def get_group_contents(grp,ip_addr,sid):
show_group_json = {"name" : grp}
if(apifunctions.group_exist(ip_addr,grp,sid) == False):
#function does not exist so we should bail
return
check_group = apifunctions.api_call(ip_addr, "show-group", show_group_json, sid)
#print(json.dumps(check_group))
grp_size = len(check_group['members']) # oh wow this worked.
#print(grp_size)
for x in range(grp_size):
#print(check_group['members'][x]['name'])
if(check_group['members'][x]['type'] == "host"):
print(check_group['members'][x]['ipv4-address'] + "/32")
elif(check_group['members'][x]['type'] == "network"):
try:
print(check_group['members'][x]['subnet4'] + "/" + str(check_group['members'][x]['mask-length4']))
except:
print(check_group['members'][x]['subnet6'] + "/" + str(check_group['members'][x]['mask-length6']))
elif(check_group['members'][x]['type'] == "group"):
get_group_contents(check_group['members'][x]['name'],ip_addr,sid)
elif(check_group['members'][x]['type'] == "address-range"):
#print(json.dumps(check_group['members'][x]))
startip = check_group['members'][x]['ipv4-address-first']
endip = check_group['members'][x]['ipv4-address-last']
sparts = startip.split('.')
eparts = endip.split('.')
if((sparts[0] == eparts[0]) and (sparts[1] == eparts[1]) and (sparts[2] == eparts[2])):
#we have a < /24 thing
for i in range(int(sparts[3]), int(eparts[3])+1):
print(sparts[0] + "." + sparts[1] + "." + sparts[2] + "." + str(i) + "/32")
if((sparts[0] == eparts[0]) and (sparts[1] == eparts[1]) and (sparts[2] != eparts[2])):
#we have a > 24 but < 16
start3 = int(sparts[2])
end3 = int(eparts[2])
start4 = int(sparts[3])
end4 = int(eparts[3])
for i in range(int(sparts[2]), int(eparts[2])+1):
if(i == start3):
#we're in the first 3rd octet we need to start and start4 and go through 255
for j in range(start4,256):
print(sparts[0] + "." + sparts[1] + "." + str(i) + "." + str(j) + "/32")
elif((i != start3) and (i != end3)):
#in the middle
print(sparts[0] + "." + sparts[1] + "." + str(i) + ".0/24")
#for j in range(0,256):
# print(sparts[0] + "." + sparts[1] + "." + str(i) + "." + str(j)+ "/32")
elif((i != start3) and (i == end3)):
#at the end
for j in range(0,end4+1):
print(sparts[0] + "." + sparts[1] + "." + str(i) + "." + str(j)+ "/32")
else:
print("hit else")
if((sparts[0] == eparts[0]) and (sparts[1] != eparts[1])):
#we have a > 16 but < 8
# if some one does this ... find them and distroy them
start2 = int(sparts[1])
end2 = int(eparts[1])
start3 = int(sparts[2])
end3 = int(eparts[2])
start4 = int(sparts[3])
end4 = int(eparts[3])
for k in range(start2,end2+1):
if(k == start2):
#first 2nd octet
for j in range(start3,256):
#print(sparts[0] + "." + str(k) + "." + str(j) + ".")
if(j == start3):
#beginning
for q in range(start4,256):
print(sparts[0] + "." + str(k) + "." + str(j) + "." + str(q) + "/32")
else:
#do a /24 we're not at end
print(sparts[0] + "." + str(k) + "." + str(j) + ".0/24")
elif((k != start2) and (k != end2)):
#middle 2nd octet
#possible for /16 here ****
print(sparts[0] + "." + str(k) + ".0.0/16")
elif((k != start2) and (k == end2)):
#at the end of the road
for j in range(0,end3+1):
if((j != start3) and (j != end3)):
print(sparts[0] + "." + str(k) + "." + str(j) + ".0/24")
else:
for q in range(0,end4+1):
print(sparts[0] + "." + str(k) + "." + str(j) + "." + str(q) + "/32")
#end of elif(check_group['members'][x]['type'] == "address-range"):
else:
#unknown type of group content
print(check_group['members'][x]['name'])
print(check_group['members'][x]['type'])
def do_logout(self):
time.sleep(10)
logout_result = apifunctions.api_call(self.mds, "logout", {}, self.sid)
print(logout_result, end=self.term)
def main():
debug = 1
#inputfile = sys.argv[1]
print("CheckPoint BulkAdd3 version 0.85")
parser = argparse.ArgumentParser(description='Bulk Add Script')
parser.add_argument("-f", required=True, help="name of csv file")
parser.add_argument("-y", required=False, help="yes to auto create groups")
args = parser.parse_args()
inputfile = args.f
if (debug == 1):
print(args.y)
#before we login to the mds ... make sure input file is good
if (csvisgood(inputfile) == False):
print("input CSV is malformed.")
exit(1)
ip_addr = input("enter IP of MDS : ")
ip_cma = input("enter IP of CMA : ")
user = input("enter P1 user id : ")
password = getpass.getpass('Enter P1 Password : '******'') as csvfile:
csvreader = csv.reader(csvfile, delimiter=',', quotechar='|')
for row in csvreader:
row_type = row[0]
row_data = row[1]
row_grp = row[2]
if (row_type == "hostname"):
row_name = row[3]
else:
row_name = ""
addobj = 1
if (debug == 1):
print(row_type, row_data, row_grp)
if (row_type == "service"):
#data should be in format of (service,<tcp/udp>,<number>)
if (row_data == "tcp"):
apifunctions.add_a_tcp_port(ip_addr, row_grp, sid)
if (row_data == "udp"):
apifunctions.add_a_udp_port(ip_addr, row_grp, sid)
elif (row_type == "group"):
# row_data will have group, row_grp will have group we want to add into
# add row_data group as a member to row_grp
movefwd = 1
if (apifunctions.group_exist(ip_addr, row_data, sid) == False):
if (args.y == 'y' or args.y == 'Y'):
toadd = "yes"
else:
print(
"Source Group does not exist. Do you want to create (yes/no). If you say No this line will be slipped ",
row_data)
toadd = input("(yes/no) : ")
if (toadd == "yes"):
apifunctions.add_a_group(ip_addr, row_data, sid)
else:
movefwd = 0
if (apifunctions.group_exist(ip_addr, row_grp, sid) == False):
if (args.y == 'y' or args.y == 'Y'):
toadd = "yes"
else:
print(
"Source Group does not exist. Do you want to create (yes/no). If you say No this line will be slipped ",
row_grp)
toadd = input("(yes/no) : ")
if (toadd == "yes"):
apifunctions.add_a_group(ip_addr, row_grp, sid)
else:
movefwd = 0
if (movefwd == 1):
#either both groups existed or we created both ... either way lets do this
apifunctions.add_group_to_group(ip_addr, row_data, row_grp,
sid)
# end elif group
else:
if (row_grp == "nogroup"):
## we're not going to place this in a group
if (row_type == "network"):
tmp = row_data.split('/')
apifunctions.add_a_network(
ip_addr, prefix + tmp[0], tmp[0],
apifunctions.calcDottedNetmask(int(tmp[1])), sid)
if (row_type == "host"):
apifunctions.add_a_host(ip_addr, prefix + row_data,
row_data, sid)
if (row_type == "hostname"):
apifunctions.add_a_host(ip_addr, row_name, row_data,
sid)
else:
## we doing some group stuff
if (apifunctions.group_exist(ip_addr, row_grp,
sid) == False):
if (args.y == 'y' or args.y == 'Y'):
toadd = "yes"
else:
print(
"Group in row does not exist do you want to create (yes/no) if you say no this line will be skipped ",
row_grp)
toadd = input("(yes / no) : ")
if (toadd == "yes"):
apifunctions.add_a_group(ip_addr, row_grp, sid)
else:
addobj = 0
if (addobj == 1):
#this is a valid group
if (row_type == "network"):
tmp = row_data.split('/')
apifunctions.add_a_network_with_group(
ip_addr, prefix + tmp[0], tmp[0],
apifunctions.calcDottedNetmask(int(tmp[1])),
row_grp, sid)
if (row_type == "host"):
apifunctions.add_a_host_with_group(
ip_addr, prefix + row_data, row_data, row_grp,
sid)
if (row_type == "hostname"):
apifunctions.add_a_host_with_group(
ip_addr, row_name, row_data, row_grp, sid)
#end if(grp = nogroup)
#end else --- network object
#end for row in csvreader
#end with open
### some times publish doesn't work and sits in dashboard
### publish
print("Start of Publish ... zzzzzz")
time.sleep(20)
publish_result = apifunctions.api_call(ip_addr, "publish", {}, sid)
print("publish results : " + json.dumps(publish_result))
time.sleep(20)
### logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if (debug == 1):
print(logout_result)
def main():
debug = 1
#create instance of Field Storage
form = cgi.FieldStorage()
cma = form.getvalue('cma')
if (cma == "192.168.159.155"):
policy = form.getvalue('adm5policy')
elif (cma == "192.168.159.151"):
policy = form.getvalue('adm1policy')
elif (cma == "192.168.159.156"):
policy = form.getvalue('adm6policy')
elif (cma == "192.168.159.161"):
policy = form.getvalue('adm11policy')
elif (cma == "192.168.159.167"):
policy = form.getvalue('adm17policy')
elif (cma == "192.168.159.158"):
policy = form.getvalue('adm8policy')
elif (cma == "192.168.159.160"):
policy = form.getvalue('adm10policy')
elif (cma == "192.168.159.162"):
policy = form.getvalue('adm12policy')
elif (cma == "192.168.159.163"):
policy = form.getvalue('adm13policy')
elif (cma == "192.168.159.164"):
policy = form.getvalue('adm14policy')
elif (cma == "192.168.159.169"):
policy = form.getvalue('adm19policy')
else:
policy = "none"
#policy5 = form.getvalue('adm5policy')
source = form.getvalue('sourceip')
dest = form.getvalue('destip')
port = form.getvalue('service')
## html header and config data dump
print("Content-type:text/html\r\n\r\n")
print("<html>")
print("<head>")
print("<title>Packet Mode</title>")
print("</head>")
print("<body>")
print("<br><br>")
print("Packet Mode 0.1<br><br>")
print("Values :")
print(cma)
print("<br>")
print(policy)
print("<br>")
print(source)
print("<br>")
print(dest)
print("<br>")
print(port)
print("<br>")
packet_mode_json = {
"name": policy,
"filter": "src:" + source + " AND dst:" + dest + " AND svc:" + port,
"filter-settings": {
"search-mode": "packet"
}
}
print(packet_mode_json)
print("<br>")
ip_addr = "192.168.159.150"
ip_cma = cma
user = "******"
password = "******"
if (cma == "--All--" or policy == "none" or policy == "0"):
print("you didn't select a cma or a policy")
print("------- end of program -------")
print("<br><br>")
print("</body>")
print("</html>")
exit(1)
sid = apifunctions.login(user, password, ip_addr, ip_cma)
if (debug == 1):
print("session id : " + sid)
print("<br>")
get_rulebase(ip_addr, packet_mode_json, sid)
# don't need to publish
time.sleep(20)
### logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if (debug == 1):
print(logout_result)
print("<br>")
print("------- end of program -------")
print("<br><br>")
print("</body>")
print("</html>")
def main():
debug = 1
#create instance of field storage
form = cgi.FieldStorage()
cma_base = form.getvalue('cma') #modified for test
userid = form.getvalue('user')
passwd = form.getvalue('password')
cma_map = {
'adm1': {
'cma': '192.168.159.151',
'mds': '192.168.159.150'
},
'adm2': {
'cma': '204.135.121.152',
'mds': '204.135.121.150'
},
'adm3': {
'cma': '204.135.121.153',
'mds': '204.135.121.150'
},
'adm5': {
'cma': '192.168.159.155',
'mds': '192.168.159.150'
},
'adm6': {
'cma': '204.135.121.156',
'mds': '204.135.121.150'
},
'adm7': {
'cma': '204.135.121.157',
'mds': '204.135.121.150'
},
'adm8': {
'cma': '204.135.121.158',
'mds': '204.135.121.150'
},
'adm10': {
'cma': '192.168.159.160',
'mds': '192.168.159.150'
},
'adm11': {
'cma': '192.168.159.161',
'mds': '192.168.159.150'
},
'adm12': {
'cma': '192.168.159.162',
'mds': '192.168.159.150'
},
'adm13': {
'cma': '192.168.159.163',
'mds': '192.168.159.150'
},
'adm14': {
'cma': '204.135.121.164',
'mds': '204.135.121.150'
},
'adm17': {
'cma': '192.168.159.167',
'mds': '192.168.159.150'
},
'adm19': {
'cma': '192.168.159.169',
'mds': '192.168.159.150'
},
'adm24': {
'cma': '204.135.121.174',
'mds': '204.135.121.150'
},
}
dcma_map = {
'adm25': {
'cma': '146.18.96.25',
'mds': '146.18.96.16'
},
'adm26': {
'cma': '146.18.96.26',
'mds': '146.18.96.16'
},
'adm27': {
'cma': '146.18.96.27',
'mds': '146.18.96.16'
},
}
mds_ip = cma_map[cma_base]['mds'] # mod to d
cma_ip = cma_map[cma_base]['cma'] # mod to d
## html header and config data dump
print("Content-type:text/html\r\n\r\n")
print("<html>")
print("<head>")
print("<title>Bulk Add Results</title>")
print("</head>")
print("<body>")
print("Bulk Add<br><br>")
print(cma_ip + "<br>")
print(cma_map[cma_base]) # mod to d
print("<br>")
sid = apifunctions.login(userid, passwd, mds_ip, cma_ip)
if (debug == 1):
print("session id : " + sid + "<br>")
group_to_use = form.getvalue('group')
objects_raw = form.getvalue('objects')
prefix = form.getvalue('prefix')
objects_s1 = str(objects_raw) # odd i know but ya got to
objects_s2 = objects_s1.split(' ')
objects_s3 = objects_s2[0].split()
objects_s4 = list() #used to get rid of white spaces
if (debug == 1):
#tmp
print("raw<br>")
print(objects_raw)
print("<br>")
print("s1<br>")
print(objects_s1)
print("<br>")
print("s2<br>")
print(objects_s2)
print("<br>")
print("s3<br>")
print(objects_s3)
print("<br><br>")
### 06.02.2020 s4 does not work
"""
print("-----------------------------------------------------<br>")
for ob in objects_s2:
print(ob)
print("---<br>")
ob = ob.strip()
print(ob)
if(ob == '\n' or ob == '\r' or ob == '\r\n'):
print("dropping char returns<br>")
elif(ob == ''):
print("removing spaces<br>")
else:
objects_s4.append(ob)
print("+++<br>")
print("-----------------------------------------------------<br>")
"""
#if(debug == 1):
# print("Group to add to<br>")
# print("-" + group_to_use + "-")
# print("<br>")
if (group_to_use == None):
print("no group to add<br>")
else:
#if something with the proposed group name exist. tell user (IN CAPS) and still create objects
group_to_use = group_to_use.strip()
if (apifunctions.name_exist(mds_ip, group_to_use, sid) == True):
#
# issue here .. if it exist but is a group ?
#
if (get_obj_type(mds_ip, group_to_use, sid) != "group"):
print(
"CAN'T ADD GROUP <br>OBJECT WITH THIS NAME ALREADY EXIST<br>MOVING FORWARD WITHOUT GROUP<br>"
)
group_to_use = None
else:
apifunctions.add_a_group(mds_ip, group_to_use, sid)
#if(group_to_use == "None"):
# print("no group to add <br>")
#else:
# apifunctions.add_a_group(mds_ip, group_to_use, sid)
## iterator for doing changes every 20 objects
iterator = 0
print("<br>")
print("Object Listing<br>")
for obj in objects_s3:
print(obj)
print("<br>")
obj_type = what_am_i(obj)
print("*****<br>")
print(obj_type)
print("<br>")
print("-----<br>")
if (obj_type == "host"):
add_host(obj, group_to_use, mds_ip, prefix, sid)
if (obj_type == "network"):
parts = obj.split('/')
add_network(parts[0], parts[1], group_to_use, mds_ip, prefix, sid)
iterator = iterator + 1
if (iterator == 20):
time.sleep(5)
tmp_publish_result = apifunctions.api_call(mds_ip, "publish", {},
sid)
print("peridoic publish result : " +
json.dumps(tmp_publish_result))
time.sleep(5)
iterator = 0
#print(objects_raw)
print("<br>Start of Publish ... zzzzzz")
time.sleep(5)
publish_result = apifunctions.api_call(mds_ip, "publish", {}, sid)
print("publish results : " + json.dumps(publish_result))
time.sleep(20)
### logout
logout_result = apifunctions.api_call(mds_ip, "logout", {}, sid)
if (debug == 1):
print(logout_result)
print("------- end of program -------")
print("<br><br>")
print("</body>")
print("</html>")
def main():
debug = 1
if (debug == 1):
print("packet mode search : version 0.3")
#parser = argparse.ArgumentParser(description='Policy Extractor')
#parser.add_argument("-m", required=True, help="MDS IP")
#parser.add_argument("-c", required=True, help="CMA IP")
#args = parser.parse_args()
ip_addr = "146.18.96.16" #args.m
ip_cma = "146.18.96.25" #args.c
user = "******"
password = "******"
sid = apifunctions.login(user, password, ip_addr, ip_cma)
if (debug == 1):
print("session id : " + sid)
"""
mgmt_cli -r true -d 146.18.96.25 show access-rulebase name "HubLab Network" filter
"src:146.18.2.137 AND dst:204.135.16.50 AND svc:443" filter-settings.search-mode packet
and does not equil AND the all cap's matter a LOT
"""
#packet_mode_json = {
# "name" : "SearchTest Network",
# "filter" : "src:146.18.2.137 AND dst:10.250.1.1 AND svc:443",
# "filter-settings" : {
# "search-mode" : "packet"
# }
#}
#object_dic = {}
policies_dic = {}
policies_dic = get_policies(ip_addr, sid)
if (debug == 1):
print("*****")
print(policies_dic)
print("*****")
for x in policies_dic:
print(str(x) + " : " + policies_dic[x])
policy = input("Select a number above : ")
source_ip = input("Enter Source IP : ")
dest_ip = input("Enter Dest IP : ")
dport = input("Enter Dest Port : ")
packet_mode_json = {
"name": policies_dic[int(policy)],
"filter":
"src:" + source_ip + " AND dst:" + dest_ip + " AND svc:" + dport,
"filter-settings": {
"search-mode": "packet"
}
}
if (debug == 1):
print(packet_mode_json)
get_rulebase(ip_addr, packet_mode_json, sid)
#get_rules(ip_addr, packet_mode_json, sid)
# don't need to publish
time.sleep(20)
### logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if (debug == 1):
print(logout_result)