Exemple #1
0
    def __init__(self, debug=False):
        """
        Initialize PasswordDefect.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # OS name to password-log path map
        self.system_log_map = {"debian": "/etc/passwd"}

        os_name = utils.categorize_os()
        self.log_file = None

        if os_name:
            try:
                self.log_file = self.system_log_map[os_name]
            except KeyError:
                self.logger.log("Could not find path for the auth-log file",
                                logtype="error")
                return
        else:
            return

        # Initialize user to password dict
        self.user_password = dict()
Exemple #2
0
    def __init__(self, debug=False):
        """
        Initialize SystemLogEngine.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # Check if running as root or not
        if utils.check_root():
            # Create module objects
            self.failed_login_obj = failed_login.FailedLogin(debug=debug)
            self.harmful_command = harmful_root_command.HarmfulCommands(
                debug=debug)
            self.detect_backdoor = detect_backdoor.DetectBackdoor(debug=debug)
            self.checksync = check_sync.CheckSync(debug=debug)
            self.password_def = password_defect.PasswordDefect(debug=debug)
            self.portscan = port_scan.PortScan(debug=debug)
            self.sshlogin = ssh_login.SSHLogin(debug=debug)
            self.detsniffer = detect_sniffer.DetSniffer(debug=debug)
            self.non_std = non_std_hash.NonStdHash(debug=debug)
        else:
            self.logger.log("Please run as root, exiting.", logtype="error")
            sys.exit(0)
Exemple #3
0
    def __init__(self, cred, debug=False):
        """Initialize FirewallEngine."""

        self.cred = cred
        self.logger = logger.IemlAVLogger(__name__, debug)

        # Parse and setup rules and actions
        (self.ip_inbound,
         self.action_inbound_IPRule) = self.parse_inbound_IPRule()

        (self.ip_outbound,
         self.action_outbound_IPRule) = self.parse_outbound_IPRule()

        (self.protocols, self.action_protocolRule) = self.parse_protocolRule()

        (self.sports,
         self.action_source_portRule) = self.parse_source_portRule()

        (self.dports, self.action_dest_portRule) = self.parse_dest_portRule()

        (self.dns, self.action_DNSRule) = self.parse_DNSRule()

        (self.extensions, self.action_scanLoad) = self.parse_scanLoad()

        self.action_HTTPRequest = self.parse_HTTPRequest()

        self.action_HTTPResponse = self.parse_HTTPResponse()

        # Interface
        self.interface = str(self.cred['interface'])
        if self.interface == "":
            self.interface = utils.get_interface()

        # Setup PacketFilter object
        self.packetFilterObj = PacketFilter(
            interface=self.interface,
            debug=debug,
            ip_inbound=self.ip_inbound,
            ip_outbound=self.ip_outbound,
            protocols=self.protocols,
            dns=self.dns,
            dports=self.dports,
            sports=self.sports,
            extensions=self.extensions,
            action_inbound_IPRule=self.action_inbound_IPRule,
            action_outbound_IPRule=self.action_outbound_IPRule,
            action_DNSRule=self.action_DNSRule,
            action_source_portRule=self.action_source_portRule,
            action_dest_portRule=self.action_dest_portRule,
            action_HTTPResponse=self.action_HTTPResponse,
            action_HTTPRequest=self.action_HTTPRequest,
            action_protocolRule=self.action_protocolRule,
            action_scanLoad=self.action_scanLoad)

        # Setup Montior object
        self.monitorObj = FirewallMonitor(interface=self.interface,
                                          debug=debug)

        # Integrations
        self.integrations = ['Firewall', 'Monitor']
Exemple #4
0
    def __init__(self, cred=None, debug=None):

        self.cred = cred

        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # Check for root
        if check_root():
            # Create DetectRecon object
            self.recon_obj = DetectRecon(threshold=self.cred["threshold"],
                                         debug=debug)

            interface = self.cred["interface"]
            if interface is not None and interface != "XXXX":
                self.interface = interface
            else:
                self.logger.log("Collecting interface", logtype="info")
                self.interface = get_interface()

            # Create R2LEngine object
            self.r2l_rules = R2LEngine(debug=debug, interface=self.interface)
            self.logger.log("IemlAV Intrusion Detection started",
                            logtype="info")
        else:
            self.logger.log("Run as root", logtype="error")
            sys.exit(1)
Exemple #5
0
    def __init__(self, debug=False):
        """
        Initialize DDoS attack detection.

        Args:
            None

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(
                __name__,
                debug=debug
        )

        # Initialize empty dicts
        self.sisp = OrderedDict()
        self.simp = OrderedDict()
        self.misp = OrderedDict()
        self.mimp = OrderedDict()

        # Initialize threshold to 10000 packets / per second
        self._THRESHOLD = 10000  # inter = 0.0001
Exemple #6
0
    def __init__(self, debug=False):
        """
        Initialize HiddenNode class.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # Initialize RTS & CTS count
        self.rts_count = 0
        self.cts_count = 0

        # Initialize RTS & CTS time
        self.rts_start_time = None
        self.cts_start_time = None

        # Initialize threshold
        self._THRESHOLD = 5  # inter = 0.2
Exemple #7
0
    def __init__(self,
                 interface=None,
                 debug=False,
                 ip_inbound=None,
                 ip_outbound=None,
                 protocols=None,
                 dns=None,
                 dports=None,
                 sports=None,
                 extensions=None,
                 action_inbound_IPRule=0,
                 action_outbound_IPRule=0,
                 action_DNSRule=0,
                 action_source_portRule=0,
                 action_dest_portRule=0,
                 action_HTTPResponse=1,
                 action_HTTPRequest=1,
                 action_protocolRule=0,
                 action_scanLoad=0):
        """Initilize PacketFilter class."""

        self.logger = logger.IemlAVLogger(__name__, debug)

        # Initialize with empty list
        if ip_inbound is None:
            ip_inbound = []
        if ip_outbound is None:
            ip_outbound = []
        if protocols is None:
            protocols = []
        if dns is None:
            dns = []
        if sports is None:
            sports = []
        if dports is None:
            dports = []
        if extensions is None:
            extensions = []

        self._action_inbound_IPRule = action_inbound_IPRule
        self._action_outbound_IPRule = action_outbound_IPRule
        self._action_protocolRule = action_protocolRule
        self._action_DNSRule = action_DNSRule
        self._action_source_portRule = action_source_portRule
        self._action_dest_portRule = action_dest_portRule
        self._action_HTTPRequest = action_HTTPRequest
        self._action_HTTPResponse = action_HTTPResponse
        self._action_scanLoad = action_scanLoad

        self._IP_INBOUND = ip_inbound
        self._IP_OUTBOUND = ip_outbound
        self._PROTCOLS = protocols
        self._DNS = dns
        self._DPORTS = dports
        self._SPORTS = sports
        self._EXTENSIONS = extensions

        # Initialize PcapWriter for PCAP dumping
        self.pktdump = PcapWriter("blocked.pcap", append=True, sync=True)
Exemple #8
0
    def __init__(self, threshold=None, debug=False):
        """Initialize DetectRecon class.

        Args:
            threshold (integer): Threshold ratio limit
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None

        Working:
            Detect the following possible probe (reconnaissance) attacks
            (performed for information gathering):

            - TCP ACK / Window Scan
            - UDP Scan
            - ICMP Scan
            - FIN Scan
            - NULL Scan
            - XMAS Scan
            - OS fingerprinting Scan
        """

        # Initialize logger
        self.logger = logger.IemlAVLogger(
                __name__,
                debug
        )

        # Set threshold
        if threshold is None:
            self._THRESHOLD = 100
        else:
            try:
                self._THRESHOLD = int(threshold)
            except ValueError:
                self.logger.log(
                    "Incorrent threshold, need an integer value.",
                    logtype="error"
                )
                sys.exit(0)

        # Set count threshold
        self._COUNT = self._THRESHOLD * 1000

        # Initialize empty dicts to store IPs
        self.tcp_ack = dict()
        self.icmp_scan = dict()
        self.udp_scan = dict()
        self.fin_scan = dict()
        self.xmas_scan = dict()
        self.null_scan = dict()
        self.os_scan = dict()
Exemple #9
0
    def __init__(self, debug=False):
        """
        Initialize PortScan.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(
                __name__,
                debug=debug
        )

        # OS name to auth-log path map
        self.system_log_map = {
            "debian": "/var/log/auth.log"
        }

        os_name = utils.categorize_os()
        self.log_file = None

        if os_name:
            try:
                self.log_file = self.system_log_map[os_name]
            except KeyError:
                self.logger.log(
                    "Could not find path for the auth-log file",
                    logtype="error"
                )
                return
        else:
            return

        # Salt to generate hashed username
        self.SALT = "<!@?>"

        # Regex to extract Received disconnect
        self.RECIEVED_DISCONNECT = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).' \
                                   r'*Received\sdisconnect\sfrom\s([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'

        # Initialize IP to count dict
        self.ip_dict = dict()

        # Set threshold to 5 attempts per second to detect port scan
        self.THRESHOLD = 5  # inter = 0.2
Exemple #10
0
    def __init__(self, interface=None, debug=False):
        """Initialize FirewallMonitor."""

        self.logger = logger.IemlAVLogger(self.module_name, debug)

        self._SLEEP = 5

        self.interface = interface

        self.machine_ip = socket.gethostbyname(socket.gethostname())
        self.open_ports = []
        self.network_data = {'bytes_sent': 0, 'bytes_recv': 0}
        self.process_list = []
        self.services_list = []
Exemple #11
0
    def __init__(self, debug=False):
        """
        Initialize LandAttack class.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)
Exemple #12
0
    def __init__(self, debug=False):
        """
        Initialize ARPCache class.
        Detect Man in The Middle Attack (MiTM) attacks.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)
Exemple #13
0
    def __init__(self, debug=False):
        """
        Initialize HarmfulCommnads.
        Detect harmful commands executed as root / sudo.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(
                __name__,
                debug=debug
        )

        # OS name to command-log path map
        self.system_log_map = {
            "debian": "/var/log/auth.log"
        }

        os_name = utils.categorize_os()
        self.log_file = None

        if os_name:
            try:
                self.log_file = self.system_log_map[os_name]
            except KeyError:
                self.logger.log(
                    "Could not find path for the command-log file",
                    logtype="error"
                )
                return
        else:
            return

        # Path for file of harmful commands
        self.COMMNAND_FILE_PATH = "iemlav/lib/log_monitor/system_log/harmful_command.txt"
        self.COMMAND = r'COMMAND=(.*\s)'  # regex to extract commands
        self.harmful_commands = utils.open_file(self.COMMNAND_FILE_PATH)
        self.found_harmful = []  # list of harmful commands found
Exemple #14
0
    def __init__(self, debug=False):
        """
        Initialize SSHLogin.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # OS name to SSH-log path map
        self.system_log_map = {"debian": "/var/log/auth.log"}

        os_name = utils.categorize_os()
        self.log_file = None

        if os_name:
            try:
                self.log_file = self.system_log_map[os_name]
            except KeyError:
                self.logger.log("Could not find path for the SSH-log file",
                                logtype="error")
                return
        else:
            return

        # Salt to generate hashed username
        self.SALT = "<!@?>"

        # Regex to extract invalid SSH login details
        self.INVALID_USER = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).*' \
                            r'Invalid\suser\s([a-zA-Z0-9_-]+)\sfrom\s([0-9]+\.' \
                            r'[0-9]+\.[0-9]+\.[0-9]+)'

        # Initialize username to IP dict
        self.username_dict = dict()

        # Set threshold to 5 attempts per second to detect brute-force
        self.THRESHOLD = 5  # inter = 0.2
Exemple #15
0
    def __init__(self, debug=False):
        """
        Initialize PingOfDeath.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # Initialize threshold
        self._THRESHOLD = 60000
Exemple #16
0
    def __init__(self, debug=False, cred=None):
        """
        Initialize ServerMode.

        Args:
            debug (bool): Log on terminal or not
            cred (dict): Configuration credentials

        Raises:
            None

        Returns
            None
        """
        self.debug = debug

        # Initialize logger
        self.logger = logger.IemlAVLogger(
                __name__,
                debug=self.debug
        )

        # Initialize credentials
        if cred is not None:
            self.cred = cred
        else:
            self.logger.log(
                "No configuraton parameters found, exiting",
                logtype="error"
            )
            sys.exit(0)

        # Initialize objects presence as false
        self.firewall = False
        self.ids = False
        self.antivirus = False
        self.auto_server_patcher = False
        self.web_deface = False
        self.server_log = False
        self.system_log = False

        # Initialize empty process pool list
        self.process_pool = list()
Exemple #17
0
    def __init__(self, debug=False):
        """
        Initialize CheckSync.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(
                __name__,
                debug=debug
        )

        # OS name to password-log path map
        self.system_log_map = {
            "debian": ["/etc/passwd", "/etc/shadow"]
        }

        os_name = utils.categorize_os()
        self.log_file = None

        if os_name:
            try:
                self.log_file = self.system_log_map[os_name]
            except KeyError:
                self.logger.log(
                    "Could not find path for the auth-log file",
                    logtype="error"
                )
                return
        else:
            return

        # Users collected from both the files
        # stored as list
        self.log1_users = []
        self.log2_users = []
Exemple #18
0
    def __init__(self, debug=False):
        """
        Initialize SynFlood.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)
        # Initialize SYN dictionary
        self.syn_dict = dict()

        # Set threshold to 1000 SYN packets / per second
        self._THRESHOLD = 1000  # inter = 0.001
Exemple #19
0
    def __init__(self, args):
        """Initialize ArgsHelper"""
        self.modulename = 'args_helper'

        self.cred = {}
        self.args = args

        if self.args.debug:
            self.cred['debug'] = self.args.debug
        else:
            self.cred['debug'] = False

        self.cred_provided = False
        self.firewall_provided = False
        self.ids_provided = False
        self.system_log_provided = False
        self.server_log_provided = False
        self.auto_server_patcher_provided = False
        self.antivirus_provided = False

        # Setup logger
        self.logger = logger.IemlAVLogger(self.modulename, self.cred['debug'])
Exemple #20
0
    def __init__(self, debug=False):
        """
        Initialize Deauth Class.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # Initialize time and count
        self.start_time = None
        self.count = 0

        # Set THRESHOLD to 5 De-auth packets / per second
        self._THRESHOLD = 5  # inter = 0.2
Exemple #21
0
    def __init__(self, debug=False):
        """
        Initialize CAM class.
        Detect CAM attack.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)
        # Initialize time
        self.start_time = None
        # Initialize cam_attack list
        self.cam_list = []
        # Initialize threshold to 256 MAC address / 6 second
        self._THRESHOLD = 256 / 6  # inter = 0.0234
Exemple #22
0
    def __init__(self, debug=False):
        """
        Initialize DHCP Class.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # Initialize required variables
        self.start_time = None
        self.count = 0

        # Set threshold to 10 Request / per second
        self._THRESHOLD = 10  # inter = 0.1
Exemple #23
0
    def __init__(self, debug=False):
        """
        Initialize FakeAccessPoint class.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(
                __name__,
                debug=debug
        )

        # Initialize access point dictionary
        self.ap_dict = dict()
        # Set threshold
        self._THRESHOLD = 3
Exemple #24
0
    def __init__(self, debug=False):
        """
        Initialize NonStdHash.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # OS name to auth-log path map
        self.system_log_map = {"debian": "/etc/shadow"}

        os_name = utils.categorize_os()
        self.log_file = None

        if os_name:
            try:
                self.log_file = self.system_log_map[os_name]
            except KeyError:
                self.logger.log(
                    "Could not find path for the password-log file",
                    logtype="error")
                return
        else:
            return

        # List of hashing algorithm used
        self.used_algo = []
        # Set THRESHOLD to 3 different hashing algorithm
        self.THRESHOLD = 3
Exemple #25
0
    def __init__(self,
                 interface=None,
                 debug=False):
        """
        Initialize SSIDSpoof class.

        Args:
            interface (str): Name of the interface to monitor
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(
                __name__,
                debug=debug
        )

        self.interface = interface
        self.scan_dict = dict()
Exemple #26
0
    def __init__(self, debug=False):
        """
        Initialize DetSniffer.

        Args:
            debug (bool): Log on terminal or not

        Raises:
            None

        Returns:
            None
        """
        # Initialize logger
        self.logger = logger.IemlAVLogger(__name__, debug=debug)

        # OS name to sys-log path map
        self.system_log_map = {"debian": "/var/log/syslog"}

        os_name = utils.categorize_os()
        self.log_file = None

        if os_name:
            try:
                self.log_file = self.system_log_map[os_name]
            except KeyError:
                self.logger.log("Could not find path for the SSH-log file",
                                logtype="error")
                return
        else:
            return

        # Regex to find malicious sniffer
        self.SNIFFER = r"device\s([a-zA-Z0-9_-]+)\s.*promisc"
        # List of promisc devices
        self.found_promisc = []
Exemple #27
0
# -*- coding: utf-8 -*-

from iemlav.lib.firewall.mapping import *
import subprocess
import re
import os
from iemlav import logger

# Initialize logger with debug=False
utils_logger = logger.IemlAVLogger(__name__, debug=False)


def setup_logger(debug):

    global utils_logger
    utils_logger = logger.IemlAVLogger(__name__, debug)


def complement(value):

    if int(value) == 1:
        return 0
    else:
        return 1


def xnor(func):
    """XNOR Function.

    Working:
        XNOR Table:
Exemple #28
0
def setup_logger(debug):

    global utils_logger
    utils_logger = logger.IemlAVLogger(__name__, debug)
Exemple #29
0
 def __init__(self):
     """Init logger params."""
     self.logger = logger.IemlAVLogger(self.modulename)
Exemple #30
0
    def __init__(self, cred=None, debug=None):
        """Initialize IemlAVFirewall."""

        self.cred = cred['firewall']
        self.debug = cred['debug']
        self.logger = logger.IemlAVLogger(__name__, debug=self.debug)