Exemple #1
0
 def os_fingerprint(self, timestamp):
     IPChecks = network()
     for i in host_current.select(host_current.hostIP,
                                  host_current.hostname).where(
                                      host_current.scanTime == timestamp):
         host_id = host_current.get(host_current.hostname == i.hostname).id
         print bcolors.OKBLUE + 'Trying to discover OS for ' + i.hostname + '....' + bcolors.ENDC
         hostOS = IPChecks.os_match(i.hostIP, 'lan')
         if hostOS[1] == '0':
             print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[
                 0] + bcolors.ENDC
             os_match.create(hostID=host_id,
                             os=hostOS[0],
                             confidence='100',
                             scanTime=timestamp)
         elif hostOS[0] == 'Unknown':
             print bcolors.OKGREEN + 'Unable to identify OS for ' + i.hostname + bcolors.ENDC
         else:
             print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[
                 0] + ' with a confidence of ' + hostOS[
                     1] + '%' + bcolors.ENDC
             os_match.create(hostID=host_id,
                             os=hostOS[0],
                             confidence=hostOS[1],
                             scanTime=timestamp)
Exemple #2
0
 def os_fingerprint(self, timestamp):
     IPChecks = network()
     for i in host_current.select(host_current.hostIP, host_current.hostname).where(host_current.scanTime == timestamp):
         host_id = host_current.get(host_current.hostname == i.hostname).id
         print bcolors.OKBLUE + 'Trying to discover OS for ' + i.hostname + '....' + bcolors.ENDC
         hostOS = IPChecks.os_match(i.hostIP, 'lan')
         if hostOS[1] == '0':
             print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[0] + bcolors.ENDC
             os_match.create(hostID=host_id, os=hostOS[0], confidence='100', scanTime=timestamp)
         elif hostOS[0] == 'Unknown':
             print bcolors.OKGREEN + 'Unable to identify OS for ' + i.hostname + bcolors.ENDC
         else:
             print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[0] + ' with a confidence of ' + hostOS[1] + '%' + bcolors.ENDC
             os_match.create(hostID=host_id, os=hostOS[0], confidence=hostOS[1], scanTime=timestamp)
Exemple #3
0
def main():
    try:
        #  Output the latest scan in JSON format
        def create_json_report():
            print 'Creating report..'
            results = dict()
            for i in host_current.select(host_current.id, host_current.hostIP, host_current.hostname).where(host_current.scanTime == timestamp):
                os = os_match.get(os_match.hostID == i.id, os_match.scanTime == timestamp)
                results[i.hostname] = {'ip' : i.hostIP, 'os' : {'type' : os.os, 'confidence': os.confidence}}
                results[i.hostname].update({'scan':{}})
                for portresults in services.select(services.hostID, services.portID).where(services.scanTime == timestamp).where(services.hostID == i.id):
                    results[i.hostname]['scan'].update({ portresults.portID : { 'description' : ports.get(ports.port == portresults.portID).description }})
            return json.dumps(results, indent=2)

        # Set primary interface name variable
        primaryIf='eth0'
        # Create network checking object
        IPChecks = network()
        # Set current IP address variable
        currentIP = commands.getoutput("/sbin/ifconfig").split("\n")[1].split()[1][5:]
        # Set current IP range in CIDR format variable
        currentRange = str(IPNetwork(currentIP + "/" + str(IPChecks.getBits(IPChecks.get_netmask(primaryIf)))).network) + "/" + str(IPChecks.getBits(IPChecks.get_netmask(primaryIf)))
        # Set current time variable
        timestamp = int(time.time())

        print bcolors.OKGREEN
        print "   _____ _                       __  __              "
        print "  / ____| |                     |  \/  |             "
        print " | (___ | |_ ___  _ __ _ __ ___ | \  / | __ _ _ __   "
        print "  \___ \| __/ _ \| '__| '_ ` _ \| |\/| |/ _` | '_ \  "
        print "  ____) | || (_) | |  | | | | | | |  | | (_| | |_) | "
        print " |_____/ \__\___/|_|  |_| |_| |_|_|  |_|\__,_| .__/  "
        print bcolors.OKBLUE + "  Network Mapping and Discovery       " + bcolors.OKGREEN + "       | |     "
        print bcolors.OKBLUE + "  Simon Beattie // @Si_Bt // 2013     " + bcolors.OKGREEN + "       |_|     "
        print bcolors.ENDC

        # If no arguements have been passed, exit program
        if not (args.target or args.port or args.os or args.auto):
            print "Type stormmapper.py --help for options"
            print
            os.unlink(pidfile)
            quit()

        # Create current scan object
        current_scan = scanners()
        # Set time of last scan ran
        maxTime = []
        for i in host_current.select(host_current.scanTime):
            maxTime.append(i.scanTime)
        lastScan = max(maxTime)
        # Run automatic scan on current IP range (this is usually triggered by web/AutoScanCron.php
        if args.auto:
            current_scan.discovery_scan(currentRange,timestamp)
            current_scan.port_scan(timestamp)
            current_scan.os_fingerprint(timestamp)
            print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC

        # Run discovery scan on specified range (CIDR), or ip address
        if args.target:
            current_scan.discovery_scan(args.target,timestamp)
            print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC

        # Run port-scan on all targets added or updated in last discovery scan
        if args.port:
            current_scan.port_scan(lastScan)
            print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC

        # Run operating system scan on all targets added or updated in last discovery scan
        if args.os:
            current_scan.os_fingerprint(lastScan)
            print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC

        # Output the latest scan in JSON format
        if args.output:
            print create_json_report()

        #Cleanup pid file
        os.unlink(pidfile)

    # Capture exits and errors
    except KeyboardInterrupt:
        print "Shutdown requested.. exiting"
        os.unlink(pidfile)
    except Exception:
        logging.exception('StormMapper Error')
        print "An error has occurred - Check the logs!"
        os.unlink(pidfile)
Exemple #4
0
        def discovery_scanner(host, scan_result):
            IPChecks = network()

            primaryIf='eth0'
            currentIP = commands.getoutput("/sbin/ifconfig").split("\n")[1].split()[1][5:]
            currentCIDR = IPChecks.getBits(IPChecks.get_netmask(primaryIf))
            currentPreRange = currentIP + "/" + str(currentCIDR)
            ip2 = IPNetwork(currentPreRange)
            currentRange = str(ip2.network) + "/" + str(currentCIDR)

            addMac = True
            added = False
            try:
                    scan_result['scan'][host]['status']['state'] == 'up'
            except:
                    pass
            else:
                    if IPChecks.subnetCheck(host, currentRange) == True:
                        macEnable = True
                        try:
                            ms=IPChecks.getMac(host)
                            macsuffix='-' + ms[12:]
                        except:
                            macsuffix=''

                        #Check if hostname has been found
                        hostnametemp = scan_result['scan'][host]['hostname']
                        if (hostnametemp == "" or hostnametemp == "UNKNOWN"):
                            try:
                                hostnameNice = socket.gethostbyaddr(host)[0] + macsuffix
                            except:
                                hostnameNice = host + macsuffix
                        else:
                            hostnameNice = scan_result['scan'][host]['hostname'] + macsuffix
                    else:
                        #Check if hostname has been found
                        macEnable = False
                        hostnametemp = scan_result['scan'][host]['hostname']
                        if (hostnametemp == "" or hostnametemp == "UNKNOWN"):
                            try:
                                hostnameNice = socket.gethostbyaddr(host)[0] + '- remote'
                            except:
                                hostnameNice = host + '- remote'
                        else:
                            hostnameNice = scan_result['scan'][host]['hostname'] + '- remote'

                    for i in host_current.select().where(host_current.hostname == hostnameNice):
                        #If the hostname is there, but IP has changed...
                        if i.hostname == hostnameNice and i.hostIP != host:
                            hostUpdate = host_current.update(hostIP=host, scanTime=timestamp).where(host_current.hostname == hostnameNice)
                            hostUpdate.execute()
                            print bcolors.OKBLUE + 'Existing Host Updated' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
                            added = True
                        #If the hostname and IP address match
                        elif i.hostname == hostnameNice and i.hostIP == host:
                            print bcolors.OKGREEN + 'Existing Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
                            hostUpdate = host_current.update(scanTime=timestamp).where(host_current.hostname == hostnameNice)
                            hostUpdate.execute()
                            added = True
                        #If the hostname is not in the list at all
                    if added == True:
                        pass
                    else:
                        host_current.create(hostname=hostnameNice, hostIP=host, scanTime=timestamp)
                        print bcolors.WARNING + 'New Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'


                    if macEnable == True:
                        macAddress=IPChecks.getMac(host)
                        if macAddress:
                            for m in mac_address.select().where(mac_address.hostname == hostnameNice):
                                if m.macAddr == macAddress:
                                    addMac = False
                                    pass
                            if addMac == True:
                                mac_address.create(
                                    hostname=hostnameNice,
                                    macAddr=macAddress,
                                    scanTime=timestamp,
                                )
                                print bcolors.OKGREEN + 'MAC address stored ' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + macAddress + ' )'
Exemple #5
0
        def discovery_scanner(host, scan_result):
            IPChecks = network()

            primaryIf = 'eth0'
            currentIP = commands.getoutput("/sbin/ifconfig").split(
                "\n")[1].split()[1][5:]
            currentCIDR = IPChecks.getBits(IPChecks.get_netmask(primaryIf))
            currentPreRange = currentIP + "/" + str(currentCIDR)
            ip2 = IPNetwork(currentPreRange)
            currentRange = str(ip2.network) + "/" + str(currentCIDR)

            addMac = True
            added = False
            try:
                scan_result['scan'][host]['status']['state'] == 'up'
            except:
                pass
            else:
                if IPChecks.subnetCheck(host, currentRange) == True:
                    macEnable = True
                    try:
                        ms = IPChecks.getMac(host)
                        macsuffix = '-' + ms[12:]
                    except:
                        macsuffix = ''

                    #Check if hostname has been found
                    hostnametemp = scan_result['scan'][host]['hostname']
                    if (hostnametemp == "" or hostnametemp == "UNKNOWN"):
                        try:
                            hostnameNice = socket.gethostbyaddr(
                                host)[0] + macsuffix
                        except:
                            hostnameNice = host + macsuffix
                    else:
                        hostnameNice = scan_result['scan'][host][
                            'hostname'] + macsuffix
                else:
                    #Check if hostname has been found
                    macEnable = False
                    hostnametemp = scan_result['scan'][host]['hostname']
                    if (hostnametemp == "" or hostnametemp == "UNKNOWN"):
                        try:
                            hostnameNice = socket.gethostbyaddr(
                                host)[0] + '- remote'
                        except:
                            hostnameNice = host + '- remote'
                    else:
                        hostnameNice = scan_result['scan'][host][
                            'hostname'] + '- remote'

                for i in host_current.select().where(
                        host_current.hostname == hostnameNice):
                    #If the hostname is there, but IP has changed...
                    if i.hostname == hostnameNice and i.hostIP != host:
                        hostUpdate = host_current.update(
                            hostIP=host, scanTime=timestamp).where(
                                host_current.hostname == hostnameNice)
                        hostUpdate.execute()
                        print bcolors.OKBLUE + 'Existing Host Updated' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
                        added = True
                    #If the hostname and IP address match
                    elif i.hostname == hostnameNice and i.hostIP == host:
                        print bcolors.OKGREEN + 'Existing Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
                        hostUpdate = host_current.update(
                            scanTime=timestamp).where(
                                host_current.hostname == hostnameNice)
                        hostUpdate.execute()
                        added = True
                    #If the hostname is not in the list at all
                if added == True:
                    pass
                else:
                    host_current.create(hostname=hostnameNice,
                                        hostIP=host,
                                        scanTime=timestamp)
                    print bcolors.WARNING + 'New Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'

                if macEnable == True:
                    macAddress = IPChecks.getMac(host)
                    if macAddress:
                        for m in mac_address.select().where(
                                mac_address.hostname == hostnameNice):
                            if m.macAddr == macAddress:
                                addMac = False
                                pass
                        if addMac == True:
                            mac_address.create(
                                hostname=hostnameNice,
                                macAddr=macAddress,
                                scanTime=timestamp,
                            )
                            print bcolors.OKGREEN + 'MAC address stored ' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + macAddress + ' )'
Exemple #6
0
def main():
    try:
        #  Output the latest scan in JSON format
        def create_json_report():
            print 'Creating report..'
            results = dict()
            for i in host_current.select(
                    host_current.id, host_current.hostIP,
                    host_current.hostname).where(
                        host_current.scanTime == timestamp):
                os = os_match.get(os_match.hostID == i.id,
                                  os_match.scanTime == timestamp)
                results[i.hostname] = {
                    'ip': i.hostIP,
                    'os': {
                        'type': os.os,
                        'confidence': os.confidence
                    }
                }
                results[i.hostname].update({'scan': {}})
                for portresults in services.select(
                        services.hostID, services.portID).where(
                            services.scanTime == timestamp).where(
                                services.hostID == i.id):
                    results[i.hostname]['scan'].update({
                        portresults.portID: {
                            'description':
                            ports.get(
                                ports.port == portresults.portID).description
                        }
                    })
            return json.dumps(results, indent=2)

        # Set primary interface name variable
        primaryIf = 'eth0'
        # Create network checking object
        IPChecks = network()
        # Set current IP address variable
        currentIP = commands.getoutput("/sbin/ifconfig").split(
            "\n")[1].split()[1][5:]
        # Set current IP range in CIDR format variable
        currentRange = str(
            IPNetwork(currentIP + "/" +
                      str(IPChecks.getBits(IPChecks.get_netmask(primaryIf)))).
            network) + "/" + str(
                IPChecks.getBits(IPChecks.get_netmask(primaryIf)))
        # Set current time variable
        timestamp = int(time.time())

        print bcolors.OKGREEN
        print "   _____ _                       __  __              "
        print "  / ____| |                     |  \/  |             "
        print " | (___ | |_ ___  _ __ _ __ ___ | \  / | __ _ _ __   "
        print "  \___ \| __/ _ \| '__| '_ ` _ \| |\/| |/ _` | '_ \  "
        print "  ____) | || (_) | |  | | | | | | |  | | (_| | |_) | "
        print " |_____/ \__\___/|_|  |_| |_| |_|_|  |_|\__,_| .__/  "
        print bcolors.OKBLUE + "  Network Mapping and Discovery       " + bcolors.OKGREEN + "       | |     "
        print bcolors.OKBLUE + "  Simon Beattie // @Si_Bt // 2013     " + bcolors.OKGREEN + "       |_|     "
        print bcolors.ENDC

        # If no arguements have been passed, exit program
        if not (args.target or args.port or args.os or args.auto):
            print "Type stormmapper.py --help for options"
            print
            os.unlink(pidfile)
            quit()

        # Create current scan object
        current_scan = scanners()
        # Set time of last scan ran
        maxTime = []
        for i in host_current.select(host_current.scanTime):
            maxTime.append(i.scanTime)
        lastScan = max(maxTime)
        # Run automatic scan on current IP range (this is usually triggered by web/AutoScanCron.php
        if args.auto:
            current_scan.discovery_scan(currentRange, timestamp)
            current_scan.port_scan(timestamp)
            current_scan.os_fingerprint(timestamp)
            print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC

        # Run discovery scan on specified range (CIDR), or ip address
        if args.target:
            current_scan.discovery_scan(args.target, timestamp)
            print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC

        # Run port-scan on all targets added or updated in last discovery scan
        if args.port:
            current_scan.port_scan(lastScan)
            print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC

        # Run operating system scan on all targets added or updated in last discovery scan
        if args.os:
            current_scan.os_fingerprint(lastScan)
            print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC

        # Output the latest scan in JSON format
        if args.output:
            print create_json_report()

        #Cleanup pid file
        os.unlink(pidfile)

    # Capture exits and errors
    except KeyboardInterrupt:
        print "Shutdown requested.. exiting"
        os.unlink(pidfile)
    except Exception:
        logging.exception('StormMapper Error')
        print "An error has occurred - Check the logs!"
        os.unlink(pidfile)