def readFile(hostFile, portnames):
#open switch list file for reading
p0f = open(hostFile, "r")
output = dict()
#read each host and perform actions, sequentially
lines = p0f.readlines()
synAckSet = set()
for i in range(0, len(lines)):
osInfo = None
line = re.findall(r'\|([\w\d\.\=\/?:\+\s]+)', lines[i])
if (line != None):
mod = re.search(r'mod=([\w\+]*)', lines[i]).group(1).strip()
date = re.search(r'^\[(\d+\/\d+\/\d+)', lines[i]).group(1).strip()
cli = line[0].strip('cli=').split('/')[0]
#cliport=line[0].strip('cli=').split('/')[1]
srv = line[1].strip('srv=').split('/')[0]
srvport = line[1].strip('cli=').split('/')[1]
#if(int(srvport)>10000):srvport='0'
subj = line[2].partition('=')[2]
portN = ''
if ((srvport, 'tcp') in portnames):
portN = portnames.get((srvport, 'tcp'))
if (tools.isEqual(mod, 'syn') or tools.isEqual(mod, 'syn+ack')):
os = line[3].partition('=')[2]
if ('and' in os):
os = os.split('and')[0]
elif ('or' in os):
os = os.split('or')[0]
if ('Microsoft' in os or 'Windows' in os):
platform = 'Windows'
duplicatesL = paperRUN.winDuplicatesL
versionL = paperRUN.winVersionL
else:
platform = 'Linux'
duplicatesL = paperRUN.linDuplicatesL
versionL = []
if (os != None and os != '' and os != '???'):
osInfo = paperRUN.getStandardOpsysName(
os, platform, duplicatesL, versionL, paperRUN.coll,
paperRUN.collAssoc, paperRUN.con)
dist = line[4].partition('=')[2]
param = line[5].partition('=')[2]
if ('NMap' not in os and 'scan' not in os
and int(srvport) < 49152):
synAckSet.add(
(cli, srv, subj, ' '.join(osInfo), dist, srvport))
output['p0f'] = synAckSet
p0f.close()
return output
def hosts(dataFile):
tree = ET.parse(dataFile)
root = tree.getroot()
hostsDict = dict()
#id_counter = count()
for i in root.findall("nodes/node"):
tempCVEL = []
services = dict()
opsys = dict()
nodeName = i.find("names/name")
if (nodeName is not None): nodeName = nodeName.text
address = i.get("address")
riskScore = i.get("risk-score")
id_counter = count()
for e in i.findall("endpoints/endpoint"):
serviceProtocol = e.get("protocol").strip("?")
servicePort = e.get("port")
sn = e.find("services/service")
serviceName = sn.get("name").strip("?")
services[servicePort] = {
# 'servicePort': servicePort,
'protocol': serviceProtocol,
"serviceName": serviceName
}
collected = set()
for o in i.findall("tests/test"):
id = o.get("id")
cveR = []
cve = None
cveR = re.findall(r'cve-[0-9]{4}-[0-9]*', id)
if (len(cveR) == 1):
cve = cveR[0]
if (cve != None):
tempCVEL.append(cve)
for o in i.findall("fingerprints/os"):
osVendor = o.get("vendor")
osFamily = o.get("family")
osProduct = o.get("product")
osVersion = o.get("version")
osArch = o.get("arch")
osCertainty = o.get("certainty")
if (osVersion == None):
standardName = str(osVendor) + ' ' + str(osProduct)
elif (osVersion != None):
if (tools.isEqual(osVendor, osProduct)):
standardName = str(osProduct) + ' ' + str(osVersion)
else:
standardName = str(osVendor) + ' ' + str(
osProduct) + ' ' + str(osVersion)
#print(standardName)
# Add host
if (standardName not in collected):
if ('Microsoft' in standardName or 'Windows' in standardName):
platform = 'Windows'
duplicatesL = paperRUN.winDuplicatesL
versionL = paperRUN.winVersionL
else:
platform = 'Linux'
duplicatesL = paperRUN.linDuplicatesL
versionL = []
osInfo = paperRUN.getStandardOpsysName(standardName, platform,
duplicatesL, versionL,
paperRUN.coll,
paperRUN.collAssoc,
paperRUN.con)
opsys[generate_id(id_counter)] = {
'standardName': osInfo[0],
"osVendor": osVendor,
"osFamily": osFamily,
"osProduct": osProduct,
"osVersion": osInfo[1],
"osArch": osArch,
"osCertainty": osCertainty
}
collected.add(standardName)
hostsDict[address] = {
'name': nodeName,
"opsys": opsys,
"services": services,
'cve': tempCVEL
}
return hostsDict
def hosts(dataFile):
tree = ET.parse(dataFile)
root = tree.getroot()
hostsDict = dict()
report = root.find("Report")
#id_counter = count()
for i in report.findall("ReportHost"):
collected = set()
services = dict()
opsys = dict()
osName = None
cpe = None
nodeName = None
id_counter = count()
address = i.get('name')
for r in i.findall("ReportItem"):
if ((r.get("port")) != 0):
servicePort = r.get("port")
serviceName = r.get("svc_name").replace('?', '')
serviceProtocol = r.get("protocol").replace('?', '')
services[servicePort] = {
'protocol': serviceProtocol,
"serviceName": serviceName
}
for t in i.findall("HostProperties/tag"):
#if ((t.get("name")) == "operating-system"): osName = t.text.replace('\n','').strip()
if ((t.get("name")) == "operating-system"):
osName = t.text.split('(')[0].split('\n')[0].strip(
) #Actually there are multiple options which could be broken down
if ((t.get("name")) == "cpe-0"):
cpe = t.text.split('->')[0].strip()
if ((t.get("name")) == "netbios-name"): nodeName = t.text
# Add host
addedName = re.findall(r"on (.*)", osName)
if (len(addedName) != 0):
standardName = addedName[0].replace('release ', '')
else:
standardName = osName
#print(standardName)
if ('Microsoft' in osName or 'Windows' in osName):
platform = 'Windows'
duplicatesL = paperRUN.winDuplicatesL
versionL = paperRUN.winVersionL
cutOff = []
else:
platform = 'Linux'
duplicatesL = paperRUN.linDuplicatesL
versionL = []
vercutOff = paperRUN.linVerCutoff
if (standardName not in collected):
#paperRUN.winBlckL, paperRUN.coll,paperRUN.collAssoc, paperRUN.con
osInfo = paperRUN.getStandardOpsysName(standardName, platform,
duplicatesL, versionL,
paperRUN.coll,
paperRUN.collAssoc,
paperRUN.con)
osName = osInfo[0]
osVersion = osInfo[1]
opsys[generate_id(id_counter)] = {
"osCPE": cpe,
"osProduct": osName,
"osVersion": osVersion,
"nodeName": nodeName,
'standardName': standardName
}
collected.add(standardName)
hostsDict[address] = {
'name': nodeName,
"opsys": opsys,
"services": services
}
return hostsDict
def hosts(dataFile):
nmapTree = ET.parse(dataFile)
nmapRoot = nmapTree.getroot()
hostsDict = dict()
#id_counter = count()
for i in nmapRoot.findall("host"):
services = dict()
opsys = dict()
collected = set()
state = i.find("status")
if state.get("state") == "up":
addrType = i.find("address")
id_counter = count()
if addrType.get("addrtype") == "ipv4":
address = addrType.get('addr')
if i.find('os/osmatch') != None:
osName = i.find('os/osmatch').get('name').split(
'or')[0].split('-')[0]
osData = i.find("os/osmatch/osclass")
osVendor = osData.get("vendor")
osFamily = osData.get('osfamily')
osGen = osData.get('osgen')
osCertainty = None
if osData.get('accuracy') != None:
osCertainty = float(osData.get('accuracy')) / 100
if (osName not in collected):
if ('Microsoft' in osName or 'Windows' in osName):
platform = 'Windows'
duplicatesL = paperRUN.winDuplicatesL
versionL = paperRUN.winVersionL
else:
platform = 'Linux'
duplicatesL = paperRUN.linDuplicatesL
versionL = []
osInfo = paperRUN.getStandardOpsysName(
osName, platform, duplicatesL, versionL,
paperRUN.coll, paperRUN.collAssoc, paperRUN.con)
opsys[generate_id(id_counter)] = {
'osInfo': ' '.join(osInfo),
"osName": osName, #.split('(')[0],
"osVendor": osVendor,
"osFamily": osFamily,
"osVersion": osGen,
"osCertainty": osCertainty
}
#print(osName.split('(')[0])
collected.add(osName)
for p in i.findall('ports/port'):
servicePort = p.get('portid')
serviceProtocol = p.get('protocol')
serviceName = p.find('service').get('name')
serviceSoftware = p.find('service').get('product')
serviceState = p.find('state').get('state')
services[servicePort] = {
# 'servicePort': servicePort,
'protocol': serviceProtocol,
"serviceName": serviceName,
"serviceSoftware": serviceSoftware,
"serviceState": serviceState
}
hostsDict[address] = {"opsys": opsys, "services": services}
else:
continue
return hostsDict