def accounts_import_file(filename=None, service=['info', '0'], f_type=None, f_source=None): """ Processes an Imported password file to the accounts table """ print("Processing password file: %s" % (filename)) from skaldship.passwords import process_password_file, insert_or_update_acct account_data = process_password_file(pw_file=filename, file_type=f_type, source=f_source) resp_text = insert_or_update_acct(service, account_data) print(resp_text) return True
def process_pwdump_loot(loot_list=[], msf=None): """ Takes an array of loot records in loot_list, downloads the pwdump file and adds the users. """ from skaldship.passwords import process_password_file, insert_or_update_acct db = current.globalenv['db'] cache = current.globalenv['cache'] logging.debug('loot_list = %s' % (loot_list)) data = [] for loot_id in loot_list: loot = msf.loot_download(loot_id) if loot['ltype'] not in ['host.windows.pwdump', 'windows.hashes']: logging.error("Loot is not a pwdump, it is a %s" % loot['ltype']) continue else: # process the pwdump file pw_data = loot['data'].split('\n') accounts = process_password_file( pw_data=pw_data, file_type='PWDUMP', source='Metasploit', ) # find the info/0 service id for the host host_id = get_host_record(loot['host']) query = (db.t_services.f_number == '0') & (db.t_services.f_proto == 'info') & (db.t_services.f_hosts_id == host_id) svc_id = db(query).select().first() if svc_id is None: # info/0 not found.. add it! svc_id = db.t_services.insert(f_proto="info", f_number="0", f_status="info", f_hosts_id=host_id) db.commit() # insert or update the account records resp_text = insert_or_update_acct(svc_id.id, accounts) logging.info("Added pwdump records for host: %s" % (loot['host'])) data.append({ loot['host']: resp_text }) return data
pw_data=pw_data, file_type=file_type, source='Metasploit', ) # find the info/0 service id for the host host_id = get_host_record(loot['host']) query = (db.t_services.f_number == number) & (db.t_services.f_proto == proto) & (db.t_services.f_hosts_id == host_id) svc_id = db(query).select().first() if svc_id is None: # info/0 not found.. add it! svc_id = db.t_services.insert(f_proto=proto, f_number=number, f_hosts_id=host_id) db.commit() # insert or update the account records resp_text = insert_or_update_acct(svc_id.id, accounts) logging.info("Added loot accounts for host: %s" % ()) data.append({ loot['host']: resp_text }) ##------------------------------------------------------------------------- def process_report_xml( filename=None, ip_ignore_list=None, ip_include_list=None, engineer=1, asset_group="Metasploit Import", update_hosts=True, ): """ Processes a Metasploit XML Export for the following data and adds to the db:
def import_file(): """ Import and parse password file into t_accounts """ import os from skaldship.general import check_datadir check_datadir(request.folder) # Service_id is primary, host_id is secondary, if none then list # all the services svc_set = [] url = URL('accounts', 'import_file') if request.vars.has_key('service_id'): try: record = db.t_services[request.vars.service_id] svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number))) url = URL('accounts', 'import_file', vars={'service_id': request.vars.service_id}) except: pass elif request.vars.has_key('host_id'): try: host_record = get_host_record(request.vars.host_id) svc_records = db( db.t_services.f_hosts_id == host_record.id).select( cache=(cache.ram, 30)) url = URL('accounts', 'import_file', vars={'host_id': request.vars.host_id}) for record in svc_records: svc_set.append( (record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number))) except: pass if len(svc_set) == 0: # all services svc_records = db(db.t_services).select(cache=(cache.ram, 30)) svc_set = [] for record in svc_records: svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number))) if request.extension == "load": buttons = [] else: buttons = ['submit'] form = SQLFORM.factory( Field('f_service', 'string', label=T('Host / Service'), requires=IS_IN_SET(svc_set), default=svc_set[0][0]), Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, settings.password_upload_dir), label=T('Password file')), Field('f_type', 'string', label=T('File type'), default='PWDUMP', requires=IS_IN_SET(settings.password_file_types)), Field('f_source', 'string', label=T('Source (if necessary)')), Field('f_add_to_evidence', 'boolean', label=T('Add Evidence')), Field('f_taskit', type='boolean', default=True, label=T('Run in background task')), buttons=buttons, _action=url, _id='accounts_import_form') resp_text = "" accounts_added = [] accounts_updated = [] if form.errors: response.flash = 'Error in form' return TABLE(*[TR(k, v) for k, v in form.errors.items()]) elif form.accepts(request.vars, session): if form.vars.f_filename is not None: orig_filename = request.vars.f_filename.filename filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename) if form.vars.f_taskit: task = scheduler.queue_task( accounts_import_file, pvars=dict(filename=filename, service=form.vars.f_service, f_type=form.vars.f_type, f_source=form.vars.f_source), group_name=settings.scheduler_group_name, sync_output=5, timeout=300 # 5 minutes ) if task.id: resp_text = "Submitted file for processing: %s" % (A( "task " + str(task.id), _href=URL(c='tasks', f='status', args=task.id)).xml()) else: resp_text = "Error submitting job: %s" % (task.errors) else: logger.info("Processing password file: %s" % (filename)) account_data = process_password_file(pw_file=filename, file_type=request.vars.f_type, source=request.vars.f_source) resp_text = insert_or_update_acct(form.vars.f_service, account_data) logger.info(resp_text) if form.vars.f_add_to_evidence is True: # add the password file to evidence try: pwdata = open(filename, "r").readlines() except Exception, e: logger.error("Error opening %s: %s" % (filename, e)) db.t_evidence.insert( f_hosts_id=db.t_services[form.vars.f_service].f_hosts_id, f_type='Password File', f_text=form.vars.f_type, f_filename=orig_filename, f_evidence=form.vars.f_filename, f_data=pwdata) db.commit()
def paste(): """ Import and parse password pasted to a textbox into t_accounts """ from skaldship.general import check_datadir check_datadir(request.folder) # Service_id is primary, host_id is secondary, if none then list # all the services svc_set = [] url = URL('accounts', 'paste') if request.vars.has_key('service_id'): try: record = db.t_services[request.vars.service_id] svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number))) url = URL('accounts', 'paste', vars={'service_id': request.vars.service_id}) except: pass elif request.vars.has_key('host_id'): try: host_record = get_host_record(request.vars.host_id) svc_records = db( db.t_services.f_hosts_id == host_record.id).select( cache=(cache.ram, 30)) url = URL('accounts', 'paste', vars={'host_id': request.vars.host_id}) for record in svc_records: svc_set.append( (record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number))) except: pass if len(svc_set) == 0: # all services svc_records = db(db.t_services).select(cache=(cache.ram, 30)) svc_set = [] for record in svc_records: svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number))) if request.extension == "load": buttons = [] else: buttons = ['submit'] form = SQLFORM.factory( Field('f_service', 'string', label=T('Host / Service'), requires=IS_IN_SET(svc_set), default=svc_set[0][0]), Field('f_pwtext', 'text', label=T('Password text')), Field('f_type', 'string', label=T('File type'), default='PWDUMP', requires=IS_IN_SET(settings.password_file_types)), Field('f_source', 'string', label=T('Source (if necessary)')), Field('f_add_to_evidence', 'boolean', label=T('Add file to Evidence')), buttons=buttons, _action=url, _id='accounts_paste_form' #_action=url, _id='accounts_paste_form', formstyle='bootstrap_modal' ) resp_text = "" accounts_added = [] accounts_updated = [] if form.errors: response.flash = 'Error in form' return TABLE(*[TR(k, v) for k, v in form.errors.items()]) elif form.accepts(request.vars, session): from utils import web2py_uuid host_id = db.t_services[form.vars.f_service].f_hosts_id pwd_file_dir = os.path.join(request.folder, 'data', 'passwords', 'other') if not os.path.exists(pwd_file_dir): from gluon.fileutils import mktree mktree(pwd_file_dir) filename = "%s-pwfile-%s" % (host_id, web2py_uuid()) full_file_path = os.path.join(request.folder, 'data/passwords/other', filename) of = open(full_file_path, "w") of.write(form.vars.f_pwtext) of.close() logger.debug("Processing password file: %s" % (full_file_path)) account_data = process_password_file(pw_file=full_file_path, file_type=request.vars.f_type, source=request.vars.f_source) response.headers[ 'web2py-component-command'] = 'accounttable.fnReloadAjax();' resp_text = insert_or_update_acct(form.vars.f_service, account_data) if form.vars.f_add_to_evidence is True: # add the password file to evidence try: pwdata = open(full_file_path, "r").readlines() except Exception, e: logger.error("Error opening %s: %s" % (full_file_path, e)) resp_text += "Error opening %s: %s\n" % (full_file_path, e) db.t_evidence.insert(f_hosts_id=host_id, f_type='Password File', f_text=form.vars.f_type, f_filename=filename, f_evidence=filename, f_data=pwdata) resp_text += "\n%s added to evidence\n" % (filename) db.commit()
def import_file(): """ Import and parse password file into t_accounts """ import os from skaldship.general import check_datadir check_datadir(request.folder) # Service_id is primary, host_id is secondary, if none then list # all the services svc_set = [] url = URL("accounts", "import_file") if request.vars.has_key("service_id"): try: record = db.t_services[request.vars.service_id] svc_set.append( ( record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number), ) ) url = URL("accounts", "import_file", vars={"service_id": request.vars.service_id}) except: pass elif request.vars.has_key("host_id"): try: host_record = get_host_record(request.vars.host_id) svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30)) url = URL("accounts", "import_file", vars={"host_id": request.vars.host_id}) for record in svc_records: svc_set.append( ( record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number), ) ) except: pass if len(svc_set) == 0: # all services svc_records = db(db.t_services).select(cache=(cache.ram, 30)) svc_set = [] for record in svc_records: svc_set.append( ( record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number), ) ) if request.extension == "load": buttons = [] else: buttons = ["submit"] form = SQLFORM.factory( Field("f_service", "string", label=T("Host / Service"), requires=IS_IN_SET(svc_set), default=svc_set[0][0]), Field( "f_filename", "upload", uploadfolder=os.path.join(request.folder, settings.password_upload_dir), label=T("Password file"), ), Field( "f_type", "string", label=T("File type"), default="PWDUMP", requires=IS_IN_SET(settings.password_file_types) ), Field("f_source", "string", label=T("Source (if necessary)")), Field("f_add_to_evidence", "boolean", label=T("Add Evidence")), Field("f_taskit", type="boolean", default=True, label=T("Run in background task")), buttons=buttons, _action=url, _id="accounts_import_form", ) resp_text = "" accounts_added = [] accounts_updated = [] if form.errors: response.flash = "Error in form" return TABLE(*[TR(k, v) for k, v in form.errors.items()]) elif form.accepts(request.vars, session): if form.vars.f_filename is not None: orig_filename = request.vars.f_filename.filename filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename) if form.vars.f_taskit: task = scheduler.queue_task( accounts_import_file, pvars=dict( filename=filename, service=form.vars.f_service, f_type=form.vars.f_type, f_source=form.vars.f_source ), group_name=settings.scheduler_group_name, sync_output=5, timeout=300, # 5 minutes ) if task.id: resp_text = "Submitted file for processing: %s" % ( A("task " + str(task.id), _href=URL(c="tasks", f="status", args=task.id)).xml() ) else: resp_text = "Error submitting job: %s" % (task.errors) else: logger.info("Processing password file: %s" % (filename)) account_data = process_password_file( pw_file=filename, file_type=request.vars.f_type, source=request.vars.f_source ) resp_text = insert_or_update_acct(form.vars.f_service, account_data) logger.info(resp_text) if form.vars.f_add_to_evidence is True: # add the password file to evidence try: pwdata = open(filename, "r").readlines() except Exception, e: logger.error("Error opening %s: %s" % (filename, e)) db.t_evidence.insert( f_hosts_id=db.t_services[form.vars.f_service].f_hosts_id, f_type="Password File", f_text=form.vars.f_type, f_filename=orig_filename, f_evidence=form.vars.f_filename, f_data=pwdata, ) db.commit()
def paste(): """ Import and parse password pasted to a textbox into t_accounts """ from skaldship.general import check_datadir check_datadir(request.folder) # Service_id is primary, host_id is secondary, if none then list # all the services svc_set = [] url = URL("accounts", "paste") if request.vars.has_key("service_id"): try: record = db.t_services[request.vars.service_id] svc_set.append( ( record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number), ) ) url = URL("accounts", "paste", vars={"service_id": request.vars.service_id}) except: pass elif request.vars.has_key("host_id"): try: host_record = get_host_record(request.vars.host_id) svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30)) url = URL("accounts", "paste", vars={"host_id": request.vars.host_id}) for record in svc_records: svc_set.append( ( record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number), ) ) except: pass if len(svc_set) == 0: # all services svc_records = db(db.t_services).select(cache=(cache.ram, 30)) svc_set = [] for record in svc_records: svc_set.append( ( record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number), ) ) if request.extension == "load": buttons = [] else: buttons = ["submit"] form = SQLFORM.factory( Field("f_service", "string", label=T("Host / Service"), requires=IS_IN_SET(svc_set), default=svc_set[0][0]), Field("f_pwtext", "text", label=T("Password text")), Field( "f_type", "string", label=T("File type"), default="PWDUMP", requires=IS_IN_SET(settings.password_file_types) ), Field("f_source", "string", label=T("Source (if necessary)")), Field("f_add_to_evidence", "boolean", label=T("Add file to Evidence")), buttons=buttons, _action=url, _id="accounts_paste_form" # _action=url, _id='accounts_paste_form', formstyle='bootstrap_modal' ) resp_text = "" accounts_added = [] accounts_updated = [] if form.errors: response.flash = "Error in form" return TABLE(*[TR(k, v) for k, v in form.errors.items()]) elif form.accepts(request.vars, session): from utils import web2py_uuid host_id = db.t_services[form.vars.f_service].f_hosts_id pwd_file_dir = os.path.join(request.folder, "data", "passwords", "other") if not os.path.exists(pwd_file_dir): from gluon.fileutils import mktree mktree(pwd_file_dir) filename = "%s-pwfile-%s" % (host_id, web2py_uuid()) full_file_path = os.path.join(request.folder, "data/passwords/other", filename) of = open(full_file_path, "w") of.write(form.vars.f_pwtext) of.close() logger.debug("Processing password file: %s" % (full_file_path)) account_data = process_password_file( pw_file=full_file_path, file_type=request.vars.f_type, source=request.vars.f_source ) response.headers["web2py-component-command"] = "accounttable.fnReloadAjax();" resp_text = insert_or_update_acct(form.vars.f_service, account_data) if form.vars.f_add_to_evidence is True: # add the password file to evidence try: pwdata = open(full_file_path, "r").readlines() except Exception, e: logger.error("Error opening %s: %s" % (full_file_path, e)) resp_text += "Error opening %s: %s\n" % (full_file_path, e) db.t_evidence.insert( f_hosts_id=host_id, f_type="Password File", f_text=form.vars.f_type, f_filename=filename, f_evidence=filename, f_data=pwdata, ) resp_text += "\n%s added to evidence\n" % (filename) db.commit()