def queryDNS_192(db, footprint_id):
try:
net_range = dbfunctions.getDnsLookupPositions(db, footprint_id)[2]
if net_range != "192.168.0.0/16":
return
new_range = net_range
#cmd = "nmap {0} -sL -T5 | grep report | grep \( | cut -d \ -f 5,6".format(new_range)
#cmd = "nmap {0} -PS -n -p 22,445 --open -T5 -Pn --min-rate 500 | grep report | cut -d \ -f 5".format(new_range)
cmd = "nmap {0} -PS -p 22,80,443,445,3389 --open -n | grep report | cut -d \ -f 5".format(
new_range)
data = os.popen(cmd).read().split("\n")
for i in data:
if i == "":
continue
dbfunctions.addIP(db, footprint_id, i)
#db.commit()
#ii = i.split(" ")
#host_name = ii[0]
#ip = ii[1][1:-1]
#if host_name != "rfc.private.address.invalid.query":
# dbfunctions.updateHostDNS_wo_commit(db, footprint_id, ip, host_name)
# db.commit()
dbfunctions.updateDnsLookupPosition(db, footprint_id,
"192_range_position",
"192.168.255.255/16")
#db.commit()
except:
print "error in 192"
queryDNS_192(db, footprint_id)
def queryDNS_192(db, footprint_id):
try:
net_range = dbfunctions.getDnsLookupPositions(db, footprint_id)[2]
if net_range != "192.168.0.0/16":
return
new_range = net_range
#cmd = "nmap {0} -sL -T5 | grep report | grep \( | cut -d \ -f 5,6".format(new_range)
#cmd = "nmap {0} -PS -n -p 22,445 --open -T5 -Pn --min-rate 500 | grep report | cut -d \ -f 5".format(new_range)
cmd = "nmap {0} -PS -p 22,80,443,445,3389 --open -n | grep report | cut -d \ -f 5".format(new_range)
data = os.popen(cmd).read().split("\n")
for i in data:
if i == "":
continue
dbfunctions.addIP(db, footprint_id, i)
#db.commit()
#ii = i.split(" ")
#host_name = ii[0]
#ip = ii[1][1:-1]
#if host_name != "rfc.private.address.invalid.query":
# dbfunctions.updateHostDNS_wo_commit(db, footprint_id, ip, host_name)
# db.commit()
dbfunctions.updateDnsLookupPosition(db, footprint_id, "192_range_position", "192.168.255.255/16")
#db.commit()
except:
print "error in 192"
queryDNS_192(db, footprint_id)
def zoneTransferDomain(db, footprint_id, domain):
print "zone transfer: {0}".format(domain)
cmd = 'for ns in `host -t ns ' + domain + ' | cut -d \ -f 4`; do dig axfr ' + domain + ' @$ns; done | grep -oE "\\b([0-9]{1,3}\.){3}[0-9]{1,3}\\b" | sort -u'
hosts = os.popen(cmd).read()
for host in hosts.split("\n"):
if isInternalIP(host):
#print "zone transfer host : [{0}]".format(host)
dbfunctions.addIP(db, footprint_id, host, 0)
def zoneTransferDomain(db, footprint_id, domain):
print "zone transfer: {0}".format(domain)
cmd = 'for ns in `host -t ns ' + domain + ' | cut -d \ -f 4`; do dig axfr ' + domain + ' @$ns; done | grep -oE "\\b([0-9]{1,3}\.){3}[0-9]{1,3}\\b" | sort -u'
hosts = os.popen(cmd).read()
for host in hosts.split("\n"):
if isInternalIP(host):
#print "zone transfer host : [{0}]".format(host)
dbfunctions.addIP(db, footprint_id, host, 0)
def portScanRanges(db, footprint_id):
#while dbfunctions.countHostsToPortScan(db, footprint_id) > 0:
#if dbfunctions.countHostsToPortScan(db, footprint_id) > 0:
if True:
os.popen('echo "" > nmap_temp/portscan_ranges')
ranges = []
count = 0
for range in dbfunctions.listRangesToPortScan(db, footprint_id):
os.popen("echo {0} >> nmap_temp/portscan_ranges".format(range))
count = count + 1
ranges.append(range)
#print "portscanning range {0}".format(range)
if count == 0:
time.sleep(1)
return
#os.popen("nmap -iL nmap_temp/portscan_ranges -n -p 21,22,80,443,445,1433,3389,5800,5900,8080-8090,9090-9099 -oG nmap_temp/portscan_ranges_out -vv")
os.popen(
"nmap -iL nmap_temp/portscan_ranges -n -p 21,22,80,135,443,445,1433,3389,5800,5900,8080-8090,9090-9099 -oG nmap_temp/portscan_ranges_out -vv"
)
for line in open('nmap_temp/portscan_ranges_out'):
if line[:1] == "#":
continue
if line.find("Status") == -1:
host = line[6:]
host = host[:host.find(" ")]
items = line[line.find("Ports") + 7:]
for item in items.split(", "):
data = item.split("/")
port = data[0]
status = data[1]
if status == "open":
#print "host: {0} port: {1}".format(host, port)
dbfunctions.addIP(db, footprint_id, host)
dbfunctions.insertPort(db, host, port)
elif line.find("Status: Down") != -1:
status = "down"
else:
continue
#print "host:" + host
#db.cursor().execute('update host_data set port_scan_done = 1 where footprint_id = %s and ip_address = %s', (footprint_id, host))
for range in ranges:
cursor = db.cursor()
cursor.execute(
'update ranges set port_scans_done = 1 where footprint_id = %s and net_range = %s',
(footprint_id, range))
#print "finished port scanning range " + range
cursor.close()
def portScanRanges(db, footprint_id):
#while dbfunctions.countHostsToPortScan(db, footprint_id) > 0:
#if dbfunctions.countHostsToPortScan(db, footprint_id) > 0:
if True:
os.popen('echo "" > nmap_temp/portscan_ranges')
ranges = []
count = 0
for range in dbfunctions.listRangesToPortScan(db, footprint_id):
os.popen("echo {0} >> nmap_temp/portscan_ranges".format(range))
count = count + 1
ranges.append(range)
#print "portscanning range {0}".format(range)
if count == 0:
time.sleep(1)
return
#os.popen("nmap -iL nmap_temp/portscan_ranges -n -p 21,22,80,443,445,1433,3389,5800,5900,8080-8090,9090-9099 -oG nmap_temp/portscan_ranges_out -vv")
os.popen("nmap -iL nmap_temp/portscan_ranges -n -p 21,22,80,135,443,445,1433,3389,5800,5900,8080-8090,9090-9099 -oG nmap_temp/portscan_ranges_out -vv")
for line in open('nmap_temp/portscan_ranges_out'):
if line[:1] == "#":
continue
if line.find("Status") == -1:
host = line[6:]
host = host[:host.find(" ")]
items = line[line.find("Ports")+7:]
for item in items.split(", "):
data = item.split("/")
port = data[0]
status = data[1]
if status == "open":
#print "host: {0} port: {1}".format(host, port)
dbfunctions.addIP(db, footprint_id, host)
dbfunctions.insertPort(db, host, port)
elif line.find("Status: Down") != -1:
status = "down"
else:
continue
#print "host:" + host
#db.cursor().execute('update host_data set port_scan_done = 1 where footprint_id = %s and ip_address = %s', (footprint_id, host))
for range in ranges:
cursor = db.cursor()
cursor.execute('update ranges set port_scans_done = 1 where footprint_id = %s and net_range = %s', (footprint_id, range))
#print "finished port scanning range " + range
cursor.close()
def addLocalResolverHosts(footprint_id):
print "addLocalResolverHosts()"
conf = ConfigParser.ConfigParser()
conf.read("connections.conf")
db = MySQLdb.connect(host="localhost", user=conf.get('MySQL', 'user'), passwd=conf.get('MySQL', 'pass'), db=conf.get('MySQL', 'db'))
db.autocommit(True)
dbfunctions.addIP(db, footprint_id, footprintfunctions.getIPAddress(), 0)
dbfunctions.addDomain(db, footprint_id, footprintfunctions.getLocalResolver())
footprintfunctions.extractHostsFromDomains(db, footprint_id)
db.close()
def queryDNS_172(db, footprint_id):
net_range = dbfunctions.getDnsLookupPositions(db, footprint_id)[1]
octs = net_range.split(".")
if int(octs[1]) >= 31:
return
while True:
try:
new_range = "{0}.{1}.0.0/16".format(octs[0], octs[1])
#cmd = "nmap {0} -sn -n --open -T5 --min-parallelism 50 | grep report | cut -d \ -f 5".format(new_range)
#cmd = "nmap {0} -sL | grep report | grep \( | cut -d \ -f 5,6".format(new_range)
#print "host enumeration on {0}".format(new_range)
#cmd = "nmap {0} -PS -n -p 22,445 --open -T5 -Pn --min-rate 500 | grep report | cut -d \ -f 5".format(new_range)
cmd = "nmap {0} -PS -p 22,80,443,445,3389 --open -n | grep report | cut -d \ -f 5".format(
new_range)
data = os.popen(cmd).read().split("\n")
for i in data:
if i == "":
continue
dbfunctions.addIP(db, footprint_id, i)
#db.commit()
#ii = i.split(" ")
#host_name = ii[0]
#ip = ii[1][1:-1]
#if host_name != "rfc.private.address.invalid.query":
# dbfunctions.updateHostDNS_wo_commit(db, footprint_id, ip, host_name)
# db.commit()
dbfunctions.updateDnsLookupPosition(db, footprint_id,
"172_range_position",
new_range)
#db.commit()
#octs[2] = str(int(octs[2])+1)
#if int(octs[2]) > 255:
octs[1] = str(int(octs[1]) + 1)
octs[2] = "0"
if int(octs[1]) > 31:
break
except:
print "error in 172"
continue
def queryDNS_10(db, footprint_id):
net_range = dbfunctions.getDnsLookupPositions(db, footprint_id)[0]
octs = net_range.split(".")
if int(octs[1]) >= 255:
return
while True:
try:
new_range = "{0}.{1}.0.0/16".format(octs[0], octs[1])
#cmd = "nmap {0} -sn -n --open -T5 --min-parallelism 50 | grep report | cut -d \ -f 5".format(new_range)
#cmd = "nmap {0} -sL -T5 | grep report | grep \( | cut -d \ -f 5,6".format(new_range)
#print "host enumeration on {0}".format(new_range)
#cmd = "nmap {0} -PS -n -p 22,445 --open -T5 -Pn --min-rate 500 | grep report | cut -d \ -f 5 2>/dev/null".format(new_range)
cmd = "nmap {0} -PS -p 22,80,443,445,3389 --open -n | grep report | cut -d \ -f 5".format(new_range)
data = os.popen(cmd).read().split("\n")
for i in data:
if i == "":
continue
dbfunctions.addIP(db, footprint_id, i)
#db.commit()
#ii = i.split(" ")
#host_name = ii[0]
#ip = ii[1][1:-1]
#if host_name != "rfc.private.address.invalid.query":
# dbfunctions.updateHostDNS_wo_commit(db, footprint_id, ip, host_name)
# db.commit()
dbfunctions.updateDnsLookupPosition(db, footprint_id, "10_range_position", new_range)
#db.commit()
#octs[2] = str(int(octs[2])+1)
#if int(octs[2]) > 255:
octs[1] = str(int(octs[1])+1)
octs[2] = "0"
if int(octs[1]) > 255:
break
except:
print "error in 10"
continue
def listenToBroadcasts(db, footprint_id, cmd):
print "broadcast listener : " + cmd
cursor = db.cursor()
identified_hosts = []
count = 0
while count < 1:
count = count + 1
output = os.popen(cmd).read()
for ip in output.split("\n"):
if ip == "":
continue
if ip not in identified_hosts:
identified_hosts.append(ip)
if isInternalIP(ip):
#print "[{0}]".format(ip)
dbfunctions.addIP(db, footprint_id, ip, 0)
def listenToBroadcasts(db, footprint_id, cmd):
print "broadcast listener : " + cmd
cursor = db.cursor()
identified_hosts = []
count = 0
while count < 1:
count=count+1
output = os.popen(cmd).read()
for ip in output.split("\n"):
if ip == "":
continue
if ip not in identified_hosts:
identified_hosts.append(ip)
if isInternalIP(ip):
#print "[{0}]".format(ip)
dbfunctions.addIP(db, footprint_id, ip, 0)
def extractHostsFromDomains(db, footprint_id):
for domain in dbfunctions.listDomains(db, footprint_id):
for host in getDomainResolvers(domain):
if host.split(".")[0] in ["10", "172", "192"]:
dbfunctions.addIP(db, footprint_id, host, 1)
def on_btnAddHost_clicked(self):
addHostWnd = addhost()
if addHostWnd.exec_():
dbfunctions.addIP(self.db, self.footprintID,
addHostWnd.getResult(), False)
self.updateUI()
def extractHostsFromDomains(db, footprint_id):
for domain in dbfunctions.listDomains(db, footprint_id):
for host in getDomainResolvers(domain):
if host.split(".")[0] in ["10", "172", "192"]:
dbfunctions.addIP(db, footprint_id, host, 1)
def on_btnAddHost_clicked(self):
addHostWnd = addhost()
if addHostWnd.exec_():
dbfunctions.addIP(self.db, self.footprintID, addHostWnd.getResult(), False)
self.updateUI()
