Exemple #1
0
def dotransform(request, response):
    ip = request.value
    dump = request.fields['dumpfile']
    x = parse_netflow(dump)
    for i in x:
        dstip = i[6]
        dstip = dstip.split(':')[0]
        proto = i[3]
        if ip in dstip:
            dport = i[6]
            dport = dport.split(':')[1]
            e = Port(dport)
            e += Field('dumpfile',
                       dump,
                       displayname='Dump File',
                       matchingrule='loose')
            # e.linklabel = proto
            if proto == 'TCP':
                e.linkcolor = 0xff0000
            if proto == 'UDP':
                e.linkcolor = 0x002bff
            if proto == 'ICMP':
                e.linkcolor = 0x2f9a0d
            response += e
        else:
            pass
    return response
Exemple #2
0
def dotransform(request, response):
    ns = login()
    vulns = Report(ns, request.fields['nessusreport.uuid'], '').vulnerabilities
    for h in vulns[request.fields['nessusplugin.id']].hosts:
        p = Port(h.port)
        p.destination = h.name
        p.status = 'Open'
        p.protocol = h.protocol
        response += p
    return response
Exemple #3
0
def dotransform(request, response):
    ns = login()
    vulns = Report(ns, request.fields['nessusreport.uuid'], '').vulnerabilities
    for h in vulns[request.fields['nessusplugin.id']].hosts:
        p = Port(h.port)
        p.destination = h.name
        p.status = 'Open'
        p.protocol = h.protocol
        response += p
    return response
Exemple #4
0
def dotransform(request, response):
    s = login(host=request.entity.server, port=request.entity.port)
    if s is None:
        return response
    vulns = Report(s, request.entity.uuid, '').vulnerabilities
    for h in vulns[request.entity.pluginid].hosts:
        p = Port(h.port)
        p.destination = h.name
        p.status = 'Open'
        p.protocol = h.protocol
        response += p
    return response
Exemple #5
0
def dotransform(request, response):
    s = login(host=request.entity.server, port=request.entity.port)
    if s is None:
        return response
    vulns = Report(s, request.entity.uuid, '').vulnerabilities
    for h in vulns[request.entity.pluginid].hosts:
        p = Port(h.port)
        p.destination = h.name
        p.status = 'Open'
        p.protocol = h.protocol
        response += p
    return response
Exemple #6
0
def dotransform(request, response):
	checkdir(config['nexpose/reportdir'])
	# Nexpose API session login
	session = nexlogin()
	# Nexpose Adhoc report generation and save to file
	siteid = request.fields['siteid']
	report = '%s.xml' % siteid
	reportstatus = reportChecker(session, siteid, report)
	if reportstatus == True:
		f = open(os.path.join(config['nexpose/reportdir'], report))
		reporto = f.read()
		f.close
	else:
		raise MaltegoException('Something went wrong with the report checks')
	
	for dic in nexposePort(reporto):
		for key, val in dic.iteritems():
			response += Port(key,
                    	siteid=siteid,
                    	scanid=request.fields['scanid'],
                    	protocol=val[0],
                    	status=val[1])

	return response
	nexlogout(session)
Exemple #7
0
def dotransform(request, response):

    params = parse_args(request.params)

    ports = portrange(
        params.target_ports
    ) if params.target_ports is not None else config['irsscan/target_ports']
    dst = params.target_host if params.target_host is not None else config[
        'irsscan/target_host']

    global q
    q = Queue()

    debug('Sending probes to %s' % dst)

    # This is the template used to send traffic
    p = Ether() / IP(dst=dst, id=int(RandShort())) / TCP(
        dport=ports, sport=int(RandShort()), seq=int(RandInt()))

    # We need to fix these values so that Scapy doesn't poop all over them
    p.dst = router_mac = p.dst
    p.src = my_mac = p.src

    # Begin the evil... mwuahahahahaha..
    apw = ArpCachePoisoner(my_mac, router_mac)
    apw.start()

    # Loop through our IP address block and send out the probes
    for i in iprange(request.value):

        # Queue and set the current IP we are poisoning for the poisoner.
        q.put(str(i))
        p[IP].src = str(i)
        sleep(0.5)

        # Send the probes!
        ans, unans = srp(p,
                         retry=config['irsscan/sr_retries'],
                         timeout=config['irsscan/sr_timeout'],
                         verbose=config['irsscan/sr_verbose'])

        if ans:
            for a in ans:
                req, res = a
                e = Port(req.dport)
                e.source = req[IP].src
                e.destination = req[IP].dst
                e.protocol = 'tcp'
                e += Label('Summary', res.summary())
                if TCP in res:
                    e.response = res[TCP].sprintf('TCP:%flags%')
                    e.status = PortStatus.Closed if (res[TCP].flags
                                                     & 4) else PortStatus.Open
                elif ICMP in res:
                    e.response = res[ICMP].sprintf('ICMP:%type%')
                    e.status = PortStatus.TimedOut
                response += e

        if unans:
            for u in unans:
                e = Port(u.dport)
                e.source = u[IP].src
                e.destination = u[IP].dst
                e.status = PortStatus.TimedOut
                e.response = 'none'
                response += e

    # Goodbye!
    q.put(None)
    apw.join()

    return response
Exemple #8
0
def dotransform(request, response):

    params = parse_args(request.params)

    ports = portrange(params.target_ports) if params.target_ports is not None else config['irsscan/target_ports']
    dst = params.target_host if params.target_host is not None else config['irsscan/target_host']

    global q
    q = Queue()

    debug('Sending probes to %s' % dst)

    # This is the template used to send traffic
    p = Ether()/IP(dst=dst, id=int(RandShort()))/TCP(dport=ports, sport=int(RandShort()), seq=int(RandInt()))

    # We need to fix these values so that Scapy doesn't poop all over them
    p.dst = router_mac = p.dst
    p.src = my_mac = p.src

    # Begin the evil... mwuahahahahaha..
    apw = ArpCachePoisoner(my_mac, router_mac)
    apw.start()

    # Loop through our IP address block and send out the probes
    for i in iprange(request.value):

        # Queue and set the current IP we are poisoning for the poisoner.
        q.put(str(i))
        p[IP].src = str(i)
        sleep(0.5)

        # Send the probes!
        ans, unans = srp(
            p,
            retry=config['irsscan/sr_retries'],
            timeout=config['irsscan/sr_timeout'],
            verbose=config['irsscan/sr_verbose']
        )

        if ans:
            for a in ans:
                req, res = a
                e = Port(req.dport)
                e.source = req[IP].src
                e.destination = req[IP].dst
                e.protocol = 'tcp'
                e += Label('Summary', res.summary())
                if TCP in res:
                    e.response = res[TCP].sprintf('TCP:%flags%')
                    e.status = PortStatus.Closed if (res[TCP].flags & 4) else PortStatus.Open
                elif ICMP in res:
                    e.response = res[ICMP].sprintf('ICMP:%type%')
                    e.status = PortStatus.TimedOut
                response += e

        if unans:
            for u in unans:
                e = Port(u.dport)
                e.source = u[IP].src
                e.destination = u[IP].dst
                e.status = PortStatus.TimedOut
                e.response = 'none'
                response += e


    # Goodbye!
    q.put(None)
    apw.join()

    return response