def data2key(data): data = utils.parse_ssh_key(data) _, exp, mod = ( next(data), # noqa: F841 (_) long(utils.encode_hex(next(data)), 16), long(utils.encode_hex(next(data)), 16)) return RSA.construct((mod, exp))
def data2key(data): data = utils._parse_ssh_key(data) _, exp, mod = ( next(data), # noqa: F841 (_) int(utils.encode_hex(next(data)), 16), int(utils.encode_hex(next(data)), 16)) return _rsa_construct(exp, mod)
def data2key(data: bytes) -> RSAPublicNumbers: data_parsed = utils._parse_ssh_key(data) _, exp, mod = ( next(data_parsed), # noqa: F841 (_) int(utils.encode_hex(next(data_parsed)), 16), int(utils.encode_hex(next(data_parsed)), 16), ) return _rsa_construct(exp, mod)
def _getinfos_ssh_hostkey(spec): """Parse SSH host keys.""" infos = {} data = utils.nmap_decode_data(spec['value']) for hashtype in ['md5', 'sha1', 'sha256']: infos[hashtype] = hashlib.new(hashtype, data).hexdigest() data = utils.parse_ssh_key(data) keytype = infos["algo"] = next(data).decode() if keytype == "ssh-rsa": try: infos["exponent"], infos["modulus"] = (long( utils.encode_hex(elt), 16) for elt in data) except Exception: utils.LOGGER.info("Cannot parse SSH host key for record %r", spec, exc_info=True) else: infos["bits"] = math.ceil(math.log(infos["modulus"], 2)) # convert integer to strings to prevent overflow errors # (e.g., "MongoDB can only handle up to 8-byte ints") for val in ["exponent", "modulus"]: infos[val] = str(infos[val]) elif keytype == 'ecdsa-sha2-nistp256': infos['bits'] = 256 elif keytype == 'ssh-ed25519': infos['bits'] = len(next(data)) * 8 return {'infos': infos}
def _getinfos_ssh_hostkey(spec): """Parse SSH host keys.""" infos = {} data = utils.nmap_decode_data(spec.get('fullvalue', spec['value'])) infos["md5hash"] = hashlib.md5(data).hexdigest() infos["sha1hash"] = hashlib.sha1(data).hexdigest() infos["sha256hash"] = hashlib.sha256(data).hexdigest() data = utils.parse_ssh_key(data) keytype = infos["algo"] = next(data).decode() if keytype == "ssh-rsa": try: infos["exponent"], infos["modulus"] = (long( utils.encode_hex(elt), 16) for elt in data) except Exception: utils.LOGGER.info("Cannot parse SSH host key for record %r", spec, exc_info=True) else: infos["bits"] = math.ceil(math.log(infos["modulus"], 2)) # convert integer to strings to prevent overflow errors # (e.g., "MongoDB can only handle up to 8-byte ints") for val in ["exponent", "modulus"]: infos[val] = str(infos[val]) res = {'infos': infos} _fix_infos_size(res) return res
def _getinfos_ssh_hostkey(spec): """Parse SSH host keys.""" infos = {} data = utils.nmap_decode_data(spec['value']) for hashtype in ['md5', 'sha1', 'sha256']: infos[hashtype] = hashlib.new(hashtype, data).hexdigest() data = utils.parse_ssh_key(data) keytype = infos["algo"] = next(data).decode() if keytype == "ssh-rsa": try: infos["exponent"], infos["modulus"] = ( long(utils.encode_hex(elt), 16) for elt in data ) except Exception: utils.LOGGER.info("Cannot parse SSH host key for record %r", spec, exc_info=True) else: infos["bits"] = math.ceil(math.log(infos["modulus"], 2)) # convert integer to strings to prevent overflow errors # (e.g., "MongoDB can only handle up to 8-byte ints") for val in ["exponent", "modulus"]: infos[val] = str(infos[val]) elif keytype == 'ecdsa-sha2-nistp256': infos['bits'] = 256 elif keytype == 'ssh-ed25519': infos['bits'] = len(next(data)) * 8 return {'infos': infos}
def store_scan_doc(self, scan): scan = scan.copy() if 'start' in scan: scan['start'] = datetime.datetime.utcfromtimestamp( int(scan['start'])) if 'scaninfos' in scan: scan["scaninfo"] = scan.pop('scaninfos') scan["sha256"] = utils.decode_hex(scan.pop('_id')) insrt = insert(self.tables.scanfile).values(**dict( (key, scan[key]) for key in [ 'sha256', 'args', 'scaninfo', 'scanner', 'start', 'version', 'xmloutputversion' ] if key in scan)) if config.DEBUG: scanfileid = self.db.execute( insrt.returning(self.tables.scanfile.sha256)).fetchone()[0] utils.LOGGER.debug("SCAN STORED: %r", utils.encode_hex(scanfileid)) else: self.db.execute(insrt)
def process(value): if not value: return self.python_type(b"") if isinstance(value, str) and INTERNAL_IP_PY2.search(value): return self.python_type(value) return self.python_type(utils.encode_hex(utils.ip2bin(value)))
def data2key(data): data = utils.parse_ssh_key(data) _, exp, mod = (next(data), # noqa: F841 (_) long(utils.encode_hex(next(data)), 16), long(utils.encode_hex(next(data)), 16)) return RSA.construct((mod, exp))
def info_from_vendorid(payload, service, output): name = find_ike_vendor_id(payload[4:]) if name is not None: if name.startswith(b"Windows-"): service["service_product"] = "Microsoft/Cisco IPsec" service["service_version"] = name.decode().replace("-", " ") service["service_ostype"] = "Windows" elif name == b"Windows": service["service_product"] = "Microsoft/Cisco IPsec" service["service_ostype"] = "Windows" elif name.startswith(b"Firewall-1 "): service["service_product"] = "Checkpoint VPN-1/Firewall-1" service["service_version"] = name.decode().split(None, 1)[1] service["service_devicetype"] = "security-misc" elif name.startswith(b"SSH IPSEC Express "): service[ "service_product"] = "SSH Communications Security IPSec Express" service["service_version"] = name.decode().split(None, 3)[3] elif name.startswith(b"SSH Sentinel"): service["service_product"] = "SSH Communications Security Sentinel" version = name[13:].decode() if version: service["service_version"] = version elif name.startswith(b"SSH QuickSec"): service["service_product"] = "SSH Communications Security QuickSec" version = name[13:].decode() if version: service["service_version"] = version elif name.startswith(b"Cisco VPN Concentrator"): service["service_product"] = "Cisco VPN Concentrator" version = name[24:-1].decode() if version: service["service_version"] = version elif name.startswith(b"SafeNet SoftRemote"): service["service_product"] = "SafeNet Remote" version = name[19:].decode() if version: service["service_version"] = version elif name == b"KAME/racoon": service["service_product"] = "KAME/racoon/IPsec Tools" elif name == b"Nortel Contivity": service["service_product"] = "Nortel Contivity" service["service_devicetype"] = "firewall" elif name.startswith(b"SonicWall-"): service["service_product"] = "SonicWall" elif name.startswith(b"strongSwan"): service["service_product"] = "strongSwan" # for some reason in the fingerprints file, strongSwan == # strongSwan 4.3.6 service["service_version"] = name[11:].decode() or "4.3.6" service["service_ostype"] = "Unix" elif name == b"ZyXEL ZyWall USG 100": service["service_product"] = "ZyXEL ZyWALL USG 100" service["service_devicetype"] = "firewall" elif name.startswith(b"Linux FreeS/WAN "): service["service_product"] = "FreeS/WAN" service["service_version"] = name.decode().split(None, 2)[2] service["service_ostype"] = "Unix" elif name.startswith(b"Openswan ") or name.startswith( b"Linux Openswan "): service["service_product"] = "Openswan" version = name.split(b"Openswan ", 1)[1].decode().split(None, 1) service["service_version"] = version[0] if len(version) == 2: service["service_extrainfo"] = version[1] service["service_ostype"] = "Unix" elif name in [ b"FreeS/WAN or OpenSWAN", b"FreeS/WAN or OpenSWAN or Libreswan" ]: service["service_product"] = "FreeS/WAN or Openswan or Libreswan" service["service_ostype"] = "Unix" elif name.startswith(b"Libreswan "): service["service_product"] = "Libreswan" service["service_version"] = name.decode().split(None, 1)[1] service["service_ostype"] = "Unix" elif name == b"OpenPGP": service["service_product"] = name.decode() elif name in [ b"FortiGate", b"ZyXEL ZyWALL Router", b"ZyXEL ZyWALL USG 100" ]: service["service_product"] = name.decode() service["service_devicetype"] = "firewall" elif name.startswith(b"Netscreen-"): service["service_product"] = "Juniper" service["service_ostype"] = "NetScreen OS" service["service_devicetype"] = "firewall" elif name.startswith(b"StoneGate-"): service["service_product"] = "StoneGate" service["service_devicetype"] = "firewall" elif name.startswith(b"Symantec-Raptor"): service["service_product"] = "Symantec-Raptor" version = name[16:].decode() if version: service["service_version"] = version service["service_devicetype"] = "firewall" elif name == b"Teldat": service["service_product"] = name.decode() service["service_devicetype"] = "broadband router" entry = {"value": encode_hex(payload[4:]).decode()} if name is not None: entry["name"] = name.decode() output.setdefault("vendor_ids", []).append(entry)
def data2key(self, data): data = self._data2key(data) _, exp, mod = (next(data), long(utils.encode_hex(next(data)), 16), long(utils.encode_hex(next(data)), 16)) return RSA.construct((mod, exp))
def info_from_vendorid(payload, service, output): name = find_ike_vendor_id(payload[4:]) if name is not None: if name.startswith(b'Windows-'): service['service_product'] = "Microsoft/Cisco IPsec" service['service_version'] = name.decode().replace('-', ' ') service['service_ostype'] = "Windows" elif name == b'Windows': service['service_product'] = "Microsoft/Cisco IPsec" service['service_ostype'] = "Windows" elif name.startswith(b'Firewall-1 '): service['service_product'] = 'Checkpoint VPN-1/Firewall-1' service['service_version'] = name.decode().split(None, 1)[1] service['service_devicetype'] = 'security-misc' elif name.startswith(b'SSH IPSEC Express '): service['service_product'] = ('SSH Communications Security IPSec ' 'Express') service['service_version'] = name.decode().split(None, 3)[3] elif name.startswith(b'SSH Sentinel'): service['service_product'] = 'SSH Communications Security Sentinel' version = name[13:].decode() if version: service['service_version'] = version elif name.startswith(b'SSH QuickSec'): service['service_product'] = 'SSH Communications Security QuickSec' version = name[13:].decode() if version: service['service_version'] = version elif name.startswith(b'Cisco VPN Concentrator'): service['service_product'] = 'Cisco VPN Concentrator' version = name[24:-1].decode() if version: service['service_version'] = version elif name.startswith(b'SafeNet SoftRemote'): service['service_product'] = 'SafeNet Remote' version = name[19:].decode() if version: service['service_version'] = version elif name == b'KAME/racoon': service['service_product'] = 'KAME/racoon/IPsec Tools' elif name == b'Nortel Contivity': service['service_product'] = 'Nortel Contivity' service['service_devicetype'] = 'firewall' elif name.startswith(b'SonicWall-'): service['service_product'] = 'SonicWall' elif name.startswith(b'strongSwan'): service['service_product'] = 'strongSwan' # for some reason in the fingerprints file, strongSwan == # strongSwan 4.3.6 service['service_version'] = name[11:].decode() or '4.3.6' service['service_ostype'] = 'Unix' elif name == b'ZyXEL ZyWall USG 100': service['service_product'] = 'ZyXEL ZyWALL USG 100' service['service_devicetype'] = 'firewall' elif name.startswith(b'Linux FreeS/WAN '): service['service_product'] = 'FreeS/WAN' service['service_version'] = name.decode().split(None, 2)[2] service['service_ostype'] = 'Unix' elif (name.startswith(b'Openswan ') or name.startswith(b'Linux Openswan ')): service['service_product'] = 'Openswan' version = name.split(b'Openswan ', 1)[1].decode().split(None, 1) service['service_version'] = version[0] if len(version) == 2: service['service_extrainfo'] = version[1] service['service_ostype'] = 'Unix' elif name in [b'FreeS/WAN or OpenSWAN', b'FreeS/WAN or OpenSWAN or Libreswan']: service['service_product'] = 'FreeS/WAN or Openswan or Libreswan' service['service_ostype'] = 'Unix' elif name.startswith(b'Libreswan '): service['service_product'] = 'Libreswan' service['service_version'] = name.decode().split(None, 1)[1] service['service_ostype'] = 'Unix' elif name == b'OpenPGP': service['service_product'] = name.decode() elif name in [b'FortiGate', b'ZyXEL ZyWALL Router', b'ZyXEL ZyWALL USG 100']: service['service_product'] = name.decode() service['service_devicetype'] = 'firewall' elif name.startswith(b'Netscreen-'): service['service_product'] = 'Juniper' service['service_ostype'] = 'NetScreen OS' service['service_devicetype'] = 'firewall' elif name.startswith(b'StoneGate-'): service['service_product'] = 'StoneGate' service['service_devicetype'] = 'firewall' elif name.startswith(b'Symantec-Raptor'): service['service_product'] = 'Symantec-Raptor' version = name[16:].decode() if version: service['service_version'] = version service['service_devicetype'] = 'firewall' elif name == b'Teldat': service['service_product'] = name.decode() service['service_devicetype'] = 'broadband router' entry = {'value': encode_hex(payload[4:]).decode()} if name is not None: entry["name"] = name.decode() output.setdefault('vendor_ids', []).append(entry)
def info_from_vendorid(payload, service, output): name = find_ike_vendor_id(payload[4:]) if name is not None: if name.startswith(b'Windows-'): service['service_product'] = "Microsoft/Cisco IPsec" service['service_version'] = name.decode().replace('-', ' ') service['service_ostype'] = "Windows" elif name == b'Windows': service['service_product'] = "Microsoft/Cisco IPsec" service['service_ostype'] = "Windows" elif name.startswith(b'Firewall-1 '): service['service_product'] = 'Checkpoint VPN-1/Firewall-1' service['service_version'] = name.decode().split(None, 1)[1] service['service_devicetype'] = 'security-misc' elif name.startswith(b'SSH IPSEC Express '): service['service_product'] = 'SSH Communications Security IPSec Express' service['service_version'] = name.decode().split(None, 3)[3] elif name.startswith(b'SSH Sentinel'): service['service_product'] = 'SSH Communications Security Sentinel' version = name[13:].decode() if version: service['service_version'] = version elif name.startswith(b'SSH QuickSec'): service['service_product'] = 'SSH Communications Security QuickSec' version = name[13:].decode() if version: service['service_version'] = version elif name.startswith(b'Cisco VPN Concentrator'): service['service_product'] = 'Cisco VPN Concentrator' version = name[24:-1].decode() if version: service['service_version'] = version elif name.startswith(b'SafeNet SoftRemote'): service['service_product'] = 'SafeNet Remote' version = name[19:].decode() if version: service['service_version'] = version elif name == b'KAME/racoon': service['service_product'] = 'KAME/racoon/IPsec Tools' elif name == b'Nortel Contivity': service['service_product'] = 'Nortel Contivity' service['service_devicetype'] = 'firewall' elif name.startswith(b'SonicWall-'): service['service_product'] = 'SonicWall' elif name.startswith(b'strongSwan'): service['service_product'] = 'strongSwan' # for some reason in the fingerprints file, strongSwan == # strongSwan 4.3.6 service['service_version'] = name[11:].decode() or '4.3.6' service['service_ostype'] = 'Unix' elif name == b'ZyXEL ZyWall USG 100': service['service_product'] = 'ZyXEL ZyWALL USG 100' service['service_devicetype'] = 'firewall' elif name.startswith(b'Linux FreeS/WAN '): service['service_product'] = 'FreeS/WAN' service['service_version'] = name.decode().split(None, 2)[2] service['service_ostype'] = 'Unix' elif name.startswith(b'Openswan ') or name.startswith(b'Linux Openswan '): service['service_product'] = 'Openswan' version = name.split(b'Openswan ', 1)[1].decode().split(None, 1) service['service_version'] = version[0] if len(version) == 2: service['service_extrainfo'] = version[1] service['service_ostype'] = 'Unix' elif name in [b'FreeS/WAN or OpenSWAN', b'FreeS/WAN or OpenSWAN or Libreswan']: service['service_product'] = 'FreeS/WAN or Openswan or Libreswan' service['service_ostype'] = 'Unix' elif name.startswith(b'Libreswan '): service['service_product'] = 'Libreswan' service['service_version'] = name.decode().split(None, 1)[1] service['service_ostype'] = 'Unix' elif name == b'OpenPGP': service['service_product'] = name.decode() elif name in [b'FortiGate', b'ZyXEL ZyWALL Router', b'ZyXEL ZyWALL USG 100']: service['service_product'] = name.decode() service['service_devicetype'] = 'firewall' elif name.startswith(b'Netscreen-'): service['service_product'] = 'Juniper' service['service_ostype'] = 'NetScreen OS' service['service_devicetype'] = 'firewall' elif name.startswith(b'StoneGate-'): service['service_product'] = 'StoneGate' service['service_devicetype'] = 'firewall' elif name.startswith(b'Symantec-Raptor'): service['service_product'] = 'Symantec-Raptor' version = name[16:].decode() if version: service['service_version'] = version service['service_devicetype'] = 'firewall' elif name == b'Teldat': service['service_product'] = name.decode() service['service_devicetype'] = 'broadband router' entry = {'value': encode_hex(payload[4:]).decode()} if name is not None: entry["name"] = name.decode() output.setdefault('vendor_ids', []).append(entry)