def set_netmask(self):
if self.netmasktype is None:
self.set_device()
device_ip_reg_map = {'eth': "ether.*?\n.*?inet\s+(\d+\.\d+.\d+.\d+/\d+)",
'ib': "infiniband.*?\n.*?inet\s+(\d+\.\d+.\d+.\d+/\d+)"
}
if not self.netmasktype in device_ip_reg_map:
self.log.raiseException("set_netmask: can't get netmask for %s: unknown mode (device_ip_reg_map %s)" %
(self.netmasktype, device_ip_reg_map))
cmd = "/sbin/ip addr show"
ec, out = run_simple(cmd)
if ec > 0:
self.log.raiseException("set_netmask: failed to run cmd %s: %s" % (cmd, out))
reg = re.compile(r"" + device_ip_reg_map[self.netmasktype])
if not reg.search(out):
self.log.raiseException("set_netmask: can't get netmask for %s: no matches found (reg %s out %s)" %
(self.netmasktype, device_ip_reg_map[self.netmasktype], out))
res = []
for ipaddr_mask in reg.finditer(out):
ip = IP(ipaddr_mask.group(1), make_net=True)
network_netmask = "%s/%s" % (ip.net(), ip.netmask())
res.append(network_netmask)
self.log.debug("set_netmask: convert ipaddr_mask %s into network_netmask %s" %
(ipaddr_mask.group(1), network_netmask))
self.log.debug("set_netmask: return complete netmask %s" % res)
if len(res) > 0:
self.netmask = ":".join(res)
def is_ip_public(host):
ip_address = get_ip(host)
ip = IP(ip_address)
if ip.iptype() == 'PUBLIC':
return True
return False
def validate_ipv6_address(value):
try:
ip = IP(value)
except ValueError:
ip = None
if not ip or ip.version() == 4:
raise ValidationError(_(u"Enter a valid IPv6 address."), code="invalid")
def a_seg(self, ipaddr ):
ip = IP(ipaddr)
rev_zone = ip.reverseNames()
for item in rev_zone:
m = item.split(".")
a = m[0]
self.a = a
def _ipv6_check(self):
try:
address = IP(self.ip)
except ValueError:
return
if address.version() == 6:
self.ip = 'udp6:[%s]' % self.ip
def _is_ip_private(ip): """Determine if IP address belongs to a private address.""" is_private = False test_ip = IP(ip) if test_ip.iptype().lower() == 'private' or test_ip.iptype().lower() == 'loopback': is_private = True return is_private
def rplstats():
print request.json
print request.remote_addr
# convert source IP address to mac address
srcIP = IP(request.remote_addr)
srcs = srcIP.strNormal().split(":")[4:8]
src = ""
for s in srcs:
src += "%04x" % (int(s, 16))
print src
adr = None
if "adr" in request.json:
adr = request.json["adr"]
request.json["adr"] = (
adr[2:4] + adr[0:2] + adr[6:8] + adr[4:6] + adr[10:12] + adr[8:10] + adr[14:16] + adr[12:14]
)
event = {"event": {"name": "rplData", "src": src}}
event["event"].update(request.json)
rplData.data = event
rplData.set()
rplData.clear()
return Response("ok")
def pick_ip(self):
"""
Pick an IP-address in the network which hasn't been assigned yet.
Returns a string.
"""
assigned = self._ips_assigned()
network = IP("%s" % (self.cidr))
netaddress = network.net().ip
broadcast = network.broadcast().ip
poll_ip = netaddress + 1 # netaddress is in use already
found = False
while not found and poll_ip < broadcast:
poll_ip_str = IP(poll_ip).strNormal()
if poll_ip_str in assigned or poll_ip_str == IP(self.gateway).strNormal():
poll_ip += 1
continue
found = True
if found:
ip = poll_ip_str
else:
logger.warning("No more IP's available in network '%s'"%self)
ip = None
return ip
def getnwinfo(ips,isp):
try:
ip = IP(ips)
except ValueError:
return 'x'
try:
nw=ipasmap[ips]
nw=nw.strip()
except KeyError:
if ip.iptype()!='PRIVATE':
try:
ASinfo = requests.get('http://stat.ripe.net/data/prefix-overview/data.json?&resource='+ips).json()['data']['asns']
# print ASinfo,ips
if ASinfo:
nw=ASinfo[0]['holder']
else:
nw='unknown'
except requests.exceptions.ProxyError:
nw='unknown'
else:
nw=isp
if nw in ['AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services,IN','BHARTI-MOBILITY-AS-AP Bharti Airtel Ltd. AS for GPRS Service,IN',\
'BBIL-AP BHARTI Airtel Ltd.,IN','IDEANET1-IN Idea Cellular Limited,IN','MTNL-AP Mahanagar Telephone Nigam Ltd.,IN',\
'RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI,IN','BSNL-NIB National Internet Backbone,IN']:
nw=isp
return nw
def _ip_to_domainname(self, ipaddress):
"Returns the domain name for a given IP where known"
# self._debug('_ip_to_domainname('+str(ipaddress)+') called')
# validate IP address
# try:
adr = IP(ipaddress)
# PUT ERROR HANDLING IN HERE!
rdns = Rdns()
rdns.ip_address = adr.strNormal(0)
rdns.resolved_name = 'Unknown'
rdns.last_updated = datetime.datetime.utcnow()
# Attempt to locate in memory cache
for item in self.cache_rdns:
if item.ip_address == rdns.ip_address:
return item
# Couldn't find it in the list, check the database incase another process has added it
try:
if self.single_import:
# Shortcut if parallel import disabled
raise Rdns.DoesNotExist
rdns = Rdns.objects.get(ip_address = rdns.ip_address)
except Rdns.DoesNotExist:
# Go get the location for this address
rdns.country_code = self.geoip.country_code_by_addr(rdns.ip_address)
rdns.country_name = self.geoip.country_name_by_addr(rdns.ip_address)
rdns.save()
self.cache_rdns.insert(0,rdns)
return rdns
def validate_priv_ipv4_prefix(value):
try:
ip = IP(value)
except:
raise ValidationError('"%s" is not a IPv4/24 private network' % value)
if ip.version() != 4 or ip.strNetmask() != '255.255.255.0' or ip.iptype() != 'PRIVATE':
raise ValidationError('"%s" is not a IPv4/24 private network' % ip)
def _ip_to_domainname(self, ipaddress):
"""Returns the domain name for a given IP where known"""
# debug.onscreen('_ip_to_domainname('+str(ipaddress)+') called')
# These are partial ipaddress of the format nnn.nnn.x.x so replace the x with 0 as a guess.
if ipaddress and len(ipaddress)>8: # i.e. not None
adr = IP(ipaddress.replace('x','0'))
rdns = Rdns()
rdns.ip_address = adr.strNormal(0)
rdns.resolved_name = 'Partial'
rdns.last_updated = datetime.datetime.now(pytz.utc)
# Attempt to locate in memory cache
for item in self.cache_rdns:
if item.ip_address == rdns.ip_address:
return item
# Couldn't find it in the list
rdns.country_code = self.geoip.country_code_by_addr(rdns.ip_address)
rdns.country_name = self.geoip.country_name_by_addr(rdns.ip_address)
rdns.save()
self.cache_rdns.insert(0,rdns)
return rdns
else:
return None
def compute_net(self, vars):
"""Compute net, netmask and broadcast."""
if vars['cidr_ip'].count('/') != 1:
print '%s is not a CIDR IP address :/' % vars['cidr_ip']
sys.exit(True)
else:
vars['ip'], cidr_netmask = vars['cidr_ip'].split('/')
# check if we can build an ip with input
try :
net = IP(vars['cidr_ip'], make_net=True)
except:
print '%s is not a CIDR IP address :/' % vars['cidr_ip']
sys.exit(True)
if cidr_netmask != '32':
if self.is_a_network_address(vars['cidr_ip']):
msg = "Need cofee? you provided "\
"a network address : %s" % vars['cidr_ip']
print msg
sys.exit(True)
vars['netmask'] = net.netmask()
vars['broadcast'] = str(net.broadcast())
if cidr_netmask != '32':
if vars['ip'] == vars['broadcast']:
msg = "Need cofee? you provided "\
"the broadcast address %s of your network %s/%s" \
% (vars['ip'], net.net(), cidr_netmask)
print msg
sys.exit(True)
def _get_interface_ipv4_addresses(self,
ifindex_column='ipAdEntIfIndex',
netmask_column='ipAdEntNetMask'):
"""Get IPv4 address information for interfaces from a table
indexed by IpAddress. Default is the ipAddrTable.
"""
waiter = defer.waitForDeferred(
self.retrieve_columns((ifindex_column, netmask_column)))
yield waiter
address_rows = waiter.getResult()
addresses = set()
ignore_count = 0
for row_index, row in address_rows.items():
if len(row_index) != 4:
ignore_count += 1
continue
ip_address_string = ".".join([str(i) for i in row_index])
ip = IP(ip_address_string)
ifindex = row[ifindex_column]
netmask = row[netmask_column]
try:
prefix = ip.make_net(netmask)
except ValueError, err:
self._logger.warning(
"ignoring IP address %s due to invalid netmask %s (%s)",
ip, netmask, err)
else:
new_row = (ifindex, ip, prefix)
addresses.add(new_row)
def retL_process(self,original_message,host):
crc32,command,b_flag,ip_count = struct.unpack('IIII',original_message[:16])
node_in_info = 'this node ' + str(host) + ' has ' + str(ip_count) + ' descendant ip'
logger.debug(node_in_info)
base_pointer = 16
if(ip_count > 20):
return
#raise Exception(str(host)+ ' IP Count return from P2P Node Two Large : '+str(ip_count),'memory error')
private_ip_count = 0.0
for i in xrange(ip_count):
ip = struct.unpack('I',original_message[base_pointer:(base_pointer+4)])[0]
times_tamp = struct.unpack('I',original_message[base_pointer+4:base_pointer+8])[0]
node = ZeroAccessNode()
node.set_ip(ip)
node.set_udpport(self.udp_port)
node.set_time(times_tamp)
base_pointer = base_pointer + 8
z_ip = IP(socket.ntohl(ip))
if(z_ip.iptype() == 'PRIVATE'):
logger.debug('Private IP '+ socket.inet_ntoa(struct.pack('I',ip))+' from '+host[0])
private_ip_count+=1
continue
if not self.AlreadyQueryed(node):
self.insertGlobalMap(node)
self.nonQueryedNodes.put(node)
self.node_size_count+=1
if(self.node_size_count % 1000 == 0):
info = 'ZeroAccess Nodes Size Mounts to :'+str(self.node_size_count)
logger.info(info)
print info
if(private_ip_count > 0):
self.UpdateFakedRatioInfoOfNode(host[0],(private_ip_count/ip_count))
file_count = struct.unpack('I',original_message[base_pointer:base_pointer+4])[0]
base_pointer += 4
for i in range(file_count):
file_name = struct.unpack('I',original_message[base_pointer:base_pointer+4])[0]
file_timestamp = struct.unpack('I',original_message[base_pointer+4:base_pointer+8])[0]
file_size = struct.unpack('I',original_message[base_pointer+8:base_pointer+12])[0]
file_signature = struct.unpack(str(self.ZEROACCESS_FILE_HEADER_LENGTH)+'B',
original_message[base_pointer+12:base_pointer+12+self.ZEROACCESS_FILE_HEADER_LENGTH])
file_info = ZeroAccessFileInfo()
#file_info.set_filename(str(hex(file_name)))
file_info.set_filename(file_name)
file_info.set_timestamp(file_timestamp)
file_info.set_filesize(file_size)
file_info.set_sig(file_signature)
self.insertFileInfo(file_info,host)
base_pointer+=12+self.ZEROACCESS_FILE_HEADER_LENGTH
logger.debug('received file count : '+str(file_count))
self.sendDatagram()
def ping(cls, ip):
"""
@summary: Ping a server with a IP
@param ip: IP address to ping
@type ip: string
@return: True if the server was reachable, False otherwise
@rtype: bool
"""
address = IP(ip)
ip_address_version = address.version()
os_type = platform.system().lower()
ping_ipv4 = (cls.PING_IPV4_COMMAND_WINDOWS if os_type == 'windows'
else cls.PING_IPV4_COMMAND_LINUX)
ping_ipv6 = (cls.PING_IPV6_COMMAND_WINDOWS if os_type == 'windows'
else cls.PING_IPV6_COMMAND_LINUX)
ping_command = ping_ipv6 if ip_address_version == 6 else ping_ipv4
command = '{command} {address}'.format(
command=ping_command, address=ip)
process = subprocess.Popen(command, shell=True,
stdout=subprocess.PIPE)
process.wait()
try:
packet_loss_percent = re.search(
cls.PING_PACKET_LOSS_REGEX,
process.stdout.read()).group(1)
except Exception:
# If there is no match, fail
return False
return packet_loss_percent != '100'
def init():
# init global var
global total_mem
total_mem = ps.virtual_memory()[0]/1024/1024 # use MB
logging.debug('total_mem: {}'.format(total_mem))
global ip
for nic,addrs in ps.net_if_addrs().items():
for addr in addrs:
if addr.family==socket.AF_INET:
_ip = IP(addr.address)
if _ip.iptype()=='PUBLIC':
ip = str(_ip)
logging.debug('public ip: {}'.format(ip))
#singleton
for proc in ps.process_iter():
try:
pinfo = proc.as_dict(attrs=['pid', 'name', 'cmdline', 'create_time', 'memory_info', 'memory_percent'])
except:
pass
else:
for x in pinfo['cmdline']:
if 'sscontrol' in x and pinfo['pid']!=os.getpid():
proc.kill()
def clean_red(self):
data = self.cleaned_data['red']
try:
red_ip = IP(data)
except:
raise forms.ValidationError("Formato de red erroneo.")
return red_ip.strNormal()
def mac2eui64(mac, prefixstr):
try:
prefix = IP(prefixstr)
except ValueError:
raise Exception("Invalid IPv6 prefix '%s'" % prefixstr)
if prefix.version() != 6:
raise Exception("%s is not a valid IPv6 prefix" % prefixstr)
if prefix.prefixlen() != 64:
raise Exception("Cannot generate an EUI-64 address on a non-64 subnet")
mac_parts = mac.split(":")
pfx_parts = prefix.net().strFullsize().split(":")
if len(mac_parts) != 6:
raise Exception("%s is not a valid MAC-48 address" % mac)
eui64 = mac_parts[:3] + ["ff", "fe"] + mac_parts[3:]
eui64[0] = "%02x" % (int(eui64[0], 16) ^ 0x02)
ip = ":".join(pfx_parts[:4])
for l in range(0, len(eui64), 2):
ip += ":%s" % "".join(eui64[l:l + 2])
return IP(ip).strCompressed()
def startExploration(self):
def doWork(remaining):
for ip in remaining:
d = self.startExploreIP(ip)
d.addErrback(self.reportError, ip)
yield d
if self.exploring:
raise CollectorAlreadyRunning(
"Exploration still running")
self.exploring = True
print "Start exploring ..."
# Expand list of IP to explore
ip = IP("192.168.0.0/24")
remaining = [x for x in ip
if x != ip.net() and x != ip.broadcast()]
# Start exploring
dl = []
coop = task.Cooperator()
work = doWork(remaining)
THREADS = 4
for i in xrange(THREADS): #IGNORE:W0612
d = coop.coiterate(work)
dl.append(d)
defer.DeferredList(dl).addCallback(self.stopExploration)
def getCoordinates():
log = open('/var/log/ufw.log', 'r')
coordinates = []
tempip = {}
for entry in log.readlines():
kval = {}
for raw in entry.split():
try:
(key, value) = raw.split('=')
kval[key] = value
except:
pass
ip = IP(kval['SRC'])
if ip.iptype() != 'PRIVATE':
try:
tempip[kval['SRC']] = 1 + tempip[kval['SRC']]
except KeyError:
tempip[kval['SRC']] = 1
for blockedip in tempip:
try:
rawweb = urllib.urlopen('http://api.hostip.info/get_html.php?ip='+ blockedip +'&position=true').read()
except IOError:
rawweb = urllib.urlopen('http://api.hostip.info/get_html.php?ip='+ blockedip +'&position=true').read()
response = {}
for l in rawweb.splitlines():
if len(l) > 1:
(key, value) = l.split(':')
response[key] = value
coordinates.append(response)
print "Z",
time.sleep(5)
return coordinates
def test_dhcpd_conf_is_correctly_written(self):
"""
Check that /etc/dhcp3/dhcpd.conf is correctly written
"""
filename = "/etc/dhcp3/dhcpd.conf"
net = IP(self.test_dhcp['net_label'])
subnet = str(net.net())
netmask = str(net.strNetmask())
start = self.test_dhcp['start']
end = self.test_dhcp['end']
dns_server = self.test_dhcp['dns_server']
router = self.test_dhcp['router']
IPV4 = "((25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)\.){3}(25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)"
_sp = lambda stmt: "\s*%s\s*\n" % stmt
expected = _sp("subnet %s netmask %s {" % (subnet, netmask))
# domain-name-servers here only if dns_server configured
if dns_server != UNSET and self.configure_dns:
expected += _sp('option domain-name-servers %s;' % dns_server)
if router != UNSET and self.configure_router:
expected += _sp('option routers %s;' % router)
else:
expected += _sp('option routers %s;' % IPV4)
expected += _sp("pool {")
expected += _sp("range %s %s;" % (start, end))
expected += _sp('}')
expected += _sp('}')
self.correctly_written(filename, (expected,))
def arpanize(value):
"""
Converts a IPv4 (range) to reversed DNS style arpa notation
Usage:
{{{ <variable>|arpanize }}}
I.e.:
{% assign broadcast = '192.168.1.0' %}
{{{ broastcast|arpanize }}}
Results in output:
1.168.192.in-addr.arpa
"""
# deprecate me: use reverse_name
try:
ip = IP( value )
except ValueError:
return ''
if ip.version() == 4:
ip_blocks = value.split('.')
reverse_block = [ ip_blocks[2], ip_blocks[1], ip_blocks[0], 'in-addr.arpa' ]
elif ip.version() == 6:
print 'FATAL ERROR: arpanize: does not support IPv6 address(es): %s' %( value )
sys.exit(1)
return string.join( reverse_block, '.' )
def base_net(value):
"""
Converts a IPv4 (range) to it's first 3 octects
Usage:
{{{ <variable>|base_net }}}
I.e.:
{% assign broadcast = '192.168.1.0' %}
{{{ broastcast|base_net }}}
Results in output:
192.168.1
"""
try:
ip = IP( value )
except ValueError:
return ''
if ip.version() == 4:
ip_blocks = IP( value ).net().strNormal().split('.')
base_net = string.join( ip_blocks[:3], '.' )
elif ip.version() == 6:
print 'FATAL ERROR: base_net: does not support IPv6 address(es): %s' %( value )
sys.exit(1)
return string.join( ip_blocks[:3], '.' )
def ip_last_digit(value):
"""
Return's a IP's last digit
Usage:
{{{ <variable>|ip_last_digit }}}
I.e.:
{% assign myip4 = '192.168.1.123' %}
{% assign myip6 = 'fd6b:be97:63d8:749f::123' %}
ip4 last digit = {{{ myip4|ip_last_digit }}}
ip6 last digit {{{ myip6|ip_last_digit }}}
Results in output:
ip4 last digit = 123
ip6 last digit = 123
"""
try:
ip = IP( value )
except ValueError:
return ''
if ip.version() == 4:
split_char = '.'
elif ip.version() == 6:
split_char = ':'
ip_blocks = IP( value ).strNormal().split( split_char )
return ip_blocks[-1]
def check_add_ip_allocation(self, rack_object_id, name, ip_addr):
ipnet = IP(ip_addr)
ip_dec = int(ipnet.strDec())
sql_check = '''SELECT 1 FROM {0} WHERE object_id = %s AND ip = %s AND name = %s AND type = %s'''
sql_add = '\n'.join([
'INSERT IGNORE INTO {0}',
' ( object_id, ip, name, type )',
'VALUES',
' ( %s, %s, %s, %s )'
])
if ipnet.version() == 6:
sql_check = sql_check.format('IPv6Allocation')
sql_add = sql_add.format('IPv6Allocation')
else:
sql_check = sql_check.format('IPv4Allocation')
sql_add = sql_add.format('IPv4Allocation')
if name.startswith('lo'):
if_type = 'virtual'
else:
if_type = 'regular'
self._curs.execute(
sql_check, (rack_object_id, ip_dec, name, if_type))
if self._curs.rowcount:
return 0
self._curs.execute(sql_add, (rack_object_id, ip_dec, name, if_type))
return self._curs.rowcount
def isPrivateIP(ipAddressString):
try:
ipAddress = IP(ipAddressString)
ipType = ipAddress.iptype()
return ipType == "PRIVATE" or ipType == "LOOPBACK"
except:
return False
def vip_check(vips,check_str,exclude):
"""Check the `check_str` to see if it is valid, and import it into `vips`."""
check = check_str.split('/')
if len(check) != 3:
print "The argument %s provided does not have 3 '/' delimited arguments, terminating" % check_str
sys.exit(0) # This should be a return 0 to prevent the container from restarting.
try:
check_ip = IP(check[0])
except ValueError as e:
print "The IP %s does not appear to be a valid (returned %s), terminating..." % (check[0], e)
sys.exit(0) # This should be a return 0 to prevent the container from restarting.
try:
if check_ip.version() is 6 and (int(check[1]) > 128 or int(check[1]) < 0):
print "The subnet %s is not a valid subnet for an IPv6 address, terminating" % check[1]
sys.exit(0) # This should be a return 0 to prevent the container from restarting.
elif check_ip.version() is 4 and (int(check[1]) > 32 or int(check[1]) < 0):
print "The subnet %s is not a valid subnet for an IPv4 address, terminating" % check[1]
sys.exit(0) # This should be a return 0 to prevent the container from restarting.
except ValueError as e:
print "The subnet %s is not a valid intetge (returned %s), terminating" % (check[1], e)
if check[2] not in netifaces.interfaces():
print "The iface %s does not appear to be a valid interface on this host, terminating..." % check[2]
sys.exit(0) # This should be a return 0 to prevent the container from restarting.
vip_obj = { 'addr' : check_ip.strNormal(0), # Print string without a mask
'mask' : check[1], # Prefix length
'iface' : check[2], # Interface
'include' : bool(not exclude),
}
vips.append(vip_obj)
def check_add_ip_network(self, ip, netmask):
ipnet = IP(ip).make_net(netmask)
ip_dec = int(ipnet.strDec())
ip_prefixlen = ipnet.prefixlen()
sql_check = '''SELECT 1 FROM {0} WHERE ip = %s AND mask = %s'''
sql_add = '\n'.join([
'INSERT INTO {0}',
' ( ip, mask, name, comment )',
'VALUES',
'''( %s, %s, %s, 'Imported by ocs2rack' )''',
])
if ipnet.version() == 6:
sql_check = sql_check.format('IPv6Network')
sql_add = sql_add.format('IPv6Network')
else:
sql_check = sql_check.format('IPv4Network')
sql_add = sql_add.format('IPv4Network')
self._curs.execute(sql_check, (ip_dec, ip_prefixlen))
if self._curs.rowcount:
return 0
self._curs.execute(
sql_add, (ip_dec, ip_prefixlen, ipnet.reverseName()))
return self._curs.rowcount
def getInfo(IPaddr):
try: # Try to resolve the IP addr
hostName = gethostbyaddr(IPaddr)[0]
except:
hostName = 'UNRESOLVED'
# Convert IP to a valid IP object
ip = IPLIB(IPaddr)
# Do not proceed if the IP is private
if ip.iptype() == 'PRIVATE':
return 'Private IP, Host Name: ' + hostName
try:
# Iniialize the GEOIP object
geoIP = pygeoip.GeoIP('GeoIP.dat')
# Get the record info
ipRecord = geoIP.record_by_addr(IPaddr)
# Extract the country name
return 'Country: %s, Host: %s' % (ipRecord['country_name'], hostName)
except Exception, ex:
# GeoIP could not locate the IP addr
return 'Can\'t locate %s, Host: %s' % (IPaddr, hostName)
def test_out_of_bounds_negative_index_should_raise(self):
i = IPRange(IP('10.0.42.0'), IP('10.0.42.127'))
self.assertRaises(IndexError, lambda x: i[x], -129)
def monitor(domains):
""" domains is a list of Domain class objects """
dh = DreamHost(API_URL, API_KEY)
currentIp = ""
global PROWL_API_KEY
if PROWL_API_KEY != "":
logger.info("Setting up Prowl notifications...")
prowl = pyprowl.Prowl(apiKey=PROWL_API_KEY, appName="dh-dhs")
verifyKey = prowl.verify_key()
if verifyKey.get("status") == "success":
logger.info("Prowl API key successfully verified. Notifications enabled!")
else:
PROWL_API_KEY = ""
prowl = None
logger.error(
"Unable to verify Prowl API key. Disabling Prowl notifications. Error code: %s %s, message: %s",
verifyKey.get("status"),
verifyKey.get("message"),
verifyKey.get("errMsg"),
)
else:
prowl = None
while True: # Enter update loop
# Pull current domain info from DH
dhDomainResponse = dh.api_call(
dh.cmds["list"]
) # List all domains from DH account
if dhDomainResponse.get("result") == "success":
for data in [
data for data in dhDomainResponse.get("data") if data.get("type") == "A"
]:
dh.allDomains.update(
{
data.get("record"): {
"value": data.get("value"),
"editable": data.get("editable"),
"comment": data.get("comment"),
}
}
)
logger.debug("All A records from DreamHost: %s", format(dh.allDomains))
else:
logger.error(
"Error reported by DreamHost API: %s.", dhDomainResponse.get("data")
)
newIp = ""
validIp = False
# Get current IP
try:
newIp = requests.get("https://api.ipify.org").text.strip()
ipType = IP(newIp).iptype()
if ipType != "PUBLIC":
logger.warn(
"%s IP address detected: [%s]. PUBLIC IP required, ignoring.",
ipType,
newIp,
)
else:
logger.debug("%s IP address detected: [%s].", ipType, newIp)
validIp = True
except Exception as e:
logger.error("Error encountered while looking up current IP: %s.", e)
if not validIp:
try:
IP(
currentIp
) # Failed to look up current IP, so check if last known IP is valid
except ValueError as e:
logger.error(
"Last known IP is invalid: %s. Skipping domain check and sleeping for %i minutes.",
e,
UPDATE_INTERVAL,
)
else:
newIp = currentIp
validIp = True
logger.info("Checking domains against last known IP: [%s].", newIp)
if validIp:
for domain in domains:
addFlag = False
if dh.allDomains.get(domain.name):
# Monitored domain already exists
if dh.allDomains.get(domain.name).get("editable") == "0":
logger.warn("Domain %s is not editable, skipping.", domain.name)
if prowl: # Send Prowl notification
event = (
"Monitored DNS Record Not Editable: ["
+ domain.name
+ "]"
)
description = (
"Please check your configuration. Domain "
+ domain.name
+ " is monitored but DreamHost says it is not editable."
)
try:
prowlResult = prowl.notify(event, description)
if prowlResult.get("status") == "success":
logger.debug(
"Successfully sent notification to Prowl... Event: %s, Description: %s",
event,
description,
)
else:
logger.error(
"Failed to send notification to Prowl... Event: %s, Description: %s, Status code: %s %s, Error message: %s",
event,
description,
prowlResult.get("status"),
prowlResult.get("message"),
prowlResult.get("errMsg"),
)
except Exception as e:
logger.error(
"Failed to send notification to Prowl... Event: %s, Description: %s, Error message: %s",
event,
description,
e,
)
elif dh.allDomains.get(domain.name).get("value") == newIp:
logger.info("No update needed for %s.", domain.name)
else:
# Update needed - remove record and set flag to add it
logger.info(
"New IP detected for %s: [%s]. Deleting existing record.",
domain.name,
newIp,
)
dhRemoveResponse = dh.api_call(
dh.cmds["remove"]
+ "&type=A&record="
+ domain.name
+ "&value="
+ dh.allDomains.get(domain.name).get("value")
)
if dhRemoveResponse.get("result") == "success":
logger.info("Successfully deleted domain %s.", domain.name)
addFlag = True
else:
logger.error(
"Error deleting domain %s: %s.",
domain.name,
dhRemoveResponse.get("data"),
)
if prowl: # Send Prowl notification
event = (
"Failed to Delete DNS Record: [" + domain.name + "]"
)
description = (
"Domain "
+ domain.name
+ " needs to be updated with new IP ["
+ newIp
+ "], but the deletion failed.\nError message: "
+ dhRemoveResponse.get("data")
)
try:
prowlResult = prowl.notify(event, description)
if prowlResult.get("status") == "success":
logger.debug(
"Successfully sent notification to Prowl... Event: %s, Description: %s",
event,
description,
)
else:
logger.error(
"Failed to send notification to Prowl... Event: %s, Description: %s, Status code: %s %s, Error message: %s",
event,
description,
prowlResult.get("status"),
prowlResult.get("message"),
prowlResult.get("errMsg"),
)
except Exception as e:
logger.error(
"Failed to send notification to Prowl... Event: %s, Description: %s, Error message: %s",
event,
description,
e,
)
else:
# Monitored domain does not exist
logger.info("Domain %s does not exist.", domain.name)
addFlag = True
if addFlag:
if len(COMMENT) > 0:
comment = "&comment=" + quote_plus(
COMMENT.replace(
"{date}",
datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ"),
)
)
else:
comment = ""
dhAddResponse = dh.api_call(
dh.cmds["add"]
+ "&record="
+ domain.name
+ "&type=A&value="
+ newIp
+ comment
)
if dhAddResponse.get("result") == "success":
domain.lastUpdate = datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ"
)
logger.info(
"Successfully added domain %s with IP [%s].",
domain.name,
newIp,
)
if prowl: # Send Prowl notification
event = "DNS Record Updated: [" + domain.name + "]"
description = (
"Successfully updated domain "
+ domain.name
+ " with IP ["
+ newIp
+ "]."
)
try:
prowlResult = prowl.notify(event, description)
if prowlResult.get("status") == "success":
logger.debug(
"Successfully sent notification to Prowl... Event: %s, Description: %s",
event,
description,
)
else:
logger.error(
"Failed to send notification to Prowl... Event: %s, Description: %s, Status code: %s %s, Error message: %s",
event,
description,
prowlResult.get("status"),
prowlResult.get("message"),
prowlResult.get("errMsg"),
)
except Exception as e:
logger.error(
"Failed to send notification to Prowl... Event: %s, Description: %s, Error message: %s",
event,
description,
e,
)
else:
logger.error(
"Error adding domain %s: %s.",
domain.name,
dhAddResponse.get("data"),
)
if prowl: # Send Prowl notification
event = "DNS Record Update Failed: [" + domain.name + "]"
description = (
"Failed to update domain "
+ domain.name
+ " with IP ["
+ newIp
+ "]:\n"
+ dhAddResponse.get("data")
)
try:
prowlResult = prowl.notify(event, description)
if prowlResult.get("status") == "success":
logger.debug(
"Successfully sent notification to Prowl... Event: %s, Description: %s",
event,
description,
)
else:
logger.error(
"Failed to send notification to Prowl... Event: %s, Description: %s, Status code: %s %s, Error message: %s",
event,
description,
prowlResult.get("status"),
prowlResult.get("message"),
prowlResult.get("errMsg"),
)
except Exception as e:
logger.error(
"Failed to send notification to Prowl... Event: %s, Description: %s, Error message: %s",
event,
description,
e,
)
currentIp = newIp
logger.info(
"Done checking/updating domains. Sleeping for %i minutes.",
UPDATE_INTERVAL,
)
sleep(UPDATE_INTERVAL * 60)
def handle_data(self):
temp_list = list()
dict_ip_count = dict()
for subdomain, cname_list in self.dict_cname.items():
for cname in cname_list:
if (self.check_cdn(cname)):
self.dict_cname[subdomain] = "Yes"
else:
self.dict_cname[subdomain] = "No"
for subdomain, ip_list in self.dict_ip.items():
ip_str = str(sorted(ip_list))
if (dict_ip_count.__contains__(ip_str)):
if (dict_ip_count[ip_str] > config.ip_max_count):
temp_list.append(subdomain)
else:
dict_ip_count[ip_str] = dict_ip_count[ip_str] + 1
else:
dict_ip_count[ip_str] = 1
for filter_ip in config.waiting_fliter_ip:
if (filter_ip in ip_str):
temp_list.append(subdomain)
subdomain_white = []
for subdomain1, ip_list1 in self.dict_ip.items():
for subdomain2, ip_list2 in self.dict_ip.items():
if not sys.version > '3':
if (((str('.') + subdomain1) in subdomain2)
and cmp(ip_list1, ip_list2)
and subdomain1 != self.target_domain):
subdomain_white.append(subdomain1)
else:
if (((str('.') + subdomain1) in subdomain2)
and ip_list1 == ip_list2
and subdomain1 != self.target_domain):
subdomain_white.append(subdomain1)
subdomain_black = set()
for subdomain1 in subdomain_white:
i = 0
for subdomain3, ip_list1 in self.dict_ip.items():
if (str('.') + subdomain1) in subdomain3:
subdomain_black.add(str(sorted(self.dict_ip[subdomain3])))
i = i + 1
#print(subdomain_black)
if (i > 15 and len(subdomain_black) == 1):
temp_list.append(subdomain3)
for subdomain in temp_list:
try:
del self.dict_ip[subdomain]
del self.dict_cname[subdomain]
del self.dict_ip_block[subdomain]
except Exception:
pass
# self.found_count = self.found_count + self.dict_ip_block.__len__()
self.found_count = self.dict_ip.__len__()
for subdomain, ip_list in self.dict_ip_block.items():
if (str(subdomain).count(".") < self.level):
self.queue_sub.put(str(subdomain))
for ip in ip_list:
if (IP(ip).iptype() == 'PRIVATE'):
self.dict_ip[subdomain] = "private({ip})".format(ip=ip)
else:
try:
key_yes = self.dict_cname[subdomain]
except KeyError:
key_yes = "No"
if (key_yes == "No"):
CIP = (IP(ip).make_net("255.255.255.0"))
if CIP in self.ip_flag:
self.ip_flag[CIP] = self.ip_flag[CIP] + 1
else:
self.ip_flag[CIP] = 1
if CIP in self.active_ip_dict:
active_ip_list = self.active_ip_dict[CIP]
if (ip not in active_ip_list):
active_ip_list.append(ip)
self.active_ip_dict[CIP] = active_ip_list
else:
active_ip_list = []
active_ip_list.append(ip)
self.active_ip_dict[CIP] = active_ip_list
def main():
p = optparse.OptionParser(
description=
' Finds modbus devices in IP range and determines slave id.\nOutputs in ip:port <tab> sid format.',
prog='modscan',
version='modscan 0.1',
usage="usage: %prog [options] IPRange")
p.add_option('--port',
'-p',
type='int',
dest="port",
default=502,
help='modbus port DEFAULT:502')
p.add_option('--timeout',
'-t',
type='int',
dest="timeout",
default=500,
help='socket timeout (mills) DEFAULT:500')
p.add_option('--aggressive',
'-a',
action='store_true',
help='continues checking past first found SID')
p.add_option('--function',
'-f',
type='int',
dest="function",
default=17,
help='MODBUS Function Code DEFAULT:17')
p.add_option('--data',
type='string',
dest="fdata",
help='MODBUS Function Data. Unicode escaped "\x00\x01"')
p.add_option('-v',
'--verbose',
action='store_true',
help='returns verbose output')
p.add_option('-d',
'--debug',
action='store_true',
help='returns extremely verbose output')
options, arguments = p.parse_args()
#make sure we have at least 1 argument (IP Addresses)
if len(arguments) == 1:
#build basic packet for this test
"""
Modbus Packet Structure
\x00\x00 \x00\x00 \x00\x00 \x11 \x00 <=================>
Trans ID ProtoID(0) Length UnitID FunctCode Data len(0-253byte)
"""
#this must be stored in a unsigned byte aray so we can make the assignment later... no string[] in python :(
rsid = array.array('B')
rsid.fromstring("\x00\x00\x00\x00\x00\x02\x01\x01")
#set function
rsid[7] = options.function
#add function data
if (options.fdata):
aFData = array.array('B')
#we must decode the escaped unicode before calling fromstring otherwise the literal \xXX will be interpreted
aFData.fromstring(options.fdata.decode('unicode-escape'))
rsid += aFData
#update length
rsid[5] = len(aFData) + 2
#assign IP range
iprange = IP(arguments[0])
#print friendly user message
print "Starting Scan..."
#primary loop over IP addresses
for ip in iprange:
#print str(ip)+" made it"
#loop over possible sid values (1-247)
for sid in range(1, 247):
#error messaging
fError = 0
msg = str(ip) + ":" + str(options.port) + "\t" + str(sid)
#print "msg="+msg
#Wrap connect in a try box
try:
#socket object instantiation
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#set socket timeout, value from cmd is in mills
s.settimeout(float(options.timeout) / float(1000))
#connect requires ip addresses in string format so it must be cast
s.connect((str(ip), options.port))
except socket.error:
#clean up
fError = 1
msg += "\tFAILED TO CONNECT"
s.close()
break
#end try
#send query to device
try:
#set slave id
rsid[6] = sid
#send data to device
s.send(rsid)
except socket.error:
#failed send close socket
fError = 1
msg += "\tFAILED TO SEND"
s.close()
break
#end try
try:
#recieve data
data = s.recv(1024)
except socket.timeout:
fError = 1
msg += "\tFAILED TO RECV"
break
#end try
#examine response
if data:
#parse response
resp = array.array('B')
resp.fromstring(data)
if (options.debug):
print "Recieved: " + str(resp)
print(int(resp[7]) == int(options.function))
#if the function matches the one sent we are all good
if (int(resp[7]) == int(options.function)):
print msg
#in aggressive mode we keep going
if (not options.aggressive):
break
#If the function matches the one sent + 0x80 a positive response error code is detected
elif int(resp[7]) == (int(options.function) + 128):
#if debug output message
msg += "\tPositive Error Response"
if (options.debug):
print msg
else:
#if debug output message
if (options.debug):
print msg
else:
fError = 1
msg += "\tFAILED TO RECIEVE"
s.close()
break
#end SID for
#report based on verbosity
if (options.verbose and fError):
print msg
elif (options.debug):
print msg
#end IP for
#close socket, no longer needed
#s.shutdown(socket.SHUT_RDWR)
s.close()
print "Scan Complete."
#bad number of arguments. print help
else:
p.print_help()
def test_assembled_ipv4_range_should_parse(self):
i = IPRange.from_string('10.0.42.0-127')
self.assertEquals(i[0], IP('10.0.42.0'))
self.assertEquals(i[-1], IP('10.0.42.127'))
def test_simple_ipv6_range_should_parse(self):
i = IPRange.from_string('fe80:700:1::-fe80:700:1::f')
self.assertEquals(i[0], IP('fe80:700:1::'))
self.assertEquals(i[-1], IP('fe80:700:1::f'))
def test_simple_ipv4_range_should_parse(self):
i = IPRange.from_string('10.0.42.0-10.0.42.63')
self.assertEquals(i[0], IP('10.0.42.0'))
self.assertEquals(i[-1], IP('10.0.42.63'))
def test_ipv6_range_length_should_be_correct(self):
i = IPRange(IP('fe80:700:1::'), IP('fe80:700:1::f'))
self.assertEquals(len(i), 16)
def test_ipv4_short_subnet_should_parse(self):
i = IPRange.from_string('10.0.99/24')
self.assertEquals(i[0], IP('10.0.99.0'))
self.assertEquals(i[-1], IP('10.0.99.255'))
def test_indexed_access_should_work(self):
i = IPRange(IP('10.0.42.0'), IP('10.0.42.127'))
self.assertEquals(i[5], IP('10.0.42.5'))
def check_ip(ip):
try:
IP(ip)
return(ip)
except ValueError:
return socket.gethostbyname(ip)
def test_ipv4_range_length_should_be_correct(self):
i = IPRange(IP('10.0.42.0'), IP('10.0.42.127'))
self.assertEquals(len(i), 128)
#!/usr/bin/env python
# -*- coding:UTF-8 -*-
from IPy import IP
import os
#os.system('wget http://www.mylinuxer.com/down/IPy-0.82a.tar.gz')
#os.system('tar -zxvf IPy-0.82a.tar.gz -C /opt/')
#os.system('cd /opt/python-ipy-IPy-0.82a')
#os.system('python setup.py install')
ip_s = raw_input('请输入您的IP地址或者网段: ')
ips = IP(ip_s)
if len(ips) > 1:
print '输出网络地址'
print('net: %s\n' % ips.net())
print '输出网络掩码地址'
print('netmask: %s\n' % ips.netmask())
print '输出网络广播地址'
print('broadcast: %s\n' % ips.broadcast())
print '输出地址方向解析'
print('reverse address: %s\n' % ips.reverseNames()[0])
print '输出网络子网数'
print('subnet: %s\n' % len(ips))
else:
print '输出IP方向解析'
print('reverse address: %s\n ' % ips.reverseNames()[0])
print '\033[3m输出十六进制地址\033[0m'
print('hexadecimal: %s\n' % ips.strHex())
print '输出二进制地址'
print('binary ip: %s\n' % ips.strBin())
print '输出地址类型,如PRIVATE,PUBLIC,LOOPBACK等'
print('iptype: %s\n' % ips.iptype())
def test_assembled_ipv6_range_should_parse(self):
i = IPRange.from_string('fe80:700:1::aaa-fff')
self.assertEquals(i[0], IP('fe80:700:1::aaa'))
self.assertEquals(i[-1], IP('fe80:700:1::fff'))
def startpy(ip_input):
ip = IP(ip_input)
details = ip.iptype()
#print (ip)
print(details)
def IPauto(ipl):
ipr = IP(ipl)
for ip in ipr:
ipList.append(str(ip))
def ipy_len(t):
(prefix, hostid) = t
return IP(prefix).len()
key="filter.traffic.domains",
caching=60,
default=set(),
cb_load=lambda raw: set(raw.lower().split(",")) if raw else set())
filtered_urls_config = sniffer_config.item(
key="filter.traffic.urls",
caching=60,
default=set(),
cb_load=lambda raw: set(raw.lower().split(",")) if raw else set())
filtered_clients_config = sniffer_config.item(
key="filter.traffic.client_ips",
caching=60,
default=set(),
cb_load=lambda raw: {IP(_)
for _ in (raw.split(",") if raw else set())})
filtered_servers_config = sniffer_config.item(
key="filter.traffic.server_ips",
caching=60,
default=set(),
cb_load=lambda raw: {IP(_)
for _ in (raw.split(",") if raw else [])})
encrypt_keys_config = sniffer_config.item(
key="filter.encryption.names",
default={"passwd", "password"},
caching=60,
cb_load=lambda raw: set(raw.lower().split(",")) if raw else set())
encrypt_salt_config = sniffer_config.item(key="filter.encryption.salt",
caching=60,
def generate_random():
while True:
ip = IPy(socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))))
if ip.iptype() == 'PUBLIC':
return str(ip)
def list(self, **post):
src_ip = post['source_ip'].strip()
dst_ip = post['dst_ip'].strip()
objects = []
objs = http.request.env['ccb_firewall.needs'].search([])
if src_ip.lower() == "any":
if dst_ip.lower() == "any":
#return http.request.render('ccb_firewall.listing', {
#'root': '/ccb_firewall/needs',
#'objects': http.request.env['ccb_firewall.needs'].search([]).ids,
#})
return repr(http.request.env['ccb_firewall.needs'].search(
[]).ids)
else:
for obj in objs:
if obj.dst_ip.strip().find('.') < 0:
continue
if obj.dst_ip.strip().find('\r\n') >= 0:
dsts = obj.dst_ip.strip().split('\r\n')
elif obj.dst_ip.strip().find('\n') >= 0:
dsts = obj.dst_ip.strip().split('\n')
elif obj.dst_ip.strip().find('\r') >= 0:
dsts = obj.dst_ip.strip().split('\r')
else:
dsts = obj.dst_ip.strip().split(' ')
if obj.dst_ip.strip() == "any":
objects.append(obj.id)
else:
for dst in dsts:
dst = dst.strip()
if IP(dst_ip) in IP(dst):
objects.append(obj.id)
break
#return http.request.render('ccb_firewall.listing', {
#'root': '/ccb_firewall/needs',
#'objects': objects,
#})
return repr(objects)
else:
if dst_ip.lower() == "any":
for obj in objs:
if obj.source_ip.strip().find('.') < 0:
continue
if obj.source_ip.strip().find('\r\n') >= 0:
srcs = obj.source_ip.strip().split('\r\n')
elif obj.source_ip.strip().find('\n') >= 0:
srcs = obj.source_ip.strip().split('\n')
elif obj.source_ip.strip().find('\r') >= 0:
srcs = obj.source_ip.strip().split('\r')
else:
srcs = obj.source_ip.strip().split(' ')
if obj.source_ip.strip() == "any":
objects.append(obj.id)
else:
for src in srcs:
src = src.strip()
if IP(src_ip) in IP(src):
objects.append(obj.id)
break
#return http.request.render('ccb_firewall.listing', {
#'root': '/ccb_firewall/needs',
#'objects': objects,
#})
return repr(objects)
else:
for obj in objs:
if obj.source_ip.strip().find(
'.') < 0 or obj.dst_ip.strip().find('.') < 0:
continue
if obj.source_ip.strip().find('\r\n') >= 0:
srcs = obj.source_ip.strip().split('\r\n')
elif obj.source_ip.strip().find('\n') >= 0:
srcs = obj.source_ip.strip().split('\n')
elif obj.source_ip.strip().find('\r') >= 0:
srcs = obj.source_ip.strip().split('\r')
else:
srcs = obj.source_ip.strip().split(' ')
if obj.dst_ip.strip().find('\r\n') >= 0:
dsts = obj.dst_ip.strip().split('\r\n')
elif obj.dst_ip.strip().find('\n') >= 0:
dsts = obj.dst_ip.strip().split('\n')
elif obj.dst_ip.strip().find('\r') >= 0:
dsts = obj.dst_ip.strip().split('\r')
else:
dsts = obj.dst_ip.strip().split(' ')
if obj.dst_ip.strip() == "any" and obj.source_ip.strip(
) == "any":
objects.append(obj.id)
else:
for src in srcs:
src = src.strip()
if obj.dst_ip.strip() == "any":
if IP(src_ip) in IP(src):
objects.append(obj.id)
break
elif src == "any":
for dst in dsts:
dst = dst.strip()
if IP(dst_ip) in IP(dst):
objects.append(obj.id)
break
else:
continue
break
else:
for dst in dsts:
dst = dst.strip()
if IP(src_ip) in IP(src) and IP(
dst_ip) in IP(dst):
objects.append(obj.id)
break
else:
continue
break
#return http.request.render('ccb_firewall.listing', {
#'root': '/ccb_firewall/needs',
#'objects': objects,
#})
return repr(objects)
def parse(self, data):
nametodns = DNSChef().nametodns
nameservers = DNSChef().nameservers
hsts = DNSChef().hsts
hstsconfig = DNSChef().real_records
server_address = DNSChef().server_address
clientip = {"clientip": self.client_address[0]}
response = ""
try:
# Parse data as DNS
d = DNSRecord.parse(data)
except Exception as e:
log.info("Error: invalid DNS request", extra=clientip)
else:
# Only Process DNS Queries
if QR[d.header.qr] == "QUERY":
# Gather query parameters
# NOTE: Do not lowercase qname here, because we want to see
# any case request weirdness in the logs.
qname = str(d.q.qname)
# Chop off the last period
if qname[-1] == '.': qname = qname[:-1]
qtype = QTYPE[d.q.qtype]
# Find all matching fake DNS records for the query name or get False
fake_records = dict()
for record in nametodns:
fake_records[record] = self.findnametodns(
qname, nametodns[record])
if hsts:
if qname in hstsconfig:
response = self.hstsbypass(hstsconfig[qname], qname,
nameservers, d)
return response
elif qname[:4] == 'wwww':
response = self.hstsbypass(qname[1:], qname,
nameservers, d)
return response
elif qname[:3] == 'web':
response = self.hstsbypass(qname[3:], qname,
nameservers, d)
return response
# Check if there is a fake record for the current request qtype
if qtype in fake_records and fake_records[qtype]:
fake_record = fake_records[qtype]
# Create a custom response to the query
response = DNSRecord(DNSHeader(id=d.header.id,
bitmap=d.header.bitmap,
qr=1,
aa=1,
ra=1),
q=d.q)
log.info("Cooking the response of type '{}' for {} to {}".
format(qtype, qname, fake_record),
extra=clientip)
# IPv6 needs additional work before inclusion:
if qtype == "AAAA":
ipv6 = IP(fake_record)
ipv6_bin = ipv6.strBin()
ipv6_hex_tuple = [
int(ipv6_bin[i:i + 8], 2)
for i in xrange(0, len(ipv6_bin), 8)
]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](ipv6_hex_tuple)))
elif qtype == "SOA":
mname, rname, t1, t2, t3, t4, t5 = fake_record.split(
" ")
times = tuple([int(t) for t in [t1, t2, t3, t4, t5]])
# dnslib doesn't like trailing dots
if mname[-1] == ".": mname = mname[:-1]
if rname[-1] == ".": rname = rname[:-1]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](mname, rname, times)))
elif qtype == "NAPTR":
order, preference, flags, service, regexp, replacement = fake_record.split(
" ")
order = int(order)
preference = int(preference)
# dnslib doesn't like trailing dots
if replacement[-1] == ".":
replacement = replacement[:-1]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](order, preference, flags,
service, regexp,
DNSLabel(replacement))))
elif qtype == "SRV":
priority, weight, port, target = fake_record.split(" ")
priority = int(priority)
weight = int(weight)
port = int(port)
if target[-1] == ".": target = target[:-1]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](priority, weight, port,
target)))
elif qtype == "DNSKEY":
flags, protocol, algorithm, key = fake_record.split(
" ")
flags = int(flags)
protocol = int(protocol)
algorithm = int(algorithm)
key = base64.b64decode(("".join(key)).encode('ascii'))
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](flags, protocol, algorithm,
key)))
elif qtype == "RRSIG":
covered, algorithm, labels, orig_ttl, sig_exp, sig_inc, key_tag, name, sig = fake_record.split(
" ")
covered = getattr(QTYPE,
covered) # NOTE: Covered QTYPE
algorithm = int(algorithm)
labels = int(labels)
orig_ttl = int(orig_ttl)
sig_exp = int(
time.mktime(
time.strptime(sig_exp + 'GMT',
"%Y%m%d%H%M%S%Z")))
sig_inc = int(
time.mktime(
time.strptime(sig_inc + 'GMT',
"%Y%m%d%H%M%S%Z")))
key_tag = int(key_tag)
if name[-1] == '.': name = name[:-1]
sig = base64.b64decode(("".join(sig)).encode('ascii'))
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](covered, algorithm, labels,
orig_ttl, sig_exp, sig_inc,
key_tag, name, sig)))
else:
# dnslib doesn't like trailing dots
if fake_record[-1] == ".":
fake_record = fake_record[:-1]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](fake_record)))
response = response.pack()
elif qtype == "*" and not None in fake_records.values():
log.info(
"Cooking the response of type '{}' for {} with {}".
format("ANY", qname, "all known fake records."),
extra=clientip)
response = DNSRecord(DNSHeader(id=d.header.id,
bitmap=d.header.bitmap,
qr=1,
aa=1,
ra=1),
q=d.q)
for qtype, fake_record in fake_records.items():
if fake_record:
# NOTE: RDMAP is a dictionary map of qtype strings to handling classses
# IPv6 needs additional work before inclusion:
if qtype == "AAAA":
ipv6 = IP(fake_record)
ipv6_bin = ipv6.strBin()
fake_record = [
int(ipv6_bin[i:i + 8], 2)
for i in xrange(0, len(ipv6_bin), 8)
]
elif qtype == "SOA":
mname, rname, t1, t2, t3, t4, t5 = fake_record.split(
" ")
times = tuple(
[int(t) for t in [t1, t2, t3, t4, t5]])
# dnslib doesn't like trailing dots
if mname[-1] == ".": mname = mname[:-1]
if rname[-1] == ".": rname = rname[:-1]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](mname, rname,
times)))
elif qtype == "NAPTR":
order, preference, flags, service, regexp, replacement = fake_record.split(
" ")
order = int(order)
preference = int(preference)
# dnslib doesn't like trailing dots
if replacement and replacement[-1] == ".":
replacement = replacement[:-1]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](order, preference,
flags, service,
regexp,
replacement)))
elif qtype == "SRV":
priority, weight, port, target = fake_record.split(
" ")
priority = int(priority)
weight = int(weight)
port = int(port)
if target[-1] == ".": target = target[:-1]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](priority, weight,
port, target)))
elif qtype == "DNSKEY":
flags, protocol, algorithm, key = fake_record.split(
" ")
flags = int(flags)
protocol = int(protocol)
algorithm = int(algorithm)
key = base64.b64decode(
("".join(key)).encode('ascii'))
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](flags, protocol,
algorithm, key)))
elif qtype == "RRSIG":
covered, algorithm, labels, orig_ttl, sig_exp, sig_inc, key_tag, name, sig = fake_record.split(
" ")
covered = getattr(
QTYPE, covered) # NOTE: Covered QTYPE
algorithm = int(algorithm)
labels = int(labels)
orig_ttl = int(orig_ttl)
sig_exp = int(
time.mktime(
time.strptime(sig_exp + 'GMT',
"%Y%m%d%H%M%S%Z")))
sig_inc = int(
time.mktime(
time.strptime(sig_inc + 'GMT',
"%Y%m%d%H%M%S%Z")))
key_tag = int(key_tag)
if name[-1] == '.': name = name[:-1]
sig = base64.b64decode(
("".join(sig)).encode('ascii'))
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](covered, algorithm,
labels, orig_ttl,
sig_exp, sig_inc,
key_tag, name, sig)))
else:
# dnslib doesn't like trailing dots
if fake_record[-1] == ".":
fake_record = fake_record[:-1]
response.add_answer(
RR(qname,
getattr(QTYPE, qtype),
rdata=RDMAP[qtype](fake_record)))
response = response.pack()
# Proxy the request
else:
log.debug(
"Proxying the response of type '{}' for {}".format(
qtype, qname),
extra=clientip)
nameserver_tuple = random.choice(nameservers).split('#')
response = self.proxyrequest(data, *nameserver_tuple)
return response
def do_mirrorlist(kwargs):
global logfile
def return_error(kwargs, message='', returncode=200):
d = dict(returncode=returncode,
message=message,
resulttype='mirrorlist',
results=[])
if 'metalink' in kwargs and kwargs['metalink']:
d['resulttype'] = 'metalink'
d['results'] = metalink_failuredoc(message)
return d
if not (kwargs.has_key('repo') \
and kwargs.has_key('arch')) \
and not kwargs.has_key('path'):
return return_error(
kwargs,
message='# either path=, or repo= and arch= must be specified')
file = None
cache = None
pathIsDirectory = False
if kwargs.has_key('path'):
path = kwargs['path'].strip('/')
# Strip duplicate "//" from the path
path = path.replace('//', '/')
header = "# path = %s " % (path)
sdir = path.split('/')
try:
# path was to a directory
cache = database['mirrorlist_cache']['/'.join(sdir)]
pathIsDirectory = True
except KeyError:
# path was to a file, try its directory
file = sdir[-1]
sdir = sdir[:-1]
try:
cache = database['mirrorlist_cache']['/'.join(sdir)]
except KeyError:
return return_error(kwargs,
message=header + 'error: invalid path')
dir = '/'.join(sdir)
else:
if u'source' in kwargs['repo']:
kwargs['arch'] = u'source'
repo = database['repo_redirect'].get(kwargs['repo'], kwargs['repo'])
arch = kwargs['arch']
header = "# repo = %s arch = %s " % (repo, arch)
if repo in database['disabled_repositories']:
return return_error(kwargs, message=header + 'repo disabled')
try:
dir = database['repo_arch_to_directoryname'][(repo, arch)]
if 'metalink' in kwargs and kwargs['metalink']:
dir += '/repodata'
file = 'repomd.xml'
else:
pathIsDirectory = True
cache = database['mirrorlist_cache'][dir]
except KeyError:
repos = database['repo_arch_to_directoryname'].keys()
repos.sort()
repo_information = header + "error: invalid repo or arch\n"
repo_information += "# following repositories are available:\n"
for i in repos:
if i[0] is not None and i[1] is not None:
repo_information += "# repo=%s&arch=%s\n" % i
return return_error(kwargs, message=repo_information)
# set kwargs['IP'] exactly once
try:
kwargs['IP'] = IP(kwargs['client_ip'])
except:
kwargs['IP'] = None
ordered_mirrorlist = cache.get('ordered_mirrorlist',
default_ordered_mirrorlist)
done = 0
location_results = set()
netblock_results = set()
asn_results = set()
internet2_results = set()
country_results = set()
geoip_results = set()
continent_results = set()
global_results = set()
header, location_results = do_location(kwargs, header)
requested_countries = []
if kwargs.has_key('country'):
requested_countries = uniqueify(
[c.upper() for c in kwargs['country'].split(',')])
# if they specify a country, don't use netblocks or ASN
if not 'country' in kwargs:
header, netblock_results = do_netblocks(kwargs, cache, header)
if len(netblock_results) > 0:
if not ordered_mirrorlist:
done = 1
if not done:
header, asn_results = do_asn(kwargs, cache, header)
if len(asn_results) + len(netblock_results) >= 3:
if not ordered_mirrorlist:
done = 1
clientCountry = client_ip_to_country(kwargs['IP'])
if clientCountry is None:
print_client_country = "N/A"
else:
print_client_country = clientCountry
if logfile and kwargs.has_key('repo') and kwargs.has_key('arch'):
msg = "IP: %s; DATE: %s; COUNTRY: %s; REPO: %s; ARCH: %s\n" % (
(kwargs['IP'] or 'None'), time.strftime("%Y-%m-%d"),
print_client_country, kwargs['repo'], kwargs['arch'])
logfile.write(msg)
logfile.flush()
if not done:
header, internet2_results = do_internet2(kwargs, cache, clientCountry,
header)
if len(internet2_results) + len(netblock_results) + len(
asn_results) >= 3:
if not ordered_mirrorlist:
done = 1
if not done and 'country' in kwargs:
header, country_results = do_country(kwargs, cache, clientCountry,
requested_countries, header)
if len(country_results) == 0:
header, continent_results = do_continent(kwargs, cache,
clientCountry,
requested_countries,
header)
done = 1
if not done:
header, geoip_results = do_geoip(kwargs, cache, clientCountry, header)
if len(geoip_results) >= minimum:
if not ordered_mirrorlist:
done = 1
if not done:
header, continent_results = do_continent(kwargs, cache, clientCountry,
[], header)
if len(geoip_results) + len(continent_results) >= minimum:
done = 1
if not done:
header, global_results = do_global(kwargs, cache, clientCountry,
header)
def _random_shuffle(s):
l = list(s)
random.shuffle(l)
return l
def _ordered_netblocks(s):
def ipy_len(t):
(prefix, hostid) = t
return IP(prefix).len()
v4_netblocks = []
v6_netblocks = []
for (prefix, hostid) in s:
ip = IP(prefix)
if ip.version() == 4:
v4_netblocks.append((prefix, hostid))
elif ip.version() == 6:
v6_netblocks.append((prefix, hostid))
# mix up the order, as sort will preserve same-key ordering
random.shuffle(v4_netblocks)
v4_netblocks.sort(key=ipy_len)
random.shuffle(v6_netblocks)
v6_netblocks.sort(key=ipy_len)
v4_netblocks = [t[1] for t in v4_netblocks]
v6_netblocks = [t[1] for t in v6_netblocks]
return v6_netblocks + v4_netblocks
def whereismymirror(result_sets):
return_string = 'None'
allhosts = []
found = False
for (l, s, f) in result_sets:
if len(l) > 0:
allhosts.extend(f(l))
if not found:
return_string = s
found = True
allhosts = uniqueify(allhosts)
return allhosts, return_string
result_sets = [
(location_results, "location", _random_shuffle),
(netblock_results, "netblocks", _ordered_netblocks),
(asn_results, "asn", _random_shuffle),
(internet2_results, "I2", _random_shuffle),
(country_results, "country", shuffle),
(geoip_results, "geoip", shuffle),
(continent_results, "continent", shuffle),
(global_results, "global", shuffle),
]
allhosts, where_string = whereismymirror(result_sets)
try:
ip_str = kwargs['IP'].strNormal()
except:
ip_str = 'Unknown IP'
log_string = "mirrorlist: %s found its best mirror from %s" % (
ip_str, where_string)
syslogger.info(log_string)
hosts_and_urls = append_path(allhosts,
cache,
file,
pathIsDirectory=pathIsDirectory)
protocols_trimmed = False
if 'protocol' in kwargs and kwargs['protocol']:
try:
# Expecting a single string as value
# of the parameter protocol.
# Trying to convert it to a tuple for
# the protocol trim function.
try_protocols = (kwargs['protocol'], )
hosts_and_urls = trim_to_preferred_protocols(
hosts_and_urls, try_protocols)
protocols_trimmed = True
header += 'protocol = %s ' % (kwargs['protocol'])
except:
pass
if 'time' in kwargs:
try:
# Last code modifying the header. Let's enter a newline
header += '\n# database creation time: %s' % (database['time'])
except:
pass
if 'metalink' in kwargs and kwargs['metalink']:
(resulttype, returncode, results) = metalink(cache, dir, file,
hosts_and_urls)
d = dict(message=None,
resulttype=resulttype,
returncode=returncode,
results=results)
return d
else:
if not protocols_trimmed:
hosts_and_urls = trim_to_preferred_protocols(hosts_and_urls)
d = dict(message=header,
resulttype='mirrorlist',
returncode=200,
results=hosts_and_urls)
return d
def set_ip_version(self):
"""Set IP version of the protocol."""
ip_addr = IPY_IP(self.dst_endpoint.ip_addr)
if ip_addr.version() == 6:
self.ip_version = 6
def set_ip_version(self):
"""Function identifies IP version of the protocol"""
ip_addr = IPY_IP(self.dst_endpoint.ip_addr)
if ip_addr.version() == 6:
self.ip_version = 6
def ip_kontrol(ip):
try:
IP(ip)
return (ip)
except ValueError:
return socket.gethostbyname(ip)
else:
return False
else:
return False
# log_path = "/var/log" if os.path.exists("/var/log") or os.makedirs("/var/log") else "/var/log"
log_path = "/var/log"
log_name = "." + os.path.splitext(os.path.basename(__file__))[0]
log = initLoggerWithRotate(logPath="/var/log", logName=log_name, singleLogFile=True)
log.setLevel(logging.INFO)
def is_valid_ipv4(ip, version=4):
from IPy import IP
try:
result = IP(ip, ipversion=version)
except ValueError:
return False
if result is not None and result != "":
return True
@roles('all')
def reset_ssh_public_host_key():
with settings(warn_only=False):
if confirm("Are you really want to reset ssh public key on this host? "):
print blue("Reconfigure openssh-server")
sudo("rm /etc/ssh/ssh_host_* && systemctl restart sshd")
else:
print green("user canceled this operation.")
r = requests.get(url, timeout=5)
if '/_cat/master' in r.content:
print Fore.RED + "[+] " + str(
ip) + ":9200 存在Elasticsearch存在未授权访问 [+]"
except Exception as e:
pass
print Fore.YELLOW + " [-] Sorry,Elasticsearch was not crack it [-] "
if __name__ == '__main__':
if len(sys.argv) == 1 or sys.argv[1] == '-h':
print "Usage : python crack-allDBs.py 192.168.1.1/24"
else:
localtime = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime())
print "The Scanning time is: ", localtime
print '-' * 88
print Fore.GREEN + "~~~~~ [*] Start it DB's servers open work! [*] ~~~~~"
print "~~~~~ [*] please wait a moment... [*] ~~~~~"
ips = IP(sys.argv[1], make_net=1) #接收传入的IP地址,加入'make_net'防止出错
for ip in ips:
t1 = threading.Thread(target=findservers(ip), args=(10, 15))
t1.setDaemon(True)
t1.start()
print Fore.WHITE + "-" * 88
print " [*] Report Boss Scan complete![*] "
ip_scan(str(ip)) time_end = time.time() t = time_end - time_start print 'worker3' + str(t) def worker_4(ip_list4): time_start = time.time() for ip in ip_list4: ip_scan(str(ip)) time_end = time.time() t = time_end - time_start print 'worker4' + str(t) if __name__ == '__main__': ip = sys.argv[1] ipp = IP(ip, make_net=True) ipx = [] # 调用IPy模块的IP函数,将IP地址段的每个IP存入列表 ipp = IP(ip, make_net=True) for x in ipp: ipx.append(x) # 去掉首尾代表子网和全部主机的IP ipx = ipx[1:-1] ip_list1=ipx[0:len(ipx)/4] ip_list2 = ipx[len(ipx) / 4:len(ipx)/2] ip_list3 = ipx[len(ipx)/2:len(ipx)/4*3] ip_list4 = ipx[len(ipx)/4*3:len(ipx)] p1 = multiprocessing.Process(target=worker_1, args=(ip_list1,)) p2 = multiprocessing.Process(target=worker_2, args=(ip_list2,)) p3 = multiprocessing.Process(target=worker_3, args=(ip_list3,)) p4 = multiprocessing.Process(target=worker_4, args=(ip_list4,))
def _setup_netns(self):
p = self.client_remote.run(args=['ip', 'netns', 'list'],
stderr=StringIO(),
stdout=StringIO(),
timeout=(5 * 60)).stdout.getvalue().strip()
# Get the netns name list
netns_list = re.findall(r'[^()\s][-.\w]+[^():\s]', p)
out = re.search(r"{0}".format(self.netns_name), p)
if out is None:
# Get an uniq nsid for the new netns
nsid = 0
p = self.client_remote.run(args=['ip', 'netns', 'list-id'],
stderr=StringIO(),
stdout=StringIO(),
timeout=(5 * 60)).stdout.getvalue()
while True:
out = re.search(r"nsid {} ".format(nsid), p)
if out is None:
break
nsid += 1
# Add one new netns and set it id
self.run_shell_payload(f"""
set -e
sudo ip netns add {self.netns_name}
sudo ip netns set {self.netns_name} {nsid}
""",
timeout=(5 * 60),
omit_sudo=False,
cwd='/')
self.nsid = nsid
else:
# The netns already exists and maybe suspended by self.kill()
self.resume_netns()
nsid = int(
re.search(r"{0} \(id: (\d+)\)".format(self.netns_name),
p).group(1))
self.nsid = nsid
return
# Get one ip address for netns
ips = IP(self.ceph_brx_net)
for ip in ips:
found = False
if ip == ips[0]:
continue
if ip == ips[-2]:
raise RuntimeError("we have ran out of the ip addresses")
for ns in netns_list:
ns_name = ns.split()[0]
args = [
'sudo', 'ip', 'netns', 'exec', '{0}'.format(ns_name), 'ip',
'addr'
]
try:
p = self.client_remote.run(args=args,
stderr=StringIO(),
stdout=StringIO(),
timeout=(5 * 60),
omit_sudo=False)
q = re.search("{0}".format(ip), p.stdout.getvalue())
if q is not None:
found = True
break
except CommandFailedError:
if "No such file or directory" in p.stderr.getvalue():
pass
if "Invalid argument" in p.stderr.getvalue():
pass
if found == False:
break
mask = self.ceph_brx_net.split('/')[1]
brd = IP(self.ceph_brx_net).broadcast()
log.info("Setuping the netns '{0}' with {1}/{2}".format(
self.netns_name, ip, mask))
# Setup the veth interfaces
brxip = IP(self.ceph_brx_net)[-2]
self.run_shell_payload(f"""
set -e
sudo ip link add veth0 netns {self.netns_name} type veth peer name brx.{nsid}
sudo ip netns exec {self.netns_name} ip addr add {ip}/{mask} brd {brd} dev veth0
sudo ip netns exec {self.netns_name} ip link set veth0 up
sudo ip netns exec {self.netns_name} ip link set lo up
sudo ip netns exec {self.netns_name} ip route add default via {brxip}
""",
timeout=(5 * 60),
omit_sudo=False,
cwd='/')
# Bring up the brx interface and join it to 'ceph-brx'
self.run_shell_payload(f"""
set -e
sudo ip link set brx.{nsid} up
sudo ip link set dev brx.{nsid} master ceph-brx
""",
timeout=(5 * 60),
omit_sudo=False,
cwd='/')
def valid_ip(ip):
try:
IP(ip)
return 1
except:
return -1
