def _download_file(self): logger.info( f"Downloading zip file... [FROM: '{self._elvui_download_zip_link}' TO: '{self._zip_file_path}']" ) request = self._get_response(self._elvui_download_zip_link, allow_redirects=True) with open(self._zip_file_path, 'wb') as zip_file: zip_file.write(request.content)
def compress(self): logger.info(f"Zipping file... [{self.old_zip_filename}]") with zipfile.ZipFile(self._zip_path, "w") as zip_file: for directory in self._compressed_directories: for dirname, subdirs, files in os.walk(directory): zip_file.write(dirname) for filename in files: zip_file.write(os.path.join(dirname, filename))
def unzip(self): logger.info( f"Unzipping version: {self._current_version}... [FROM: {self._zip_path} TO: {self._directory_to_extract_to}]" ) if not os.path.exists(self._directory_to_extract_to): os.mkdir(self._directory_to_extract_to) with zipfile.ZipFile(self._zip_path, 'r') as zip_ref: zip_ref.extractall(self._directory_to_extract_to)
def setName(): logger.info("post recieved") if request.method == 'POST': payload = request.form logger.debug(f'post recieved : {payload}') data = payload['data'] return {"Successfully stored ": str(data)} return None
def _check_os(self): os_running = platform.system() logger.info(f"Current operating system: {os_running}") if os_running == 'Windows': self._client = 'win' else: logger.warning( f"Your system is not tested for this application. [System: {os_running}]." ) self._client = 'other'
def _get_content_from_page(self, url): logger.info(f"Requesting page... [PAGE: {url}") response = self._get_response(url) if response.status_code != 200: logger.error(f"Did not get proper response from server.\n" f"Checked page: {url}. [CODE={response.status_code}]") sys.exit(1) else: self._current_page_content = BeautifulSoup(response.content, features="html.parser")
def _xss_stored(http, s): """ Performs a Stored XSS attack. Multiple requests are performed sending all the XSS payloads. """ logger.info("Perform a stored XSS") # we send all the xss payloads hoping that at least one is effective for _payload in xss_payloads: infoMsg = "Sending payload {}".format(_payload) logger.info(infoMsg) r = _run_payload_request(http, s, xss_payload)
def _sqli_dump(http, s): vuln_param = http.action_params[0] infoMsg = "Perform SQLi attack and dump the entire database" logger.info(infoMsg) sqlmap_details = dict() sqlmap_details["url"] = http.url sqlmap_details["method"] = http.method sqlmap_details["get_params"] = http.get_params sqlmap_details["post_params"] = http.post_params sqlmap_details["vuln_param"] = http.get_params[vuln_param] # we reuse the cookies in the session sqlmap_details["cookies"] = s.cookies.get_dict() sqlmap_details["dumpall"] = True sqli.execute_sqlmap(sqlmap_details)
def _xss_response(http, s): """ Performs a normal request and looks in the response for an XSS code. """ # after executing the request # there is an XSS in the response logger.info("Perform a request and check for xss in the response") r = _normal_request(http) # in the response we should have xss if _check_response(r): infoMsg = "Reflected XSS successful, the intruder gains honest's cookies" logger.info(infoMsg) intruder_session.cookies.update(honest_session.cookies) else: # abort execution, we were expenting XSS in the response warningMsg = "No XSS in the response as exxpected" logger.warning(warningMsg) exit(-1)
def run_api_server(): global sqlmap_process atexit.register(exiting) logger.info("starting sqlmap APIs") # NOTE: when executing sqlmapapi.py the working directory must be ./sqlmap/ otherwise when the analysis # is started, it raises a not file execeptio 'cause it cannot find sqlmap.py sqlmap_process = subprocess.Popen(SQLMAP_API.split(" "), stderr=subprocess.PIPE, stdout=subprocess.PIPE, cwd="./sqlmap/") time.sleep(2) while True: line = sqlmap_process.stdout.readline() if "REST-JSON API server connected to IPC database" in line.decode( 'utf-8'): # the webserver is up and running return True raise Exception() return False
def _normal_request(http, s): """ Perform a normal HTTP request. Returns a Response object that contains the response. """ logger.info("Perform normal request") url_params = dict() for abstract_k in http.get_params: _get = http.get_params[abstract_k] k, v = _instantiate_value(_get[0], _get[1], http.params[abstract_k]) url_params[k] = v debugMsg = url_params logger.debug(debugMsg) post_params = dict() for abstract_k in http.post_params: _post = http.post_params[abstract_k] k, v = _instantiate_value(_post[0], _post[1], http.params[abstract_k]) post_params[k] = v debugMsg = post_params logger.debug(debugMsg) # configure the proxy if it was set if config.proxy_ip and config.proxy_port: proxies = { "http": "http:{}:{}".format(config.proxy_ip, config.proxy_port), "https": "https{}:{}".format(config.proxy_ip, config.proxy_port) } resp = s.request(method=http.method, url=http.url, params=url_params, data=post_params, proxies=proxies) else: resp = s.request(method=http.method, url=http.url, params=url_params, data=post_params) debugMsg = resp.headers logger.debug(debugMsg) return resp
def local_cl_atse(file_aslan, options=[]): global CLATSE logger.info("Executing CL-Atse locally") atse_output = os.path.splitext(file_aslan)[0] + ".atse" atse_output_descriptor = open(atse_output, "w") atse_execution_array = [CLATSE] + options + [file_aslan] logger.debug(atse_execution_array) p1 = subprocess.Popen(atse_execution_array, universal_newlines=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE) try: out, err = p1.communicate(timeout=config.mc_timeout) except subprocess.TimeoutExpired: p1.kill() logger.critical("Model checker timed out") exit() atse_output_descriptor.write(out) atse_output_descriptor.close() return atse_output
def _sqli_write(http, s): """ Performs a SQLi attack for writing to the file-system.""" vuln_param = http.action_params[0] file_to_write = http.action_params[1] infoMsg = "Perform SQLi attack for writing file {}".format(file_to_read) logger.info(infoMsg) promptMsg = "Where should I write the file on the remote server?\n" remote_path = "" while remote_path == "": remote_path = input(promptMsg) sqlmap_details = dict() sqlmap_details["url"] = http.url sqlmap_details["method"] = http.method sqlmap_details["get_params"] = http.get_params sqlmap_details["post_params"] = http.post_params sqlmap_details["vuln_param"] = http.get_params[vuln_param] # we reuse the cookies in the session sqlmap_details["cookies"] = s.cookies.get_dict() sqlmap_details["write"] = file_to_write sqlmap_details["path"] = remote_path sqli.execute_sqlmap(sqlmap_details)
def main(): static_path = os.path.join(os.getcwd(), 'Static') blizzard_addons_directory_path = f'{args.blizz_addon_path}' addons = os.listdir(blizzard_addons_directory_path) extracted_elvui_directory = os.path.join(static_path, args.extracted_elvui) if not os.path.exists(static_path): logger.info(f"Creating static path: {static_path}.") os.mkdir(static_path) # Download handling. downloader = Downloader(static_directory_path=static_path) downloader.run() # Zipping Handling. zip_file = UnZipFile(zip_path=downloader.zip_file_path, current_version=downloader.current_elvui_version, extracted_dir_name=args.extracted_elvui, static_directory_path=static_path) zip_file.unzip() # ElvUI addons backuping. elvui_addons = list( filter(lambda dir: (str(dir).lower().find('elvui') > -1), addons)) elvui_directories = list( map( lambda elvui_directory: os.path.join( blizzard_addons_directory_path, elvui_directory), elvui_addons)) backup_file_handler = ZipFile(static_directory_path=static_path) for elvui_directory in elvui_directories: backup_file_handler.add_directory_to_be_compressed(elvui_directory) backup_file_handler.compress() # ElvUI file replacement. replace_handler = ReplaceDirs( blizzard_addons_path=args.blizz_addon_path, extracted_version_path=f'{extracted_elvui_directory}') replace_handler.replace()
def _sqli_read(http, s): """ Performs a SQLi attack for reading from the file-system. """ vuln_param = http.action_params[0] file_to_read = http.action_params[1] infoMsg = "Perform SQLi attack for reading {}".format(file_to_read) logger.info(infoMsg) promptMsg = "What is the path of the file {} you want to read?\n".format( file_to_read) file_to_read = "" while file_to_read == "": file_to_read = input(promptMsg) sqlmap_details = dict() sqlmap_details["url"] = http.url sqlmap_details["method"] = http.method sqlmap_details["get_params"] = http.get_params sqlmap_details["post_params"] = http.post_params sqlmap_details["vuln_param"] = http.get_params[vuln_param] # we reuse the cookies in the session sqlmap_details["cookies"] = s.cookies.get_dict() sqlmap_details["read"] = file_to_read sqli.execute_sqlmap(sqlmap_details) print("SQLi read {}".format(file_to_read))
def exitcleanup(): # remove temporary files logger.info("Exiting wsfast...") if not config.DEBUG: logger.info("removing temporary files!") for fl in glob.glob("./tmp_*"): os.remove(fl) logger.info("Bye!")
def aslanpp2aslan(file_aslanpp): #connector = config.connector # get the filename without extension debugMsg = "file aslanpp: {}".format(file_aslanpp) logger.debug(debugMsg) basename = os.path.splitext(os.path.basename(file_aslanpp))[0] translator_output_file = "tmp_" + basename + ".aslan" logger.info("Generating ASlan model") debugMsg = "{} on {} out-file {}".format(connector, file_aslanpp, translator_output_file) logger.debug(debugMsg) p1 = subprocess.Popen([ "java", "-jar", connector, file_aslanpp, "-o", translator_output_file ], universal_newlines=True, stderr=subprocess.PIPE) try: out, err = p1.communicate(timeout=30) except subprocess.TimeoutExpired: p1.kill() criticalMsg = "Error: {} timed out." logger.critical(criticalMsg) exit() # check if an error has been generated from the translator if "FATAL" in err or "ERROR" in err: # there was an error in executing the translator logger.critical("Translator generated an error") logger.critical(err) exit() if config.verbosity and "WARNING" in err: logger.debug(err.strip()) logger.info("ASlan model generated") return translator_output_file, err
def _sqli_bypass(http): """ Performs a SQLi attack for creating a tautology. """ logger.info("Perform a SQLi bypass attack") for _payload in sqli_bypass_payloads: r = _run_payload_request(http, s, _payload) # in the response we should have xss if _check_reponse(r): infoMsg = "Reflected XSS successful, the intruder gains honest's cookies" logger.info(infoMsg) intruder_session.cookies.update(honest_session.cookies) # break out of the for if XSS was successful break infoMsg = "Unsuccessful payload {}".format(xss_payload) logger.info(infoMsg) warningMsg = "No SQLi bypass payload was successful" logger.warning(warningMsg)
def _xss_reflected(http, s): """ Performs a Reflected XSS attack. Multiple requests are performed until a successful XSS is executed. """ logger.info("Perform a reflected XSS and check for XSS in the response") for _payload in xss_payloads: r = _run_payload_request(http, s, _payload) # in the response we should have xss if _check_response(r, tocheck="something"): infoMsg = "SQLi successful" logger.info(infoMsg) # break out of the for if XSS was successful break infoMsg = "Unsuccessful payload {}".format(_payload) logger.info(infoMsg) warningMsg = "No SQLi bypass payload was successful" logger.warning(warningMsg)
def Start(self): """ This function starts the process. """ prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "******************************* Information about the call *******************************" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "From: " + self.CallInformation.From_Extension + " in " + self.CallInformation.From_IP + ":" + self.CallInformation.From_Port + "/" + self.CallInformation.From_Transport self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "To: " + self.CallInformation.To_Extension + " in " + self.CallInformation.To_IP self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "Contact: " + self.CallInformation.Contact_Extension + " in " + self.CallInformation.Contact_IP + ":" + self.CallInformation.Contact_Port + "/" + self.CallInformation.Contact_Transport self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "Connection: " + self.CallInformation.Connection self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "Owner: " + self.CallInformation.Owner self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) for i in range(len(self.CallInformation.Via)): prtString = "Via " + str(i) + ": " + self.CallInformation.Via[i][ 0] + ":" + self.CallInformation.Via[i][ 1] + "/" + self.CallInformation.Via[i][2] self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = self.CallInformation.UserAgent self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "************************************* Classification *************************************" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) # --------------------------------------------------------------------------------- # Check fingerprint # --------------------------------------------------------------------------------- self.Tests_CheckFingerprint() # --------------------------------------------------------------------------------- # Check DNS # --------------------------------------------------------------------------------- self.Tests_CheckDNS() # --------------------------------------------------------------------------------- # Check if SIP ports are opened # --------------------------------------------------------------------------------- self.Tests_CheckSIPPorts() # --------------------------------------------------------------------------------- # Check if media ports are opened # --------------------------------------------------------------------------------- self.Tests_CheckMediaPorts() # --------------------------------------------------------------------------------- # Check request URI # --------------------------------------------------------------------------------- self.Tests_CheckURI() # --------------------------------------------------------------------------------- # Check if proxy in Via # --------------------------------------------------------------------------------- self.Tests_CheckVia() # --------------------------------------------------------------------------------- # Check for ACK # --------------------------------------------------------------------------------- self.Tests_CheckACK() # --------------------------------------------------------------------------------- # Check received media # --------------------------------------------------------------------------------- self.Tests_CheckMedia() # Print the categories prtString = "+ The message is classified as:" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) for i in range(len(self.CallInformation.Classification)): prtString = "| " + self.CallInformation.Classification[i] self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.Running = False
# Zipping Handling. zip_file = UnZipFile(zip_path=downloader.zip_file_path, current_version=downloader.current_elvui_version, extracted_dir_name=args.extracted_elvui, static_directory_path=static_path) zip_file.unzip() # ElvUI addons backuping. elvui_addons = list( filter(lambda dir: (str(dir).lower().find('elvui') > -1), addons)) elvui_directories = list( map( lambda elvui_directory: os.path.join( blizzard_addons_directory_path, elvui_directory), elvui_addons)) backup_file_handler = ZipFile(static_directory_path=static_path) for elvui_directory in elvui_directories: backup_file_handler.add_directory_to_be_compressed(elvui_directory) backup_file_handler.compress() # ElvUI file replacement. replace_handler = ReplaceDirs( blizzard_addons_path=args.blizz_addon_path, extracted_version_path=f'{extracted_elvui_directory}') replace_handler.replace() if __name__ == '__main__': logger.info("Starting program...") main()
def sendemail(self, strData): if not self.Enabled: logger.info("E-mail notification is disabled.") return if self.SMTP_IP == "": logger.info("No SMTP server address configured.") return if self.SMTP_PORT == "": logger.info("SMTP server port is not configured.") return if self.Recipients == "": logger.info("No recipient address is configured.") return msg = MIMEMultipart() msg['To'] = self.To_header msg['From'] = self.From msg['Subject'] = self.Subject msgText = MIMEText(strData, "html") msg.attach(msgText) # Read the logo try: fp = open(ARTEMISA_WEBLOGO_PATH, 'rb') msgImage = MIMEImage(fp.read()) fp.close() except: logger.error("Cannot read file " + ARTEMISA_WEBLOGO_PATH) return # Define the image's ID as referenced above msgImage.add_header('Content-ID', '<weblogo>') msg.attach(msgImage) try: if self.TSLSSL: server = SMTP(self.SMTP_IP, int(self.SMTP_PORT)) server.ehlo() server.starttls() server.ehlo() server.login(self.SMTP_USERNAME, self.SMTP_PASSWORD) else: server = SMTP(self.SMTP_IP, int(self.SMTP_PORT)) server.ehlo() server.login(self.SMTP_USERNAME, self.SMTP_PASSWORD) server.sendmail(self.From, self.Recipients.split(","), msg.as_string()) server.quit() logger.info("E-mail notification sent.") except SMTPAuthenticationError: logger.warning( "E-mail account username and/or password refused by SMTP server." ) except Exception, e: logger.error("E-mail notification couldn't be sent. Error: " + str(e))
def sqli(msc_table,extended): logger.info("Looking for SQL injection attacks") sqli = [] injection_point = "" # regexp r_sqli = re.compile("(?:.*?)\.?sqli\.(?:.*)\.?") r_tuple_response = re.compile("(?:.*?)\.?tuple\(") r_tuple_request = re.compile("([a-z]*?)\.s\.tuple\((?:.*?)\)(?:\.s)?") r_sqli_read = re.compile("(?:.*?)e_file\((.*?)\)") r_sqli_write = re.compile("(?:.*?)newFile\((.*?)\)") # data extraction tag_sqli = "" # second-order conditions so_cond1 = False # i -> webapp : <something>.sqli.<something> so_cond2 = False # i -> webapp : <something> so_cond3 = False # webapp -> i : tuple(<something>.sqli.<something> tag_so_cond1 = "" tag_so = "" for idx, row in enumerate(msc_table): tag = row[0] step = row[1] sender = step[0] receiver = step[1] msg = step[2] entry = None if sender not in config.receiver_entities: # is a message from the intruder debugMsg = "Processing {}".format(msg) logger.debug(debugMsg) if r_sqli.search(msg) and "tuple(" not in msg: if so_cond1 == False: so_cond1 = True tag_so_cond1 = tag logger.debug("so_cond1") # get the response response = msc_table[idx+1] response_msg = response[1][2] # (tag , ( sender, receiver, msg)) # and check if we have something function of file (sqli for file reading) match_ftr = r_sqli_read.search(response_msg) if match_ftr: logger.debug("SQLi file-read {}".format(tag)) file_to_read = match_ftr.group(1) extended[tag]["read"] = file_to_read extended[tag]["attack"] = 1 else: # or something function of new_file (sqli for file writing) match_ftw = r_sqli_write.search(response_msg) if match_ftw: logger.debug("SQLi file-write {}".format(tag)) file_to_write = match_ftw.group(1) extended[tag]["write"] = file_to_write extended[tag]["attack"] = 2 else: # ... otherwise is a sql injection logger.debug("SQLi bypass {}".format(tag)) params = utils.__get_parameters(msg) entry = { "attack":10, "params" : params } extended[tag]["attack"] = 10 tag_sqli = tag else: exploit_sqli = r_tuple_request.findall(msg) if exploit_sqli: debugMsg = "Exploit SQLi {}".format(exploit_sqli) logger.debug(debugMsg) # it means we are using again the function tuple so it # was a data extraction attack debugMsg = "Change SQLi of {} to data extraction".format(tag_sqli) logger.debug(debugMsg) extended[tag_sqli]["attack"] = 0 extended[tag_sqli]["extract"] = exploit_sqli extended[tag_sqli]["tag_sqli"] = tag params = utils.__get_parameters(msg) entry = { "attack" : 6, "params" : params } extended[tag]["attack"] = 6 elif tag != "tag": # this is a normal request ... # we check if previous conditions for so are valid if so_cond1 == True and so_cond2 == False: logger.debug("so_cond2") so_cond2 = True tag_so = tag logger.debug("Normal request {}".format(tag)) params = utils.__get_parameters(msg) entry = {"attack":-1,"params":params} extended[tag]["attack"] = -1 else: debugMsg = "Processing {}".format(msg) logger.debug(debugMsg) if r_tuple_response.search(msg): # we are exploiting a sqli if so_cond1 == True and so_cond2 == True and so_cond3 == False: logger.debug("so_cond3") # we check if previous conditions for so are valid extended[tag_so_cond1]["attack"] = 8 extended[tag_so_cond1]["tag_so"] = tag_so so_cond3 = True
def execute_sqlmap(sqlmap_details): global data_to_extract logger.info("run sqlmapapi.py") is_sqlmap_up = sqlmap.run_api_server() if not is_sqlmap_up: logger.critical("sqlmap server not running") exit() task = sqlmap.new_task() # configure proxy if config.proxy_ip and config.proxy_port and config.proxy_port.isdigit(): sqlmap.set_option("proxy","http://{}:{}".format(config.proxy_ip, config.proxy_port), task) url = sqlmap_details["url"] method = sqlmap_details["method"] vuln_param = sqlmap_details["vuln_param"] url_params = "" if "get_params" in sqlmap_details: params = sqlmap_details["get_params"] url_params = "" for ab_k,real_c in params.items(): # specify an injection point if ab_k == vuln_param: url_params = url_params+real_c[0]+"="+real_c[1]+"*&" else: url_params = url_params+real_c[0]+"="+real_c[1]+"&" url_params = url_params[:-1] body_params = "" if "post_params" in sqlmap_details: params = sqlmap_details["post_params"] body_params = "" for ab_k,real_c in params.items(): # specify an injection point if ab_k == vuln_param: body_params = body_params+real_c[0]+"="+real_c[1]+"*&" else: body_params = body_params+real_c[0]+"="+real_c[1]+"&" body_params = body_params[:-1] url = url+"?"+url_params sqlmap.set_option("url",url,task) if method == "POST": sqlmap.set_option("data",body_params,task) # if "params" in sqlmap_details: # params = sqlmap_details["params"] # url_params = "" # for k,v in params.items(): # url_params = url_params+k+"="+v+"&" # url_params = url_params[:-1] # if method == "GET": # url = url+"?"+url_params # sqlmap.set_option("url",url,task) # elif method == "POST": # sqlmap.set_option("url",url,task) # sqlmap.set_option("data",url_params,task) # set cookie if present and should be considered if "cookies" in sqlmap_details: c = "" for k,v in sqlmap_details["cookies"].items(): c = c + k + "=" + v + ";" debugMsg = "sqlmap with cookie {}".format(c) logger.debug(debugMsg) sqlmap.set_option("cookie",c,task) # BEGIN: set specific attack details # data extraction if "extract" in sqlmap_details: data_to_extract = sqlmap_details["extract"] sqlmap.set_option("dumpTable","true",task) # set data extraction only if we have data to extract col = "" tbl = "" for tblcol in data_to_extract: tbl_list = tblcol.split(".") # TODO: in here we're basically overwriting the table name # whenever we find a new one tbl = tbl_list[0] col = col + tbl_list[1] sqlmap.set_option("tbl",tbl,task) sqlmap.set_option("col",col,task) if "dumpall" in sqlmap_details: # dump the entire database sqlmap.set_option("dumpAll","true",task) # file read if "read" in sqlmap_details: file_to_extract = sqlmap_details["read"] sqlmap.set_option("rFile",file_to_extract,task) # file write if "write" in sqlmap_details: file_to_write = sqlmap_details["write"] remote_path = sqlmap_details["path"] if not isfile(file_to_write): criticalMsg = "Error: {} file not found".format(file_to_write) debug.critical(criticalMsg) exit() sqlmap.set_option("wFile",join(".",file_to_write),task) sqlmap.set_option("dFile",remote_path,task) # second order if "secondOrder" in sqlmap_details: secondOrder_url = sqlmap_details["secondOrder"] sqlmap.set_option("secondOrder",secondOrder_url,task) # END: set specific attack details logger.info("sqlmap analysis started") sqlmap.start_scan(url,task) stopFlag = threading.Event() sqlmap_data = None sqlmap_log = None while not stopFlag.wait(5): r = sqlmap.get_status(task) if "terminated" in r: logger.debug(sqlmap.get_log(task)) sqlmap_data = sqlmap.get_data(task) sqlmap_log = sqlmap.get_log(task) stopFlag.set() else: logger.debug(sqlmap.get_log(task)) logger.info("sqlmap analysis in progress ... ") # we check if the last message generated by sqlmap is critical # or an error level = sqlmap_log[-1]["level"] message = sqlmap_log[-1]["message"] if level == "WARNING": logger.warning(message) if level == "INFO": logger.info(message) if level == "ERROR" or level == "CRITICAL": logger.critical("sqlmap generated an error") logger.critical(message) logger.critical("Aborting execution") exit() logger.info("sqlmap analysis terminated") return sqlmap_data, sqlmap_log
def Tests_CheckFingerprint(self): """ This method carries out the fingerprint test """ prtString = "+ Checking fingerprint..." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| " + self.CallInformation.UserAgent self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) # Artemisa will find fingerprint signatures in the whole SIP message self.CallInformation.ToolName = CheckFingerprint( self.CallInformation.SIP_Message) #if self.CallInformation.ToolName < 0: # prtString = "|"; self.CallInformation.Results_File_Buffer += "\n" + prtString; logger.info(prtString) # prtString = "| Fingerprint check failed."; self.CallInformation.Results_File_Buffer += "\n" + prtString; logger.info(prtString) if self.CallInformation.ToolName == "": prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| No fingerprint found." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) else: prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| Fingerprint found. The following attack tool was employed: " + self.CallInformation.ToolName self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| Category: Attack tool" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("Attack tool") prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString)
def Tests_CheckMedia(self): """ This method carries out the received media test """ prtString = "+ Checking for received media..." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) if self.MediaReceived: prtString = "| Media received: Yes" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| Category: SPIT" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("SPIT") else: prtString = "| Media received: No" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| Category: Ringing" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("Ringing") prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString)
def Tests_CheckACK(self): """ This method carries out the ACK test """ prtString = "+ Checking for ACK..." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) if self.bACKReceived: prtString = "| ACK received: Yes" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) else: prtString = "| ACK received: No" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| Category: Scanning" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("Scanning") prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString)
def Tests_CheckVia(self): """ This method carries out the Via test """ # This entire tests depends on the result of the previous if not self.bRequestURI: # Via[0] is the first Via field, so that it has the IP of the last proxy. prtString = "+ Checking if proxy in Via..." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) if len(self.CallInformation.Via) == 0: prtString = "| No Via found." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) return prtString = "| + Checking " + self.CallInformation.Via[0][ 0] + ":" + self.CallInformation.Via[0][ 1] + "/" + self.CallInformation.Via[0][2] + "..." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| |" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) # We determine the existence of the proxy by checking the port with nmap strResult = CheckPort(self.CallInformation.Via[0][0], self.CallInformation.Via[0][1], self.CallInformation.Via[0][2], self.verbose) if strResult == 0 or strResult < 0: prtString = "| | Error while scanning." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| |" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| | Category: -" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) else: if strResult.find("closed") != -1: prtString = "| | Result: There is no SIP proxy" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| |" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| | Category: Dial plan fault" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("Dial plan fault") else: prtString = "| | Result: There is a SIP proxy" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| |" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| | Category: Direct attack" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("Direct attack") prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString)
def Tests_CheckURI(self): """ This method carries out the URI comprobation test """ self.bRequestURI = False # Flag to know if this test gives a positive or negative result prtString = "+ Checking request URI..." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| Extension in field To: " + self.CallInformation.To_Extension self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) # Now it checks if the extension contained in the "To" field is one of the honeypot's registered # extesions. Found = False for i in range(len(self.Extensions)): if str(self.Extensions[i].Extension ) == self.CallInformation.To_Extension: # The extension contained in the "To" field is an extension of the honeypot. Found = True prtString = "| Request addressed to the honeypot? Yes" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.bRequestURI = True break if not Found: prtString = "| Request addressed to the honeypot? No" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.bRequestURI = False prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString)
def Tests_CheckMediaPorts(self): """ This method carries out the media ports test """ prtString = "+ Checking if media port is opened..." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) # FIXME: this parsing could be improved strRTPPort = GetSIPHeader("m=audio", self.CallInformation.SIP_Message) if strRTPPort == "": # Could happen that no RTP was delivered prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| No RTP info delivered." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| Category: Spoofed message" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("Spoofed message") else: strRTPPort = strRTPPort.split(" ")[1] prtString = "|" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| + Checking " + self.CallInformation.Contact_IP + ":" + strRTPPort + "/" + "udp" + "..." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| |" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) strResult = CheckPort(self.CallInformation.Contact_IP, strRTPPort, "udp", self.verbose) if strResult == 0 or strResult < 0: prtString = "| | Error while scanning the port." self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| |" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| | Category: -" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) else: if strResult.find("closed") != -1: strResult = strResult.splitlines() for line in strResult: prtString = "| | " + line self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| |" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| | Category: Spoofed message" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("Spoofed message") else: strResult = strResult.splitlines() for line in strResult: prtString = "| | " + line self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| |" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) prtString = "| | Category: Interactive attack" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString) self.AddCategory("Interactive attack") prtString = "" self.CallInformation.Results_File_Buffer += "\n" + prtString logger.info(prtString)