def get_leases(self, username, password):
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
method = plain
api = connect(
username=username,
password=password,
host=self.ipaddress,
ssl_wrapper=ctx.wrap_socket,
port=self.port,
login_method=method
)
ipaddress = Key('active-address')
macaddress = Key('mac-address')
hostname = Key('host-name')
status = Key('status')
data = api.path('/ip/dhcp-server/lease').select(
ipaddress, macaddress, hostname).where(status == 'bound')
leases = (
(l['mac-address'], l['active-address'], l['host-name']) if 'host-name' in l.keys() else (
l['mac-address'], l['active-address'], '') for l in data)
return leases
def get_bgp_neighbors_detail(self, neighbor_address=""):
peers = self.api.path("/routing/bgp/peer").select(*bgp_peers)
if neighbor_address:
peers.where(Key('remote-address') == neighbor_address)
peers = tuple(peers)
peer_names = set(row['name'] for row in peers)
peers_instances = set(row['instance'] for row in peers)
advertisements = self.api.path("/routing/bgp/advertisements").select(
*bgp_advertisments)
advertisements.where(Key('peer').In(*peer_names))
advertisements = tuple(advertisements)
instances = self.api.path('/routing/bgp/instance').select(
*bgp_instances)
instances.where(And(
Key('name').In(*peers_instances),
not_disabled,
))
# Count prefixes advertised to each peer
sent_prefixes = defaultdict(int)
for route in advertisements:
sent_prefixes[route["peer"]] += 1
bgp_neighbors = defaultdict(lambda: defaultdict(list))
for inst in instances:
instance_name = "global" if inst["name"] == "default" else inst[
"name"]
inst_peers = find_rows(peers, key="instance", value=inst["name"])
for peer in inst_peers:
peer_details = bgp_peer_detail(peer, inst, sent_prefixes)
bgp_neighbors[instance_name][peer["remote-as"]].append(
peer_details)
return bgp_neighbors
def test_add_then_update(routeros_api):
ips = routeros_api.path('ip', 'address')
new_id = ips.add(interface='ether1', address='192.168.1.1/24')
ips.update(**{'.id': new_id, 'address': '172.16.1.1/24'})
address = Key('address')
assert tuple(ips.select(address).where(
Key('.id') == new_id))[0]['address'] == '172.16.1.1/24'
def test_query_In_operator(routeros_api, addresses):
addr_path = routeros_api.path('/ip/address')
for addr in addresses:
addr_path.add(interface='ether1', address=addr)
address = Key('address')
query = addr_path.select(address).where(address.In(*addresses))
assert addresses == set(row['address'] for row in query)
def save_lists(address_list):
_address = Key("address")
_list = Key("list")
_timeout = Key("timeout")
_comment = Key("comment")
with open(SAVE_LISTS_LOCATION, "w") as f:
for save_list in SAVE_LISTS:
for row in address_list.select(_list, _address, _timeout,
_comment).where(_list == save_list):
f.write(ujson.dumps(row) + "\n")
def save_lists(address_list):
_address = Key("address")
_list = Key("list")
_timeout = Key("timeout")
_comment = Key("comment")
os.makedirs(os.path.dirname(SAVE_LOCATION), exist_ok=True)
with open(SAVE_LOCATION, "w") as f:
for save_list in SAVE_LISTS:
for row in address_list.select(_list, _address, _timeout,
_comment).where(_list == save_list):
f.write(ujson.dumps(row) + "\n")
def get_network_instances(self, name=""):
path = self.api.path('/ip/route/vrf')
keys = ('interfaces', 'routing-mark', 'route-distinguisher')
query = path.select(*keys)
if name:
query.where(Key('routing-mark') == name)
return convert_vrf_table(query)
def api_query(self):
keys = {}
for k in self.query:
if 'id' in k and k != ".id":
self.errors("'%s' must be '.id'" % k)
keys[k] = Key(k)
try:
if self.where:
if self.where[1] == '==':
select = self.api_path.select(*keys).where(keys[self.where[0]] == self.where[2])
elif self.where[1] == '!=':
select = self.api_path.select(*keys).where(keys[self.where[0]] != self.where[2])
elif self.where[1] == '>':
select = self.api_path.select(*keys).where(keys[self.where[0]] > self.where[2])
elif self.where[1] == '<':
select = self.api_path.select(*keys).where(keys[self.where[0]] < self.where[2])
else:
self.errors("'%s' is not operator for 'where'"
% self.where[1])
else:
select = self.api_path.select(*keys)
for row in select:
self.result['message'].append(row)
if len(self.result['message']) < 1:
msg = "no results for '%s 'query' %s" % (' '.join(self.path),
' '.join(self.query))
if self.where:
msg = msg + ' WHERE %s' % ' '.join(self.where)
self.result['message'].append(msg)
self.return_result(False)
except LibRouterosError as e:
self.errors(e)
def api_extended_query(self):
self.query_keys = {}
for k in self.extended_query['attributes']:
if k == 'id':
self.errors(
"'extended_query':'attributes':'%s' must be '.id'" % k)
self.query_keys[k] = Key(k)
try:
if self.extended_query['where']:
where_args = []
for i in self.extended_query['where']:
if i['or']:
where_or_args = []
for ior in i['or']:
where_or_args.append(
self.build_api_extended_query(ior))
where_args.append(Or(*where_or_args))
else:
where_args.append(self.build_api_extended_query(i))
select = self.api_path.select(*self.query_keys).where(
*where_args)
else:
select = self.api_path.select(
*self.extended_query['attributes'])
for row in select:
self.result['message'].append(row)
self.return_result(False)
except LibRouterosError as e:
self.errors(e)
def test_query(routeros_api):
new_address = '172.16.1.1/24'
result = routeros_api(
'/ip/address/add',
address=new_address,
interface='ether1',
)
created_id = tuple(result)[0]['ret']
_id = Key('.id')
address = Key('address')
query = routeros_api.path('/ip/address').select(_id, address).where(
_id == created_id,
address == new_address,
)
selected_data = tuple(query)
assert len(selected_data) == 1
assert selected_data[0]['.id'] == created_id
assert selected_data[0]['address'] == new_address
class Keys:
bgp = Key('bgp')
dst_addr = Key('dst-address')
rcv_from = Key('received-from')
mac_address = Key('max-address')
interface = Key('interface')
address = Key('address')
async def run_script(call):
api = get_api()
if CONF_NAME in call.data:
req_script = call.data.get(CONF_NAME)
_LOGGER.debug("Sending request to run '%s' script", req_script)
try:
name = Key('name')
id = Key('.id')
for script_id in api.path(
'system',
'script').select(id).where(name == req_script):
_LOGGER.info("Running script: %s", script_id)
cmd = api.path('system', 'script')
tuple(cmd('run', **script_id))
except Exception as e:
_LOGGER.error("Run script error: %s", str(e))
def get(self,
path: str,
limit: int = 10**10,
fields=None,
where=None) -> Tuple[Dict[str, str], int]:
if where and not fields:
fields = ('.id', )
if where is None:
where = {}
res = self.cm.print(path, fields,
tuple(Key(k) == v for (k, v) in where.items()),
limit)
return res, 200
def get_arp_table(self, vrf=""):
arp = self.api.path('/ip/arp')
vrf_path = self.api.path('/ip/route/vrf')
if vrf:
vrfs = vrf_path.select(
Keys.interface).where(Key('routing-mark') == vrf)
interfaces = flatten_split(vrfs, 'interfaces')
result = arp.select(
Keys.interface,
Keys.mac_address,
Keys.address,
).where(Keys.interface.In(*interfaces))
return list(convert_arp_table(result))
return list(convert_arp_table(arp))
def get_data_from_api(user, password, ip, method_type):
try:
api = ''
mikrotik = ''
identity = ''
group = ''
version = ''
model = ''
del api
del mikrotik
api = connect(username=user, password=password, host=ip, login_method=method_type)
mikrotik = api.path('system', 'identity')
for row in mikrotik:
identity = row.get('name')
del api
del mikrotik
api = connect(username=user, password=password, host=ip, login_method=method_type)
mikrotik = api.path('user').select('name', 'group').where(Key('name') == user)
for row in mikrotik:
group = row.get('group')
del api
del mikrotik
api = connect(username=user, password=password, host=ip, login_method=method_type)
mikrotik = api.path('system', 'resource')
for row in mikrotik:
version = row.get('version')
del api
del mikrotik
api = connect(username=user, password=password, host=ip, login_method=method_type)
mikrotik = api.path('system', 'routerboard')
for row in mikrotik:
model = row.get('model')
if group != '' and group != 'full':
to_MySQL((ip, user, password, group_ssh, identity_ssh, version_ssh, modelo_ssh, '8728'), puertos)
result = (ip, user, password, identity, group, version, model, '8728')
return result
except:
print_error(sys.exc_info()[0])
return 'error'
def createusers(self):
try:
device = self.connect()
create_params = {
'name': self.input_username,
'password': self.input_password,
'group': 'full' #TODO: manage group configuration
}
users = device.path('/user')
mkusername = Key('name')
item_id = Key('.id')
user_exists = False
# TODO: create function to get .id me clearly
for row in users.select(item_id, mkusername):
if self.input_username == row['name']:
user_exists = True
update_params = {
'password': self.input_password,
'.id': row['.id']
}
users.update(**update_params)
print('Password updated: ' + row['name'] + ' with pass: '******' in device: ' +
self.device_name)
if user_exists is False:
device.path('/user').add(**create_params)
print('User ' + self.input_username +
' created with password ' + self.input_password +
' in device: ' + self.device_name)
except Exception as err:
print('Problem with ' + self.device_name + '. Error msj: ' +
str(err))
return err
return
def get_filters_list(filters_dict):
filters_list = []
for k, v in filters_dict.items():
if v:
if "|" in v:
operator, v = v.split("|")
if operator == "==":
filters_list.append(Key(k) == v)
elif operator == "!=":
filters_list.append(Key(k) != v)
elif operator == ">":
filters_list.append(Key(k) > v)
elif operator == "<":
filters_list.append(Key(k) < v)
else:
filters_list.append(Key(k) == v)
return filters_list
class Keys:
address = Key('address')
address_families = Key("address-families")
as4_capability = Key("as4-capability")
as_num = Key("as")
as_override = Key("as_override")
bgp = Key('bgp')
client_to_client_reflection = Key("client-to-client-reflection")
default = Key("default")
default_originate = Key("default-originate")
disabled = Key("disabled")
dst_addr = Key('dst-address')
established = Key("established")
hold_time = Key("hold-time")
identity = Key('identity')
ignore_as_path_len = Key("ignore-as-path-len")
in_filter = Key("in-filter")
instance = Key("instance")
interface = Key('interface')
interfaces = Key('interfaces')
interface_name = Key('interface-name')
keepalive_time = Key("keepalive-time")
local_address = Key("local-address")
mac_address = Key('max-address')
multihop = Key("multihop")
name = Key("name")
nexthop = Key("nexthop")
nexthop_choice = Key("nexthop-choice")
origin = Key("origin")
out_filter = Key("out-filter")
passive = Key("passive")
peer = Key("peer")
prefix = Key("prefix")
prefix_count = Key("prefix-count")
rcv_from = Key('received-from')
redistribute_connected = Key("redistribute-connected")
redistribute_ospf = Key("redistribute-ospf")
redistribute_other_bgp = Key("redistribute-other-bgp")
redistribute_rip = Key("redistribute-rip")
redistribute_static = Key("redistribute-static")
refresh_capability = Key("refresh-capability")
remote_address = Key("remote-address")
remote_as = Key("remote-as")
remote_hold_time = Key("remote-hold-time")
remote_id = Key("remote-id")
remove_private_as = Key("remove-private-as")
route_reflect = Key("route-reflect")
route_distinguisher = Key("route-distinguisher")
router_id = Key("router-id")
routing_mark = Key('routing-mark')
routing_table = Key("routing-table")
state = Key("state")
system_caps = Key('system-caps')
system_caps_enabled = Key('system-caps-enabled')
system_description = Key('system-description')
tcp_md5_key = Key("tcp-md5-key")
ttl = Key("ttl")
updates_received = Key("updates-received")
updates_sent = Key("updates-sent")
uptime = Key("uptime")
use_bfd = Key("use-bfd")
used_hold_time = Key("used-hold-time")
used_keepalive_time = Key("used-keepalive-time")
withdrawn_received = Key("withdrawn-received")
from librouteros.query import Key
# pylint: disable=singleton-comparison
not_disabled = Key('disabled') == False
# pylint: disable=too-few-public-methods
class Keys:
address = Key('address')
address_families = Key("address-families")
as4_capability = Key("as4-capability")
as_num = Key("as")
as_override = Key("as_override")
bgp = Key('bgp')
client_to_client_reflection = Key("client-to-client-reflection")
default = Key("default")
default_originate = Key("default-originate")
disabled = Key("disabled")
dst_addr = Key('dst-address')
established = Key("established")
hold_time = Key("hold-time")
identity = Key('identity')
ignore_as_path_len = Key("ignore-as-path-len")
in_filter = Key("in-filter")
instance = Key("instance")
interface = Key('interface')
interfaces = Key('interfaces')
interface_name = Key('interface-name')
keepalive_time = Key("keepalive-time")
local_address = Key("local-address")
mac_address = Key('max-address')
def add_to_tik(alerts):
global last_pos
global api
_address = Key("address")
_id = Key(".id")
_list = Key("list")
address_list = api.path("/ip/firewall/address-list")
resources = api.path("system/resource")
# Remove duplicate src_ips.
for event in {item['src_ip']: item for item in alerts}.values():
if not in_ignore_list(ignore_list, event):
timestamp = dt.strptime(event["timestamp"],
"%Y-%m-%dT%H:%M:%S.%f%z").strftime(
COMMENT_TIME_FORMAT)
if event["src_ip"].startswith(WHITELIST_IPS):
if event["dest_ip"].startswith(WHITELIST_IPS):
continue
wanted_ip, wanted_port = event["dest_ip"], event.get("src_port")
else:
wanted_ip, wanted_port = event["src_ip"], event.get("dest_port")
try:
address_list.add(list=BLOCK_LIST_NAME,
address=wanted_ip,
comment=f"""[{event['alert']['gid']}:{
event['alert']['signature_id']}] {
event['alert']['signature']} ::: Port: {
wanted_port}/{
event['proto']} ::: timestamp: {
timestamp}""",
timeout=TIMEOUT)
except librouteros.exceptions.TrapError as e:
if "failure: already have such entry" in str(e):
for row in address_list.select(_id, _list, _address).where(
_address == wanted_ip,
_list == BLOCK_LIST_NAME):
address_list.remove(row[".id"])
address_list.add(list=BLOCK_LIST_NAME,
address=wanted_ip,
comment=f"""[{event['alert']['gid']}:{
event['alert']['signature_id']}] {
event['alert']['signature']} ::: Port: {
wanted_port}/{
event['proto']} ::: timestamp: {
timestamp}""",
timeout=TIMEOUT)
else:
raise
except socket.timeout:
connect_to_tik()
# If router has been rebooted add saved list(s), then save lists to a file.
if check_tik_uptime(resources):
add_saved_lists(address_list)
save_lists(address_list)
from librouteros.query import Key
# pylint: disable=singleton-comparison
not_disabled = Key('disabled') == False
# pylint: disable=too-few-public-methods
class Keys:
bgp = Key('bgp')
dst_addr = Key('dst-address')
rcv_from = Key('received-from')
mac_address = Key('max-address')
interface = Key('interface')
address = Key('address')
lldp_neighbors = (
Key('identity'),
Key('interface-name'),
Key('interface'),
Key('mac-address'),
Key('system-description'),
Key('system-caps'),
Key('system-caps-enabled'),
)
bgp_peers = (
Key("address-families"),
Key("as-override"),
Key("as4-capability"),
Key("default-originate"),
def get_user(self, user_name):
for user in self.api.path("user").select(
Key('.id')).where(Key('name') == user_name):
if user != None and user_name != 'admin':
return user['.id']
return False
from librouteros.query import Key
from flask_restful import Resource
from mk import MK
from parser import P
key_name = Key('name')
key_rate = Key('rate')
class Ping(Resource):
def get(self, address):
try:
path = MK.path("")
return tuple(path("ping", **{"address": address, "count": "1"}))[0]
except Exception as e:
print(e)
exit()
class ArpPing(Resource):
def get(self):
try:
args = P.parser.parse_args()
address = args.get("address")
interface = args.get("interface")
data = {
"address": address,
"count": "1",
"arp-ping": "yes",
"interface": interface
}
from netaddr import *
import pprint
from colorama import Fore, Back, Style, init
print(Style.RESET_ALL)
api = ''
prefix_list = []
del api
api = connect(username='******',
password='******',
host='160.20.188.1')
mikrotik = api.path('ip', 'route', '').select(
'.id', 'dst-address').where(Key('received-from') == 'puq-scl-17')
for row in mikrotik:
prefix = row.get('dst-address')
if prefix.split('.')[0] != '192':
prefix_list.append(prefix)
print('puq: ', prefix, sep='')
if '/23' in prefix:
print(prefix)
input('continue?')
if '/22' in prefix:
print(prefix)
input('continue?')
del api
api = connect(username='******',
password='******',
class Keys:
bgp = Key('bgp')
dst_addr = Key('dst-address')
rcv_from = Key('received-from')
def add_to_tik(alerts):
global last_pos
global time
global api
_address = Key("address")
_id = Key(".id")
_list = Key("list")
address_list = api.path("/ip/firewall/address-list")
resources = api.path("system/resource")
# Remove duplicate src_ips.
for event in {item['src_ip']: item for item in alerts}.values():
timestamp = dt.strptime(
event["timestamp"],
"%Y-%m-%dT%H:%M:%S.%f%z").strftime(COMMENT_TIME_FORMAT)
if event["src_ip"].startswith(WHITELIST_IPS):
if event["dest_ip"].startswith(WHITELIST_IPS):
continue
try:
address_list.add(list=BLOCK_LIST_NAME,
address=event["dest_ip"],
comment=f"""[{event['alert']['gid']}:{
event['alert']['signature_id']}] {
event['alert']['signature']} ::: SPort: {
event.get('src_port')}/{
event['proto']} ::: timestamp: {
timestamp}""",
timeout=TIMEOUT)
except librouteros.exceptions.TrapError as e:
if "failure: already have such entry" in str(e):
for row in address_list.select(_id, _list, _address).where(
_address == event["dest_ip"],
_list == BLOCK_LIST_NAME):
address_list.remove(row[".id"])
address_list.add(list=BLOCK_LIST_NAME,
address=event["dest_ip"],
comment=f"""[{event['alert']['gid']}:{
event['alert']['signature_id']}] {
event['alert']['signature']} ::: SPort: {
event.get('src_port')}/{
event['proto']} ::: timestamp: {
timestamp}""",
timeout=TIMEOUT)
else:
raise
else:
try:
address_list.add(list=BLOCK_LIST_NAME,
address=event["src_ip"],
comment=f"""[{event['alert']['gid']}:{
event['alert']['signature_id']}] {
event['alert']['signature']} ::: DPort: {
event.get('dest_port')}/{
event['proto']} ::: timestamp: {
timestamp}""",
timeout=TIMEOUT)
except librouteros.exceptions.TrapError as e:
if "failure: already have such entry" in str(e):
for row in address_list.select(_id, _list, _address).where(
_address == event["src_ip"],
_list == BLOCK_LIST_NAME):
address_list.remove(row[".id"])
address_list.add(list=BLOCK_LIST_NAME,
address=event["src_ip"],
comment=f"""[{event['alert']['gid']}:{
event['alert']['signature_id']}] {
event['alert']['signature']} ::: DPort: {
event.get('dest_port')}/{
event['proto']} ::: timestamp: {
timestamp}""",
timeout=TIMEOUT)
else:
raise
# If router has been rebooted in past 10 minutes, add saved list(s),
# then wait for 10 minutes. (so rules don't get constantly re-added)
if (check_tik_uptime(resources)
and (dt.now(tz.utc) - time) / td(minutes=1) > 10):
time = dt.now(tz.utc)
add_saved_lists(address_list)
if not check_tik_uptime(resources):
save_lists(address_list)
def setup(self):
self.key = Key(name='key_name', )
def test_add_then_remove(routeros_api):
ips = routeros_api.path('ip', 'address')
new_id = ips.add(interface='ether1', address='192.168.1.1/24')
ips.remove(new_id)
_id = Key('.id')
assert tuple() == tuple(ips.select(_id).where(_id == new_id))
def user_group_api(ip, user, password):
# API
try:
api = ''
mikrotik = ''
name = user
print(ip)
print(user)
print(password)
# print(type(ip))
# print(type(user))
# print(type(passord2))
# Extraccion identity
del api
del mikrotik
api = connect(username=user, password=password, host=ip)
mikrotik = api.path('system', 'identity')
for row in mikrotik:
identity = row.get('name')
print('IDENTITY:'+identity)
# Extraccion version
del api
del mikrotik
api = connect(username=user, password=password, host=ip)
mikrotik = api.path('system', 'resource')
for row in mikrotik:
version = row.get('version')
print('version--->'+version)
# Extraccion Modelo
del api
del mikrotik
api = connect(username=user, password=password, host=ip)
mikrotik = api.path('system', 'routerboard')
for row in mikrotik:
model = row.get('model')
print('Modelo--->'+model)
# Extraccion grupo
del api
del mikrotik
api = connect(username=user, password=password, host=ip)
mikrotik = api.path('user').select('name', 'group').where(Key('name') == name)
for row in mikrotik:
group = row.get('group')
print('GROUP--->'+group)
if identity != '' and group != '':
return group, identity, version, model
except:
print('*******ERROR al loggear con API PLAIN************')
api = ''
mikrotik = ''
name = user
print(ip)
print(user)
print(password)
# print(type(ip))
# print(type(user))
# print(type(passord2))
# Extraccion identity
del api
del mikrotik
api = connect(username=user, password=password, host=ip, login_method=token)
mikrotik = api.path('system', 'identity')
for row in mikrotik:
identity = row.get('name')
print('IDENTITY:'+identity)
# Extraccion version
del api
del mikrotik
api = connect(username=user, password=password, host=ip, login_method=token)
mikrotik = api.path('system', 'resource')
for row in mikrotik:
version = row.get('version')
print('version--->'+version)
# Extraccion Modelo
del api
del mikrotik
api = connect(username=user, password=password, host=ip, login_method=token)
mikrotik = api.path('system', 'routerboard')
for row in mikrotik:
model = row.get('model')
print('Modelo--->'+model)
# Extraccion grupo
del api
del mikrotik
api = connect(username=user, password=password, host=ip, login_method=token)
mikrotik = api.path('user').select('name', 'group').where(Key('name') == name)
for row in mikrotik:
group = row.get('group')
print('GROUP--->'+group)
if identity != '' and group != '':
return group, identity, version, model
return None
