def add_host_entry(target, targets_idx): entry = None if is_mac(target): entry = HostEntry(l2_addr=target) elif func: if is_ip(target) and netmask.match_strict(target): profs = filter(lambda p: p.l2_addr is not None, func(l3_addr=target, netmask=netmask) or \ []) if profs: entry = HostEntry(l2_addr=profs[0].l2_addr, l3_addr=target, hostname=profs[0].hostname) else: profs = filter(lambda p: p.l2_addr is not None, func(hostname=target, netmask=netmask) or \ []) if profs: entry = HostEntry(l2_addr=profs[0].l2_addr, l3_addr=profs[0].l3_addr, hostname=target) if entry: log.info('Group %d -> %s' % (targets_idx + 1, entry)) self.targets[targets_idx].append(entry)
def execute_audit(self, sess, inp_dict): smask = inp_dict['source mask'] dmask = inp_dict['destination mask'] gateway = inp_dict['gateway'] source = inp_dict['spoofed'] delay = max(inp_dict['delay'], 100) if not is_ip(gateway): sess.output_page.user_msg(_('Gateway is not a valid IP address'), STATUS_ERR, AUDIT_NAME) return False if not source or (source and (not is_ip(source) or source == '0.0.0.0')): source = sess.context.get_ip1() sess.output_page.user_msg( _('Source is not a valid IP address. ' 'Using IP of your NIC: %s') % source, STATUS_WARNING, AUDIT_NAME) # Check the network mask if smask: try: smask = Netmask(smask) except: sess.output_page.user_msg( _('Source mask is not a valid netmask'), STATUS_ERR, AUDIT_NAME) return False if dmask: try: dmask = Netmask(dmask) except: sess.output_page.user_msg( _('Destination mask is not a valid netmask'), STATUS_ERR, AUDIT_NAME) return False return IcmpRedirectOperation(smask, dmask, gateway, source, delay, sess, self)
def execute_audit(self, sess, inp_dict): datalink = sess.context.datalink() if datalink not in (IL_TYPE_ETH, IL_TYPE_TR, IL_TYPE_FDDI): self.status.error(_('Could not run arpcachepoison. Datalink ' 'not supported. Ethernet needed.')) return False host = inp_dict['host'] hwsrc = inp_dict['hwsrc'] target = inp_dict['target'] packets = inp_dict['packets'] delay = max(300, inp_dict['delay']) if packets <= 0: packets = -1 if not is_ip(host): self.status.error(_('Not a valid IP address for host')) return False if not is_ip(target): self.status.error(_('Not a valid IP address for target')) return False if hwsrc and not is_mac(hwsrc): self.status.error(_('Not a valid MAC address for hwsrc')) return False if target != '0.0.0.0': # We have to solve the IP as MAC address pkt = MetaPacket.new('arp') pkt.set_field('arp.pdst', target) sess.context.sr_l3(pkt, timeout=4, onerror=self.on_error, onreply=self.on_resolved, udata=(sess, host, target, hwsrc, packets, delay)) self.status.info(_('Trying to resolve IP: %s') % target) else: self.poison(sess, host, target, hwsrc, '', packets, delay) return True
def execute_audit(self, sess, inp_dict): smask = inp_dict['source mask'] dmask = inp_dict['destination mask'] gateway = inp_dict['gateway'] source = inp_dict['spoofed'] delay = max(inp_dict['delay'], 100) if not is_ip(gateway): sess.output_page.user_msg(_('Gateway is not a valid IP address'), STATUS_ERR, AUDIT_NAME) return False if not source or (source and (not is_ip(source) or source == '0.0.0.0')): source = sess.context.get_ip1() sess.output_page.user_msg(_('Source is not a valid IP address. ' 'Using IP of your NIC: %s') % source, STATUS_WARNING, AUDIT_NAME) # Check the network mask if smask: try: smask = Netmask(smask) except: sess.output_page.user_msg( _('Source mask is not a valid netmask'), STATUS_ERR, AUDIT_NAME) return False if dmask: try: dmask = Netmask(dmask) except: sess.output_page.user_msg( _('Destination mask is not a valid netmask'), STATUS_ERR, AUDIT_NAME) return False return IcmpRedirectOperation( smask, dmask, gateway, source, delay, sess, self )
def execute_audit(self, sess, inp_dict): if AUDIT_NAME in sess.mitm_attacks: return pool = inp_dict['ip_pool'] netmask = inp_dict['netmask'] dnsip = inp_dict['dnsip'] leasetm = min(1800, max(0, inp_dict['lease_time'])) if not dnsip or not is_ip(dnsip): sess.output_page.user_msg(_('Not a valid DNS Server IP'), STATUS_ERR, AUDIT_NAME) return False if not netmask or not is_ip(netmask): sess.output_page.user_msg(_('Not a valid netmask'), STATUS_ERR, AUDIT_NAME) return False #try: # _ = Netmask(netmask, dnsip) #except: # sess.output_page.user_msg(_('Not a valid netmask'), STATUS_ERR, # AUDIT_NAME) #return False if not pool or (pool and not IPPool.ipaddress.match(pool)): s = dnsip.split('.') pool = IPPool(s[0] + '.' + s[1] + '.' + \ s[2] + '.' + str(int(s[3]) + 1) + '-255') sess.output_page.user_msg( _('Falling back to %s for IP pool') % repr(pool), STATUS_WARNING, AUDIT_NAME) else: pool = IPPool(pool) sess.output_page.user_msg( _('Using %s as IP pool') % repr(pool), STATUS_INFO, AUDIT_NAME) return SpoofOperation(sess, self.status, dnsip, netmask, pool, leasetm)
def execute_audit(self, sess, inp_dict): source = inp_dict['source'] target = inp_dict['target'] sport = inp_dict['sport'] dport = inp_dict['dport'] randip = inp_dict['randomize source'] randport = inp_dict['randomize sport'] probes = inp_dict['probes'] if probes < -1 or probes == 0: sess.output_page.user_msg(_('Probes could be -1 or > 1'), STATUS_ERR, AUDIT_NAME) return False if dport < 1 or dport > 65535: sess.output_page.user_msg(_('Dport is not a valid TCP port'), STATUS_ERR, AUDIT_NAME) return False if not randport and (sport < 1 or sport > 65535): sess.output_page.user_msg(_('Sport is not a valid TCP port'), STATUS_ERR, AUDIT_NAME) return False resolve = lambda x: is_ip(x) and x or gethostbyname(x) dip = resolve(target) if not randip: sip = resolve(source) if dip == '0.0.0.0': sess.output_page.user_msg(_('Target not valid'), STATUS_ERR, AUDIT_NAME) return False return SynFloodOperation( randip and randip or sip, dip, randport and randport or sport, dport, probes, max(inp_dict['delay'], 0), sess.context )
def execute_audit(self, sess, inp_dict): source = inp_dict['source'] target = inp_dict['target'] sport = inp_dict['sport'] dport = inp_dict['dport'] randip = inp_dict['randomize source'] randport = inp_dict['randomize sport'] probes = inp_dict['probes'] if probes < -1 or probes == 0: sess.output_page.user_msg(_('Probes could be -1 or > 1'), STATUS_ERR, AUDIT_NAME) return False if dport < 1 or dport > 65535: sess.output_page.user_msg(_('Dport is not a valid TCP port'), STATUS_ERR, AUDIT_NAME) return False if not randport and (sport < 1 or sport > 65535): sess.output_page.user_msg(_('Sport is not a valid TCP port'), STATUS_ERR, AUDIT_NAME) return False resolve = lambda x: is_ip(x) and x or gethostbyname(x) dip = resolve(target) if not randip: sip = resolve(source) if dip == '0.0.0.0': sess.output_page.user_msg(_('Target not valid'), STATUS_ERR, AUDIT_NAME) return False return SynFloodOperation(randip and randip or sip, dip, randport and randport or sport, dport, probes, max(inp_dict['delay'], 0), sess.context)
def execute_audit(self, sess, inp_dict): target = inp_dict['target'] probes = inp_dict['probes'] if probes < 1 and probes != -1: sess.output_page.user_msg(_('Probes could be -1 or > 0'), STATUS_ERR, AUDIT_NAME) return False if is_ip(target): ip = target else: ip = gethostbyname(target) sess.output_page.user_msg(_('Hostname %s solved as %s') \ % (target, ip), STATUS_INFO, AUDIT_NAME) if ip == '0.0.0.0': sess.output_page.user_msg(_('Not a valid target'), STATUS_ERR, AUDIT_NAME) return False return ARPPingOperation(sess, ip, max(inp_dict['delay'], 0), probes, inp_dict['report'])