def main():
hs = HostSearch()
arg = argparse.ArgumentParser(parents=[hs.argparser],
conflict_handler='resolve')
arg.add_argument('-c',
'--count',
help="Only show the number of results",
action="store_true")
arg.add_argument('-a',
'--add',
help="Add a new range",
action="store_true")
arguments = arg.parse_args()
if arguments.add:
print_notification("Adding new host")
address = input("What host do you want to add? ")
host = hs.id_to_object(address)
print_success("Added a new host:")
print_json(host.to_dict(include_meta=True))
elif arguments.count:
print_line("Number of hosts: {}".format(hs.argument_count()))
else:
response = hs.get_hosts()
for hit in response:
print_json(hit.to_dict(include_meta=True))
def main():
rs = RangeSearch()
arg = argparse.ArgumentParser(parents=[rs.argparser],
conflict_handler='resolve')
arg.add_argument('-c',
'--count',
help="Only show the number of results",
action="store_true")
arg.add_argument('-a',
'--add',
help="Add a new range",
action="store_true")
arguments = arg.parse_args()
if arguments.add:
print_notification("Adding new range")
range_str = input("What range do you want to add? ")
r = rs.id_to_object(range_str)
print_success("Added a new range:")
print_json(r.to_dict(include_meta=True))
elif arguments.count:
print_line("Number of ranges: {}".format(rs.argument_count()))
else:
response = rs.get_ranges()
for hit in response:
print_json(hit.to_dict(include_meta=True))
def format():
"""
Formats the output of another tool in the given way.
Has default styles for ranges, hosts and services.
"""
argparser = argparse.ArgumentParser(
description='Formats a json object in a certain way. Use with pipes.')
argparser.add_argument(
'format',
metavar='format',
help='How to format the json for example "{address}:{port}".',
nargs='?')
arguments = argparser.parse_args()
service_style = "{address:15} {port:7} {protocol:5} {service:15} {state:10} {banner} {tags}"
host_style = "{address:15} {tags}"
ranges_style = "{range:18} {tags}"
users_style = "{username}"
if arguments.format:
format_input(arguments.format)
else:
doc_mapper = DocMapper()
if doc_mapper.is_pipe:
for obj in doc_mapper.get_pipe():
style = ''
if isinstance(obj, Range):
style = ranges_style
elif isinstance(obj, Host):
style = host_style
elif isinstance(obj, Service):
style = service_style
elif isinstance(obj, User):
style = users_style
print_line(fmt.format(style, **obj.to_dict(include_meta=True)))
else:
print_error("Please use this script with pipes")
def format_input(style):
doc_mapper = DocMapper()
if doc_mapper.is_pipe:
for obj in doc_mapper.get_pipe():
print_line(fmt.format(style, **obj.to_dict(include_meta=True)))
else:
print_error("Please use this script with pipes")
def execute(self):
print_line("Starting on range {}".format(self.ip_range.range))
command = "netdiscover -r {} -P -N".format(self.ip_range.range)
process = subprocess.Popen(command.split(' '), stdout=subprocess.PIPE)
output = process.stdout.read().decode('utf-8').strip().split('\n')
for line in output:
line = [i for i in filter(None, line.strip().split(' '))]
if len(line) == 5:
self.ips.append(line[0])
print_line("Found {} systems".format(len(self.ips)))
return len(self.ips)
def main():
services = ServiceSearch()
arg = argparse.ArgumentParser(parents=[services.argparser],
conflict_handler='resolve')
arg.add_argument('-c',
'--count',
help="Only show the number of results",
action="store_true")
arguments = arg.parse_args()
if arguments.count:
print_line("Number of services: {}".format(services.argument_count()))
else:
response = services.get_services()
for hit in response:
print_json(hit.to_dict(include_meta=True))
def main():
"""
Main credentials tool
"""
cred_search = CredentialSearch()
arg = argparse.ArgumentParser(parents=[cred_search.argparser], conflict_handler='resolve')
arg.add_argument('-c', '--count', help="Only show the number of results", action="store_true")
arguments = arg.parse_args()
if arguments.count:
print_line("Number of credentials: {}".format(cred_search.argument_count()))
else:
response = cred_search.get_credentials()
for hit in response:
print_json(hit.to_dict(include_meta=True))
def overview():
"""
Creates a overview of the hosts per range.
"""
range_search = RangeSearch()
ranges = range_search.get_ranges()
if ranges:
formatted_ranges = []
tags_lookup = {}
for r in ranges:
formatted_ranges.append({'mask': r.range})
tags_lookup[r.range] = r.tags
search = Host.search()
search = search.filter('term', status='up')
search.aggs.bucket('hosts',
'ip_range',
field='address',
ranges=formatted_ranges)
response = search.execute()
print_line("{0:<18} {1:<6} {2}".format("Range", "Count", "Tags"))
print_line("-" * 60)
for entry in response.aggregations.hosts.buckets:
print_line("{0:<18} {1:<6} {2}".format(entry.key, entry.doc_count,
tags_lookup[entry.key]))
else:
print_error("No ranges defined.")
def overview():
"""
Function to create an overview of the services.
Will print a list of ports found an the number of times the port was seen.
"""
search = Service.search()
search = search.filter("term", state='open')
search.aggs.bucket('port_count', 'terms', field='port', order={'_count': 'desc'}, size=100) \
.metric('unique_count', 'cardinality', field='address')
response = search.execute()
print_line("Port Count")
print_line("---------------")
for entry in response.aggregations.port_count.buckets:
print_line("{0:<7} {1}".format(entry.key, entry.unique_count.value))
def overview():
"""
Prints an overview of the tags of the hosts.
"""
doc = Host()
search = doc.search()
search.aggs.bucket('tag_count',
'terms',
field='tags',
order={'_count': 'desc'},
size=100)
response = search.execute()
print_line("{0:<25} {1}".format('Tag', 'Count'))
print_line("-" * 30)
for entry in response.aggregations.tag_count.buckets:
print_line("{0:<25} {1}".format(entry.key, entry.doc_count))
def overview():
"""
Provides an overview of the duplicate credentials.
"""
search = Credential.search()
search.aggs.bucket('password_count', 'terms', field='secret', order={'_count': 'desc'}, size=10)\
.metric('username_count', 'cardinality', field='username') \
.metric('top_hits', 'top_hits', docvalue_fields=['username'], size=100)
response = search.execute()
print_line("{0:65} {1:5} {2:5} {3}".format("Secret", "Count", "Users", "Usernames"))
print_line("-"*100)
for entry in response.aggregations.password_count.buckets:
usernames = []
for creds in entry.top_hits:
usernames.append(creds.username[0])
usernames = list(set(usernames))
print_line("{0:65} {1:5} {2:5} {3}".format(entry.key, entry.doc_count, entry.username_count.value, usernames))