def hostname_resolves(hostname):
resolved_ips = []
logger.debug("Hostname to resolve: %s", str(hostname))
try:
ips = socket.getaddrinfo(hostname, None)
for ip in ips:
if ip[4][0] not in resolved_ips:
net = IPNetwork(ip[4][0])
if net.is_private() or net.is_link_local():
logger.warning("Tried to resolve local IP: %s, ignoring!", ip[4][0])
continue
else:
resolved_ips.append(ip[4][0])
if len(resolved_ips) > 0:
logger.debug("Resolved IPs: %s", ', '.join(resolved_ips))
return resolved_ips
else:
logger.warning("No IPs resolved from query: %s", hostname)
abort(400)
except socket.gaierror:
logger.debug("Failed to resolve IP address from: %s", hostname)
abort(400)
def test_customer_bogon_routes(bf, customer_list):
"""Check that no BOGON routes are accepted from customers"""
bf.asserts.current_assertion = 'Assert no BOGON prefixes accepted from customers'
df = bf.q.routes(
rib='bgp').answer().frame() #retrieve BGP RIB for all devices
bogons = []
for customer in customer_list:
for _, row in df.iterrows():
if (row['Node'] == customer['Node']) & (
row['Next_Hop_IP'] == customer['Remote_IP']
): #found routes learnt from customer
z = IPNetwork(row['Network'])
if (z.is_reserved() or z.is_private() or z.is_loopback()
or z.is_link_local() or z.is_multicast()):
bogons.append(
f"Prefix {row['Network']} from {customer['Remote_IP']} on {customer['Node']} should not be accepted"
)
test = (len(bogons) == 0)
pass_message = "No BOGON prefixes accepted from customers\n"
fail_message = f"List of BOGON prefixes accepted from customers\n\n{bogons}"
record_results(bf, test, pass_message, fail_message)
def get_nmap_port(query, netmask=32):
"""
Scans host or whole subnet for hosts and their open ports. Uses NMAP's **-T4 -F** params to probe hosts.
Probing is done from Hosting machine and therefore not suitable for scanning local network ranges.
:param query: IP address or hostname
:param netmask: (Optional) If you want to scan the whole range of hosts
**Example:**
$ GET ``/api/nmap/199.16.156.102/30``
Returns::
{
"hosts": [
{
"host": "199.16.156.102",
"status": {
"addresses": {
"ipv4": "199.16.156.102"
},
"hostnames": [],
"status": {
"reason": "syn-ack",
"state": "up"
},
"tcp": {
"80": {
"conf": "3",
"cpe": "",
"extrainfo": "",
"name": "http",
"product": "",
"reason": "syn-ack",
"state": "open",
"version": ""
},
"443": {
"conf": "3",
"cpe": "",
"extrainfo": "",
"name": "https",
"product": "",
"reason": "syn-ack",
"state": "open",
"version": ""
},
"8888": {
"conf": "3",
"cpe": "",
"extrainfo": "",
"name": "sun-answerbook",
"product": "",
"reason": "syn-ack",
"state": "open",
"version": ""
}
},
"vendor": {}
}
},
{
"host": "199.16.156.103",
"status": {
"addresses": {
"ipv4": "199.16.156.103"
},
"hostnames": [],
"status": {
"reason": "syn-ack",
"state": "up"
},
"tcp": {
"80": {
"conf": "3",
"cpe": "",
"extrainfo": "",
"name": "http",
"product": "",
"reason": "syn-ack",
"state": "open",
"version": ""
},
"443": {
"conf": "3",
"cpe": "",
"extrainfo": "",
"name": "https",
"product": "",
"reason": "syn-ack",
"state": "open",
"version": ""
},
"8888": {
"conf": "3",
"cpe": "",
"extrainfo": "",
"name": "sun-answerbook",
"product": "",
"reason": "syn-ack",
"state": "open",
"version": ""
}
},
"vendor": {}
}
}
],
"status": "ok"
}
"""
try:
nm = nmap.PortScanner()
hosts = dict()
hosts['hosts'] = []
if netmask == "":
to_query = query
else:
to_query = query + "/" + str(netmask)
logger.debug(to_query)
try:
net = IPNetwork(to_query)
except AddrFormatError:
abort(400)
if net.is_link_local() or net.is_private(): # Won't scan server's local network
abort(400)
nm.scan(hosts=to_query, arguments='-T4 -F')
hosts_list = [(x, nm[x]) for x in nm.all_hosts()]
logger.debug(hosts_list)
for host, status in hosts_list:
hosts['hosts'].append({'host': host,
'status': status})
return jsonify({'status': "ok",
'hosts': hosts['hosts']})
except nmap.PortScannerError:
return error_response("NMAP error, cannot scan", 500)
def get_nmap_network(query, netmask=""):
"""
Shows IP's that are pingable and those that are not. Accepts netmask to define the whole range for scan.
Uses NMAP's **-sP** to probe hosts. Probing is done from Hosting machine and therefore not suitable for
scanning local network ranges. Useful when checking how many IP's you have left in a particular netmask.
:param query: IP address or hostname
:param netmask: (Optional) If you want to scan the whole range of hosts
**Example:**
$ GET ``/api/host/199.16.156.102/29``
::
{
"down": [
"199.16.156.100",
"199.16.156.101",
"199.16.156.96",
"199.16.156.97",
"199.16.156.98",
"199.16.156.99"
],
"hosts": [
{
"host": "199.16.156.100",
"hostname": [],
"status": "down"
},
{
"host": "199.16.156.101",
"hostname": [],
"status": "down"
},
{
"host": "199.16.156.102",
"hostname": [],
"status": "up"
},
{
"host": "199.16.156.103",
"hostname": [],
"status": "up"
},
{
"host": "199.16.156.96",
"hostname": [],
"status": "down"
},
{
"host": "199.16.156.97",
"hostname": [],
"status": "down"
},
{
"host": "199.16.156.98",
"hostname": [],
"status": "down"
},
{
"host": "199.16.156.99",
"hostname": [],
"status": "down"
}
],
"status": "ok",
"up": [
"199.16.156.102",
"199.16.156.103"
]
}
"""
try:
nm = nmap.PortScanner()
hosts = dict()
hosts['hosts'] = []
hosts['up'] = []
hosts['down'] = []
if netmask == "":
to_query = query
else:
to_query = query + "/" + netmask
logger.debug(to_query)
try:
net = IPNetwork(to_query)
except AddrFormatError:
abort(400)
if net.is_link_local() or net.is_private(): # Won't scan server's local network
abort(400)
nm.scan(hosts=to_query, arguments='-sn -v')
hosts_list = [(x, nm[x]) for x in nm.all_hosts()]
logger.debug(hosts_list)
for host, status in hosts_list:
hosts['hosts'].append({'host': host,
'status': status['status']['state'],
'hostname': status['hostnames']})
if status['status']['state'] == 'up':
hosts['up'].append(host)
if status['status']['state'] == 'down':
hosts['down'].append(host)
return jsonify({'status': "ok",
'hosts': hosts['hosts'],
'up': hosts['up'],
'down': hosts['down']})
except nmap.PortScannerError:
return error_response("Nmap error, can't scan", 500)
def get_ipcalc_network(query, netmask=""):
"""
IP calculator tool: supports IPv6 and IPv4 networks. For list of values see below.
IP list is optional since it will return many IPs for some subnets,
if you need to show ip list you will have to append ``?iplist`` to your get request.
**PLEASE NOTE:** iplist will print only 65536 addresses which is /16 in IPv4 subnetting or /112 in IPv6 subnetting.
If you try to get more you will get an error.
:param query: IP address or hostname
:param netmask: (Optional) If you want the whole range of hosts
**Example:**
When getting single host
$ GET ``/api/ipcalc/199.16.156.102/30``
::
{
"results": {
"broadcast": "199.16.156.103",
"cidr": "199.16.156.100/30",
"first_host": "199.16.156.101",
"hostmask": "0.0.0.3",
"ip_bits": "11000111.00010000.10011100.01100110",
"ip_version": 4,
"is_linklocal": false,
"is_loopback": false,
"is_multicast": false,
"is_private": false,
"is_public": true,
"is_reserved": false,
"is_unicast": true,
"last_host": "199.16.156.102",
"netmask": "255.255.255.252",
"netmask_bits": "11111111.11111111.11111111.11111100",
"network": "199.16.156.100",
"network_bits": "11000111.00010000.10011100.01100100",
"num_addresses": 4,
"prefixlen": 30,
"supernet": [
"0.0.0.0/0",
"128.0.0.0/1",
"192.0.0.0/2",
"192.0.0.0/3",
"192.0.0.0/4",
"192.0.0.0/5",
"196.0.0.0/6",
"198.0.0.0/7",
"199.0.0.0/8",
"199.0.0.0/9",
"199.0.0.0/10",
"199.0.0.0/11",
"199.16.0.0/12",
"199.16.0.0/13",
"199.16.0.0/14",
"199.16.0.0/15",
"199.16.0.0/16",
"199.16.128.0/17",
"199.16.128.0/18",
"199.16.128.0/19",
"199.16.144.0/20",
"199.16.152.0/21",
"199.16.156.0/22",
"199.16.156.0/23",
"199.16.156.0/24",
"199.16.156.0/25",
"199.16.156.64/26",
"199.16.156.96/27",
"199.16.156.96/28",
"199.16.156.96/29"
],
"to_ipv6": "::ffff:199.16.156.102/126"
},
"status": "ok"
}
"""
if netmask is not "":
ip = query + '/' + netmask
else:
ip = query
try:
net = IPNetwork(ip)
except AddrFormatError:
abort(400)
results = dict()
results['broadcast'] = str(net.broadcast)
results['network'] = str(net.network)
results['netmask'] = str(net.netmask)
results['cidr'] = str(net.cidr)
results['num_addresses'] = net.size
results['hostmask'] = str(net.hostmask)
results['is_loopback'] = net.is_loopback()
results['is_unicast'] = net.is_unicast()
results['is_multicast'] = net.is_multicast()
results['is_private'] = net.is_private()
results['is_reserved'] = net.is_reserved()
results['is_linklocal'] = net.is_link_local()
results['is_public'] = net.is_unicast() and not net.is_private()
results['prefixlen'] = net.prefixlen
results['ip_version'] = net.version
results['ip_bits'] = net.ip.bits()
results['network_bits'] = net.network.bits()
results['netmask_bits'] = net.netmask.bits()
results['supernet'] = [str(supernet) for supernet in net.supernet()]
if net.version == 4:
results['to_ipv6'] = str(net.ipv6())
if request.query_string == 'iplist':
if net.size <= 65536:
results['ip_list'] = [str(ip) for ip in list(net)]
else:
return error_response("Too many IPs to list (limit is 65536), "
"use smaller subnet or remove '?iplist' from query.", 400)
if net.broadcast is not None:
results['first_host'] = str(net.network + 1)
results['last_host'] = str(net.broadcast - 1)
else:
results['first_host'] = str(net.ip)
results['last_host'] = str(net.ip)
elif net.version == 6:
try:
results['to_ipv4'] = str(net.ipv4())
except AddrConversionError:
results['to_ipv4'] = None
if request.query_string == 'iplist':
if net.size <= 65536:
results['ip_list'] = [str(ip) for ip in list(net)]
else:
return error_response("Too many IPs to list (limit is 65536), "
"use smaller subnet or remove '?iplist' from query.", 400)
return jsonify({'status': "ok",
'results': results})
