def __init__(self, debug=False): """ Initialize PasswordDefect. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # OS name to password-log path map self.system_log_map = {"debian": "/etc/passwd"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the auth-log file", logtype="error") return else: return # Initialize user to password dict self.user_password = dict()
def __init__(self, debug=False): """ Initialize SystemLogEngine. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # Check if running as root or not if utils.check_root(): # Create module objects self.failed_login_obj = failed_login.FailedLogin(debug=debug) self.harmful_command = harmful_root_command.HarmfulCommands( debug=debug) self.detect_backdoor = detect_backdoor.DetectBackdoor(debug=debug) self.checksync = check_sync.CheckSync(debug=debug) self.password_def = password_defect.PasswordDefect(debug=debug) self.portscan = port_scan.PortScan(debug=debug) self.sshlogin = ssh_login.SSHLogin(debug=debug) self.detsniffer = detect_sniffer.DetSniffer(debug=debug) self.non_std = non_std_hash.NonStdHash(debug=debug) else: self.logger.log("Please run as root, exiting.", logtype="error") sys.exit(0)
def __init__(self, cred, debug=False): """Initialize FirewallEngine.""" self.cred = cred self.logger = logger.IemlAVLogger(__name__, debug) # Parse and setup rules and actions (self.ip_inbound, self.action_inbound_IPRule) = self.parse_inbound_IPRule() (self.ip_outbound, self.action_outbound_IPRule) = self.parse_outbound_IPRule() (self.protocols, self.action_protocolRule) = self.parse_protocolRule() (self.sports, self.action_source_portRule) = self.parse_source_portRule() (self.dports, self.action_dest_portRule) = self.parse_dest_portRule() (self.dns, self.action_DNSRule) = self.parse_DNSRule() (self.extensions, self.action_scanLoad) = self.parse_scanLoad() self.action_HTTPRequest = self.parse_HTTPRequest() self.action_HTTPResponse = self.parse_HTTPResponse() # Interface self.interface = str(self.cred['interface']) if self.interface == "": self.interface = utils.get_interface() # Setup PacketFilter object self.packetFilterObj = PacketFilter( interface=self.interface, debug=debug, ip_inbound=self.ip_inbound, ip_outbound=self.ip_outbound, protocols=self.protocols, dns=self.dns, dports=self.dports, sports=self.sports, extensions=self.extensions, action_inbound_IPRule=self.action_inbound_IPRule, action_outbound_IPRule=self.action_outbound_IPRule, action_DNSRule=self.action_DNSRule, action_source_portRule=self.action_source_portRule, action_dest_portRule=self.action_dest_portRule, action_HTTPResponse=self.action_HTTPResponse, action_HTTPRequest=self.action_HTTPRequest, action_protocolRule=self.action_protocolRule, action_scanLoad=self.action_scanLoad) # Setup Montior object self.monitorObj = FirewallMonitor(interface=self.interface, debug=debug) # Integrations self.integrations = ['Firewall', 'Monitor']
def __init__(self, cred=None, debug=None): self.cred = cred # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # Check for root if check_root(): # Create DetectRecon object self.recon_obj = DetectRecon(threshold=self.cred["threshold"], debug=debug) interface = self.cred["interface"] if interface is not None and interface != "XXXX": self.interface = interface else: self.logger.log("Collecting interface", logtype="info") self.interface = get_interface() # Create R2LEngine object self.r2l_rules = R2LEngine(debug=debug, interface=self.interface) self.logger.log("IemlAV Intrusion Detection started", logtype="info") else: self.logger.log("Run as root", logtype="error") sys.exit(1)
def __init__(self, debug=False): """ Initialize DDoS attack detection. Args: None Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger( __name__, debug=debug ) # Initialize empty dicts self.sisp = OrderedDict() self.simp = OrderedDict() self.misp = OrderedDict() self.mimp = OrderedDict() # Initialize threshold to 10000 packets / per second self._THRESHOLD = 10000 # inter = 0.0001
def __init__(self, debug=False): """ Initialize HiddenNode class. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # Initialize RTS & CTS count self.rts_count = 0 self.cts_count = 0 # Initialize RTS & CTS time self.rts_start_time = None self.cts_start_time = None # Initialize threshold self._THRESHOLD = 5 # inter = 0.2
def __init__(self, interface=None, debug=False, ip_inbound=None, ip_outbound=None, protocols=None, dns=None, dports=None, sports=None, extensions=None, action_inbound_IPRule=0, action_outbound_IPRule=0, action_DNSRule=0, action_source_portRule=0, action_dest_portRule=0, action_HTTPResponse=1, action_HTTPRequest=1, action_protocolRule=0, action_scanLoad=0): """Initilize PacketFilter class.""" self.logger = logger.IemlAVLogger(__name__, debug) # Initialize with empty list if ip_inbound is None: ip_inbound = [] if ip_outbound is None: ip_outbound = [] if protocols is None: protocols = [] if dns is None: dns = [] if sports is None: sports = [] if dports is None: dports = [] if extensions is None: extensions = [] self._action_inbound_IPRule = action_inbound_IPRule self._action_outbound_IPRule = action_outbound_IPRule self._action_protocolRule = action_protocolRule self._action_DNSRule = action_DNSRule self._action_source_portRule = action_source_portRule self._action_dest_portRule = action_dest_portRule self._action_HTTPRequest = action_HTTPRequest self._action_HTTPResponse = action_HTTPResponse self._action_scanLoad = action_scanLoad self._IP_INBOUND = ip_inbound self._IP_OUTBOUND = ip_outbound self._PROTCOLS = protocols self._DNS = dns self._DPORTS = dports self._SPORTS = sports self._EXTENSIONS = extensions # Initialize PcapWriter for PCAP dumping self.pktdump = PcapWriter("blocked.pcap", append=True, sync=True)
def __init__(self, threshold=None, debug=False): """Initialize DetectRecon class. Args: threshold (integer): Threshold ratio limit debug (bool): Log on terminal or not Raises: None Returns: None Working: Detect the following possible probe (reconnaissance) attacks (performed for information gathering): - TCP ACK / Window Scan - UDP Scan - ICMP Scan - FIN Scan - NULL Scan - XMAS Scan - OS fingerprinting Scan """ # Initialize logger self.logger = logger.IemlAVLogger( __name__, debug ) # Set threshold if threshold is None: self._THRESHOLD = 100 else: try: self._THRESHOLD = int(threshold) except ValueError: self.logger.log( "Incorrent threshold, need an integer value.", logtype="error" ) sys.exit(0) # Set count threshold self._COUNT = self._THRESHOLD * 1000 # Initialize empty dicts to store IPs self.tcp_ack = dict() self.icmp_scan = dict() self.udp_scan = dict() self.fin_scan = dict() self.xmas_scan = dict() self.null_scan = dict() self.os_scan = dict()
def __init__(self, debug=False): """ Initialize PortScan. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger( __name__, debug=debug ) # OS name to auth-log path map self.system_log_map = { "debian": "/var/log/auth.log" } os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log( "Could not find path for the auth-log file", logtype="error" ) return else: return # Salt to generate hashed username self.SALT = "<!@?>" # Regex to extract Received disconnect self.RECIEVED_DISCONNECT = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).' \ r'*Received\sdisconnect\sfrom\s([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)' # Initialize IP to count dict self.ip_dict = dict() # Set threshold to 5 attempts per second to detect port scan self.THRESHOLD = 5 # inter = 0.2
def __init__(self, interface=None, debug=False): """Initialize FirewallMonitor.""" self.logger = logger.IemlAVLogger(self.module_name, debug) self._SLEEP = 5 self.interface = interface self.machine_ip = socket.gethostbyname(socket.gethostname()) self.open_ports = [] self.network_data = {'bytes_sent': 0, 'bytes_recv': 0} self.process_list = [] self.services_list = []
def __init__(self, debug=False): """ Initialize LandAttack class. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug)
def __init__(self, debug=False): """ Initialize ARPCache class. Detect Man in The Middle Attack (MiTM) attacks. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug)
def __init__(self, debug=False): """ Initialize HarmfulCommnads. Detect harmful commands executed as root / sudo. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger( __name__, debug=debug ) # OS name to command-log path map self.system_log_map = { "debian": "/var/log/auth.log" } os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log( "Could not find path for the command-log file", logtype="error" ) return else: return # Path for file of harmful commands self.COMMNAND_FILE_PATH = "iemlav/lib/log_monitor/system_log/harmful_command.txt" self.COMMAND = r'COMMAND=(.*\s)' # regex to extract commands self.harmful_commands = utils.open_file(self.COMMNAND_FILE_PATH) self.found_harmful = [] # list of harmful commands found
def __init__(self, debug=False): """ Initialize SSHLogin. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # OS name to SSH-log path map self.system_log_map = {"debian": "/var/log/auth.log"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the SSH-log file", logtype="error") return else: return # Salt to generate hashed username self.SALT = "<!@?>" # Regex to extract invalid SSH login details self.INVALID_USER = r'^([a-zA-Z]+\s[0-9]+)\s([0-9]+:[0-9]+:[0-9]+).*' \ r'Invalid\suser\s([a-zA-Z0-9_-]+)\sfrom\s([0-9]+\.' \ r'[0-9]+\.[0-9]+\.[0-9]+)' # Initialize username to IP dict self.username_dict = dict() # Set threshold to 5 attempts per second to detect brute-force self.THRESHOLD = 5 # inter = 0.2
def __init__(self, debug=False): """ Initialize PingOfDeath. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # Initialize threshold self._THRESHOLD = 60000
def __init__(self, debug=False, cred=None): """ Initialize ServerMode. Args: debug (bool): Log on terminal or not cred (dict): Configuration credentials Raises: None Returns None """ self.debug = debug # Initialize logger self.logger = logger.IemlAVLogger( __name__, debug=self.debug ) # Initialize credentials if cred is not None: self.cred = cred else: self.logger.log( "No configuraton parameters found, exiting", logtype="error" ) sys.exit(0) # Initialize objects presence as false self.firewall = False self.ids = False self.antivirus = False self.auto_server_patcher = False self.web_deface = False self.server_log = False self.system_log = False # Initialize empty process pool list self.process_pool = list()
def __init__(self, debug=False): """ Initialize CheckSync. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger( __name__, debug=debug ) # OS name to password-log path map self.system_log_map = { "debian": ["/etc/passwd", "/etc/shadow"] } os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log( "Could not find path for the auth-log file", logtype="error" ) return else: return # Users collected from both the files # stored as list self.log1_users = [] self.log2_users = []
def __init__(self, debug=False): """ Initialize SynFlood. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # Initialize SYN dictionary self.syn_dict = dict() # Set threshold to 1000 SYN packets / per second self._THRESHOLD = 1000 # inter = 0.001
def __init__(self, args): """Initialize ArgsHelper""" self.modulename = 'args_helper' self.cred = {} self.args = args if self.args.debug: self.cred['debug'] = self.args.debug else: self.cred['debug'] = False self.cred_provided = False self.firewall_provided = False self.ids_provided = False self.system_log_provided = False self.server_log_provided = False self.auto_server_patcher_provided = False self.antivirus_provided = False # Setup logger self.logger = logger.IemlAVLogger(self.modulename, self.cred['debug'])
def __init__(self, debug=False): """ Initialize Deauth Class. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # Initialize time and count self.start_time = None self.count = 0 # Set THRESHOLD to 5 De-auth packets / per second self._THRESHOLD = 5 # inter = 0.2
def __init__(self, debug=False): """ Initialize CAM class. Detect CAM attack. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # Initialize time self.start_time = None # Initialize cam_attack list self.cam_list = [] # Initialize threshold to 256 MAC address / 6 second self._THRESHOLD = 256 / 6 # inter = 0.0234
def __init__(self, debug=False): """ Initialize DHCP Class. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # Initialize required variables self.start_time = None self.count = 0 # Set threshold to 10 Request / per second self._THRESHOLD = 10 # inter = 0.1
def __init__(self, debug=False): """ Initialize FakeAccessPoint class. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger( __name__, debug=debug ) # Initialize access point dictionary self.ap_dict = dict() # Set threshold self._THRESHOLD = 3
def __init__(self, debug=False): """ Initialize NonStdHash. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # OS name to auth-log path map self.system_log_map = {"debian": "/etc/shadow"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log( "Could not find path for the password-log file", logtype="error") return else: return # List of hashing algorithm used self.used_algo = [] # Set THRESHOLD to 3 different hashing algorithm self.THRESHOLD = 3
def __init__(self, interface=None, debug=False): """ Initialize SSIDSpoof class. Args: interface (str): Name of the interface to monitor debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger( __name__, debug=debug ) self.interface = interface self.scan_dict = dict()
def __init__(self, debug=False): """ Initialize DetSniffer. Args: debug (bool): Log on terminal or not Raises: None Returns: None """ # Initialize logger self.logger = logger.IemlAVLogger(__name__, debug=debug) # OS name to sys-log path map self.system_log_map = {"debian": "/var/log/syslog"} os_name = utils.categorize_os() self.log_file = None if os_name: try: self.log_file = self.system_log_map[os_name] except KeyError: self.logger.log("Could not find path for the SSH-log file", logtype="error") return else: return # Regex to find malicious sniffer self.SNIFFER = r"device\s([a-zA-Z0-9_-]+)\s.*promisc" # List of promisc devices self.found_promisc = []
# -*- coding: utf-8 -*- from iemlav.lib.firewall.mapping import * import subprocess import re import os from iemlav import logger # Initialize logger with debug=False utils_logger = logger.IemlAVLogger(__name__, debug=False) def setup_logger(debug): global utils_logger utils_logger = logger.IemlAVLogger(__name__, debug) def complement(value): if int(value) == 1: return 0 else: return 1 def xnor(func): """XNOR Function. Working: XNOR Table:
def setup_logger(debug): global utils_logger utils_logger = logger.IemlAVLogger(__name__, debug)
def __init__(self): """Init logger params.""" self.logger = logger.IemlAVLogger(self.modulename)
def __init__(self, cred=None, debug=None): """Initialize IemlAVFirewall.""" self.cred = cred['firewall'] self.debug = cred['debug'] self.logger = logger.IemlAVLogger(__name__, debug=self.debug)