def save_model(self, request, obj, form, change): remote_addr = request.META['REMOTE_ADDR'] ip_lan = form.cleaned_data['ip_lan'] mask_lan = form.cleaned_data['mask_lan'] dhcp = form.cleaned_data['dhcp'] ip_start = form.cleaned_data['ip_start'] ip_end = form.cleaned_data['ip_end'] iface_range = iptools.IpRange(ip_lan + '/' + mask_lan) if dhcp is True: if ip_start == ip_lan or ip_end == ip_lan or ip_start == ip_end: messages.set_level(request, messages.ERROR) messages.error(request, "L'IP dal range non puo' essere uguale dal IP della rete associata") else: dhcp_range = iptools.IpRange(ip_lan + '/' + mask_lan) if ip_start in dhcp_range and ip_end in dhcp_range: if remote_addr not in iface_range: messages.set_level(request, messages.WARNING) messages.warning(request, "Impostare un IP diverso da dove e' connesso puo' causare perdida di connessione. " "Ricordi cambiare dopo l'IP per accedere di nuovo.") super(LANAdmin, self).save_model(request, obj, form, change) else: messages.set_level(request, messages.ERROR) messages.error(request, "Questa network non appartiene all'interfaccia LAN.") else: obj.ip_start = '0.0.0.0' obj.ip_end = '0.0.0.0' if remote_addr not in iface_range: messages.set_level(request, messages.WARNING) messages.warning(request, "Impostare un IP diverso da dove e' connesso puo' causare perdida di connessione. " "Ricordi cambiare dopo l'IP per accedere di nuovo.") super(LANAdmin, self).save_model(request, obj, form, change)
def cidr_comparison(test, resource, key, value): ip_range = iptools.IpRange(resource[key]) host_bits = 32 - int(value) if function_dict[test](len(ip_range), 2**host_bits): return True else: return False
def network_address_validator(address, obj_range): """validate that given ip address and netmask is really the network address of the range e.g. 10.11.12.0/24 is valid; Args: address (unicode): a give address (e.g. "127.0.0.1") obj_range (iptools.IpRange): an object instance; e.g. created by: IpRange("::1/128") Returns: True or Raises ValidationError Examples: >>> network_address_validator(u'10.11.12.0', iptools.IpRange('10.11.12.0/24')) True >>> network_address_validator(u'10.11.12.5', iptools.IpRange('10.11.12.0/24')) Traceback (most recent call last): ... ValidationError: [u'Wrong network address for given mask, should be 10.11.12.0'] """ if not iptools.IpRange(address).startIp == obj_range.startIp: raise ValidationError( _("Wrong network address for given mask, should be " + unicode(obj_range[0]))) return True
def ip_range(self): try: return iptools.IpRange(self.cidr) except ValueError: # 2015-11-23 (RH): TODO when and how can parsing the IpRange fail?! logger.warn("warning.. unable to create an ip_range from input!") return None
def add_ip_range(self, ip_range, value): """Adds an entry to this map. ip_range can be in the following forms: "1.2.3.4" "1.2.3.0/8" ("1.2.3.4", "1.2.3.44") """ # Convert ranges in CIDR format into (start, end) tuple if isinstance(ip_range, six.string_types) and "/" in ip_range: # ignore bad value if not iptools.validate_cidr(ip_range): return ip_range = iptools.cidr2block(ip_range) # Find the integer representation of first 2 parts of the start and end IPs if isinstance(ip_range, tuple): # ignore bad ips if not iptools.validate_ip(ip_range[0]) or not iptools.validate_ip( ip_range[1]): return # Take the first 2 parts of the begin and end ip as integer start = iptools.ip2long(ip_range[0]) >> 16 end = iptools.ip2long(ip_range[1]) >> 16 else: start = iptools.ip2long(ip_range) >> 16 end = start # for each integer in the range add an entry. for i in range(start, end + 1): self.ip_ranges.setdefault(i, {})[iptools.IpRange(ip_range)] = value
def generate_ips(ip_range): try: ip_addresses = iptools.IpRangeList(args.ip_range) return ip_addresses except: ip_start = ip_range.split("-")[0] ip_end = ip_range.split("-")[1] return iptools.IpRange(ip_start, ip_end)
def ip_cidr_filter(log, cidr): if cidr is None: return True cidr = iptools.IpRange(cidr) ip = log[0] if ip in cidr: return True return False
def matches(self, value): # is this CIDR notation? if '/' in value: try: return self.value in iptools.IpRange(value) except: pass # otherwise it has to match exactly return self.value == value
def save_model(self, request, obj, form, change): ip_check = form.cleaned_data['ip'] ip_lan = LAN.objects.values()[0]['ip_lan'] mask_lan = LAN.objects.values()[0]['mask_lan'] dhcp_range = iptools.IpRange(ip_lan + '/' + mask_lan) if str(ip_check) == str(ip_lan): messages.set_level(request, messages.ERROR) messages.error(request, "L'indirizzo IP e' gia' in utilizzo nella impostazione rete. Prova un'altro.") elif ip_check in dhcp_range: super(dhcptableAdmin, self).save_model(request, obj, form, change) else: messages.set_level(request, messages.ERROR) messages.error(request, "L'indirizzo IP non appartiene alla rete impostata nella voce Networking. Verifiche e provi di nuovo")
def testV4MappedAddressInIPv6Range(self): """ Given that the user has configured an IPv4 range When the server recieves a connection from a host in that range And the network stack presents that address in v4 mapped format Then the address should be recognized as being in the IPv4 range. """ fixture = iptools.IpRange('192.168.0.1/24') self.assertTrue('192.168.0.12' in fixture) self.assertFalse('192.168.1.12' in fixture) self.assertTrue('::ffff:192.168.0.12' in fixture) self.assertFalse('::ffff:192.168.1.12' in fixture)
def run(self, packets): self.success = not self.should_pass for p in packets: try: src_ip = p['payload']['fields'].get('src', None) if self.type == "network" and src_ip in iptools.IpRange(self.target): self.success = self.should_pass break elif src_ip == self.target: self.success = self.should_pass break except: continue return self.create_result()
def __init__(self, *args, **kwargs): super(NetworkIdentifier, self).__init__(*args, **kwargs) self._networks = [] # list of _NetworkDefinition # load the network definitions from the CSV file with open(os.path.join(saq.SAQ_HOME, saq.CONFIG.get(self.config_section, 'csv_file')), 'r') as fp: reader = csv.reader(fp) # these are pulled from splunk and these are the header names header = next(reader) assert header[0] == 'Indicator' assert header[1] == 'Indicator_Type' for row in reader: #logging.debug("loading {0} = {1}".format(row[0], row[1])) self._networks.append(_NetworkDefinition(iptools.IpRange(row[0]), row[1])) logging.debug("loaded {0} network definitions".format(len(self._networks)))
def clean(self): """validate fields https://docs.djangoproject.com/en/1.8/ref/models/instances/#django.db.models.Model.clean This method should be used to provide custom model validation, and to modify attributes on your model if desired. Note that a model's clean() method is not invoked when you call your model's save() method. But it is called when is_valid is invoked. """ # make sure db field address_integer is set to the correct value """ if not self.address_integer == self.address_int: self.address_integer = self.address_int """ if not self.address_binary == self.address_bin: self.address_binary = self.address_bin # make sure that given address is really the startIp of the range (with given mask) if self.ip_range: network_address_validator(self.address, iptools.IpRange(self.ip_range)) # check for duplicates # TODO (RH) 2015-11-29: duplicate handling?! self.check_is_duplicate() # check whether new RangeV4 is really a child of selected parent # TODO (RH) 2015-11-29: should user really be allow / required to set parent?! if self.parent: if self.address not in self.parent.ip_range: raise ValidationError( _(self.cidr + " is not a subnet of " + self.parent.cidr)) # insert into tree at correct position (no matter what user selected as "parent") try: self.insert_into_tree() except IntegrityError: logger.debug( "Integrity because object is not new.. so that's fine.") # 2015-11-29 (RH): TODO does this hurt? Shouldn't really! # play it safe.. rebuild on every save self.__class__.objects.rebuild() return self
def discovery(file_name, output_file): """ This function performs discovery scan using predefined parameters, once finished it returns a tuple with the active hosts. :param file_name: filename containing the host to scan one host by line. :type file_name: str :param output_file: file where to write the active hosts found. :type output_file: str :return: a tuple with the active hosts. """ nm = nmap.PortScanner() tcp_ports = "21-23,25,53,80,88,110-111,135,139,443,445,515,1433,1521,2222,8080,8443" udp_ports = "53,111,135,137,161,500" nm_arguments = "-sP -Pn -PU" + udp_ports + " -PS" + tcp_ports active_ips = list() iplist = list() host_list = filetolist(file_name) for host in host_list: if "/" in host: iplist += iptools.IpRange(host) else: iplist.append(host) iplist = remove_duplicates_in_list(iplist) iplist.sort() printMessage("Scanning a total of %i hosts." % len(iplist)) for host in iplist: printMessage("Scanning %s" % host) nm.scan(hosts=host, arguments=nm_arguments) active_ips += nm.all_hosts() if len(active_ips) is 0: printError("No active hosts found.") sys.exit(1) printSuccess("Scan completed.") active_ips = remove_duplicates_in_list(active_ips) printSuccess("Found %i active hosts." % len(active_ips)) f = open(output_file, "w") f.write("\n".join(active_ips)) f.close() printSuccess("File %s created." % output_file) return active_ips
def save_model(self, request, obj, form, change): ip_wan = form.cleaned_data['ip_wan'] mask_wan = form.cleaned_data['mask_wan'] gateway = form.cleaned_data['gateway'] dns1 = form.cleaned_data['dns1'] dns2 = form.cleaned_data['dns2'] if dns1 == dns2: messages.set_level(request, messages.ERROR) messages.error(request, "Gli IP dal DNS non devono essere uguali") else: if ip_wan == gateway: messages.set_level(request, messages.ERROR) messages.error(request, "L'IP dal gateway non puo' essere uguale dal IP della WAN") else: dhcp_range = iptools.IpRange(ip_wan + '/' + mask_wan) if gateway in dhcp_range: super(WANAdmin, self).save_model(request, obj, form, change) else: messages.set_level(request, messages.ERROR) messages.error(request, "Questo gateway non appartiene all'interfaccia WAN.")
def calculate_min_max(ip): ip_range = iptools.IpRange(ip) return inflate_ip(ip_range[0]), inflate_ip(ip_range[-1])
def generate_ips(ip_range): ip_start = ip_range.split("-")[0] ip_end = ip_range.split("-")[1] r = iptools.IpRange(ip_start, ip_end) return r
import heatmap # The DB update is a replace, so all the old data should be removed first. heatmap.Location.query.delete() # Using decimal.Decimal because IPv6 address space is huge, way bigger than # sys.maxint. counts = defaultdict(Decimal) # Read in each line and update the IP address count for each location. Store # them in the dict without updating the DB yet, so we can get the totals up # front and avoid duplicates. with open('GeoLite2-City-Blocks-IPv6.csv') as f: reader = DictReader(f) for row in reader: location = (float(row['latitude']), float(row['longitude'])) counts[location] += Decimal(iptools.IpRange(row['network']).__len__()) # Get the total for all locations so we can calculate the percent of each. total_count = Decimal(sum(x for x in counts.values())) # Now we calculate the percentage for each location and add them all to the DB. for (latitude, longitude), count in counts.iteritems(): percent = count / total_count location = heatmap.Location(latitude, longitude, percent) heatmap.db.session.add(location) # It'd be a shame to waste all that time by throwing everything away now... heatmap.db.session.commit()
def initialize(saq_home=None, config_paths=None, logging_config_path=None, args=None, relative_dir=None, unittest=False): from saq.database import initialize_database, initialize_node global API_PREFIX global CA_CHAIN_PATH global COMPANY_ID global COMPANY_NAME global CONFIG global CONFIG_PATHS global DAEMON_MODE global DATA_DIR global DEFAULT_ENCODING global DUMP_TRACEBACKS global ENCRYPTION_PASSWORD global EXCLUDED_SLA_ALERT_TYPES global EXECUTION_THREAD_LONG_TIMEOUT global FORCED_ALERTS global GLOBAL_SLA_SETTINGS global GUI_WHITELIST_EXCLUDED_OBSERVABLE_TYPES global INSTANCE_TYPE global LOCK_TIMEOUT_SECONDS global LOG_DIRECTORY global LOG_LEVEL global MANAGED_NETWORKS global MODULE_STATS_DIR global OTHER_PROXIES global OTHER_SLA_SETTINGS global PROXIES global SAQ_HOME global SAQ_NODE global SAQ_NODE_ID global SAQ_RELATIVE_DIR global SEMAPHORES_ENABLED global STATS_DIR global TEMP_DIR global TOR_PROXY global YSS_BASE_DIR global YSS_SOCKET_DIR SAQ_HOME = None SAQ_NODE = None SAQ_NODE_ID = None API_PREFIX = None SAQ_RELATIVE_DIR = None CONFIG = None CONFIG_PATHS = [] DATA_DIR = None TEMP_DIR = None DEFAULT_ENCODING = None SEMAPHORES_ENABLED = False PROXIES = {} OTHER_PROXIES = {} TOR_PROXY = None # list of iptools.IpRange objects defined in [network_configuration] MANAGED_NETWORKS = None # set this to True to force all anlaysis to result in an alert being generated FORCED_ALERTS = False # the gpg private key password for encrypting/decrypting archive files # this can be provided on the command line so that these files can also be analyzed ENCRYPTION_PASSWORD = None # the global log level setting LOG_LEVEL = logging.INFO # global logging directory (relative to DATA_DIR) LOG_DIRECTORY = None # directory containing statistical runtime info STATS_DIR = None MODULE_STATS_DIR = None # are we running as a daemon in the background? DAEMON_MODE = False # path to the certifcate chain used by all SSL certs CA_CHAIN_PATH = None # what type of instance is this? INSTANCE_TYPE = INSTANCE_TYPE_PRODUCTION # SLA settings GLOBAL_SLA_SETTINGS = None OTHER_SLA_SETTINGS = [] EXCLUDED_SLA_ALERT_TYPES = [] # Yara Scanner Server base directory YSS_BASE_DIR = None YSS_SOCKET_DIR = None # set to True to cause tracebacks to be dumped to standard output # useful when debugging or testing DUMP_TRACEBACKS = False # the amount of time (in seconds) that a lock in the locks table is valid LOCK_TIMEOUT_SECONDS = None # amount of time (in seconds) before a process blows up because a threaded module won't stop EXECUTION_THREAD_LONG_TIMEOUT = None # the company/custom this node belongs to COMPANY_NAME = None COMPANY_ID = None # go ahead and try to figure out what text encoding we're using DEFAULT_ENCODING = locale.getpreferredencoding() # list of observable types we want to exclude from whitelisting (via the GUI) GUI_WHITELIST_EXCLUDED_OBSERVABLE_TYPES = [] # do we want to force alerts? if args: FORCED_ALERTS = args.force_alerts # what is the root directory of the entire system? if saq_home is not None: SAQ_HOME = saq_home elif 'SAQ_HOME' in os.environ: SAQ_HOME = os.environ['SAQ_HOME'] else: SAQ_HOME = '.' if not os.path.isdir(SAQ_HOME): sys.stderr.write("invalid root SAQ directory {0}\n".format(SAQ_HOME)) sys.exit(1) # XXX not sure we need this SAQ_RELATIVE_DIR anymore -- check it out # this system was originally designed to run out of /opt/saq # later we modified to run out of anywhere for command line correlation # when running the GUI in apache you have no control over the current working directory # so we specify what directory we'd *want* to be running out of here (even if we're not actually) # this only matters when loading alerts # this defaults to the current working directory SAQ_RELATIVE_DIR = os.path.relpath(os.getcwd(), start=SAQ_HOME) if relative_dir: SAQ_RELATIVE_DIR = relative_dir # load configuration file # defaults to $SAQ_HOME/etc/saq.ini if args: if args.config_paths: config_paths = args.config_paths if config_paths is None: config_paths = [] # make each relative config path absolute to SAQ_HOME CONFIG_PATHS = [ os.path.join(SAQ_HOME, p) if not os.path.isabs(p) else p for p in config_paths ] # add any config files specified in SAQ_CONFIG_PATHS env var (command separated) #sys.stderr.write("SAQ_CONFIG_PATHS = {}\n".format(os.environ['SAQ_CONFIG_PATHS'])) if 'SAQ_CONFIG_PATHS' in os.environ: for config_path in os.environ['SAQ_CONFIG_PATHS'].split(','): config_path = config_path.strip() if not os.path.isabs(config_path): config_path = os.path.join(SAQ_HOME, config_path) if not os.path.exists(config_path): sys.stderr.write( "WARNING: config path {} specified in SAQ_CONFIG_PATHS env var does not exist\n" .format(config_path)) else: if config_path not in CONFIG_PATHS: CONFIG_PATHS.append(config_path) # if $SAQ_HOME/etc/saq.ini exists then we use that as the last config if it's not already specified default_config_path = os.path.join(SAQ_HOME, 'etc', 'saq.ini') # use unit test config if we are running a unit test if unittest: default_config_path = os.path.join(SAQ_HOME, 'etc', 'saq.unittest.ini') if os.path.exists(default_config_path): if default_config_path not in CONFIG_PATHS: CONFIG_PATHS.append(default_config_path) try: load_configuration() except Exception as e: sys.stderr.write("ERROR: unable to load configuration: {0}".format( str(e))) sys.exit(1) DATA_DIR = os.path.join(SAQ_HOME, CONFIG['global']['data_dir']) TEMP_DIR = os.path.join(DATA_DIR, CONFIG['global']['tmp_dir']) COMPANY_NAME = CONFIG['global']['company_name'] COMPANY_ID = CONFIG['global'].getint('company_id') minutes, seconds = map(int, CONFIG['global']['lock_timeout'].split(':')) LOCK_TIMEOUT_SECONDS = (minutes * 60) + seconds EXECUTION_THREAD_LONG_TIMEOUT = CONFIG['global'].getint( 'execution_thread_long_timeout') # user specified log level LOG_LEVEL = logging.INFO if args: if args.log_level: LOG_LEVEL = args.log_level # make sure the logs directory exists LOG_DIRECTORY = os.path.join(DATA_DIR, 'logs') if not os.path.exists(LOG_DIRECTORY): try: os.mkdir(LOG_DIRECTORY) except Exception as e: sys.stderr.write("unable to mkdir {}: {}\n".format( LOG_DIRECTORY, e)) sys.exit(1) # by default we log to the console if logging_config_path is None: logging_config_path = os.path.join(SAQ_HOME, 'etc', 'console_logging.ini') # we can override this on the command line # this is what we use for production engine settings if args: if args.logging_config_path: logging_config_path = args.logging_config_path # we can re-initialize later if we have to try: initialize_logging( logging_config_path ) # this log file just gets some startup information except Exception as e: sys.exit(1) GUI_WHITELIST_EXCLUDED_OBSERVABLE_TYPES = [ _.strip() for _ in CONFIG['gui'] ['whitelist_excluded_observable_types'].split(',') ] for o_type in GUI_WHITELIST_EXCLUDED_OBSERVABLE_TYPES: if o_type not in VALID_OBSERVABLE_TYPES: logging.error( f"invalid observable type {o_type} specified in [gui] whitelist_excluded_observable_types" ) # make this a faster lookup GUI_WHITELIST_EXCLUDED_OBSERVABLE_TYPES = set( GUI_WHITELIST_EXCLUDED_OBSERVABLE_TYPES) # load global SLA settings GLOBAL_SLA_SETTINGS = SLA(None, CONFIG['SLA'].getboolean('enabled'), CONFIG['SLA'].getint('time_to_dispo'), CONFIG['SLA'].getint('approaching_warn'), None, None) EXCLUDED_SLA_ALERT_TYPES = [ x.strip() for x in CONFIG['SLA']['excluded_alert_types'].split(',') ] # load all the other SLA settings for section in [s for s in CONFIG.keys() if s.startswith('SLA_')]: logging.debug("loading {}".format(section)) OTHER_SLA_SETTINGS.append( SLA(section[len('SLA_'):], CONFIG[section].getboolean('enabled'), CONFIG[section].getint('time_to_dispo'), CONFIG[section].getint('approaching_warn'), CONFIG[section]['property'], CONFIG[section]['value'])) # what node is this? try: SAQ_NODE = CONFIG['global']['node'] if SAQ_NODE == 'AUTO': SAQ_NODE = socket.getfqdn() except Exception as e: sys.stderr.write("unable to get hostname: {}\n".format(e)) sys.exit(1) # what prefix do other systems use to communicate to the API server for this node? try: API_PREFIX = CONFIG['api']['prefix'] if API_PREFIX == 'AUTO': API_PREFIX = socket.getfqdn() logging.debug("node {} has api prefix {}".format(SAQ_NODE, API_PREFIX)) except Exception as e: sys.stderr.write("unable to get hostname: {}\n".format(e)) sys.exit(1) # what type of instance is this? if 'instance_type' in CONFIG['global']: INSTANCE_TYPE = CONFIG['global']['instance_type'] if INSTANCE_TYPE not in [ INSTANCE_TYPE_PRODUCTION, INSTANCE_TYPE_QA, INSTANCE_TYPE_DEV ]: logging.warning( "invalid instance type {}: defaulting to {}".format( INSTANCE_TYPE, INSTANCE_TYPE_PRODUCTION)) INSTANCE_TYPE = INSTANCE_TYPE_PRODUCTION else: logging.warning( "missing configuration instance_type in global section (defaulting to instance type {})" .format(INSTANCE_TYPE_PRODUCTION)) if FORCED_ALERTS: # lol logging.warning( " ****************************************************************** " ) logging.warning( " ****************************************************************** " ) logging.warning( " **** WARNING **** ALL ANALYSIS RESULTS IN ALERTS **** WARNING **** " ) logging.warning( " ****************************************************************** " ) logging.warning( " ****************************************************************** " ) # warn if timezone is not UTC #if time.strftime("%z") != "+0000": #logging.warning("Timezone is not UTC. All ACE systems in a cluster should be in UTC.") # we can globally disable semaphores with this flag SEMAPHORES_ENABLED = CONFIG.getboolean('global', 'enable_semaphores') # some settings can be set to PROMPT for section in CONFIG.sections(): for (name, value) in CONFIG.items(section): if value == 'PROMPT': CONFIG.set( section, name, getpass("Enter the value for {0}:{1}: ".format( section, name))) # make sure we've got the ca chain for SSL certs CA_CHAIN_PATH = os.path.join(SAQ_HOME, CONFIG['SSL']['ca_chain_path']) ace_api.set_default_ssl_ca_path(CA_CHAIN_PATH) # XXX this should probably move to the yara scanning module # set the location we'll be running yss out of YSS_BASE_DIR = os.path.join(SAQ_HOME, CONFIG['yara']['yss_base_dir']) if not os.path.exists(YSS_BASE_DIR): logging.critical( "[yara][yss_base_dir] is set to {} but does not exist".format( YSS_BASE_DIR)) YSS_SOCKET_DIR = os.path.join(YSS_BASE_DIR, CONFIG['yara']['yss_socket_dir']) # initialize the database connection initialize_database() # initialize fallback semaphores initialize_fallback_semaphores() # XXX get rid of this try: maliciousdir = CONFIG.get("global", "malicious") except: maliciousdir = "malicious" STATS_DIR = os.path.join(DATA_DIR, 'stats') MODULE_STATS_DIR = os.path.join(STATS_DIR, 'modules') # make sure some key directories exists for dir_path in [ # anaysis data os.path.join(DATA_DIR, CONFIG['global']['node']), #os.path.join(SAQ_HOME, 'var', 'locks'), # XXX remove os.path.join(DATA_DIR, 'review', 'rfc822'), os.path.join(DATA_DIR, 'review', 'misc'), os.path.join(DATA_DIR, CONFIG['global']['error_reporting_dir']), STATS_DIR, MODULE_STATS_DIR, os.path.join(STATS_DIR, 'brocess'), # get rid of this os.path.join(STATS_DIR, 'metrics'), os.path.join(DATA_DIR, CONFIG['splunk_logging']['splunk_log_dir']), os.path.join(DATA_DIR, DATA_DIR, CONFIG['elk_logging']['elk_log_dir']), os.path.join(TEMP_DIR), os.path.join(SAQ_HOME, CONFIG['yara']['yss_base_dir'], 'logs'), ]: # XXX this should be in YSS #os.path.join(SAQ_HOME, maliciousdir) ]: # XXX remove try: if not os.path.isdir(dir_path): os.makedirs(dir_path) except Exception as e: logging.error("unable to create required directory {}: {}".format( dir_path, str(e))) sys.exit(1) # clear out any proxy environment variables if they exist for proxy_key in ['http_proxy', 'https_proxy', 'ftp_proxy']: if proxy_key in os.environ: logging.debug( "removing proxy environment variable for {}".format(proxy_key)) del os.environ[proxy_key] # set up the PROXY global dict (to be used with the requests library) for proxy_key in ['http', 'https']: if CONFIG['proxy']['host'] and CONFIG['proxy']['port'] and CONFIG[ 'proxy']['transport']: if CONFIG['proxy']['user'] and CONFIG['proxy']['password']: PROXIES[proxy_key] = '{}://{}:{}@{}:{}'.format( CONFIG['proxy']['transport'], CONFIG['proxy']['user'], CONFIG['proxy']['password'], CONFIG['proxy']['host'], CONFIG['proxy']['port']) else: PROXIES[proxy_key] = '{}://{}:{}'.format( CONFIG['proxy']['transport'], CONFIG['proxy']['host'], CONFIG['proxy']['port']) logging.debug("proxy for {} set to {}".format( proxy_key, PROXIES[proxy_key])) # load any additional proxies specified in the config sections proxy_* for section in CONFIG.keys(): if section.startswith('proxy_'): proxy_name = section[len('proxy_'):] OTHER_PROXIES[proxy_name] = {} for proxy_key in ['http', 'https']: if CONFIG[section]['host'] and CONFIG[section][ 'port'] and CONFIG[section]['transport']: if 'user' in CONFIG[section] and 'password' in CONFIG[section] \ and CONFIG[section]['user'] and CONFIG[section]['password']: OTHER_PROXIES[proxy_name][ proxy_key] = '{}://{}:{}@{}:{}'.format( CONFIG[section]['transport'], CONFIG[section]['user'], CONFIG[section]['password'], CONFIG[section]['host'], CONFIG[section]['port']) else: OTHER_PROXIES[proxy_name][ proxy_key] = '{}://{}:{}'.format( CONFIG[section]['transport'], CONFIG[section]['host'], CONFIG[section]['port']) # load global constants import iptools MANAGED_NETWORKS = [] for cidr in CONFIG['network_configuration']['managed_networks'].split(','): try: if cidr: MANAGED_NETWORKS.append(iptools.IpRange(cidr.strip())) except Exception as e: logging.error("invalid managed network {}: {}".format( cidr, str(e))) # are we running as a daemon? if args: DAEMON_MODE = args.daemon # initialize other systems initialize_remediation_system_manager() initialize_message_system() logging.debug("SAQ initialized")
import iptools import sys inputfile = sys.argv[1] outputfile = sys.argv[2] inputcidr = open(inputfile, "r") outputips = open(outputfile, "a") for cidr in inputcidr: iplist = iptools.IpRange(cidr) for ip in iplist: print(ip) outputips.write(ip + "\n") inputcidr.close() outputips.close() inputcount = len(open(inputfile).readlines()) print("number of CIDR = " + str(inputcount)) outputcount = len(open(outputfile).readlines()) print("number of output IPS = " + str(outputcount))
def address_bin(self): address_int = iptools.IpRange(self.address).startIp return bin(address_int)
def close_stream(host, stream): """Bookkeeping: delete closed hosts from the dict""" lock.acquire() try: del hosts[host] except: pass lock.release() countinc() # IpRanges to check if we generated an valid IP # Tip: Use 3to2-3.x to convert the iptools module classA = iptools.IpRange('1.0.0.0', '126.0.0.0') classB = iptools.IpRange('128.0.0.0', '191.0.0.0') classC = iptools.IpRange('192.0.0.0', '223.0.0.0') privA = iptools.IpRange('10.0.0.0', '10.255.255.255') privB = iptools.IpRange('172.16.0.0', '172.31.255.255') privC = iptools.IpRange('192.168.0.0', '192.168.255.255') max_ip = 2**32 # In python3 this is so much nicer to write! def int_to_ip(ip): """Convert 32-bit integer to an IP""" return socket.inet_ntoa(ip.to_bytes(4, 'big')) def ip_ranges():
#!/usr/bin/python ## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ## Import Python Libs ## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- import os import geo import json import iptools ## Get IP Range IPRANGE = os.environ.get('IPRANGE', '52.0.0.0/30') ## Private IP Addresses private = iptools.IpRangeList( '0.0.0.0/8', '10.0.0.0/8', '100.64.0.0/10', '127.0.0.0/8', '169.254.0.0/16', '172.16.0.0/12', '192.0.0.0/24', '192.0.2.0/24', '192.88.99.0/24', '192.168.0.0/16', '198.18.0.0/15', '198.51.100.0/24', '203.0.113.0/24', '224.0.0.0/4', '240.0.0.0/4', '255.255.255.255/32') ## Print Found Valid Public IPs ips = iptools.IpRange(IPRANGE).__iter__() while True: try: ip = ips.next() except: break if ip not in private: print json.dumps(geo.lookup(ip))
def ipExtract(self, ipClass): # Extract specific ip addrs from IP Class self.IPV4 = ipClass self.tryipList = iptools.IpRange(self.IPV4) return self.tryipList
def main(): print('\nFor finding SSL/TLS certificates in a IP range.\n') PARSER = argparse.ArgumentParser( description="""This program scans a range of IPs and attempts to read hostname information from the SSL/TLS certificates""") PARSER.add_argument('-r', '--range', help='IP range(ex:1.1/16,1.1.1/24)', required=False) PARSER.add_argument('-s', '--start', help='IP or start of IP range', required=False) PARSER.add_argument('-e', '--end', help='End of IP range', required=False) PARSER.add_argument('-t', '--timeout', help='Socket timeout (default:2)', required=False) PARSER.add_argument('-p', '--port', help='SSL/TLS port (default:443)', required=False) PARSER.add_argument('-m', '--maxscanprocess', help='SSL/TLS port (default:443)', required=False) ARGS = PARSER.parse_args() # if ARGS.range is None: # if ARGS.start is None: # Usage() # sys.exit(2) if ARGS.range is not None and ARGS.start is not None: print( 'The start address of IP and IP range cannot be used concurrently.' ) print('') Usage() sys.exit(2) # if ARGS.range is not None: # IPLIST = iptools.IpRange(ARGS.range) # # else: # # if ARGS.end is None: # # ARGS.end = ARGS.start # # IPLIST = iptools.IpRange(ARGS.start, ARGS.end) # Amazon_IPs_List = prefixes() # RemoveDup_Amazon_IPs_List = list(set(Amazon_IPs_List)) # RemoveDup_Amazon_IPs_List.sort() if ARGS.maxscanprocess is None: Max_Do_Process_Cnt = 200 Max_Log_Process_Cnt = 2 else: if (int(ARGS.maxscanprocess) > 1024): Max_Do_Process_Cnt = 1024 else: Max_Do_Process_Cnt = int(ARGS.maxscanprocess) if (Max_Do_Process_Cnt / 50 <= 4): Max_Log_Process_Cnt = 4 else: Max_Log_Process_Cnt = Max_Do_Process_Cnt / 50 if ARGS.timeout is None: ARGS.timeout = 1 if ARGS.port is None: ARGS.port = 443 sys.stdout = Unbuffered(sys.stdout) queueA = Queue( 2048) #needs to be a bit bigger than actual. 3x works well for me queueB = Queue(2048) procsA = start_procs(Max_Do_Process_Cnt, processA, (queueA, queueB, ARGS.timeout, ARGS.port)) procsB = start_procs(Max_Log_Process_Cnt, processB, (queueB, None)) IPV4 = "8.35.192.0/21" IPLIST = iptools.IpRange(IPV4) for ip_addr in IPLIST: queueA.put(ip_addr) print(ip_addr) # for IPv4_Class in RemoveDup_Amazon_IPs_List: # IPLIST = iptools.IpRange(IPv4_Class) # print (IPv4_Class) # [queueA.put(ip_addrs) for ip_addrs in IPLIST] # # print ("[+] NEXT" + ip_addrs) # scan_start = IPLIST.__getitem__(0) # scan_end = IPLIST.__getitem__(IPLIST.__len__()-1) # print "\nScanning %s IPs from %s to %s...\n" % (len(IPLIST), scan_start, scan_end) # print 'Scan Process Nums : ' + str(Max_Do_Process_Cnt) + ', Log Proc Nums : ' + str(Max_Log_Process_Cnt) # print '' shutdown_process(procsA, queueA) shutdown_process(procsB, queueB)
def initialize(saq_home=None, config_paths=None, logging_config_path=None, args=None, relative_dir=None): from saq.database import initialize_database global SAQ_HOME global SAQ_NODE global SAQ_RELATIVE_DIR global CONFIG global CONFIG_PATHS global SINGLE_THREADED global DEFAULT_ENCODING global SEMAPHORES_ENABLED global MANAGED_NETWORKS global FORCED_ALERTS global LOG_LEVEL global DAEMON_MODE global CA_CHAIN_PATH global INSTANCE_TYPE global GLOBAL_SLA_SETTINGS global EXCLUDED_SLA_ALERT_TYPES global STATS_DIR global MODULE_STATS_DIR global YSS_BASE_DIR global YSS_SOCKET_DIR # go ahead and try to figure out what text encoding we're using DEFAULT_ENCODING = locale.getpreferredencoding() # do we want to force alerts? if args: FORCED_ALERTS = args.force_alerts # do we want to run in single threaded mode? if args: SINGLE_THREADED = args.single_threaded # what is the root directory of the entire system? if saq_home is not None: SAQ_HOME = saq_home elif 'SAQ_HOME' in os.environ: SAQ_HOME = os.environ['SAQ_HOME'] else: SAQ_HOME = '.' if not os.path.isdir(SAQ_HOME): sys.stderr.write("invalid root SAQ directory {0}\n".format(SAQ_HOME)) sys.exit(1) # XXX not sure we need this SAQ_RELATIVE_DIR anymore -- check it out # this system was originally designed to run out of /opt/saq # later we modified to run out of anywhere for command line correlation # when running the GUI in apache you have no control over the current working directory # so we specify what directory we'd *want* to be running out of here (even if we're not actually) # this only matters when loading alerts # this defaults to the current working directory SAQ_RELATIVE_DIR = os.getcwd() if relative_dir: SAQ_RELATIVE_DIR = relative_dir # load configuration file # defaults to $SAQ_HOME/etc/saq.ini if args: if args.config_paths: config_paths = args.config_paths if config_paths is None: config_paths = [] # make each relative config path absolute to SAQ_HOME CONFIG_PATHS = [os.path.join(SAQ_HOME, p) if not os.path.isabs(p) else p for p in config_paths] # add any config files specified in SAQ_CONFIG_PATHS env var (command separated) #sys.stderr.write("SAQ_CONFIG_PATHS = {}\n".format(os.environ['SAQ_CONFIG_PATHS'])) if 'SAQ_CONFIG_PATHS' in os.environ: for config_path in os.environ['SAQ_CONFIG_PATHS'].split(','): config_path = config_path.strip() if not os.path.isabs(config_path): config_path = os.path.join(SAQ_HOME, config_path) if not os.path.exists(config_path): sys.stderr.write("WARNING: config path {} specified in SAQ_CONFIG_PATHS env var does not exist\n".format(config_path)) else: if config_path not in CONFIG_PATHS: CONFIG_PATHS.append(config_path) # if $SAQ_HOME/etc/saq.ini exists then we use that as the last config if it's not already specified default_config_path = os.path.join(SAQ_HOME, 'etc', 'saq.ini') if os.path.exists(default_config_path): if default_config_path not in CONFIG_PATHS: CONFIG_PATHS.append(default_config_path) try: load_configuration() except Exception as e: sys.stderr.write("ERROR: unable to load configuration: {0}".format(str(e))) sys.exit(1) # user specified log level LOG_LEVEL = logging.INFO if args: if args.log_level: LOG_LEVEL = args.log_level # make sure the logs directory exists logs_dir = os.path.join(SAQ_HOME, LOG_DIRECTORY) if not os.path.exists(logs_dir): try: os.mkdir(logs_dir) except Exception as e: sys.stderr.write("unable to mkdir {}: {}\n".format(logs_dir, e)) sys.exit(1) # by default we log to the console if logging_config_path is None: logging_config_path = os.path.join(SAQ_HOME, 'etc', 'console_logging.ini') # we can override this on the command line # this is what we use for production engine settings if args: if args.logging_config_path: logging_config_path = args.logging_config_path # we can re-initialize later if we have to try: initialize_logging(logging_config_path) # this log file just gets some startup information except Exception as e: sys.exit(1) # load global SLA settings GLOBAL_SLA_SETTINGS = SLA(None, CONFIG['SLA'].getboolean('enabled'), CONFIG['SLA'].getint('time_to_dispo'), CONFIG['SLA'].getint('approaching_warn'), None, None) EXCLUDED_SLA_ALERT_TYPES = [x.strip() for x in CONFIG['SLA']['excluded_alert_types'].split(',')] # load all the other SLA settings for section in [s for s in CONFIG.keys() if s.startswith('SLA_')]: logging.debug("loading {}".format(section)) OTHER_SLA_SETTINGS.append(SLA(section[len('SLA_'):], CONFIG[section].getboolean('enabled'), CONFIG[section].getint('time_to_dispo'), CONFIG[section].getint('approaching_warn'), CONFIG[section]['property'], CONFIG[section]['value'])) # what node is this? try: SAQ_NODE = CONFIG['global']['node'] logging.debug("node {}".format(SAQ_NODE)) except Exception as e: sys.stderr.write("unable to get hostname: {}\n".format(e)) sys.exit(1) # what type of instance is this? if 'instance_type' in CONFIG['global']: INSTANCE_TYPE = CONFIG['global']['instance_type'] if INSTANCE_TYPE not in [ INSTANCE_TYPE_PRODUCTION, INSTANCE_TYPE_QA, INSTANCE_TYPE_DEV ]: logging.warning("invalid instance type {}: defaulting to {}".format(INSTANCE_TYPE, INSTANCE_TYPE_PRODUCTION)) INSTANCE_TYPE = INSTANCE_TYPE_PRODUCTION else: logging.warning("missing configuration instance_type in global section (defaulting to instance type {})".format(INSTANCE_TYPE_PRODUCTION)) if FORCED_ALERTS: # lol logging.warning(" ****************************************************************** ") logging.warning(" ****************************************************************** ") logging.warning(" **** WARNING **** ALL ANALYSIS RESULTS IN ALERTS **** WARNING **** ") logging.warning(" ****************************************************************** ") logging.warning(" ****************************************************************** ") # we can globally disable semaphores with this flag SEMAPHORES_ENABLED = CONFIG.getboolean('global', 'enable_semaphores') # log all SQL commands if we are running in debug mode if CONFIG['global'].getboolean('log_sql'): logging.getLogger('sqlalchemy.engine').setLevel(logging.INFO) # some settings can be set to PROMPT for section in CONFIG.sections(): for (name, value) in CONFIG.items(section): if value == 'PROMPT': CONFIG.set(section, name, getpass("Enter the value for {0}:{1}: ".format(section, name))) # make sure we've got the ca chain for SSL certs CA_CHAIN_PATH = os.path.join(SAQ_HOME, CONFIG['SSL']['ca_chain_path']) # set the location we'll be running yss out of YSS_BASE_DIR = os.path.join(SAQ_HOME, CONFIG['yara']['yss_base_dir']) if not os.path.exists(YSS_BASE_DIR): logging.critical("[yara][yss_base_dir] is set to {} but does not exist".format(YSS_BASE_DIR)) YSS_SOCKET_DIR = os.path.join(YSS_BASE_DIR, CONFIG['yara']['yss_socket_dir']) # initialize the database connection initialize_database() # initialize fallback semaphores initialize_fallback_semaphores() try: maliciousdir = CONFIG.get("global", "malicious") except: maliciousdir = "malicious" STATS_DIR = os.path.join(SAQ_HOME, 'stats') MODULE_STATS_DIR = os.path.join(STATS_DIR, 'modules') # make sure some key directories exists for dir_path in [ os.path.join(SAQ_HOME, CONFIG['global']['data_dir'], CONFIG['global']['node']), os.path.join(SAQ_HOME, 'var', 'locks'), os.path.join(SAQ_HOME, 'var', 'incoming'), os.path.join(SAQ_HOME, 'review', 'rfc822'), os.path.join(SAQ_HOME, 'review', 'misc'), STATS_DIR, MODULE_STATS_DIR, os.path.join(SAQ_HOME, 'stats', 'brocess'), os.path.join(SAQ_HOME, 'stats', 'metrics'), os.path.join(SAQ_HOME, CONFIG['splunk_logging']['splunk_log_dir']), os.path.join(SAQ_HOME, CONFIG['elk_logging']['elk_log_dir']), os.path.join(SAQ_HOME, CONFIG['global']['tmp_dir']), os.path.join(SAQ_HOME, CONFIG['yara']['yss_base_dir'], 'logs'), os.path.join(SAQ_HOME, maliciousdir) ]: try: if not os.path.isdir(dir_path): os.makedirs(dir_path) except Exception as e: logging.error("unable to create required directory {}: {}".format(dir_path, str(e))) sys.exit(1) # make sure the collection directory for each enabled engine exists for section in CONFIG.keys(): if section.startswith('engine_'): engine_config = CONFIG[section] if 'collection_dir' in engine_config: collection_dir = os.path.join(SAQ_HOME, engine_config['collection_dir']) if not os.path.isdir(collection_dir): logging.info("creating collection directory {} for {}".format(collection_dir, section)) try: os.makedirs(collection_dir) except Exception as e: logging.error("unable to create directory {}: {}".format(collection_dir, e)) sys.exit(1) # clear out any proxy environment variables if they exist for proxy_key in [ 'http_proxy', 'https_proxy', 'ftp_proxy' ]: if proxy_key in os.environ: logging.debug("removing proxy environment variable for {}".format(proxy_key)) del os.environ[proxy_key] # set up the PROXY global dict (to be used with the requests library) for proxy_key in [ 'http', 'https' ]: if CONFIG['proxy']['host'] and CONFIG['proxy']['port'] and CONFIG['proxy']['transport']: if CONFIG['proxy']['user'] and CONFIG['proxy']['password']: PROXIES[proxy_key] = '{}://{}:{}@{}:{}'.format(CONFIG['proxy']['transport'], CONFIG['proxy']['user'], CONFIG['proxy']['password'], CONFIG['proxy']['host'], CONFIG['proxy']['port']) else: PROXIES[proxy_key] = '{}://{}:{}'.format(CONFIG['proxy']['transport'], CONFIG['proxy']['host'], CONFIG['proxy']['port']) logging.debug("proxy for {} set to {}".format(proxy_key, PROXIES[proxy_key])) # load any additional proxies specified in the config sections proxy_* for section in CONFIG.keys(): if section.startswith('proxy_'): proxy_name = section[len('proxy_'):] OTHER_PROXIES[proxy_name] = {} for proxy_key in [ 'http', 'https' ]: if CONFIG[section]['host'] and CONFIG[section]['port'] and CONFIG[section]['transport']: if 'user' in CONFIG[section] and 'password' in CONFIG[section] \ and CONFIG[section]['user'] and CONFIG[section]['password']: OTHER_PROXIES[proxy_name][proxy_key] = '{}://{}:{}@{}:{}'.format( CONFIG[section]['transport'], CONFIG[section]['user'], CONFIG[section]['password'], CONFIG[section]['host'], CONFIG[section]['port']) else: OTHER_PROXIES[proxy_name][proxy_key] = '{}://{}:{}'.format( CONFIG[section]['transport'], CONFIG[section]['host'], CONFIG[section]['port']) # load global constants import iptools MANAGED_NETWORKS = [] for cidr in CONFIG['network_configuration']['managed_networks'].split(','): try: if cidr: MANAGED_NETWORKS.append(iptools.IpRange(cidr.strip())) except Exception as e: logging.error("invalid managed network {}: {}".format(cidr, str(e))) # are we running as a daemon? if args: DAEMON_MODE = args.daemon logging.debug("SAQ initialized")
def Malicious(pop_size, scan_rate, susc_size, inf, code, count): """ Function Malicious takes population size, scanning rate, susceptible proportion, number of initial infected nodes, attack type, and number of infections per iteration as input to generate netflows in .csv and .txt format. Args : pop_size (float) : population size of scanning worm scan_rate (float) : scanning rate of computer worm susc_prop (float) : susceptible proportion of computer worm inf (float) : number of initial infected hosts code (int) : attack type count (int) : time variable """ ### Variable : Initialization ### time = int(count) * 5 # Duration of Malicious Traffic # ### Filename ### if (code == 1): name = "DDoS" elif (code == 2): name = "Horiz" elif (code == 3): name = "Vert" elif (code == 4): name = "FIN" ### .csv ### Malicious_filename_1 = "[" + str(int(pop_size)) + "_" + str( int(scan_rate)) + "_" + str(int(susc_size)) + "_" + str( int(code)) + name + "_" + str(time) + "]" + ".csv" open(Malicious_filename_1, 'w').close() ### .txt ### Malicious_filename_2 = "[" + str(int(pop_size)) + "_" + str( int(scan_rate)) + "_" + str(int(susc_size)) + "_" + str( int(code)) + name + "_" + str(time) + "]" + ".txt" open(Malicious_filename_2, 'w').close() ### Header ### Header(Malicious_filename_1, 1) Header(Malicious_filename_2, 2) ### File Operation : Open ### f0 = open(Time_filename, 'r') # Time File # f1 = open(Malicious_filename_1, 'a') # Malicious File # f2 = open(Malicious_filename_2, 'a') # Malicious File # ### Variable : Initialization ### port = 0 # Port Counter # ik_t = 0 # Temp Variable (Unusual Flags) # st_t = 0 # Temp Variable (Port Scan) # n = int(code) # Code # ### IP Address Range ### ip_internal = iptools.IpRange( '10.0.0.0', '10.0.255.255').__iter__() # Internal : IP Address Space # ip_internal2 = iptools.IpRange( '10.0.0.0', '10.0.255.255').__iter__() # Internal : IP Address Space # ### Display ### print(Malicious_filename_1) print(Malicious_filename_2) ### Loop : For line in f0 ### for line in f0: ### Data Extraction ### ip, time, unix_t = line.split(",") # IP Address and Time # time = time.strip() # Time Strip function # Unix_time = unix_t.strip() # Unix Strip Function # #fmt = '%Y-%m-%d %H:%M:%S.%f' #time = datetime.datetime.strptime ( time , fmt ) ### Protocols ### Src_ip = ip.strip() # Source IP Address # TCP_protocol = '6' # TCP Protocol # Dest_ip = '10.0.100.1' # Destination IP Address # Packets = int(1) # Number of Packets # Bytes = random.randint(41, 43) # Number of Bytes # Dt = time # Time in format # Src_port = random.randint(50000, 65000) # Source Port # Lk = [8080, 80] # List # Dest_port = random.choice(Lk) # Destination Port # Remaining_flags = ' ' # Remaining Flags # Duration = random.randint(300, 305) # Duration # ### Random Number Generator ### r = random.randint(0, 9) # Random Integer # ### Conditional Statements : if ### if (n == 1): f1.write( str(Unix_time) + "," + str(Duration) + "," + str(Packets) + "," + str(Src_ip) + "," + str(Dest_ip) + "," + str(Src_port) + "," + str(Dest_port) + "," + str(TCP_protocol) + "," + " S " + "\n") f2.write( str("in") + str("|") + str(TCP_protocol) + str("|") + str(Src_ip) + str("|") + str(Dest_ip) + str("|") + str(Src_port) + str("|") + str(Dest_port) + str("|") + str(Packets) + str("|") + str(Bytes) + str("|") + str(Dt) + str("|") + str("0.002") + str("|") + str(" S ") + str("|") + str(Remaining_flags) + "\n") if (r == 9): f1.write( str(Unix_time) + "," + str(Duration) + "," + str(Packets) + "," + str(Dest_ip) + "," + str(Src_ip) + "," + str(Dest_port) + "," + str(Src_port) + "," + str(TCP_protocol) + "," + " A S " + "\n") f2.write( str("out") + str("|") + str(TCP_protocol) + str("|") + str(Dest_ip) + str("|") + str(Src_ip) + str("|") + str(Dest_port) + str("|") + str(Src_port) + str("|") + str(Packets) + str("|") + str(Bytes) + str("|") + str(Dt) + str("|") + str("0.002") + str("|") + str(" A S ") + str("|") + str(Remaining_flags) + "\n") elif (n == 2): if (port < 65536): ### Variable : Initialization ### Dest_ip = '10.0.100.9' # Destination IP Address # Dest_port = port # Port Number # ### File Operation : Write ### f1.write( str("in") + str(",") + str(TCP_protocol) + str(",") + str(Src_ip) + str(",") + str(Dest_ip) + str(",") + str(Src_port) + str(",") + str(Dest_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(' S ') + str(Remaining_flags) + "\n") if (r == 9): f1.write( str("out") + str(",") + str(TCP_protocol) + str(",") + str(Dest_ip) + str(",") + str(Src_ip) + str(",") + str(Dest_port) + str(",") + str(Src_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(' A ') + str(Remaining_flags) + "\n") f1.write( str("in") + str(",") + str(TCP_protocol) + str(",") + str(Src_ip) + str(",") + str(Dest_ip) + str(",") + str(Src_port) + str(",") + str(Dest_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(' R ') + str(Remaining_flags) + "\n") ### Increment : port ### port += 1 # Port Number # ### Try Statement ### elif (n == 3): try: ### If Statement ### if (next(ip_internal).strip() != '10.0.255.255'): ### Variables ### Dest_ip_1 = next(ip_internal) ### File Operation : Write ### f1.write( str("in") + str(",") + str(TCP_protocol) + str(",") + str(Src_ip) + str(",") + str(Dest_ip_1) + str(",") + str(Src_port) + str(",") + str(Dest_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(' S ') + "\n") if (r == 9): f1.write( str("out") + str(",") + str(TCP_protocol) + str(",") + str(Dest_ip_1) + str(",") + str(Src_ip) + str(",") + str(Dest_port) + str(",") + str(Src_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(' A ') + "\n") f1.write( str("in") + str(",") + str(TCP_protocol) + str(",") + str(Src_ip) + str(",") + str(Dest_ip_1) + str(",") + str(Src_port) + str(",") + str(Dest_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(' R ') + "\n") ### Exception Handling ### except StopIteration: st_t += 1 # Increment : Temp Variable (Horiz. Scan) # elif (n == 4): try: ### If Statement ### if (next(ip_internal2).strip() != '10.0.255.255'): ### Variable : Update ### Dest_ip_2 = next(ip_internal2) # Destination IP Address # ### File Operation : Write ### f1.write( str("in") + str(",") + str(TCP_protocol) + str(",") + str(Src_ip) + str(",") + str(Dest_ip_2) + str(",") + str(Src_port) + str(",") + str(Dest_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(' F') + "\n") if (r != 9): f1.write( str("out") + str(",") + str(TCP_protocol) + str(",") + str(Dest_ip_2) + str(",") + str(Src_ip) + str(",") + str(Dest_port) + str(",") + str(Src_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(' R ') + "\n") ### Exception Handling ### except StopIteration: st_t += 1 # Increment Temp Variable (FIN Scan) # elif (n == 5): if (ik_t < 1000): ### Variable : Initialization ### flag = random.choice(perms) # Flag (Unusual Flags) # ### File Operation : Write ### f1.write( str("in") + str(",") + str(TCP_protocol) + str(",") + str(Src_ip) + str(",") + str(Dest_ip_2) + str(",") + str(Src_port) + str(",") + str(Dest_port) + str(",") + str(Packets) + str(",") + str(Bytes) + str(",") + str(Dt) + str(",") + str("0.002") + str(",") + str(flag) + "\n") ### Increment : ik_t ### ik_t += 1 # Increment Temp Variable (Unusual Flag) #
parser.add_argument("-t", "--target", help="Restricted URL (target)", required=True) parser.add_argument("-cl", "--badcl", help="Restricted URL Content Length", required=True) parser.add_argument("-r", "--range", help="IP range i.e. 0.0.0.0-255.255.255.255", required=True) args = parser.parse_args() ip_start, ip_end = args.range.split("-") ip_range = iptools.IpRange(ip_start, ip_end) for ip in tqdm(ip_range, leave=True): try: ip_list = ("{0}, ".format(ip) * 50)[:-2] x_forwarded_for_header = {"X-Forwarded-For": ip_list} response = requests.get(args.target, headers=x_forwarded_for_header) if response.headers['content-length'] > args.badcl: print("") info("Access granted with header: \n{0}".format( x_forwarded_for_header)) break except KeyError: error( "No Content-Length header contained in request to {0}".format(
def parse(args, pname, pdescription, rootpath, parser=None, ips=None, nthreads=None, timeout=None, thosts=None, port=None, users=None, passwords=None): if parser is None: parser = argparse.ArgumentParser( prog=pname, description=pdescription) if not ips is None: parser.add_argument("-i", dest='fn_ip', help="File with a newline seperated list of IPs," + " e.g. -i ips.txt") parser.add_argument("-I", dest='ip', help="IP address to resolve" + ", e.g. -I 8.8.8.8") parser.add_argument("-r", dest='ip_range', help="Range of IPs to resolve" + ", e.g. -r 82.165.197.0/24") if not nthreads is None: parser.add_argument("-t", dest='nthreads', help="amount of threads to scan with (default 400)", type=int, default=400) if not timeout is None: parser.add_argument('-to', dest='timeout', help='timeout (default 3s)', type=int, default=3 ) if not thosts is None: parser.add_argument('-s', help='file containing ip[:port] entries', dest='fn_thost' ) parser.add_argument('-S', help='target ip[:port]', dest='thost', ) if not port is None: parser.add_argument('-P', help='target port', dest='port', default=21, type=int ) if not users is None: parser.add_argument('-u', help='file containing username per line', dest='fn_users', ) if not passwords is None: parser.add_argument('-p', help='file containing password per line', dest='fn_passwords', ) opts = parser.parse_args(args) if not ips is None: if opts.fn_ip: fn_ip = os.path.join(rootpath, opts.fn_ip) with open(fn_ip, 'r') as f: ips.extend(f.read().splitlines()) if opts.ip: ips.append(opts.ip) if opts.ip_range: for ip in iptools.IpRange(opts.ip_range): ips.append(ip) if not nthreads is None: nthreads.append(opts.nthreads) if not timeout is None: timeout.append(opts.timeout) if not port is None: port.append(opts.port) # TODO: convert port to int if not thosts is None: if opts.fn_thost: fn_thost = os.path.join(rootpath, opts.fn_thost) with open(fn_thost, 'r') as f: for th in f.read().splitlines(): if th.find(':') > 0: thosts.append(tuple(th.split(':'))) else: thosts.append((th, port[0])) if opts.thost: if opts.thost.find(':') > 0: thosts.append(tuple(opts.thost.split(':'))) else: thosts.append((opts.thost, port[0])) if not users is None: fn_users = os.path.join(rootpath, opts.fn_users) with open(fn_users, 'r') as f: users.extend(f.read().splitlines()) if not passwords is None: fn_passwords = os.path.join(rootpath, opts.fn_passwords) with open(fn_passwords, 'r') as f: passwords.extend(f.read().splitlines()) return opts
def Generator(pop_size, scan_rate, susc_size, inf, code): """ Function Generator genereates the malicious datasets by initially calling function Curve and then function Malicious. Args : pop_size (float) : Population Size of Scanning Worm scan_rate (float) : Scanning Rate of Computer Worm susc_size (float) : Susceptible Size o Computer Worm inf (int) : Number of initial infected hosts code (int) : Attack Type """ ### Input ### pop_size = float(pop_size) # Population Size # scan_rate = float(scan_rate) # Scanning Rate # susc_size = float(susc_size) # Susceptible Size # inf = float(inf) # Number of Initial Infected nodes # code = int(code) # Code # ### Data Generation ### inf, res, count = Curve(pop_size, scan_rate, susc_size, inf) # Curve # r = iptools.IpRange('10.0/16') # IP Space : Address Space # ### Data Generation : Random Infected IP Address (Outside NIST) ### z = [] i = 0 ### Loop : While i is less than susc_size ### while (i < susc_size): ### Random IP Address Generation ### p = socket.inet_ntoa(struct.pack('>I', random.randint( 1, 0xffffffff))) # Random IP Address # p = p.strip() ### Insert into List ### if (p not in r): z.append(p) ### Increment : i ### i += 1 ### Loop : While i is less than count ### i = 0 while (i < count): ### Global Variable ### global time_t ### Conversion to Microseconds ### temp = 300000000 / res[i] time_t = time_t + [temp] ### Increment : i ### i += 1 ### Variable : Initialization ### b_time = datetime.datetime.now() # Time # unixtime = time.mktime(b_time.timetuple()) # unixtime # ### File Operations : Open ### open(Time_filename, 'w').close() f = open(Time_filename, 'a') ### Loop : While i is less than count ### i = 0 k = 0 while (i < count): ### Loop : While j is less than res[i] ### j = 0 while (j < res[i]): ### Data : Format ### Dt = b_time.strftime('%Y/%m/%dT%H:%M:%S') ### File Operation : Write # f.write(str(z[k]) + "," + str(Dt) + "," + str(unixtime)) f.write("\n") ### Update : time ### b_time = b_time + datetime.timedelta(microseconds=time_t[i]) b_time = b_time.strftime("%Y-%m-%d %H:%M:%S.%f") b_time = datetime.datetime.strptime(b_time, "%Y-%m-%d %H:%M:%S.%f") unixtime = time.mktime(b_time.timetuple()) ### Increment : k & j ### k += 1 j += 1 ### Increment : i ### i += 1 print("Done!!") ### Malicious Traffic ### Malicious(pop_size, scan_rate, susc_size, inf, code, count)