def parse_beacon(dtg, addr, ssid): device = get_device(addr) recent = Device.objects(Q(events__timestamp__gte=datetime.utcnow() - timedelta(minutes=10)) | Q(events__ssid__ne=ssid), mac=addr) if len(recent) == 0: event = Beacon() event.ssid = ssid event.timestamp = datetime.utcnow() device.events.append(event) device.save() dev = selector.select('Device', mac=addr).first() if dev == None: dev = Node('Device', mac=addr, last_seen=str(datetime.utcnow()), vendor=device.vendor) graph.create(dev) ss = selector.select('SSID', ssid=ssid).first() if ss == None: ss = Node('SSID', ssid=ssid, timestamp=str(datetime.utcnow())) graph.create(ss) if len(list(graph.match(start_node=dev, rel_type='beacon', end_node=ss))) == 0: rel = Relationship(dev, 'beacon', ss) graph.create(rel) print("%s[+] (%s) AP beacon: %s (%s) -> '%s'" % (Term.GREEN, dtg, addr, device.vendor, ssid))
def parse_response(dtg, addr, dest, ssid): device = get_device(addr) recent = Device.objects(Q(events__timestamp__gte=datetime.utcnow() - timedelta(minutes=10)) | Q(events__dest__ne=ssid), mac=addr) if len(recent) == 0: event = Beacon() event.timestamp = datetime.utcnow() event.ssid = ssid device.events.append(event) device.save() dev = selector.select('Device', mac=dest).first() if dev == None: dev = Node('Device', mac=dest, last_seen=str(datetime.utcnow()), vendor=device.vendor) graph.create(dev) ss = selector.select('SSID', ssid=ssid).first() if ss == None: ss = Node('SSID', ssid=ssid, timestamp=str(datetime.utcnow())) graph.create(ss) if len(list(graph.match(start_node=dev, rel_type='probe', end_node=ss))) == 0: rel = Relationship(dev, 'response', ss) graph.create(rel) print('Hidden SSID Discovered %s -> %s' % (dest, ssid))