Exemple #1
0
    def echoMulticastQuery(self, receive=False):
        ip_packet = createIPv6()
        ip_packet.fields["dst"] = "ff02::1"
        ip_packet.fields["nh"] = 0

        router_alert = RouterAlert()
        router_alert.fields["otype"] = 5
        router_alert.fields["value"] = 0
        router_alert.fields["optlen"] = 2

        padding = PadN()
        padding.fields["otype"] = 1
        padding.fields["optlen"] = 0

        ip_ext = IPv6ExtHdrHopByHop()
        ip_ext.fields["nh"] = 58
        ip_ext.fields["options"] = [router_alert, padding]
        ip_ext.fields["autopad"] = 1

        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        icmp_packet = ICMPv6MLQuery()
        icmp_packet.fields["code"] = 0
        icmp_packet.fields["reserved"] = 0
        icmp_packet.fields["mladdr"] = "::"
        flags = "02"
        qqic = "7d"  #125
        numberOfSources = "0000"
        raw = Raw()
        raw.fields["load"] = binascii.unhexlify(flags + qqic + numberOfSources)

        payload = ip_packet / ip_ext / icmp_packet / raw

        if receive:
            filter = lambda (packet): IPv6 in packet
            ###Add function here
            responseDict = {}
            responses = self.send_receive(payload, filter, 8)
            for response in responses:
                if self.isMulticastReportv2(response):
                    reports = self.parseMulticastReport(response[Raw])
                    ip = response[IPv6].src
                    rawSrc = copy(response[IPv6])
                    rawSrc.remove_payload()
                    rawSrc = grabRawSrc(rawSrc)
                    mac = getMacAddress(rawSrc)
                    if ip in responseDict:
                        responseDict[ip]["multicast_report"] += reports
                    else:
                        responseDict[ip] = {
                            "mac": mac,
                            "multicast_report": reports
                        }
            return responseDict
        else:
            send(payload)
Exemple #2
0
    def echoMulticastQuery(self, receive=False):
        ip_packet = createIPv6()
        ip_packet.fields["dst"] = "ff02::1"
        ip_packet.fields["nh"] = 0

        router_alert = RouterAlert()
        router_alert.fields["otype"] = 5
        router_alert.fields["value"] = 0
        router_alert.fields["optlen"] = 2

        padding = PadN()
        padding.fields["otype"] = 1
        padding.fields["optlen"] = 0

        ip_ext = IPv6ExtHdrHopByHop()
        ip_ext.fields["nh"] = 58
        ip_ext.fields["options"] = [router_alert, padding]
        ip_ext.fields["autopad"] = 1

        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        icmp_packet = ICMPv6MLQuery()
        icmp_packet.fields["code"] = 0
        icmp_packet.fields["reserved"] = 0
        icmp_packet.fields["mladdr"] = "::"
        flags = "02"
        qqic = "7d"  # 125
        numberOfSources = "0000"
        raw = Raw()
        raw.fields["load"] = binascii.unhexlify(flags + qqic + numberOfSources)

        payload = ip_packet / ip_ext / icmp_packet / raw

        if receive:
            filter = lambda (packet): IPv6 in packet
            ###Add function here
            responseDict = {}
            responses = self.send_receive(payload, filter, 8)
            for response in responses:
                if self.isMulticastReportv2(response):
                    reports = self.parseMulticastReport(response[Raw])
                    ip = response[IPv6].src
                    rawSrc = copy(response[IPv6])
                    rawSrc.remove_payload()
                    rawSrc = grabRawSrc(rawSrc)
                    mac = getMacAddress(rawSrc)
                    if ip in responseDict:
                        responseDict[ip]["multicast_report"] += reports
                    else:
                        responseDict[ip] = {"mac": mac, "multicast_report": reports}
            return responseDict
        else:
            send(payload)
Exemple #3
0
    def echoAllNodes(self, receive=False):
        ip_packet = createIPv6()
        ip_packet.fields["version"] = 6L
        ip_packet.fields["tc"] = 0L
        ip_packet.fields["nh"] = 58
        ip_packet.fields["hlim"] = 1
        ip_packet.fields["dst"] = "ff02::1"
        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)
        """
               #ICMPv6 Packet
               0                   1                   2                   3
               0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              |     Type      |     Code      |          Checksum             |
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              |                                                               |
              +                         Message Body                          +
              |                                                               |
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        """

        icmp_packet = ICMPv6EchoRequest()
        icmp_packet.fields["code"] = 0
        icmp_packet.fields["seq"] = 1
        icmp_packet.fields["type"] = 128
        data = "e3d3f15500000000f7f0010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637"
        icmp_packet.fields["data"] = binascii.unhexlify(data)

        # if receive is true, set up listener
        if receive:
            build_lfilter = lambda (packet): ICMPv6EchoReply in packet
            pool = ThreadPool(processes=1)
            async_result = pool.apply_async(self.listenForEcho,
                                            [build_lfilter])

        send(ip_packet / icmp_packet, verbose=False)

        # if receive, return response
        if receive:
            responseDict = {}
            return_val = async_result.get()
            for response in return_val:
                ip = response[IPv6].src
                rawSrc = copy(response[IPv6])
                rawSrc.remove_payload()
                rawSrc = grabRawSrc(rawSrc)
                mac = getMacAddress(rawSrc)
                responseDict[ip] = {"mac": mac}
            return responseDict
Exemple #4
0
    def echoAllNodes(self, receive=False):
        ip_packet = createIPv6()
        ip_packet.fields["version"] = 6L
        ip_packet.fields["tc"] = 0L
        ip_packet.fields["nh"] = 58
        ip_packet.fields["hlim"] = 1
        ip_packet.fields["dst"] = "ff02::1"
        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        """
               #ICMPv6 Packet
               0                   1                   2                   3
               0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              |     Type      |     Code      |          Checksum             |
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              |                                                               |
              +                         Message Body                          +
              |                                                               |
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        """

        icmp_packet = ICMPv6EchoRequest()
        icmp_packet.fields["code"] = 0
        icmp_packet.fields["seq"] = 1
        icmp_packet.fields["type"] = 128
        data = "e3d3f15500000000f7f0010000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637"
        icmp_packet.fields["data"] = binascii.unhexlify(data)

        # if receive is true, set up listener
        if receive:
            build_lfilter = lambda (packet): ICMPv6EchoReply in packet
            pool = ThreadPool(processes=1)
            async_result = pool.apply_async(self.listenForEcho, [build_lfilter])

        send(ip_packet / icmp_packet, verbose=False)

        # if receive, return response
        if receive:
            responseDict = {}
            return_val = async_result.get()
            for response in return_val:
                ip = response[IPv6].src
                rawSrc = copy(response[IPv6])
                rawSrc.remove_payload()
                rawSrc = grabRawSrc(rawSrc)
                mac = getMacAddress(rawSrc)
                responseDict[ip] = {"mac": mac}
            return responseDict
Exemple #5
0
    def dig_noreceive(self, ip, version=6):
        response_return = ""
        ip_packet = createIPv6()
        ip_packet.fields["nh"] = 17  #DNS
        ip_packet.fields["hlim"] = 255
        ip_packet.fields["dst"] = "ff02::fb"
        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        udp_segment = UDP()
        udp_segment.fields["dport"] = 5353
        udp_segment.fields["sport"] = 5353

        transaction_id = "0002"
        flags = "0000"
        questions = "0001"
        answer_rrs = "0000"
        authority_rrs = "0000"
        additional_rrs = "0000"

        if version == 4:
            questionList = [".".join(ip.split(".")[::-1]) + ".in-addr.arpa"]
        elif version == 6:
            ipaddress = []
            digits = ip.replace(":", "")
            digits = digits[:4] + "000000000000" + digits[4:]
            for digit in digits[::-1]:
                ipaddress.append(digit)
            questionList = [".".join(ipaddress) + ".ip6.arpa"]

        payload = ""
        for questionName in questionList:
            queryType = "000c"  # domain pointer
            questionIn = "8001"
            payload += binascii.hexlify(
                str(DNSQR(qname=questionName, qtype='PTR')))[:-4] + "8001"
        queryInfo = transaction_id + flags + "{:04x}".format(
            len(questionList)) + answer_rrs + authority_rrs + additional_rrs
        payload = queryInfo + payload
        raw = Raw()
        raw.fields["load"] = binascii.unhexlify(payload)

        send(ip_packet / udp_segment / raw, verbose=False)
Exemple #6
0
    def dig_noreceive(self,ip,version=6):
        response_return = ""
        ip_packet = createIPv6()
        ip_packet.fields["nh"] = 17 #DNS
        ip_packet.fields["hlim"] = 255
        ip_packet.fields["dst"] = "ff02::fb"
        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        udp_segment = UDP()
        udp_segment.fields["dport"] = 5353
        udp_segment.fields["sport"] = 5353

        transaction_id = "0002"
        flags = "0000"
        questions = "0001"
        answer_rrs = "0000"
        authority_rrs = "0000"
        additional_rrs = "0000"


        if version == 4:
            questionList = [".".join(ip.split(".")[::-1]) + ".in-addr.arpa"]
        elif version == 6:
            ipaddress = []
            digits = ip.replace(":","")
            digits = digits[:4] + "000000000000" + digits[4:]
            for digit in digits[::-1]:
                ipaddress.append(digit)
            questionList = [".".join(ipaddress) + ".ip6.arpa"]

        payload = ""
        for questionName in questionList:
            queryType = "000c" # domain pointer
            questionIn = "8001"
            payload += binascii.hexlify(str(DNSQR(qname=questionName,qtype='PTR')))[:-4] + "8001"
        queryInfo = transaction_id + flags + "{:04x}".format(len(questionList)) + answer_rrs + authority_rrs + additional_rrs
        payload = queryInfo + payload
        raw = Raw()
        raw.fields["load"] = binascii.unhexlify(payload)

        send(ip_packet/udp_segment/raw, verbose=False)
Exemple #7
0
    def echoAllNodeNames(self, receive=False):
        ip_packet = createIPv6()
        ip_packet.fields["dst"] = "ff02::1"

        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        icmp_packet = ICMPv6NIQueryName()
        icmp_packet.fields["code"] = 0
        icmp_packet.fields["type"] = 139
        icmp_packet.fields["unused"] = 0L
        icmp_packet.fields["flags"] = 0L
        icmp_packet.fields["qtype"] = 2
        icmp_packet.fields["data"] = (0, 'ff02::1')

        # set up sniffer if receive
        if receive:
            build_lfilter = lambda (packet): ICMPv6NIReplyName in packet
            pool = ThreadPool(processes=1)
            async_result = pool.apply_async(self.listenForEcho,
                                            [build_lfilter])

        send(ip_packet / icmp_packet)

        # return response if receive
        if receive:
            responseDict = {}
            return_val = async_result.get()
            for response in return_val:
                ip = response[IPv6].src
                rawSrc = copy(response[IPv6])
                rawSrc.remove_payload()
                rawSrc = grabRawSrc(rawSrc)
                mac = getMacAddress(rawSrc)
                device_name = response[ICMPv6NIReplyName].fields["data"][1][
                    1].strip()
                responseDict[ip] = {"mac": mac, "device_name": device_name}
            return responseDict
Exemple #8
0
    def echoAllNodeNames(self, receive=False):
        ip_packet = createIPv6()
        ip_packet.fields["dst"] = "ff02::1"

        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        icmp_packet = ICMPv6NIQueryName()
        icmp_packet.fields["code"] = 0
        icmp_packet.fields["type"] = 139
        icmp_packet.fields["unused"] = 0L
        icmp_packet.fields["flags"] = 0L
        icmp_packet.fields["qtype"] = 2
        icmp_packet.fields["data"] = (0, "ff02::1")

        # set up sniffer if receive
        if receive:
            build_lfilter = lambda (packet): ICMPv6NIReplyName in packet
            pool = ThreadPool(processes=1)
            async_result = pool.apply_async(self.listenForEcho, [build_lfilter])

        send(ip_packet / icmp_packet)

        # return response if receive
        if receive:
            responseDict = {}
            return_val = async_result.get()
            for response in return_val:
                ip = response[IPv6].src
                rawSrc = copy(response[IPv6])
                rawSrc.remove_payload()
                rawSrc = grabRawSrc(rawSrc)
                mac = getMacAddress(rawSrc)
                device_name = response[ICMPv6NIReplyName].fields["data"][1][1].strip()
                responseDict[ip] = {"mac": mac, "device_name": device_name}
            return responseDict
Exemple #9
0
    def mDNSQuery(self, receive=False):
        ip_packet = createIPv6()
        ip_packet.fields["nh"] = 17  #DNS
        ip_packet.fields["hlim"] = 255
        ip_packet.fields["dst"] = "ff02::fb"
        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        udp_segment = UDP()
        udp_segment.fields["dport"] = 5353
        udp_segment.fields["sport"] = 5353

        transaction_id = "0002"
        flags = "0000"
        questions = "0001"
        answer_rrs = "0000"
        authority_rrs = "0000"
        additional_rrs = "0000"

        questionListAll = [
            '_device-info._tcp', '_spotify-connect._tcp', '_googlecast._tcp',
            '_services._dns-sd._udp', '_apple-mobdev2._tcp',
            '_workstation_tcp', '_http_tcp', '_https_tcp', '_rss_tcp',
            '_domain_udp', '_ntp_udp', '_smb_tcp', '_airport_tcp', '_ftp_tcp',
            '_tftp_udp', '_webdav_tcp', '_webdavs_tcp', '_afpovertcp_tcp',
            '_nfs_tcp', '_sftp-ssh_tcp', '_apt_tcp', '_ssh_tcp', '_rfb_tcp',
            '_telnet_tcp', '_timbuktu_tcp', '_net-assistant_udp', '_imap_tcp',
            '_pop3_tcp', '_printer_tcp', '_pdl-datastream_tcp', '_ipp_tcp',
            '_daap_tcp', '_dacp_tcp', '_realplayfavs_tcp', '_raop_tcp',
            '_rtsp_tcp', '_rtp_udp', '_dpap_tcp', '_pulse-server_tcp',
            '_pulse-sink_tcp', '_pulse-source_tcp', '_mpd_tcp',
            '_vlc-http_tcp', '_presence_tcp', '_sip_udp', '_h323_tcp',
            '_presenc_olp', '_iax_udp', '_skype_tcp', '_see_tcp', '_lobby_tcp',
            '_postgresql_tcp', '_svn_tcp', '_distcc_tcp',
            '_MacOSXDupSuppress_tcp', '_ksysguard_tcp', '_omni-bookmark_tcp',
            '_acrobatSRV_tcp', '_adobe-vc_tcp', '_pgpkey-hkp_tcp', '_ldap_tcp',
            '_tp_tcp', '_tps_tcp', '_tp-http_tcp', '_tp-https_tcp',
            '_workstation._tcp', '_http._tcp', '_https._tcp', '_rss._tcp',
            '_domain._udp', '_ntp._udp', '_smb._tcp', '_airport._tcp',
            '_ftp._tcp', '_tftp._udp', '_webdav._tcp', '_webdavs._tcp',
            '_afpovertcp._tcp', '_nfs._tcp', '_sftp-ssh._tcp', '_apt._tcp',
            '_ssh._tcp', '_rfb._tcp', '_telnet._tcp', '_timbuktu._tcp',
            '_net-assistant._udp', '_imap._tcp', '_pop3._tcp', '_printer._tcp',
            '_pdl-datastream._tcp', '_ipp._tcp', '_daap._tcp', '_dacp._tcp',
            '_realplayfavs._tcp', '_raop._tcp', '_rtsp._tcp', '_rtp._udp',
            '_dpap._tcp', '_pulse-server._tcp', '_pulse-sink._tcp',
            '_pulse-source._tcp', '_mpd._tcp', '_vlc-http._tcp',
            '_presence._tcp', '_sip._udp', '_h323._tcp', '_presenc._olp',
            '_iax._udp', '_skype._tcp', '_see._tcp', '_lobby._tcp',
            '_postgresql._tcp', '_svn._tcp', '_distcc._tcp',
            '_MacOSXDupSuppress._tcp', '_ksysguard._tcp',
            '_omni-bookmark._tcp', '_acrobatSRV._tcp', '_adobe-vc._tcp',
            '_pgpkey-hkp._tcp', '_ldap._tcp', '_tp._tcp', '_tps._tcp',
            '_tp-http._tcp', '_tp-https._tcp'
        ]
        #questionList = questionList[:50]

        if receive:
            build_lfilter = lambda (
                packet): IPv6 in packet and UDP in packet and packet[
                    UDP].dport == 5353
            pool = ThreadPool(processes=1)
            async_result = pool.apply_async(
                self.listenForEcho,
                [build_lfilter, 5])  # tuple of args for foo

        for questionList in self.chunker(questionListAll, 20):
            payload = ""
            for questionName in questionList:
                queryType = "000c"  # domain pointer
                questionIn = "8001"
                payload += binascii.hexlify(
                    str(DNSQR(qname=questionName + ".local",
                              qtype='PTR')))[:-4] + "8001"
            queryInfo = transaction_id + flags + "{:04x}".format(
                len(questionList)
            ) + answer_rrs + authority_rrs + additional_rrs
            payload = queryInfo + payload
            raw = Raw()
            raw.fields["load"] = binascii.unhexlify(payload)

            send(ip_packet / udp_segment / raw)

        if receive:
            responseDict = {}
            return_val = async_result.get()
            for response in return_val:
                ip = response[IPv6].src
                rawSrc = copy(response[IPv6])
                rawSrc.remove_payload()
                rawSrc = grabRawSrc(rawSrc)
                mac = getMacAddress(rawSrc)
                if ip not in responseDict:
                    responseDict[ip] = {"mac": mac}

                dnsDict = {}

                try:
                    dnsDict = self.parsemDNS(response[Raw])
                except Exception, e:
                    print e
                if dnsDict:
                    responseDict[ip].update({"dns_data": dnsDict})
            return responseDict
Exemple #10
0
    def llmnr(self, ip, version=6):
        ip_packet = createIPv6()
        ip_packet.fields["nh"] = 17  #DNS
        ip_packet.fields["hlim"] = 255
        ip_packet.fields["dst"] = "ff02::1:3"
        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        udp_segment = UDP()
        udp_segment.fields["dport"] = 5355
        udp_segment.fields["sport"] = 5355

        transaction_id = "0002"
        flags = "0000"
        questions = "0001"
        answer_rrs = "0000"
        authority_rrs = "0000"
        additional_rrs = "0000"

        if version == 4:
            questionList = [".".join(ip.split(".")[::-1]) + ".in-addr.arpa"]
        elif version == 6:
            ipaddress = []
            digits = ip.replace(":", "")
            digits = digits[:4] + "000000000000" + digits[4:]
            for digit in digits[::-1]:
                ipaddress.append(digit)
            questionList = [".".join(ipaddress) + ".ip6.arpa"]

        payload = ""
        for questionName in questionList:
            queryType = "000c"  # domain pointer
            questionIn = "8001"
            payload += binascii.hexlify(
                str(DNSQR(qname=questionName, qtype='PTR')))[:-4] + "0001"
        queryInfo = transaction_id + flags + "{:04x}".format(
            len(questionList)) + answer_rrs + authority_rrs + additional_rrs
        payload = queryInfo + payload
        raw = Raw()
        raw.fields["load"] = binascii.unhexlify(payload)

        if "src" in ip_packet.fields:
            build_lfilter = lambda (packet): IPv6 in packet and packet[
                IPv6].dst == ip_packet.fields["src"]
        else:
            src = ip_packet.route()[1]
            print src
            build_lfilter = lambda (packet): IPv6 in packet and packet[
                IPv6].dst == src

        pool = ThreadPool(processes=1)
        async_result = pool.apply_async(
            self.listenForEcho, [build_lfilter, 2])  # tuple of args for foo

        send(ip_packet / udp_segment / raw)
        responseDict = {}
        return_val = async_result.get()

        for response in return_val:
            ip = response[IPv6].src
            rawSrc = copy(response[IPv6])
            rawSrc.remove_payload()
            rawSrc = grabRawSrc(rawSrc)
            mac = getMacAddress(rawSrc)
            responseDict[ip] = {"mac": mac}

            dnsDict = {}
            try:
                dnsDict = self.parsemDNS(response[Raw])
            except Exception, e:
                print e

            responseDict[ip].update({"dns_data": dnsDict})
Exemple #11
0
    def mDNSQuery(self, receive=False):
        ip_packet = createIPv6()
        ip_packet.fields["nh"] = 17 #DNS
        ip_packet.fields["hlim"] = 255
        ip_packet.fields["dst"] = "ff02::fb"
        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        udp_segment = UDP()
        udp_segment.fields["dport"] = 5353
        udp_segment.fields["sport"] = 5353

        transaction_id = "0002"
        flags = "0000"
        questions = "0001"
        answer_rrs = "0000"
        authority_rrs = "0000"
        additional_rrs = "0000"

        questionListAll = ['_device-info._tcp','_spotify-connect._tcp','_googlecast._tcp','_services._dns-sd._udp','_apple-mobdev2._tcp','_workstation_tcp', '_http_tcp', '_https_tcp', '_rss_tcp', '_domain_udp', '_ntp_udp', '_smb_tcp', '_airport_tcp', '_ftp_tcp', '_tftp_udp', '_webdav_tcp', '_webdavs_tcp', '_afpovertcp_tcp', '_nfs_tcp', '_sftp-ssh_tcp', '_apt_tcp', '_ssh_tcp', '_rfb_tcp', '_telnet_tcp', '_timbuktu_tcp', '_net-assistant_udp', '_imap_tcp', '_pop3_tcp', '_printer_tcp', '_pdl-datastream_tcp', '_ipp_tcp', '_daap_tcp', '_dacp_tcp', '_realplayfavs_tcp', '_raop_tcp', '_rtsp_tcp', '_rtp_udp', '_dpap_tcp', '_pulse-server_tcp', '_pulse-sink_tcp', '_pulse-source_tcp', '_mpd_tcp', '_vlc-http_tcp', '_presence_tcp', '_sip_udp', '_h323_tcp', '_presenc_olp', '_iax_udp', '_skype_tcp', '_see_tcp', '_lobby_tcp', '_postgresql_tcp', '_svn_tcp', '_distcc_tcp', '_MacOSXDupSuppress_tcp', '_ksysguard_tcp', '_omni-bookmark_tcp', '_acrobatSRV_tcp', '_adobe-vc_tcp', '_pgpkey-hkp_tcp', '_ldap_tcp', '_tp_tcp', '_tps_tcp', '_tp-http_tcp', '_tp-https_tcp', '_workstation._tcp', '_http._tcp', '_https._tcp', '_rss._tcp', '_domain._udp', '_ntp._udp', '_smb._tcp', '_airport._tcp', '_ftp._tcp', '_tftp._udp', '_webdav._tcp', '_webdavs._tcp', '_afpovertcp._tcp', '_nfs._tcp', '_sftp-ssh._tcp', '_apt._tcp', '_ssh._tcp', '_rfb._tcp', '_telnet._tcp', '_timbuktu._tcp', '_net-assistant._udp', '_imap._tcp', '_pop3._tcp', '_printer._tcp', '_pdl-datastream._tcp', '_ipp._tcp', '_daap._tcp', '_dacp._tcp', '_realplayfavs._tcp', '_raop._tcp', '_rtsp._tcp', '_rtp._udp', '_dpap._tcp', '_pulse-server._tcp', '_pulse-sink._tcp', '_pulse-source._tcp', '_mpd._tcp', '_vlc-http._tcp', '_presence._tcp', '_sip._udp', '_h323._tcp', '_presenc._olp', '_iax._udp', '_skype._tcp', '_see._tcp', '_lobby._tcp', '_postgresql._tcp', '_svn._tcp', '_distcc._tcp', '_MacOSXDupSuppress._tcp', '_ksysguard._tcp', '_omni-bookmark._tcp', '_acrobatSRV._tcp', '_adobe-vc._tcp', '_pgpkey-hkp._tcp', '_ldap._tcp', '_tp._tcp', '_tps._tcp', '_tp-http._tcp', '_tp-https._tcp']
        #questionList = questionList[:50]


        if receive:
            build_lfilter = lambda (packet): IPv6 in packet and UDP in packet and packet[UDP].dport == 5353
            pool = ThreadPool(processes=1)
            async_result = pool.apply_async(self.listenForEcho,[build_lfilter,5]) # tuple of args for foo


        for questionList in self.chunker(questionListAll,20):
            payload = ""
            for questionName in questionList:
                queryType = "000c" # domain pointer
                questionIn = "8001"
                payload += binascii.hexlify(str(DNSQR(qname=questionName + ".local",qtype='PTR')))[:-4] + "8001"
            queryInfo = transaction_id + flags + "{:04x}".format(len(questionList)) + answer_rrs + authority_rrs + additional_rrs
            payload = queryInfo + payload
            raw = Raw()
            raw.fields["load"] = binascii.unhexlify(payload)

            send(ip_packet/udp_segment/raw)


        if receive:
            responseDict = {}
            return_val = async_result.get()
            for response in return_val:
                ip = response[IPv6].src
                rawSrc = copy(response[IPv6])
                rawSrc.remove_payload()
                rawSrc = grabRawSrc(rawSrc)
                mac = getMacAddress(rawSrc)
                if ip not in responseDict:
                    responseDict[ip] = {"mac":mac}

                dnsDict = {}

                try:
                    dnsDict = self.parsemDNS(response[Raw])
                except Exception,e: print e
                if dnsDict:
                    responseDict[ip].update({"dns_data":dnsDict})
            return responseDict
Exemple #12
0
    def llmnr(self,ip,version=6):
        ip_packet = createIPv6()
        ip_packet.fields["nh"] = 17 #DNS
        ip_packet.fields["hlim"] = 255
        ip_packet.fields["dst"] = "ff02::1:3"
        if "src" not in ip_packet.fields:
            ip_packet.fields["src"] = get_source_address(ip_packet)

        udp_segment = UDP()
        udp_segment.fields["dport"] = 5355
        udp_segment.fields["sport"] = 5355

        transaction_id = "0002"
        flags = "0000"
        questions = "0001"
        answer_rrs = "0000"
        authority_rrs = "0000"
        additional_rrs = "0000"

        if version == 4:
            questionList = [".".join(ip.split(".")[::-1]) + ".in-addr.arpa"]
        elif version == 6:
            ipaddress = []
            digits = ip.replace(":","")
            digits = digits[:4] + "000000000000" + digits[4:]
            for digit in digits[::-1]:
                ipaddress.append(digit)
            questionList = [".".join(ipaddress) + ".ip6.arpa"]

        payload = ""
        for questionName in questionList:
            queryType = "000c" # domain pointer
            questionIn = "8001"
            payload += binascii.hexlify(str(DNSQR(qname=questionName,qtype='PTR')))[:-4] + "0001"
        queryInfo = transaction_id + flags + "{:04x}".format(len(questionList)) + answer_rrs + authority_rrs + additional_rrs
        payload = queryInfo + payload
        raw = Raw()
        raw.fields["load"] = binascii.unhexlify(payload)


        if "src" in ip_packet.fields:
            build_lfilter = lambda (packet): IPv6 in packet and packet[IPv6].dst == ip_packet.fields["src"]
        else:
            src = ip_packet.route()[1]
            print src
            build_lfilter = lambda (packet): IPv6 in packet and packet[IPv6].dst == src






        pool = ThreadPool(processes=1)
        async_result = pool.apply_async(self.listenForEcho,[build_lfilter,2]) # tuple of args for foo

        send(ip_packet/udp_segment/raw)
        responseDict = {}
        return_val = async_result.get()

        for response in return_val:
            ip = response[IPv6].src
            rawSrc = copy(response[IPv6])
            rawSrc.remove_payload()
            rawSrc = grabRawSrc(rawSrc)
            mac = getMacAddress(rawSrc)
            responseDict[ip] = {"mac":mac}

            dnsDict = {}
            try:
                dnsDict = self.parsemDNS(response[Raw])
            except Exception,e: print e

            responseDict[ip].update({"dns_data":dnsDict})
        return responseDict