def getTime(self):
try:
success, _ = self.hid_on()
if success:
buffer = [0x00, 0x01]
getTimeCommand = "./apps/usbhidtool 0x10C4 0x0002 {0}".format(
''.join('0x{:02x} '.format(a) for a in buffer))
result, success = output_shell(getTimeCommand)
logger.info("getTime {0}:{1}".format(getTimeCommand, result))
if success and result != 'NULL':
print(result)
hexValues = result.split(' ')
if hexValues[0] == 'NULL\n':
return False, None
for hexValue in hexValues:
buffer.append(int(hexValue, 16))
mothDate = self.bufferToDate(buffer, 3)
print("{0}".format(mothDate))
except:
print('Set time failed. Unexpected error')
logger.warn("getTime failed due to unexpected error")
finally:
self.hid_off()
return success, mothDate
def _load_poc(self, poc_vid):
specify_pocs = {}
poc_names = [name for name in os.listdir(self.fb.poc_setting.dir_name) if name.startswith("vb_") and name.endswith(".py")]
if poc_vid == ["all"]:
for poc_name in poc_names:
vid = "_".join(poc_name.split("_")[:3])
specify_pocs[vid] = poc_name
else:
for vid in poc_vid:
for poc_name in poc_names:
if vid in poc_name:
specify_pocs[vid] = poc_name
break
poc_classes = collections.defaultdict(list)
# poc_classes = {vid1: [name1, class1], vid2: [name2, class2], vid3: [name3, class3]}
for vid, poc in specify_pocs.items():
try:
module_name = "{}.{}".format(self.fb.poc_setting.dir_name, poc)[:-3].split("/")[-1]
__import__(module_name)
tmp = sys.modules[module_name]
poc_classes[vid] = [module_name, getattr(tmp, getattr(tmp, "POC_NAME"))]
except ImportError as e:
log.warn("Failed to import PoC {}. {}".format(poc, e))
continue
except Exception as e:
log.warn("Failed to load PoC {}. {}".format(poc, e))
continue
return poc_classes
def takepic_command(self, bot, update, args):
cam = camera.Camera()
cam.open_eyes()
img = cam.get_frame(save=True)
cam.close_eyes()
bot.send_photo(update.message.chat_id, open(img), 'here you go!')
logger.warn('deleting %s', img)
os.remove(img)
def setDetection(new):
if re.search("true", str(new)):
status = True
logger.info("DETECTION!")
elif re.search("false", str(new)):
status = False
logger.info("DETECTION!")
else:
logger.warn("Invalid status %s for DETECTION" %(new))
return
global DETECTION
DETECTION = status
def gevent_skip_empty_func(func, *args, **kwargs):
while True:
try:
func(*args, **kwargs)
except queue.Empty:
break
except (requests.exceptions.Timeout,
requests.exceptions.ConnectionError) as e:
log.warn(e)
except Exception:
log.error(traceback.format_exc())
continue
def setActive(new):
#if(newStatus is False or newStatus is "False" or newStatus is "false" or newStatus is 0 or newStatus is "0"):
if re.search("false", str(new)):
status = False
logger.info("Alarm deactivated")
#elif(newStatus is True or newStatus is "True" or newStatus is "true" or newStatus is 1 or newStatus is "1"):
elif re.search("true", str(new)):
status = True
logger.info("Alarm activated")
else:
logger.warn("Invalid status %s" %(new))
return
global active
active = status
def cert_hostname(ip_address, port):
try:
cert = ssl.get_server_certificate((ip_address, port), ssl_version=ssl.PROTOCOL_SSLv23)
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
for compoment in x509.get_subject().get_components():
compoment_name, hostname = compoment
if compoment_name.lower() == 'cn':
if not "*" in hostname:
resolved_ip_address = socket.gethostbyname(hostname.lower())
if resolved_ip_address == ip_address:
return hostname.lower()
except Exception, e:
err, err_msg = e
logger.warn("Unable to extract hostname from certificate for %s on port %s (%s)" % (ip_address, port, err_msg))
pass
def cert_hostname(ip_address, port):
try:
cert = ssl.get_server_certificate((ip_address, port),
ssl_version=ssl.PROTOCOL_SSLv23)
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
cert)
for compoment in x509.get_subject().get_components():
compoment_name, hostname = compoment
if compoment_name.lower() == 'cn':
if not "*" in hostname:
resolved_ip_address = socket.gethostbyname(
hostname.lower())
if resolved_ip_address == ip_address:
return hostname.lower()
except Exception, e:
err, err_msg = e
logger.warn(
"Unable to extract hostname from certificate for %s on port %s (%s)"
% (ip_address, port, err_msg))
pass
def _do_basic_attack(self, method):
logger.info("Finding forms in the page..")
forms = self.get_inputs()
# check if exist forms
if len(forms) == 0:
logger.warn("There aren't forms to check.")
logger.warn("Please, add more info to find anything.")
return
logger.info("Detected %s forms." % (len(forms)))
try:
# scan each form
for f in forms:
logger.info("Checking XSS on form...")
data = self.get_form_data(f)
inputs = data['inputs']
if not inputs:
logger.warn("The form has no fields to check")
continue
self._wrapUrl.kwargs[method] = data['inputs']
self._send_payload(inputs, method)
except Exception as e:
logger.debug(e)
def _do_attack(self):
logger.info("Checking XSS on url %s..." % (self._wrapUrl._url))
# get value depends on method used
# check method
if self._wrapUrl.kwargs["method"] == "POST":
result = "data"
else:
result = "params"
# if no parameter or data is entered
# run basic scan
try:
if not self.check_params(result):
self._do_basic_attack(result)
else:
self._send_payload(self._wrapUrl.kwargs[result], result)
if not self.xss_flag:
logger.warn("Input form might not be injectable")
except KeyboardInterrupt:
raise KeyboardInterrupt
def recordvid_command(self, bot, update, args):
logger.info('record command %s', args)
secs = 10
res = (512, 288)
if args:
try:
secs = int(args[0])
except Exception as ex:
logger.warn(str(ex))
try:
res = map(int, args[1:3])
except Exception as ex:
logger.warn(str(ex))
logger.info('creating camera')
cam = camera.Camera()
logger.info('opening camera')
cam.open_eyes()
logger.info('camera warmed up')
filepath = './tmp/vid/%s.h264' % str(int(time.time()))
logger.info('starting to record at %s', filepath)
cam.start_recording(filepath, res)
time.sleep(secs)
cam.stop_recording()
logger.info('recording complete')
cam.close_eyes()
logger.info('camera closed')
# convert video
logger.info('converting video to mp4')
newfilepath = self._convert_vid(filepath)
logger.warn('deleting %s', filepath)
os.remove(filepath)
logger.info('sending message')
bot.send_video(chat_id=update.message.chat_id,
video=open(newfilepath, 'rb'),
supports_streaming=True)
logger.warn('deleting %s', newfilepath)
os.remove(newfilepath)
fieldnames=fieldnames,
dialect=csv.excel,
quoting=csv.QUOTE_ALL)
# write CSV header
writer.writeheader()
# iterate through xml(s)
for xml_report in nmap_xml_reports:
try:
# trying to load xml file
nmap_report = NmapParser.parse_fromfile(xml_report)
logger.info("%s host(s) loaded from %s" %
(len(nmap_report.hosts), xml_report))
except Exception, e:
logger.warn("XML file %s corrupted or format not recognized" %
xml_report)
# keep looking for others xml
continue
# start a cumulative dictionary
results = nmap_combine(nmap_report, results)
#print "results: %s" % len(results)
logger.info("Wraping up results")
for ip_address in results:
# colecting info for each field
open_ports = check_ports(results[ip_address]['Port/Protocol'])
hostnames = list_to_str(results[ip_address]['Domains'])
notes = results[ip_address]['Notes']
os, os_version = fingerprint_decision(
results[ip_address]['Operating System'],
def _send_payload(self, params, method):
p = list()
self._wrapUrl.kwargs[method] = dict()
if isinstance(params, list):
for i in params:
self._wrapUrl.kwargs[method][i] = ""
elif isinstance(params, dict):
for key, value in params.items():
p.append(key)
self._wrapUrl.kwargs[method][key] = value
logger.info("%s params detected." % (len(params)))
# check each param
for param in p:
logger.info("Checking parameter %s..." % (param))
# check payloads on each param
try:
for payload in self.payloads:
#try:
# save original data
original = self._wrapUrl.kwargs[method][param]
self._wrapUrl.kwargs[method][param] = payload
logger.debug("Sending payload %s..." % (payload))
# do request
req = new_request(self._wrapUrl)
if req is None:
break
# check if payload exist on response
if self.randStr in str(req.content, "utf-8") or str(
self.randInt) in str(req.content, "utf-8"):
if self._check_browser(
self._wrapUrl,
method) is not None or self._browser is True:
# close browser
if not self._browser:
self._force_close_browser(self._open_browser)
self.xss_flag = True
# print data
logger.success("FOUND -> Payload: %s" % (payload))
logger.success("Vulnerable URL -> %s" %
(self._wrapUrl._url))
logger.success("Vulnerable Input -> %s" % (param))
return 1
else:
self._wrapUrl.kwargs[method][param] = original
if not self.xss_flag:
# close browser
if not self._browser:
self._force_close_browser(self._open_browser)
logger.warn("Parameter name %s might not be injectable" %
(param))
except Exception as e:
logger.debug(e)
except KeyboardInterrupt:
raise KeyboardInterrupt
with open(csv_filename, 'w') as csvwrite:
# set field names
fieldnames = ['IP Address', 'Port/Protocol', 'Domains', 'Operating System', 'OS Version', 'Notes']
writer = csv.DictWriter(csvwrite, fieldnames=fieldnames, dialect=csv.excel, quoting=csv.QUOTE_ALL)
# write CSV header
writer.writeheader()
# iterate through xml(s)
for xml_report in nmap_xml_reports:
try:
# trying to load xml file
nmap_report = NmapParser.parse_fromfile(xml_report)
logger.info("%s host(s) loaded from %s" % (len(nmap_report.hosts), xml_report))
except Exception, e:
logger.warn("XML file %s corrupted or format not recognized" % xml_report)
# keep looking for others xml
continue
# start a cumulative dictionary
results = nmap_combine(nmap_report, results)
#print "results: %s" % len(results)
logger.info("Wraping up results")
for ip_address in results:
# colecting info for each field
open_ports = check_ports(results[ip_address]['Port/Protocol'])
hostnames = list_to_str(results[ip_address]['Domains'])
notes = results[ip_address]['Notes']
os, os_version = fingerprint_decision(results[ip_address]['Operating System'], results[ip_address]['Port/Protocol'])
#print ip_address, results[ip_address]['Operating System']
def warn(message):
"""warn log"""
log.warn(message)