def main(): """ Main method to control the program flow """ # set runtime name Vault.set_runtime_name(Util.datetime_to_string()) # create runtime directory mkdir(f"{SESSION_CACHE_PATH}/{Vault.get_runtime_name()}") # set up threading Thread.set_interrupt(False) event = threading.Event() # start threads manager_thread = manager(event) Escapy.async_sniff(custom_action) # menu info_data = [ f"{RED}Sniffer is running but not saving anything locally{RESET}", f"{GREEN}Sniffer is running saving packets locally{RESET}" ] option = [ "Type \"start\" to start saving: ", "Type \"stop\" to stop saving: " ] while True: print(info_data[0 if not Vault.get_saving() else 1], end="\n") print( f"Dashboard: {YELLOW}http://127.0.0.1:8000{RESET} | \'q\' to stop") user_input = input(option[0 if not Vault.get_saving() else 1]) if not Vault.get_saving() and user_input == "start": Util.start_saving() elif Vault.get_saving() and user_input == "stop": Util.stop_saving() elif user_input == "q": break else: print(f"{YELLOW}Invalid option{RESET}", end="\n\n") # SAVE TO FILE IF PROGRAM ENDED AND SAVING IS TRUE if Vault.get_saving(): Util.stop_saving() # interrupt threads Thread.set_interrupt(True) event.set() Escapy.stop() # wait for threads to complete manager_thread.join()
def index(): ''' If method == GET , returns HTML Page If method == POST, returns data for protocl piechart ''' if request.method != "POST": return render_template("index.html", status=Vault.get_saving()) global COMMON_PROTOCOLS protocol_dict = {} for header in Vault.get_session_headers(): if 'TCP' in header or 'UDP' in header: header_list = header[4:].replace('_', '-').split('-') if header_list[1] in COMMON_PROTOCOLS or header_list[ 3] in COMMON_PROTOCOLS: try: prot = COMMON_PROTOCOLS[header_list[1]] except Exception: prot = COMMON_PROTOCOLS[header_list[3]] protocol_dict[prot] = protocol_dict[ prot] + 1 if prot in protocol_dict else 1 else: protocol_dict["Other"] = protocol_dict[ "Other"] + 1 if "Other" in protocol_dict else 1 else: protocol_dict["Other"] = protocol_dict[ "Other"] + 1 if "Other" in protocol_dict else 1 return jsonify(protocol_dict)
def view_arp(): '''returns arp page''' arp_sessions = [ session for session in Vault.get_session_headers() if 'ARP' in session ] return render_template("viewarp.html", arp_sessions=arp_sessions, status=Vault.get_saving())
def view_udp(): '''returns UDP stream page''' udp_sessions = get_formatted_header('UDP') payload = None return render_template("viewudp.html", udp_sessions=udp_sessions, payload=payload, status=Vault.get_saving())
def view_tcp(): '''returns TCP stream page''' tcp_sessions = get_formatted_header('TCP') payload = None return render_template("viewtcp.html", tcp_sessions=tcp_sessions, payload=payload, status=Vault.get_saving())
def logs(): ''' If method == GET , returns logs page If method == POST, returns content of selected rule file ''' if request.method == "POST": message = Util.tail(LOG_FILE, 20) return message return render_template("logs.html", status=Vault.get_saving())
def savefile(): ''' returns viewfile page with all the saved files ''' pcap_files = [ f for f in listdir(CAP_PATH) if isfile(join(CAP_PATH, f)) if f[-4:] == ".cap" ] carved_files = [ f for f in listdir(CARVED_DIR) if isfile(join(CARVED_DIR, f)) ] return render_template("viewfile.html", pcap_files=pcap_files, carved_files=carved_files, status=Vault.get_saving())
def add_rule(): ''' If method == GET , returns addrule page If method == POST, creates yara rule , and return back to page ''' if request.method == "POST": filename = request.form["filename"] author = request.form["author"] rule_name = request.form["rulename"] tag = request.form["tag"] description = request.form["description"] strings = request.form["strings"] condition = request.form["condition"] # save to yara config Rule.create_rule(filename, author, rule_name, tag, description, strings, condition) return redirect(request.url) return render_template("addrule.html", status=Vault.get_saving())
def network(): ''' If method == GET , returns network mapping page If method == POST, returns mapping_dict,ip_list,mal_list for network mapping ''' if request.method == "POST": mal_list = [] mapping, ip_list = Vault.get_mapping() flagged_dict = Vault.get_flagged() for _, obj in flagged_dict.items(): if 'endpoint' in obj.identifier: for match in obj.strings: mal_list.append(match[2].decode('utf-8')) return jsonify(mapping, ip_list, mal_list) return render_template("network.html", status=Vault.get_saving(), data=Vault.get_mapping())
def flagged(): ''' If method == GET , returns flagged page If method == POST, returns payload of flagged packet ''' if request.method == "POST": key = request.json["data"].strip() flagged_dict = Vault.get_flagged() flagged_obj = flagged_dict[key] if flagged_obj.identifier == "payload": return flagged_obj.payload strings_list = [] for i in range(len(flagged_obj.strings)): strings_list.append( (flagged_obj.strings[i][0], flagged_obj.strings[i][0], flagged_obj.strings[i][2].decode('utf-8'))) return jsonify(strings_list) return render_template("flagged.html", flagged_packets=Vault.get_flagged(), status=Vault.get_saving())
def yara_rules(): ''' If method == GET , returns rule page If method == POST, returns content of selected rule file ''' threat_rules = YaraFiles.get_threat_rules() mal_rules = YaraFiles.get_mal_rules() custom_rules = YaraFiles.get_custom_rules() if request.method == "POST": file_name = request.data.decode('utf-8') if file_name in threat_rules: return threat_rules[file_name] elif file_name in mal_rules: return mal_rules[file_name] elif file_name in custom_rules: return custom_rules[file_name] return "Yara File Not Found" return render_template("viewrules.html", threat_rules=threat_rules.keys(), mal_rules=mal_rules.keys(), custom_rules=custom_rules.keys(), status=Vault.get_saving())