def fingerprint(ip):
iface = conf.route.route(ip)[0]
us = cookie('.sploitego.p0f.%s.sock' % iface)
if not os.path.exists(us):
log = cookie('.sploitego.p0f.%s.log' % iface)
cmd = os.path.join(config['p0f/path'], 'p0f')
fpf = os.path.join(config['p0f/path'], 'p0f.fp')
p = subprocess.Popen(
[cmd, '-d', '-s', us, '-o', log, '-f', fpf, '-i', iface, '-u', 'nobody'],
stdout=subprocess.PIPE
)
debug(*p.communicate()[0].split('\n'))
debug(
"!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!",
"! IF THIS TRANSFORM IS STILL RUNNING THEN SHUT IT DOWN AND !",
"! TRY AGAIN! THERE IS A BUG IN MALTEGO THAT DOES NOT !",
"! TERMINATE TRANSFORMS IF A TRANSFORM SPAWNS A CHILD !",
"! PROCESS. PLEASE BUG [email protected] FOR A FIX. !",
"!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!",
)
if p.returncode:
os.remove(us)
raise P0fError('Could not locate or successfully execute the p0f executable.')
return {'status': P0fStatus.NoMatch}
r = P0fApiQuery()
r.magic = P0fMagic.Query
if ':' in ip:
r.addr_type = P0fAddr.IPv6
ip = inet_pton(AF_INET6, ip)
else:
r.addr_type = P0fAddr.IPv4
ip = inet_pton(AF_INET, ip)
for i, a in enumerate(ip):
r.addr[i] = ord(a)
s = socket(AF_UNIX)
s.connect(us)
s.send(string_at(addressof(r), sizeof(r)))
data = c_char_p(s.recv(sizeof(P0fApiResponse)))
pr = cast(data, POINTER(P0fApiResponse)).contents
s.close()
if pr.status == P0fStatus.BadQuery:
raise P0fError('P0f could not understand the query.')
return dict(
(
fn,
getattr(pr, fn) if isinstance(getattr(pr, fn), Number) else string_at(getattr(pr, fn))
) for fn, ft in pr._fields_
)
def fingerprint(ip):
iface = conf.route.route(ip)[0]
us = cookie('.sploitego.p0f.%s.sock' % iface)
if not os.path.exists(us):
log = cookie('.sploitego.p0f.%s.log' % iface)
cmd = os.path.join(config['p0f/path'], 'p0f')
fpf = os.path.join(config['p0f/path'], 'p0f.fp')
p = subprocess.Popen([
cmd, '-d', '-s', us, '-o', log, '-f', fpf, '-i', iface, '-u',
'nobody'
],
stdout=subprocess.PIPE)
debug(*p.communicate()[0].split('\n'))
debug(
"!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!",
"! IF THIS TRANSFORM IS STILL RUNNING THEN SHUT IT DOWN AND !",
"! TRY AGAIN! THERE IS A BUG IN MALTEGO THAT DOES NOT !",
"! TERMINATE TRANSFORMS IF A TRANSFORM SPAWNS A CHILD !",
"! PROCESS. PLEASE BUG [email protected] FOR A FIX. !",
"!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!!",
)
if p.returncode:
os.remove(us)
raise P0fError(
'Could not locate or successfully execute the p0f executable.')
return {'status': P0fStatus.NoMatch}
r = P0fApiQuery()
r.magic = P0fMagic.Query
if ':' in ip:
r.addr_type = P0fAddr.IPv6
ip = inet_pton(AF_INET6, ip)
else:
r.addr_type = P0fAddr.IPv4
ip = inet_pton(AF_INET, ip)
for i, a in enumerate(ip):
r.addr[i] = ord(a)
s = socket(AF_UNIX)
s.connect(us)
s.send(string_at(addressof(r), sizeof(r)))
data = c_char_p(s.recv(sizeof(P0fApiResponse)))
pr = cast(data, POINTER(P0fApiResponse)).contents
s.close()
if pr.status == P0fStatus.BadQuery:
raise P0fError('P0f could not understand the query.')
return dict(
(fn, getattr(pr, fn) if isinstance(getattr(pr, fn), Number
) else string_at(getattr(pr, fn)))
for fn, ft in pr._fields_)
def login(**kwargs):
s = None
host = kwargs.get('host', config['msfrpcd/server'])
port = kwargs.get('port', config['msfrpcd/port'])
uri = kwargs.get('uri', config['msfrpcd/uri'])
fn = cookie('%s.%s.%s.msfrpcd' % (host, port, uri.replace('/', '.')))
if not path.exists(fn):
f = fsemaphore(fn, 'wb')
f.lockex()
fv = [host, port, uri, 'msf']
errmsg = ''
while True:
fv = multpasswordbox(
errmsg, 'Metasploit Login',
['Server:', 'Port:', 'URI', 'Username:'******'Password:'], fv)
if not fv:
return
try:
s = MsfRpcClient(fv[4],
server=fv[0],
port=fv[1],
uri=fv[2],
username=fv[3])
except MsfRpcError, e:
errmsg = str(e)
continue
except socket.error, e:
errmsg = str(e)
continue
break
def login(host='localhost', port='8834', username='', password=''):
s = None
fn = cookie('%s.%s.nessus' % (host, port))
if not os.path.exists(fn):
with fsemaphore(fn, 'wb') as f:
f.lockex()
errmsg = ''
while True:
fv = multpasswordbox(
errmsg,
'Nessus Login',
['Server:', 'Port:', 'Username:'******'Password:'],
[host, port, username, password]
)
if not fv:
f.close()
os.unlink(fn)
return
host, port, username, password = fv
try:
s = NessusXmlRpcClient(username, password, host, port)
except NessusException, e:
errmsg = str(e)
continue
except socket.error, e:
errmsg = str(e)
continue
break
f.write(urlencode(dict(host=host, port=port, token=s.token)))
def get_creds():
fn = cookie('netwitness')
if not os.path.exists(fn):
with fsemaphore(fn, 'wb') as f:
f.lockex()
while True:
msg = 'Please enter your Netwitness credentials'
fv = multpasswordbox(msg, 'Netwitness Credentials', ['Username:'******'Password:'******'username %s#password %s' % (nwu, nwp))
break
else:
with fsemaphore(fn) as f:
f.locksh()
creds = f.read().split('#')
for i in creds:
if 'username' in i:
parse = i.split()
nwu = parse[1]
if 'password' in i:
parse = i.split()
nwp = parse[1]
return nwu, nwp
def fingerprint(ip):
iface = conf.route.route(ip)[0]
us = cookie('.sploitego.p0f.%s.sock' % iface)
if not path.exists(us):
log = cookie('.sploitego.p0f.%s.log' % iface)
cmd = config['p0f/path'] + sep + 'p0f'
fpf = config['p0f/path'] + sep + 'p0f.fp'
if system('%s -d -s %s -o %s -f %s -i %s > %s' % (cmd, us, log, fpf, iface, devnull)):
raise P0fError('Could not locate p0f executable.')
return { 'status' : P0fStatus.NoMatch }
r = P0fApiQuery()
r.magic = P0fMagic.Query
if ':' in ip:
r.addr_type = P0fAddr.IPv6
ip = inet_pton(AF_INET6, ip)
else:
r.addr_type = P0fAddr.IPv4
ip = inet_pton(AF_INET, ip)
for i,a in enumerate(ip):
r.addr[i] = ord(a)
s = socket(AF_UNIX)
s.connect(us)
s.send(string_at(addressof(r), sizeof(r)))
data = c_char_p(s.recv(sizeof(P0fApiResponse)))
pr = cast(data, POINTER(P0fApiResponse)).contents
s.close()
if pr.status == P0fStatus.BadQuery:
raise P0fError('P0f could not understand the query.')
return dict(
map(
lambda x: [
x[0],
getattr(pr, x[0]) if isinstance(getattr(pr, x[0]), Number) else string_at(getattr(pr, x[0]))
],
pr._fields_
)
)
def fingerprint(ip):
iface = conf.route.route(ip)[0]
us = cookie('.sploitego.p0f.%s.sock' % iface)
if not path.exists(us):
log = cookie('.sploitego.p0f.%s.log' % iface)
cmd = config['p0f/path'] + sep + 'p0f'
fpf = config['p0f/path'] + sep + 'p0f.fp'
if system('%s -d -s %s -o %s -f %s -i %s > %s' %
(cmd, us, log, fpf, iface, devnull)):
raise P0fError('Could not locate p0f executable.')
return {'status': P0fStatus.NoMatch}
r = P0fApiQuery()
r.magic = P0fMagic.Query
if ':' in ip:
r.addr_type = P0fAddr.IPv6
ip = inet_pton(AF_INET6, ip)
else:
r.addr_type = P0fAddr.IPv4
ip = inet_pton(AF_INET, ip)
for i, a in enumerate(ip):
r.addr[i] = ord(a)
s = socket(AF_UNIX)
s.connect(us)
s.send(string_at(addressof(r), sizeof(r)))
data = c_char_p(s.recv(sizeof(P0fApiResponse)))
pr = cast(data, POINTER(P0fApiResponse)).contents
s.close()
if pr.status == P0fStatus.BadQuery:
raise P0fError('P0f could not understand the query.')
return dict(
map(
lambda x: [
x[0],
getattr(pr, x[0])
if isinstance(getattr(pr, x[0]), Number) else string_at(
getattr(pr, x[0]))
], pr._fields_))
def login():
s = None
fn = cookie('nessus')
if not path.exists(fn):
f = fsemaphore(fn, 'wb')
f.lockex()
fv = ['localhost', '8834']
errmsg = ''
while True:
fv = multpasswordbox(errmsg, 'Nessus Login', ['Server:', 'Port:', 'Username:'******'Password:'******'host' : fv[0], 'port' : fv[1], 'token': s.token}))
def login():
client = None
if not path.exists(cookie('facebook')):
for i in range(0, 3):
token = multenterbox("Enter a valid Facebook access token", ['Access Token'], [''])[0]
try:
client = GraphAPI(token)
client.request('me')
fmutex('facebook').write(token)
return client
except GraphAPIError, e:
print str(e)
pass
raise GraphAPIError('Unable to query GraphAPI')
def login():
client = None
if not path.exists(cookie('facebook')):
for i in range(0, 3):
token = multenterbox("Enter a valid Facebook access token",
['Access Token'], [''])[0]
try:
client = GraphAPI(token)
client.request('me')
fmutex('facebook').write(token)
return client
except GraphAPIError, e:
print str(e)
pass
raise GraphAPIError('Unable to query GraphAPI')
def login():
s = None
fn = cookie('nessus')
if not path.exists(fn):
f = fsemaphore(fn, 'wb')
f.lockex()
fv = ['localhost', '8834']
errmsg = ''
while True:
fv = multpasswordbox(
errmsg, 'Nessus Login',
['Server:', 'Port:', 'Username:'******'Password:'******'host': fv[0], 'port': fv[1], 'token': s.token}))
def get_creds():
fn = cookie('netwitness')
if not path.exists(fn):
f = fsemaphore(fn, 'wb')
f.lockex()
msg = 'Please enter your Netwitness credentials'
fv = multpasswordbox(msg, 'Netwitness Credentials', ['Username:'******'Password:'******'username=%s#password=%s' % (nwu, nwp))
else:
f = fsemaphore(fn)
f.locksh()
creds = f.read().split('#')
for i in creds:
if 'username' in i:
parse = i.split('=')
nwu = parse[1]
if 'password' in i:
parse = i.split('=')
nwp = parse[1]
return nwu, nwp
def get_login():
fn = cookie('pakey')
if not path.exists(fn):
f = fsemaphore(fn, 'wb')
f.lockex()
msg = "Please Enter the following Palo Alto Configuration"
fv = easygui.multpasswordbox(msg, "PaloAlto Credentials", ['Username:'******'Password:'******'https://%s/api/?' % config['pamalt/pa_hostname']
params_dic = {'type': 'keygen', 'user': pau, 'password': pap}
enc_params = urllib.urlencode(params_dic)
full_url = base_url + enc_params
ret_data = http_get(full_url)
root = ET.fromstring(ret_data)
key = root[0][0].text
f.write(key)
else:
f = fsemaphore(fn)
f.locksh()
key = f.read()
return key
def get_login():
fn = cookie('pakey')
if not path.exists(fn):
f = fsemaphore(fn, 'wb')
f.lockex()
msg = "Please Enter the following Palo Alto Configuration"
fv = easygui.multpasswordbox(msg, "PaloAlto Credentials",
['Username:'******'Password:'******'https://%s/api/?' % config['pamalt/pa_hostname']
params_dic = {'type': 'keygen', 'user': pau, 'password': pap}
enc_params = urllib.urlencode(params_dic)
full_url = base_url + enc_params
ret_data = http_get(full_url)
root = ET.fromstring(ret_data)
key = root[0][0].text
f.write(key)
else:
f = fsemaphore(fn)
f.locksh()
key = f.read()
return key
def login(**kwargs):
s = None
host = kwargs.get('host', config['msfrpcd/server'])
port = kwargs.get('port', config['msfrpcd/port'])
uri = kwargs.get('uri', config['msfrpcd/uri'])
fn = cookie('%s.%s.%s.msfrpcd' % (host, port, uri.replace('/', '.')))
if not path.exists(fn):
f = fsemaphore(fn, 'wb')
f.lockex()
fv = [ host, port, uri, 'msf' ]
errmsg = ''
while True:
fv = multpasswordbox(errmsg, 'Metasploit Login', ['Server:', 'Port:', 'URI', 'Username:'******'Password:'], fv)
if not fv:
return
try:
s = MsfRpcClient(fv[4], server=fv[0], port=fv[1], uri=fv[2], username=fv[3])
except MsfRpcError, e:
errmsg = str(e)
continue
except socket.error, e:
errmsg = str(e)
continue
break
for c in categories:
f.write('%s\n' % ','.join(c))
f.close()
return dict(map(lambda x: (int(x[0]),x[1]), categories))
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return dict(map(lambda x: (int(x[0]),x[1]), map(lambda x: x.split(','), data)))
categories = None
tmpfile = cookie('sploitego.bluecoat.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
categories = updatelist(tmpfile)
else:
categories = readlist(tmpfile)
def _chunks(s):
return [ int(s[i:i+2], 16) for i in range(0, len(s), 2) ]
def sitereview(site, port=80):
r = urlopen(
'http://sp.cwfservice.net/1/R/%s/K9-00006/0/GET/HTTP/%s/%s///' % (config['bluecoat/license'], site, port)
for i in range(0, 3):
token = multenterbox("Enter a valid Facebook access token", ['Access Token'], [''])[0]
try:
client = GraphAPI(token)
client.request('me')
fmutex('facebook').write(token)
return client
except GraphAPIError, e:
print str(e)
pass
raise GraphAPIError('Unable to query GraphAPI')
try:
client = GraphAPI(file(cookie('facebook')).read())
client.request('me')
except GraphAPIError, e:
unlink(cookie('facebook'))
return login()
return client
#access_token = None
#
#class RequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
#
# def do_GET(self):
# global access_token
# self.send_response(200)
# self.send_header("Content-type", "text/html")
__email__ = '*****@*****.**'
__status__ = 'Development'
__all__ = ['subdomains']
def updatelist(filename):
f = fsemaphore(filename, 'wb')
f.lockex()
subdomains = config['dnsdiscovery/wordlist']
f.write('\n'.join(subdomains))
f.close()
return subdomains
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return data
subdomains = None
tmpfile = cookie('sploitego.dnsdiscovery.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
subdomains = updatelist(tmpfile)
else:
subdomains = readlist(tmpfile)
def updatelist(filename):
topsites = []
f = fsemaphore(filename, 'wb')
f.lockex()
for i in xrange(20):
page = wordlist('http://www.alexa.com/topsites/global;%d' % i,
'<a href="/siteinfo/(.+)?">')
topsites += page
f.write('\n'.join(page))
f.write('\n')
f.close()
return topsites
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return data
topsites = None
tmpfile = cookie('sploitego.alexa.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
topsites = updatelist(tmpfile)
else:
topsites = readlist(tmpfile)
f = fsemaphore(filename, 'wb')
f.lockex()
ouis = dict(
map(
lambda x: split(r'\s+\(base 16\)\s+', x),
wordlist('http://standards.ieee.org/develop/regauth/oui/oui.txt', r'([\d\w]{6}\s+\(base 16\)\s+\w.+)\n')
)
)
for o in ouis:
f.write('%s\n' % ','.join([o, ouis[o]]))
f.close()
return ouis
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return dict(map(lambda x: (x[0],x[1]), map(lambda x: x.split(','), data)))
ouis = None
tmpfile = cookie('sploitego.ieee.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
ouis = updatelist(tmpfile)
else:
ouis = readlist(tmpfile)
def updatelist(filename):
f = fsemaphore(filename, 'wb')
f.lockex()
ouis = dict(
map(
lambda x: split(r'\s+\(base 16\)\s+', x),
wordlist('http://standards.ieee.org/develop/regauth/oui/oui.txt',
r'([\d\w]{6}\s+\(base 16\)\s+\w.+)\n')))
for o in ouis:
f.write('%s\n' % ','.join([o, ouis[o]]))
f.close()
return ouis
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return dict(map(lambda x: (x[0], x[1]), map(lambda x: x.split(','), data)))
ouis = None
tmpfile = cookie('sploitego.ieee.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
ouis = updatelist(tmpfile)
else:
ouis = readlist(tmpfile)
__status__ = 'Development'
__all__ = ['topsites']
def updatelist(filename):
topsites = wordlist('http://www.google.com/adplanner/static/top1000/',
'<a href="http://(.*?)/"target')
f = fsemaphore(filename, 'wb')
f.lockex()
f.write('\n'.join(topsites))
f.close()
return topsites
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return data
topsites = None
tmpfile = cookie('sploitego.adplanner.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
topsites = updatelist(tmpfile)
else:
topsites = readlist(tmpfile)
def updatelist(filename):
topsites = []
f = fsemaphore(filename, 'wb')
f.lockex()
for i in xrange(0,20):
page = wordlist('http://www.alexa.com/topsites/global;%d' % i, 'topsites-label">(.*?)</')
topsites += page
f.write('\n'.join(page))
f.write('\n')
f.close()
return topsites
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return data
topsites = None
tmpfile = cookie('sploitego.alexa.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
topsites = updatelist(tmpfile)
else:
topsites = readlist(tmpfile)
for i in range(0, 3):
token = multenterbox("Enter a valid Facebook access token",
['Access Token'], [''])[0]
try:
client = GraphAPI(token)
client.request('me')
fmutex('facebook').write(token)
return client
except GraphAPIError, e:
print str(e)
pass
raise GraphAPIError('Unable to query GraphAPI')
try:
client = GraphAPI(file(cookie('facebook')).read())
client.request('me')
except GraphAPIError, e:
unlink(cookie('facebook'))
return login()
return client
#access_token = None
#
#class RequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
#
# def do_GET(self):
# global access_token
# self.send_response(200)
# self.send_header("Content-type", "text/html")
def updatelist(filename):
topsites = wordlist('http://www.google.com/adplanner/static/top1000/', '<a href="http://(.*?)/"target')
f = fsemaphore(filename, 'wb')
f.lockex()
f.write('\n'.join(topsites))
f.close()
return topsites
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return data
topsites = None
tmpfile = cookie('sploitego.adplanner.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
topsites = updatelist(tmpfile)
else:
topsites = readlist(tmpfile)
f.write('%s\n' % ','.join(c))
f.close()
return dict(map(lambda x: (int(x[0]), x[1]), categories))
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return dict(
map(lambda x: (int(x[0]), x[1]), map(lambda x: x.split(','), data)))
categories = None
tmpfile = cookie('sploitego.bluecoat.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
categories = updatelist(tmpfile)
else:
categories = readlist(tmpfile)
def _chunks(s):
return [int(s[i:i + 2], 16) for i in range(0, len(s), 2)]
def sitereview(site, port=80):
r = urlopen(
'http://sp.cwfservice.net/1/R/%s/K9-00006/0/GET/HTTP/%s/%s///' %
(config['bluecoat/license'], site, port))
def updatelist(filename):
f = fsemaphore(filename, 'wb')
f.lockex()
subdomains = config['dnsdiscovery/wordlist']
f.write('\n'.join(subdomains))
f.close()
return subdomains
def readlist(filename):
f = fsemaphore(filename)
f.locksh()
data = wordlist('file://%s' % filename)
f.close()
return data
subdomains = None
tmpfile = cookie('sploitego.dnsdiscovery.tmp')
if not path.exists(tmpfile) or age(tmpfile) >= config['cookie/maxage']:
subdomains = updatelist(tmpfile)
else:
subdomains = readlist(tmpfile)
