def cStep2(self):
# STEP 2:
# RECEIVE Rb, Server's DH, H(Ra, K_sss)
s1 = self.s.recv(2000).decode()
self.Log(
"Challenge, Diffie-Hellman key part and Response-to-Challenge received."
)
# split the message into R_Server, DH_Server, H_Server
result = [x.strip() for x in s1.split(',')]
DH_Server = int(result[1])
R_Server = result[0]
self.R_Server = R_Server
H_server = result[2]
self.Log("R_Server = " + str(R_Server))
self.Log("DH_Server = " + str(DH_Server))
self.Log("Hash_Server = " + str(H_server))
self.key = pow(DH_Server, self.a) % 77171
self.Log("DH Key: %s" % str(self.key))
# calculate hash and see if it matches with server's response
data = self.R_Client + self.SharedSecret
hash_val = sha3.sha3_224(data.encode('utf-8')).hexdigest()
self.Log("Expected hash = " + str(hash_val))
if (hash_val == H_server):
self.Log("Server Identity is Confirmed")
self.Log("Click continue to send Response-to-Challenge\n\n")
else:
self.Log("Server Identity is NOT Confirmed")
self.s.close()
def create_acct():
if request.method == "GET":
return render_template("create_acct.html")
if request.method == "POST":
# check if username already exists in DB
username = request.form.get("Username")
password = sha3.sha3_224(
str(request.form.get("Password")).encode('utf-8')).hexdigest()
check = db.execute("SELECT * FROM accounts WHERE username = :username",
{
"username": username
}).fetchone()
if check is None:
db.execute(
"INSERT INTO accounts(username, password) VALUES(:username, :password)",
{
"username": username,
"password": password
})
db.commit()
# get the username of the current user logged in
session["username"] = username
return render_template("user_home.html", username=username)
else:
return render_template("create_acct.html",
username_taken="Username already taken")
def __init__(self):
# Define Supported hashes
hashes = dict()
hashes['md2'] = lambda x: self._get_md2_hash(x)
hashes['md4'] = lambda x: self._get_hashlib_hash('md4', x)
hashes['md5'] = lambda x: hashlib.md5(x).hexdigest()
hashes['sha'] = lambda x: self._get_hashlib_hash('sha', x)
hashes['sha1'] = lambda x: hashlib.sha1(x).hexdigest()
hashes['sha256'] = lambda x: hashlib.sha256(x).hexdigest()
hashes['sha224'] = lambda x: hashlib.sha224(x).hexdigest()
hashes['sha384'] = lambda x: hashlib.sha384(x).hexdigest()
hashes['sha512'] = lambda x: hashlib.sha512(x).hexdigest()
hashes['sha3_224'] = lambda x: sha3.sha3_224(x).hexdigest()
hashes['sha3_256'] = lambda x: sha3.sha3_256(x).hexdigest()
hashes['sha3_384'] = lambda x: sha3.sha3_384(x).hexdigest()
hashes['sha3_512'] = lambda x: sha3.sha3_512(x).hexdigest()
hashes['mmh2'] = lambda x: str(mmhash.get_hash(x))
hashes['mmh2_unsigned'] = lambda x: str(mmhash.get_unsigned_hash(x))
hashes['mmh3_32'] = lambda x: str(mmh3.hash(x))
hashes['mmh3_64_1'] = lambda x: str(mmh3.hash64(x)[0])
hashes['mmh3_64_2'] = lambda x: str(mmh3.hash64(x)[1])
hashes['mmh3_128'] = lambda x: str(mmh3.hash128(x))
hashes['ripemd160'] = lambda x: self._get_hashlib_hash('ripemd160', x)
hashes['whirlpool'] = lambda x: self._get_hashlib_hash('whirlpool', x)
hashes['blake2b'] = lambda x: pyblake2.blake2b(x).hexdigest()
hashes['blake2s'] = lambda x: pyblake2.blake2s(x).hexdigest()
hashes['crc32'] = lambda x: str(zlib.crc32(x))
hashes['adler32'] = lambda x: str(zlib.adler32(x))
self._hashes = hashes
self.hashes_and_checksums = self._hashes.keys()
self.supported_hashes = HASHES
def insert_server_software(domain_id, software, version):
software_hash = sha3.sha3_224(str(software +
version).encode('utf-8')).hexdigest()
stmt = "INSERT IGNORE INTO " + database + ".server_software " \
"(software_hash, domain_id, software, version, created_at) " \
"VALUES (%s, %s, %s, %s, NOW())"
params = (software_hash, domain_id, software, version)
do_and_done(stmt, params)
def insert_server_has_server_vulnerability(cve, software, version):
software_hash = sha3.sha3_224(str(software +
version).encode('utf-8')).hexdigest()
stmt = "INSERT IGNORE INTO " + database + ".server_software_has_server_vulnerabilities " \
"(cve, software_hash) " \
"VALUES (%s, %s)"
params = (cve, software_hash)
do_and_done(stmt, params)
def cStep3(self):
# STEP 3:
# SEND H(R_Server, K_sss)
data = self.R_Server + self.SharedSecret
hash_val = sha3.sha3_224(data.encode('utf-8')).hexdigest()
self.Log("Sending Hash of R_Server and the shared secret = " +
str(hash_val))
self.s.send(hash_val.encode())
self.Log("You Can Safely Talk to Server Now")
def make_vulnerability_id(vulnerability):
vulnerability_id = ''
if "references" in vulnerability:
if "cve" in vulnerability['references']:
vulnerability_id = 'CVE-' + vulnerability['references']['cve'][0]
if vulnerability_id == '':
vulnerability_id = sha3.sha3_224(
str(vulnerability).encode('utf-8')).hexdigest()
return vulnerability_id
def hash_id(str_id, method='sha3'):
# case where str_id is not a number
try:
random_num = float(str_id) + random() * 100
random_num_str = str(random_num).encode()
except:
random_num_str = str_id + str(random() * 100)
random_num_str = random_num_str.encode()
if method == 'md5':
random_hash_str = hashlib.md5(random_num_str)
elif method == 'sha3':
random_hash_str = sha3.sha3_224(random_num_str)
# print("Row num:", str_id, "Random num: ", random_num_str, "Random Hash: ", random_hash_str.hexdigest())
return random_hash_str.hexdigest()
def encrypt(msg, password):
bufferSize = 64 * 1024
# pobieram dane so wyslania
f = open("data.txt", "a")
f.write(msg)
# tworzenie hashu do sprawdzenia wyjsciowej wiadomosci
s = sha3.sha3_224(msg.encode('utf-8')).hexdigest()
# encrypt
pyAesCrypt.encryptFile("data.txt", "data.txt.aes", password[0], bufferSize)
pyAesCrypt.encryptFile("data.txt.aes", "output.txt.aes",
password[len(password) - 1], bufferSize)
return s
def sStep3(self):
# STEP 3:
# RECEIVE H(R_Server, K_sss)
s1 = self.c.recv(2000).decode()
self.Log("Response-to-Challenge received.")
self.Log("Hash_Client = " + str(s1))
# Calculate hash and see if it matches with client's response
data = self.R_Server + self.SharedSecret
hash_val = sha3.sha3_224(data.encode('utf-8')).hexdigest()
self.Log("Expected hash = " + hash_val)
if (hash_val == s1):
self.Log("Client Identity is Confirmed")
self.Log("You Can Safely Talk to Client Now")
else:
self.Log("Client Identity is NOT Confirmed")
self.c.close()
def sha3_224(string, salt=None, front=False, back=False, **placeholder):
"""
Create a SHA3 224 hash from a given string
> :param string: string to be hashed
> :return: an SHA3 224 hash
Example:
>>> sha3_224("test")
3797bf0afbbfca4a7bbba7602a2b552746876517a7f9b7ce2db0ae7b
"""
obj = sha3.sha3_224()
if salt is not None and front is True and not back:
obj.update(salt + string)
elif salt is not None and back is True and not front:
obj.update(string + salt)
else:
obj.update(string)
return obj.hexdigest()
def sStep1(self):
# STEP 1:
# RECEIVE Client's DH AND Ra
s1 = self.c.recv(2000).decode()
self.Log("Diffie-Hellman key part and Challenge received.\n")
# split the message into DH_Client and R_Client
result = [x.strip() for x in s1.split(',')]
DH_Client = int(result[0])
self.DH_Client = DH_Client
R_Client = result[1]
self.Log("DH_Client = " + str(DH_Client))
self.Log("R_Client = " + str(R_Client))
data = R_Client + self.SharedSecret
self.hash_val = sha3.sha3_224(data.encode('utf-8')).hexdigest()
self.Log("Hash of R_Client and the shared secret = " +
str(self.hash_val))
self.Log(
"Click continue to send Challenge, Diffie-Hellman key part and Response-to-Challenge(the hash)\n\n"
)
def index():
if request.method == "GET":
return render_template("index.html")
if request.method == "POST":
username = request.form.get("Username")
hashed_pass = sha3.sha3_224(
str(request.form.get("Password")).encode('utf-8')).hexdigest()
check = db.execute(
"SELECT * FROM accounts WHERE username = :username AND password = :password",
{
"username": request.form.get("Username"),
"password": hashed_pass
}).fetchone()
if check is None:
message = "Incorrect username or password"
return render_template("index.html", result=message)
else:
session["username"] = username
return render_template("user_home.html", username=username)
import sha3
data = 'maydata'
s = sha3.sha3_224(data.encode('utf-8')).hexdigest()
print(s)
data = 'maydata'
s = sha3.sha3_384(data.encode('utf-8')).hexdigest()
print(s)
data = 'maydata'
s = sha3.sha3_512(data.encode('utf-8')).hexdigest()
print(s)
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((HOST, PORT))
print('Connecting to server ....', client_socket.getpeername())
print('Connection established ...', client_socket.getsockname())
print('---------')
endTime = time.time() + 60 * 5
while time.time() <= endTime:
print(' \n-------- ',count+1,' ------- ')
print(dt.datetime.now(),': client message sent .... ')
start_round_time = time.time()
sha_cli_msg = sha3.sha3_224(CLI_MSG).hexdigest()
client_socket.sendall(sha_cli_msg.encode('utf-8'))
return_data = client_socket.recv(1024).decode('utf-8')
sha_ser_msg = sha3.sha3_224(SER_MSG.encode('utf-8')).hexdigest()
if (sha_ser_msg == return_data):
round_trip_time.append(time.time() - start_round_time)
print(dt.datetime.now(),': client received msg ... Nice to see you')
count += 1
time.sleep(2)
client_socket.close()
print('\n',dt.datetime.now(),': Connection closed ...\n')
def hash(password: str) -> str:
# Логика хеширования данных
return sha3.sha3_224(password.encode("utf-8")).hexdigest()
def simple_sha(data):
return sha3.sha3_224(data.encode('utf-8')).hexdigest()
def hash(password: str) -> str:
return sha3.sha3_224(password.encode("utf-8")).hexdigest()
def run_an_instance(scripts_to_process):
global total
for thesum in scripts_to_process:
thesum = thesum[0]
total += 1
db, cursor = database.get_mysql_db_cursor()
stmt = "SELECT javascript_hash, script FROM aau.javascripts WHERE javascript_hash = %s"
params = (thesum, )
cursor.execute(stmt, params)
rows = cursor.fetchall()
cursor.close()
db.close()
for row in rows:
try:
os.mkdir('/tmp/' + thesum)
except OSError:
pass
with open("/tmp/" + thesum + "/tmp.js", 'w+') as f:
f.write(row[1])
database.javascript_analyzes_retire(row[0])
subprocess_response = subprocess.run([
"retire", "--verbose", "--outputformat", "json", "--jspath",
"/tmp/" + thesum
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
try:
if subprocess_response.returncode != 0:
if subprocess_response.returncode == 13:
real_string = str(
subprocess_response.stderr.decode("utf-8"))
javascript_data = json.loads(real_string)
for data in javascript_data["data"]:
for results in data['results']:
for vulnerability in results[
"vulnerabilities"]:
if "identifiers" in vulnerability and "CVE" in vulnerability[
"identifiers"]:
vulnerability_id = vulnerability[
"identifiers"]["CVE"][0]
else:
vulnerability_id = sha3.sha3_224(
str(vulnerability).encode(
'utf-8')).hexdigest()
library = results["component"]
version = results["version"]
library_id = sha3.sha3_224(
str(library + version).encode(
'utf-8')).hexdigest()
database.insert_vulnerability(
vulnerability_id, str(vulnerability),
severity(vulnerability["severity"]))
database.insert_library(
library_id, library, version)
database.insert_vulnerability_js_relation(
library_id, vulnerability_id)
database.insert_js_library_relation(
row[0], library_id)
else:
real_string = str(
subprocess_response.stdout.decode("utf-8"))
javascript_data = json.loads(real_string)
for data in javascript_data["data"]:
for results in data['results']:
library = results["component"]
version = results["version"]
library_id = sha3.sha3_224(
str(library +
version).encode('utf-8')).hexdigest()
database.insert_library(library_id, library,
version)
database.insert_js_library_relation(
row[0], library_id)
except:
pass
# TODO: Dump to log file
# print("Could not handle " + row[0])
try:
os.remove('/tmp/' + thesum + '/tmp.js')
except OSError:
pass
try:
os.rmdir('/tmp/' + thesum)
except OSError:
pass
def continue_button_pressed(self):
if (self.sending == 1):
if (self.cont_state == 0):
self.message = self.m_entry.get(
) #gets the message in the field
self.temp_msg = self.m_entry.get() + "\n"
# ADD HASHING FOR INTEGRITY PROTECTION
data = self.message + str(self.key)
hash_val = sha3.sha3_224(data.encode('utf-8')).hexdigest()
self.message = self.message + "###" + hash_val + "\n"
self.Log("Message to be sent: \n" + self.message + "\n")
self.Log("Press continue.\n")
self.cont_state = 1
elif (self.cont_state == 1):
self.raw = self._pad(self.message)
self.Log(
"Raw, Padded message with Hash(message, DHKey) added: \n" +
self.raw + "\n")
self.Log("Press continue.\n")
self.cont_state = 2
elif (self.cont_state == 2):
self.iv = Random.new().read(AES.block_size)
self.Log("Initialization Vector in base64: \n " +
str(base64.b64encode(self.iv)) + "\n")
self.Log("Press continue.\n")
self.cont_state = 3
elif (self.cont_state == 3):
self.sharedKey = self.key * pow(10, (16 - len(str(self.key))))
self.Log("Shared DH Key: \n" + str(self.key) + "\n")
self.Log("Press continue.\n")
self.cont_state = 5
elif (self.cont_state == 5):
self.cipher = AES.new(
str(self.sharedKey).encode(), AES.MODE_CBC, self.iv)
self.Log("Encrypted message in base64 using AES mode CBC: \n" +
str(
base64.b64encode(
self.cipher.encrypt(self.raw.encode()))) +
"\n")
self.Log("Press continue.\n")
self.cont_state = 6
elif (self.cont_state == 6):
cipher = AES.new(
str(self.sharedKey).encode(), AES.MODE_CBC, self.iv)
encr = base64.b64encode(self.iv +
cipher.encrypt(self.raw.encode()))
self.Log(
"Sending encrypted message with Hash(message, DHKey): \n" +
str(encr) + "\n")
self.Log("DONE\n")
if (self.isClient == 1):
self.s.send(encr)
else:
self.c.send(encr)
self.cont_state = 0
self.sending = 0
self.messages.insert(tk.END, "Sent: " + self.temp_msg)
elif (self.receiving == 1):
if (self.cont_state == 0):
if (self.isClient == 1):
self.s.setblocking(0)
try:
self.message = self.s.recv(2000)
self.Log("Message to be received: \n" +
str(self.message) + "\n")
self.Log("Press continue.\n")
self.cont_state = 1
except:
self.Log("nothing to receive")
self.s.setblocking(1)
else:
self.c.setblocking(0)
try:
self.message = self.c.recv(2000)
self.Log("Message to be received: \n" +
str(self.message) + "\n")
self.Log("Press continue.\n")
self.cont_state = 1
except:
self.Log("nothing to receive")
self.c.setblocking(1)
elif (self.cont_state == 1):
self.message = base64.b64decode(self.message)
self.iv = self.message[:AES.block_size]
self.Log("Initialized Vector in base64: \n " +
str(base64.b64encode(self.iv)) + "\n")
self.Log("Press continue.\n")
self.cont_state = 2
elif (self.cont_state == 2):
self.sharedKey = self.key * pow(10, (16 - len(str(self.key))))
self.Log("Shared DH Key: \n" + str(self.key) + "\n")
self.Log("Press continue.\n")
self.cont_state = 4
elif (self.cont_state == 4):
cipher = AES.new(
str(self.sharedKey).encode(), AES.MODE_CBC, self.iv)
msg = self._unpad(cipher.decrypt(
self.message[AES.block_size:])).decode('utf-8')
# CHECK FOR HASH CHANGE
result = [x.strip() for x in str(msg).split("###")]
data = result[0] + str(self.key)
hash_val = sha3.sha3_224(data.encode('utf-8')).hexdigest()
self.Log("Expected hash = " + hash_val)
self.Log("Received hash = " + result[1])
if (result[1] != hash_val):
self.Log(
"Warning! Message has been modified by a third party!")
self.Log("Decrypted message using AES mode CBC: \n" +
result[0] + "\n")
self.Log("DONE\n")
self.cont_state = 0
self.receiving = 0
self.messages.insert(tk.END, "Received: " + result[0] + "\n")
elif (self.setup == 1):
if (self.isClient == 1):
if (self.cont_state == 0):
self.cStep1()
self.cont_state = 1
elif (self.cont_state == 1):
self.cStep2()
self.cont_state = 2
elif (self.cont_state == 2):
self.cStep3()
self.cont_state = 0
self.setup = 0
else:
if (self.cont_state == 0):
self.sStep1()
self.cont_state = 1
elif (self.cont_state == 1):
self.sStep2()
self.cont_state = 2
elif (self.cont_state == 2):
self.sStep3()
self.cont_state = 0
self.setup = 0
else:
self.Log("Send or receive a message to start")
return
import sha3
a = "abc"
b = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
c = ""
d = raw_input("input : ")
print "test vector hasil input : "
print sha3.sha3_224(d).hexdigest()
print "test vector 'abc' : "
print sha3.sha3_224(a).hexdigest()
print "test vector 'abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq' : "
print sha3.sha3_224(b).hexdigest()
print "test vector '' : "
print sha3.sha3_224(c).hexdigest()
def getHasherSha333(self):
return sha3.sha3_224()
def digest(self):
return sha3.sha3_224(self._data).digest()
def hashPassword(password):
return '' if password == '' else sha3.sha3_224(
password.encode('utf-8')).hexdigest()
def hash(password: str) -> str:
"""Хеширование данных"""
return sha3.sha3_224(password.encode("utf-8")).hexdigest()
def __init__(self):
self.hasher = sha3.sha3_224()
