Example #1
0
 def probe_service_for_hosts(self,nmap_file,target):
     services = []
     #get all available plugins from net plugin order file
     net_plugins= self.core.Config.Plugin.GetOrder("net")
     for plugin in net_plugins:
         services.append(plugin['Name'])
     services.append("http")    
     total_tasks=0
     tasklist=""
     plugin_list = []
     http = []
     for service in services:
         if plugin_list.count(service)>0:
             continue 
         tasks_for_service = len(self.target_service(nmap_file,service).split("##"))-1
         total_tasks = total_tasks+tasks_for_service
         tasklist=tasklist+" [ "+service+" - "+str(tasks_for_service)+" tasks ]"
         for line in self.target_service(nmap_file,service).split("##"):
             if line.strip("\n"):
                 ip = line.split(":")[0]
                 port = line.split(":")[1]
                 plugin_to_invoke = service
                 service1 = plugin_to_invoke
                 self.core.Config.Set(service1.upper()+"_PORT_NUMBER",port)
                 if(service != 'http'):
                     plugin_list.append(plugin_to_invoke)
                 else:
                     self.core.PluginHandler.OnlyPluginsSet = 0;
                     http.append(port)
                 log("we have to probe "+str(ip)+":"+str(port)+" for service "+plugin_to_invoke)
     self.core.PluginHandler.OnlyPluginsList = self.core.PluginHandler.ValidateAndFormatPluginList(plugin_list)        
     self.core.PluginHandler.OnlyPluginsSet = max(1,len(plugin_list))
     return http
Example #2
0
 def scan_and_grab_banners(self,file_with_ips,file_prefix,scan_type,nmap_options):
     if scan_type == "tcp":
         log("Performing TCP portscan, OS detection, Service detection, banner grabbing, etc")
         self.core.Shell.shell_exec("nmap -PN -n -v --min-parallelism=10 -iL "+file_with_ips+" -sS -sV -O  -oA "+file_prefix+".tcp "+nmap_options)
         self.core.Shell.shell_exec("amap -1 -i "+file_prefix+".tcp.gnmap -Abq -m -o "+file_prefix+".tcp.amap -t 90 -T 90 -c 64")
     
     if scan_type=="udp":
            log("Performing UDP portscan, Service detection, banner grabbing, etc")
            self.core.Shell.shell_exec("nmap -PN -n -v --min-parallelism=10 -iL "+file_with_ips+" -sU -sV -O -oA "+file_prefix+".udp "+nmap_options)
            self.core.Shell.shell_exec("amap -1 -i "+file_prefix+".udp.gnmap -Abq -m -o "+file_prefix+".udp.amap")
Example #3
0
 def ping_sweep(self,target,scantype):
     if scantype == "full":
         log("Performing Intense Host discovery")
         self.core.Shell.shell_exec("nmap -n -v -sP -PE -PP -PS21,22,23,25,80,443,113,21339 -PA80,113,443,10042 --source_port 53 "+ target +" -oA "+ PING_SWEEP_FILE)
     
     if scantype=="arp":
         log("Performing ARP host discovery")
         self.core.Shell.shell_exec("nmap -n -v -sP -PR "+ target +" -oA "+ PING_SWEEP_FILE)  
     
     self.core.Shell.shell_exec("grep Up "+PING_SWEEP_FILE+".gnmap | cut -f2 -d\" \" > "+ PING_SWEEP_FILE+".ips")
Example #4
0
def handle_request(callback_function, queue, queue_name="pull"):
    #pull server to handle the pull requests, It returns the response by making file of same name in
    #request and response folder
    request_dir = general.INCOMING_QUEUE_TO_DIR_MAPPING[queue_name]
    response_dir = general.OUTGOING_QUEUE_TO_DIR_MAPPING[queue_name]

    #wait for request directory to exist in starting
    general.wait_until_dir_exists(request_dir, general.sleep_delay)

    while True:
        if queue.empty() == False:
            break
        try:
            files = general.get_files(request_dir)
            #while we have files for procesing
            while len(files) > 0:
                #open('file1','w+').write(str(files))
                for full_filename in files:
                    filen = full_filename.split("/")
                    filename = filen[len(filen) - 1]
                    #skip lock files
                    if ".lock" in filename:
                        continue
                        #skip_if_locked is True then file is skipped if it is locked
                    data = general.atomic_read_from_file(request_dir,
                                                         filename,
                                                         skip_if_locked=True)
                    if data:

                        result = callback_function(data, "pull")
                        #write result to response directory
                        general.atomic_write_to_file(response_dir, filename,
                                                     result)
                        #remove the processed file
                        os.remove(os.path.join(request_dir, filename))
                files = general.get_files(request_dir)
                #give away cpu
            time.sleep(general.sleep_delay)
        except KeyboardInterrupt:
            break
        except Exception, e:
            log("Unexpected Pull server error: " + str(e))
            break
Example #5
0
def handle_request(callback_function,queue,queue_name="pull"):
    #pull server to handle the pull requests, It returns the response by making file of same name in 
    #request and response folder
    request_dir = general.INCOMING_QUEUE_TO_DIR_MAPPING[queue_name]
    response_dir = general.OUTGOING_QUEUE_TO_DIR_MAPPING[queue_name]
    
                #wait for request directory to exist in starting
    general.wait_until_dir_exists(request_dir,general.sleep_delay)
    
    while True:
        if queue.empty()==False:
            break
        try:
            files = general.get_files(request_dir)
            #while we have files for procesing
            while len(files)>0:
                #open('file1','w+').write(str(files))
                for full_filename in files:
                    filen = full_filename.split("/")
                    filename = filen[len(filen)-1]
                    #skip lock files
                    if ".lock" in filename:
                        continue
                        #skip_if_locked is True then file is skipped if it is locked    
                    data = general.atomic_read_from_file(request_dir, filename, skip_if_locked=True)
                    if data:
                        
                        result = callback_function(data,"pull")
                        #write result to response directory
                        general.atomic_write_to_file(response_dir, filename, result)
                        #remove the processed file
                        os.remove(os.path.join(request_dir,filename))
                files = general.get_files(request_dir)
                #give away cpu
            time.sleep(general.sleep_delay)
        except KeyboardInterrupt:
            break
        except Exception,e:
            log("Unexpected Pull server error: "+str(e))
            break
                   
Example #6
0
    def dns_sweep(self,file_with_ips,file_prefix):
        log("Finding misconfigured DNS servers that might allow zone transfers among live ips ..")
        self.core.Shell.shell_exec("nmap -PN -n -sS -p 53 -iL "+file_with_ips+" -oA "+file_prefix)

# Step 2 - Extract IPs
        dns_servers=file_prefix+".dns_server.ips"
        self.core.Shell.shell_exec("grep \"53/open/tcp\" "+file_prefix+".gnmap | cut -f 2 -d \" \" > "+dns_servers)
        file = self.open_file(dns_servers)
        domain_names=file_prefix+".domain_names"
        self.core.Shell.shell_exec("rm -f "+domain_names)
        num_dns_servers = 0
        for line in file:
            if line.strip('\n'):
                dns_server = line.strip('\n')
                self.core.Shell.shell_exec("host "+dns_server+" "+dns_server+" | grep 'domain name' | cut -f 5 -d' ' | cut -f 2,3,4,5,6,7 -d. | sed 's/\.$//' >> "+domain_names)
                num_dns_servers = num_dns_servers+1
        try:
            file = self.open_file(domain_names)
        except IOError:
            return
        
        for line in file:
            domain = line.strip('\n')
            raw_axfr=file_prefix+"."+dns_server+"."+domain+".axfr.raw"
            self.core.Shell.shell_exec("host -l "+domain+" "+dns_server+" | grep "+domain+" > "+raw_axfr)
            success=self.core.Shell.shell_exec("wc -l "+raw_axfr+" | cut -f 1  -d ' '")
            if success > 3:   
                log("Attempting zone transfer on $dns_server using domain "+domain+".. Success!")

                axfr=file_prefix+"."+dns_server+"."+domain+".axfr"
                self.core.Shell.shell_exec("rm -f "+axfr)
                log(self.core.Shell.shell_exec("grep 'has address' "+raw_axfr+" | cut -f 1,4 -d ' ' | sort -k 2 -t ' ' | sed 's/ /#/g'"))
            else:
                log("Attempting zone transfer on $dns_server using domain "+domain+"  .. Success!")
                self.core.Shell.shell_exec("rm -f "+raw_axfr)
        if num_dns_servers==0:
            return