def __init__(self, ip, port):
self.ip = ip
self.port = port
self.host = None
self.id = None
self.scope = True
self.scanned = False
self.reachable = None
self.found = None
self.auth = []
c = dbConn.get().cursor()
c.execute(
'SELECT id,host,scanned,reachable,auth,scope,found FROM endpoints WHERE ip=? AND port=?',
(self.ip, self.port))
savedEndpoint = c.fetchone()
c.close()
if savedEndpoint is not None:
self.id = savedEndpoint[0]
self.host = Host.find(savedEndpoint[1])
self.scanned = savedEndpoint[2] != 0
if savedEndpoint[3] is None:
self.reachable = None
else:
self.reachable = savedEndpoint[3] != 0
if savedEndpoint[4] is not None:
self.auth = json.loads(savedEndpoint[4])
self.scope = savedEndpoint[5] != 0
if savedEndpoint[6] is not None:
self.found = Endpoint.find(savedEndpoint[6])
def addPath(self,src,dst):
if src.lower() != "local":
if src not in self.getHostsNames():
print("Not a known Host name.")
return
hosts = Host.findByName(src)
if len(hosts) > 1:
print("Several hosts corresponding. Add failed")
return
src = hosts[0]
if src is None:
print("The source Host provided doesn't exist in this workspace")
return
else:
src = None
try:
dst = Endpoint.findByIpPort(dst)
except:
print("Please specify valid destination endpoint in the IP:PORT form")
if dst is None:
print("The destination endpoint provided doesn't exist in this workspace")
return
p = Path(src,dst)
p.save()
print("Path saved")
def identifyObject(self,target):
if target[0] == "#":
credsId = target[1:]
else:
credsId = target
creds = Creds.find(credsId)
if creds is not None:
return creds
user = User.findByUsername(target)
if user is not None:
return user
try:
dst = Endpoint.findByIpPort(target)
if dst is not None:
return dst
except:
pass
hosts = Host.findByName(target)
if len(hosts) > 1:
print("Multiple hosts matching, use endpoints")
return None
if len(hosts) == 1:
return hosts[0]
print("Could not identify object.")
return None
def findAll(cls):
ret = []
c = dbConn.get().cursor()
for row in c.execute('SELECT src,dst FROM paths'):
ret.append(Path(Host.find(row[0]), Endpoint.find(row[1])))
c.close()
return ret
def params_parser_from(self):
all_hosts = Host.find_all()
ret = []
for host in all_hosts:
ret.append(host.name)
ret.append("Local")
return ret
def findByDst(cls, dst):
ret = []
c = dbConn.get().cursor()
for row in c.execute('SELECT src,dst FROM paths WHERE dst=?',
(dst.getId(), )):
ret.append(Path(Host.find(row[0]), Endpoint.find(row[1])))
c.close()
return ret
def find(cls, pathId):
c = dbConn.get().cursor()
c.execute('''SELECT src,dst FROM paths WHERE id=?''', (pathId, ))
row = c.fetchone()
c.close()
if row == None:
return None
return Path(Host.find(row[0]), Endpoint.find(row[1]))
def delHost(self,host):
if host not in self.getHostsNames():
print("Not a known Host name.")
return False
hosts = Host.findByName(host)
if len(hosts) > 1:
print("Several hosts corresponding. Please delete endpoints.")
return False
return hosts[0].delete()
async def identify(self, socket):
try:
result = await asyncio.wait_for(socket.run("hostname"),
timeout=3.0)
hostname = result.stdout.rstrip()
result = await asyncio.wait_for(socket.run("uname -a"),
timeout=3.0)
uname = result.stdout.rstrip()
result = await asyncio.wait_for(socket.run("cat /etc/issue"),
timeout=3.0)
issue = result.stdout.rstrip()
result = await asyncio.wait_for(socket.run("cat /etc/machine-id"),
timeout=3.0)
machineId = result.stdout.rstrip()
result = await asyncio.wait_for(socket.run(
"for i in `ls -l /sys/class/net/ | grep -v virtual | grep 'devices' | tr -s '[:blank:]' | cut -d ' ' -f 9 | sort`; do ip l show $i | grep ether | tr -s '[:blank:]' | cut -d ' ' -f 3; done"
),
timeout=3.0)
macStr = result.stdout.rstrip()
macs = macStr.split()
newHost = Host(hostname, uname, issue, machineId, macs)
e = self.getEndpoint()
if newHost.getId() is None:
print("\t" + str(self) + " is a new host: " + hostname)
else:
print("\t" + str(self) + " is an existing host: " + hostname)
if not newHost.inScope():
e.unscope()
newHost.save()
e.setHost(newHost)
e.save()
except Exception as e:
print("Error : " + str(e))
return False
return True
def runTarget(self,arg,payloadName,stmt):
if arg in self.getHostsNames():
hosts = Host.findByName(arg)
if len(hosts) > 1:
print("Several hosts corresponding. Please target endpoint.")
return False
arg = str(hosts[0].getClosestEndpoint())
connection = Connection.fromTarget(arg)
if not connection.working:
print("Please check connection "+str(connection)+" with connect first")
return False
payload = Extensions.getPayload(payloadName)
return connection.run(payload,self.workspaceFolder,stmt)
def run(cls, stmt, workspace):
nmapfile = getattr(stmt, 'nmapfile')
from_host = getattr(stmt, 'from', "Local")
if from_host is None:
print("No source host specified, ignoring paths")
distance = None
elif from_host == "Local":
src = None
distance = 0
else:
host = Host.find_one(name=from_host)
if host is None:
print("No host corresponding.")
return False
src = host
distance = src.distance + 1
try:
report = NmapParser.parse_fromfile(nmapfile)
except Exception as e:
print("Failed to read source file: " + str(e))
return False
count = 0
count_new = 0
for host in report.hosts:
for s in host.services:
if s.service == "ssh" and s.open():
count = count + 1
new_endpoint = Endpoint(host.address, s.port)
if new_endpoint.id is None:
count_new = count_new + 1
new_endpoint.save()
if distance is not None:
if new_endpoint.distance is None or new_endpoint.distance > distance:
new_endpoint.distance = distance
new_endpoint.save()
new_path = Path(src, new_endpoint)
new_path.save()
print(
str(count) + " endpoints found, " + str(count_new) +
" new endpoints saved")
return True
def run(cls, stmt, workspace):
nmapfile = getattr(stmt, 'nmapfile')
fromHost = getattr(stmt, 'from', "Local")
if fromHost is None:
src = None
print("No source host specified, using Local")
elif fromHost == "Local":
src = None
else:
hosts = Host.findByName(fromHost)
if len(hosts) > 1:
print("Several hosts corresponding.")
return False
elif len(hosts) == 0:
print("No host corresponding.")
return False
src = hosts[0]
try:
report = NmapParser.parse_fromfile(nmapfile)
except Exception as e:
print("Failed to read source file: " + str(e))
return False
count = 0
countNew = 0
for host in report.hosts:
for s in host.services:
if s.service == "ssh":
count = count + 1
newEndpoint = Endpoint(host.address, s.port)
if newEndpoint.getId() is None:
countNew = countNew + 1
newEndpoint.save()
newPath = Path(src, newEndpoint)
newPath.save()
print(
str(count) + " endpoints found, " + str(countNew) +
" new endpoints saved")
return True
def getPathToDst(self,dst):
if dst in self.getHostsNames():
hosts = Host.findByName(dst)
if len(hosts) > 1:
print("Several hosts corresponding. Please target endpoint.")
return False
dst = str(hosts[0].getClosestEndpoint())
try:
dst = Endpoint.findByIpPort(dst)
except:
print("Please specify a valid endpoint in the IP:PORT form")
return
if dst is None:
print("The endpoint provided doesn't exist in this workspace")
return
if Path.hasDirectPath(dst):
print("The destination should be reachable from the host")
return
chain = Path.getPath(None,dst)
if chain is None:
print("No path could be found to the destination")
return
for path in chain:
print(path)
def testmeth(self):
allHosts = Host.findAllNames()
return allHosts + ['Local']
def getBaseObjects(self,scope=None):
return Endpoint.findAll(scope=scope) + Creds.findAll(scope=scope) + User.findAll(scope=scope) + Host.findAll(scope=scope)
def getHostsNames(self,scope=None):
return Host.findAllNames(scope=scope)