def get_file_info(system, path, verbose=False):
fullpath = get_fullpath(system, path)
if fullpath == IO_ERROR:
return IO_ERROR
result = {}
if system.startswith('/'): # local or sub
if can_read(system, path):
# TODO platform-specific
stats = os.stat(fullpath)
stm = stats.st_mode
result['type'] = get_file_type_char(stat.S_IFMT(stm))
result['permissions'] = '%o' % (stat.S_IMODE(stm))
result['UID'] = stats[stat.ST_UID]
result['GID'] = stats[stat.ST_GID]
result['ATIME'] = stats[stat.ST_ATIME]
result['MTIME'] = stats[stat.ST_MTIME]
result['CTIME'] = stats[
stat.ST_CTIME] # actually mtime on UNIX, TODO
else:
if verbose:
log.info('File \'%s\' is not accessible.' % (fullpath))
result['type'] = None
result['permissions'] = None
result['UID'] = None
result['GID'] = None
result['ATIME'] = None
result['MTIME'] = None
result['CTIME'] = None
return result
else: # SSH/FTP/TFTP/HTTP
# TODO NOT IMPLEMENTED
return IO_ERROR
def exit_program(signal, frame):
if signal == -1: # immediate termination due to -h or bad parameter
lib.scheduler.stop()
sys.exit(0)
log.attachline()
log.info('Terminating all connections...')
for c in lib.connections:
for con in c.connectors[::-1]:
con.close() # for Paramiko, TODO for every type?
log.info('Killing all the threads...')
# stop the scheduler (will stop all threads)
lib.scheduler.stop()
# wait for scheduler termination
while lib.scheduler.is_alive():
time.sleep(0.1)
log.info('Cleaning databases...')
lib.db['dict'].clean()
lib.db['vuln'].clean()
lib.db['checksum'].clean()
# disconnect from databases
log.info('Disconnecting from databases...')
for db in lib.db.values():
if db:
db.close()
log.info('%s out.' % lib.appname)
sys.exit(0 if signal is None else 1)
def main():
global_parameters['UUID'] = get_local_uuid()
lib.active_session = db['analysis'].get_last_session()
if lib.active_session is None:
# Cannot get any session ID =>
# analysis.db is not accessible =>
# 'install script has not been executed'
log.err('Cannot get session ID. Did you run correct installation script?')
exit_program(-1, None)
db['analysis'].create_session(lib.active_session)
log.info('Currently working with session #%d.' % lib.active_session)
# check if already admin
if is_admin():
log.ok('Administrator privileges already granted on \'%s\'.' % (global_parameters['ACTIVEROOT']), dbnote=DBNOTE_UNIQUE)
# if input from file, load commands into queue
if args.input_file is not None:
if os.access(args.input_file[0], os.R_OK):
with open(args.input_file[0], 'r') as f:
lib.commands = [x if x not in QUIT_STRINGS else 'force_exit' for x in f.read().splitlines()]
lib.from_input_file = True
else:
log.err('Input file cannot be read!')
# run all input commands
while len(lib.commands) > 0:
c = lib.commands[0]
del lib.commands[0]
if lib.from_input_file:
log.prompt() # print prompt
log.attachline(c) # print command
execute_command(c) # run the command
lib.from_input_file = False
# main loop
while True:
# input from stdin, piped or redirected
log.prompt()
if lib.python_version[0] == '2':
func = raw_input
elif lib.python_version[0] == '3':
func = input
else:
log.err('Undefined python version (%s).' % lib.python_version)
break
# add command into queue
#lib.commands.append(func())
try:
execute_command(func())
except EOFError as e: # Ctrl+D => exit
exit_program(None, None)
def run(self):
while not self.terminate: # quit program not requested
self.lock.acquire()
todel = []
# BACKGROUND JOBS
for x in self.jobs: # pinpoint dead background jobs
s = self.jobs[x]
if not s.job.is_alive():
todel.append(x)
for x in todel: # remove them
s = self.jobs[x]
end = time.time()
log.info('Background job %d (%s) has terminated (%s).' %
(x, s.name, log.show_time(end - s.start)))
del self.jobs[x]
# USER THREADS
todel = []
for t in self.user_threads: # pinpoint dead user threads
if not t.is_alive():
todel.append(t)
for t in todel: # remove them
self.user_threads.remove(t)
# check waiting jobs
# TODO
todel = []
for k, v in self.waitjobs.items():
if len(set(v.waitfor).intersection(self.jobs.keys())) == 0:
# move waitjob to jobs, start it
todel.append(k)
log.info('Background job %d (%s) is no longer waiting.' %
(k, v.name))
start = time.time()
v.job.start()
v.start = start
self.jobs[k] = v
for x in todel:
del self.waitjobs[x]
self.lock.release()
time.sleep(0.25)
def delete(self, query=''):
keys = [x for x in query.split(' ') if len(x)>0]
# delete specified branch
keys = [x for x in query.split(' ') if len(x)>0]
self.lock.acquire()
if len(keys) == 0:
# delete everything
self.kb = {}
else:
# find node holding branch to delete
result = self.search(keys, parent=True)
if result[1]+1<len(keys):
# not found, not deleting
pass
else:
# delete branch
del result[0][keys[result[1]]]
log.info('Entry %s has been deleted.' % ' > '.join(keys[:result[1]+1]))
self.lock.release()
def main():
global_parameters['UUID'] = get_local_uuid()
lib.active_session = db['analysis'].get_last_session()
db['analysis'].create_session(lib.active_session)
log.info('Currently working with session #%d.' % lib.active_session)
# check if already admin
if is_admin():
log.ok('Administrator privileges already granted on \'%s\'.' % (global_parameters['ACTIVEROOT']), dbnote=DBNOTE_UNIQUE)
# if input from file, load commands into queue
if args.input_file is not None:
if os.access(args.input_file[0], os.R_OK):
with open(args.input_file[0], 'r') as f:
lib.commands = f.read().splitlines()
lib.from_input_file = True
else:
log.err('Input file cannot be read!')
# run all input commands
while len(lib.commands) > 0:
c = lib.commands[0]
del lib.commands[0]
if lib.from_input_file:
log.prompt() # print prompt
log.attachline(c) # print command
execute_command(c) # run the command
lib.from_input_file = False
# main loop
while True:
# input from stdin
log.prompt()
if lib.python_version[0] == '2':
func = raw_input
elif lib.python_version[0] == '3':
func = input
else:
log.err('Undefined python version (%s).' % lib.python_version)
break
# add command into queue
#lib.commands.append(func())
execute_command(func())
def delete(self, query=''):
keys = [x for x in query.split(' ') if len(x) > 0]
# delete specified branch
keys = [x for x in query.split(' ') if len(x) > 0]
self.lock.acquire()
if len(keys) == 0:
# delete everything
self.kb = {}
else:
# find node holding branch to delete
result = self.search(keys, parent=True)
if result[1] + 1 < len(keys):
# not found, not deleting
pass
else:
# delete branch
del result[0][keys[result[1]]]
log.info('Entry %s has been deleted.' %
' > '.join(keys[:result[1] + 1]))
self.lock.release()
def load_modules():
""" Import modules from source/modules/ folder """
lib.module_objects = []
lib.modules = {}
module_names = [x[:-3] for x in os.listdir('source/modules') if x[0]!='_' and x[-3:] == '.py']
# import/reimport modules
for m in module_names:
if 'source.modules.' + m in sys.modules:
imp.reload(sys.modules['source.modules.' + m]) # TODO deprecated?
else:
importlib.import_module('source.modules.' + m)
# initialize modules dictionary
for v in lib.module_objects:
if v.name in lib.modules:
log.warn('Duplicit module %s.' % (v.name))
lib.modules[v.name] = v
log.info('%d modules loaded.' % (len(lib.modules)))
def add(self, name, start, job, timeout=None, waitfor=None):
if self.terminate: # in terminating state, do not create anything new
return None
# add a new job
self.lock.acquire()
jobid = self.newid() # get lowest unused id
if waitfor is None:
self.jobs[jobid] = Job(name, start, job, timeout)
job.start()
log.info('Module %s will run in the background with id %d.' %
(name, jobid))
else:
# what to wait for?
ids_to_wait_for = []
for x in waitfor:
if type(x) == int:
ids_to_wait_for.append(x)
elif type(x) == str:
if x.isdigit():
ids_to_wait_for.append(int(x))
else:
matches = search_abbr(x, lib.modules.keys())
ids_to_wait_for += [
k for k, v in self.jobs.items()
if v.name in matches
]
else:
log.warn(
'Could not process wait parameter \'%s\', ignoring...'
% (x))
continue
ids_to_wait_for = list(set(ids_to_wait_for))
self.waitjobs[jobid] = Job(name, start, job, timeout,
ids_to_wait_for)
log.info(
'Module %s with id %d will be executed after following jobs finish: %s'
% (name, jobid, ', '.join(map(str, ids_to_wait_for))))
self.lock.release()
return jobid
def get_system_type_from_active_root(activeroot, verbose=False, dontprint=''):
if activeroot == '/':
return sys.platform
#
# check db if the system is known
#
# TODO
#
# new system - detect it and write into db
#
# chroot or similar?
if activeroot.startswith(('/', 'ssh://')): # sub or ssh
# linux should have some folders in / ...
success = 0
linux_folders = [
'/bin', '/boot', '/dev', '/etc', '/home', '/lib', '/media', '/opt',
'/proc', '/root', '/sbin', '/srv', '/sys', '/tmp', '/usr'
]
for folder in linux_folders:
if can_read(activeroot, folder):
success += 1
linux_score = success / len(linux_folders)
if verbose:
if type(dontprint) != str or dontprint == '':
log.info('Linux score for \'%s\': %f' %
(activeroot, linux_score))
else:
log.info('Linux score for \'%s\': %f' %
(activeroot.partition(dontprint)[2], linux_score))
if linux_score > 0.3: # this should be linux
#TODO write into DB
return 'linux'
#TODO NOT IMPLEMENTED
return 'unknown'
def load_modules():
""" Import modules from source/modules/ folder """
lib.module_objects = []
lib.modules = {}
module_names = [
x[:-3] for x in os.listdir('source/modules')
if x[0] != '_' and x[-3:] == '.py'
]
# import/reimport modules
for m in module_names:
if 'source.modules.' + m in sys.modules:
imp.reload(sys.modules['source.modules.' + m]) # TODO deprecated?
else:
importlib.import_module('source.modules.' + m)
# initialize modules dictionary
for v in lib.module_objects:
if v.name in lib.modules:
log.warn('Duplicit module %s.' % (v.name))
lib.modules[v.name] = v
log.info('%d modules loaded.' % (len(lib.modules)))
def exit_program(signal, frame):
if signal == -1: # immediate termination due to -h or bad parameter
lib.scheduler.stop()
sys.exit(0)
log.attachline()
log.info('Killing all the threads...')
# stop the scheduler (will stop all threads)
lib.scheduler.stop()
# wait for scheduler termination
while lib.scheduler.isAlive():
time.sleep(0.1)
log.info('Cleaning databases...')
lib.db['dict'].clean()
# disconnect from databases
log.info('Disconnecting from databases...')
for dbname in lib.db.keys():
if lib.db[dbname]:
lib.db[dbname].close()
log.info('%s out.' % lib.appname)
sys.exit(0)
def version(self):
self.execute('SELECT SQLITE_VERSION()')
data = self.cursor.fetchone()
log.info("SQLite version: %s" % data)