def data2key(data):
data = utils.parse_ssh_key(data)
_, exp, mod = (
next(data), # noqa: F841 (_)
long(utils.encode_hex(next(data)), 16),
long(utils.encode_hex(next(data)), 16))
return RSA.construct((mod, exp))
def data2key(data):
data = utils._parse_ssh_key(data)
_, exp, mod = (
next(data), # noqa: F841 (_)
int(utils.encode_hex(next(data)), 16),
int(utils.encode_hex(next(data)), 16))
return _rsa_construct(exp, mod)
def data2key(data: bytes) -> RSAPublicNumbers:
data_parsed = utils._parse_ssh_key(data)
_, exp, mod = (
next(data_parsed), # noqa: F841 (_)
int(utils.encode_hex(next(data_parsed)), 16),
int(utils.encode_hex(next(data_parsed)), 16),
)
return _rsa_construct(exp, mod)
def _getinfos_ssh_hostkey(spec):
"""Parse SSH host keys."""
infos = {}
data = utils.nmap_decode_data(spec['value'])
for hashtype in ['md5', 'sha1', 'sha256']:
infos[hashtype] = hashlib.new(hashtype, data).hexdigest()
data = utils.parse_ssh_key(data)
keytype = infos["algo"] = next(data).decode()
if keytype == "ssh-rsa":
try:
infos["exponent"], infos["modulus"] = (long(
utils.encode_hex(elt), 16) for elt in data)
except Exception:
utils.LOGGER.info("Cannot parse SSH host key for record %r",
spec,
exc_info=True)
else:
infos["bits"] = math.ceil(math.log(infos["modulus"], 2))
# convert integer to strings to prevent overflow errors
# (e.g., "MongoDB can only handle up to 8-byte ints")
for val in ["exponent", "modulus"]:
infos[val] = str(infos[val])
elif keytype == 'ecdsa-sha2-nistp256':
infos['bits'] = 256
elif keytype == 'ssh-ed25519':
infos['bits'] = len(next(data)) * 8
return {'infos': infos}
def _getinfos_ssh_hostkey(spec):
"""Parse SSH host keys."""
infos = {}
data = utils.nmap_decode_data(spec.get('fullvalue', spec['value']))
infos["md5hash"] = hashlib.md5(data).hexdigest()
infos["sha1hash"] = hashlib.sha1(data).hexdigest()
infos["sha256hash"] = hashlib.sha256(data).hexdigest()
data = utils.parse_ssh_key(data)
keytype = infos["algo"] = next(data).decode()
if keytype == "ssh-rsa":
try:
infos["exponent"], infos["modulus"] = (long(
utils.encode_hex(elt), 16) for elt in data)
except Exception:
utils.LOGGER.info("Cannot parse SSH host key for record %r",
spec,
exc_info=True)
else:
infos["bits"] = math.ceil(math.log(infos["modulus"], 2))
# convert integer to strings to prevent overflow errors
# (e.g., "MongoDB can only handle up to 8-byte ints")
for val in ["exponent", "modulus"]:
infos[val] = str(infos[val])
res = {'infos': infos}
_fix_infos_size(res)
return res
def _getinfos_ssh_hostkey(spec):
"""Parse SSH host keys."""
infos = {}
data = utils.nmap_decode_data(spec['value'])
for hashtype in ['md5', 'sha1', 'sha256']:
infos[hashtype] = hashlib.new(hashtype, data).hexdigest()
data = utils.parse_ssh_key(data)
keytype = infos["algo"] = next(data).decode()
if keytype == "ssh-rsa":
try:
infos["exponent"], infos["modulus"] = (
long(utils.encode_hex(elt), 16) for elt in data
)
except Exception:
utils.LOGGER.info("Cannot parse SSH host key for record %r", spec,
exc_info=True)
else:
infos["bits"] = math.ceil(math.log(infos["modulus"], 2))
# convert integer to strings to prevent overflow errors
# (e.g., "MongoDB can only handle up to 8-byte ints")
for val in ["exponent", "modulus"]:
infos[val] = str(infos[val])
elif keytype == 'ecdsa-sha2-nistp256':
infos['bits'] = 256
elif keytype == 'ssh-ed25519':
infos['bits'] = len(next(data)) * 8
return {'infos': infos}
def store_scan_doc(self, scan):
scan = scan.copy()
if 'start' in scan:
scan['start'] = datetime.datetime.utcfromtimestamp(
int(scan['start']))
if 'scaninfos' in scan:
scan["scaninfo"] = scan.pop('scaninfos')
scan["sha256"] = utils.decode_hex(scan.pop('_id'))
insrt = insert(self.tables.scanfile).values(**dict(
(key, scan[key]) for key in [
'sha256', 'args', 'scaninfo', 'scanner', 'start', 'version',
'xmloutputversion'
] if key in scan))
if config.DEBUG:
scanfileid = self.db.execute(
insrt.returning(self.tables.scanfile.sha256)).fetchone()[0]
utils.LOGGER.debug("SCAN STORED: %r", utils.encode_hex(scanfileid))
else:
self.db.execute(insrt)
def process(value):
if not value:
return self.python_type(b"")
if isinstance(value, str) and INTERNAL_IP_PY2.search(value):
return self.python_type(value)
return self.python_type(utils.encode_hex(utils.ip2bin(value)))
def data2key(data):
data = utils.parse_ssh_key(data)
_, exp, mod = (next(data), # noqa: F841 (_)
long(utils.encode_hex(next(data)), 16),
long(utils.encode_hex(next(data)), 16))
return RSA.construct((mod, exp))
def info_from_vendorid(payload, service, output):
name = find_ike_vendor_id(payload[4:])
if name is not None:
if name.startswith(b"Windows-"):
service["service_product"] = "Microsoft/Cisco IPsec"
service["service_version"] = name.decode().replace("-", " ")
service["service_ostype"] = "Windows"
elif name == b"Windows":
service["service_product"] = "Microsoft/Cisco IPsec"
service["service_ostype"] = "Windows"
elif name.startswith(b"Firewall-1 "):
service["service_product"] = "Checkpoint VPN-1/Firewall-1"
service["service_version"] = name.decode().split(None, 1)[1]
service["service_devicetype"] = "security-misc"
elif name.startswith(b"SSH IPSEC Express "):
service[
"service_product"] = "SSH Communications Security IPSec Express"
service["service_version"] = name.decode().split(None, 3)[3]
elif name.startswith(b"SSH Sentinel"):
service["service_product"] = "SSH Communications Security Sentinel"
version = name[13:].decode()
if version:
service["service_version"] = version
elif name.startswith(b"SSH QuickSec"):
service["service_product"] = "SSH Communications Security QuickSec"
version = name[13:].decode()
if version:
service["service_version"] = version
elif name.startswith(b"Cisco VPN Concentrator"):
service["service_product"] = "Cisco VPN Concentrator"
version = name[24:-1].decode()
if version:
service["service_version"] = version
elif name.startswith(b"SafeNet SoftRemote"):
service["service_product"] = "SafeNet Remote"
version = name[19:].decode()
if version:
service["service_version"] = version
elif name == b"KAME/racoon":
service["service_product"] = "KAME/racoon/IPsec Tools"
elif name == b"Nortel Contivity":
service["service_product"] = "Nortel Contivity"
service["service_devicetype"] = "firewall"
elif name.startswith(b"SonicWall-"):
service["service_product"] = "SonicWall"
elif name.startswith(b"strongSwan"):
service["service_product"] = "strongSwan"
# for some reason in the fingerprints file, strongSwan ==
# strongSwan 4.3.6
service["service_version"] = name[11:].decode() or "4.3.6"
service["service_ostype"] = "Unix"
elif name == b"ZyXEL ZyWall USG 100":
service["service_product"] = "ZyXEL ZyWALL USG 100"
service["service_devicetype"] = "firewall"
elif name.startswith(b"Linux FreeS/WAN "):
service["service_product"] = "FreeS/WAN"
service["service_version"] = name.decode().split(None, 2)[2]
service["service_ostype"] = "Unix"
elif name.startswith(b"Openswan ") or name.startswith(
b"Linux Openswan "):
service["service_product"] = "Openswan"
version = name.split(b"Openswan ", 1)[1].decode().split(None, 1)
service["service_version"] = version[0]
if len(version) == 2:
service["service_extrainfo"] = version[1]
service["service_ostype"] = "Unix"
elif name in [
b"FreeS/WAN or OpenSWAN", b"FreeS/WAN or OpenSWAN or Libreswan"
]:
service["service_product"] = "FreeS/WAN or Openswan or Libreswan"
service["service_ostype"] = "Unix"
elif name.startswith(b"Libreswan "):
service["service_product"] = "Libreswan"
service["service_version"] = name.decode().split(None, 1)[1]
service["service_ostype"] = "Unix"
elif name == b"OpenPGP":
service["service_product"] = name.decode()
elif name in [
b"FortiGate", b"ZyXEL ZyWALL Router", b"ZyXEL ZyWALL USG 100"
]:
service["service_product"] = name.decode()
service["service_devicetype"] = "firewall"
elif name.startswith(b"Netscreen-"):
service["service_product"] = "Juniper"
service["service_ostype"] = "NetScreen OS"
service["service_devicetype"] = "firewall"
elif name.startswith(b"StoneGate-"):
service["service_product"] = "StoneGate"
service["service_devicetype"] = "firewall"
elif name.startswith(b"Symantec-Raptor"):
service["service_product"] = "Symantec-Raptor"
version = name[16:].decode()
if version:
service["service_version"] = version
service["service_devicetype"] = "firewall"
elif name == b"Teldat":
service["service_product"] = name.decode()
service["service_devicetype"] = "broadband router"
entry = {"value": encode_hex(payload[4:]).decode()}
if name is not None:
entry["name"] = name.decode()
output.setdefault("vendor_ids", []).append(entry)
def data2key(self, data):
data = self._data2key(data)
_, exp, mod = (next(data), long(utils.encode_hex(next(data)), 16),
long(utils.encode_hex(next(data)), 16))
return RSA.construct((mod, exp))
def info_from_vendorid(payload, service, output):
name = find_ike_vendor_id(payload[4:])
if name is not None:
if name.startswith(b'Windows-'):
service['service_product'] = "Microsoft/Cisco IPsec"
service['service_version'] = name.decode().replace('-', ' ')
service['service_ostype'] = "Windows"
elif name == b'Windows':
service['service_product'] = "Microsoft/Cisco IPsec"
service['service_ostype'] = "Windows"
elif name.startswith(b'Firewall-1 '):
service['service_product'] = 'Checkpoint VPN-1/Firewall-1'
service['service_version'] = name.decode().split(None, 1)[1]
service['service_devicetype'] = 'security-misc'
elif name.startswith(b'SSH IPSEC Express '):
service['service_product'] = ('SSH Communications Security IPSec '
'Express')
service['service_version'] = name.decode().split(None, 3)[3]
elif name.startswith(b'SSH Sentinel'):
service['service_product'] = 'SSH Communications Security Sentinel'
version = name[13:].decode()
if version:
service['service_version'] = version
elif name.startswith(b'SSH QuickSec'):
service['service_product'] = 'SSH Communications Security QuickSec'
version = name[13:].decode()
if version:
service['service_version'] = version
elif name.startswith(b'Cisco VPN Concentrator'):
service['service_product'] = 'Cisco VPN Concentrator'
version = name[24:-1].decode()
if version:
service['service_version'] = version
elif name.startswith(b'SafeNet SoftRemote'):
service['service_product'] = 'SafeNet Remote'
version = name[19:].decode()
if version:
service['service_version'] = version
elif name == b'KAME/racoon':
service['service_product'] = 'KAME/racoon/IPsec Tools'
elif name == b'Nortel Contivity':
service['service_product'] = 'Nortel Contivity'
service['service_devicetype'] = 'firewall'
elif name.startswith(b'SonicWall-'):
service['service_product'] = 'SonicWall'
elif name.startswith(b'strongSwan'):
service['service_product'] = 'strongSwan'
# for some reason in the fingerprints file, strongSwan ==
# strongSwan 4.3.6
service['service_version'] = name[11:].decode() or '4.3.6'
service['service_ostype'] = 'Unix'
elif name == b'ZyXEL ZyWall USG 100':
service['service_product'] = 'ZyXEL ZyWALL USG 100'
service['service_devicetype'] = 'firewall'
elif name.startswith(b'Linux FreeS/WAN '):
service['service_product'] = 'FreeS/WAN'
service['service_version'] = name.decode().split(None, 2)[2]
service['service_ostype'] = 'Unix'
elif (name.startswith(b'Openswan ') or
name.startswith(b'Linux Openswan ')):
service['service_product'] = 'Openswan'
version = name.split(b'Openswan ', 1)[1].decode().split(None, 1)
service['service_version'] = version[0]
if len(version) == 2:
service['service_extrainfo'] = version[1]
service['service_ostype'] = 'Unix'
elif name in [b'FreeS/WAN or OpenSWAN',
b'FreeS/WAN or OpenSWAN or Libreswan']:
service['service_product'] = 'FreeS/WAN or Openswan or Libreswan'
service['service_ostype'] = 'Unix'
elif name.startswith(b'Libreswan '):
service['service_product'] = 'Libreswan'
service['service_version'] = name.decode().split(None, 1)[1]
service['service_ostype'] = 'Unix'
elif name == b'OpenPGP':
service['service_product'] = name.decode()
elif name in [b'FortiGate', b'ZyXEL ZyWALL Router',
b'ZyXEL ZyWALL USG 100']:
service['service_product'] = name.decode()
service['service_devicetype'] = 'firewall'
elif name.startswith(b'Netscreen-'):
service['service_product'] = 'Juniper'
service['service_ostype'] = 'NetScreen OS'
service['service_devicetype'] = 'firewall'
elif name.startswith(b'StoneGate-'):
service['service_product'] = 'StoneGate'
service['service_devicetype'] = 'firewall'
elif name.startswith(b'Symantec-Raptor'):
service['service_product'] = 'Symantec-Raptor'
version = name[16:].decode()
if version:
service['service_version'] = version
service['service_devicetype'] = 'firewall'
elif name == b'Teldat':
service['service_product'] = name.decode()
service['service_devicetype'] = 'broadband router'
entry = {'value': encode_hex(payload[4:]).decode()}
if name is not None:
entry["name"] = name.decode()
output.setdefault('vendor_ids', []).append(entry)
def info_from_vendorid(payload, service, output):
name = find_ike_vendor_id(payload[4:])
if name is not None:
if name.startswith(b'Windows-'):
service['service_product'] = "Microsoft/Cisco IPsec"
service['service_version'] = name.decode().replace('-', ' ')
service['service_ostype'] = "Windows"
elif name == b'Windows':
service['service_product'] = "Microsoft/Cisco IPsec"
service['service_ostype'] = "Windows"
elif name.startswith(b'Firewall-1 '):
service['service_product'] = 'Checkpoint VPN-1/Firewall-1'
service['service_version'] = name.decode().split(None, 1)[1]
service['service_devicetype'] = 'security-misc'
elif name.startswith(b'SSH IPSEC Express '):
service['service_product'] = 'SSH Communications Security IPSec Express'
service['service_version'] = name.decode().split(None, 3)[3]
elif name.startswith(b'SSH Sentinel'):
service['service_product'] = 'SSH Communications Security Sentinel'
version = name[13:].decode()
if version:
service['service_version'] = version
elif name.startswith(b'SSH QuickSec'):
service['service_product'] = 'SSH Communications Security QuickSec'
version = name[13:].decode()
if version:
service['service_version'] = version
elif name.startswith(b'Cisco VPN Concentrator'):
service['service_product'] = 'Cisco VPN Concentrator'
version = name[24:-1].decode()
if version:
service['service_version'] = version
elif name.startswith(b'SafeNet SoftRemote'):
service['service_product'] = 'SafeNet Remote'
version = name[19:].decode()
if version:
service['service_version'] = version
elif name == b'KAME/racoon':
service['service_product'] = 'KAME/racoon/IPsec Tools'
elif name == b'Nortel Contivity':
service['service_product'] = 'Nortel Contivity'
service['service_devicetype'] = 'firewall'
elif name.startswith(b'SonicWall-'):
service['service_product'] = 'SonicWall'
elif name.startswith(b'strongSwan'):
service['service_product'] = 'strongSwan'
# for some reason in the fingerprints file, strongSwan ==
# strongSwan 4.3.6
service['service_version'] = name[11:].decode() or '4.3.6'
service['service_ostype'] = 'Unix'
elif name == b'ZyXEL ZyWall USG 100':
service['service_product'] = 'ZyXEL ZyWALL USG 100'
service['service_devicetype'] = 'firewall'
elif name.startswith(b'Linux FreeS/WAN '):
service['service_product'] = 'FreeS/WAN'
service['service_version'] = name.decode().split(None, 2)[2]
service['service_ostype'] = 'Unix'
elif name.startswith(b'Openswan ') or name.startswith(b'Linux Openswan '):
service['service_product'] = 'Openswan'
version = name.split(b'Openswan ', 1)[1].decode().split(None, 1)
service['service_version'] = version[0]
if len(version) == 2:
service['service_extrainfo'] = version[1]
service['service_ostype'] = 'Unix'
elif name in [b'FreeS/WAN or OpenSWAN',
b'FreeS/WAN or OpenSWAN or Libreswan']:
service['service_product'] = 'FreeS/WAN or Openswan or Libreswan'
service['service_ostype'] = 'Unix'
elif name.startswith(b'Libreswan '):
service['service_product'] = 'Libreswan'
service['service_version'] = name.decode().split(None, 1)[1]
service['service_ostype'] = 'Unix'
elif name == b'OpenPGP':
service['service_product'] = name.decode()
elif name in [b'FortiGate', b'ZyXEL ZyWALL Router',
b'ZyXEL ZyWALL USG 100']:
service['service_product'] = name.decode()
service['service_devicetype'] = 'firewall'
elif name.startswith(b'Netscreen-'):
service['service_product'] = 'Juniper'
service['service_ostype'] = 'NetScreen OS'
service['service_devicetype'] = 'firewall'
elif name.startswith(b'StoneGate-'):
service['service_product'] = 'StoneGate'
service['service_devicetype'] = 'firewall'
elif name.startswith(b'Symantec-Raptor'):
service['service_product'] = 'Symantec-Raptor'
version = name[16:].decode()
if version:
service['service_version'] = version
service['service_devicetype'] = 'firewall'
elif name == b'Teldat':
service['service_product'] = name.decode()
service['service_devicetype'] = 'broadband router'
entry = {'value': encode_hex(payload[4:]).decode()}
if name is not None:
entry["name"] = name.decode()
output.setdefault('vendor_ids', []).append(entry)
def data2key(self, data):
data = self._data2key(data)
_, exp, mod = (next(data),
long(utils.encode_hex(next(data)), 16),
long(utils.encode_hex(next(data)), 16))
return RSA.construct((mod, exp))
