def __init__(self, args):
"""Initialize ArgsHelper"""
self.modulename = 'args_helper'
self.cred = {}
self.args = args
if self.args.debug:
self.cred['debug'] = self.args.debug
else:
self.cred['debug'] = False
self.cred_provided = False
self.twitter_provided = False
self.telegram_provided = False
self.twilio_provided = False
self.slack_provided = False
self.aws_ses_provided = False
self.gmail_provided = False
self.firewall_provided = False
self.insecure_headers_provided = False
self.ids_provided = False
self.system_log_provided = False
self.server_log_provided = False
self.auto_server_patcher_provided = False
# Setup logger
self.logger = logger.SecureTeaLogger(self.modulename,
self.cred['debug'])
def __init__(self, cred, debug=False):
"""Initialize FirewallEngine."""
self.cred = cred
self.logger = logger.SecureTeaLogger(__name__, debug)
# Parse and setup rules and actions
(self.ip_inbound,
self.action_inbound_IPRule) = self.parse_inbound_IPRule()
(self.ip_outbound,
self.action_outbound_IPRule) = self.parse_outbound_IPRule()
(self.protocols, self.action_protocolRule) = self.parse_protocolRule()
(self.sports,
self.action_source_portRule) = self.parse_source_portRule()
(self.dports, self.action_dest_portRule) = self.parse_dest_portRule()
(self.dns, self.action_DNSRule) = self.parse_DNSRule()
(self.extensions, self.action_scanLoad) = self.parse_scanLoad()
self.action_HTTPRequest = self.parse_HTTPRequest()
self.action_HTTPResponse = self.parse_HTTPResponse()
# Interface
self.interface = str(self.cred['interface'])
if self.interface == "":
self.interface = utils.get_interface()
# Setup PacketFilter object
self.packetFilterObj = PacketFilter(
interface=self.interface,
debug=debug,
ip_inbound=self.ip_inbound,
ip_outbound=self.ip_outbound,
protocols=self.protocols,
dns=self.dns,
dports=self.dports,
sports=self.sports,
extensions=self.extensions,
action_inbound_IPRule=self.action_inbound_IPRule,
action_outbound_IPRule=self.action_outbound_IPRule,
action_DNSRule=self.action_DNSRule,
action_source_portRule=self.action_source_portRule,
action_dest_portRule=self.action_dest_portRule,
action_HTTPResponse=self.action_HTTPResponse,
action_HTTPRequest=self.action_HTTPRequest,
action_protocolRule=self.action_protocolRule,
action_scanLoad=self.action_scanLoad)
# Setup Montior object
self.monitorObj = FirewallMonitor(interface=self.interface,
debug=debug)
# Integrations
self.integrations = ['Firewall', 'Monitor']
def __init__(self, debug=False):
"""
Initialize HiddenNode class.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# Initialize RTS & CTS count
self.rts_count = 0
self.cts_count = 0
# Initialize RTS & CTS time
self.rts_start_time = None
self.cts_start_time = None
# Initialize threshold
self._THRESHOLD = 5 # inter = 0.2
def __init__(self, debug=False, cred=None):
"""
Initialize SystemMode.
Args:
debug (bool): Log on terminal or not
cred (dict): Configuration credentials
Raises:
None
Returns
None
"""
self.debug = debug
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=self.debug)
# Initialize credentials
if cred is not None:
self.cred = cred
else:
self.logger.log("No configuraton parameters found, exiting",
logtype="error")
sys.exit(0)
# Initialize objects presence as false
self.firewall = False
self.ids = False
self.antivirus = False
self.system_log = False
# Initialize empty process pool list
self.process_pool = list()
def __init__(self, args):
"""Initialize ArgsHelper"""
self.modulename = 'args_helper'
self.cred = {}
self.args = args
if self.args.debug:
self.cred['debug'] = self.args.debug
else:
self.cred['debug'] = False
self.cred_provided = False
self.twitter_provided = False
self.telegram_provided = False
self.twilio_provided = False
self.slack_provided = False
self.firewall_provided = False
# Setup logger
self.logger = logger.SecureTeaLogger(
self.modulename,
self.cred['debug']
)
def __init__(self, cred, debug=False):
"""Init logger params.
Args:
modulename (str): Script module name
cred (dict): AWS user_email, access_key, secret_key
"""
self.logger = logger.SecureTeaLogger(
self.modulename,
debug
)
self.enabled = common.check_config(cred)
if not self.enabled:
self.logger.log(
"Credentials not present, please set AWS SES config at ~/.securetea/securetea.conf ",
logtype="error"
)
self.user_email = cred['aws_email']
self.access_key = cred['aws_access_key']
self.secret_key = cred['aws_secret_key']
self.email_obj = Email(self.user_email,
"secureTea Security Alert!",
self.access_key,
self.secret_key)
def __init__(self, cred=None, debug=None):
"""Initialize SecureTeaIDS.
Args:
cred (dict): Credentials for IDS
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
self.cred = cred
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# Check for root
if check_root():
# Create DetectRecon object
self.recon_obj = DetectRecon(threshold=self.cred["threshold"],
debug=debug)
# Create R2LEngine object
self.r2l_rules = R2LEngine(debug=debug,
interface=self.cred["interface"])
self.logger.log("SecureTea Intrusion Detection started",
logtype="info")
else:
self.logger.log("Run as root", logtype="error")
sys.exit(1)
def __init__(self, debug=False):
"""
Initialize PasswordDefect.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to password-log path map
self.system_log_map = {"debian": "/etc/passwd"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the auth-log file",
logtype="error")
return
else:
return
# Initialize user to password dict
self.user_password = dict()
def __init__(self, debug=False):
"""
Initialize DDoS attack detection.
Args:
None
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(
__name__,
debug=debug
)
# Initialize empty dicts
self.sisp = OrderedDict()
self.simp = OrderedDict()
self.misp = OrderedDict()
self.mimp = OrderedDict()
# Initialize threshold to 10000 packets / per second
self._THRESHOLD = 10000 # inter = 0.0001
def __init__(self, debug=False):
"""
Initialize SystemLogEngine.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# Check if running as root or not
if utils.check_root():
# Create module objects
self.failed_login_obj = failed_login.FailedLogin(debug=debug)
self.harmful_command = harmful_root_command.HarmfulCommands(
debug=debug)
self.detect_backdoor = detect_backdoor.DetectBackdoor(debug=debug)
self.checksync = check_sync.CheckSync(debug=debug)
self.password_def = password_defect.PasswordDefect(debug=debug)
self.portscan = port_scan.PortScan(debug=debug)
self.sshlogin = ssh_login.SSHLogin(debug=debug)
self.detsniffer = detect_sniffer.DetSniffer(debug=debug)
self.non_std = non_std_hash.NonStdHash(debug=debug)
else:
self.logger.log("Please run as root, exiting.", logtype="error")
sys.exit(0)
def __init__(self, cred, debug):
"""Init logger params.
Args:
-----
modulename (str): secureTeaTwilio
cred (dict): Twilio credentials
"""
self.logger = logger.SecureTeaLogger(
self.modulename,
debug
)
self.enabled = common.check_config(cred)
if not self.enabled:
self.logger.log(
"Credentials not present, please set Twilio config at ~/.securetea/securetea.conf ",
logtype="error"
)
self.account_sid = cred['twilio_sid']
self.account_token = cred['twilio_token']
self.twilio_from = cred['twilio_from']
self.twilio_to = cred['twilio_to']
self.client = Client(self.account_sid, self.account_token)
def __init__(self, cred, debug=False):
"""Init AWS SES params.
Args:
debug (bool): Log on terminal or not
cred (dict): AWS SES credentials
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(
self.modulename,
debug
)
self.enabled = common.check_config(cred)
if not self.enabled:
self.logger.log(
"Credentials not present, please set AWS SES config at ~/.securetea/securetea.conf ",
logtype="error"
)
self.user_email = cred['aws_email']
self.access_key = cred['aws_access_key']
self.secret_key = cred['aws_secret_key']
self.email_obj = helper_email.Email(self.user_email,
"secureTea Security Alert!",
self.access_key,
self.secret_key)
def __init__(self, cred, debug=False):
"""Init params.
Args:
cred (dict): GMAIL credentials
debug (bool): Run in debug mode or not
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
self.enabled = common.check_config(cred)
if not self.enabled:
self.logger.log(
"Credentials not present, please set GMAIL"
"config at ~/.securetea/securetea.conf",
logtype="error")
sys.exit(0)
# Setup credentials
self.sender_email = cred["sender_email"]
self._PASSWORD = cred["password"]
self.to_email = cred["to_email"]
# GMAIL endpoint variables
self._GMAIL_URL = "smtp.gmail.com"
self._GMAIL_PORT = 587
# Setup login credentials
self.setup()
def __init__(self, threshold=None, debug=False):
"""Initialize DetectRecon class.
Args:
threshold (integer): Threshold ratio limit
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
Working:
Detect the following possible probe (reconnaissance) attacks
(performed for information gathering):
- TCP ACK / Window Scan
- UDP Scan
- ICMP Scan
- FIN Scan
- NULL Scan
- XMAS Scan
- OS fingerprinting Scan
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(
__name__,
debug
)
# Set threshold
if threshold is None:
self._THRESHOLD = 100
else:
try:
self._THRESHOLD = int(threshold)
except ValueError:
self.logger.log(
"Incorrent threshold, need an integer value.",
logtype="error"
)
sys.exit(0)
# Set count threshold
self._COUNT = self._THRESHOLD * 1000
# Initialize empty dicts to store IPs
self.tcp_ack = dict()
self.icmp_scan = dict()
self.udp_scan = dict()
self.fin_scan = dict()
self.xmas_scan = dict()
self.null_scan = dict()
self.os_scan = dict()
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self, args):
"""Initialize ArgsHelper"""
self.modulename = 'args_helper'
self.cred = {}
self.args = args
if self.args.debug:
self.cred['debug'] = self.args.debug
else:
self.cred['debug'] = False
if self.args.hist:
self.cred['history_logger'] = self.args.hist
else:
self.cred['history_logger'] = False
if self.args.clamav:
self.cred['clamav'] = self.args.clamav
else:
self.cred['clamav'] = False
if self.args.yara:
self.cred['yara'] = self.args.yara
else:
self.cred['yara'] = False
if self.args.skip_config_file:
self.cred['skip_config_file'] = self.args.skip_config_file
else:
self.cred['skip_config_file'] = False
# Initialize SecureTeaConf
self.securetea_conf = SecureTeaConf()
self.cred_provided = False
self.twitter_provided = False
self.telegram_provided = False
self.twilio_provided = False
self.slack_provided = False
self.aws_ses_provided = False
self.gmail_provided = False
self.firewall_provided = False
self.insecure_headers_provided = False
self.ids_provided = False
self.system_log_provided = False
self.server_log_provided = False
self.auto_server_patcher_provided = False
self.web_deface_provided = False
self.antivirus_provided = False
self.iot_checker_provided = False
self.server_mode = False
self.system_mode = False
self.iot_mode = False
self.social_eng_provided = False
# Setup logger
self.logger = logger.SecureTeaLogger(self.modulename,
self.cred['debug'])
def __init__(self,
interface=None,
debug=False,
ip_inbound=None,
ip_outbound=None,
protocols=None,
dns=None,
dports=None,
sports=None,
extensions=None,
action_inbound_IPRule=0,
action_outbound_IPRule=0,
action_DNSRule=0,
action_source_portRule=0,
action_dest_portRule=0,
action_HTTPResponse=1,
action_HTTPRequest=1,
action_protocolRule=0,
action_scanLoad=0):
"""Initilize PacketFilter class."""
self.logger = logger.SecureTeaLogger(__name__, debug)
# Initialize with empty list
if ip_inbound is None:
ip_inbound = []
if ip_outbound is None:
ip_outbound = []
if protocols is None:
protocols = []
if dns is None:
dns = []
if sports is None:
sports = []
if dports is None:
dports = []
if extensions is None:
extensions = []
self._action_inbound_IPRule = action_inbound_IPRule
self._action_outbound_IPRule = action_outbound_IPRule
self._action_protocolRule = action_protocolRule
self._action_DNSRule = action_DNSRule
self._action_source_portRule = action_source_portRule
self._action_dest_portRule = action_dest_portRule
self._action_HTTPRequest = action_HTTPRequest
self._action_HTTPResponse = action_HTTPResponse
self._action_scanLoad = action_scanLoad
self._IP_INBOUND = ip_inbound
self._IP_OUTBOUND = ip_outbound
self._PROTCOLS = protocols
self._DNS = dns
self._DPORTS = dports
self._SPORTS = sports
self._EXTENSIONS = extensions
# Initialize PcapWriter for PCAP dumping
self.pktdump = PcapWriter("blocked.pcap", append=True, sync=True)
def __init__(self, cred=None, debug=False):
"""
Initialize SecureTeaWAF.
Args:
cred (dict): Credentials for WAF
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
self.cred = cred
self.listen_ip = "127.0.0.1"
self.port = 8856
self.mode = 0
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# Check credentials
if self.cred:
if self.cred["listen_ip"]:
self.listen_ip = self.cred["listen_ip"]
if self.cred["listen_port"]:
self.port = int(self.cred["listen_port"])
if self.cred["mode"]:
self.mode = int(self.cred["mode"])
if self.cred["backend_server_config"]:
self.redirect_table = json.loads(
self.cred["backend_server_config"])
if self.redirect_table:
if os.getuid() == 0:
self.wafserver_obj = SecureteaWAF(
mode=self.mode,
port=self.port,
host=self.listen_ip,
debug=debug,
redirect_table=self.redirect_table)
else:
self.logger.log("Run as root", logtype="error")
sys.exit(1)
else:
self.logger.log(
"WAF HOST:SERVER Routing details not configured",
logtype="error")
def __init__(self, debug=False):
"""
Initialize SSHLogin.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(
__name__,
debug=debug
)
# OS name to SSH-log path map
self.system_log_map = {
"debian": "/var/log/auth.log"
}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log(
"Could not find path for the SSH-log file",
logtype="error"
)
return
else:
return
# Salt to generate hashed username
self.SALT = "<!@?>"
# Regex to extract invalid SSH login details
self.INVALID_USER = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).*' \
r'Invalid\suser\s([a-zA-Z0-9_-]+)\sfrom\s([0-9]+\.' \
r'[0-9]+\.[0-9]+\.[0-9]+)'
# Initialize username to IP dict
self.username_dict = dict()
# Set threshold to 5 attempts per second to detect brute-force
self.THRESHOLD = 5 # inter = 0.2
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
def __init__(self):
"""Init logger params."""
self.logger = logger.SecureTeaLogger(
self.modulename
)
self.integrations = [
'twitter',
'telegram',
'twilio',
'whatsapp'
]
def __init__(self):
"""Docstring."""
modulename = 'Core'
credentials = configurations.SecureTeaConf()
cred = credentials.get_creds()
self.logger = logger.SecureTeaLogger(modulename, cred['debug'])
self.twitter = secureTeaTwitter.SecureTeaTwitter(
cred['twitter'], cred['debug'])
self.logger.log("Welcome to SecureTea..!! Initializing System")
self.twitter.notify("Welcome to SecureTea..!! Initializing System")
def __init__(self, url=None, debug=False):
"""Initialize SecureTeaHeaders class."""
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
if url is None:
self.logger.log("URL not set.", logtype="error")
sys.exit(0)
else:
if self.verify_url(url):
self.url = url
else:
self.logger.log("Incorrect URL.", logtype="error")
sys.exit(0)
def __init__(self, interface=None, debug=False):
"""Initialize FirewallMonitor."""
self.logger = logger.SecureTeaLogger(self.module_name, debug)
self._SLEEP = 5
self.interface = interface
self.machine_ip = socket.gethostbyname(socket.gethostname())
self.open_ports = []
self.network_data = {'bytes_sent': 0, 'bytes_recv': 0}
self.process_list = []
self.services_list = []
def __init__(self, transport, timeout=5):
"""
Args:
data(bytes): Consists of the raw request.
"""
socket.setdefaulttimeout(timeout)
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.transport = transport
# Initialize Logger
self.logger = logger.SecureTeaLogger(__name__, debug=True)
def __init__(self, debug=False):
"""
Initialize FailedLogin.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
Working:
- Detect login attempts
- Detect password brute-force
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to auth-log path map
self.system_log_map = {"debian": "/var/log/auth.log"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the auth-log file",
logtype="error")
return
else:
return
# Salt to generate hashed username
self.SALT = "<!@?>"
# Regex to extract details
self.AUTH_FAILURE = r'^[a-zA-Z]+.*authentication failure.*\s'
self.USERNAME = r'(user=)([a-zA-Z0-9]+)'
self.MESSAGE_REPEAT = r'message repeated\s([0-9]+)'
# Initialize user to login attempt count dict
self.user_to_count = dict()
# Set threshold to 5 attempts per second to detect brute-force
self.THRESHOLD = 5 # inter = 0.2
def __init__(self, mode, redirect_table, debug=False):
"""
Initializing the variables
"""
self.mode = int(mode)
self.connect_request = []
self.redirect_table = redirect_table
self.is_connect = False
# Initialize Loggers
self.logger = logger.SecureTeaLogger(__name__, debug=True)
self.waflogger = WafLogger(__name__, debug=debug)
def setup_logger(debug):
"""
Setup logger.
Args:
debug (bool): Debug mode or not
Raises:
None
Returns:
None
"""
global utils_logger
utils_logger = logger.SecureTeaLogger(__name__, debug)
def __init__(self, debug=False):
"""
Initialize BGP Abuse class.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
def __init__(self, cred, debug):
"""Init logger params.
Args:
modulename (str): Script module name
cred (dict): Telegram user_id
"""
self.logger = logger.SecureTeaLogger(self.modulename, debug)
self.enabled = common.check_config(cred)
if not self.enabled:
self.logger.log(
"Credentials not present, please set Telegram config at ~/.securetea/securetea.conf ",
logtype="error")
self.token = cred['token']
self.user_id = cred['user_id']
def __init__(self, debug=False):
"""
Initialize ARPCache class.
Detect Man in The Middle Attack (MiTM) attacks.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
def __init__(self, debug=False):
"""
Initialize PortScan.
Args:
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = logger.SecureTeaLogger(__name__, debug=debug)
# OS name to auth-log path map
self.system_log_map = {"debian": "/var/log/auth.log"}
os_name = utils.categorize_os()
self.log_file = None
if os_name:
try:
self.log_file = self.system_log_map[os_name]
except KeyError:
self.logger.log("Could not find path for the auth-log file",
logtype="error")
return
else:
return
# Salt to generate hashed username
self.SALT = "<!@?>"
# Regex to extract Received disconnect
self.RECIEVED_DISCONNECT = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).' \
r'*Received\sdisconnect\sfrom\s([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'
# Initialize IP to count dict
self.ip_dict = dict()
# Set threshold to 5 attempts per second to detect port scan
self.THRESHOLD = 5 # inter = 0.2
# Initialize OSINT object
self.osint_obj = OSINT(debug=debug)
