def _getetcfqdn(precheck, report):
fqdn = {}
for root, dir, file in walk("/etc"):
for item in file:
try:
f = open(root + "/" + item, "r")
content = f.readlines()
f.close()
for line in content:
if not re.match("[#;<]", line.strip()):
line = " ".join(line.strip().split())
for part in line.split():
if not "@" in part and not "-" in part:
names = re.findall(
"[a-z0-9-]{1,63}(?:\.[a-z0-9-]{1,63})+"
"\.[a-z0-9-]{1,63}", part)
if names:
for name in names:
if re.search("\D", name.replace(
".", "")) and not name in fqdn:
fqdn[name] = [
"{}/{}".format(root, item),
line
]
except:
pass
total = len(fqdn)
print(
"\nThere are {} possible FQDN in /etc. It's possible to do a DNS query "
"in order to detect real FQDN, but it could take some time. Do you want"
" to continue with ? (y/N) ".format(total),
end="")
ans = str(input()).lower().lstrip()
if len(ans) > 0 and 'y' in ans[0]:
detail = "\nFQDN found:\n"
ipcounter = 0
for idx, item in enumerate(fqdn):
ipaddr = precheck.nslookup(item)
percentagebar(total, idx)
if ipaddr:
ipcounter += 1
report.infrastructure(ipaddr, "FQDN {}".format(item))
report.infrastructure(
ipaddr,
"Found in file {}: {}".format(fqdn[item][0],
fqdn[item][1]))
detail += " |__{} ({})\n".format(item, ipaddr)
percentagebar(total, total)
summ = " |__{} FQDN found\n".format(ipcounter)
else:
summ = ""
detail = ""
return summ, detail
def _checkpermissions(precheck, report):
stickydirs = []
alluserwrite = []
readerrors = []
suidperm = []
guidperm = []
# Percentage calculate
directories = ['/'+x for x in listdir("/") if isdir("/"+x)]
total = len(directories)
# Check directories with write permissions and sticky bit
for root, dirs, files in walk("/"):
if root in directories:
directories.remove(root)
percentagebar(total, total-len(directories))
if files:
init = root.split("/")[1]
if init not in ["dev", "proc", "sys", "run"]:
for item in files:
filename = root + "/" + item
try:
perm = stat(filename)
if perm.st_uid == 0:
ownerroot = True
else:
ownerroot = False
if perm.st_gid == 0:
grouproot = True
else:
grouproot = False
perm = perm.st_mode
writeall = perm & 0o2
suid = perm & 0o4000
sgid = perm & 0o2000
if writeall:
alluserwrite.append(filename)
if suid:
suidperm.append([filename, ownerroot])
if sgid:
guidperm.append([filename, grouproot])
except Exception as e:
readerrors.append(str(e))
if dirs:
for item in dirs:
filename = root + "/" + item
try:
perm = stat(filename).st_mode
writeall = perm & 0o2
sticky = perm & 0o1000
if writeall and not sticky:
stickydirs.append(filename)
except Exception as e:
readerrors.append(str(e))
return stickydirs, alluserwrite, readerrors, suidperm, guidperm
def scaninfrastructure(report, precheck, mask):
# arp scan of local network
if precheck.root:
try:
report.log("DEBUG", "Scan local networks started")
if not report.ifaces:
_getnetinfo(report, precheck)
totalip = 0
for iface in report.ifaces:
if len(report.ifaces[iface]) > 1 and iface != "lo" and \
int(report.ifaces[iface][1].split("/")[1]) >= mask:
totalip += pow(
2, 32 - int(report.ifaces[iface][1].split("/")[1]))
print(
"\nThere are {} possible ips in all subnets to scan with a /{} "
"mask or smaller. It could take some time. Do you want to "
"continue with ? (y/N) ".format(totalip, mask),
end="")
ans = str(input()).lower().lstrip()
if len(ans) > 0 and 'y' in ans[0]:
summ = "\nARP scan:\n"
detailed = detailheader("ARP Scan")
counter = 0
total = len(report.ifaces)
for iface in report.ifaces:
percentagebar(total, counter)
if len(report.ifaces[iface]) > 1 and iface != "lo" and \
int(report.ifaces[iface][1].split("/")[1]) > 22:
_localnetworkarpscan(iface, report.ifaces[iface][0],
report.ifaces[iface][1])
counter += 1
percentagebar(total, counter)
for item in sorted(ipmac):
summ += " |__IP: {:16} [{}]\n".format(
str(item), ipmac[item])
if report.infrastructure(ip_address(item),
"MAC {}".format(ipmac[item])):
detailed += " IP: {:16} MAC: {}\n".format(
str(item), ipmac[item])
report.summarized(5, summ)
report.detailed(5, detailed)
report.log("DEBUG", "Scan local networks completed")
except Exception as e:
report.log("ERROR", "Can't finish local networks scan")
report.log("DEBUG", str(e))
report.log("DEBUG", traceback.format_exc())
else:
report.log("INFO",
"You don't have root permission to scan local networks")
# Scan ports
try:
report.log("DEBUG", "Port scan started")
summ, detail = _portscan(report, precheck)
report.summarized(5, summ)
report.detailed(5, detail)
report.log("DEBUG", "Port scan completed")
except Exception as e:
report.log("ERROR", "Can't scan ports")
report.log("DEBUG", str(e))
report.log("DEBUG", traceback.format_exc())
def _portscan(report, precheck):
detail = detailheader("Port scan")
summ = "\nPort scan:\n"
summ += " |__Total IPs in infrastructure: {}\n".format(
len(report.infrastructure_data))
detail += "\nTotal IPs in infrastructure: {}\n".format(
len(report.infrastructure_data))
localmachine = []
localnetwork = []
iptables = []
outconns = []
inconns = []
carvips = []
carvfqdn = []
for item in sorted(report.infrastructure_data):
if "Local machine" in report.infrastructure_data[item]:
localmachine.append(item)
elif [
x for x in report.infrastructure_data[item]
if x.startswith("IPTables")
]:
iptables.append(item)
elif [
x for x in report.infrastructure_data[item]
if x.startswith("Connected at")
]:
outconns.append(item)
elif [
x for x in report.infrastructure_data[item]
if x.startswith("Connected in")
]:
inconns.append(item)
elif [
x for x in report.infrastructure_data[item]
if x.startswith("MAC")
]:
localnetwork.append(item)
elif [
x for x in report.infrastructure_data[item]
if x.startswith("Named")
]:
carvips.append(item)
elif [
x for x in report.infrastructure_data[item]
if x.startswith("Found")
]:
carvfqdn.append(item)
print(
"\n(a) TOTAL IPs: {:>10}\n(m) Local machine IPs: {:>5}\n(f) IPTables allowed: {:>5}\n"
"(o) Outgoing connections: {:>3}\n(i) Incoming connections: {:>3}\n"
"(n) Local network IPs: {:>5}\n(x) Carved IPs: {:>9}"
"\n(y)Carved FQDN: {:>8}".format(len(report.infrastructure_data),
len(localmachine), len(iptables),
len(outconns), len(inconns),
len(localnetwork), len(carvips),
len(carvfqdn)))
print(
"What kind of IPs do you want to scan (write one or several letters): ",
end="")
ans = str(input()).lower().lstrip()
scanlist = []
if 'a' in ans:
scanlist = sorted(report.infrastructure_data)
else:
if 'm' in ans:
scanlist += localmachine
if 'n' in ans:
scanlist += localnetwork
if 'o' in ans:
scanlist += outconns
if 'i' in ans:
scanlist += inconns
if 'x' in ans:
scanlist += carvips
if 'y' in ans:
scanlist += carvfqdn
summ += " |__Total IPs to scan: {}\n".format(len(scanlist))
detail += "\nTotal IPs to scan: {}\n".format(len(scanlist))
portcounter = 0
total = len(scanlist)
for idx, item in enumerate(scanlist):
percentagebar(total, idx)
detail += "\n{}\n".format(item)
result = _ipscan(item, precheck)
for port in result:
detail += " |__{:5} - {}\n".format(port,
precheck.portnames[port][1])
report.infrastructure(
item,
"Port TCP {} open ({})".format(port,
precheck.portnames[port][1]))
portcounter += 1
percentagebar(total, total)
summ += " |__{} open ports found\n".format(portcounter)
return summ, detail
def _getetc(report):
detail = detailheader("/etc information")
summ = "\n/etc information:\n"
# Percentage calculate
dirs = ['/etc/' + x for x in listdir("/etc") if isdir("/etc/" + x)]
total = len(dirs)
ipscounter = 0
detail += "\nIP found:\n"
for root, dir, file in walk("/etc"):
if root in dirs:
dirs.remove(root)
percentagebar(total, total - len(dirs))
for item in file:
if not "dhcpd" in item:
try:
f = open(root + "/" + item, "r")
content = f.readlines()
f.close()
for line in content:
ips = re.findall("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}",
line)
ips2 = ips.copy()
for data in ips2:
try:
socket.inet_aton(data)
if data.startswith("169.254"):
ips.remove(data)
elif int(data.split(".")[0]) > 223 or int(
data.split(".")[0]) == 0:
ips.remove(data)
elif int(data.split(".")[3]) == 0:
ips.remove(data)
elif line.split(data)[1].startswith("/") and \
not line.split(data)[1].startswith("/32"):
ips.remove(data)
elif re.match("[\d.]", line.split(data)[1][0]):
ips.remove(data)
elif len(line.split(data)[0]) > 0:
if re.match("[\d.]",
line.split(data)[0][-1]):
ips.remove(data)
except socket.error:
ips.remove(data)
if ips:
if not re.match("[#;]", line.split(ips[0])[0]) and \
not "version" in line.split(ips[0])[0].lower():
line = " ".join(line.strip().split())
for data in ips:
detail += " |__{} named in file '{}/{}'\n".format(
data, root, item)
report.infrastructure(
ip_address(data),
"Named in file '{}/{}' "
"({})".format(root, item, line))
ipscounter += 1
except:
pass
percentagebar(total, total)
summ += " |__{} ips found in /etc directory\n".format(ipscounter)
return summ, detail