def _getetcfqdn(precheck, report): fqdn = {} for root, dir, file in walk("/etc"): for item in file: try: f = open(root + "/" + item, "r") content = f.readlines() f.close() for line in content: if not re.match("[#;<]", line.strip()): line = " ".join(line.strip().split()) for part in line.split(): if not "@" in part and not "-" in part: names = re.findall( "[a-z0-9-]{1,63}(?:\.[a-z0-9-]{1,63})+" "\.[a-z0-9-]{1,63}", part) if names: for name in names: if re.search("\D", name.replace( ".", "")) and not name in fqdn: fqdn[name] = [ "{}/{}".format(root, item), line ] except: pass total = len(fqdn) print( "\nThere are {} possible FQDN in /etc. It's possible to do a DNS query " "in order to detect real FQDN, but it could take some time. Do you want" " to continue with ? (y/N) ".format(total), end="") ans = str(input()).lower().lstrip() if len(ans) > 0 and 'y' in ans[0]: detail = "\nFQDN found:\n" ipcounter = 0 for idx, item in enumerate(fqdn): ipaddr = precheck.nslookup(item) percentagebar(total, idx) if ipaddr: ipcounter += 1 report.infrastructure(ipaddr, "FQDN {}".format(item)) report.infrastructure( ipaddr, "Found in file {}: {}".format(fqdn[item][0], fqdn[item][1])) detail += " |__{} ({})\n".format(item, ipaddr) percentagebar(total, total) summ = " |__{} FQDN found\n".format(ipcounter) else: summ = "" detail = "" return summ, detail
def _checkpermissions(precheck, report): stickydirs = [] alluserwrite = [] readerrors = [] suidperm = [] guidperm = [] # Percentage calculate directories = ['/'+x for x in listdir("/") if isdir("/"+x)] total = len(directories) # Check directories with write permissions and sticky bit for root, dirs, files in walk("/"): if root in directories: directories.remove(root) percentagebar(total, total-len(directories)) if files: init = root.split("/")[1] if init not in ["dev", "proc", "sys", "run"]: for item in files: filename = root + "/" + item try: perm = stat(filename) if perm.st_uid == 0: ownerroot = True else: ownerroot = False if perm.st_gid == 0: grouproot = True else: grouproot = False perm = perm.st_mode writeall = perm & 0o2 suid = perm & 0o4000 sgid = perm & 0o2000 if writeall: alluserwrite.append(filename) if suid: suidperm.append([filename, ownerroot]) if sgid: guidperm.append([filename, grouproot]) except Exception as e: readerrors.append(str(e)) if dirs: for item in dirs: filename = root + "/" + item try: perm = stat(filename).st_mode writeall = perm & 0o2 sticky = perm & 0o1000 if writeall and not sticky: stickydirs.append(filename) except Exception as e: readerrors.append(str(e)) return stickydirs, alluserwrite, readerrors, suidperm, guidperm
def scaninfrastructure(report, precheck, mask): # arp scan of local network if precheck.root: try: report.log("DEBUG", "Scan local networks started") if not report.ifaces: _getnetinfo(report, precheck) totalip = 0 for iface in report.ifaces: if len(report.ifaces[iface]) > 1 and iface != "lo" and \ int(report.ifaces[iface][1].split("/")[1]) >= mask: totalip += pow( 2, 32 - int(report.ifaces[iface][1].split("/")[1])) print( "\nThere are {} possible ips in all subnets to scan with a /{} " "mask or smaller. It could take some time. Do you want to " "continue with ? (y/N) ".format(totalip, mask), end="") ans = str(input()).lower().lstrip() if len(ans) > 0 and 'y' in ans[0]: summ = "\nARP scan:\n" detailed = detailheader("ARP Scan") counter = 0 total = len(report.ifaces) for iface in report.ifaces: percentagebar(total, counter) if len(report.ifaces[iface]) > 1 and iface != "lo" and \ int(report.ifaces[iface][1].split("/")[1]) > 22: _localnetworkarpscan(iface, report.ifaces[iface][0], report.ifaces[iface][1]) counter += 1 percentagebar(total, counter) for item in sorted(ipmac): summ += " |__IP: {:16} [{}]\n".format( str(item), ipmac[item]) if report.infrastructure(ip_address(item), "MAC {}".format(ipmac[item])): detailed += " IP: {:16} MAC: {}\n".format( str(item), ipmac[item]) report.summarized(5, summ) report.detailed(5, detailed) report.log("DEBUG", "Scan local networks completed") except Exception as e: report.log("ERROR", "Can't finish local networks scan") report.log("DEBUG", str(e)) report.log("DEBUG", traceback.format_exc()) else: report.log("INFO", "You don't have root permission to scan local networks") # Scan ports try: report.log("DEBUG", "Port scan started") summ, detail = _portscan(report, precheck) report.summarized(5, summ) report.detailed(5, detail) report.log("DEBUG", "Port scan completed") except Exception as e: report.log("ERROR", "Can't scan ports") report.log("DEBUG", str(e)) report.log("DEBUG", traceback.format_exc())
def _portscan(report, precheck): detail = detailheader("Port scan") summ = "\nPort scan:\n" summ += " |__Total IPs in infrastructure: {}\n".format( len(report.infrastructure_data)) detail += "\nTotal IPs in infrastructure: {}\n".format( len(report.infrastructure_data)) localmachine = [] localnetwork = [] iptables = [] outconns = [] inconns = [] carvips = [] carvfqdn = [] for item in sorted(report.infrastructure_data): if "Local machine" in report.infrastructure_data[item]: localmachine.append(item) elif [ x for x in report.infrastructure_data[item] if x.startswith("IPTables") ]: iptables.append(item) elif [ x for x in report.infrastructure_data[item] if x.startswith("Connected at") ]: outconns.append(item) elif [ x for x in report.infrastructure_data[item] if x.startswith("Connected in") ]: inconns.append(item) elif [ x for x in report.infrastructure_data[item] if x.startswith("MAC") ]: localnetwork.append(item) elif [ x for x in report.infrastructure_data[item] if x.startswith("Named") ]: carvips.append(item) elif [ x for x in report.infrastructure_data[item] if x.startswith("Found") ]: carvfqdn.append(item) print( "\n(a) TOTAL IPs: {:>10}\n(m) Local machine IPs: {:>5}\n(f) IPTables allowed: {:>5}\n" "(o) Outgoing connections: {:>3}\n(i) Incoming connections: {:>3}\n" "(n) Local network IPs: {:>5}\n(x) Carved IPs: {:>9}" "\n(y)Carved FQDN: {:>8}".format(len(report.infrastructure_data), len(localmachine), len(iptables), len(outconns), len(inconns), len(localnetwork), len(carvips), len(carvfqdn))) print( "What kind of IPs do you want to scan (write one or several letters): ", end="") ans = str(input()).lower().lstrip() scanlist = [] if 'a' in ans: scanlist = sorted(report.infrastructure_data) else: if 'm' in ans: scanlist += localmachine if 'n' in ans: scanlist += localnetwork if 'o' in ans: scanlist += outconns if 'i' in ans: scanlist += inconns if 'x' in ans: scanlist += carvips if 'y' in ans: scanlist += carvfqdn summ += " |__Total IPs to scan: {}\n".format(len(scanlist)) detail += "\nTotal IPs to scan: {}\n".format(len(scanlist)) portcounter = 0 total = len(scanlist) for idx, item in enumerate(scanlist): percentagebar(total, idx) detail += "\n{}\n".format(item) result = _ipscan(item, precheck) for port in result: detail += " |__{:5} - {}\n".format(port, precheck.portnames[port][1]) report.infrastructure( item, "Port TCP {} open ({})".format(port, precheck.portnames[port][1])) portcounter += 1 percentagebar(total, total) summ += " |__{} open ports found\n".format(portcounter) return summ, detail
def _getetc(report): detail = detailheader("/etc information") summ = "\n/etc information:\n" # Percentage calculate dirs = ['/etc/' + x for x in listdir("/etc") if isdir("/etc/" + x)] total = len(dirs) ipscounter = 0 detail += "\nIP found:\n" for root, dir, file in walk("/etc"): if root in dirs: dirs.remove(root) percentagebar(total, total - len(dirs)) for item in file: if not "dhcpd" in item: try: f = open(root + "/" + item, "r") content = f.readlines() f.close() for line in content: ips = re.findall("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", line) ips2 = ips.copy() for data in ips2: try: socket.inet_aton(data) if data.startswith("169.254"): ips.remove(data) elif int(data.split(".")[0]) > 223 or int( data.split(".")[0]) == 0: ips.remove(data) elif int(data.split(".")[3]) == 0: ips.remove(data) elif line.split(data)[1].startswith("/") and \ not line.split(data)[1].startswith("/32"): ips.remove(data) elif re.match("[\d.]", line.split(data)[1][0]): ips.remove(data) elif len(line.split(data)[0]) > 0: if re.match("[\d.]", line.split(data)[0][-1]): ips.remove(data) except socket.error: ips.remove(data) if ips: if not re.match("[#;]", line.split(ips[0])[0]) and \ not "version" in line.split(ips[0])[0].lower(): line = " ".join(line.strip().split()) for data in ips: detail += " |__{} named in file '{}/{}'\n".format( data, root, item) report.infrastructure( ip_address(data), "Named in file '{}/{}' " "({})".format(root, item, line)) ipscounter += 1 except: pass percentagebar(total, total) summ += " |__{} ips found in /etc directory\n".format(ipscounter) return summ, detail