Esempio n. 1
0
def queryDNS_192(db, footprint_id):
    try:
        net_range = dbfunctions.getDnsLookupPositions(db, footprint_id)[2]
        if net_range != "192.168.0.0/16":
            return

        new_range = net_range
        #cmd = "nmap {0} -sL -T5 | grep report | grep \( | cut -d \  -f 5,6".format(new_range)
        #cmd = "nmap {0} -PS -n -p 22,445 --open -T5 -Pn --min-rate 500 | grep report | cut -d \  -f 5".format(new_range)
        cmd = "nmap {0} -PS -p 22,80,443,445,3389 --open -n | grep report | cut -d \  -f 5".format(
            new_range)

        data = os.popen(cmd).read().split("\n")
        for i in data:
            if i == "":
                continue

            dbfunctions.addIP(db, footprint_id, i)
            #db.commit()

            #ii = i.split(" ")
            #host_name = ii[0]
            #ip = ii[1][1:-1]

            #if host_name != "rfc.private.address.invalid.query":
            #    dbfunctions.updateHostDNS_wo_commit(db,  footprint_id,  ip,  host_name)
            #    db.commit()

        dbfunctions.updateDnsLookupPosition(db, footprint_id,
                                            "192_range_position",
                                            "192.168.255.255/16")
        #db.commit()
    except:
        print "error in 192"
        queryDNS_192(db, footprint_id)
def queryDNS_192(db, footprint_id):
    try:
        net_range = dbfunctions.getDnsLookupPositions(db, footprint_id)[2]
        if net_range != "192.168.0.0/16":
            return

        new_range = net_range
        #cmd = "nmap {0} -sL -T5 | grep report | grep \( | cut -d \  -f 5,6".format(new_range)
        #cmd = "nmap {0} -PS -n -p 22,445 --open -T5 -Pn --min-rate 500 | grep report | cut -d \  -f 5".format(new_range)
        cmd = "nmap {0} -PS -p 22,80,443,445,3389 --open -n | grep report | cut -d \  -f 5".format(new_range)

        data = os.popen(cmd).read().split("\n")
        for i in data:
            if i == "":
                continue

            dbfunctions.addIP(db,  footprint_id,  i)
            #db.commit()

            #ii = i.split(" ")
            #host_name = ii[0]
            #ip = ii[1][1:-1]

            #if host_name != "rfc.private.address.invalid.query":
            #    dbfunctions.updateHostDNS_wo_commit(db,  footprint_id,  ip,  host_name)
            #    db.commit()

        dbfunctions.updateDnsLookupPosition(db, footprint_id, "192_range_position", "192.168.255.255/16")
        #db.commit()
    except:
        print "error in 192"
        queryDNS_192(db, footprint_id)
Esempio n. 3
0
def zoneTransferDomain(db, footprint_id, domain):
    print "zone transfer: {0}".format(domain)

    cmd = 'for ns in `host -t ns ' + domain + ' | cut -d \  -f 4`; do dig axfr ' + domain + ' @$ns; done | grep -oE "\\b([0-9]{1,3}\.){3}[0-9]{1,3}\\b" | sort -u'
    hosts = os.popen(cmd).read()
    for host in hosts.split("\n"):
        if isInternalIP(host):
            #print "zone transfer host : [{0}]".format(host)
            dbfunctions.addIP(db, footprint_id, host, 0)
def zoneTransferDomain(db,  footprint_id,  domain):
    print "zone transfer: {0}".format(domain)
    
    cmd = 'for ns in `host -t ns ' + domain + ' | cut -d \  -f 4`; do dig axfr ' + domain + ' @$ns; done | grep -oE "\\b([0-9]{1,3}\.){3}[0-9]{1,3}\\b" | sort -u'
    hosts = os.popen(cmd).read()
    for host in hosts.split("\n"):
        if isInternalIP(host):
            #print "zone transfer host : [{0}]".format(host)
            dbfunctions.addIP(db, footprint_id, host, 0)
Esempio n. 5
0
def portScanRanges(db, footprint_id):
    #while dbfunctions.countHostsToPortScan(db, footprint_id) > 0:
    #if dbfunctions.countHostsToPortScan(db, footprint_id) > 0:

    if True:
        os.popen('echo "" > nmap_temp/portscan_ranges')
        ranges = []
        count = 0
        for range in dbfunctions.listRangesToPortScan(db, footprint_id):
            os.popen("echo {0} >> nmap_temp/portscan_ranges".format(range))
            count = count + 1
            ranges.append(range)
            #print "portscanning range {0}".format(range)

        if count == 0:
            time.sleep(1)
            return

        #os.popen("nmap -iL nmap_temp/portscan_ranges -n -p 21,22,80,443,445,1433,3389,5800,5900,8080-8090,9090-9099 -oG nmap_temp/portscan_ranges_out -vv")
        os.popen(
            "nmap -iL nmap_temp/portscan_ranges -n -p 21,22,80,135,443,445,1433,3389,5800,5900,8080-8090,9090-9099 -oG nmap_temp/portscan_ranges_out -vv"
        )

        for line in open('nmap_temp/portscan_ranges_out'):
            if line[:1] == "#":
                continue
            if line.find("Status") == -1:
                host = line[6:]
                host = host[:host.find(" ")]

                items = line[line.find("Ports") + 7:]
                for item in items.split(", "):
                    data = item.split("/")
                    port = data[0]
                    status = data[1]
                    if status == "open":
                        #print "host: {0} port: {1}".format(host,  port)
                        dbfunctions.addIP(db, footprint_id, host)
                        dbfunctions.insertPort(db, host, port)
            elif line.find("Status: Down") != -1:
                status = "down"
            else:
                continue
            #print "host:" + host
            #db.cursor().execute('update host_data set port_scan_done = 1 where footprint_id = %s and ip_address = %s', (footprint_id, host))

        for range in ranges:
            cursor = db.cursor()
            cursor.execute(
                'update ranges set port_scans_done = 1 where footprint_id = %s and net_range = %s',
                (footprint_id, range))
            #print "finished port scanning range " + range
            cursor.close()
def portScanRanges(db, footprint_id):
    #while dbfunctions.countHostsToPortScan(db, footprint_id) > 0:
    #if dbfunctions.countHostsToPortScan(db, footprint_id) > 0:

    if True:
        os.popen('echo "" > nmap_temp/portscan_ranges')
        ranges = []
        count = 0
        for range in dbfunctions.listRangesToPortScan(db, footprint_id):
            os.popen("echo {0} >> nmap_temp/portscan_ranges".format(range))
            count = count + 1
            ranges.append(range)
            #print "portscanning range {0}".format(range)

        if count == 0:
            time.sleep(1)
            return

        #os.popen("nmap -iL nmap_temp/portscan_ranges -n -p 21,22,80,443,445,1433,3389,5800,5900,8080-8090,9090-9099 -oG nmap_temp/portscan_ranges_out -vv")
        os.popen("nmap -iL nmap_temp/portscan_ranges -n -p 21,22,80,135,443,445,1433,3389,5800,5900,8080-8090,9090-9099 -oG nmap_temp/portscan_ranges_out -vv")

        for line in open('nmap_temp/portscan_ranges_out'):
            if line[:1] == "#":
                continue
            if line.find("Status") == -1:
                host = line[6:]
                host = host[:host.find(" ")]

                items = line[line.find("Ports")+7:]
                for item in items.split(", "):
                    data = item.split("/")
                    port = data[0]
                    status = data[1]
                    if status == "open":
                        #print "host: {0} port: {1}".format(host,  port)
                        dbfunctions.addIP(db,  footprint_id,  host)
                        dbfunctions.insertPort(db, host, port)
            elif line.find("Status: Down") != -1:
                status = "down"
            else:
                continue
            #print "host:" + host
            #db.cursor().execute('update host_data set port_scan_done = 1 where footprint_id = %s and ip_address = %s', (footprint_id, host))

        for range in ranges:
            cursor = db.cursor()
            cursor.execute('update ranges set port_scans_done = 1 where footprint_id = %s and net_range = %s', (footprint_id, range))
            #print "finished port scanning range " + range
            cursor.close()
Esempio n. 7
0
def addLocalResolverHosts(footprint_id):
    print "addLocalResolverHosts()"
    conf = ConfigParser.ConfigParser()
    conf.read("connections.conf")
    
    db = MySQLdb.connect(host="localhost", user=conf.get('MySQL',  'user'), passwd=conf.get('MySQL',  'pass'), db=conf.get('MySQL',  'db'))
    db.autocommit(True)
    
    dbfunctions.addIP(db, footprint_id, footprintfunctions.getIPAddress(), 0)

    dbfunctions.addDomain(db, footprint_id, footprintfunctions.getLocalResolver())

    footprintfunctions.extractHostsFromDomains(db, footprint_id)
    
    db.close()
Esempio n. 8
0
def queryDNS_172(db, footprint_id):
    net_range = dbfunctions.getDnsLookupPositions(db, footprint_id)[1]
    octs = net_range.split(".")

    if int(octs[1]) >= 31:
        return

    while True:
        try:
            new_range = "{0}.{1}.0.0/16".format(octs[0], octs[1])
            #cmd = "nmap {0} -sn -n --open -T5 --min-parallelism 50 | grep report | cut -d \  -f 5".format(new_range)
            #cmd = "nmap {0} -sL | grep report | grep \( | cut -d \  -f 5,6".format(new_range)
            #print "host enumeration on {0}".format(new_range)
            #cmd = "nmap {0} -PS -n -p 22,445 --open -T5 -Pn --min-rate 500 | grep report | cut -d \  -f 5".format(new_range)
            cmd = "nmap {0} -PS -p 22,80,443,445,3389 --open -n | grep report | cut -d \  -f 5".format(
                new_range)

            data = os.popen(cmd).read().split("\n")
            for i in data:
                if i == "":
                    continue

                dbfunctions.addIP(db, footprint_id, i)
                #db.commit()

                #ii = i.split(" ")
                #host_name = ii[0]
                #ip = ii[1][1:-1]

                #if host_name != "rfc.private.address.invalid.query":
                #    dbfunctions.updateHostDNS_wo_commit(db,  footprint_id,  ip,  host_name)
                #    db.commit()

            dbfunctions.updateDnsLookupPosition(db, footprint_id,
                                                "172_range_position",
                                                new_range)
            #db.commit()

            #octs[2] = str(int(octs[2])+1)
            #if int(octs[2]) > 255:
            octs[1] = str(int(octs[1]) + 1)
            octs[2] = "0"

            if int(octs[1]) > 31:
                break
        except:
            print "error in 172"
            continue
def queryDNS_10(db, footprint_id):
    net_range = dbfunctions.getDnsLookupPositions(db, footprint_id)[0]
    octs = net_range.split(".")

    if int(octs[1]) >= 255:
        return

    while True:
        try:
            new_range = "{0}.{1}.0.0/16".format(octs[0], octs[1])
            #cmd = "nmap {0} -sn -n --open -T5 --min-parallelism 50 | grep report | cut -d \  -f 5".format(new_range)
            #cmd = "nmap {0} -sL -T5 | grep report | grep \( | cut -d \  -f 5,6".format(new_range)
            #print "host enumeration on {0}".format(new_range)
            #cmd = "nmap {0} -PS -n -p 22,445 --open -T5 -Pn --min-rate 500 | grep report | cut -d \  -f 5 2>/dev/null".format(new_range)
            cmd = "nmap {0} -PS -p 22,80,443,445,3389 --open -n | grep report | cut -d \  -f 5".format(new_range)

            data = os.popen(cmd).read().split("\n")
            for i in data:
                if i == "":
                    continue

                dbfunctions.addIP(db,  footprint_id,  i)
                #db.commit()

                #ii = i.split(" ")
                #host_name = ii[0]
                #ip = ii[1][1:-1]

                #if host_name != "rfc.private.address.invalid.query":
                #    dbfunctions.updateHostDNS_wo_commit(db,  footprint_id,  ip,  host_name)
                #    db.commit()

            dbfunctions.updateDnsLookupPosition(db, footprint_id, "10_range_position", new_range)
            #db.commit()

            #octs[2] = str(int(octs[2])+1)   
            #if int(octs[2]) > 255:
            octs[1] = str(int(octs[1])+1)
            octs[2] = "0"

            if int(octs[1]) > 255:
                break
        except:
            print "error in 10"
            continue
Esempio n. 10
0
def listenToBroadcasts(db, footprint_id, cmd):
    print "broadcast listener : " + cmd
    cursor = db.cursor()

    identified_hosts = []

    count = 0
    while count < 1:
        count = count + 1
        output = os.popen(cmd).read()
        for ip in output.split("\n"):
            if ip == "":
                continue

            if ip not in identified_hosts:
                identified_hosts.append(ip)
            if isInternalIP(ip):
                #print "[{0}]".format(ip)
                dbfunctions.addIP(db, footprint_id, ip, 0)
Esempio n. 11
0
def listenToBroadcasts(db, footprint_id, cmd):
    print "broadcast listener : " + cmd
    cursor = db.cursor()

    identified_hosts = []

    count = 0
    while count < 1:
        count=count+1
        output = os.popen(cmd).read()
        for ip in output.split("\n"):
            if ip == "":
                continue

            if ip not in identified_hosts:
                identified_hosts.append(ip)
            if isInternalIP(ip):
                #print "[{0}]".format(ip)
                dbfunctions.addIP(db, footprint_id, ip, 0)
Esempio n. 12
0
def extractHostsFromDomains(db, footprint_id):
    for domain in dbfunctions.listDomains(db, footprint_id):
        for host in getDomainResolvers(domain):
            if host.split(".")[0] in ["10", "172", "192"]:
                dbfunctions.addIP(db, footprint_id, host, 1)
Esempio n. 13
0
 def on_btnAddHost_clicked(self):
     addHostWnd = addhost()
     if addHostWnd.exec_():
         dbfunctions.addIP(self.db, self.footprintID,
                           addHostWnd.getResult(), False)
         self.updateUI()
Esempio n. 14
0
def extractHostsFromDomains(db, footprint_id):
	for domain in dbfunctions.listDomains(db, footprint_id):
		for host in getDomainResolvers(domain):
			if host.split(".")[0] in ["10", "172", "192"]:
				dbfunctions.addIP(db, footprint_id, host, 1)
Esempio n. 15
0
 def on_btnAddHost_clicked(self):
     addHostWnd = addhost()
     if addHostWnd.exec_():
         dbfunctions.addIP(self.db,  self.footprintID,  addHostWnd.getResult(),  False)
         self.updateUI()