def main(): parser = argparse.ArgumentParser(description=DESCRIPTION) parser.add_argument('-i', '--interface', help="capture interface") parser.add_argument('-t', '--time', default='iso', help="output time format (unix, iso)") parser.add_argument('-o', '--output', default='probemon.log', help="logging output location") parser.add_argument('-b', '--max-bytes', default=5000000, help="maximum log size in bytes before rotating") parser.add_argument('-c', '--max-backups', default=99999, help="maximum number of log files to keep") parser.add_argument('-d', '--delimiter', default='\t', help="output field delimiter") parser.add_argument('-D', '--debug', action='store_true', help="enable debug output") args = parser.parse_args() if not args.interface: print "error: capture interface not given, try --help" sys.exit(-1) DEBUG = args.debug clear = lambda: os.system('cls' if os.name=='nt' else 'clear') clear() # setup our rotating logger logger = logging.getLogger(NAME) logger.setLevel(logging.INFO) handler = RotatingFileHandler(args.output, maxBytes=args.max_bytes, backupCount=args.max_backups) logger.addHandler(handler) logger.addHandler(logging.StreamHandler(sys.stdout)) built_packet_cb = build_packet_callback(args.time, logger, args.delimiter, {}, manuf.MacParser()) print '\n' + "Time" + '\t\t' + "MAC Addr" + '\t\t' + "Vendor" + '\t\t\t' + "Network" +'\t\t' + "RSSID" + '\t' + "#Data" + '\n' sniff(iface=args.interface, prn=built_packet_cb, store=0)
def oui(self, frame): result = False p = manuf.MacParser() test = p.get_all(frame.lower()) if test.manuf is not None: print "Real OUI Code" result = True return result
def oui(self, frame): result = False p = manuf.MacParser() test = p.get_all(frame.lower()) if test.manuf is not None: print colored("Real Manufacture OUI Code", "yellow") result = True return result
def PacketHandler(frame): if not self.BSSID == frame.addr2: print "Same SSID with Different BSSID address" p = manuf.MacParser() test = p.get_all(frame.addr2) if test.manuf is not None: print "real OUI Code" if frame.haslayer( Dot11) and frame.type == 0 and frame.subtype == 8: try: if frame.info == self.SSID or self.BSSID == frame.addr2: try: print frame.SC self.seq1 = frame.SC self.seq_list.append(frame.SC) self.counter += 1 if self.counter == 10: val = self.checkmylist(self.seq_list) self.seq_list = [] print "--------------- ", val self.counter = 0 ##sig_str = -(256-ord(frame.notdecoded[1])) ##resets when the seqeunece numbers restart at 0 from (65536) ##stops anomolooous detection of Evil Twin #print frame.SC #frame_seq = frame.SC * frame.SC #if frame_seq == 0: # self.seq2 = 0 # self.seq1 = 0 # # #, " RSSI ", self.parsePacket(frame)#sig_str #if self.test == 1: # self.seq1 = frame_seq # # #if self.test == 2: # self.seq2 = frame_seq # self.test = 1 # print "Difference ", ((self.seq2 - self.seq1)) # self.diff = ((self.seq2 - self.seq1)) # #self.test = 2 # # #if self.diff > (self.seq2- self.seq1) and self.test == 2: # print "possible ROUGE AP With Alternbate Sequence Numbers" # sys.exit() self.accessPointsSQ.append(frame.SC) except Exception, e: print "error", e except: pass
def printBlacklist(wd): blacklist = readBlacklist(wd) p = manuf.MacParser() tableOutput = PrettyTable( ['Vendor', 'MAC Address', 'Date Added', 'Comment']) for macAddress, dateAdded in blacklist.items(): tableOutput.add_row([ p.get_manuf(str(macAddress)), macAddress, dateAdded, p.get_comment(str(macAddress)) ]) print tableOutput
def startCSV(csvfile): p = manuf.MacParser() clientList = [] clients_list = csv2blob(csvfile) for client in clients_list: if client[0] != "Station MAC": clientList.append([ p.get_manuf(str(client[0])), client[0], client[3], p.get_comment(str(client[0])), client[2] ]) return clientList
def parse_tracker_data_block(lnk_info, trackerdatablock_off, f): # MachineID machineid_loc = trackerdatablock_off+12 machin_id = read_null_term(f,machineid_loc) lnk_info['machin_id'] = machin_id # NewObjectID MAC Address macaddress_loc = trackerdatablock_off+54 macaddress = read_unpack(f,macaddress_loc,6) macaddress = splitCount(macaddress,2) lnk_info['macaddress'] = macaddress # MAC vendor p = manuf.MacParser() macvendor = p.get_comment(macaddress) if macvendor == None: macvendor = "(Unknown vendor)" lnk_info['macvendor'] = macvendor # Volume Droid volumedroid_loc = trackerdatablock_off+28 volumedroid = read_unpack(f,volumedroid_loc,16) fieldslices = [reverse_hex(volumedroid[0:8]), reverse_hex(volumedroid[8:12]), reverse_hex(volumedroid[12:16]), volumedroid[16:20], volumedroid[20:32]] volumedroid = '-'.join(fieldslices) lnk_info['volumedroid'] = volumedroid # Volume Droid Birth volumedroid_birth_loc = trackerdatablock_off+60 volumedroid_birth = read_unpack(f,volumedroid_loc,16) fieldslices = [reverse_hex(volumedroid_birth[0:8]), reverse_hex(volumedroid_birth[8:12]), reverse_hex(volumedroid_birth[12:16]), volumedroid_birth[16:20], volumedroid_birth[20:32]] volumedroid_birth = '-'.join(fieldslices) lnk_info['volumedroid_birth'] = volumedroid_birth # File Droid filedroid_loc = trackerdatablock_off+44 filedroid = read_unpack(f,filedroid_loc,16) fieldslices = [reverse_hex(filedroid[0:8]), reverse_hex(filedroid[8:12]), reverse_hex(filedroid[12:16]), filedroid[16:20], filedroid[20:32]] filedroid = '-'.join(fieldslices) lnk_info['filedroid'] = filedroid # Creation time filedroid_time = ''.join(fieldslices) timestamp = int((filedroid_time[13:16] + filedroid_time[8:12] + filedroid_time[0:8]),16) creation = datetime.datetime.fromtimestamp((timestamp - 0x01b21dd213814000L)*100/1e9) lnk_info['creation'] = creation # File Droid Birth filedroid_birth_loc = trackerdatablock_off+76 filedroid_birth = read_unpack(f,filedroid_birth_loc,16) fieldslices = [reverse_hex(filedroid_birth[0:8]), reverse_hex(filedroid_birth[8:12]), reverse_hex(filedroid_birth[12:16]), filedroid_birth[16:20], filedroid_birth[20:32]] filedroid_birth = '-'.join(fieldslices) lnk_info['filedroid_birth'] = filedroid_birth return lnk_info
accessPoints = [] macAP = [] clients = [] macClient = [] uni = 0 Numclients = 0 Numap = 0 Currentloc = 0 NAME = 'Peanuts' DESCRIPTION = "A New Version of Snoopy-NG, a command line tool for logging 802.11 probe request frames" whmp = manuf.MacParser() gpsd = None #seting the global variable # Console colors W = '\033[0m' # white (normal) R = '\033[31m' # red G = '\033[32m' # green O = '\033[33m' # orange< B = '\033[34m' # blue P = '\033[35m' # purple C = '\033[36m' # cyan GR = '\033[37m' # gray T = '\033[93m' # tan class GpsPoller(threading.Thread):
#!/usr/bin/env python import sys import sqlite3 as lite import datetime import manuf import time # from manuf import * # from colr import color con = lite.connect('../maclogger.db') now = int(time.time()) macParser = manuf.MacParser() maxAge = 10 * 6 maxDevices = 500 def getManuf(mac): vendor = macParser.get_all(mac) m = vendor.manuf c = vendor.comment if m is None: return "\t" if c is None: return m return m + " (" + c + ")"
def main(): global debug parser = argparse.ArgumentParser(description=scriptName, add_help=False, usage='{} <arguments>'.format(scriptName)) parser.add_argument('-v', '--verbose', dest='debug', type=str2bool, nargs='?', const=True, default=False, help="Verbose output") parser.add_argument( '-i', '--input', required=False, dest='input', metavar='<STR>', type=str, default=DEFAULT_MANUF_URL, help='Input file or URL', ) parser.add_argument('-o', '--output', required=True, dest='output', metavar='<STR>', type=str, default='', help='Output file') try: parser.error = parser.exit args = parser.parse_args() except SystemExit: parser.print_help() exit(2) debug = args.debug if debug: eprint(os.path.join(scriptPath, scriptName)) eprint("Arguments: {}".format(sys.argv[1:])) eprint("Arguments: {}".format(args)) else: sys.tracebacklimit = 0 if args.input.lower().startswith('http') and not os.path.isfile( args.input): tmpf = tempfile.NamedTemporaryFile(delete=True, suffix=".txt") r = requests.get(args.input) with open(tmpf.name, 'wb') as f: f.write(r.content) args.input = tmpf.name companies = [] for k, v in manuf.MacParser(manuf_name=args.input)._masks.items(): macLow = ':'.join('{:02x}'.format(x) for x in (k[1] << k[0]).to_bytes(6, byteorder='big')) macHigh = ':'.join( '{:02x}'.format(x) for x in ((k[1] << k[0]) | (int("ffffffffffff", 16) >> (48 - k[0])) ).to_bytes(6, byteorder='big')) companies.append({ 'name': v.manuf_long, 'low': macLow, 'high': str(macHigh), }) companies.sort(key=lambda x: (x['low'], x['high'])) with open(args.output, 'w+') as outfile: yaml.dump(companies, outfile, allow_unicode=True)
def print_scan(nmap_report, fileName, iPRange, hostNet): print("Starting Nmap {0} ( http://nmap.org ) at {1}".format( nmap_report.version, nmap_report.started)) #initialize the Excel Workbook wb = Workbook() ws = wb.active ws.title = "Nmap Scan" ws['A1'] = "IP" ws['B1'] = "Hostname" ws['C1'] = "Port/Protocol/Service" ws['D1'] = "OS" ws['E1'] = "Scan Vendor" ws['F1'] = "MAC" ws['G1'] = "MAC Vendor" ws['H1'] = "Priority/Risk" ws['I1'] = "Comments" #highlight the top cells for j in range(1, 10): fillColor = PatternFill("solid", fgColor="2672EC") cellStyle = ws.cell(row=1, column=j) cellStyle.fill = fillColor #Write the IP Addresses and highlight the cells in our DHCP range for i in range(iPRange): ws.cell(row=(i + 2), column=1, value=hostNet + str(i)) if i in range(100, 200): fill = PatternFill("solid", fgColor="e0a4ea") for j in range(2, 10): cellStyle = ws.cell(row=(i + 2), column=j) cellStyle.fill = fill #Walk through the hosts found for host in nmap_report.hosts: #Set the row to be in line with the Correct Address of scanned host for i in range(iPRange): if hostNet + str(i) == host.address: row = i + 2 break #This is to filter out the IP that do not have a host #It should work that if there are any open ports its True and continues or if there was found a MAC address its true if host.get_open_ports() or host.mac != '': for j in range(2, 10): fillColor = PatternFill("solid", fgColor="FFFFFF") cellStyle = ws.cell(row=1, column=j) cellStyle.fill = fillColor #If the host has a hostname add it if len(host.hostnames): tmp_host = ','.join(host.hostnames) else: tmp_host = 'None set' #Add the hostname if one exists ws.cell(row=row, column=2, value=tmp_host) #Creates a list of the open ports and services, then converts to string to be able to track for security portList = [] for serv in host.services: pserv = "{0:>5s}/{1:3s}/{2}".format(str(serv.port), serv.protocol, serv.service) portList.append(pserv) portString = ','.join(portList) ws.cell(row=row, column=3, value=portString) #Adds the OS if it was able to be found if len(host.os_class_probabilities()): os = host.os_class_probabilities() osEle = str(os[0]) osList = osEle.split("\n") osPos = str(osList[0]) ws.cell(row=row, column=4, value=osPos) else: ws.cell(row=row, column=4, value="Unable to detect") #If the vendor could be determined by the NMAP adds it venCheck = host.vendor if not venCheck: ws.cell(row=row, column=5, value=str(host.vendor)) else: ws.cell(row=row, column=5, value="Unable to detect") #Uses manuf to find the Manufacturer based upon the MAC if host.mac != '': ws.cell(row=row, column=6, value=str(host.mac)) macVen = manuf.MacParser() ws.cell(row=row, column=7, value=macVen.get_manuf(host.mac)) else: ws.cell(row=row, column=6, value="No MAC") ws.cell(row=row, column=7, value="No MAC") #If there was no Host found on the IP, then it posts that the Address is open and highlights them else: ws.cell(row=row, column=2, value='Open Addr') for j in range(2, 10): fillColor = PatternFill("solid", fgColor="AA9CD2") cellStyle = ws.cell(row=1, column=j) cellStyle.fill = fillColor wb.save(fileName) print(nmap_report.summary)
# Get wirelss ssid and generate a network location from it to distinguish datasets # First 4 chars of an md5 hexdigest my_netloc = "0000" with open('/etc/network/interfaces') as f: for l in f: if "ssid" in l: my_netloc = hashlib.md5(l).hexdigest()[-4:] # Define our sniffer function for passing to Scapy # Pkt types below from https://pen-testing.sans.org/blog/2011/10/13/special-request-wireless-client-sniffing-with-scapy # Further Scapy information can be gleaned from http://www.secdev.org/projects/scapy/demo.html # Index of MACs from found devices for windowing mac_index = {} oui_lookup = manuf.MacParser('/opt/manuf/manuf') # You can do an interactive session with scapy from the command line on the pi to investigate anomalous devices # sudo scapy # conf.oface = "wlan1mon" # p = sniff(filter="wlan host 64-BC-0C-64-2E-45", count=1) # p[0].show() def packet_sniffer(pkt): # print(pkt.show()) ts_now = int(time()) log_now = False # Determine if pkt is of an useful type - we only collect management packets! No data or security info. if pkt.haslayer(Dot11): if pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp):
import manuf from sqlalchemy import create_engine from sqlalchemy.orm import sessionmaker from sqlalchemy.ext.declarative import declarative_base from models import Probe import config Base = declarative_base() engine = create_engine(config.DB_CONNECTION_STRING, echo=True) Base.metadata.bind = engine DBSession = sessionmaker(bind=engine) session = DBSession() pp = pprint.PrettyPrinter(indent=2) manuf_parser = manuf.MacParser() CURRENT_TZ = timezone('Europe/Paris') def probe_handler(probe): manuf_lookup = manuf_parser.get_all(probe['mac']) probe['vendor'] = manuf_lookup.manuf_long if probe['mac'] not in config.EXCLUDED_MAC and probe[ 'vendor'] not in config.EXCLUDED_VENDORS and manuf_lookup.manuf_long is not None: insert_probe(probe) def capture(iface_name='en1', tcpdump_cmd=config.TCPDUMP_COMMAND, probe_handler=probe_handler):
def setUp(self): self.manuf = manuf.MacParser(manuf_name="manuf")
import subprocess import json from values import config import manuf def full_path(path): path = ''.join([config.CWD, path]) return path oui_lookup = manuf.MacParser(manuf_name='/home/pi/conf/manuf') def shell(command, isJson=False): process = subprocess.Popen(command.split(), stdout=subprocess.PIPE) output, error = process.communicate() if error: return False if json: output = json.loads(output) return output def get_manuf(mac): return oui_lookup.get_manuf(mac)