예제 #1
0
파일: interface.py 프로젝트: Xyntax/Drystan
 def _hydraCommand(src, port):
     command = "hydra -q -f -en -M " + src + " -L " + paths.USR_LIST + " -P " + paths.PWD_LIST + " " + str(port)
     logger.log(CUSTOM_LOGGING.SYSINFO, "Execute Command: " + command)
     try:
         os.system(command)
     except KeyboardInterrupt:
         return
예제 #2
0
def classify_eve(flow_list):
    flow_dict = {}
    result = {}
    for flow in flow_list:
        try:
            signature_id = str(flow["alert"]["signature_id"])
            if signature_id in rule_key:
                if rule_key[signature_id] not in flow_dict:
                    flow_dict[rule_key[signature_id]] = []
                flow_dict[rule_key[signature_id]].append(flow)
            # 漏洞规则告警
            elif flow["alert"]["signature_id"] > 2019010101 and flow["alert"]["signature_id"] < 2020121212:
                if "alert" not in flow_dict:
                    flow_dict["alert"] = []
                flow_dict["alert"].append(flow)
            # 服务告警规则
            elif flow["alert"]["signature_id"] > 1019010101 and flow["alert"]["signature_id"] < 1020121212:
                if "service" not in flow_dict:
                    flow_dict["service"] = []
                flow_dict["service"].append(flow)
        except:
            logger.log(CUSTOM_LOGGING.ERROR, "classify failed")
    for key in flow_dict:
        result[key] = merge_flow(flow_dict[key], key)
    return result
예제 #3
0
 def _hydraCommand(src, port):
     command = 'hydra -q -f -en -M ' + src + ' -L ' + paths.USR_LIST + ' -P ' + paths.PWD_LIST + ' ' + str(
         port)
     logger.log(CUSTOM_LOGGING.SYSINFO, 'Execute Command: ' + command)
     try:
         os.system(command)
     except KeyboardInterrupt:
         return
예제 #4
0
파일: common.py 프로젝트: Xyntax/Drystan
def initOptions():
    checkRoot()
    conf.AUTO = False
    if 'auto' in sys.argv:
        conf.AUTO = True
        logger.log(CUSTOM_LOGGING.SYSINFO, 'Start auto mode~')
    setTarget()
    setPaths()
예제 #5
0
파일: common.py 프로젝트: Xyntax/Drystan
def searchHTTP():
    logger.log(CUSTOM_LOGGING.SUCCESS, '===== Searching IP and ports on HTTP protocol =====')
    f = open(paths.HTTP, 'w')
    ans = checkFolderHTTP(paths.PORT_PATH)
    for each in ans:
        f.write(each + '\n')
    f.close()
    logger.log(CUSTOM_LOGGING.SYSINFO, 'Total: ' + str(len(ans)))
예제 #6
0
def initOptions():
    checkRoot()
    conf.AUTO = False
    if 'auto' in sys.argv:
        conf.AUTO = True
        logger.log(CUSTOM_LOGGING.SYSINFO, 'Start auto mode~')
    setTarget()
    setPaths()
예제 #7
0
파일: interface.py 프로젝트: Xyntax/Drystan
def BBScan():
    os.chdir(os.path.join(paths.ROOT_PATH, "BBScan"))
    command = "python BBScan.py -f " + paths.HTTP + " --browser"
    os.system(command)
    res_file = os.path.join(paths.ROOT_PATH, "BBScan/report/*.html")
    tar_file = os.path.join(paths.OUTPUT_PATH, "BBScan_res.html")
    os.system("mv %s %s" % (res_file, tar_file))
    os.chdir(paths.ROOT_PATH)
    logger.log(CUSTOM_LOGGING.SYSINFO, "reports file moved to %s." % tar_file)
예제 #8
0
파일: common.py 프로젝트: Xyntax/Drystan
 def tmp(*args, **kargs):
     logger.log(CUSTOM_LOGGING.SUCCESS, '===== Start %s =====' % func.__name__)
     try:
         if not conf.AUTO:
             raw_input(' >>> Press [Enter] to Continue, or [Ctrl-C] to skip current func.')
         return func(*args, **kargs)
     except KeyboardInterrupt:
         print ''  # it's a trick :)
         return
예제 #9
0
def BBScan():
    os.chdir(os.path.join(paths.ROOT_PATH, 'BBScan'))
    command = 'python BBScan.py -f ' + paths.HTTP + ' --browser'
    os.system(command)
    res_file = os.path.join(paths.ROOT_PATH, 'BBScan/report/*.html')
    tar_file = os.path.join(paths.OUTPUT_PATH, 'BBScan_res.html')
    os.system('mv %s %s' % (res_file, tar_file))
    os.chdir(paths.ROOT_PATH)
    logger.log(CUSTOM_LOGGING.SYSINFO, 'reports file moved to %s.' % tar_file)
예제 #10
0
파일: common.py 프로젝트: Xyntax/Drystan
 def extract(name):
     _ans = set()
     path = os.path.join(paths.OUTPUT_PATH, name)
     if os.path.isfile(path):
         logger.log(CUSTOM_LOGGING.SYSINFO, 'Extracting IPs from ' + name)
         for each in getIP(open(path, 'r').read(), True, True):
             _ans.add(each)
         logger.log(CUSTOM_LOGGING.SYSINFO, 'Total: ' + str(len(_ans)))
     return _ans
예제 #11
0
def searchHTTP():
    logger.log(CUSTOM_LOGGING.SUCCESS,
               '===== Searching IP and ports on HTTP protocol =====')
    f = open(paths.HTTP, 'w')
    ans = checkFolderHTTP(paths.PORT_PATH)
    for each in ans:
        f.write(each + '\n')
    f.close()
    logger.log(CUSTOM_LOGGING.SYSINFO, 'Total: ' + str(len(ans)))
예제 #12
0
 def extract(name):
     _ans = set()
     path = os.path.join(paths.OUTPUT_PATH, name)
     if os.path.isfile(path):
         logger.log(CUSTOM_LOGGING.SYSINFO, 'Extracting IPs from ' + name)
         for each in getIP(open(path, 'r').read(), True, True):
             _ans.add(each)
         logger.log(CUSTOM_LOGGING.SYSINFO, 'Total: ' + str(len(_ans)))
     return _ans
예제 #13
0
def SubDomainBrute():
    path = os.path.join(paths.ROOT_PATH, 'subDomainsBrute')
    os.chdir(path)
    command = 'python subDomainsBrute.py -t 50 ' + conf.TARGET + ' -o ' + os.path.join(
        paths.OUTPUT_PATH, 'subDomain.txt')
    logger.log(CUSTOM_LOGGING.SUCCESS, 'Execute Command: ' + command)
    os.system(command)
    os.chdir(paths.ROOT_PATH)
    print ''  # it's a joke
예제 #14
0
파일: interface.py 프로젝트: Xyntax/Drystan
def SubDomainBrute():
    path = os.path.join(paths.ROOT_PATH, "subDomainsBrute")
    os.chdir(path)
    command = (
        "python subDomainsBrute.py -t 50 " + conf.TARGET + " -o " + os.path.join(paths.OUTPUT_PATH, "subDomain.txt")
    )
    logger.log(CUSTOM_LOGGING.SUCCESS, "Execute Command: " + command)
    os.system(command)
    os.chdir(paths.ROOT_PATH)
    print ""  # it's a joke
예제 #15
0
파일: checkhttp.py 프로젝트: Xyntax/Drystan
def checkFolderHTTP(path):
    logger.log(CUSTOM_LOGGING.SUCCESS, 'Entry folder: ' + path)
    ans = []
    for each in os.listdir(path):
        if each.startswith('.') or each.startswith('~'):
            continue
        file = os.path.join(path, each)
        if os.path.isfile(file):
            ans.extend(checkFileHTTP(file, each))
    return ans
예제 #16
0
파일: checkhttp.py 프로젝트: Xyntax/Drystan
def checkFileHTTP(path, port):
    port = str(port)
    logger.log(CUSTOM_LOGGING.SUCCESS, 'Checking port: ' + port)
    ans = []
    for each in open(path):
        url = checkHTTP(each.strip(), port)
        if url:
            if url.endswith(':80'):
                url = url.replace(':80', '')
            ans.append(url)
    return ans
예제 #17
0
 def tmp(*args, **kargs):
     logger.log(CUSTOM_LOGGING.SUCCESS,
                '===== Start %s =====' % func.__name__)
     try:
         if not conf.AUTO:
             raw_input(
                 ' >>> Press [Enter] to Continue, or [Ctrl-C] to skip current func.'
             )
         return func(*args, **kargs)
     except KeyboardInterrupt:
         print ''  # it's a trick :)
         return
예제 #18
0
파일: interface.py 프로젝트: Xyntax/Drystan
def WebSOC():
    if conf.MODE is TARGET_MODE.DOMAIN:
        projectName = conf.TARGET + "-sub-"
    else:
        projectName = conf.TARGET + "-C-"
    if conf.has_key("EXIST_WEB_PORTS"):
        os.chdir(os.path.join(paths.ROOT_PATH, "websoc-cli"))
        for each in conf.EXIST_WEB_PORTS:
            os.system("python websoc-cli.py %s %s" % (projectName + each, os.path.join(paths.PORT_PATH, str(each))))
    else:
        logger.log(CUSTOM_LOGGING.SYSINFO, " (websoc) No web application found, skip.")
    os.chdir(paths.ROOT_PATH)
예제 #19
0
def upload_eve():
    client_addr = request.remote_addr
    filename = request.files['clientfile'].filename
    filecontent = request.files['clientfile'].readlines()
    deal_eve_content(filecontent)
    logger.log(
        CUSTOM_LOGGING.SUCCESS,
        "客户端{client_addr},提交日志{filename}, 告警日志{allow_num}条".format(
            client_addr=client_addr,
            filename=filename,
            allow_num=len(filecontent)))
    return "upload sucess"
예제 #20
0
파일: common.py 프로젝트: Xyntax/Drystan
 def tmp(*args, **kargs):
     logger.log(CUSTOM_LOGGING.SUCCESS, '===== Exploiting: %s =====' % func.__name__)
     try:
         if not conf.AUTO:
             raw_input(' >>> Press [Enter] to Continue, or [Ctrl-C] to skip current func.')
         ans = func(*args, **kargs)
         # f = open(os.path.join(paths.OUTPUT_PATH, 'portScan_res.txt'), 'w')
         # f.write(ans)
         # f.close()
         return ans
     except KeyboardInterrupt:
         print ''  # it's a trick :)
         return
예제 #21
0
def Sublist3r():
    base_command = 'python ' + os.path.join(
        paths.ROOT_PATH, 'Sublist3r/sublist3r.py'
    ) + ' -d ' + conf.TARGET + ' -o ' + os.path.join(paths.OUTPUT_PATH,
                                                     'sublist3r.txt')

    input_command = 'y' if conf.AUTO else raw_input(
        ' > enable proxychains?[y/N]')
    if input_command in ['Y', 'y']:
        command = 'proxychains ' + base_command
    else:
        command = base_command
    logger.log(CUSTOM_LOGGING.SUCCESS, 'Execute Command: ' + command)
    os.system(command)
예제 #22
0
def WebSOC():
    if conf.MODE is TARGET_MODE.DOMAIN:
        projectName = conf.TARGET + '-sub-'
    else:
        projectName = conf.TARGET + '-C-'
    if conf.has_key('EXIST_WEB_PORTS'):
        os.chdir(os.path.join(paths.ROOT_PATH, 'websoc-cli'))
        for each in conf.EXIST_WEB_PORTS:
            os.system(
                'python websoc-cli.py %s %s' %
                (projectName + each, os.path.join(paths.PORT_PATH, str(each))))
    else:
        logger.log(CUSTOM_LOGGING.SYSINFO,
                   ' (websoc) No web application found, skip.')
    os.chdir(paths.ROOT_PATH)
예제 #23
0
 def tmp(*args, **kargs):
     logger.log(CUSTOM_LOGGING.SUCCESS,
                '===== Exploiting: %s =====' % func.__name__)
     try:
         if not conf.AUTO:
             raw_input(
                 ' >>> Press [Enter] to Continue, or [Ctrl-C] to skip current func.'
             )
         ans = func(*args, **kargs)
         # f = open(os.path.join(paths.OUTPUT_PATH, 'portScan_res.txt'), 'w')
         # f.write(ans)
         # f.close()
         return ans
     except KeyboardInterrupt:
         print ''  # it's a trick :)
         return
예제 #24
0
파일: interface.py 프로젝트: Xyntax/Drystan
def Sublist3r():
    base_command = (
        "python "
        + os.path.join(paths.ROOT_PATH, "Sublist3r/sublist3r.py")
        + " -d "
        + conf.TARGET
        + " -o "
        + os.path.join(paths.OUTPUT_PATH, "sublist3r.txt")
    )

    input_command = "y" if conf.AUTO else raw_input(" > enable proxychains?[y/N]")
    if input_command in ["Y", "y"]:
        command = "proxychains " + base_command
    else:
        command = base_command
    logger.log(CUSTOM_LOGGING.SUCCESS, "Execute Command: " + command)
    os.system(command)
예제 #25
0
파일: interface.py 프로젝트: Xyntax/Drystan
def Hydra():
    flag = False  # f**k the for-else

    def _hydraCommand(src, port):
        command = "hydra -q -f -en -M " + src + " -L " + paths.USR_LIST + " -P " + paths.PWD_LIST + " " + str(port)
        logger.log(CUSTOM_LOGGING.SYSINFO, "Execute Command: " + command)
        try:
            os.system(command)
        except KeyboardInterrupt:
            return

    for port, v in brutePort.items():
        fpath = os.path.join(paths.PORT_PATH, port)
        if os.path.isfile(fpath):
            flag = True
            logger.log(CUSTOM_LOGGING.SUCCESS, "Targets brute on service: " + v)
            _hydraCommand(fpath, v)
    if not flag:
        logger.log(CUSTOM_LOGGING.SYSINFO, " (hydra) No available ports for brute, skip.")
예제 #26
0
파일: checkhttp.py 프로젝트: Xyntax/Drystan
def checkHTTP(url, port=0):
    if '://' not in url:
        url = 'http://' + url
    if port:
        port = str(port)
        l = url.split(':')
        if len(l) is 2:
            url = url + ':' + port
        if len(l) is 3:
            l[-1] = port
            url = ':'.join(l)

    try:
        get(url, timeout=5,
            headers={'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0'})
    except exceptions.ConnectionError:
        return False
    logger.log(CUSTOM_LOGGING.SYSINFO, 'HTTP protocol found: ' + url)
    return url
예제 #27
0
def Hydra():
    flag = False  # f**k the for-else

    def _hydraCommand(src, port):
        command = 'hydra -q -f -en -M ' + src + ' -L ' + paths.USR_LIST + ' -P ' + paths.PWD_LIST + ' ' + str(
            port)
        logger.log(CUSTOM_LOGGING.SYSINFO, 'Execute Command: ' + command)
        try:
            os.system(command)
        except KeyboardInterrupt:
            return

    for port, v in brutePort.items():
        fpath = os.path.join(paths.PORT_PATH, port)
        if os.path.isfile(fpath):
            flag = True
            logger.log(CUSTOM_LOGGING.SUCCESS,
                       'Targets brute on service: ' + v)
            _hydraCommand(fpath, v)
    if not flag:
        logger.log(CUSTOM_LOGGING.SYSINFO,
                   ' (hydra) No available ports for brute, skip.')
예제 #28
0
def getIPs():
    def extract(name):
        _ans = set()
        path = os.path.join(paths.OUTPUT_PATH, name)
        if os.path.isfile(path):
            logger.log(CUSTOM_LOGGING.SYSINFO, 'Extracting IPs from ' + name)
            for each in getIP(open(path, 'r').read(), True, True):
                _ans.add(each)
            logger.log(CUSTOM_LOGGING.SYSINFO, 'Total: ' + str(len(_ans)))
        return _ans

    logger.log(CUSTOM_LOGGING.SUCCESS,
               '===== extract IP from subDomains =====')
    ans = set()
    ans |= extract('subDomain.txt')
    ans |= extract('DNS-zoneTransfer.txt')
    ans |= extract('theHarvester.html')

    # TODO  oh, f**k this func!
    path1 = os.path.join(paths.OUTPUT_PATH, 'sublist3r.txt')
    if os.path.isfile(path1):
        __ans = set()
        logger.log(CUSTOM_LOGGING.SYSINFO, 'Extracting IPs from sublist3r.txt')
        for each in open(path1).readlines():
            p = subprocess.Popen('nslookup ' + each.strip(),
                                 shell=True,
                                 stdout=subprocess.PIPE,
                                 stderr=subprocess.STDOUT)
            c = p.stdout.read()
            for ip in getIP(c, True, True):
                __ans.add(ip)
        logger.log(CUSTOM_LOGGING.SYSINFO, 'Total: ' + str(len(__ans)))
        ans |= __ans

    f = open(paths.IP_PATH, 'w')
    for each in ans:
        f.write(each + '\n')
    f.close()
    logger.log(CUSTOM_LOGGING.SYSINFO, 'Unique IP found: ' + str(len(ans)))
예제 #29
0
파일: common.py 프로젝트: Xyntax/Drystan
def getIPs():
    def extract(name):
        _ans = set()
        path = os.path.join(paths.OUTPUT_PATH, name)
        if os.path.isfile(path):
            logger.log(CUSTOM_LOGGING.SYSINFO, 'Extracting IPs from ' + name)
            for each in getIP(open(path, 'r').read(), True, True):
                _ans.add(each)
            logger.log(CUSTOM_LOGGING.SYSINFO, 'Total: ' + str(len(_ans)))
        return _ans

    logger.log(CUSTOM_LOGGING.SUCCESS, '===== extract IP from subDomains =====')
    ans = set()
    ans |= extract('subDomain.txt')
    ans |= extract('DNS-zoneTransfer.txt')
    ans |= extract('theHarvester.html')

    # TODO  oh, f**k this func!
    path1 = os.path.join(paths.OUTPUT_PATH, 'sublist3r.txt')
    if os.path.isfile(path1):
        __ans = set()
        logger.log(CUSTOM_LOGGING.SYSINFO, 'Extracting IPs from sublist3r.txt')
        for each in open(path1).readlines():
            p = subprocess.Popen('nslookup ' + each.strip(), shell=True, stdout=subprocess.PIPE,
                                 stderr=subprocess.STDOUT)
            c = p.stdout.read()
            for ip in getIP(c, True, True):
                __ans.add(ip)
        logger.log(CUSTOM_LOGGING.SYSINFO, 'Total: ' + str(len(__ans)))
        ans |= __ans

    f = open(paths.IP_PATH, 'w')
    for each in ans:
        f.write(each + '\n')
    f.close()
    logger.log(CUSTOM_LOGGING.SYSINFO, 'Unique IP found: ' + str(len(ans)))
예제 #30
0
파일: common.py 프로젝트: Xyntax/Drystan
def sortNmapXML():
    logger.log(CUSTOM_LOGGING.SUCCESS, '===== sort nmap results =====')

    def _getWebPorts(port_list=webPort):
        l = []
        for each in port_list:
            if os.path.isfile(os.path.join(paths.PORT_PATH, str(each))):
                l.append(str(each))
        return l

    if not os.path.isfile(paths.TCP):
        logger.log(CUSTOM_LOGGING.WARNING, 'nmap result not found, skip.')
        return
    d = xml2port(open(paths.TCP).read())
    for key, value in d.items():
        f = open(os.path.join(paths.PORT_PATH, str(key)), 'w')
        for each in value:
            f.write(each + '\n')
        f.close()
    conf.EXIST_WEB_PORTS = _getWebPorts()
    logger.log(CUSTOM_LOGGING.SYSINFO, 'Different port found: %d' % len(d))
예제 #31
0
def sortNmapXML():
    logger.log(CUSTOM_LOGGING.SUCCESS, '===== sort nmap results =====')

    def _getWebPorts(port_list=webPort):
        l = []
        for each in port_list:
            if os.path.isfile(os.path.join(paths.PORT_PATH, str(each))):
                l.append(str(each))
        return l

    if not os.path.isfile(paths.TCP):
        logger.log(CUSTOM_LOGGING.WARNING, 'nmap result not found, skip.')
        return
    d = xml2port(open(paths.TCP).read())
    for key, value in d.items():
        f = open(os.path.join(paths.PORT_PATH, str(key)), 'w')
        for each in value:
            f.write(each + '\n')
        f.close()
    conf.EXIST_WEB_PORTS = _getWebPorts()
    logger.log(CUSTOM_LOGGING.SYSINFO, 'Different port found: %d' % len(d))
예제 #32
0
def merge_flow(flow_list, type):
    result = []
    if type == "dns":
        for dns_flow in flow_list:
            try:
                dns_query_dict = {}
                dns_query_dict["flow_id"] = dns_flow["flow_id"]
                dns_query_dict["time"] = dns_flow["timestamp"]
                dns_query_dict["src_ip"] = dns_flow["src_ip"]
                dns_query_dict["src_port"] = dns_flow["src_port"]
                dns_query_dict["dest_ip"] = dns_flow["dest_ip"]
                dns_query_dict["dest_port"] = dns_flow["dest_port"]
                rrname_list = []
                for query in dns_flow["dns"]["query"]:
                    if "rrname" in query:
                        rrname_list.append(query["rrname"])
                dns_query_dict["rrname"] = rrname_list
                result.append(dns_query_dict)
            except:
                logger.log(CUSTOM_LOGGING.ERROR, "dns_merge_error")

    elif type == "http":
        for http_flow in flow_list:
            try:
                http_request_dict = {}
                http_request_dict["flow_id"] = http_flow["flow_id"]
                http_request_dict["time"] = http_flow["timestamp"]
                http_request_dict["src_ip"] = http_flow["src_ip"]
                http_request_dict["src_port"] = http_flow["src_port"]
                http_request_dict["dest_ip"] = http_flow["dest_ip"]
                http_request_dict["dest_port"] = http_flow["dest_port"]
                http_request_dict["hostname"] = http_flow["http"]["hostname"]
                http_request_dict["uri"] = http_flow["http"]["url"]
                http_request_dict["method"] = http_flow["http"]["http_method"]
                result.append(http_request_dict)
            except:
                logger.log(CUSTOM_LOGGING.ERROR, "http_merge_error")

    elif type == "tcp":
        for tcp_flow in flow_list:
            try:
                tcp_req_dict = {}
                tcp_req_dict["flow_id"] = tcp_flow["flow_id"]
                tcp_req_dict["time"] = tcp_flow["timestamp"]
                tcp_req_dict["src_ip"] = tcp_flow["src_ip"]
                tcp_req_dict["src_port"] = tcp_flow["src_port"]
                tcp_req_dict["dest_ip"] = tcp_flow["dest_ip"]
                tcp_req_dict["dest_port"] = tcp_flow["dest_port"]
                result.append(tcp_req_dict)
            except:
                logger.log(CUSTOM_LOGGING.ERROR, "tcp_merge_error")

    elif type == "udp":
        flow_id = []
        for udp_flow in flow_list:
            try:
                udp_dict = {}
                if udp_flow["flow_id"] not in flow_id:
                    udp_dict["flow_id"] = udp_flow["flow_id"]
                    udp_dict["time"] = udp_flow["timestamp"]
                    udp_dict["src_ip"] = udp_flow["src_ip"]
                    udp_dict["src_port"] = udp_flow["src_port"]
                    udp_dict["dest_ip"] = udp_flow["dest_ip"]
                    udp_dict["dest_port"] = udp_flow["dest_port"]
                    flow_id.append(udp_flow["flow_id"])
                    result.append(udp_dict)
            except:
                logger.log(CUSTOM_LOGGING.ERROR, "udp_merge_error")

    elif type == "smb":
        flow_id = []
        for smb_flow in flow_list:
            try:
                smb_dict = {}
                if smb_flow["flow_id"] not in flow_id:
                    smb_dict["flow_id"] = smb_flow["flow_id"]
                    smb_dict["time"] = smb_flow["timestamp"]
                    smb_dict["src_ip"] = smb_flow["src_ip"]
                    smb_dict["src_port"] = smb_flow["src_port"]
                    smb_dict["dest_ip"] = smb_flow["dest_ip"]
                    smb_dict["dest_port"] = smb_flow["dest_port"]
                    flow_id.append(smb_flow["flow_id"])
                    result.append(smb_dict)
            except:
                logger.log(CUSTOM_LOGGING.ERROR, "smb_merge_error")

    elif type == "tls":
        flow_id = []
        for tls_flow in flow_list:
            try:
                tls_dict = {}
                if tls_flow["flow_id"] not in flow_id:
                    tls_dict["flow_id"] = tls_flow["flow_id"]
                    tls_dict["time"] = tls_flow["timestamp"]
                    tls_dict["src_ip"] = tls_flow["src_ip"]
                    tls_dict["src_port"] = tls_flow["src_port"]
                    tls_dict["dest_ip"] = tls_flow["dest_ip"]
                    tls_dict["dest_port"] = tls_flow["dest_port"]
                    if "sni" in tls_flow["tls"]:
                        tls_dict["sni"] = tls_flow["tls"]["sni"]
                    # if "serial" in tls_flow["tls"]:
                    #     tls_dict["serial"] = tls_flow["tls"]["serial"]
                    # if "fingerprint" in tls_flow["tls"]:
                    #     tls_dict["fingerprint"] = tls_flow["tls"]["fingerprint"]
                        flow_id.append(tls_flow["flow_id"])
                        result.append(tls_dict)
            except:
                logger.log(CUSTOM_LOGGING.ERROR,
                           "tls_merge_error[{}]".format(tls_flow))

    elif type == "alert":
        flow_id = []
        for alert_flow in flow_list:
            try:
                alert_dict = {}
                if (alert_flow["flow_id"], alert_flow["alert"]["signature_id"]) not in flow_id:
                    msg = deal_msg(alert_flow["alert"]["signature"])
                    alert_dict["name"] = msg["name"]
                    alert_dict["tag"] = msg["tag"]
                    alert_dict["flow_id"] = alert_flow["flow_id"]
                    alert_dict["time"] = alert_flow["timestamp"]
                    alert_dict["src_ip"] = alert_flow["src_ip"]
                    alert_dict["src_port"] = alert_flow["src_port"]
                    alert_dict["dest_ip"] = alert_flow["dest_ip"]
                    alert_dict["dest_port"] = alert_flow["dest_port"]
                    alert_dict["sid"] = alert_flow["alert"]["signature_id"]
                    if "app_proto" in alert_flow and alert_flow["app_proto"] != "failed":
                        alert_dict["proto"] = alert_flow["app_proto"]
                    else:
                        alert_dict["proto"] = alert_flow["proto"]

                    flow_id.append(
                        (alert_flow["flow_id"], alert_flow["alert"]["signature_id"]))
                    result.append(alert_dict)
            except:
                logger.log(CUSTOM_LOGGING.ERROR,
                           "alert_merge_error[{}]".format(alert_flow))
    elif type == "service":
        for service_flow in flow_list:
            try:
                service_dict = {}
                msg = deal_msg(service_flow["alert"]["signature"])
                service_dict["service_name"] = msg["service_name"]
                service_dict["flow_id"] = service_flow["flow_id"]
                service_dict["time"] = service_flow["timestamp"]
                if msg["server"] == "dest":
                    service_dict["service_ip"] = service_flow["dest_ip"]
                    service_dict["service_port"] = service_flow["dest_port"]
                else:
                    service_dict["service_ip"] = service_flow["src_ip"]
                    service_dict["service_port"] = service_flow["src_port"]
                service_dict["sid"] = service_flow["alert"]["signature_id"]
                result.append(service_dict)
                
            except:
                logger.log(CUSTOM_LOGGING.ERROR,
                           "alert_merge_error[{}]".format(service_flow))


    return list_dict_duplicate_removal(result)
예제 #33
0
파일: interface.py 프로젝트: Xyntax/Drystan
                        logger.info(command)
                        os.system(command)
                    elif "msfconsole" in command:
                        for ip in open(os.path.join(paths.PORT_PATH, _file)).readlines():
                            command = (
                                command.replace("$TARGET", ip.strip())
                                .replace("$USER", paths.USR_LIST)
                                .replace("$PASS", paths.PWD_LIST)
                            )
                            logger.info(command)
                            os.system(command)
                    # TODO 验证其它命令是否可用,待添加
                    else:
                        pass
            else:
                notScanned.append(_port)
        # TODO
        except Exception, e:
            print e
            continue
    for each in notScanned:
        logger.log(CUSTOM_LOGGING.SYSINFO, "Several ports are not scanned: " + str(each))


@auto
def pocscan():
    os.chdir(os.path.join(paths.ROOT_PATH, "pocscan-cli"))
    command = "python pocscan-cli.py " + paths.HTTP
    os.system(command)
    os.chdir(paths.ROOT_PATH)
예제 #34
0
                        logger.info(command)
                        os.system(command)
                    elif 'msfconsole' in command:
                        for ip in open(os.path.join(paths.PORT_PATH,
                                                    _file)).readlines():
                            command = command.replace('$TARGET', ip.strip()) \
                                .replace('$USER', paths.USR_LIST) \
                                .replace('$PASS', paths.PWD_LIST)
                            logger.info(command)
                            os.system(command)
                    # TODO 验证其它命令是否可用,待添加
                    else:
                        pass
            else:
                notScanned.append(_port)
        # TODO
        except Exception, e:
            print e
            continue
    for each in notScanned:
        logger.log(CUSTOM_LOGGING.SYSINFO,
                   'Several ports are not scanned: ' + str(each))


@auto
def pocscan():
    os.chdir(os.path.join(paths.ROOT_PATH, 'pocscan-cli'))
    command = 'python pocscan-cli.py ' + paths.HTTP
    os.system(command)
    os.chdir(paths.ROOT_PATH)