def dotransform(request, response, config):
    msg = "Workspace Configuration"
    title = "Workspace Confguration"
    fieldNames = ["Workspace Name", "Company Name", "Domain", "Radius"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    while 1:
        if fieldValues is None:
            break
        errmsg = ""
        for i in range(len(fieldNames)):
            if fieldValues[i].strip() == "":
                errmsg += ('"%s" is a required field.\n\n' % fieldNames[i])
        if errmsg == "":
            break  # no problems found
        fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues)

    create_workspace(fieldValues[0])
    set_domain(fieldValues[0], fieldValues[2])
    set_company(fieldValues[0], fieldValues[1])
    set_radius(fieldValues[0], fieldValues[3])

    e = Workspace(fieldValues[0],
                  cname=fieldValues[1],
                  domain=fieldValues[2])

    response += e
    return response
def dotransform(request, response, config):

    if 'workspace' in request.fields:
        workspace = request.fields['workspace']
        latitude = request.fields['latitude']
        longitude = request.fields['longitude']
    else:
        workspace = request.value
        msg = "Enter Latitude and Longitude"
        title = "Coordinates to Query for Pushpin"
        fieldNames = ["Latitude", "Longitude"]
        fieldValues = []
        fieldValues = multenterbox(msg, title, fieldNames)

        while 1:
            if fieldValues is None:
                break
            errmsg = ""
            for i in range(len(fieldNames)):
                if fieldValues[i].strip() == "":
                    errmsg += ('"%s" is a required field.\n\n' % fieldNames[i])
            if errmsg == "":
                break  # no problems found
            fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues)

        latitude = fieldValues[0]
        longitude = fieldValues[1]

    run_pushpin(workspace, latitude, longitude)

    dbcon = db_connect(request.value)
    pushpin_list = get_pushpin(dbcon)

    for pin in pushpin_list:
        if 'Twitter' == pin[0]:
            e = TwitterPin(pin[0])
            e += Field("workspace", workspace, displayname='Workspace')
            response += e
        elif 'Shodan' == pin[0]:
            e = ShodanPin(pin[0])
            e += Field("workspace", workspace, displayname='Workspace')
            response += e
        elif 'Picasa' == pin[0]:
            e = PicasaPin(pin[0])
            e += Field("workspace", workspace, displayname='Workspace')
            response += e
        elif 'Flickr' == pin[0]:
            e = FlickrPin(pin[0])
            e += Field("workspace", workspace, displayname='Workspace')
            response += e

    return response
Beispiel #3
0
def dotransform(request, response, config):
  msg = 'Enter Search Criteria'
  title = 'Kippo search for sessions by IP'
  fieldNames = ["IP"]
  fieldValues = []
  fieldValues = multenterbox(msg, title, fieldNames)
  if fieldValues[0] != '':
    s_ip = fieldValues[0]
  else:
    return response + UIMessage('You need to type an IP address!!')
  host = request.value
  x = db_connect(host)
  try:
    cursor = x.cursor()
    query = ("select * from sessions where ip like %s")
    cursor.execute(query, (s_ip,))
    for (id, starttime, endtime, sensor, ip, termsize, client) in cursor:
      e = KippoSession('%s' %(id))
      e.starttime = ('%s' %(starttime))
      e.endtime = ('%s' %(endtime))
      e.sensor = ('%s' %(sensor))
      e.ipaddr =  ('%s' %(ip))
      e.termsize =  ('%s' %(termsize))
      e.client = ('%s' %(client))
      e += Field('kippoip', host, displayname='Kippo IP')
      response += e
    return response
  except:
    return response + UIMessage(x)
Beispiel #4
0
def dotransform(request, response):

    pcap = request.value
    folder = request.fields["sniffMyPackets.outputfld"]

    msg = "Enter the new protocol type & port"
    title = "L0 - Decode As [SmP]"
    fieldNames = ["Port", "Traffic Type", "Protocol"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    d_port = fieldValues[0]
    d_type = fieldValues[1]
    d_proto = fieldValues[2]

    # Create lua script template for user defined decode as
    lua = []
    lua.append("do \n")
    lua.append("\tlocal " + d_proto + '_dissector_table=DissectorTable.get("' + d_proto + '.port")\n')
    lua.append("\tlocal " + d_type + "_dissector=" + d_proto + "_dissector_table:get_dissector(" + d_port + ")\n")
    lua.append("\t" + d_proto + "_dissector_table:add(" + d_port + "," + d_type + "_dissector)\n")
    lua.append("end")
    lau_out = "".join(lua)

    # Write lua script to file for later use.
    lua_file = folder + "/decodes.lua"
    f = open(lua_file, "w")
    f.write(lau_out)
    f.close

    e = DecodeAs(lua_file)
    e += Field("pcapsrc", request.value, displayname="Original pcap File", matchingrule="loose")
    e += Field("sniffMyPackets.outputfld", folder, displayname="Folder Location")
    response += e
    return response
def dotransform(request, response):
    msg = "Enter Search Criteria"
    title = "Kippo search for sessions by IP"
    fieldNames = ["IP"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)
    if fieldValues[0] != "":
        s_ip = fieldValues[0]
    else:
        return response + UIMessage("You need to type an IP address!!")
    host = request.fields["kippodatabase"]
    x = db_connect(host)
    try:
        cursor = x.cursor()
        query = "select * from sessions where ip like %s"
        cursor.execute(query, (s_ip,))
        for (id, starttime, endtime, sensor, ip, termsize, client) in cursor:
            e = KippoSession("%s" % (id))
            e.starttime = "%s" % (starttime)
            e.endtime = "%s" % (endtime)
            e.sensor = "%s" % (sensor)
            e.ipaddr = "%s" % (ip)
            e.termsize = "%s" % (termsize)
            e.client = "%s" % (client)
            e += Field("kippodatabase", host, displayname="Kippo Database")
            response += e
        return response
    except Exception as e:
        return response + UIMessage(str(e))
Beispiel #6
0
def dotransform(request, response, config):
    msg = 'Enter Search Criteria'
    title = 'Kippo search for sessions by IP'
    fieldNames = ["IP"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)
    if fieldValues[0] != '':
        s_ip = fieldValues[0]
    else:
        return response + UIMessage('You need to type an IP address!!')
    host = request.value
    x = db_connect(host)
    try:
        cursor = x.cursor()
        query = ("select * from sessions where ip like %s")
        cursor.execute(query, (s_ip, ))
        for (id, starttime, endtime, sensor, ip, termsize, client) in cursor:
            e = KippoSession('%s' % (id))
            e.starttime = ('%s' % (starttime))
            e.endtime = ('%s' % (endtime))
            e.sensor = ('%s' % (sensor))
            e.ipaddr = ('%s' % (ip))
            e.termsize = ('%s' % (termsize))
            e.client = ('%s' % (client))
            e += Field('kippoip', host, displayname='Kippo IP')
            response += e
        return response
    except:
        return response + UIMessage(x)
Beispiel #7
0
def dotransform(request, response):
  
    interface = request.fields['sniffMyPackets.interface']
    tmpfolder = request.value
    tstamp = int(time())
    fileName = tmpfolder + '/' +str(tstamp)+ '-filtered.pcap' 
    
    if 'sniffMyPackets.count' in request.fields:
      pktcount = int(request.fields['sniffMyPackets.count'])
    else:
      pktcount = 300
    
    msg = 'Enter bpf filter'
    title = 'L0 - Capture Packets with BPF [SmP]'
    fieldNames = ["Filter"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    bpf_filter = fieldValues[0]

    pkts = sniff(iface=interface, count=pktcount, filter=bpf_filter)
    wrpcap(fileName, pkts)
    
    e = pcapFile(fileName)
    e.outputfld = tmpfolder
    response += e
    return response
Beispiel #8
0
def dotransform(request, response):

    interface = request.fields['sniffMyPackets.interface']
    tmpfolder = request.value
    tstamp = int(time())
    fileName = tmpfolder + '/' + str(tstamp) + '-filtered.pcap'

    if 'sniffMyPackets.count' in request.fields:
        pktcount = int(request.fields['sniffMyPackets.count'])
    else:
        pktcount = 300

    msg = 'Enter bpf filter'
    title = 'L0 - Capture Packets with BPF [SmP]'
    fieldNames = ["Filter"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    bpf_filter = fieldValues[0]

    pkts = sniff(iface=interface, count=pktcount, filter=bpf_filter)
    wrpcap(fileName, pkts)

    e = pcapFile(fileName)
    e.outputfld = tmpfolder
    response += e
    return response
Beispiel #9
0
def dotransform(request, response):
    msg = 'Enter Start & End Date'
    title = 'Kippo search for sessions by date range'
    fieldNames = ["Start Date", "End Date"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)
    if fieldValues[0] or fieldValues[1] != '':
        s_date = datetime.strptime(fieldValues[0], '%Y-%m-%d')
        e_date = datetime.strptime(fieldValues[1], '%Y-%m-%d')
    else:
        return response + UIMessage('Specify a start & end date')
    host = request.fields['kippodatabase']
    x = db_connect(host)
    try:
        cursor = x.cursor()
        query = "select * from sessions where starttime between %s and %s"
        cursor.execute(query, (s_date,e_date))
        for (id, starttime, endtime, sensor, ip, termsize, client) in cursor:
            e = KippoSession('%s' %(id))
            e.starttime = ('%s' %(starttime))
            e.endtime = ('%s' %(endtime))
            e.sensor = ('%s' %(sensor))
            e.ipaddr =  ('%s' %(ip))
            e.termsize =  ('%s' %(termsize))
            e.client = ('%s' %(client))
            e += Field('kippodatabase', host, displayname='Kippo Databse')
            response += e
        return response
    except Exception as e:
        return response + UIMessage(str(e))
def dotransform(request, response, config):
    workspace = request.value
    contacts_gather(workspace)
    contacts_enum(workspace)
    msg = "Contact Mangle to Create Email addresses enter <fn>.<ln>, etc"
    title = "Mangle Contacts to Emails"
    fieldNames = ["Pattern"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    while 1:
        if fieldValues is None:
            break
        errmsg = ""
        for i in range(len(fieldNames)):
            if fieldValues[i].strip() == "":
                errmsg += ('"%s" is a required field.\n\n' % fieldNames[i])
        if errmsg == "":
            break  # no problems found
        fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues)

    contacts_mangle(workspace, fieldValues[0])

    dbcon = db_connect(workspace)
    contact_list = get_contacts(dbcon)

    for fullname in contact_list:
        if fullname[0] is None or fullname[1] is None:
            pass
        else:
            e = Person(fullname[0] + ' ' + fullname[1])
            e += Field("workspace", workspace, displayname='Workspace')
            e += Field("fname", fullname[0], displayname='First Name')
            e += Field("lname", fullname[1], displayname='Last Name')
            e += Field("title", fullname[3], displayname='Title')
            e += Field("location", str(fullname[4]) + ', ' + str(fullname[5]), displayname='Location')
            e += Label("Title", fullname[3])
            e += Label("Location", str(fullname[4]) + ', ' + str(fullname[5]))
            response += e

    return response
def dotransform(request, response, config):
    workspace = request.value
    contacts_gather(workspace)
    contacts_enum(workspace)
    msg = "Contact Mangle to Create Email addresses enter <fn>.<ln>, etc"
    title = "Mangle Contacts to Emails"
    fieldNames = ["Pattern"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    while 1:
        if fieldValues is None:
            break
        errmsg = ""
        for i in range(len(fieldNames)):
            if fieldValues[i].strip() == "":
                errmsg += '"%s" is a required field.\n\n' % fieldNames[i]
        if errmsg == "":
            break  # no problems found
        fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues)

    contacts_mangle(workspace, fieldValues[0])

    dbcon = db_connect(workspace)
    contact_list = get_contacts(dbcon)

    for fullname in contact_list:
        if fullname[0] is None or fullname[1] is None:
            pass
        else:
            e = Person(fullname[0] + " " + fullname[1])
            e += Field("workspace", workspace, displayname="Workspace")
            e += Field("fname", fullname[0], displayname="First Name")
            e += Field("lname", fullname[1], displayname="Last Name")
            e += Field("title", fullname[3], displayname="Title")
            e += Field("location", str(fullname[4]) + ", " + str(fullname[5]), displayname="Location")
            e += Label("Title", fullname[3])
            e += Label("Location", str(fullname[4]) + ", " + str(fullname[5]))
            response += e

    return response
Beispiel #12
0
def dotransform(request, response):

    folder = ''
    try:
        if 'sniffMyPackets.outputfld' in request.fields:
            folder = request.fields['sniffMyPackets.outputfld']
        else:
            folder = request.value
    except:
        return response + UIMessage('No folder created or specified')

    file_list = []
    hash_list = []

    msg = 'Enter output file'
    title = 'L0 - Hash all the files [SmP]'
    fieldNames = ["File Name"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    hash_file = fieldValues[0]

    for path, subdirs, files in os.walk(folder):
        for name in files:
            fname = name
            fpath = os.path.join(path, name)
            if fpath not in file_list:
                file_list.append(fpath)

    i = len(folder) + 1

    for s in file_list:
        fh = open(s, 'r')
        sha1hash = hashlib.sha1(fh.read()).hexdigest()
        fh = open(s, 'r')
        md5hash = hashlib.md5(fh.read()).hexdigest()
        fhash = s[i:] + ' ' + str(sha1hash) + ' ' + str(md5hash)
        if fhash not in hash_list:
            hash_list.append(fhash)

    f = open(hash_file, 'w')
    f.write("\n".join(hash_list))
    f.close()

    e = GenericFile(hash_file)
    e.linklabel = 'Hash File'
    e += Field('sniffMyPackets.outputfld',
               folder,
               displayname='Folder Location')
    response += e
    return response
Beispiel #13
0
def dotransform(request, response):
    
    folder = ''
    try:
        if 'sniffMyPackets.outputfld' in request.fields:
            folder = request.fields['sniffMyPackets.outputfld']
        else:
            folder = request.value
    except:
        return response + UIMessage('No folder created or specified')

    file_list = []
    hash_list = []

    msg = 'Enter output file'
    title = 'L0 - Hash all the files [SmP]'
    fieldNames = ["File Name"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    hash_file = fieldValues[0]

    for path, subdirs, files in os.walk(folder):
        for name in files:
            fname = name
            fpath = os.path.join(path, name)
            if fpath not in file_list:
                file_list.append(fpath)

    i = len(folder) + 1

    for s in file_list:
        fh = open(s, 'r')
        sha1hash = hashlib.sha1(fh.read()).hexdigest()
        fh = open(s, 'r')
        md5hash = hashlib.md5(fh.read()).hexdigest()
        fhash = s[i:] + ' ' + str(sha1hash) + ' ' + str(md5hash)
        if fhash not in hash_list:
            hash_list.append(fhash)
    

    f = open(hash_file, 'w')
    f.write("\n".join(hash_list))
    f.close()

    e = GenericFile(hash_file)
    e.linklabel = 'Hash File'
    e += Field('sniffMyPackets.outputfld', folder, displayname='Folder Location')
    response += e
    return response
def dotransform(request, response):

    pcap = request.value
    pkts = rdpcap(pcap)

    folder = request.fields['sniffMyPackets.outputfld']
    new_file = folder + '/replay-' + request.value[42:]

    msg = 'Enter the new IPs to rewrite the pcap file with'
    title = 'L0 - Rewrite pcap file for replay [SmP]'
    fieldNames = ["New Source IP", "New Destination IP"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    new_src = fieldValues[0]
    new_dst = fieldValues[1]

    old_src = pkts[0][IP].src
    old_dst = pkts[0][IP].dst

    for p in pkts:
        del p[IP].chksum
        del p[TCP].chksum

    for p in pkts:
        if p.haslayer(IP):
            if p[IP].src == old_src:
                p[IP].src = new_src
                p[IP].dst = new_dst
            if p[IP].dst == old_src:
                p[IP].src = new_dst
                p[IP].dst = new_src

    wrpcap(new_file, pkts)

    e = pcapFile(new_file)
    e.linklabel = 'New pcap\nsrc:' + str(new_src) + '\ndst:' + str(new_dst)
    e.linkcolor = 0x33CC33
    e.outputfld = folder
    e += Field('pcapsrc',
               request.value,
               displayname='Original pcap File',
               matchingrule='loose')
    response += e
    return response
def login():

    client = None

    if not path.exists(cookie('facebook')):

        for i in range(0, 3):
            token = multenterbox("Enter a valid Facebook access token", ['Access Token'], [''])[0]
            try:
                client = GraphAPI(token)
                client.request('me')
                fmutex('facebook').write(token)
                return client
            except GraphAPIError, e:
                print str(e)
                pass

        raise GraphAPIError('Unable to query GraphAPI')
Beispiel #16
0
def dotransform(request, response):

    pcap = request.value
    folder = request.fields['sniffMyPackets.outputfld']

    msg = 'Enter the new protocol type & port'
    title = 'L0 - Decode As [SmP]'
    fieldNames = ["Port", "Traffic Type", "Protocol"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    d_port = fieldValues[0]
    d_type = fieldValues[1]
    d_proto = fieldValues[2]

    # Create lua script template for user defined decode as
    lua = []
    lua.append('do \n')
    lua.append('\tlocal ' + d_proto + '_dissector_table=DissectorTable.get("' +
               d_proto + '.port")\n')
    lua.append('\tlocal ' + d_type + '_dissector=' + d_proto +
               '_dissector_table:get_dissector(' + d_port + ')\n')
    lua.append('\t' + d_proto + '_dissector_table:add(' + d_port + ',' +
               d_type + '_dissector)\n')
    lua.append('end')
    lau_out = ''.join(lua)

    # Write lua script to file for later use.
    lua_file = folder + '/decodes.lua'
    f = open(lua_file, 'w')
    f.write(lau_out)
    f.close

    e = DecodeAs(lua_file)
    e += Field('pcapsrc',
               request.value,
               displayname='Original pcap File',
               matchingrule='loose')
    e += Field('sniffMyPackets.outputfld',
               folder,
               displayname='Folder Location')
    response += e
    return response
Beispiel #17
0
def dotransform(request, response):

    db_file = request.value

    msg = 'Enter output filename (including path)'
    title = 'Watcher - Zip database'
    fieldNames = ["File Name"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    save_file = fieldValues[0]

    zip_out = zipfile.ZipFile(save_file, 'w')
    zip_out.write(db_file)
    zip_out.close()

    e = ZipFile(save_file)
    response += e
    return response
Beispiel #18
0
def dotransform(request, response):

    db_file = request.value

    msg = 'Enter output filename (including path)'
    title = 'Watcher - Zip database'
    fieldNames = ["File Name"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    save_file = fieldValues[0]

    zip_out = zipfile.ZipFile(save_file, 'w')
    zip_out.write(db_file)
    zip_out.close()

    e = ZipFile(save_file)
    response += e
    return response
def login():

    client = None

    if not path.exists(cookie('facebook')):

        for i in range(0, 3):
            token = multenterbox("Enter a valid Facebook access token",
                                 ['Access Token'], [''])[0]
            try:
                client = GraphAPI(token)
                client.request('me')
                fmutex('facebook').write(token)
                return client
            except GraphAPIError, e:
                print str(e)
                pass

        raise GraphAPIError('Unable to query GraphAPI')
Beispiel #20
0
def dotransform(request, response):
    
    pcap = request.value
    pkts = rdpcap(pcap)

    folder = request.fields['sniffMyPackets.outputfld']
    new_file = folder + '/replay-' + request.value[42:]

    msg = 'Enter the new IPs to rewrite the pcap file with'
    title = 'L0 - Rewrite pcap file for replay [SmP]'
    fieldNames = ["New Source IP", "New Destination IP"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    new_src = fieldValues[0]
    new_dst = fieldValues[1]

    old_src = pkts[0][IP].src
    old_dst = pkts[0][IP].dst

    for p in pkts:
        del p[IP].chksum
        del p[TCP].chksum

    for p in pkts:
        if p.haslayer(IP):
            if p[IP].src == old_src:
                p[IP].src = new_src
                p[IP].dst = new_dst
            if p[IP].dst == old_src:
                p[IP].src = new_dst
                p[IP].dst = new_src

    wrpcap(new_file, pkts)
    
    e = pcapFile(new_file)
    e.linklabel = 'New pcap\nsrc:' + str(new_src) + '\ndst:' + str(new_dst)
    e.linkcolor = 0x33CC33
    e.outputfld = folder
    e += Field('pcapsrc', request.value, displayname='Original pcap File', matchingrule='loose')
    response += e
    return response
Beispiel #21
0
def dotransform(request, response):

    folder = ''
    try:
        if 'sniffMyPackets.outputfld' in request.fields:
            folder = request.fields['sniffMyPackets.outputfld']
        else:
            folder = request.value
    except:
        return response + UIMessage('No folder created or specified')

    msg = 'Enter output filename (including path)'
    title = 'L0 - Zip pcap folder [SmP]'
    fieldNames = ["File Name"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    save_file = fieldValues[0]

    def zipdir(path, zip):
        for root, dirs, files in os.walk(path):
            for file in files:
                zip.write(os.path.join(root, file))

    myzip = zipfile.ZipFile(save_file, 'w')
    zipdir(folder, myzip)
    myzip.close()

    fh = open(save_file, 'rb')
    sha1hash = hashlib.sha1(fh.read()).hexdigest()

    fh = open(save_file, 'rb')
    md5hash = hashlib.md5(fh.read()).hexdigest()

    e = ZipFile(save_file)
    e.zipmd5hash = md5hash
    e.zipsha1hash = sha1hash
    e.linklabel = 'Zip File'
    e += Field('outputfld', folder, displayname='Folder Location')
    response += e
    return response
Beispiel #22
0
def dotransform(request, response):
    
    folder = ''
    try:
        if 'sniffMyPackets.outputfld' in request.fields:
            folder = request.fields['sniffMyPackets.outputfld']
        else:
            folder = request.value
    except:
        return response + UIMessage('No folder created or specified')

    msg = 'Enter output filename (including path)'
    title = 'L0 - Zip pcap folder [SmP]'
    fieldNames = ["File Name"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    save_file = fieldValues[0]
    
    def zipdir(path, zip):
        for root, dirs, files in os.walk(path):
            for file in files:
                zip.write(os.path.join(root, file))

    myzip = zipfile.ZipFile(save_file, 'w')
    zipdir(folder, myzip)
    myzip.close()

    fh = open(save_file, 'rb')
    sha1hash = hashlib.sha1(fh.read()).hexdigest()

    fh = open(save_file, 'rb')
    md5hash = hashlib.md5(fh.read()).hexdigest()

    e = ZipFile(save_file)
    e.zipmd5hash = md5hash
    e.zipsha1hash = sha1hash
    e.linklabel = 'Zip File'
    e += Field('outputfld', folder, displayname='Folder Location')
    response += e
    return response
Beispiel #23
0
def dotransform(request, response):

    db_file = request.value

    msg = 'Enter output filename (including path)'
    title = 'Watcher - Export Database to CSV'
    fieldNames = ["File Name"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    save_file = fieldValues[0]

    conn = sqlite3.connect(db_file)
    cursor = conn.cursor()
    cursor.execute("select * from ssid;")

    csv_writer = csv.writer(open(save_file, 'wt'))
    csv_writer.writerow([i[0] for i in cursor.description])
    csv_writer.writerows(cursor)
    del csv_writer

    e = CSVFile(save_file)
    response += e
    return response
Beispiel #24
0
def dotransform(request, response):

    db_file = request.value

    msg = "Enter output filename (including path)"
    title = "Watcher - Export Database to CSV"
    fieldNames = ["File Name"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    save_file = fieldValues[0]

    conn = sqlite3.connect(db_file)
    cursor = conn.cursor()
    cursor.execute("select * from ssid;")

    csv_writer = csv.writer(open(save_file, "wt"))
    csv_writer.writerow([i[0] for i in cursor.description])
    csv_writer.writerows(cursor)
    del csv_writer

    e = CSVFile(save_file)
    response += e
    return response
Beispiel #25
0
def dotransform(request, response):

    pcap = request.value
    pkts = rdpcap(pcap)
    r_pkts = []

    folder = request.fields['sniffMyPackets.outputfld']
    tstamp = int(time())
    new_file = folder + '/search-results-' + str(tstamp) + '.pcap'

    msg = 'Enter Search Criteria'
    title = 'L0 - Simple pcap search [SmP]'
    fieldNames = ["Source", "Destination", "Port", "Free Text"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    s_ip = fieldValues[0]
    if s_ip == '':
        s_ip = None
    d_ip = fieldValues[1]
    if d_ip == '':
        d_ip = None
    port = fieldValues[2]
    if port == '':
        port = None
    text = fieldValues[3]
    if text == '':
        text = None

    if s_ip or d_ip is not None:
        for p in pkts:
            if p.haslayer(IP):
                if p[IP].src == s_ip and not None:
                    r_pkts.append(p)
                if p[IP].dst == d_ip and not None:
                    r_pkts.append(p)

    if port is not None:
        for p in pkts:
            if p.haslayer(TCP):
                if int(port) == p[TCP].sport and not None:
                    r_pkts.append(p)
                if int(port) == p[TCP].dport and not None:
                    r_pkts.append(p)

    if text is not None:
        for p in pkts:
            if p.haslayer(Raw):
                if text in p[Raw].load and not None:
                    r_pkts.append(p)

    if len(r_pkts) > 0:
        wrpcap(new_file, r_pkts)
    else:
        return response + UIMessage('Sorry no packets found!!')

    pktcount = len(r_pkts)

    e = pcapFile(new_file)
    e.outputfld = folder
    e += Field('pcapsrc', request.value, displayname='Original pcap File', matchingrule='loose')
    e += Field('pktcnt', pktcount, displayname='Number of packets', matchingrule='loose')
    e.linklabel = 'Search Results'
    response += e
    return response
Beispiel #26
0
    def do_transform(self, request, response, config):
        ip_entity = request.entity

        # Test for properties -------------------------------------------//
        try:
            test = ip_entity['id']
            if ip_entity['id'] is not None:
                title = "Confirmation"
                msg = """This IPv4Address is already bound to a Metasploit Host. \n
                    Do you really want to change the concerned properties ?"""
                confirm = gui.choicebox(title=title,
                                        msg=msg,
                                        choices=['Yes', 'No'])
            if confirm == 'No':
                return response
        except KeyError:
            pass

        # Select Workspaces & Hosts -------------------------------------//
        url = config['EffectiveCouscous.local.baseurl'] + 'workspaces'
        workspaces = apitools.get_json_dict(url, config)
        title = "Workspace Choice"
        msg = "Please choose a workspace for Host selection"
        ws_names = [workspace['name'] for workspace in workspaces]
        choice = gui.choicebox(title=title, msg=msg, choices=(ws_names))

        # Select Hosts
        url = config['EffectiveCouscous.local.baseurl'] + 'hosts'
        params = (('workspace', '{0}'.format(choice)), )
        hosts = apitools.get_json_dict(url, config, params=params)
        title = "Host Choice"
        msg = "Choose a Metasploit Host to associate with this IPv4Address"
        host_infos = []
        host_names = []
        for host in hosts:
            info = '{0}      {1}'.format(host['address'], host['name'])
            host_infos.append(info)
            host_names.append(host['name'])
        host_infos.append("Add Host")
        raw_choice = gui.choicebox(title=title, msg=msg, choices=(host_infos))
        host = {}
        if "Add Host" in raw_choice:
            host['name'] = "Add Host"
        else:
            for h in hosts:
                if h['address'] in raw_choice:
                    host = h

        # If existing host ---------------------------------------------//
        if host['name'] != "Add Host":
            ip_entity['ipv4-address'] = host['address']
            ip_entity.host_id = host['id']
            ip_entity.workspace_id = host['workspace_id']
            ip_entity.icon_url = network_interface
            ip_entity.origin_tool = 'Metasploit'
            response + ip_entity

        # If New Host --------------------------------------------------//
        if host['name'] == 'Add Host':
            url = config['EffectiveCouscous.local.baseurl'] + 'hosts'
            title = "New Host"
            msg = """Enter Host properties for creating a Host in Metasploit"""
            field_names = [
                "Address", "MAC", "Host Name", "OS Name", "OS Flavor", 'OS SP',
                'OS Language', 'Purpose', 'Info', 'Comments', 'Scope',
                'Virtual Host', 'Architecture', 'State'
            ]
            field_values = []
            field_values = gui.multenterbox(title=title,
                                            msg=msg,
                                            fields=field_names,
                                            values=field_values)
            while 1:
                if field_values == None: break
                errmsg = ""
                for i in range(len(field_names)):
                    if field_values[i].strip() == "":
                        errmsg += ('"%s" is a required field.\n\n' %
                                   field_names[i])
                if errmsg == "":
                    break
                field_values = gui.multenterbox(errmsg,
                                                field_values,
                                                fields=field_names)
            # Post Host
            dict = {}
            dict['workspace'] = choice
            dict['host'] = field_values[0]
            dict['mac'] = field_values[1]
            dict['name'] = field_values[2]
            dict['os_name'] = field_values[3]
            dict['os_flavor'] = field_values[4]
            dict['os_sp'] = field_values[5]
            dict['os_lang'] = field_values[6]
            dict['purpose'] = field_values[7]
            dict['info'] = field_values[8]
            dict['comments'] = field_values[9]
            dict['scope'] = field_values[10]
            dict['virtual_host'] = field_values[11]
            dict['arch'] = field_values[12]
            dict['state'] = field_values[13]
            data = json.dumps(dict)
            post = apitools.post_json(url, data, config)

            # Fetch attributes of new Host
            host_dict = post.json()['data']
            ip_entity['ipv4-address'] = host_dict['address']
            ip_entity.host_id = host_dict['id']
            ip_entity.workspace_id = host_dict['workspace_id']
            ip_entity.icon_url = network_interface
            ip_entity.origin_tool = 'Metasploit'
            response + ip_entity

        return response
Beispiel #27
0
    def do_transform(self, request, response, config):
        service_entity = request.entity

        # Select workspace & Service --------------------------------------//
        url = config['EffectiveCouscous.local.baseurl'] + 'workspaces'
        workspaces = apitools.get_json_dict(url, config)
        title = "Workspace Choice"
        msg = """Choose a Metasploit Workspace for Service selection"""
        ws_names = [workspace['name'] for workspace in workspaces]
        ws_choice = gui.choicebox(title=title, msg=msg, choices=(ws_names))

        # Select Service -------------------------------------------------//
        service_url = config['EffectiveCouscous.local.baseurl'] + 'services'
        params = (('workspace', '{0}'.format(ws_choice)), )
        services = apitools.get_json_dict(service_url, config, params=params)
        title = "Service Choice"
        msg = """Choose a Metasploit Service to associate with this Service"""
        service_names = []
        service_infos = []
        for service in services:
            info = '%s      %s       %s' % (service['host']['address'],
                                            service['port'], service['info'])
            service_infos.append(info)
            service_names.append(service['info'])
        service_infos.append("Add Service")
        raw_choice = gui.choicebox(title=title,
                                   msg=msg,
                                   choices=(service_infos))
        service = {}
        if "Add Service" in raw_choice:
            service['info'] = "Add Service"
        else:
            for s in services:
                if (s['info'] in raw_choice) and (str(s['port'])
                                                  in raw_choice):
                    service = s

        # If existing Service --------------------------------------//
        if service['info'] != "Add Service":
            msf_service = getServiceEntity(service['name'], service['info'])

            if service['info'] == '': msf_service.info = '-'
            else: msf_service.info = service['info']
            if service['name'] == '': msf_service.name = '-'
            else: msf_service.name = service['name']
            if service['proto'] == '': msf_service.proto = '-'
            else: msf_service.proto = service['proto']
            if service['port'] == '': msf_service.port = '-'
            else: msf_service.port = service['port']
            if service['host']['id'] is None: msf_service.host_id = '-'
            else: msf_service.host_id = service['host']['id']
            if service['id'] == '': msf_service.id = '-'
            else: msf_service.service_id = service['id']
            if service['host']['workspace_id'] == '':
                msf_service.workspaceid = '-'
            else:
                msf_service.workspace_id = service['host']['workspace_id']
            msf_service.display = "{port}:{proto}/{name}".format(
                port=service['port'],
                proto=service['proto'],
                name=service['name'])
            msf_service.state = service['state']
            msf_service.created_at = service['created_at']
            msf_service.updated_at = service['updated_at']

            response += msf_service

        # If new Service -------------------------------------------------//
        if service['info'] == "Add Service":
            title = "New Service"
            msg = "Add properties to create a Service in Metasploit"
            field_names = [
                'Workspace', 'Host IP', 'Port number', 'Protocol',
                'Service Name', 'Text (Info)', 'State'
            ]
            field_values = []
            field_values = gui.multenterbox(msg, fields=field_names)
            while 1:
                if field_values == None: break
                errmsg = ""
                for i in range(len(field_names)):
                    if field_values[i].strip() == "":
                        errmsg += ('"%s" is a required field.\n\n' %
                                   field_names[i])
                if errmsg == "":
                    break
                field_values = gui.multenterbox(errmsg,
                                                field_values,
                                                fields=field_names)

            # Create Service in Metasploit
            dict = {}
            dict['workspace'] = field_values[0]
            dict['host'] = field_values[1]
            dict['port'] = field_values[2]
            dict['proto'] = field_values[3]
            dict['name'] = field_values[4]
            dict['info'] = field_values[5]
            dict['state'] = field_values[6]
            data = json.dumps(dict)
            post = apitools.post_json(service_url, data)

            # Fetch new Service in Metasploit
            new = post.json()['data']

            msf_service = getServiceEntity(service['name'], service['info'])
            msf_service.info = new['info']
            msf_service.name = new['name']
            msf_service.proto = new['proto']
            msf_service.host_id = new['host']['id']
            msf_service.id = new['id']
            msf_service.workspace_id = new['host']['workspace_id']
            msf_service.display = "{port}:{proto}/{name}".format(
                port=new['port'], proto=new['proto'], name=new['name'])
            msf_service.state = new['state']
            msf_service.created_at = new['created_at']
            msf_service.updated_at = new['updated_at']

            response += msf_service

        return response
def dotransform(request, response):

    # pcap file pulled from Maltego
    pcap = request.value
    usedb = config['working/usedb']
    # Check to see if we are using the database or not
    if usedb == 0:
        return response + UIMessage('You have chosen not to use a database')
    else:
        pass

    # Connect to the database so we can insert the record created below
    x = mongo_connect()
    c = x['INDEX']

    # Check the file exists first (so we don't add crap to the database
    try:
        open(pcap)
    except IOError:
        return response + UIMessage('The file doesn\'t exist')

    # Check the pcap file is in the correct format (not pcap-ng)
    try:
        f_format = check_pcap(pcap)
        if 'BAD' in f_format:
            return response + UIMessage(
                'File format is pcap-ng, not supported by sniffMyPackets, please convert.'
            )
    except Exception as e:
        return response + UIMessage(str(e))

    # Hash the pcap file
    try:
        md5hash = md5_for_file(pcap)
        sha1hash = sha1_for_file(pcap)
    except Exception as e:
        return response + UIMessage(str(e))

    # Get the file size
    try:
        filesize = check_size(pcap)
    except Exception as e:
        return response + UIMessage(str(e))

    # Check the pcap file doesn't exist in the database already (based on MD5 hash)
    try:
        s = x.INDEX.find({"MD5 Hash": md5hash}).count()
        if s > 0:
            r = x.INDEX.find({"MD5 Hash": md5hash}, {"PCAP ID": 1, "_id": 0})
            for i in r:
                e = SessionID(i['PCAP ID'])
                e += Field('sniffmypacketsv2.pcapfile',
                           pcap,
                           displayname='PCAP File')
                response += e
                return response
        else:
            pass
    except Exception as e:
        return response + UIMessage(str(e))

    # Popup message box for entering comments about the pcap file
    msg = 'Enter Comments'
    title = 'Comments'
    field_names = ["Comments"]
    field_values = []
    field_values = multenterbox(msg, title, field_names)

    # General variables used to build the index
    comments = field_values[0]
    now = time.strftime("%c")
    pcap_id = str(uuid.uuid4())[:12].replace('-', '')

    # Get a count of packets available
    try:
        pkcount = packet_count(pcap)
    except Exception as e:
        return response + UIMessage(str(e))

    # Get the start/end time of packets
    try:
        pcap_time = get_time(pcap)
    except Exception as e:
        return response + UIMessage(str(e))

    # Check for working directory, if it doesn't exist create it.
    w = config['working/directory'].strip('\'')
    try:
        if w != '':
            w = w + '/' + pcap_id
            if not os.path.exists(w):
                os.makedirs(w)
        else:
            return response + UIMessage(
                'No working directory set, check your config file')
    except Exception as e:
        return response + UIMessage(e)

    # Build a dictonary object to upload into the database
    index = OrderedDict({
        'PCAP ID': pcap_id,
        'PCAP Path': pcap,
        'Working Directory': w,
        'Upload Time': now,
        'Comments': comments,
        'MD5 Hash': md5hash,
        'SHA1 Hash': sha1hash,
        'Packet Count': pkcount,
        'First Packet': pcap_time[0],
        'Last Packet': pcap_time[1],
        'File Size': filesize
    })

    # Insert record into the database
    c.insert(index)

    # Return the entity with Session ID into Maltego
    r = SessionID(pcap_id)
    r += Field('sniffmypacketsv2.pcapfile', pcap, displayname='PCAP File')
    response += r
    return response
Beispiel #29
0
def dotransform(request, response):

    pcap = request.value
    pkts = rdpcap(pcap)
    r_pkts = []

    folder = request.fields['sniffMyPackets.outputfld']
    tstamp = int(time())
    new_file = folder + '/search-results-' + str(tstamp) + '.pcap'

    msg = 'Enter Search Criteria'
    title = 'L0 - Simple pcap search [SmP]'
    fieldNames = ["Source", "Destination", "Port", "Free Text"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    s_ip = fieldValues[0]
    if s_ip == '':
        s_ip = None
    d_ip = fieldValues[1]
    if d_ip == '':
        d_ip = None
    port = fieldValues[2]
    if port == '':
        port = None
    text = fieldValues[3]
    if text == '':
        text = None

    if s_ip or d_ip is not None:
        for p in pkts:
            if p.haslayer(IP):
                if p[IP].src == s_ip and not None:
                    r_pkts.append(p)
                if p[IP].dst == d_ip and not None:
                    r_pkts.append(p)

    if port is not None:
        for p in pkts:
            if p.haslayer(TCP):
                if int(port) == p[TCP].sport and not None:
                    r_pkts.append(p)
                if int(port) == p[TCP].dport and not None:
                    r_pkts.append(p)

    if text is not None:
        for p in pkts:
            if p.haslayer(Raw):
                if text in p[Raw].load and not None:
                    r_pkts.append(p)

    if len(r_pkts) > 0:
        wrpcap(new_file, r_pkts)
    else:
        return response + UIMessage('Sorry no packets found!!')

    pktcount = len(r_pkts)

    e = pcapFile(new_file)
    e.outputfld = folder
    e += Field('pcapsrc',
               request.value,
               displayname='Original pcap File',
               matchingrule='loose')
    e += Field('pktcnt',
               pktcount,
               displayname='Number of packets',
               matchingrule='loose')
    e.linklabel = 'Search Results'
    response += e
    return response
Beispiel #30
0
    def do_transform(self, request, response, config):
        netblock = request.entity

        # Select Workspaces
        url = config['EffectiveCouscous.local.baseurl'] + 'workspaces'
        workspaces = apitools.get_json_dict(url, config)
        title = "Workspace Choice"
        msg = "Choose a Metasploit workspace to associate with this Netblock"
        ws_names = [workspace['name'] for workspace in workspaces]
        ws_names.append('Add Workspace')
        workspace = {}
        choice = gui.choicebox(msg=msg, title=title, choices=(ws_names))
        if choice == "Add Workspace":
            workspace['name'] = "Add Workspace"
        else:
            for ws in workspaces:
                if ws['name'] == choice:
                    workspace = ws

        # If Existing Workspace --------------------------------------------------------------- //
        if workspace['name'] != "Add Workspace":
            # Set Values
            netblock.name = '-' if workspace['name'] is None else workspace[
                'name']
            netblock.workspace_id = workspace['id']
            netblock.boundary = '-' if workspace[
                'boundary'] is None else workspace['boundary']
            netblock.description = '-' if workspace[
                'description'] is None else workspace['description']
            netblock.owner_id = '-' if workspace[
                'owner_id'] is None or '-' else workspace['owner_id']
            netblock.limit_to_network = workspace['limit_to_network']
            netblock.import_fingerprint = workspace['import_fingerprint']
            netblock.created_at = workspace['created_at']
            netblock.updated_at = workspace['updated_at']
            netblock.origin_tool = 'Metasploit'
            # IP Range and Boundary
            if workspace['boundary'] is not None:
                netblock['ipv4-range'] = netblock.boundary
            # Add to response
            response + netblock

        # If New Workspace ------------------------------------------------------------------- //
        if workspace['name'] == "Add Workspace":
            msg = "New Workspace"
            fieldNames = ["Name"]
            fieldValues = gui.multenterbox(msg, fields=fieldNames)
            while 1:
                if fieldValues == None: break
                errmsg = ""
                for i in range(len(fieldNames)):
                    if fieldValues[i].strip() == "":
                        errmsg += ('"%s" is a required field.\n\n' %
                                   fieldNames[i])
                if errmsg == "":
                    break
                fieldValues = gui.multenterbox(errmsg, fieldValues, fieldNames)

            # Create and Fetch Workspace in Metasploit
            dict = {}
            dict['name'] = fieldValues[0]
            data = json.dumps(dict)
            post = apitools.post_json(url, data, config)
            workspaces = apitools.get_json_dict(url, config)
            ws = []
            for workspace in workspaces:
                if workspace['name'] == dict['name']:
                    ws.append(workspace)
            workspace = ws[0]

            # Set Values
            netblock.name = '-' if workspace['name'] is None else workspace[
                'name']
            netblock.workspace_id = workspace['id']
            netblock.boundary = '-' if workspace[
                'boundary'] is None else workspace['boundary']
            netblock.description = '-' if workspace[
                'description'] is None else workspace['description']
            netblock.owner_id = '-' if workspace[
                'owner_id'] is None else workspace['owner_id']
            netblock.limit_to_network = workspace['limit_to_network']
            netblock.import_fingerprint = workspace['import_fingerprint']
            netblock.created_at = workspace['created_at']
            netblock.updated_at = workspace['updated_at']
            netblock.origin_tool = 'Metasploit'
            # IP Range and Boundary
            if workspace['boundary'] is not None:
                netblock['ipv4-range'] = netblock.boundary
            # Add to response
            response + netblock

        return response
def dotransform(request, response):

    # pcap file pulled from Maltego
    pcap = request.value
    usedb = config['working/usedb']
    # Check to see if we are using the database or not
    if usedb == 0:
        return response + UIMessage('You have chosen not to use a database')
    else:
        pass

    # Connect to the database so we can insert the record created below
    x = mongo_connect()
    c = x['INDEX']

    # Check the file exists first (so we don't add crap to the database
    try:
        open(pcap)
    except IOError:
        return response + UIMessage('The file doesn\'t exist')

    # Check the pcap file is in the correct format (not pcap-ng)
    try:
        f_format = check_pcap(pcap)
        if 'BAD' in f_format:
            return response + UIMessage('File format is pcap-ng, not supported by sniffMyPackets, please convert.')
    except Exception as e:
        return response + UIMessage(str(e))

    # Hash the pcap file
    try:
        md5hash = md5_for_file(pcap)
        sha1hash = sha1_for_file(pcap)
    except Exception as e:
        return response + UIMessage(str(e))

    # Get the file size
    try:
        filesize = check_size(pcap)
    except Exception as e:
        return response + UIMessage(str(e))

    # Check the pcap file doesn't exist in the database already (based on MD5 hash)
    try:
        s = x.INDEX.find({"MD5 Hash": md5hash}).count()
        if s > 0:
            r = x.INDEX.find({"MD5 Hash": md5hash}, {"PCAP ID": 1, "_id": 0})
            for i in r:
                e = SessionID(i['PCAP ID'])
                e += Field('sniffmypacketsv2.pcapfile', pcap, displayname='PCAP File')
                response += e
                return response
        else:
            pass
    except Exception as e:
        return response + UIMessage(str(e))

    # Popup message box for entering comments about the pcap file
    msg = 'Enter Comments'
    title = 'Comments'
    field_names = ["Comments"]
    field_values = []
    field_values = multenterbox(msg, title, field_names)

    # General variables used to build the index
    comments = field_values[0]
    now = time.strftime("%c")
    pcap_id = str(uuid.uuid4())[:12].replace('-', '')

    # Get a count of packets available
    try:
        pkcount = packet_count(pcap)
    except Exception as e:
        return response + UIMessage(str(e))

    # Get the start/end time of packets
    try:
        pcap_time = get_time(pcap)
    except Exception as e:
        return response + UIMessage(str(e))

    # Check for working directory, if it doesn't exist create it.
    w = config['working/directory'].strip('\'')
    try:
        if w != '':
            w = w + '/' + pcap_id
            if not os.path.exists(w):
                os.makedirs(w)
        else:
            return response + UIMessage('No working directory set, check your config file')
    except Exception as e:
        return response + UIMessage(e)

    # Build a dictonary object to upload into the database
    index = OrderedDict({'PCAP ID': pcap_id, 'PCAP Path': pcap, 'Working Directory': w, 'Upload Time': now,
                         'Comments': comments, 'MD5 Hash': md5hash, 'SHA1 Hash': sha1hash,
                         'Packet Count': pkcount, 'First Packet': pcap_time[0], 'Last Packet': pcap_time[1],
                         'File Size': filesize})

    # Insert record into the database
    c.insert(index)

    # Return the entity with Session ID into Maltego
    r = SessionID(pcap_id)
    r += Field('sniffmypacketsv2.pcapfile', pcap, displayname='PCAP File')
    response += r
    return response