def change_factory(self):
filename = QFileDialog.getOpenFileName("factories", "Factory (*.py)", self, "Open File", "Load Mutant Factory")
filename = str(filename)
if len(filename) < 1:
return
temp = utils.load_factory(filename)
self.engine.set_factory(temp)
if self.engine.factory == None:
self.lcd.display(1)
self.firstLine.setMaxValue(0)
self.numberLine.setMaxValue(1)
else:
n = self.engine.factory.count()
self.lcd.display(n)
self.firstLine.setMaxValue(n - 1)
self.numberLine.setMaxValue(n)
self.factory_name.setText(self.engine.factory.get_name())
def __init__(self):
# reverse arp demon. Used to simulate the virtual host
self.arp_demon = None
# the exploit currently loaded
self.exploit = None
# the module containing the current exploit
self.exp_module = None
# the interface used to generate and receive packets
self.interface = 'eth0'
# Mutant operators manager
self.opmanager = OpManager()
# List of alert collectors
self.collectors = []
# Mutant factory
self.factory = None
# True if the alerts must be collected after each mutant execution
self.collect_sync = False
# True if the log messages must be redirected during the exploit execution
self.redirect = True
self.virtualhost_mac = 'undefined'
self.virtualhost_ip = 'undefined'
self.targethost_mac = 'undefined'
self.targethost_ip = '127.0.0.1'
self.log = logger.main.newSource("ENGINE")
# Load the default mutant factory
self.set_factory(utils.load_factory("factories/NullFactory.py"))
# Load the mutant operators
self.opmanager.load_operators()
# Scapy configuration
scapy.scapy.conf.padding = 0
def parse_options(self, argv=None):
parser = OptionParser(version="Sploit mutation engine version %s"%engine.VERSION,
usage="%prog [options] attack-cfg")
options = None
parser.add_option("-r", "--run",
action="store", dest="run", metavar="RANGE",
help="execute mutants in RANGE (use 'all' to execute all of them")
parser.add_option("-i","--info",
action="store_true", dest="info",
help="print attack and configuration info")
parser.add_option("-q", "--quiet",
action="store_true", dest="quiet",
help="don't print any messages to stdout")
parser.add_option("-p", "--port",
action="store", dest="port",
help="set the first TCP port used to generate packets (use 'random' for random value)")
parser.add_option("--sleep",
action="store", dest="sleep", type = "int", default=0,
help="sleep time (in seconds) between mutant executions")
parser.add_option("--noredirect",
action="store_false", dest="redirect", default=True,
help="prints all the log messages on the sandard output")
parser.add_option("--color",
action="store_true", dest="color", default=False,
help="use colors")
parser.add_option("--dest",
action="store", dest="dest", metavar="IP",
help="Set the target IP")
parser.add_option("--nolog",
action="store_false", dest="log", default=True,
help="Disable logging")
parser.add_option("-L","--log",
action="store", type="string", dest="log_path", metavar="PATH",
default = ".", help="Change the logging directory to PATH")
parser.add_option("-F","--factory",
action="store", type="string", dest="factory", metavar="FILE",
help="Load and set the mutant factory from FILE")
parser.add_option("-C","--collector",
action="append", type="string", dest="collectors", metavar="FILE",
help="Load and set an alert collector")
parser.add_option("-v","--verbosity",
action="append", type="string", dest="verbosity", default=[],
help="set the verbosity level (one of DEBUG, INFO, WARNING, ERROR)")
(options, args) = parser.parse_args(argv)
if len(args) != 1:
parser.error("incorrect number of arguments")
self.file = args[0]
if options.sleep:
self.sleep_time = options.sleep
if options.color == True:
self.use_color = True
for v in options.verbosity:
table = {
"DEBUG": logger.DEBUG,
"INFO": logger.INFO,
"WARNING": logger.WARNING,
"ERROR": logger.ERROR,
"OFF": logger.OFF
}
if ":" in v:
source, level = v.split(":")
if table.has_key(level)==False:
parser.error("Verbosity can be set to DEBUG, INFO, WARNING, ERROR")
if logger.main.setLevel(table[level],source) == False:
print "Invalid source %s"%source
else:
if table.has_key(v)==False:
parser.error("Verbosity can be set to DEBUG, INFO, WARNING, ERROR")
if logger.main.setLevel(table[v]) == False:
print "Error setting the log level"
if options.port != None:
if options.port=="random":
tcp.NEXT_SPORT = random.randint(2000,60000)
#print "Source Port Starting from: %d"%tcp.NEXT_SPORT
else:
tcp.NEXT_SPORT = int(options.port)
if self.e.load_configuration(self.file)==False:
print self.color("\r\nSploit: Error loading configuration file",RED)
return False
if options.factory != None:
temp = utils.load_factory(options.factory)
if temp == None:
parser.error("Error reading file"%options.factory)
self.e.set_factory(temp)
if options.log and options.run and options.redirect:
self.logenable = True
if os.path.isdir(options.log_path) == False:
parser.error("Path %s must be an existing directory"%options.log_path)
newdir = time.strftime("%d-%b-%Y_%H.%M.%S")
self.log_full = os.path.join(options.log_path,newdir)
try:
os.mkdir(self.log_full)
except:
print "Error creating %s: access denied"%self.log_full
return False
if options.dest:
self.e.setTargetHost(options.dest)
if options.collectors:
for c in options.collectors:
self.e.add_collector(utils.load_collector(c))
if options.info:
self.exec_info = True
if options.run:
self.exec_run = True
if ":" in options.run:
try:
start, end = options.run.split(":")
self.start = int(start)
self.to_be_exec = 1 + (int(end)-self.start)
except:
parser.error("Execution RANGE must be a number or a windows in the form FIRST:LAST")
else:
if options.run == "all":
self.start = 0
self.to_be_exec = 0
else:
try:
self.start = int(options.run)
self.to_be_exec = 1
except:
parser.error("Execution RANGE must be a number or a windows in the form FIRST:LAST")
if options.redirect != None and options.redirect==False:
self.e.redirect = False
return True
if sip == None:
self.log.error("Source IP missing with Userland stack enabled!!")
if smac == None:
self.log.error("Source MAC missing with Userland stack enabled!!")
else:
self.setVirtualHost(tmac, smac, sip)
self.set_userland_socket(True)
val = c.get("Network","iface")
if val is not None:
self.set_iface(val)
# Factory settings
val = c.get("Factory","script")
if val is not None:
self.set_factory(utils.load_factory(val))
# Mutant operators
ops = c.items("Operators").items()
for name, val in ops:
op = self.opmanager.get_operator_by_name(name)
if op == None:
self.log.warning("Operator %s not found"%name)
continue
if type(value) == list:
for line in val:
cmd,value = line.split("=",1);
cmd = cmd.split()
value = value.split()
pos = 0
