def rand_reset(device_ip, admin_username, admin_pass):
""" Replace all non-admin users passwords with randomly generated
passwords. Return the changed passwords. """
ex = PacketmasterEX(device_ip, admin_username, admin_pass)
results = {}
changes = {}
if ex.conn_test() == "Connection established":
results["conn"] = True
else:
results["conn"] = False
return results
user_list = ex.get_users()
data = json.loads(user_list)
for user in data:
if user != admin_username:
rand_pass = rand_generator()
changes[user + "@" + device_ip] = {
"device": device_ip,
"username": user,
"password": rand_pass
}
ex.mod_user(data[user]["username"], data[user]["username"],
data[user]["accesslevel"], rand_pass,
data[user]["description"], data[user]["radius"])
results["users"] = changes
return results
def admin_reset(device_ip, admin_username, admin_pass):
""" Replace only admin users password with randomly generated password and
return the new password. """
ex = PacketmasterEX(device_ip, admin_username, admin_pass)
results = {}
changes = {}
if ex.conn_test() == "Connection established":
results["conn"] = True
else:
results["conn"] = False
return results
cur_users = ex.get_users()
data = json.loads(cur_users)
rand_pass = rand_generator()
changes[admin_username + "@" + device_ip] = {
"device": device_ip,
"username": admin_user,
"password": rand_pass
}
ex.mod_user(data[admin_username]["username"],
data[admin_username]["username"],
data[admin_username]["accesslevel"], rand_pass,
data[admin_username]["description"])
results["users"] = changes
return results
def topmenu():
"""Top menu in hierarchy for device management."""
global ADDRESS, USERNAME, PASSWORD, PACKETMASTER
try:
print('\nOptions for %s at %s acting as user %s' %
(PACKETMASTER.model, ADDRESS, USERNAME))
except AttributeError as error:
exit()
print('''
1 - Change My working device
2 - Change My user credentials
3 - Manage Device
4 - Quit \n''')
option = moves.input('Enter selection number: ')
try:
option = int(option)
except ValueError as reason:
print(reason)
topmenu()
if option == 1:
ADDRESS = set_ip()
PACKETMASTER = PacketmasterEX(ADDRESS, USERNAME, PASSWORD)
topmenu()
elif option == 2:
USERNAME = moves.input('Username: '******'Goodbye')
exit()
else:
print('That is not a valid selection \n')
topmenu()
def topmenu():
""" Top level menu for interacting with Packetmaster. """
global ADDRESS, USERNAME, PASSWORD, PACKETMASTER
print 'Options for device at', ADDRESS, 'acting as User', USERNAME
print '''
1 - Change My working device
2 - Change My user credentials
3 - Check Packetmaster Settings
4 - Change Packetmaster Settings
5 - Quit \n'''
option = raw_input(
'Enter the number of the action you would like to perform: ')
try:
option = int(option)
except ValueError as reason:
print reason
topmenu()
if option == 1:
ADDRESS = set_ip()
PACKETMASTER = PacketmasterEX(ADDRESS, USERNAME, PASSWORD)
topmenu()
elif option == 2:
USERNAME = raw_input('Enter your username: '******'Goodbye'
exit()
else:
print 'That is not a valid selection \n'
topmenu()
def file_reset(device_ip, admin_username, admin_pass, user_list):
""" Reset non-admin user passwords using a provided username and password
list. """
ex = PacketmasterEX(device_ip, admin_username, admin_pass)
results = {}
if ex.conn_test() == "Connection established":
results["conn"] = True
else:
results["conn"] = False
return results
to_change = []
cur_users = ex.get_users()
data = json.loads(cur_users)
for user in data:
to_change.append(user)
for user in user_list:
if user["username"] in to_change and user["username"] != admin_username:
key = user["username"]
ex.mod_user(data[key]["username"], data[key]["username"],
data[key]["accesslevel"], user["passwd"],
data[key]["description"], data[key]["radius"])
return results
rulepriority = str(priority)
data = {
'name': rulename,
'description': 'This rule was created by blacklist.py',
'priority': rulepriority,
'match[in_port]': interface,
'match[protocol]': 'ip',
'match[nw_src]': ip_address + '/24',
'match[extra]': 'idle_timeout=65535',
'actions': 'drop'
}
packet_master.add_rule(data)
if __name__ == '__main__':
ADDRESS = moves.input('IP address of Packetmaster to apply blacklist to: ')
USERNAME = moves.input('Username for Packetmaster: ')
PASSWORD = getpass()
PM = PacketmasterEX(ADDRESS, USERNAME, PASSWORD)
INTERFACE = moves.input("""What is(are) the port number(s) or range of ports
on which to block malicious IPs?
e.g. '5' or '1,2,5' or '5-10': """)
print("Retrieving malicious IP list from sans.edu.")
try:
BLACKLIST = requests.get('https://isc.sans.edu/block.txt?').text
TEXT = BLACKLIST.rstrip()
MATCH = re.findall('(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)', TEXT)
except ConnectionError as error:
print('Site is unavailable \n')
exit()
createblacklist(MATCH, PM, INTERFACE)
blocker.add_rule(params)
TTL = 0
if __name__ == '__main__':
#TTL represents that this program will run for an hour until it expires or
#the match criteria is found
TTL = 3600
DETECT_IP = moves.input("What is the IP address to be detected: ")
ADDRESS_DETECTOR = moves.input(
'What is the IP address of the Packetmaster '
'detecting the IP Address: ')
USERNAME_DETECTOR = moves.input(
'What is the username for detecting Packetmaster (if required): ')
PASSWORD_DETECTOR = getpass()
DETECTOR = PacketmasterEX(ADDRESS_DETECTOR, USERNAME_DETECTOR,
PASSWORD_DETECTOR)
ADDRESS_BLOCKER = moves.input('What is the IP address of the Packetmaster '
'where the blocking rule will be created: ')
USERNAME_BLOCKER = moves.input(
'What is the username for the Packetmaster '
'where the blocking rule will be created (if required): ')
PASSWORD_BLOCKER = getpass()
BLOCKER = PacketmasterEX(ADDRESS_BLOCKER, USERNAME_BLOCKER,
PASSWORD_BLOCKER)
#reset port counters if any exist
DETECTOR.reset_rule_counters()
#while loop executes 'query' so long as ttl value is greater than zero
while TTL > 0:
query(DETECTOR, BLOCKER, DETECT_IP)