def get_group_contents(grp,ip_addr,sid): show_group_json = {"name" : grp} if(apifunctions.group_exist(ip_addr,grp,sid) == False): #function does not exist so we should bail return check_group = apifunctions.api_call(ip_addr, "show-group", show_group_json, sid) #print(json.dumps(check_group)) grp_size = len(check_group['members']) # oh wow this worked. #print(grp_size) for x in range(grp_size): #print(check_group['members'][x]['name']) if(check_group['members'][x]['type'] == "host"): print(check_group['members'][x]['ipv4-address'] + "/32") elif(check_group['members'][x]['type'] == "network"): try: print(check_group['members'][x]['subnet4'] + "/" + str(check_group['members'][x]['mask-length4'])) except: print(check_group['members'][x]['subnet6'] + "/" + str(check_group['members'][x]['mask-length6'])) elif(check_group['members'][x]['type'] == "group"): get_group_contents(check_group['members'][x]['name'],ip_addr,sid) elif(check_group['members'][x]['type'] == "address-range"): #print(json.dumps(check_group['members'][x])) startip = check_group['members'][x]['ipv4-address-first'] endip = check_group['members'][x]['ipv4-address-last'] sparts = startip.split('.') eparts = endip.split('.') if((sparts[0] == eparts[0]) and (sparts[1] == eparts[1]) and (sparts[2] == eparts[2])): #we have a < /24 thing for i in range(int(sparts[3]), int(eparts[3])+1): print(sparts[0] + "." + sparts[1] + "." + sparts[2] + "." + str(i) + "/32") if((sparts[0] == eparts[0]) and (sparts[1] == eparts[1]) and (sparts[2] != eparts[2])): #we have a > 24 but < 16 start3 = int(sparts[2]) end3 = int(eparts[2]) start4 = int(sparts[3]) end4 = int(eparts[3]) for i in range(int(sparts[2]), int(eparts[2])+1): if(i == start3): #we're in the first 3rd octet we need to start and start4 and go through 255 for j in range(start4,256): print(sparts[0] + "." + sparts[1] + "." + str(i) + "." + str(j) + "/32") elif((i != start3) and (i != end3)): #in the middle print(sparts[0] + "." + sparts[1] + "." + str(i) + ".0/24") #for j in range(0,256): # print(sparts[0] + "." + sparts[1] + "." + str(i) + "." + str(j)+ "/32") elif((i != start3) and (i == end3)): #at the end for j in range(0,end4+1): print(sparts[0] + "." + sparts[1] + "." + str(i) + "." + str(j)+ "/32") else: print("hit else") if((sparts[0] == eparts[0]) and (sparts[1] != eparts[1])): #we have a > 16 but < 8 # if some one does this ... find them and distroy them start2 = int(sparts[1]) end2 = int(eparts[1]) start3 = int(sparts[2]) end3 = int(eparts[2]) start4 = int(sparts[3]) end4 = int(eparts[3]) for k in range(start2,end2+1): if(k == start2): #first 2nd octet for j in range(start3,256): #print(sparts[0] + "." + str(k) + "." + str(j) + ".") if(j == start3): #beginning for q in range(start4,256): print(sparts[0] + "." + str(k) + "." + str(j) + "." + str(q) + "/32") else: #do a /24 we're not at end print(sparts[0] + "." + str(k) + "." + str(j) + ".0/24") elif((k != start2) and (k != end2)): #middle 2nd octet #possible for /16 here **** print(sparts[0] + "." + str(k) + ".0.0/16") elif((k != start2) and (k == end2)): #at the end of the road for j in range(0,end3+1): if((j != start3) and (j != end3)): print(sparts[0] + "." + str(k) + "." + str(j) + ".0/24") else: for q in range(0,end4+1): print(sparts[0] + "." + str(k) + "." + str(j) + "." + str(q) + "/32") #end of elif(check_group['members'][x]['type'] == "address-range"): else: #unknown type of group content print(check_group['members'][x]['name']) print(check_group['members'][x]['type'])
def do_logout(self): time.sleep(10) logout_result = apifunctions.api_call(self.mds, "logout", {}, self.sid) print(logout_result, end=self.term)
def main(): debug = 1 #inputfile = sys.argv[1] print("CheckPoint BulkAdd3 version 0.85") parser = argparse.ArgumentParser(description='Bulk Add Script') parser.add_argument("-f", required=True, help="name of csv file") parser.add_argument("-y", required=False, help="yes to auto create groups") args = parser.parse_args() inputfile = args.f if (debug == 1): print(args.y) #before we login to the mds ... make sure input file is good if (csvisgood(inputfile) == False): print("input CSV is malformed.") exit(1) ip_addr = input("enter IP of MDS : ") ip_cma = input("enter IP of CMA : ") user = input("enter P1 user id : ") password = getpass.getpass('Enter P1 Password : '******'') as csvfile: csvreader = csv.reader(csvfile, delimiter=',', quotechar='|') for row in csvreader: row_type = row[0] row_data = row[1] row_grp = row[2] if (row_type == "hostname"): row_name = row[3] else: row_name = "" addobj = 1 if (debug == 1): print(row_type, row_data, row_grp) if (row_type == "service"): #data should be in format of (service,<tcp/udp>,<number>) if (row_data == "tcp"): apifunctions.add_a_tcp_port(ip_addr, row_grp, sid) if (row_data == "udp"): apifunctions.add_a_udp_port(ip_addr, row_grp, sid) elif (row_type == "group"): # row_data will have group, row_grp will have group we want to add into # add row_data group as a member to row_grp movefwd = 1 if (apifunctions.group_exist(ip_addr, row_data, sid) == False): if (args.y == 'y' or args.y == 'Y'): toadd = "yes" else: print( "Source Group does not exist. Do you want to create (yes/no). If you say No this line will be slipped ", row_data) toadd = input("(yes/no) : ") if (toadd == "yes"): apifunctions.add_a_group(ip_addr, row_data, sid) else: movefwd = 0 if (apifunctions.group_exist(ip_addr, row_grp, sid) == False): if (args.y == 'y' or args.y == 'Y'): toadd = "yes" else: print( "Source Group does not exist. Do you want to create (yes/no). If you say No this line will be slipped ", row_grp) toadd = input("(yes/no) : ") if (toadd == "yes"): apifunctions.add_a_group(ip_addr, row_grp, sid) else: movefwd = 0 if (movefwd == 1): #either both groups existed or we created both ... either way lets do this apifunctions.add_group_to_group(ip_addr, row_data, row_grp, sid) # end elif group else: if (row_grp == "nogroup"): ## we're not going to place this in a group if (row_type == "network"): tmp = row_data.split('/') apifunctions.add_a_network( ip_addr, prefix + tmp[0], tmp[0], apifunctions.calcDottedNetmask(int(tmp[1])), sid) if (row_type == "host"): apifunctions.add_a_host(ip_addr, prefix + row_data, row_data, sid) if (row_type == "hostname"): apifunctions.add_a_host(ip_addr, row_name, row_data, sid) else: ## we doing some group stuff if (apifunctions.group_exist(ip_addr, row_grp, sid) == False): if (args.y == 'y' or args.y == 'Y'): toadd = "yes" else: print( "Group in row does not exist do you want to create (yes/no) if you say no this line will be skipped ", row_grp) toadd = input("(yes / no) : ") if (toadd == "yes"): apifunctions.add_a_group(ip_addr, row_grp, sid) else: addobj = 0 if (addobj == 1): #this is a valid group if (row_type == "network"): tmp = row_data.split('/') apifunctions.add_a_network_with_group( ip_addr, prefix + tmp[0], tmp[0], apifunctions.calcDottedNetmask(int(tmp[1])), row_grp, sid) if (row_type == "host"): apifunctions.add_a_host_with_group( ip_addr, prefix + row_data, row_data, row_grp, sid) if (row_type == "hostname"): apifunctions.add_a_host_with_group( ip_addr, row_name, row_data, row_grp, sid) #end if(grp = nogroup) #end else --- network object #end for row in csvreader #end with open ### some times publish doesn't work and sits in dashboard ### publish print("Start of Publish ... zzzzzz") time.sleep(20) publish_result = apifunctions.api_call(ip_addr, "publish", {}, sid) print("publish results : " + json.dumps(publish_result)) time.sleep(20) ### logout logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid) if (debug == 1): print(logout_result)
def main(): debug = 1 #create instance of Field Storage form = cgi.FieldStorage() cma = form.getvalue('cma') if (cma == "192.168.159.155"): policy = form.getvalue('adm5policy') elif (cma == "192.168.159.151"): policy = form.getvalue('adm1policy') elif (cma == "192.168.159.156"): policy = form.getvalue('adm6policy') elif (cma == "192.168.159.161"): policy = form.getvalue('adm11policy') elif (cma == "192.168.159.167"): policy = form.getvalue('adm17policy') elif (cma == "192.168.159.158"): policy = form.getvalue('adm8policy') elif (cma == "192.168.159.160"): policy = form.getvalue('adm10policy') elif (cma == "192.168.159.162"): policy = form.getvalue('adm12policy') elif (cma == "192.168.159.163"): policy = form.getvalue('adm13policy') elif (cma == "192.168.159.164"): policy = form.getvalue('adm14policy') elif (cma == "192.168.159.169"): policy = form.getvalue('adm19policy') else: policy = "none" #policy5 = form.getvalue('adm5policy') source = form.getvalue('sourceip') dest = form.getvalue('destip') port = form.getvalue('service') ## html header and config data dump print("Content-type:text/html\r\n\r\n") print("<html>") print("<head>") print("<title>Packet Mode</title>") print("</head>") print("<body>") print("<br><br>") print("Packet Mode 0.1<br><br>") print("Values :") print(cma) print("<br>") print(policy) print("<br>") print(source) print("<br>") print(dest) print("<br>") print(port) print("<br>") packet_mode_json = { "name": policy, "filter": "src:" + source + " AND dst:" + dest + " AND svc:" + port, "filter-settings": { "search-mode": "packet" } } print(packet_mode_json) print("<br>") ip_addr = "192.168.159.150" ip_cma = cma user = "******" password = "******" if (cma == "--All--" or policy == "none" or policy == "0"): print("you didn't select a cma or a policy") print("------- end of program -------") print("<br><br>") print("</body>") print("</html>") exit(1) sid = apifunctions.login(user, password, ip_addr, ip_cma) if (debug == 1): print("session id : " + sid) print("<br>") get_rulebase(ip_addr, packet_mode_json, sid) # don't need to publish time.sleep(20) ### logout logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid) if (debug == 1): print(logout_result) print("<br>") print("------- end of program -------") print("<br><br>") print("</body>") print("</html>")
def main(): debug = 1 #create instance of field storage form = cgi.FieldStorage() cma_base = form.getvalue('cma') #modified for test userid = form.getvalue('user') passwd = form.getvalue('password') cma_map = { 'adm1': { 'cma': '192.168.159.151', 'mds': '192.168.159.150' }, 'adm2': { 'cma': '204.135.121.152', 'mds': '204.135.121.150' }, 'adm3': { 'cma': '204.135.121.153', 'mds': '204.135.121.150' }, 'adm5': { 'cma': '192.168.159.155', 'mds': '192.168.159.150' }, 'adm6': { 'cma': '204.135.121.156', 'mds': '204.135.121.150' }, 'adm7': { 'cma': '204.135.121.157', 'mds': '204.135.121.150' }, 'adm8': { 'cma': '204.135.121.158', 'mds': '204.135.121.150' }, 'adm10': { 'cma': '192.168.159.160', 'mds': '192.168.159.150' }, 'adm11': { 'cma': '192.168.159.161', 'mds': '192.168.159.150' }, 'adm12': { 'cma': '192.168.159.162', 'mds': '192.168.159.150' }, 'adm13': { 'cma': '192.168.159.163', 'mds': '192.168.159.150' }, 'adm14': { 'cma': '204.135.121.164', 'mds': '204.135.121.150' }, 'adm17': { 'cma': '192.168.159.167', 'mds': '192.168.159.150' }, 'adm19': { 'cma': '192.168.159.169', 'mds': '192.168.159.150' }, 'adm24': { 'cma': '204.135.121.174', 'mds': '204.135.121.150' }, } dcma_map = { 'adm25': { 'cma': '146.18.96.25', 'mds': '146.18.96.16' }, 'adm26': { 'cma': '146.18.96.26', 'mds': '146.18.96.16' }, 'adm27': { 'cma': '146.18.96.27', 'mds': '146.18.96.16' }, } mds_ip = cma_map[cma_base]['mds'] # mod to d cma_ip = cma_map[cma_base]['cma'] # mod to d ## html header and config data dump print("Content-type:text/html\r\n\r\n") print("<html>") print("<head>") print("<title>Bulk Add Results</title>") print("</head>") print("<body>") print("Bulk Add<br><br>") print(cma_ip + "<br>") print(cma_map[cma_base]) # mod to d print("<br>") sid = apifunctions.login(userid, passwd, mds_ip, cma_ip) if (debug == 1): print("session id : " + sid + "<br>") group_to_use = form.getvalue('group') objects_raw = form.getvalue('objects') prefix = form.getvalue('prefix') objects_s1 = str(objects_raw) # odd i know but ya got to objects_s2 = objects_s1.split(' ') objects_s3 = objects_s2[0].split() objects_s4 = list() #used to get rid of white spaces if (debug == 1): #tmp print("raw<br>") print(objects_raw) print("<br>") print("s1<br>") print(objects_s1) print("<br>") print("s2<br>") print(objects_s2) print("<br>") print("s3<br>") print(objects_s3) print("<br><br>") ### 06.02.2020 s4 does not work """ print("-----------------------------------------------------<br>") for ob in objects_s2: print(ob) print("---<br>") ob = ob.strip() print(ob) if(ob == '\n' or ob == '\r' or ob == '\r\n'): print("dropping char returns<br>") elif(ob == ''): print("removing spaces<br>") else: objects_s4.append(ob) print("+++<br>") print("-----------------------------------------------------<br>") """ #if(debug == 1): # print("Group to add to<br>") # print("-" + group_to_use + "-") # print("<br>") if (group_to_use == None): print("no group to add<br>") else: #if something with the proposed group name exist. tell user (IN CAPS) and still create objects group_to_use = group_to_use.strip() if (apifunctions.name_exist(mds_ip, group_to_use, sid) == True): # # issue here .. if it exist but is a group ? # if (get_obj_type(mds_ip, group_to_use, sid) != "group"): print( "CAN'T ADD GROUP <br>OBJECT WITH THIS NAME ALREADY EXIST<br>MOVING FORWARD WITHOUT GROUP<br>" ) group_to_use = None else: apifunctions.add_a_group(mds_ip, group_to_use, sid) #if(group_to_use == "None"): # print("no group to add <br>") #else: # apifunctions.add_a_group(mds_ip, group_to_use, sid) ## iterator for doing changes every 20 objects iterator = 0 print("<br>") print("Object Listing<br>") for obj in objects_s3: print(obj) print("<br>") obj_type = what_am_i(obj) print("*****<br>") print(obj_type) print("<br>") print("-----<br>") if (obj_type == "host"): add_host(obj, group_to_use, mds_ip, prefix, sid) if (obj_type == "network"): parts = obj.split('/') add_network(parts[0], parts[1], group_to_use, mds_ip, prefix, sid) iterator = iterator + 1 if (iterator == 20): time.sleep(5) tmp_publish_result = apifunctions.api_call(mds_ip, "publish", {}, sid) print("peridoic publish result : " + json.dumps(tmp_publish_result)) time.sleep(5) iterator = 0 #print(objects_raw) print("<br>Start of Publish ... zzzzzz") time.sleep(5) publish_result = apifunctions.api_call(mds_ip, "publish", {}, sid) print("publish results : " + json.dumps(publish_result)) time.sleep(20) ### logout logout_result = apifunctions.api_call(mds_ip, "logout", {}, sid) if (debug == 1): print(logout_result) print("------- end of program -------") print("<br><br>") print("</body>") print("</html>")
def main(): debug = 1 if (debug == 1): print("packet mode search : version 0.3") #parser = argparse.ArgumentParser(description='Policy Extractor') #parser.add_argument("-m", required=True, help="MDS IP") #parser.add_argument("-c", required=True, help="CMA IP") #args = parser.parse_args() ip_addr = "146.18.96.16" #args.m ip_cma = "146.18.96.25" #args.c user = "******" password = "******" sid = apifunctions.login(user, password, ip_addr, ip_cma) if (debug == 1): print("session id : " + sid) """ mgmt_cli -r true -d 146.18.96.25 show access-rulebase name "HubLab Network" filter "src:146.18.2.137 AND dst:204.135.16.50 AND svc:443" filter-settings.search-mode packet and does not equil AND the all cap's matter a LOT """ #packet_mode_json = { # "name" : "SearchTest Network", # "filter" : "src:146.18.2.137 AND dst:10.250.1.1 AND svc:443", # "filter-settings" : { # "search-mode" : "packet" # } #} #object_dic = {} policies_dic = {} policies_dic = get_policies(ip_addr, sid) if (debug == 1): print("*****") print(policies_dic) print("*****") for x in policies_dic: print(str(x) + " : " + policies_dic[x]) policy = input("Select a number above : ") source_ip = input("Enter Source IP : ") dest_ip = input("Enter Dest IP : ") dport = input("Enter Dest Port : ") packet_mode_json = { "name": policies_dic[int(policy)], "filter": "src:" + source_ip + " AND dst:" + dest_ip + " AND svc:" + dport, "filter-settings": { "search-mode": "packet" } } if (debug == 1): print(packet_mode_json) get_rulebase(ip_addr, packet_mode_json, sid) #get_rules(ip_addr, packet_mode_json, sid) # don't need to publish time.sleep(20) ### logout logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid) if (debug == 1): print(logout_result)