def main():
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
map_list = cisco_cfg.find_objects(r"^crypto map CRYPTO")
for cryptoMap in map_list:
print cryptoMap.text
mapChildren = cryptoMap.children
for child in mapChildren:
print child.text
print '\nCrypto maps using PFS group 2:\n'
pfs2_list = cisco_cfg.find_objects_w_child(parentspec=r"^crypto map CRYPTO", childspec=r"set pfs group2")
for cryptoMap in pfs2_list:
print cryptoMap.text
print '\nCrypto maps not using AES:\n'
noaes_list = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r"set transform-set AES-SHA")
for cryptoMap in noaes_list:
print cryptoMap.text
mapChildren = cryptoMap.children
transformSetLine = mapChildren[1]
(head,transformSet) = transformSetLine.text.split('set transform-set')
print transformSet
def main():
"""
Find all crypto map entires that do not use AES Encryption.
"""
cisco_file = "cisco_ipsec.txt"
cisco_cfg = CiscoConfParse(cisco_file)
crypto_maps = cisco_cfg.find_objects_wo_child(
parentspec=r"^crypto map CRYPTO", childspec=r"AES")
print("Printing crypto_maps content")
print(crypto_maps)
print('\n\n')
print("#" * 3)
print("#" * 3, 'crypto_maps Type:')
print("#" * 3)
print(type(crypto_maps))
for c_map in crypto_maps:
print("#" * 3)
print("#" * 3, 'c_map Type:')
print("#" * 3)
print(type(c_map))
print()
print(c_map.text)
for child in c_map.children:
print(child.text)
print()
def main():
cfg = CiscoConfParse('cisco_ipsec.txt')
crypto_not_AES = cfg.find_objects_wo_child(r"^crypto map CRYPTO", r"set transform-set AES")
print "Crypto maps not using AES:"
for line in crypto_not_AES:
transform_set = line.re_search_children(r"transform")[0].text.split()[-1]
print line.parent.text + ">>>>> " + transform_set
def main():
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
cryptomaps = cisco_cfg.find_objects_wo_child(parentspec=r"crypto map CRYPTO", childspec=r"AES")
print "\ncrypto maps not using AES:"
for entry in cryptomaps:
print "{0}".format(entry.text)
for text in entry.children:
if "transform-set" in text.text:
print re.sub("set transform-set ", "", text.text)
def main():
cisco_test_file = 'cisco_ipsec.txt'
parse_file = CiscoConfParse(cisco_test_file)
crypto_maps = parse_file.find_objects_wo_child(parentspec=r'crypto ipsec transform-set',
childspec=r'AES')
print "\nCrypto Maps noy using AES:"
for entry in crypto_maps:
print " {0}".format(entry.text)
print
def main():
'''
Main Function
'''
my_cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
out = my_cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r"set transform-set AES-SHA")
for item in out:
print item.text
out2 = my_cisco_cfg.find_objects_w_parents(parentspec=str(item.text), childspec=r"set transform-set")
for item2 in out2:
print item2.text
def main():
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
intf = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r"AES")
print "Crypto maps not using AES:"
for i in intf:
print i.text
for j in i.children:
if 'transform' in j.text:
print j.text
def main():
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
crypto_g2 = cisco_cfg.find_objects_wo_child(
parentspec=r"^crypto map CRYPTO", childspec=r"AES")
for parent in crypto_g2:
print parent.text
for child in parent.children:
print child.text
def main():
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
crypto_g2 = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO",
childspec=r"AES")
for parent in crypto_g2:
print parent.text
for child in parent.children:
print child.text
def main():
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
crypto_maps = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map", childspec="AES")
for crypto_map in crypto_maps:
print "crypto map: %s" % crypto_map.text
for child in crypto_map.children:
m = re.search(r'set transform-set (?P<transform>\w+)', child.text)
if m:
print "transform: %s" % m.group('transform')
def main():
cfg=CiscoConfParse('Config-file.txt')
temp_list=cfg.find_objects_wo_child(parentspec=r"^crypto map", childspec="AES")
print temp_list
#print temp_list
for entry in temp_list:
for child in entry.children:
if "transform" in child.text:
match=re.search(r"set transform-set (.*)$", child.text)
encryption=match.group(1)
print "Entry not using AES is " , entry.text , " and its encryption is " , encryption
def _get_all_l2_int_entries(self):
parse = CiscoConfParse(self.file_input)
self.hostname = parse.re_match_iter_typed(r'^hostname\s+(\S+)',
default='None')
for obj in parse.find_objects_wo_child(r'^interface',
r'^\s*(no)?\s*ip address'):
print(f'Hostname: {self.hostname} Interface: {obj.text}')
cisco = L2Interface()
cisco.get_all_properties(obj.text)
for obj_child in obj.children:
cisco.get_all_properties(obj_child.text)
self.l2_int_entries.append(cisco)
def main():
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
crypto_maps = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map",
childspec="AES")
for crypto_map in crypto_maps:
print "crypto map: %s" % crypto_map.text
for child in crypto_map.children:
m = re.search(r'set transform-set (?P<transform>\w+)', child.text)
if m:
print "transform: %s" % m.group('transform')
def main():
cisco_cfg = CiscoConfParse('cisco_ipsec.txt')
crypto_maps = cisco_cfg.find_objects_wo_child(parentspec=r'crypto map CRYPTO', childspec=r'AES')
print "\nThe entry(s) not using AES is/are:"
for crypto_map in crypto_maps:
print crypto_map.text
print "\nCorresponding transform set for the entry:"
for child in crypto_map.children:
if "transform" in child.text:
print child
def main():
cisco_cfg=CiscoConfParse("cisco_ipsec.txt")
crypto_map=cisco_cfg.find_objects_wo_child(parentspec=r'crypto map CRYPTO', childspec=r'AES')
for child in crypto_map:
#print child.text
for ch in child.children:
if 'transform-set' in ch.text:
match=re.search(r'set transform-set (.*)',ch.text)
result=match.group(1)
print "{0}>>> {1}".format(child.text,result)
def main():
cisco_file = 'cisco_ipsec.txt'
cisco_cfg = CiscoConfParse(cisco_file)
crypto_maps = cisco_cfg.find_objects_wo_child(
parentspec=r'crypto map CRYPTO', childspec=r'AES')
print("\nCrypto maps not using AES:")
for entry in crypto_maps:
for child in entry.children:
if 'transform' in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
encryption = match.group(1)
print(" {} >>> {}".format(entry.text.strip(), encryption))
print()
def main():
text_file = 'cisco_ipsec.txt'
config = CiscoConfParse(text_file)
maps = config.find_objects_wo_child(parentspec=r'crypto map CRYPTO',
childspec=r'AES')
for i in maps:
print(i.text)
for x in i.children:
print(x.text)
if 'transform' in x.text:
found = re.search(r"set transform-set (.*)$", x.text)
print("{} | {}".format(i.text.strip(), found.group(1)))
def _get_all_l2_int_entries(self):
self.__logger.info("Get Info L2 interfaces")
parse = CiscoConfParse(self.file_input)
self.hostname = parse.re_match_iter_typed(r'^hostname\s+(\S+)',
default='None')
self.__logger.info(f"Hostname: {self.hostname}")
for obj in parse.find_objects_wo_child(r'^interface',
r'^\s*(no)?\s*ip address'):
cisco = L2Interface(self.__dbg)
cisco.get_all_properties(obj.text)
for obj_child in obj.children:
cisco.get_all_properties(obj_child.text)
self.l2_int_entries.append(cisco)
self.__logger.debug(f"L2 int: {cisco.name}")
def main():
'''
Main Function
'''
my_cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
out = my_cisco_cfg.find_objects_wo_child(
parentspec=r"^crypto map CRYPTO",
childspec=r"set transform-set AES-SHA")
for item in out:
print item.text
out2 = my_cisco_cfg.find_objects_w_parents(
parentspec=str(item.text), childspec=r"set transform-set")
for item2 in out2:
print item2.text
def main():
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
crypto_map = cisco_cfg.find_objects_wo_child(
parentspec=r'crypto map CRYPTO', childspec=r'AES')
for child in crypto_map:
#print child.text
for ch in child.children:
if 'transform-set' in ch.text:
match = re.search(r'set transform-set (.*)', ch.text)
result = match.group(1)
print "{0}>>> {1}".format(child.text, result)
def parse_conf_file_cm(file1):
cisco_conf = CiscoConfParse(file1)
target = cisco_conf.find_objects_wo_child(parentspec=r'^' + P_PARSE_STRING,
childspec=C_PARSE_STRING)
for p_elmt in target:
print 'Found target:\n{}'.format(p_elmt.text)
for c_elmt in p_elmt.all_children:
print c_elmt.text
if c_elmt.text.find('set transform-set') >= 0:
target_ts = parse_conf_file_ts(cisco_conf, c_elmt.text)
target_ts_parent = target_ts[0]
print '\n{}'.format(target_ts_parent.text)
for c_elmt in target_ts_parent.all_children:
print c_elmt.text
print ''
def main(cisco_file='cisco_ipsec.txt'):
'''
Using ciscoconfparse find the crypto maps that are not using AES (based-on
the transform set name). Print these entries and their corresponding
transform set name.
'''
cisco_cfg = CiscoConfParse(cisco_file)
for crypto_map in cisco_cfg.find_objects_wo_child(parentspec=r'crypto map CRYPTO',
childspec=r'AES'):
for child in crypto_map.children:
if 'transform' in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
print "{0} : {1}".format(crypto_map.text.strip(), match.group(1))
def main():
"""
10. Using ciscoconfparse find the crypto maps that are not using AES
(based-on the transform set name). Print these entries and their
corresponding transform set name.
"""
cisco_conf = CiscoConfParse("cisco_ipsec.txt")
tscrypto_map = cisco_conf.find_objects_wo_child(parentspec=r"^crypto map",
childspec=r"AES")
for ts_map in tscrypto_map:
print(ts_map.text)
for tr_set in ts_map.all_children:
if "transform-set" in tr_set.text:
print(tr_set.text)
def main():
cisco_file = 'cisco_ipsec.txt'
output = CiscoConfParse(cisco_file)
crypto_output = output.find_objects_wo_child(
parentspec=r'crypto map CRYPTO', childspec=r'AES')
for i in crypto_output:
for child in i.children:
if 'transform' in child.text:
match = re.search(r'set transform-set (\S*)', child.text)
# print(match)
encryption = match.group(1)
print(
'crypto maps that don\'t use AES and what they are using instead:')
print(i.text.strip(), "|", encryption)
def main():
'''
Using ciscoconfparse find the crypto maps that are not using AES (based-on th transform set name). Print these entries and thier correspinding transfo rm set name.
'''
cisco_file = ('cisco_ipsec.txt')
cisco_cfg = CiscoConfParse(cisco_file)
crypto_maps = cisco_cfg.find_objects_wo_child(parentspec=r'crypto map CRYPTO', childspec=r'AES')
print "\nCrypto Maps not using AES:"
for entry in crypto_maps:
for child in entry.children:
if 'transform' in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
encryption = match.group(1)
print " {0} >>> {1}".format(entry.text.strip(), encryption)
print
def main(cisco_file='cisco_ipsec.txt'):
'''
Using ciscoconfparse find the crypto maps that are not using AES (based-on
the transform set name). Print these entries and their corresponding
transform set name.
'''
cisco_cfg = CiscoConfParse(cisco_file)
for crypto_map in cisco_cfg.find_objects_wo_child(
parentspec=r'crypto map CRYPTO', childspec=r'AES'):
for child in crypto_map.children:
if 'transform' in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
print "{0} : {1}".format(crypto_map.text.strip(),
match.group(1))
def main():
cisco_cfg_file = "cisco_ipsec.txt"
cisco_cfg = CiscoConfParse(cisco_cfg_file)
crypto_not_aes = cisco_cfg.find_objects_wo_child(
parentspec=r"crypto map CRYPTO", childspec=r"AES")
print("Crypto Maps not using AES:")
for c_map in crypto_not_aes:
#print(" {0}").format(c_map.text)
for child in c_map.children:
#print (" {0}").format(child.text)
if "transform" in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
encryption = match.group(1)
print(" {0} >>> {1}".format(c_map.text.strip(), encryption))
print
def main():
cisco_file = 'cisco_config.txt'
cisco_cfg = CiscoConfParse(cisco_file)
crypto_maps = cisco_cfg.find_objects_wo_child(parentspec=r'crypto map CRYPTO',
childspec=r'AES')
print "\nCryto maps not using AES:"
for entry in crypto_maps:
for child in entry.children:
if 'transform' in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
encryption = match.group(1)
print " {0} >>> {1}".format(entry.text.strip(), encryption)
print
def Cisco_Parser(filename):
cisco_cfg=CiscoConfParse(filename)
interfaces=cisco_cfg.find_objects(r"^interface")
vtys=cisco_cfg.find_objects(r"^line vty ")
for intf in interfaces:
output= str(intf)
output+= '\n' + str(intf.children)
for vty in vtys:
output+= '\n' + '#' * 80
output+= "Configuration for Line vty is: \n {}".format(vty.children)
l2_interfaces=cisco_cfg.find_objects_w_child(parentspec=r"^interface", childspec="no ip address")
l3_interfaces=cisco_cfg.find_objects_wo_child(parentspec=r"^interface", childspec="no ip address")
output+= '\n' +'#' * 80
output+= "\nL2 Interfaces are {}".format(l2_interfaces)
output+= '\n' +'#' * 80
output+= "\nL3 Interfaces are {}".format(l3_interfaces)
return output
def main():
# this is a script that can find the crypto maps that are not using certain encryption method
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
crypto_map = cisco_cfg.find_objects_wo_child(parentspec=r'crypto map CRYPTO', childspec=r'AES')
print "\n", "=="*4, "The crypto maps without AES:", "=="*4, "\n"
for each_map in crypto_map:
# I have printed so many things to make sure I can get a good data type in while loop
# print type(each_map.children)
# print len(each_map.children)
# print type (each_map.children[child_number])
# print str(each_map.children[child_number])
print each_map.text
child_number = 0
while child_number < (len(each_map.children)):
if "transform-set" in str(each_map.children[child_number]):
print each_map.children[child_number].text, "\n"
child_number = child_number + 1
else:
child_number = child_number + 1
def main():
file = "cisco.txt"
config = CiscoConfParse(file)
crypto_maps = config.find_objects_wo_child(parentspec=r"crypto map CRYPTO", childspec=r"AES")
print "Crypto Maps not using AES: "
for txt in crypto_maps:
for child in txt.children:
if "transform" in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
encryption = match.group(1)
print " {0} >>> {1}".format(txt.text.strip(), encryption)
print
def main():
'''
finds all of the crypto map entires and prints all that are not using AES
'''
file_in = 'cisco_ipsec.txt'
config_file = CiscoConfParse(file_in)
crypto_maps = config_file.find_objects_wo_child(parentspec=r'crypto map CRYPTO',
childspec=r'AES')
print "\nCrypto maps not using AES:"
for entry in crypto_maps:
for child in entry.children:
if 'transform' in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
encryption = match.group(1)
print " {0} >>> {1}".format(entry.text.strip(), encryption)
print
def main():
'''
Using ciscoconfparse find the crypto maps that are not using AES (based-on
the transform set name). Print these entries and their corresponding
transform set name.
'''
# Create a new CiscoConfParse object using our sample config file
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
# Find all entries with children that do NOT have "set transform-set AES-SHA", and a parent of "crypto map CRYPTO"
crypto = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r"set transform-set AES-SHA")
# Loop over the list, printing each object, and it's associated children
for i in crypto:
print i.text
for child in i.children:
print child.text
def find_active_interfaces(file):
all_interfaces = []
# Parser set to look at running config
parse = CiscoConfParse(file)
retval = ''
# find objects matching interface and not shutdown
for obj in parse.find_objects_wo_child(parentspec=r"^interface",
childspec=r"shutdown"):
# Make a list that will contain the parent and the children
interface_list = []
# Add the parent to the list as a string
interface_list.append(obj.text)
retval += obj.text + '\n'
# For all the parent's children
for line in obj.all_children:
# Add the child to the list as a string
retval += line.text + '\n'
# A
return retval
def no_aes(config):
'''
Accepts Cisco configuration and finds crypto map
entries not using AES transform sets.
'''
# Create CiscoConfParse object with config passed into function.
cisco_cfg = CiscoConfParse(config)
# Find only crypto maps not using AES transform set.
cmap = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO",
childspec=r".+ AES")
# Iterate over lines matched previously. Print the line.
for seq_num in cmap:
print seq_num.text
# Iterate over children of the config line, print children.
for child in seq_num.children:
print child.text
def main():
'''
Find all of the crypto map entries in the file (lines that begin with
'crypto map CRYPTO') and print out the entries that are not using AES
based on the transform set name.
'''
cisco_conf = CiscoConfParse("cisco_ipsec.txt")
crypto_maps = cisco_conf.find_objects_wo_child(
parentspec=r"crypto map CRYPTO",
childspec=r"AES")
print "\nCrypto Maps not using AES:"
for map in crypto_maps:
for child in map.children:
if "transform" in child.text:
match = re.search(r"set transform-set (.*)$", child.text)
encrypt_type = match.group(1)
print " {0} ->->-> {1}".format(map.text.strip(), encrypt_type)
print
def main():
cisco_cfg = CiscoConfParse(CISCO_FILENAME)
print 'All crypto maps that use "pfs group2"'
cisco_objs = cisco_cfg.find_objects_w_child(parentspec=r"crypto map CRYPTO",
childspec=r"set pfs group2")
for obj in cisco_objs:
print "[-]"
print obj.text
for child in obj.all_children:
print child.text
print '\n\nAll crypto maps that are not using AES'
cisco_objs = cisco_cfg.find_objects_wo_child(parentspec=r"crypto map CRYPTO",
childspec=r"set transform-set AES-")
for obj in cisco_objs:
print "[-]"
print obj.text
for child in obj.all_children:
print child.text
def find_sections(**kwargs):
"""Extract a section from a config
Args:
lines (list): the list of lines making up the config
match (str): the regex to match against
child_match (str): the regex to match children against
only_child_matches (boolean): only return sections with children that match
min_child_lines (int): only return section that >= this many children
Returns:
dict: A dict of the sections, lines
"""
parse = CiscoConfParse(kwargs['lines'])
if kwargs['child_match'] == 'any':
found_objs = parse.find_objects(kwargs['match'])
else:
if kwargs['children_that_match']:
found_objs = parse.find_objects_w_child(parentspec=r"%s" % kwargs['match'], \
childspec=r"%s" % kwargs['child_match'])
else:
found_objs = parse.find_objects_wo_child(parentspec=r"%s" % kwargs['match'], \
childspec=r"%s" % kwargs['child_match'])
found_objs = [
obj for obj in found_objs
if len(obj.children) >= kwargs['min_child_lines']
]
response = {}
response['sections'] = []
response['lines'] = []
for section in found_objs:
entry = {}
entry['section_name'] = section.text
response['lines'].append(section.text)
entry['section_content'] = []
for child in section.children:
entry['section_content'].append(child.text.strip())
response['lines'].append(child.text)
response['sections'].append(entry)
return response
def no_aes(config):
'''
Accepts Cisco configuration and finds crypto map
entries not using AES transform sets.
'''
# Create CiscoConfParse object with config passed into function.
cisco_cfg = CiscoConfParse(config)
# Find only crypto maps not using AES transform set.
cmap = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r".+ AES")
# Iterate over lines matched previously. Print the line.
for seq_num in cmap:
print seq_num.text
# Iterate over children of the config line, print children.
for child in seq_num.children:
print child.text
def main():
cisco_file = 'pynet-rtr1.txt'
cisco_cfg = CiscoConfParse(cisco_file)
crypto_maps = cisco_cfg.find_objects(r"^crypto map CRYPTO")
for c_map in crypto_maps:
print
print c_map.text
for child in c_map.children:
print child.text
print
crypto_maps = cisco_cfg.find_objects_w_child(parentspec=r'crypto map CRYPTO',
childspec=r'pfs group5')
print "\nCrypto Maps using PFS group5:"
for entry in crypto_maps:
print " {0}".format(entry.text)
print
crypto_maps = cisco_cfg.find_objects_wo_child(parentspec=r'crypto map CRYPTO',
childspec=r'set peer 5.5.5.1')
print "\nCrypto maps not peer 5.5.5.1:"
for entry in crypto_maps:
print " {0}".format(entry.text)
print
from ciscoconfparse import CiscoConfParse
cisco_cfg = CiscoConfParse("cisco_ipsec.txt")
print cisco_cfg
# find objects that begin with "crypto map CRYPTO" and are not
crypto = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO",
childspec=r"transform-set AES")
print "\nObjects not using AES"
print "------------------------"
# print the found objects and thier children
for i in crypto:
print i.text
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
from __future__ import unicode_literals, print_function
cisco_config = CiscoConfParse("cisco_ipsec.txt")
crypto_map = cisco_config.find_objects_wo_child(
parentspec=r"^crypto map CRYPTO", childspec=r"AES")
for c in crypto_map:
print()
print(c.text)
for child in c.children:
print(child.text)
print()
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
cfg = CiscoConfParse("cisco_ipsec.txt")
crypto_maps = cfg.find_objects("^crypto map CRYPTO")
#Excercise 8, part1
#find all lines that begin with 'crypto map CRYPTO'& for each crypto map entry print out its children
print "These are cryto map lines"
for crypto in crypto_maps:
print crypto.text
for child in crypto.children:
print child.text
#Excercise 8, part2:show crypto maps that have pfs group 2
print "These Crypto maps have pfs group 2"
pfs2 = cfg.find_objects_w_child(parentspec=r"^crypto map CRYPTO",
childspec=r"set pfs group2")
for i in pfs2:
print i.text
#Excercise 8, part2:show crypto maps that aren't using AES and also print transform set
print "Find MAPS not using AES"
#aes = cfg.find_objects_w_child(parentspec=r"^crypto map CRYPTO", childspec=r"AES-SHA")
aes = cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO",
childspec="set transform-set AES-SHA")
for each in aes:
print each.text
for child in each.children:
print child.text
#!/usr/bin/env python
"""
Class 1, Exercise 10
Find the crypto maps that are not using AES (based-on the transform set name).
Print these entries and their corresponding transform set name.
"""
from ciscoconfparse import CiscoConfParse
cisco_config = CiscoConfParse("cisco_ipsec.txt")
print """\nThis script lists the crypto maps that are not using AES in the
transform set and the transform set name"""
print"-" * 114
no_AES_crymaps = cisco_config.find_objects_wo_child(r'crypto map CRYPTO', r'AES')
for obj in no_AES_crymaps:
print "Crypto-map name: %s" % obj.text
for child in obj.children:
if "transform-set" in child.text:
mystring = child.text
mystringlist = mystring.split()
count = 0
for i in mystringlist:
if mystringlist[count] == "transform-set":
count = count + 1
print "Transform-set name is: %s\n" % mystringlist[count]
exit()
else:
count = count + 1
print"-" * 114
#open the configfile
config = CiscoConfParse("cisco_ipsec.txt")
#question 8
print "question 8:------------------------"
crypto = config.find_objects(r"crypto map CRYPTO")
for entry in crypto:
print entry.text
for child in entry.all_children:
print child.text
#question 9
print "question 9:--------------------------"
crypto_pfs = config.find_objects_w_child(parentspec=r"crypto map CRYPTO", childspec=r"pfs group2")
for entry in crypto_pfs:
print entry.text
for child in entry.all_children:
print child.text
#question 10
print "question 10:--------------------------"
crypto_pfs = config.find_objects_wo_child(parentspec=r"crypto map CRYPTO", childspec=r"transform-set AES-SHA")
for entry in crypto_pfs:
print entry.text
for child in entry.all_children:
print child.text
#!/usr/bin/env python
#coding:utf-8
from ciscoconfparse import CiscoConfParse, IOSCfgLine
cfg = open("isis_junos.cfg").read().splitlines()
parse = CiscoConfParse(cfg, syntax='junos', comment='#!')
print("\n".join(parse.ioscfg))
print("Check interface without 'point-to-point' config line:")
for obj in parse.find_objects_wo_child("interface", "point-to-point"):
print(obj.text)
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
crypto_file = CiscoConfParse("cisco_ipsec.txt")
c_maps = crypto_file.find_objects(r"^crypto map CRYPTO")
for c_map in c_maps:
for i in c_map.children:
print i.text
pfs2 = crypto_file.find_objects_w_child(parentspec=r"crypto map CRYPTO", childspec="set pfs group2")
print "\nPFS group2 crypto maps:"
for group in pfs2:
print group.text
non_aes = crypto_file.find_objects_wo_child(parentspec=r"crypto map CRYPTO", childspec="AES-SHA")
print "\nNon-AES crypto map(s):"
for group in non_aes:
print group.text
for i in group.children:
print i.text
from ciscoconfparse import CiscoConfParse
import yaml
import json
from pprint import pprint as pp
ciscocfg = CiscoConfParse('cisco_ipsec.txt')
nonaes = ciscocfg.find_objects_wo_child(parentspec=r'crypto map CRYPTO',childspec=r'set transform-set AES-SHA')
for item in range(len(nonaes)):
print nonaes[item].text
cryptemp = nonaes[item]
for line in cryptemp.children:
tset = line.text.strip()
if tset.startswith('set transform-set'):
print tset
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
cfg_file = CiscoConfParse("cisco_ipsec.txt")
crypto_maps_g2 = cfg_file.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r"set transform-set AES-SHA")
for crypto_map in crypto_maps_g2:
print crypto_map.text
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
config = CiscoConfParse('input-cisco.txt')
lines = config.find_objects_wo_child(parentspec=r'^crypto map CRYPTO', childspec=r'set transform-set AES-SHA')
for i in lines:
print i.parent.text
print i.children[1].text.split(' ')[3]
# BELOW IS ANOTHER WAY TO ACCOMPLISH THE SAME THING
# NOT AS ELEGANT (MORE LINES OF CODE)
# AND IT DOESN'T LEVERAGE FEATURES OF CISCOCONFPARSE
# BUT IT REPLACES THE LAST LINE IN THE PROGRAM ABOVE
# AND USES STANDARD STRING PROCESSING METHODS
# AND IT YIELDS THE SAME RESULT
#
# for j in i.all_children:
# if 'transform' in j.text:
# line = j.text
# print line.strip().split(' ')[-1]
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
cisco_cfg = CiscoConfParse("cisco_conf_example.txt")
crypto_map = cisco_cfg.find_objects(r"^crypto map CRYPTO")
pfs_grp2 = cisco_cfg.find_objects_w_child(parentspec=r"^crypto map CRYPTO", childspec=r"pfs group2")
not_aes = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r"AES-SHA")
print "Here are all the crypto maps configured:"
for i in crypto_map:
print i.text
for child in i.children:
print child.text
print "*******"
print "\ncrypto maps with PFS group2 are:"
for entry in pfs_grp2:
print entry.text
for child in entry.children:
print " {0}".format(child.text)
print "*******"
print "\ncrypto maps not using AES:"
for i in not_aes:
print i.text
for child in i.children:
print " {0}".format(child.text)
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
cisco_cfg = CiscoConfParse("cisco_config.txt")
print cisco_cfg
intf = cisco_cfg.find_objects(r"^interface")
print intf
for i in intf:
print i.text
interface_4 = intf[4]
print interface_4
print interface_4.children
for child in interface_4.children:
print child.text
no_ip = cisco_cfg.find_objects_w_child(parentspec=r"interface", childspec=r"no ip address")
print no_ip
with_ip = cisco_cfg.find_objects_wo_child(parentspec=r"interface", childspec=r"no ip address")
print with_ip
from ciscoconfparse import CiscoConfParse
config = CiscoConfParse("cisco_ipsec.txt")
list1 = config.find_objects(r"^crypto map CRYPTO")
list2 = config.find_objects_w_child(parentspec=r"^crypto map CRYPTO", childspec=r"set pfs group2")
list3 = config.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r"set transform-set AES*")
for i in list1:
for child in i.children:
print child.text
for i in list2:
for child in i.children:
print child.text
for i in list3:
for child in i.children:
print child.text
f.rename(os.path.join(NEW_DIR, new_name))
#print(" ")
#print("-------------------Finshed removing -Running.config from file name-------------------")
#print(" ")
header = "Switch" + " " + "Port W/O Dot1x" + " " + "Port Description"
print(header)
#
#Start Examining configs for missing port security
#
for host in os.listdir(NEW_DIR):
if host.startswith("p"):
config_path = os.path.join(NEW_DIR, host)
parse = CiscoConfParse(config_path)
all_intfs = parse.find_objects(r"^interf")
NoDot1x = list()
NoDot1x = parse.find_objects_wo_child(r'^interface', r'authentication')
#Remove Non Gig Ports because all user ports are 1 gig
GigPorts = [
x.text.split()[1] for x in NoDot1x
if x.text.startswith("interface Gig")
]
#Remove Cisco 3750 Exansion module
final_list = [
w for w in GigPorts if not re.match(r'GigabitEthernet./1/.', w)
]
#Gets Port Descriptions
for ports in final_list:
port = "interface" + " " + ports
intconfig = parse.find_children(port, exactmatch=True)
desc = [x for x in intconfig if re.search("description", x)]
result = host + ' ' + ''.join(ports) + ' ' + ''.join(desc)
crypto_map = cisco_cfg.find_objects(r"^crypto map CRYPTO")
# Now print the CRYPTO map entries found
print "\nPrinting the crypto map CRYPTO entries found\n"
for i in crypto_map:
print i.text
print "\n"
# Find all entries that are using pfs group2
crypto_PFS = cisco_cfg.find_objects_w_child(parentspec=r"^crypto map", childspec=r"pfs group2")
# Print all crypto map using pfs group2
print "\nPrinting the crypto map entries using pfs group2\n"
for i in crypto_PFS:
print i.text
print "\n"
# Find all crypto maps that are not usind AES transform-set
crypto_noAES = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map", childspec=r"set transform-set AES")
# Print all maps without AES and config under eact.
print "\nPrinting the crypto map entries using pfs group2\n"
for i in crypto_noAES:
print i.text
for j in i.children:
print j.text
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
import os
os.system('clear')
cisco_cfg = CiscoConfParse("cisco.txt")
crypto_PFS2 = cisco_cfg.find_objects_wo_child(parentspec=r"^crypto map CRYPTO", childspec=r"set transform-set AES-SHA")
for c in crypto_PFS2:
print c.text
print (c.children[1]).text
print "\n"
