def add_host_entry(target, targets_idx):
entry = None
if is_mac(target):
entry = HostEntry(l2_addr=target)
elif func:
if is_ip(target) and netmask.match_strict(target):
profs = filter(lambda p: p.l2_addr is not None,
func(l3_addr=target, netmask=netmask) or \
[])
if profs:
entry = HostEntry(l2_addr=profs[0].l2_addr,
l3_addr=target,
hostname=profs[0].hostname)
else:
profs = filter(lambda p: p.l2_addr is not None,
func(hostname=target, netmask=netmask) or \
[])
if profs:
entry = HostEntry(l2_addr=profs[0].l2_addr,
l3_addr=profs[0].l3_addr,
hostname=target)
if entry:
log.info('Group %d -> %s' % (targets_idx + 1, entry))
self.targets[targets_idx].append(entry)
def execute_audit(self, sess, inp_dict):
smask = inp_dict['source mask']
dmask = inp_dict['destination mask']
gateway = inp_dict['gateway']
source = inp_dict['spoofed']
delay = max(inp_dict['delay'], 100)
if not is_ip(gateway):
sess.output_page.user_msg(_('Gateway is not a valid IP address'),
STATUS_ERR, AUDIT_NAME)
return False
if not source or (source and
(not is_ip(source) or source == '0.0.0.0')):
source = sess.context.get_ip1()
sess.output_page.user_msg(
_('Source is not a valid IP address. '
'Using IP of your NIC: %s') % source, STATUS_WARNING,
AUDIT_NAME)
# Check the network mask
if smask:
try:
smask = Netmask(smask)
except:
sess.output_page.user_msg(
_('Source mask is not a valid netmask'), STATUS_ERR,
AUDIT_NAME)
return False
if dmask:
try:
dmask = Netmask(dmask)
except:
sess.output_page.user_msg(
_('Destination mask is not a valid netmask'), STATUS_ERR,
AUDIT_NAME)
return False
return IcmpRedirectOperation(smask, dmask, gateway, source, delay,
sess, self)
def execute_audit(self, sess, inp_dict):
datalink = sess.context.datalink()
if datalink not in (IL_TYPE_ETH, IL_TYPE_TR, IL_TYPE_FDDI):
self.status.error(_('Could not run arpcachepoison. Datalink '
'not supported. Ethernet needed.'))
return False
host = inp_dict['host']
hwsrc = inp_dict['hwsrc']
target = inp_dict['target']
packets = inp_dict['packets']
delay = max(300, inp_dict['delay'])
if packets <= 0:
packets = -1
if not is_ip(host):
self.status.error(_('Not a valid IP address for host'))
return False
if not is_ip(target):
self.status.error(_('Not a valid IP address for target'))
return False
if hwsrc and not is_mac(hwsrc):
self.status.error(_('Not a valid MAC address for hwsrc'))
return False
if target != '0.0.0.0':
# We have to solve the IP as MAC address
pkt = MetaPacket.new('arp')
pkt.set_field('arp.pdst', target)
sess.context.sr_l3(pkt, timeout=4,
onerror=self.on_error,
onreply=self.on_resolved,
udata=(sess, host, target, hwsrc, packets, delay))
self.status.info(_('Trying to resolve IP: %s') % target)
else:
self.poison(sess, host, target, hwsrc, '', packets, delay)
return True
def execute_audit(self, sess, inp_dict):
smask = inp_dict['source mask']
dmask = inp_dict['destination mask']
gateway = inp_dict['gateway']
source = inp_dict['spoofed']
delay = max(inp_dict['delay'], 100)
if not is_ip(gateway):
sess.output_page.user_msg(_('Gateway is not a valid IP address'),
STATUS_ERR, AUDIT_NAME)
return False
if not source or (source and (not is_ip(source) or source == '0.0.0.0')):
source = sess.context.get_ip1()
sess.output_page.user_msg(_('Source is not a valid IP address. '
'Using IP of your NIC: %s') % source,
STATUS_WARNING, AUDIT_NAME)
# Check the network mask
if smask:
try:
smask = Netmask(smask)
except:
sess.output_page.user_msg(
_('Source mask is not a valid netmask'),
STATUS_ERR, AUDIT_NAME)
return False
if dmask:
try:
dmask = Netmask(dmask)
except:
sess.output_page.user_msg(
_('Destination mask is not a valid netmask'),
STATUS_ERR, AUDIT_NAME)
return False
return IcmpRedirectOperation(
smask, dmask, gateway, source, delay, sess, self
)
def execute_audit(self, sess, inp_dict):
if AUDIT_NAME in sess.mitm_attacks:
return
pool = inp_dict['ip_pool']
netmask = inp_dict['netmask']
dnsip = inp_dict['dnsip']
leasetm = min(1800, max(0, inp_dict['lease_time']))
if not dnsip or not is_ip(dnsip):
sess.output_page.user_msg(_('Not a valid DNS Server IP'),
STATUS_ERR, AUDIT_NAME)
return False
if not netmask or not is_ip(netmask):
sess.output_page.user_msg(_('Not a valid netmask'), STATUS_ERR,
AUDIT_NAME)
return False
#try:
# _ = Netmask(netmask, dnsip)
#except:
# sess.output_page.user_msg(_('Not a valid netmask'), STATUS_ERR,
# AUDIT_NAME)
#return False
if not pool or (pool and not IPPool.ipaddress.match(pool)):
s = dnsip.split('.')
pool = IPPool(s[0] + '.' + s[1] + '.' + \
s[2] + '.' + str(int(s[3]) + 1) + '-255')
sess.output_page.user_msg(
_('Falling back to %s for IP pool') % repr(pool),
STATUS_WARNING, AUDIT_NAME)
else:
pool = IPPool(pool)
sess.output_page.user_msg(
_('Using %s as IP pool') % repr(pool), STATUS_INFO, AUDIT_NAME)
return SpoofOperation(sess, self.status, dnsip, netmask, pool, leasetm)
def execute_audit(self, sess, inp_dict):
source = inp_dict['source']
target = inp_dict['target']
sport = inp_dict['sport']
dport = inp_dict['dport']
randip = inp_dict['randomize source']
randport = inp_dict['randomize sport']
probes = inp_dict['probes']
if probes < -1 or probes == 0:
sess.output_page.user_msg(_('Probes could be -1 or > 1'),
STATUS_ERR, AUDIT_NAME)
return False
if dport < 1 or dport > 65535:
sess.output_page.user_msg(_('Dport is not a valid TCP port'),
STATUS_ERR, AUDIT_NAME)
return False
if not randport and (sport < 1 or sport > 65535):
sess.output_page.user_msg(_('Sport is not a valid TCP port'),
STATUS_ERR, AUDIT_NAME)
return False
resolve = lambda x: is_ip(x) and x or gethostbyname(x)
dip = resolve(target)
if not randip:
sip = resolve(source)
if dip == '0.0.0.0':
sess.output_page.user_msg(_('Target not valid'),
STATUS_ERR, AUDIT_NAME)
return False
return SynFloodOperation(
randip and randip or sip,
dip,
randport and randport or sport,
dport,
probes,
max(inp_dict['delay'], 0),
sess.context
)
def execute_audit(self, sess, inp_dict):
source = inp_dict['source']
target = inp_dict['target']
sport = inp_dict['sport']
dport = inp_dict['dport']
randip = inp_dict['randomize source']
randport = inp_dict['randomize sport']
probes = inp_dict['probes']
if probes < -1 or probes == 0:
sess.output_page.user_msg(_('Probes could be -1 or > 1'),
STATUS_ERR, AUDIT_NAME)
return False
if dport < 1 or dport > 65535:
sess.output_page.user_msg(_('Dport is not a valid TCP port'),
STATUS_ERR, AUDIT_NAME)
return False
if not randport and (sport < 1 or sport > 65535):
sess.output_page.user_msg(_('Sport is not a valid TCP port'),
STATUS_ERR, AUDIT_NAME)
return False
resolve = lambda x: is_ip(x) and x or gethostbyname(x)
dip = resolve(target)
if not randip:
sip = resolve(source)
if dip == '0.0.0.0':
sess.output_page.user_msg(_('Target not valid'), STATUS_ERR,
AUDIT_NAME)
return False
return SynFloodOperation(randip and randip or sip, dip,
randport and randport or sport, dport, probes,
max(inp_dict['delay'], 0), sess.context)
def execute_audit(self, sess, inp_dict):
target = inp_dict['target']
probes = inp_dict['probes']
if probes < 1 and probes != -1:
sess.output_page.user_msg(_('Probes could be -1 or > 0'), STATUS_ERR,
AUDIT_NAME)
return False
if is_ip(target):
ip = target
else:
ip = gethostbyname(target)
sess.output_page.user_msg(_('Hostname %s solved as %s') \
% (target, ip), STATUS_INFO, AUDIT_NAME)
if ip == '0.0.0.0':
sess.output_page.user_msg(_('Not a valid target'), STATUS_ERR,
AUDIT_NAME)
return False
return ARPPingOperation(sess, ip, max(inp_dict['delay'], 0),
probes, inp_dict['report'])
