Beispiel #1
0
def init_sensor():
    global _cap
    global _datalink

    items = []

    for cmd, regex in (("/sbin/ifconfig", r"inet addr:([\d.]+) .*Mask:([\d.]+)"), ("ipconfig", r"IPv4 Address[^\n]+([\d.]+)\s+Subnet Mask[^\n]+([\d.]+)")):
        try:
            items = re.findall(regex, subprocess.check_output(cmd))
            break
        except OSError:
            pass

    for ip, mask in items:
        LOCAL_NETWORKS.append((addr_to_int(ip) & addr_to_int(mask), addr_to_int(mask)))
        HOST_ADDRESSES.add(ip)

    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        s.connect(("google.com", 0))
        HOST_ADDRESSES.add(s.getsockname()[0])
    except:
        pass

    try:
        if not os.path.isdir(LOG_DIRECTORY):
            os.makedirs(LOG_DIRECTORY)
    except Exception, ex:
        if "Permission denied" in str(ex):
            exit("[x] please run with sudo/Administrator privileges")
        else:
            raise
Beispiel #2
0
def fetch():
    retval = {}
    content = retrieve_content(__url__)

    if __check__ in content:
        for match in re.finditer(r"([\d.]+)/(\d+)", content):
            prefix, mask = match.groups()
            start_int = addr_to_int(prefix) & make_mask(int(mask))
            end_int = start_int | ((1 << 32 - int(mask)) - 1)
            for address in xrange(start_int, end_int + 1):
                retval[int_to_addr(address)] = (__info__, __reference__)

    return retval
Beispiel #3
0
def fetch():
    retval = {}
    content = retrieve_content(__url__)

    if __check__ in content:
        for match in re.finditer(r"([\d.]+)/(\d+)", content):
            prefix, mask = match.groups()
            start_int = addr_to_int(prefix) & make_mask(int(mask))
            end_int = start_int | ((1 << 32 - int(mask)) - 1)
            for address in xrange(start_int, end_int + 1):
                retval[int_to_addr(address)] = (__info__, __reference__)

    return retval
Beispiel #4
0
def init_sensor():
    global _cap
    global _datalink

    items = []

    for cmd, regex in (
        ("/sbin/ifconfig", r"inet addr:([\d.]+) .*Mask:([\d.]+)"),
        ("ipconfig",
         r"IPv4 Address[^\n]+([\d.]+)\s+Subnet Mask[^\n]+([\d.]+)")):
        try:
            items = re.findall(regex, subprocess.check_output(cmd))
            break
        except OSError:
            pass

    for ip, mask in items:
        LOCAL_NETWORKS.append(
            (addr_to_int(ip) & addr_to_int(mask), addr_to_int(mask)))
        HOST_ADDRESSES.add(ip)

    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        s.connect(("google.com", 0))
        HOST_ADDRESSES.add(s.getsockname()[0])
    except:
        pass

    try:
        if not os.path.isdir(LOG_DIRECTORY):
            os.makedirs(LOG_DIRECTORY)
    except Exception, ex:
        if "Permission denied" in str(ex):
            exit("[x] please run with sudo/Administrator privileges")
        else:
            raise
Beispiel #5
0
def fetch():
    retval = {}
    content = retrieve_content(__url__)

    if __check__ in content:
        for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+)/(\d+)", content):
            prefix, mask = match.groups()
            mask = int(mask)
            if MIN_BLACKLIST_MASK <= mask <= MAX_BLACKLIST_MASK:
                start_int = addr_to_int(prefix) & make_mask(mask)
                end_int = start_int | ((1 << 32 - mask) - 1)
                for address in xrange(start_int, end_int + 1):
                    retval[int_to_addr(address)] = (__info__, __reference__)

    return retval
Beispiel #6
0
def fetch():
    retval = {}
    content = retrieve_content(__url__)

    if __check__ in content:
        for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+)/(\d+)", content):
            prefix, mask = match.groups()
            mask = int(mask)
            if MIN_BLACKLIST_MASK <= mask <= MAX_BLACKLIST_MASK:
                start_int = addr_to_int(prefix) & make_mask(mask)
                end_int = start_int | ((1 << 32 - mask) - 1)
                for address in xrange(start_int, end_int + 1):
                    retval[int_to_addr(address)] = (__info__, __reference__)

    return retval
def fetch():
    retval = {}
    content = retrieve_content(__url__)

    if __check__ in content:
        for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+)/(\d+)", content):
            prefix, mask = match.groups()
            mask = int(mask)
            start_int = addr_to_int(prefix) & make_mask(mask)
            end_int = start_int | ((1 << 32 - mask) - 1)
            if 0 <= end_int - start_int <= 1024:
                address = start_int
                while start_int <= address <= end_int:
                    retval[int_to_addr(address)] = (__info__, __reference__)
                    address += 1

    return retval
Beispiel #8
0
        def _events(self, params):
            session = self.get_session()

            if session is None:
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")
                return None

            start, end, size, total = None, None, -1, None
            content = None
            log_path = os.path.join(config.LOG_DIR, "%s.log" % params.get("date", ""))

            if os.path.exists(log_path):
                total = os.stat(log_path).st_size

                if self.headers.get("Range"):
                    match = re.search(r"bytes=(\d+)-(\d+)", self.headers["Range"])
                    if match:
                        start, end = int(match.group(1)), int(match.group(2))
                        max_size = end - start + 1
                        end = min(total - 1, end)
                        size = end - start + 1

                        if start == 0 or not session.range_handle:
                            session.range_handle = open(log_path, "rb")

                        if session.netfilters is None:
                            session.range_handle.seek(start)
                            self.send_response(httplib.PARTIAL_CONTENT)
                            self.send_header("Connection", "close")
                            self.send_header("Content-Type", "text/plain")
                            self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, total))
                            content = session.range_handle.read(size)
                        else:
                            self.send_response(httplib.OK)
                            self.send_header("Connection", "close")
                            self.send_header("Content-Type", "text/plain")

                            buffer, addresses, netmasks, regex = cStringIO.StringIO(), set(), [], ""
                            for netfilter in session.netfilters:
                                if not netfilter:
                                    continue
                                if '/' in netfilter:
                                    netmasks.append(netfilter)
                                elif re.search(r"\A[\d.]+\Z", netfilter):
                                    addresses.add(netfilter)
                                elif '\.' in netfilter:
                                    regex = r" %s " % netfilter
                                else:
                                    print "[!] invalid network filter '%s'" % netfilter
                                    return

                            for line in session.range_handle:
                                display = False

                                if regex and re.search(regex, line):
                                    display = True
                                elif addresses or netmasks:
                                    for match in re.finditer(r" (\d+\.\d+\.\d+\.\d+) ", line):
                                        if not display:
                                            ip = match.group(1)
                                        else:
                                            break

                                        if ip in addresses:
                                            display = True
                                            break
                                        elif netmasks:
                                            for _ in netmasks:
                                                prefix, mask = _.split('/')
                                                if addr_to_int(ip) & make_mask(int(mask)) == addr_to_int(prefix):
                                                    addresses.add(ip)
                                                    display = True
                                                    break

                                if display:
                                    buffer.write(line)
                                    if buffer.tell() >= max_size:
                                        break

                            content = buffer.getvalue()
                            end = start + len(content) - 1
                            self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, end + 1 + max_size * (len(content) >= max_size)))

                        if len(content) < max_size:
                            session.range_handle.close()
                            session.range_handle = None

                if size == -1:
                    self.send_response(httplib.OK)
                    self.send_header("Connection", "close")
                    self.send_header("Content-Type", "text/plain")
                    self.end_headers()

                    with open(log_path, "rb") as f:
                        while True:
                            data = f.read(io.DEFAULT_BUFFER_SIZE)
                            if not data:
                                break
                            else:
                                self.wfile.write(data)

            else:
                self.send_response(httplib.NOT_FOUND)
                self.send_header("Connection", "close")

            return content
Beispiel #9
0
                                     isolation_level=None,
                                     check_same_thread=False) as con:
                    cur = con.cursor()
                    cur.execute("BEGIN TRANSACTION")
                    cur.execute(
                        "CREATE TABLE ranges (start_int INT, end_int INT, name TEXT)"
                    )

                    with open(IPCAT_CSV_FILE) as f:
                        for row in f:
                            if not row.startswith('#') and not row.startswith(
                                    'start'):
                                row = row.strip().split(",")
                                cur.execute(
                                    "INSERT INTO ranges VALUES (?, ?, ?)",
                                    (addr_to_int(row[0]), addr_to_int(
                                        row[1]), row[2]))

                    cur.execute("COMMIT")
                    cur.close()
                    con.commit()
            except Exception, ex:
                print "[!] something went wrong during ipcat database update ('%s')" % ex

    _chown(IPCAT_CSV_FILE)
    _chown(IPCAT_SQLITE_FILE)


def main():
    update()
Beispiel #10
0
        def _events(self, params):
            session = self.get_session()

            if session is None:
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")
                self.end_headers()
                return None

            start, end, size, total = None, None, -1, None
            content = None
            log_path = os.path.join(config.LOG_DIRECTORY,
                                    "%s.log" % params.get("date", ""))

            if os.path.exists(log_path):
                total = os.stat(log_path).st_size

                if self.headers.get("Range"):
                    match = re.search(r"bytes=(\d+)-(\d+)",
                                      self.headers["Range"])
                    if match:
                        start, end = int(match.group(1)), int(match.group(2))
                        max_size = end - start + 1
                        end = min(total - 1, end)
                        size = end - start + 1

                        if start == 0 or not session.range_handle:
                            session.range_handle = open(log_path, "rb")

                        self.send_response(httplib.OK)
                        self.send_header("Connection", "close")
                        self.send_header("Content-Type", "text/plain")

                        if session.netfilters is None:
                            session.range_handle.seek(start)
                            self.send_response(httplib.PARTIAL_CONTENT)
                            self.send_header(
                                "Content-Range",
                                "bytes %d-%d/%d" % (start, end, total))
                            content = session.range_handle.read(size)
                        else:
                            buffer, addresses, netmasks = cStringIO.StringIO(
                            ), set(), []
                            for netfilter in session.netfilters:
                                if not netfilter:
                                    continue
                                if '/' in netfilter:
                                    netmasks.append(netfilter)
                                elif re.search(r"\A[\d.]+\Z", netfilter):
                                    addresses.add(netfilter)
                                else:
                                    print "[!] invalid network filter '%s'" % netfilter
                                    return

                            for line in session.range_handle.xreadlines():
                                display = False

                                for match in re.finditer(
                                        r" (\d+\.\d+\.\d+\.\d+) ", line):
                                    if not display:
                                        ip = match.group(1)
                                    else:
                                        break

                                    if ip in addresses:
                                        display = True
                                        break
                                    elif netmasks:
                                        for _ in netmasks:
                                            prefix, mask = _.split('/')
                                            if addr_to_int(ip) & make_mask(
                                                    int(mask)) == addr_to_int(
                                                        prefix):
                                                addresses.add(ip)
                                                display = True
                                                break

                                if display:
                                    buffer.write(line)
                                    if buffer.tell() >= max_size:
                                        break

                            content = buffer.getvalue()
                            end = start + len(content) - 1
                            self.send_header(
                                "Content-Range", "bytes %d-%d/%d" %
                                (start, end, end + 1 + max_size *
                                 (len(content) >= max_size)))

                        if len(content) < max_size:
                            session.range_handle.close()
                            session.range_handle = None

                if size == -1:
                    self.send_response(httplib.OK)
                    self.send_header("Connection", "close")
                    self.send_header("Content-Type", "text/plain")
                    self.end_headers()

                    with open(log_path, "rb") as f:
                        while True:
                            data = f.read(io.DEFAULT_BUFFER_SIZE)
                            if not data:
                                break
                            else:
                                self.wfile.write(data)

            return content
Beispiel #11
0
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]):
                                valid = True
                                break
                        except:
                            if config.SHOW_DEBUG:
                                traceback.print_exc()

            if valid:
                session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
                expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS

                self.send_response(httplib.OK)
                self.send_header("Connection", "close")
                self.send_header("Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))

                if netfilter in ("", "0.0.0.0/0"):
                    netfilters = None
                else:
                    addresses = set()
                    netmasks = set()

                    for item in set(re.split(r"[;,]", netfilter)):
                        item = item.strip()
                        if '/' in item:
                            _ = item.split('/')[-1]
                            if _.isdigit() and int(_) >= 16:
                                lower = addr_to_int(item.split('/')[0])
                                mask = make_mask(int(_))
                                upper = lower | (0xffffffff ^ mask)
                                while lower <= upper:
                                    addresses.add(int_to_addr(lower))
                                    lower += 1
                            else:
                                netmasks.add(item)
                        elif '-' in item:
                            _ = item.split('-')
                            lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
                            while lower <= upper:
                                addresses.add(int_to_addr(lower))
                                lower += 1
                        elif re.search(r"\d+\.\d+\.\d+\.\d+", item):
                            addresses.add(item)

                    netfilters = netmasks
                    if addresses:
                        netfilters.add(get_regex(addresses))

                SESSIONS[session_id] = AttribDict({"username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration})
            else:
                time.sleep(UNAUTHORIZED_SLEEP_TIME)
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")

            self.send_header("Content-Type", "text/plain")
            content = "Login %s" % ("success" if valid else "failed")

            try:
                subprocess.check_output("logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\"" % (NAME.lower(), os.getpid(), "Accepted" if valid else "Failed", params.get("username"), self.client_address[0], self.client_address[1]), stderr=subprocess.STDOUT, shell=True)
            except Exception:
                if config.SHOW_DEBUG:
                    traceback.print_exc()

            return content
Beispiel #12
0
        def _events(self, params):
            session = self.get_session()

            if session is None:
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")
                self.end_headers()
                return None

            start, end, size, total = None, None, -1, None
            content = None
            log_path = os.path.join(config.LOG_DIRECTORY, "%s.log" % params.get("date", ""))

            if os.path.exists(log_path):
                total = os.stat(log_path).st_size

                if self.headers.get("Range"):
                    match = re.search(r"bytes=(\d+)-(\d+)", self.headers["Range"])
                    if match:
                        start, end = int(match.group(1)), int(match.group(2))
                        max_size = end - start + 1
                        end = min(total - 1, end)
                        size = end - start + 1

                        if start == 0 or not session.range_handle:
                            session.range_handle = open(log_path, "rb")

                        self.send_response(httplib.OK)
                        self.send_header("Connection", "close")
                        self.send_header("Content-Type", "text/plain")

                        if session.netfilter in (None, "", "0.0.0.0/0"):
                            session.range_handle.seek(start)
                            self.send_response(httplib.PARTIAL_CONTENT)
                            self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, total))
                            content = session.range_handle.read(size)
                        else:
                            content, addresses, netmasks = "", set(), []
                            for _ in set(re.split(r"[;,]", session.netfilter)):
                                if '/' in _:
                                    netmasks.append(_)
                                elif re.search(r"\A[\d.]+\Z", _):
                                    addresses.add(_)
                                else:
                                    print "[!] invalid network filter '%s'" % _
                                    return

                            for line in session.range_handle.xreadlines():
                                display = False
                                for ip in set(re.findall(r"\d+\.\d+\.\d+\.\d+", line)):
                                    if display:
                                        break
                                    elif ip in addresses:
                                        display = True
                                        break
                                    else:
                                        for _ in netmasks:
                                            prefix, mask = _.split('/')
                                            if addr_to_int(ip) & make_mask(int(mask)) == addr_to_int(prefix):
                                                addresses.add(ip)
                                                display = True
                                                break

                                if display:
                                    content += line
                                    if len(content) >= max_size:
                                        break

                            end = start + len(content) - 1
                            self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, end + 1 + max_size * (len(content) >= max_size)))

                        if len(content) < max_size:
                            session.range_handle.close()
                            session.range_handle = None

                if size == -1:
                    self.send_response(httplib.OK)
                    self.send_header("Connection", "close")
                    self.send_header("Content-Type", "text/plain")
                    self.end_headers()

                    with open(log_path, "rb") as f:
                        while True:
                            data = f.read(io.DEFAULT_BUFFER_SIZE)
                            if not data:
                                break
                            else:
                                self.wfile.write(data)

            return content
Beispiel #13
0
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"),
                                       hash_parts[1].decode("hex"),
                                       int(hash_parts[2])).encode("hex") ==
                                    hash_parts[3]):
                                valid = True
                                break
                        except:
                            if DEBUG:
                                traceback.print_exc()

            if valid:
                session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
                expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS

                self.send_response(httplib.OK)
                self.send_header("Connection", "close")
                self.send_header(
                    "Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" %
                    (session_id,
                     time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))

                if netfilter in ("", "0.0.0.0/0"):
                    netfilters = None
                else:
                    netfilters = set(re.split(r"[;,]", netfilter))
                    for netfilter in set(netfilters):
                        netfilter = netfilter.strip()
                        if '/' in netfilter:
                            _ = netfilter.split('/')[-1]
                            if _.isdigit() and int(_) >= 20:
                                lower = addr_to_int(netfilter.split('/')[0])
                                mask = make_mask(int(_))
                                upper = lower | (0xffffffff ^ mask)
                                while lower <= upper:
                                    netfilters.add(int_to_addr(lower))
                                    lower += 1
                                netfilters.remove(netfilter)
                        elif '-' in netfilter:
                            _ = netfilter.split('-')
                            lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
                            while lower <= upper:
                                netfilters.add(int_to_addr(lower))
                                lower += 1
                            netfilters.remove(netfilter)
                        elif not netfilter:
                            netfilters.remove(netfilter)

                SESSIONS[session_id] = AttribDict({
                    "username": username,
                    "uid": uid,
                    "netfilters": netfilters,
                    "expiration": expiration
                })
            else:
                time.sleep(UNAUTHORIZED_SLEEP_TIME)
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")

            self.send_header("Content-Type", "text/plain")
            content = "Login %s" % ("success" if valid else "failed")

            return content
Beispiel #14
0
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]):
                                valid = True
                                break
                        except:
                            if DEBUG:
                                traceback.print_exc()

            if valid:
                session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
                expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS

                self.send_response(httplib.OK)
                self.send_header("Connection", "close")
                self.send_header("Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))

                if netfilter in ("", "0.0.0.0/0"):
                    netfilters = None
                else:
                    netfilters = set(re.split(r"[;,]", netfilter))
                    for netfilter in set(netfilters):
                        netfilter = netfilter.strip()
                        if '/' in netfilter:
                            _ = netfilter.split('/')[-1]
                            if _.isdigit() and int(_) >= 20:
                                lower = addr_to_int(netfilter.split('/')[0])
                                mask = make_mask(int(_))
                                upper = lower | (0xffffffff ^ mask)
                                while lower <= upper:
                                    netfilters.add(int_to_addr(lower))
                                    lower += 1
                                netfilters.remove(netfilter)
                        elif '-' in netfilter:
                            _ = netfilter.split('-')
                            lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
                            while lower <= upper:
                                netfilters.add(int_to_addr(lower))
                                lower += 1
                            netfilters.remove(netfilter)
                        elif not netfilter:
                            netfilters.remove(netfilter)

                SESSIONS[session_id] = AttribDict({"username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration})
            else:
                time.sleep(UNAUTHORIZED_SLEEP_TIME)
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")

            self.send_header("Content-Type", "text/plain")
            content = "Login %s" % ("success" if valid else "failed")

            return content
Beispiel #15
0
def _process_packet(packet, sec, usec):
    try:
        if _datalink == pcapy.DLT_LINUX_SLL:
            packet = packet[2:]

        eth_header = struct.unpack("!HH8sH", packet[:ETH_LENGTH])
        eth_protocol = socket.ntohs(eth_header[3])

        if eth_protocol == IPPROTO:  # IP
            ip_header = struct.unpack("!BBHHHBBH4s4s",
                                      packet[ETH_LENGTH:ETH_LENGTH + 20])
            ip_length = ip_header[2]
            packet = packet[:ETH_LENGTH + ip_length]  # truncate
            iph_length = (ip_header[0] & 0xF) << 2

            protocol = ip_header[6]
            src_ip = socket.inet_ntoa(ip_header[8])
            dst_ip = socket.inet_ntoa(ip_header[9])

            proto = IPPROTO_LUT.get(protocol)

            local_src = False
            for prefix, mask in LOCAL_NETWORKS:
                if addr_to_int(src_ip) & mask == prefix:
                    local_src = True
                    break

            if proto is None or any(_ in (config.IGNORE_ADDRESSES or "")
                                    for _ in (src_ip, dst_ip)):
                return

            if HOST_ADDRESSES and dst_ip not in HOST_ADDRESSES:
                return

            # only process SYN packets
            if protocol == socket.IPPROTO_TCP:  # TCP
                if local_src:
                    return

                i = iph_length + ETH_LENGTH
                src_port, dst_port, _, _, _, flags = struct.unpack(
                    "!HHLLBB", packet[i:i + 14])

                if any(
                        str(_) in (config.IGNORE_PORTS or "")
                        for _ in (src_port, dst_port)):
                    return

                dst_key = "%s:%s:%s" % (proto, dst_ip, dst_port)
                stat_key = "%s:%s" % (dst_key, src_ip)

                if flags == 2:  # SYN set (only)
                    if dst_key not in _traffic:
                        _traffic[dst_key] = set()

                    _traffic[dst_key].add(src_ip)

                    if stat_key not in _auxiliary:
                        _auxiliary[stat_key] = [sec, sec, 1]
                    else:
                        _auxiliary[stat_key][1] = sec
                        _auxiliary[stat_key][2] += 1

            else:
                if protocol == socket.IPPROTO_UDP:  # UDP
                    i = iph_length + ETH_LENGTH
                    _ = packet[i:i + 4]
                    if len(_) < 4:
                        return

                    src_port, dst_port = struct.unpack("!HH", _)
                    if src_port < 1024 and dst_port > 1024 and dst_ip in HOST_ADDRESSES:  # potential reflection/amplification (junk) responses (e.g. service response to fake src_ip)
                        return
                else:  # non-TCP/UDP (e.g. ICMP)
                    src_port, dst_port = '-', '-'

                if any(
                        str(_) in (config.IGNORE_PORTS or "")
                        for _ in (src_port, dst_port)):
                    return

                dst_key = "%s:%s:%s" % (proto, dst_ip, dst_port)
                stat_key = "%s:%s" % (dst_key, src_ip)

                flow = tuple(
                    sorted((addr_to_int(src_ip), src_port, addr_to_int(dst_ip),
                            dst_port)))

                if flow not in _auxiliary:
                    _auxiliary[flow] = True

                    if local_src:
                        return

                    if dst_key not in _traffic:
                        _traffic[dst_key] = set()

                    _traffic[dst_key].add(src_ip)
                    _auxiliary[stat_key] = [sec, sec, 1]

                elif stat_key in _auxiliary:
                    _auxiliary[stat_key][1] = sec
                    _auxiliary[stat_key][2] += 1

    except:
        if config.SHOW_DEBUG:
            traceback.print_exc()

    finally:
        _log_write()
Beispiel #16
0
def _process_packet(packet, sec, usec):
    try:
        if _datalink == pcapy.DLT_LINUX_SLL:
            packet = packet[2:]

        eth_header = struct.unpack("!HH8sH", packet[:ETH_LENGTH])
        eth_protocol = socket.ntohs(eth_header[3])

        if eth_protocol == IPPROTO:  # IP
            ip_header = struct.unpack("!BBHHHBBH4s4s", packet[ETH_LENGTH:ETH_LENGTH + 20])
            ip_length = ip_header[2]
            packet = packet[:ETH_LENGTH + ip_length]  # truncate
            iph_length = (ip_header[0] & 0xF) << 2

            protocol = ip_header[6]
            src_ip = socket.inet_ntoa(ip_header[8])
            dst_ip = socket.inet_ntoa(ip_header[9])

            proto = IPPROTO_LUT.get(protocol)

            local_src = False
            for prefix, mask in LOCAL_NETWORKS:
                if addr_to_int(src_ip) & mask == prefix:
                    local_src = True
                    break

            if proto is None or any(_ in (config.IGNORE_ADDRESSES or "") for _ in (src_ip, dst_ip)):
                return

            if HOST_ADDRESSES and dst_ip not in HOST_ADDRESSES:
                return

            # only process SYN packets
            if protocol == socket.IPPROTO_TCP:      # TCP
                if local_src:
                    return

                i = iph_length + ETH_LENGTH
                src_port, dst_port, _, _, _, flags = struct.unpack("!HHLLBB", packet[i:i + 14])

                if any(str(_) in (config.IGNORE_PORTS or "") for _ in (src_port, dst_port)):
                    return

                dst_key = "%s:%s:%s" % (proto, dst_ip, dst_port)
                stat_key = "%s:%s" % (dst_key, src_ip)

                if flags == 2:                      # SYN set (only)
                    if dst_key not in _traffic:
                        _traffic[dst_key] = set()

                    _traffic[dst_key].add(src_ip)

                    if stat_key not in _auxiliary:
                        _auxiliary[stat_key] = [sec, sec, 1]
                    else:
                        _auxiliary[stat_key][1] = sec
                        _auxiliary[stat_key][2] += 1

            else:
                if protocol == socket.IPPROTO_UDP:  # UDP
                    i = iph_length + ETH_LENGTH
                    _ = packet[i:i + 4]
                    if len(_) < 4:
                        return

                    src_port, dst_port = struct.unpack("!HH", _)
                    if src_port < 1024 and dst_port > 1024 and dst_ip in HOST_ADDRESSES:        # potential reflection/amplification (junk) responses (e.g. service response to fake src_ip)
                        return
                else:                               # non-TCP/UDP (e.g. ICMP)
                    src_port, dst_port = '-', '-'

                if any(str(_) in (config.IGNORE_PORTS or "") for _ in (src_port, dst_port)):
                    return

                dst_key = "%s:%s:%s" % (proto, dst_ip, dst_port)
                stat_key = "%s:%s" % (dst_key, src_ip)

                flow = tuple(sorted((addr_to_int(src_ip), src_port, addr_to_int(dst_ip), dst_port)))

                if flow not in _auxiliary:
                    _auxiliary[flow] = True
 
                    if local_src:
                        return
 
                    if dst_key not in _traffic:
                        _traffic[dst_key] = set()

                    _traffic[dst_key].add(src_ip)
                    _auxiliary[stat_key] = [sec, sec, 1]

                elif stat_key in _auxiliary:
                    _auxiliary[stat_key][1] = sec
                    _auxiliary[stat_key][2] += 1

    except:
        if config.SHOW_DEBUG:
            traceback.print_exc()

    finally:
        _log_write()
Beispiel #17
0
        else:
            try:
                if os.path.exists(IPCAT_SQLITE_FILE):
                    os.remove(IPCAT_SQLITE_FILE)

                with sqlite3.connect(IPCAT_SQLITE_FILE, isolation_level=None, check_same_thread=False) as con:
                    cur = con.cursor()
                    cur.execute("BEGIN TRANSACTION")
                    cur.execute("CREATE TABLE ranges (start_int INT, end_int INT, name TEXT)")

                    with open(IPCAT_CSV_FILE) as f:
                        for row in f:
                            if not row.startswith('#') and not row.startswith('start'):
                                row = row.strip().split(",")
                                cur.execute("INSERT INTO ranges VALUES (?, ?, ?)", (addr_to_int(row[0]), addr_to_int(row[1]), row[2]))

                    cur.execute("COMMIT")
                    cur.close()
                    con.commit()
            except Exception, ex:
                print "[!] something went wrong during ipcat database update ('%s')" % ex

    _chown(IPCAT_CSV_FILE)
    _chown(IPCAT_SQLITE_FILE)

def main():
    update()

if __name__ == "__main__":
    main()
        def _login(self, params):
            valid = False

            if params.get("username") and params.get("password"):
                for entry in (config.USERS or []):
                    entry = re.sub(r"\s", "", entry)
                    username, stored_hash, uid, netfilter = entry.split(':')
                    hash_parts = stored_hash.split('$')
                    if username == params.get("username"):
                        try:
                            if (pbkdf2(params.get("password"),
                                       hash_parts[1].decode("hex"),
                                       int(hash_parts[2])).encode("hex") ==
                                    hash_parts[3]):
                                valid = True
                                break
                        except:
                            if config.SHOW_DEBUG:
                                traceback.print_exc()

            if valid:
                session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
                expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS

                self.send_response(httplib.OK)
                self.send_header("Connection", "close")
                self.send_header(
                    "Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" %
                    (session_id,
                     time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))

                if netfilter in ("", "0.0.0.0/0"):
                    netfilters = None
                else:
                    addresses = set()
                    netmasks = set()

                    for item in set(re.split(r"[;,]", netfilter)):
                        item = item.strip()
                        if '/' in item:
                            _ = item.split('/')[-1]
                            if _.isdigit() and int(_) >= 16:
                                lower = addr_to_int(item.split('/')[0])
                                mask = make_mask(int(_))
                                upper = lower | (0xffffffff ^ mask)
                                while lower <= upper:
                                    addresses.add(int_to_addr(lower))
                                    lower += 1
                            else:
                                netmasks.add(item)
                        elif '-' in item:
                            _ = item.split('-')
                            lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
                            while lower <= upper:
                                addresses.add(int_to_addr(lower))
                                lower += 1
                        elif re.search(r"\d+\.\d+\.\d+\.\d+", item):
                            addresses.add(item)

                    netfilters = netmasks
                    if addresses:
                        netfilters.add(get_regex(addresses))

                SESSIONS[session_id] = AttribDict({
                    "username": username,
                    "uid": uid,
                    "netfilters": netfilters,
                    "expiration": expiration
                })
            else:
                time.sleep(UNAUTHORIZED_SLEEP_TIME)
                self.send_response(httplib.UNAUTHORIZED)
                self.send_header("Connection", "close")

            self.send_header("Content-Type", "text/plain")
            content = "Login %s" % ("success" if valid else "failed")

            if not subprocess.mswindows:
                try:
                    subprocess.check_output(
                        "logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\""
                        % (NAME.lower(), os.getpid(), "Accepted"
                           if valid else "Failed", params.get("username"),
                           self.client_address[0], self.client_address[1]),
                        stderr=subprocess.STDOUT,
                        shell=True)
                except Exception:
                    if config.SHOW_DEBUG:
                        traceback.print_exc()

            return content