def run(self):
if self.target == "" or self.target.lower() == "localhost":
self.gom.echo("[!] No target (or valid target) selected.")
return False
conf.verb = 2
self.address = get_if_addr(get_working_if())
self.gom.echo("[+] Using " + str(self.address))
dns_spoof(joker=self.address, match={"any": self.target})
return True
def run(self):
if self.target == "" or self.target.lower() == "localhost":
self.gom.echo( "[!] No target (or valid target) selected." )
return False
conf.verb = 2
self.address = get_if_addr(get_working_if())
self.gom.echo( "[+] Using " + str(self.address) )
dns_spoof(joker=self.address, match={"any":self.target})
return True
def run(self):
if self.target == "" or self.target.lower() == "localhost":
self.gom.echo("[!] No target (or valid target) selected.")
return False
conf.verb = 2
self.address = get_if_addr(get_working_if())
self.gom.echo("[+] Using " + str(self.address))
self.gom.echo(" --> Cache poisoning, interval " + str(self.interval))
if user_data['isGui'] == False:
self.gom.echo("Press Ctrl+C to cancel")
arpcachepoison(self.address, self.target, self.interval)
return True
def run(self):
if self.target == "" or self.target.lower() == "localhost":
self.gom.echo( "[!] No target (or valid target) selected." )
return False
conf.verb = 2
self.address = get_if_addr(get_working_if())
self.gom.echo( "[+] Using " + str(self.address) )
self.gom.echo( " --> Cache poisoning, interval " + str(self.interval) )
if user_data['isGui'] == False:
self.gom.echo( "Press Ctrl+C to cancel" )
arpcachepoison(self.address, self.target, self.interval)
return True
def runAsWizard(self):
try:
print
print "Interface list"
print "--------------"
print
for miface in get_if_list():
print miface
print
res = raw_input("Interface [" + get_working_if() + "]: ")
if res != "":
iface = res
res = raw_input("Timeout [" + str(self.timeout) + "]: ")
if res != "":
self.timeout = int(res)
except:
pass
def runAsWizard(self):
try:
self.gom.echo('')
self.gom.echo('Interface list')
self.gom.echo('--------------')
self.gom.echo('')
for miface in get_if_list():
self.gom.echo(miface)
self.gom.echo('')
res = raw_input("Interface [" + get_working_if() + "]: ")
if res != "":
iface = res
res = raw_input("Timeout [" + str(self.timeout) + "]: ")
if res != "":
self.timeout = int(res)
except:
pass
def runAsWizard(self):
try:
print
print "Interface list"
print "--------------"
print
for miface in get_if_list():
print miface
print
res = raw_input("Interface [" + get_working_if() + "]: ")
if res != "":
iface = res
res = raw_input("Timeout [" + str(self.timeout) + "]: ")
if res != "":
self.timeout = int(res)
except:
pass
class CTcpPing(CIngumaModule):
port = 80
waitTime = 0
up = {}
down = {}
timeout = 2
exploitType = 0
results = {}
iface = scapy.get_working_if()
wizard = False
dict = None
def help(self):
print "target = <target host or network>"
print "timeout = <timeout>"
print "waitTime = <wait time between packets>"
print "port = <destination port to ping>"
print "iface = <iface>"
def run(self):
if not bHasScapy:
print "No scapy support :("
return False
self.results = {}
self.up = {}
self.down = {}
if not self.port:
self.port = 80
target = scapy.IP(dst=self.target)
self.gom.echo("Sending probe to\t" + str(target.dst) +
"\tusing port\t" + str(self.port))
p = scapy.IP(dst=target.dst) / scapy.TCP(dport=self.port, flags="S")
ans, unans = scapy.sr(p,
timeout=self.timeout,
iface=self.iface,
retry=0)
# self.gom.echo( ans.summary( lambda(s,r) : r.sprintf("%IP.src% is alive") ) )
if ans:
for a in ans:
self.up[len(self.up) + 1] = a[0][0].dst
self.addToDict("alive", a[0][0].dst)
self.addToDict("hosts", a[0][0].dst)
self.addToDict("targets", a[0][0].dst)
#self.addToDict(ans[0][0].dst + "_trace", ans[0][0].dst)
# else:
# self.down[len(self.up)+1] = ans[0][0].dst
# self.gom.echo( "Answer of type " + str(icmptypes[ans[0][0].type]) + " from " + str(ans[0][0].dst) )
self.results = self.up
return True
def printSummary(self):
if len(self.results) == 0:
return
i = 0
self.gom.echo("")
self.gom.echo("Discovered hosts")
self.gom.echo("----------------")
self.gom.echo("")
for res in self.results:
i += 1
self.gom.echo("Found host " + str(i) + "\t" +
str(self.results[res]))
print
def get_iface():
iface = get_working_if()
log.debug("Interface {} seems to be up and running")
return iface
def run(self):
conf.verb = 2
self.address = get_if_addr(get_working_if())
self.gom.echo( "[+] Using " + str(self.address) )
farpd()
return True
def run(self):
conf.verb = 2
self.address = get_if_addr(get_working_if())
self.gom.echo("[+] Using " + str(self.address))
farpd()
return True
class CHostUp(CIngumaDiscoverModule):
ECHO_REPLY = 0
DEST_UNREACH = 3
SOURCE_QUENCH = 4
REDIRECT = 5
ECHO_REQUEST = 8
ROUTER_ADVERTISEMENT = 9
ROUTER_SOLICITATION = 10
TIME_EXCEEDED = 11
PARAMETER_PROBLEM = 12
TIMESTAMP_REQUEST = 13
TIMESTAMP_REPLY = 14
INFORMATION_REQUEST = 15
INFORMATION_RESPONSE = 16
ADDRESS_MASK_REQUEST = 17
ADDRESS_MASK_REPLY = 18
waitTime = 0
up = {}
down = {}
timeout = 2
packetType = ECHO_REQUEST
exploitType = 0
results = {}
iface = get_working_if()
wizard = False
dict = None
def help(self):
self.gom.echo('target = <target host or network>')
self.gom.echo('timeout = <timeout>')
self.gom.echo('waitTime = <wait time between packets>')
self.gom.echo(
'packetType = <numeric packet type> (Default to ECHO_REQUEST)')
self.gom.echo('iface = <iface>')
def runAsWizard(self):
try:
self.gom.echo('')
self.gom.echo('Interface list')
self.gom.echo('--------------')
self.gom.echo('')
for miface in get_if_list():
self.gom.echo(miface)
self.gom.echo('')
res = raw_input("Interface [" + get_working_if() + "]: ")
if res != "":
iface = res
res = raw_input("Timeout [" + str(self.timeout) + "]: ")
if res != "":
self.timeout = int(res)
except:
pass
def run(self):
if not bHasScapy:
self.gom.echo('No scapy support :(')
return False
self.results = {}
self.up = {}
self.down = {}
target = IP(dst=self.target)
if self.wizard:
self.runAsWizard()
self.gom.echo("Sending probe to\t" + str(target.dst))
p = IP(dst=target.dst) / ICMP(type=self.packetType)
ans, unans = sr(p, timeout=self.timeout, iface=self.iface, retry=0)
if ans:
for a in ans:
if a[0][0].type == 8:
self.up[len(self.up) + 1] = a[0][0].dst
self.add_data_to_kb("alive", a[0][0].dst)
self.add_data_to_kb("hosts", a[0][0].dst)
self.add_data_to_kb("targets", a[0][0].dst)
#self.add_data_to_kb(ans[0][0].dst + "_trace", a[0][0].dst)
else:
self.down[len(self.up) + 1] = a[0][0].dst
self.gom.echo('Answer of type ' +
str(icmptypes[a[0][0].type]) + ' from ' +
str(a[0][0].dst))
self.results = self.up
return True
def print_summary(self):
if len(self.results) == 0:
return
i = 0
self.gom.echo('')
self.gom.echo('Discovered hosts')
self.gom.echo('----------------')
self.gom.echo('')
for res in self.results:
i += 1
self.gom.echo('Found host ' + str(i) + "\t" +
str(self.results[res]))
#!/usr/bin/env python3
import sys
from threading import Thread
import socket
from time import sleep
import scapy.all as scapy
import netifaces as nic
import ipaddress
from IEC104_Raw.dissector import APDU
from iec104 import IEC104, get_command
IEC104_PORT = 2404
if __name__ == '__main__':
iface = scapy.get_working_if()
print('[+] Using ' + iface)
address = nic.ifaddresses(iface)[nic.AF_INET][0]
subnet = ipaddress.ip_network(address['addr'] + '/' + address['netmask'],
strict=False)
nethosts = list(subnet.hosts())
print('[+] Searching for live hosts in {0:s} ...'.format(str(subnet)))
alive = []
def arpscan(hosts: list):
global alive
global address
for host in hosts:
if str(host) != address['addr']:
print('[-] Trying {0:s} ...\r'.format(str(host)), end='')
response = scapy.sr1(scapy.ARP(op=0x1,
def get_iface(self):
iface = get_working_if()
return iface
