def run(self): if self.target == "" or self.target.lower() == "localhost": self.gom.echo("[!] No target (or valid target) selected.") return False conf.verb = 2 self.address = get_if_addr(get_working_if()) self.gom.echo("[+] Using " + str(self.address)) dns_spoof(joker=self.address, match={"any": self.target}) return True
def run(self): if self.target == "" or self.target.lower() == "localhost": self.gom.echo( "[!] No target (or valid target) selected." ) return False conf.verb = 2 self.address = get_if_addr(get_working_if()) self.gom.echo( "[+] Using " + str(self.address) ) dns_spoof(joker=self.address, match={"any":self.target}) return True
def run(self): if self.target == "" or self.target.lower() == "localhost": self.gom.echo("[!] No target (or valid target) selected.") return False conf.verb = 2 self.address = get_if_addr(get_working_if()) self.gom.echo("[+] Using " + str(self.address)) self.gom.echo(" --> Cache poisoning, interval " + str(self.interval)) if user_data['isGui'] == False: self.gom.echo("Press Ctrl+C to cancel") arpcachepoison(self.address, self.target, self.interval) return True
def run(self): if self.target == "" or self.target.lower() == "localhost": self.gom.echo( "[!] No target (or valid target) selected." ) return False conf.verb = 2 self.address = get_if_addr(get_working_if()) self.gom.echo( "[+] Using " + str(self.address) ) self.gom.echo( " --> Cache poisoning, interval " + str(self.interval) ) if user_data['isGui'] == False: self.gom.echo( "Press Ctrl+C to cancel" ) arpcachepoison(self.address, self.target, self.interval) return True
def runAsWizard(self): try: print print "Interface list" print "--------------" print for miface in get_if_list(): print miface print res = raw_input("Interface [" + get_working_if() + "]: ") if res != "": iface = res res = raw_input("Timeout [" + str(self.timeout) + "]: ") if res != "": self.timeout = int(res) except: pass
def runAsWizard(self): try: self.gom.echo('') self.gom.echo('Interface list') self.gom.echo('--------------') self.gom.echo('') for miface in get_if_list(): self.gom.echo(miface) self.gom.echo('') res = raw_input("Interface [" + get_working_if() + "]: ") if res != "": iface = res res = raw_input("Timeout [" + str(self.timeout) + "]: ") if res != "": self.timeout = int(res) except: pass
class CTcpPing(CIngumaModule): port = 80 waitTime = 0 up = {} down = {} timeout = 2 exploitType = 0 results = {} iface = scapy.get_working_if() wizard = False dict = None def help(self): print "target = <target host or network>" print "timeout = <timeout>" print "waitTime = <wait time between packets>" print "port = <destination port to ping>" print "iface = <iface>" def run(self): if not bHasScapy: print "No scapy support :(" return False self.results = {} self.up = {} self.down = {} if not self.port: self.port = 80 target = scapy.IP(dst=self.target) self.gom.echo("Sending probe to\t" + str(target.dst) + "\tusing port\t" + str(self.port)) p = scapy.IP(dst=target.dst) / scapy.TCP(dport=self.port, flags="S") ans, unans = scapy.sr(p, timeout=self.timeout, iface=self.iface, retry=0) # self.gom.echo( ans.summary( lambda(s,r) : r.sprintf("%IP.src% is alive") ) ) if ans: for a in ans: self.up[len(self.up) + 1] = a[0][0].dst self.addToDict("alive", a[0][0].dst) self.addToDict("hosts", a[0][0].dst) self.addToDict("targets", a[0][0].dst) #self.addToDict(ans[0][0].dst + "_trace", ans[0][0].dst) # else: # self.down[len(self.up)+1] = ans[0][0].dst # self.gom.echo( "Answer of type " + str(icmptypes[ans[0][0].type]) + " from " + str(ans[0][0].dst) ) self.results = self.up return True def printSummary(self): if len(self.results) == 0: return i = 0 self.gom.echo("") self.gom.echo("Discovered hosts") self.gom.echo("----------------") self.gom.echo("") for res in self.results: i += 1 self.gom.echo("Found host " + str(i) + "\t" + str(self.results[res])) print
def get_iface(): iface = get_working_if() log.debug("Interface {} seems to be up and running") return iface
def run(self): conf.verb = 2 self.address = get_if_addr(get_working_if()) self.gom.echo( "[+] Using " + str(self.address) ) farpd() return True
def run(self): conf.verb = 2 self.address = get_if_addr(get_working_if()) self.gom.echo("[+] Using " + str(self.address)) farpd() return True
class CHostUp(CIngumaDiscoverModule): ECHO_REPLY = 0 DEST_UNREACH = 3 SOURCE_QUENCH = 4 REDIRECT = 5 ECHO_REQUEST = 8 ROUTER_ADVERTISEMENT = 9 ROUTER_SOLICITATION = 10 TIME_EXCEEDED = 11 PARAMETER_PROBLEM = 12 TIMESTAMP_REQUEST = 13 TIMESTAMP_REPLY = 14 INFORMATION_REQUEST = 15 INFORMATION_RESPONSE = 16 ADDRESS_MASK_REQUEST = 17 ADDRESS_MASK_REPLY = 18 waitTime = 0 up = {} down = {} timeout = 2 packetType = ECHO_REQUEST exploitType = 0 results = {} iface = get_working_if() wizard = False dict = None def help(self): self.gom.echo('target = <target host or network>') self.gom.echo('timeout = <timeout>') self.gom.echo('waitTime = <wait time between packets>') self.gom.echo( 'packetType = <numeric packet type> (Default to ECHO_REQUEST)') self.gom.echo('iface = <iface>') def runAsWizard(self): try: self.gom.echo('') self.gom.echo('Interface list') self.gom.echo('--------------') self.gom.echo('') for miface in get_if_list(): self.gom.echo(miface) self.gom.echo('') res = raw_input("Interface [" + get_working_if() + "]: ") if res != "": iface = res res = raw_input("Timeout [" + str(self.timeout) + "]: ") if res != "": self.timeout = int(res) except: pass def run(self): if not bHasScapy: self.gom.echo('No scapy support :(') return False self.results = {} self.up = {} self.down = {} target = IP(dst=self.target) if self.wizard: self.runAsWizard() self.gom.echo("Sending probe to\t" + str(target.dst)) p = IP(dst=target.dst) / ICMP(type=self.packetType) ans, unans = sr(p, timeout=self.timeout, iface=self.iface, retry=0) if ans: for a in ans: if a[0][0].type == 8: self.up[len(self.up) + 1] = a[0][0].dst self.add_data_to_kb("alive", a[0][0].dst) self.add_data_to_kb("hosts", a[0][0].dst) self.add_data_to_kb("targets", a[0][0].dst) #self.add_data_to_kb(ans[0][0].dst + "_trace", a[0][0].dst) else: self.down[len(self.up) + 1] = a[0][0].dst self.gom.echo('Answer of type ' + str(icmptypes[a[0][0].type]) + ' from ' + str(a[0][0].dst)) self.results = self.up return True def print_summary(self): if len(self.results) == 0: return i = 0 self.gom.echo('') self.gom.echo('Discovered hosts') self.gom.echo('----------------') self.gom.echo('') for res in self.results: i += 1 self.gom.echo('Found host ' + str(i) + "\t" + str(self.results[res]))
#!/usr/bin/env python3 import sys from threading import Thread import socket from time import sleep import scapy.all as scapy import netifaces as nic import ipaddress from IEC104_Raw.dissector import APDU from iec104 import IEC104, get_command IEC104_PORT = 2404 if __name__ == '__main__': iface = scapy.get_working_if() print('[+] Using ' + iface) address = nic.ifaddresses(iface)[nic.AF_INET][0] subnet = ipaddress.ip_network(address['addr'] + '/' + address['netmask'], strict=False) nethosts = list(subnet.hosts()) print('[+] Searching for live hosts in {0:s} ...'.format(str(subnet))) alive = [] def arpscan(hosts: list): global alive global address for host in hosts: if str(host) != address['addr']: print('[-] Trying {0:s} ...\r'.format(str(host)), end='') response = scapy.sr1(scapy.ARP(op=0x1,
def get_iface(self): iface = get_working_if() return iface