def _login(self, params): valid = False if params.get("username") and params.get("hash") and params.get( "nonce"): if params.get("nonce") not in DISPOSED_NONCES: DISPOSED_NONCES.add(params.get("nonce")) for entry in (config.USERS or []): entry = re.sub(r"\s", "", entry) username, stored_hash, uid, netfilter = entry.split( ':') if username == params.get("username"): try: if params.get("hash") == hashlib.sha256( stored_hash.strip() + params.get("nonce")).hexdigest(): valid = True break except: if config.SHOW_DEBUG: traceback.print_exc() if valid: session_id = os.urandom(SESSION_ID_LENGTH).encode("hex") expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS self.send_response(httplib.OK) self.send_header(HTTP_HEADER.CONNECTION, "close") self.send_header( HTTP_HEADER.SET_COOKIE, "%s=%s; expires=%s; path=/; HttpOnly" % (SESSION_COOKIE_NAME, session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration)))) if netfilter in ("", "0.0.0.0/0"): netfilters = None else: addresses = set() netmasks = set() for item in set(re.split(r"[;,]", netfilter)): item = item.strip() if '/' in item: _ = item.split('/')[-1] if _.isdigit() and int(_) >= 16: lower = addr_to_int(item.split('/')[0]) mask = make_mask(int(_)) upper = lower | (0xffffffff ^ mask) while lower <= upper: addresses.add(int_to_addr(lower)) lower += 1 else: netmasks.add(item) elif '-' in item: _ = item.split('-') lower, upper = addr_to_int(_[0]), addr_to_int(_[1]) while lower <= upper: addresses.add(int_to_addr(lower)) lower += 1 elif re.search(r"\d+\.\d+\.\d+\.\d+", item): addresses.add(item) netfilters = netmasks if addresses: netfilters.add(get_regex(addresses)) SESSIONS[session_id] = AttribDict({ "username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration, "client_ip": self.client_address[0] }) else: time.sleep(UNAUTHORIZED_SLEEP_TIME) self.send_response(httplib.UNAUTHORIZED) self.send_header(HTTP_HEADER.CONNECTION, "close") self.send_header(HTTP_HEADER.CONTENT_TYPE, "text/plain") content = "Login %s" % ("success" if valid else "failed") if not subprocess.mswindows: try: subprocess.check_output( "logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\"" % (NAME.lower(), os.getpid(), "Accepted" if valid else "Failed", params.get("username"), self.client_address[0], self.client_address[1]), stderr=subprocess.STDOUT, shell=True) except Exception: if config.SHOW_DEBUG: traceback.print_exc() return content
from core.settings import trails from core.settings import VERSION from core.settings import WHITELIST from core.settings import WHITELIST_LONG_DOMAIN_NAME_KEYWORDS from core.settings import WHITELIST_HTTP_REQUEST_KEYWORDS from core.settings import WHITELIST_UA_KEYWORDS from core.update import update_ipcat from core.update import update_trails _buffer = None _caps = [] _connect_sec = 0 _connect_src_dst = {} _connect_src_details = {} _count = 0 _locks = AttribDict() _multiprocessing = None _n = None _result_cache = {} try: import pcapy except ImportError: if subprocess.mswindows: exit( "[!] please install 'WinPcap' (e.g. 'http://www.winpcap.org/install/') and Pcapy (e.g. 'https://breakingcode.wordpress.com/?s=pcapy')" ) else: msg, _ = "[!] please install 'Pcapy'", platform.linux_distribution( )[0].lower() for distro, install in {
9: 4, 10: 21, 117: 48, 18: 4, 12 if sys.platform.find('openbsd') != -1 else 108: 4, 14 if sys.platform.find('openbsd') != -1 else 12: 0, 113: 16 } try: import multiprocessing CPU_CORES = multiprocessing.cpu_count() except ImportError: CPU_CORES = 1 config = AttribDict({"TRAILS_FILE": DEFAULT_TRAILS_FILE}) trails = TrailsDict() def _get_total_physmem(): retval = None try: if IS_WIN: import ctypes kernel32 = ctypes.windll.kernel32 c_ulong = ctypes.c_ulong class MEMORYSTATUS(ctypes.Structure): _fields_ = [('dwLength', c_ulong), ('dwMemoryLoad', c_ulong),
import os import re import socket import stat import string import subprocess import sys import urllib import urllib2 from core.addr import addr_to_int from core.addr import make_mask from core.attribdict import AttribDict from core.trailsdict import TrailsDict config = AttribDict() trails = TrailsDict() NAME = "Maltrail" VERSION = "0.10.161" SERVER_HEADER = "%s/%s" % (NAME, VERSION) DATE_FORMAT = "%Y-%m-%d" ROTATING_CHARS = ('\\', '|', '|', '/', '-') TIMEOUT = 30 FRESH_IPCAT_DELTA_DAYS = 10 USERS_DIR = os.path.join(os.path.expanduser("~"), ".%s" % NAME.lower()) TRAILS_FILE = os.path.join(USERS_DIR, "trails.csv") IPCAT_CSV_FILE = os.path.join(USERS_DIR, "ipcat.csv") IPCAT_SQLITE_FILE = os.path.join(USERS_DIR, "ipcat.sqlite") IPCAT_URL = "https://raw.githubusercontent.com/client9/ipcat/master/datacenters.csv" CHECK_CONNECTION_URL = "https://www.github.com"