def get_leases(self, username, password): ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE method = plain api = connect( username=username, password=password, host=self.ipaddress, ssl_wrapper=ctx.wrap_socket, port=self.port, login_method=method ) ipaddress = Key('active-address') macaddress = Key('mac-address') hostname = Key('host-name') status = Key('status') data = api.path('/ip/dhcp-server/lease').select( ipaddress, macaddress, hostname).where(status == 'bound') leases = ( (l['mac-address'], l['active-address'], l['host-name']) if 'host-name' in l.keys() else ( l['mac-address'], l['active-address'], '') for l in data) return leases
def get_bgp_neighbors_detail(self, neighbor_address=""): peers = self.api.path("/routing/bgp/peer").select(*bgp_peers) if neighbor_address: peers.where(Key('remote-address') == neighbor_address) peers = tuple(peers) peer_names = set(row['name'] for row in peers) peers_instances = set(row['instance'] for row in peers) advertisements = self.api.path("/routing/bgp/advertisements").select( *bgp_advertisments) advertisements.where(Key('peer').In(*peer_names)) advertisements = tuple(advertisements) instances = self.api.path('/routing/bgp/instance').select( *bgp_instances) instances.where(And( Key('name').In(*peers_instances), not_disabled, )) # Count prefixes advertised to each peer sent_prefixes = defaultdict(int) for route in advertisements: sent_prefixes[route["peer"]] += 1 bgp_neighbors = defaultdict(lambda: defaultdict(list)) for inst in instances: instance_name = "global" if inst["name"] == "default" else inst[ "name"] inst_peers = find_rows(peers, key="instance", value=inst["name"]) for peer in inst_peers: peer_details = bgp_peer_detail(peer, inst, sent_prefixes) bgp_neighbors[instance_name][peer["remote-as"]].append( peer_details) return bgp_neighbors
def test_add_then_update(routeros_api): ips = routeros_api.path('ip', 'address') new_id = ips.add(interface='ether1', address='192.168.1.1/24') ips.update(**{'.id': new_id, 'address': '172.16.1.1/24'}) address = Key('address') assert tuple(ips.select(address).where( Key('.id') == new_id))[0]['address'] == '172.16.1.1/24'
def test_query_In_operator(routeros_api, addresses): addr_path = routeros_api.path('/ip/address') for addr in addresses: addr_path.add(interface='ether1', address=addr) address = Key('address') query = addr_path.select(address).where(address.In(*addresses)) assert addresses == set(row['address'] for row in query)
def save_lists(address_list): _address = Key("address") _list = Key("list") _timeout = Key("timeout") _comment = Key("comment") with open(SAVE_LISTS_LOCATION, "w") as f: for save_list in SAVE_LISTS: for row in address_list.select(_list, _address, _timeout, _comment).where(_list == save_list): f.write(ujson.dumps(row) + "\n")
def save_lists(address_list): _address = Key("address") _list = Key("list") _timeout = Key("timeout") _comment = Key("comment") os.makedirs(os.path.dirname(SAVE_LOCATION), exist_ok=True) with open(SAVE_LOCATION, "w") as f: for save_list in SAVE_LISTS: for row in address_list.select(_list, _address, _timeout, _comment).where(_list == save_list): f.write(ujson.dumps(row) + "\n")
def get_network_instances(self, name=""): path = self.api.path('/ip/route/vrf') keys = ('interfaces', 'routing-mark', 'route-distinguisher') query = path.select(*keys) if name: query.where(Key('routing-mark') == name) return convert_vrf_table(query)
def api_query(self): keys = {} for k in self.query: if 'id' in k and k != ".id": self.errors("'%s' must be '.id'" % k) keys[k] = Key(k) try: if self.where: if self.where[1] == '==': select = self.api_path.select(*keys).where(keys[self.where[0]] == self.where[2]) elif self.where[1] == '!=': select = self.api_path.select(*keys).where(keys[self.where[0]] != self.where[2]) elif self.where[1] == '>': select = self.api_path.select(*keys).where(keys[self.where[0]] > self.where[2]) elif self.where[1] == '<': select = self.api_path.select(*keys).where(keys[self.where[0]] < self.where[2]) else: self.errors("'%s' is not operator for 'where'" % self.where[1]) else: select = self.api_path.select(*keys) for row in select: self.result['message'].append(row) if len(self.result['message']) < 1: msg = "no results for '%s 'query' %s" % (' '.join(self.path), ' '.join(self.query)) if self.where: msg = msg + ' WHERE %s' % ' '.join(self.where) self.result['message'].append(msg) self.return_result(False) except LibRouterosError as e: self.errors(e)
def api_extended_query(self): self.query_keys = {} for k in self.extended_query['attributes']: if k == 'id': self.errors( "'extended_query':'attributes':'%s' must be '.id'" % k) self.query_keys[k] = Key(k) try: if self.extended_query['where']: where_args = [] for i in self.extended_query['where']: if i['or']: where_or_args = [] for ior in i['or']: where_or_args.append( self.build_api_extended_query(ior)) where_args.append(Or(*where_or_args)) else: where_args.append(self.build_api_extended_query(i)) select = self.api_path.select(*self.query_keys).where( *where_args) else: select = self.api_path.select( *self.extended_query['attributes']) for row in select: self.result['message'].append(row) self.return_result(False) except LibRouterosError as e: self.errors(e)
def test_query(routeros_api): new_address = '172.16.1.1/24' result = routeros_api( '/ip/address/add', address=new_address, interface='ether1', ) created_id = tuple(result)[0]['ret'] _id = Key('.id') address = Key('address') query = routeros_api.path('/ip/address').select(_id, address).where( _id == created_id, address == new_address, ) selected_data = tuple(query) assert len(selected_data) == 1 assert selected_data[0]['.id'] == created_id assert selected_data[0]['address'] == new_address
class Keys: bgp = Key('bgp') dst_addr = Key('dst-address') rcv_from = Key('received-from') mac_address = Key('max-address') interface = Key('interface') address = Key('address')
async def run_script(call): api = get_api() if CONF_NAME in call.data: req_script = call.data.get(CONF_NAME) _LOGGER.debug("Sending request to run '%s' script", req_script) try: name = Key('name') id = Key('.id') for script_id in api.path( 'system', 'script').select(id).where(name == req_script): _LOGGER.info("Running script: %s", script_id) cmd = api.path('system', 'script') tuple(cmd('run', **script_id)) except Exception as e: _LOGGER.error("Run script error: %s", str(e))
def get(self, path: str, limit: int = 10**10, fields=None, where=None) -> Tuple[Dict[str, str], int]: if where and not fields: fields = ('.id', ) if where is None: where = {} res = self.cm.print(path, fields, tuple(Key(k) == v for (k, v) in where.items()), limit) return res, 200
def get_arp_table(self, vrf=""): arp = self.api.path('/ip/arp') vrf_path = self.api.path('/ip/route/vrf') if vrf: vrfs = vrf_path.select( Keys.interface).where(Key('routing-mark') == vrf) interfaces = flatten_split(vrfs, 'interfaces') result = arp.select( Keys.interface, Keys.mac_address, Keys.address, ).where(Keys.interface.In(*interfaces)) return list(convert_arp_table(result)) return list(convert_arp_table(arp))
def get_data_from_api(user, password, ip, method_type): try: api = '' mikrotik = '' identity = '' group = '' version = '' model = '' del api del mikrotik api = connect(username=user, password=password, host=ip, login_method=method_type) mikrotik = api.path('system', 'identity') for row in mikrotik: identity = row.get('name') del api del mikrotik api = connect(username=user, password=password, host=ip, login_method=method_type) mikrotik = api.path('user').select('name', 'group').where(Key('name') == user) for row in mikrotik: group = row.get('group') del api del mikrotik api = connect(username=user, password=password, host=ip, login_method=method_type) mikrotik = api.path('system', 'resource') for row in mikrotik: version = row.get('version') del api del mikrotik api = connect(username=user, password=password, host=ip, login_method=method_type) mikrotik = api.path('system', 'routerboard') for row in mikrotik: model = row.get('model') if group != '' and group != 'full': to_MySQL((ip, user, password, group_ssh, identity_ssh, version_ssh, modelo_ssh, '8728'), puertos) result = (ip, user, password, identity, group, version, model, '8728') return result except: print_error(sys.exc_info()[0]) return 'error'
def createusers(self): try: device = self.connect() create_params = { 'name': self.input_username, 'password': self.input_password, 'group': 'full' #TODO: manage group configuration } users = device.path('/user') mkusername = Key('name') item_id = Key('.id') user_exists = False # TODO: create function to get .id me clearly for row in users.select(item_id, mkusername): if self.input_username == row['name']: user_exists = True update_params = { 'password': self.input_password, '.id': row['.id'] } users.update(**update_params) print('Password updated: ' + row['name'] + ' with pass: '******' in device: ' + self.device_name) if user_exists is False: device.path('/user').add(**create_params) print('User ' + self.input_username + ' created with password ' + self.input_password + ' in device: ' + self.device_name) except Exception as err: print('Problem with ' + self.device_name + '. Error msj: ' + str(err)) return err return
def get_filters_list(filters_dict): filters_list = [] for k, v in filters_dict.items(): if v: if "|" in v: operator, v = v.split("|") if operator == "==": filters_list.append(Key(k) == v) elif operator == "!=": filters_list.append(Key(k) != v) elif operator == ">": filters_list.append(Key(k) > v) elif operator == "<": filters_list.append(Key(k) < v) else: filters_list.append(Key(k) == v) return filters_list
class Keys: address = Key('address') address_families = Key("address-families") as4_capability = Key("as4-capability") as_num = Key("as") as_override = Key("as_override") bgp = Key('bgp') client_to_client_reflection = Key("client-to-client-reflection") default = Key("default") default_originate = Key("default-originate") disabled = Key("disabled") dst_addr = Key('dst-address') established = Key("established") hold_time = Key("hold-time") identity = Key('identity') ignore_as_path_len = Key("ignore-as-path-len") in_filter = Key("in-filter") instance = Key("instance") interface = Key('interface') interfaces = Key('interfaces') interface_name = Key('interface-name') keepalive_time = Key("keepalive-time") local_address = Key("local-address") mac_address = Key('max-address') multihop = Key("multihop") name = Key("name") nexthop = Key("nexthop") nexthop_choice = Key("nexthop-choice") origin = Key("origin") out_filter = Key("out-filter") passive = Key("passive") peer = Key("peer") prefix = Key("prefix") prefix_count = Key("prefix-count") rcv_from = Key('received-from') redistribute_connected = Key("redistribute-connected") redistribute_ospf = Key("redistribute-ospf") redistribute_other_bgp = Key("redistribute-other-bgp") redistribute_rip = Key("redistribute-rip") redistribute_static = Key("redistribute-static") refresh_capability = Key("refresh-capability") remote_address = Key("remote-address") remote_as = Key("remote-as") remote_hold_time = Key("remote-hold-time") remote_id = Key("remote-id") remove_private_as = Key("remove-private-as") route_reflect = Key("route-reflect") route_distinguisher = Key("route-distinguisher") router_id = Key("router-id") routing_mark = Key('routing-mark') routing_table = Key("routing-table") state = Key("state") system_caps = Key('system-caps') system_caps_enabled = Key('system-caps-enabled') system_description = Key('system-description') tcp_md5_key = Key("tcp-md5-key") ttl = Key("ttl") updates_received = Key("updates-received") updates_sent = Key("updates-sent") uptime = Key("uptime") use_bfd = Key("use-bfd") used_hold_time = Key("used-hold-time") used_keepalive_time = Key("used-keepalive-time") withdrawn_received = Key("withdrawn-received")
from librouteros.query import Key # pylint: disable=singleton-comparison not_disabled = Key('disabled') == False # pylint: disable=too-few-public-methods class Keys: address = Key('address') address_families = Key("address-families") as4_capability = Key("as4-capability") as_num = Key("as") as_override = Key("as_override") bgp = Key('bgp') client_to_client_reflection = Key("client-to-client-reflection") default = Key("default") default_originate = Key("default-originate") disabled = Key("disabled") dst_addr = Key('dst-address') established = Key("established") hold_time = Key("hold-time") identity = Key('identity') ignore_as_path_len = Key("ignore-as-path-len") in_filter = Key("in-filter") instance = Key("instance") interface = Key('interface') interfaces = Key('interfaces') interface_name = Key('interface-name') keepalive_time = Key("keepalive-time") local_address = Key("local-address") mac_address = Key('max-address')
def add_to_tik(alerts): global last_pos global api _address = Key("address") _id = Key(".id") _list = Key("list") address_list = api.path("/ip/firewall/address-list") resources = api.path("system/resource") # Remove duplicate src_ips. for event in {item['src_ip']: item for item in alerts}.values(): if not in_ignore_list(ignore_list, event): timestamp = dt.strptime(event["timestamp"], "%Y-%m-%dT%H:%M:%S.%f%z").strftime( COMMENT_TIME_FORMAT) if event["src_ip"].startswith(WHITELIST_IPS): if event["dest_ip"].startswith(WHITELIST_IPS): continue wanted_ip, wanted_port = event["dest_ip"], event.get("src_port") else: wanted_ip, wanted_port = event["src_ip"], event.get("dest_port") try: address_list.add(list=BLOCK_LIST_NAME, address=wanted_ip, comment=f"""[{event['alert']['gid']}:{ event['alert']['signature_id']}] { event['alert']['signature']} ::: Port: { wanted_port}/{ event['proto']} ::: timestamp: { timestamp}""", timeout=TIMEOUT) except librouteros.exceptions.TrapError as e: if "failure: already have such entry" in str(e): for row in address_list.select(_id, _list, _address).where( _address == wanted_ip, _list == BLOCK_LIST_NAME): address_list.remove(row[".id"]) address_list.add(list=BLOCK_LIST_NAME, address=wanted_ip, comment=f"""[{event['alert']['gid']}:{ event['alert']['signature_id']}] { event['alert']['signature']} ::: Port: { wanted_port}/{ event['proto']} ::: timestamp: { timestamp}""", timeout=TIMEOUT) else: raise except socket.timeout: connect_to_tik() # If router has been rebooted add saved list(s), then save lists to a file. if check_tik_uptime(resources): add_saved_lists(address_list) save_lists(address_list)
from librouteros.query import Key # pylint: disable=singleton-comparison not_disabled = Key('disabled') == False # pylint: disable=too-few-public-methods class Keys: bgp = Key('bgp') dst_addr = Key('dst-address') rcv_from = Key('received-from') mac_address = Key('max-address') interface = Key('interface') address = Key('address') lldp_neighbors = ( Key('identity'), Key('interface-name'), Key('interface'), Key('mac-address'), Key('system-description'), Key('system-caps'), Key('system-caps-enabled'), ) bgp_peers = ( Key("address-families"), Key("as-override"), Key("as4-capability"), Key("default-originate"),
def get_user(self, user_name): for user in self.api.path("user").select( Key('.id')).where(Key('name') == user_name): if user != None and user_name != 'admin': return user['.id'] return False
from librouteros.query import Key from flask_restful import Resource from mk import MK from parser import P key_name = Key('name') key_rate = Key('rate') class Ping(Resource): def get(self, address): try: path = MK.path("") return tuple(path("ping", **{"address": address, "count": "1"}))[0] except Exception as e: print(e) exit() class ArpPing(Resource): def get(self): try: args = P.parser.parse_args() address = args.get("address") interface = args.get("interface") data = { "address": address, "count": "1", "arp-ping": "yes", "interface": interface }
from netaddr import * import pprint from colorama import Fore, Back, Style, init print(Style.RESET_ALL) api = '' prefix_list = [] del api api = connect(username='******', password='******', host='160.20.188.1') mikrotik = api.path('ip', 'route', '').select( '.id', 'dst-address').where(Key('received-from') == 'puq-scl-17') for row in mikrotik: prefix = row.get('dst-address') if prefix.split('.')[0] != '192': prefix_list.append(prefix) print('puq: ', prefix, sep='') if '/23' in prefix: print(prefix) input('continue?') if '/22' in prefix: print(prefix) input('continue?') del api api = connect(username='******', password='******',
class Keys: bgp = Key('bgp') dst_addr = Key('dst-address') rcv_from = Key('received-from')
def add_to_tik(alerts): global last_pos global time global api _address = Key("address") _id = Key(".id") _list = Key("list") address_list = api.path("/ip/firewall/address-list") resources = api.path("system/resource") # Remove duplicate src_ips. for event in {item['src_ip']: item for item in alerts}.values(): timestamp = dt.strptime( event["timestamp"], "%Y-%m-%dT%H:%M:%S.%f%z").strftime(COMMENT_TIME_FORMAT) if event["src_ip"].startswith(WHITELIST_IPS): if event["dest_ip"].startswith(WHITELIST_IPS): continue try: address_list.add(list=BLOCK_LIST_NAME, address=event["dest_ip"], comment=f"""[{event['alert']['gid']}:{ event['alert']['signature_id']}] { event['alert']['signature']} ::: SPort: { event.get('src_port')}/{ event['proto']} ::: timestamp: { timestamp}""", timeout=TIMEOUT) except librouteros.exceptions.TrapError as e: if "failure: already have such entry" in str(e): for row in address_list.select(_id, _list, _address).where( _address == event["dest_ip"], _list == BLOCK_LIST_NAME): address_list.remove(row[".id"]) address_list.add(list=BLOCK_LIST_NAME, address=event["dest_ip"], comment=f"""[{event['alert']['gid']}:{ event['alert']['signature_id']}] { event['alert']['signature']} ::: SPort: { event.get('src_port')}/{ event['proto']} ::: timestamp: { timestamp}""", timeout=TIMEOUT) else: raise else: try: address_list.add(list=BLOCK_LIST_NAME, address=event["src_ip"], comment=f"""[{event['alert']['gid']}:{ event['alert']['signature_id']}] { event['alert']['signature']} ::: DPort: { event.get('dest_port')}/{ event['proto']} ::: timestamp: { timestamp}""", timeout=TIMEOUT) except librouteros.exceptions.TrapError as e: if "failure: already have such entry" in str(e): for row in address_list.select(_id, _list, _address).where( _address == event["src_ip"], _list == BLOCK_LIST_NAME): address_list.remove(row[".id"]) address_list.add(list=BLOCK_LIST_NAME, address=event["src_ip"], comment=f"""[{event['alert']['gid']}:{ event['alert']['signature_id']}] { event['alert']['signature']} ::: DPort: { event.get('dest_port')}/{ event['proto']} ::: timestamp: { timestamp}""", timeout=TIMEOUT) else: raise # If router has been rebooted in past 10 minutes, add saved list(s), # then wait for 10 minutes. (so rules don't get constantly re-added) if (check_tik_uptime(resources) and (dt.now(tz.utc) - time) / td(minutes=1) > 10): time = dt.now(tz.utc) add_saved_lists(address_list) if not check_tik_uptime(resources): save_lists(address_list)
def setup(self): self.key = Key(name='key_name', )
def test_add_then_remove(routeros_api): ips = routeros_api.path('ip', 'address') new_id = ips.add(interface='ether1', address='192.168.1.1/24') ips.remove(new_id) _id = Key('.id') assert tuple() == tuple(ips.select(_id).where(_id == new_id))
def user_group_api(ip, user, password): # API try: api = '' mikrotik = '' name = user print(ip) print(user) print(password) # print(type(ip)) # print(type(user)) # print(type(passord2)) # Extraccion identity del api del mikrotik api = connect(username=user, password=password, host=ip) mikrotik = api.path('system', 'identity') for row in mikrotik: identity = row.get('name') print('IDENTITY:'+identity) # Extraccion version del api del mikrotik api = connect(username=user, password=password, host=ip) mikrotik = api.path('system', 'resource') for row in mikrotik: version = row.get('version') print('version--->'+version) # Extraccion Modelo del api del mikrotik api = connect(username=user, password=password, host=ip) mikrotik = api.path('system', 'routerboard') for row in mikrotik: model = row.get('model') print('Modelo--->'+model) # Extraccion grupo del api del mikrotik api = connect(username=user, password=password, host=ip) mikrotik = api.path('user').select('name', 'group').where(Key('name') == name) for row in mikrotik: group = row.get('group') print('GROUP--->'+group) if identity != '' and group != '': return group, identity, version, model except: print('*******ERROR al loggear con API PLAIN************') api = '' mikrotik = '' name = user print(ip) print(user) print(password) # print(type(ip)) # print(type(user)) # print(type(passord2)) # Extraccion identity del api del mikrotik api = connect(username=user, password=password, host=ip, login_method=token) mikrotik = api.path('system', 'identity') for row in mikrotik: identity = row.get('name') print('IDENTITY:'+identity) # Extraccion version del api del mikrotik api = connect(username=user, password=password, host=ip, login_method=token) mikrotik = api.path('system', 'resource') for row in mikrotik: version = row.get('version') print('version--->'+version) # Extraccion Modelo del api del mikrotik api = connect(username=user, password=password, host=ip, login_method=token) mikrotik = api.path('system', 'routerboard') for row in mikrotik: model = row.get('model') print('Modelo--->'+model) # Extraccion grupo del api del mikrotik api = connect(username=user, password=password, host=ip, login_method=token) mikrotik = api.path('user').select('name', 'group').where(Key('name') == name) for row in mikrotik: group = row.get('group') print('GROUP--->'+group) if identity != '' and group != '': return group, identity, version, model return None