({
                                        "first":
                                        parse(r["last_resolved"]).astimezone(
                                            pytz.utc),
                                        "last":
                                        parse(r["last_resolved"]).astimezone(
                                            pytz.utc),
                                        "domain":
                                        r["hostname"],
                                        "source":
                                        "VT",
                                    })
                            if "undetected_downloaded_samples" in res[
                                    "results"]:
                                for r in res["results"][
                                        "undetected_downloaded_samples"]:
                                    files.append({
                                        "hash": r["sha256"],
                                        "date": parse(r["date"]),
                                        "source": "VT",
                                    })
                            if "undetected_referrer_samples" in res["results"]:
                                for r in res["results"][
                                        "undetected_referrer_samples"]:
                                    if "date" in r:
                                        files.append({
                                            "hash": r["sha256"],
                                            "date": parse(r["date"]),
                                            "source": "VT",
                                        })
                                    else:
                                        # FIXME : should consider data without dates
                                        files.append({
                                            "hash":
                                            r["sha256"],
                                            "date":
                                            datetime.datetime(1970, 1, 1),
                                            "source":
                                            "VT",
                                        })
                            if "detected_downloaded_samples" in res["results"]:
                                for r in res["results"][
                                        "detected_downloaded_samples"]:
                                    malware.append({
                                        "hash": r["sha256"],
                                        "date": parse(r["date"]),
                                        "source": "VT",
                                    })
                            if "detected_referrer_samples" in res["results"]:
                                for r in res["results"][
                                        "detected_referrer_samples"]:
                                    if "date" in r:
                                        malware.append({
                                            "hash": r["sha256"],
                                            "date": parse(r["date"]),
                                            "source": "VT",
                                        })
                    else:
                        vt_e = False

                print("[+] Downloading GreyNoise information....")
                gn = GreyNoise(conf["GreyNoise"]["key"])
                if gn == "":
                    print("Greynoise API key is not set up.")
                greynoise = gn.ip(unbracket(args.IP))

                tg_e = plugins["threatgrid"].test_config(conf)
                if tg_e:
                    print("[+] Downloading Threat Grid....")
                    try:
                        tg = ThreatGrid(conf["ThreatGrid"]["key"])
                        res = tg.search_samples(unbracket(args.IP), type="ip")
                        already = []
                        if "items" in res:
                            for r in res["items"]:
                                if r["sample_sha256"] not in already:
                                    d = parse(r["ts"])
                                    d = d.replace(tzinfo=None)
                                    malware.append({
                                        "hash": r["sample_sha256"],
                                        "date": d,
                                        "source": "TG",
                                    })
                                    already.append(r["sample_sha256"])
                    except ThreatGridError as e:
                        print("Error with threat grid: {}".format(e.message))

                # ThreatMiner
                print("[+] Downloading ThreatMiner....")
                tm = ThreatMiner()
                response = tm.get_report(unbracket(args.IP))
                if response["status_code"] == "200":
                    tmm = response["results"]
                else:
                    tmm = []
                    if response["status_code"] != "404":
                        print("Request to ThreatMiner failed: {}".format(
                            response["status_message"]))
                response = tm.get_related_samples(unbracket(args.IP))
                if response["status_code"] == "200":
                    for r in response["results"]:
                        malware.append({
                            "hash": r,
                            "date": None,
                            "source": "ThreatMiner"
                        })

                print("----------------- Intelligence Report")
                ctor = CommandTor()
                tor_list = ctor.get_list()
                if tor_list:
                    if unbracket(args.IP) in tor_list:
                        print("{} is a Tor Exit node".format(unbracket(
                            args.IP)))
                else:
                    print("Impossible to reach the Tor Exit Node list")
                if otx_e:
                    if len(otx_pulses):
                        print("OTX:")
                        for p in otx_pulses:
                            print("- %s (%s - %s)" % (
                                p["name"],
                                p["created"][:10],
                                "https://otx.alienvault.com/pulse/" + p["id"],
                            ))
                    else:
                        print("OTX: Not found in any pulse")
                if misp_e:
                    if len(misp_results["Attribute"]) > 0:
                        print("MISP:")
                        for event in misp_results["Attribute"]:
                            print("- {} - {}".format(event["Event"]["id"],
                                                     event["Event"]["info"]))
                if len(greynoise) > 0:
                    print("GreyNoise: IP identified as")
                    for key, value in greynoise.items():
                        print(key, "->", value)
                else:
                    print("GreyNoise: Not found")
                if pt_e:
                    if "results" in pt_osint:
                        if len(pt_osint["results"]):
                            if len(pt_osint["results"]) == 1:
                                if "name" in pt_osint["results"][0]:
                                    print("PT: %s %s" % (
                                        pt_osint["results"][0]["name"],
                                        pt_osint["results"][0]["sourceUrl"],
                                    ))
                                else:
                                    print("PT: %s" %
                                          pt_osint["results"][0]["sourceUrl"])
                            else:
                                print("PT:")
                                for r in pt_osint["results"]:
                                    if "name" in r:
                                        print("-%s %s" %
                                              (r["name"], r["sourceUrl"]))
                                    else:
                                        print("-%s" % r["sourceUrl"])
                        else:
                            print("PT: Nothing found!")
                    else:
                        print("PT: Nothing found!")
                # ThreatMiner
                if len(tmm) > 0:
                    print("ThreatMiner:")
                    for r in tmm:
                        print("- {} {} - {}".format(r["year"], r["filename"],
                                                    r["URL"]))

                if len(malware) > 0:
                    print("----------------- Malware")
                    for r in malware:
                        print("[%s] %s %s" % (
                            r["source"],
                            r["hash"],
                            r["date"].strftime("%Y-%m-%d")
                            if r["date"] else "",
                        ))
                if len(files) > 0:
                    print("----------------- Files")
                    for r in sorted(files, key=lambda x: x["date"]):
                        print("[%s] %s %s" % (r["source"], r["hash"],
                                              r["date"].strftime("%Y-%m-%d")))
                if len(passive_dns) > 0:
                    print("----------------- Passive DNS")
                    for r in sorted(passive_dns,
                                    key=lambda x: x["first"],
                                    reverse=True):
                        print("[+] %-40s (%s -> %s)(%s)" % (
                            r["domain"],
                            r["first"].strftime("%Y-%m-%d"),
                            r["last"].strftime("%Y-%m-%d"),
                            r["source"],
                        ))
                if len(urls) > 0:
                    print("----------------- Urls")
                    for r in sorted(urls,
                                    key=lambda x: x["date"],
                                    reverse=True):
                        print("[%s] %s - %s" %
                              (r["source"], r["url"],
                               r["date"].strftime("%Y-%m-%d")))
            else:
                self.parser.print_help()
        else:
            self.parser.print_help()
Beispiel #27
0
def make_prefix_heap(
    prefixes,
    initial_children=None,
    family=None,
    sort_fn=None,
    show_available=False,
    show_unused=False,
):
    """Return a prefix heap of all prefixes. Might optionally filter out IPv4
    and IPv6 as needed.

    Args:
        prefixes: a queryset for or list of nav.models.manage.Prefix
        initial_children: a list of IPNode to initialize the root with
        family: a list of address types to allow (of "ipv4", "ipv6", "rfc1918")
        sort_fn: function used to sort the children upon serialization
        show_available: whether or not to create "fake" children for all ranges
            not spanned by the node's children or found otherwhere in NAV
        show_unused: like above, but only creates such nodes for prefixes that
            are in fact found within NAV

    Returns:
        A prefix heap (tree)

    """
    rfc1918 = IPSet(
        [IP("10.0.0.0/8"),
         IP("172.16.0.0/12"),
         IP("192.168.0.0/16")])

    def accept(prefix):
        "Helper function for filtering prefixes by IP family"
        ip_addr = IP(prefix.net_address)
        if "ipv4" in family and ip_addr.version(
        ) == 4 and ip_addr not in rfc1918:
            return True
        if "ipv6" in family and ip_addr.version() == 6:
            return True
        if "rfc1918" in family and ip_addr in rfc1918:
            return True
        return False

    heap = PrefixHeap(initial_children)
    filtered = (prefix for prefix in prefixes if accept(prefix))
    nodes = (PrefixNode(prefix, sort_fn=sort_fn) for prefix in filtered)
    for node in sorted(nodes, reverse=False):
        heap.add(node)
    # Add marker nodes for available ranges/prefixes
    if show_available:
        scopes = (child for child in heap.walk_roots()
                  if child.net_type in ["scope"])
        subnets = (get_available_nodes([scope.ip]) for scope in scopes)
        for subnet in subnets:
            heap.add_many(subnet)
    # Add marker nodes for empty ranges, e.g. ranges not spanned by the
    # children of a node. This is useful for aligning visualizations and so on.
    if show_unused:
        unused_prefixes = (child.not_in_use() for child in heap.walk())
        for unused_prefix in unused_prefixes:
            nodes = nodes_from_ips(unused_prefix, klass="empty")
            heap.add_many(nodes)
    return heap
Beispiel #28
0
from multiprocessing import Process, Queue, Pool
import time
import subprocess
from IPy import IP

import sys

q = Queue()

ips = IP('10.0.1.0/24')


def f(i, q):
    while (True):
        if q.empty():
            sys.exit()

        ip = q.get()

        ret = subprocess.call(['ping', f'-c 1 , {ip}'],
                              shell=True,
                              stdout=open('/dev/null', 'w'),
                              stderr=subprocess.STDOUT)

        if ret == 0:
            print(f"{ip} is alive")
        else:
            print(f"Process Number: {i} didn't find a response for {ip} ")


for i in ips:
Beispiel #29
0
def usage():
    print >> sys.stderr, 'Usage: %s cidr domain type ("a" or "ptr")' % sys.argv[
        0]
    sys.exit(1)


#####

if len(sys.argv) < 4:
    usage()

cidr = sys.argv[1]
domain = sys.argv[2]
type = sys.argv[3]

if type != 'a' and type != 'ptr':
    usage()

# Force domain to end with a dot
if not domain.endswith('.'):
    domain += '.'

iplist = IP(cidr)

for ip in iplist:
    if type == 'a':
        print '%s.%s IN A %s' % (ip_to_hex(ip.strNormal()), domain, ip)
    elif type == 'ptr':
        print '%s IN PTR %s.%s' % (ip.reverseName(), ip_to_hex(
            ip.strNormal()), domain)
Beispiel #30
0
 def test_indexed_access_should_work(self):
     i = IPRange(IP('10.0.42.0'), IP('10.0.42.127'))
     self.assertEquals(i[5], IP('10.0.42.5'))