def add(self, moduleExe, moduleId, hash, external=False):
"""
Add a module to the list and start it,
this method is called both on external events
and from CLI interaction
"""
if moduleId in self.modules:
print "[ModuleCoordinator]: Id already used, choose another"
return
if self.haleConf.get("xmpp", "use") == 'True':
monitored = producerBot.ProducerBot().getMonitoredBotnets()
botnet = moduleExe.getConfig()['botnet']
if not external and monitored != None:
if hash in monitored or producerBot.ProducerBot().sendTrackReq(
hash):
self.putError("Botnet: " + hash + " already monitored")
return
self.modules[moduleId] = moduleExe
self.configHashes[moduleId] = hash
conf = self.modules[moduleId].getConfig()
coord = self.geo.record_by_name(conf['botnet'])
if coord == None:
self.putError("Unkown host: " + conf['botnet'])
self.modules.pop(moduleId)
self.configHashes.pop(moduleId)
return
moduleExe.run()
def putToXMPP(self, data, config, botnethash):
"""
Tell producer bot to output log message in the
share channel
"""
logmsg = '[' + botnethash + '] ' + data
producerBot.ProducerBot().sendLog(logmsg)
def doDownload(self, url, extfilename):
"""
Download file from captured url and check its
PE header when downloaded.
"""
proxyInfo = self.prox.getRandomProxy()
if proxyInfo == None:
pass
else:
if len(proxyInfo['USER']) == 0:
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, proxyInfo['HOST'], proxyInfo['PORT'])
else:
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, proxyInfo['HOST'], proxyInfo['PORT'], proxyInfo['USER'], proxyInfo['PASS'])
socket.socket = socks.socksocket
opener = urllib2.build_opener()
opener.addheaders = [('User-agent', '')]
try:
fp = opener.open(url)
except Exception:
return
urlinfo = fp.info()
if "text/html" in urlinfo['Content-Type']: # no executable
fp.close()
return
content = "".join(fp.readlines())
fp.close()
try:
os.remove(tmp_file)
except:
pass
md5 = hashlib.new('md5')
hash = md5.update(content)
fname = md5.hexdigest()
filename = extfilename
if not os.path.exists(filename):
fp = open(filename, 'a+')
fp.write(content)
fp.close()
try:
pe = pefile.PE(filename, fast_load=True)
except Exception:
os.remove(filename)
return
os.remove(filename)
content = base64.b64encode(content)
if self.haleConf.get("xmpp", "use") == 'True':
producerBot.ProducerBot().sendFile(content, fname)
botnetobject = Botnet.objects.get(botnethashvalue=self.botnethash)
try:
File(botnet=botnetobject, hash=fname, content=content, filename=filename).save()
botnetobject.save()
except IntegrityError:
pass
def stop(self, moduleId):
"""
Stop a module with id moduleId
"""
if moduleId not in self.modules.keys():
return "No such id running"
if self.haleConf.get("xmpp", "use") == 'True':
producerBot.ProducerBot().removeBotnet(self.configHashes[moduleId])
self.configHashes.pop(moduleId)
self.modules[moduleId].stop()
self.modules.pop(moduleId)
def __init__(self):
"""
Constructor to set up objects to be used
"""
self.allowNone = True
self.useDateTime = False
moduleManager.handle_modules_onstart()
self.haleConf = configHandler.ConfigHandler().loadHaleConf()
moduleCoordinator.ModuleCoordinator(self.haleConf).start()
if self.haleConf.get("xmpp", "use") == 'True':
producerBot.ProducerBot(self.haleConf).run()
self.moduleDirChange = ModuleDirChangeThread()
self.moduleDirChange.start()
self.config = configHandler.ConfigHandler()
self.modlist = []