Exemplo n.º 1
0
    def getTime(self):
        try:
            success, _ = self.hid_on()

            if success:
                buffer = [0x00, 0x01]

                getTimeCommand = "./apps/usbhidtool 0x10C4 0x0002 {0}".format(
                    ''.join('0x{:02x} '.format(a) for a in buffer))
                result, success = output_shell(getTimeCommand)
                logger.info("getTime {0}:{1}".format(getTimeCommand, result))
                if success and result != 'NULL':
                    print(result)
                    hexValues = result.split(' ')

                    if hexValues[0] == 'NULL\n':
                        return False, None

                    for hexValue in hexValues:
                        buffer.append(int(hexValue, 16))

                mothDate = self.bufferToDate(buffer, 3)
                print("{0}".format(mothDate))
        except:
            print('Set time failed. Unexpected error')
            logger.warn("getTime failed due to unexpected error")
        finally:
            self.hid_off()

        return success, mothDate
Exemplo n.º 2
0
 def _load_poc(self, poc_vid):
     specify_pocs = {}
     poc_names = [name for name in os.listdir(self.fb.poc_setting.dir_name) if name.startswith("vb_") and name.endswith(".py")]
     if poc_vid == ["all"]:
         for poc_name in poc_names:
             vid = "_".join(poc_name.split("_")[:3])
             specify_pocs[vid] = poc_name
     else:
         for vid in poc_vid:
             for poc_name in poc_names:
                 if vid in poc_name:
                     specify_pocs[vid] = poc_name
                     break
     poc_classes = collections.defaultdict(list)
     # poc_classes = {vid1: [name1, class1], vid2: [name2, class2], vid3: [name3, class3]}
     for vid, poc in specify_pocs.items():
         try:
             module_name = "{}.{}".format(self.fb.poc_setting.dir_name, poc)[:-3].split("/")[-1]
             __import__(module_name)
             tmp = sys.modules[module_name]
             poc_classes[vid] = [module_name, getattr(tmp, getattr(tmp, "POC_NAME"))]
         except ImportError as e:
             log.warn("Failed to import PoC {}. {}".format(poc, e))
             continue
         except Exception as e:
             log.warn("Failed to load PoC {}. {}".format(poc, e))
             continue
     return poc_classes
Exemplo n.º 3
0
 def takepic_command(self, bot, update, args):
     cam = camera.Camera()
     cam.open_eyes()
     img = cam.get_frame(save=True)
     cam.close_eyes()
     bot.send_photo(update.message.chat_id, open(img), 'here you go!')
     logger.warn('deleting %s', img)
     os.remove(img)
Exemplo n.º 4
0
def setDetection(new):
    if re.search("true", str(new)):
        status = True
        logger.info("DETECTION!")
    elif re.search("false", str(new)):
            status = False
            logger.info("DETECTION!")
    else:
        logger.warn("Invalid status %s for DETECTION" %(new))
        return
    global DETECTION
    DETECTION = status
Exemplo n.º 5
0
def gevent_skip_empty_func(func, *args, **kwargs):
    while True:
        try:
            func(*args, **kwargs)
        except queue.Empty:
            break
        except (requests.exceptions.Timeout,
                requests.exceptions.ConnectionError) as e:
            log.warn(e)
        except Exception:
            log.error(traceback.format_exc())
            continue
Exemplo n.º 6
0
def setActive(new):
    #if(newStatus is False or newStatus is "False" or newStatus is "false" or newStatus is 0 or newStatus is "0"):
    if re.search("false", str(new)):
        status = False
        logger.info("Alarm deactivated")
    #elif(newStatus is True or newStatus is "True" or newStatus is "true" or newStatus is 1 or newStatus is "1"):
    elif re.search("true", str(new)):
        status = True
        logger.info("Alarm activated")
    else:
        logger.warn("Invalid status %s" %(new))
        return
    global active
    active = status
def cert_hostname(ip_address, port):
    try:
        cert = ssl.get_server_certificate((ip_address, port), ssl_version=ssl.PROTOCOL_SSLv23)
        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
        for compoment in x509.get_subject().get_components():
            compoment_name, hostname = compoment
            if compoment_name.lower() == 'cn':
                if not "*" in hostname:
                    resolved_ip_address = socket.gethostbyname(hostname.lower())
                    if resolved_ip_address == ip_address:
                        return hostname.lower()
    except Exception, e:
        err, err_msg = e
        logger.warn("Unable to extract hostname from certificate for %s on port %s (%s)" % (ip_address, port, err_msg))
        pass
Exemplo n.º 8
0
def cert_hostname(ip_address, port):
    try:
        cert = ssl.get_server_certificate((ip_address, port),
                                          ssl_version=ssl.PROTOCOL_SSLv23)
        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                               cert)
        for compoment in x509.get_subject().get_components():
            compoment_name, hostname = compoment
            if compoment_name.lower() == 'cn':
                if not "*" in hostname:
                    resolved_ip_address = socket.gethostbyname(
                        hostname.lower())
                    if resolved_ip_address == ip_address:
                        return hostname.lower()
    except Exception, e:
        err, err_msg = e
        logger.warn(
            "Unable to extract hostname from certificate for %s on port %s (%s)"
            % (ip_address, port, err_msg))
        pass
Exemplo n.º 9
0
    def _do_basic_attack(self, method):
        logger.info("Finding forms in the page..")
        forms = self.get_inputs()

        # check if exist forms
        if len(forms) == 0:
            logger.warn("There aren't forms to check.")
            logger.warn("Please, add more info to find anything.")
            return

        logger.info("Detected %s forms." % (len(forms)))

        try:
            # scan each form
            for f in forms:
                logger.info("Checking XSS on form...")
                data = self.get_form_data(f)
                inputs = data['inputs']
                if not inputs:
                    logger.warn("The form has no fields to check")
                    continue

                self._wrapUrl.kwargs[method] = data['inputs']
                self._send_payload(inputs, method)
        except Exception as e:
            logger.debug(e)
Exemplo n.º 10
0
    def _do_attack(self):
        logger.info("Checking XSS on url %s..." % (self._wrapUrl._url))

        # get value depends on method used
        # check method
        if self._wrapUrl.kwargs["method"] == "POST":
            result = "data"
        else:
            result = "params"

        # if no parameter or data is entered
        # run basic scan
        try:
            if not self.check_params(result):
                self._do_basic_attack(result)
            else:
                self._send_payload(self._wrapUrl.kwargs[result], result)

            if not self.xss_flag:
                logger.warn("Input form might not be injectable")

        except KeyboardInterrupt:
            raise KeyboardInterrupt
Exemplo n.º 11
0
    def recordvid_command(self, bot, update, args):
        logger.info('record command %s', args)
        secs = 10
        res = (512, 288)
        if args:
            try:
                secs = int(args[0])
            except Exception as ex:
                logger.warn(str(ex))
            try:
                res = map(int, args[1:3])
            except Exception as ex:
                logger.warn(str(ex))

        logger.info('creating camera')
        cam = camera.Camera()
        logger.info('opening camera')
        cam.open_eyes()
        logger.info('camera warmed up')
        filepath = './tmp/vid/%s.h264' % str(int(time.time()))
        logger.info('starting to record at %s', filepath)
        cam.start_recording(filepath, res)
        time.sleep(secs)
        cam.stop_recording()
        logger.info('recording complete')
        cam.close_eyes()
        logger.info('camera closed')
        # convert video
        logger.info('converting video to mp4')
        newfilepath = self._convert_vid(filepath)
        logger.warn('deleting %s', filepath)
        os.remove(filepath)
        logger.info('sending message')
        bot.send_video(chat_id=update.message.chat_id,
                       video=open(newfilepath, 'rb'),
                       supports_streaming=True)
        logger.warn('deleting %s', newfilepath)
        os.remove(newfilepath)
Exemplo n.º 12
0
                                fieldnames=fieldnames,
                                dialect=csv.excel,
                                quoting=csv.QUOTE_ALL)

        # write CSV header
        writer.writeheader()

        # iterate through xml(s)
        for xml_report in nmap_xml_reports:
            try:
                # trying to load xml file
                nmap_report = NmapParser.parse_fromfile(xml_report)
                logger.info("%s host(s) loaded from %s" %
                            (len(nmap_report.hosts), xml_report))
            except Exception, e:
                logger.warn("XML file %s corrupted or format not recognized" %
                            xml_report)
                # keep looking for others xml
                continue

            # start a cumulative dictionary
            results = nmap_combine(nmap_report, results)
            #print "results: %s" % len(results)

        logger.info("Wraping up results")
        for ip_address in results:
            # colecting info for each field
            open_ports = check_ports(results[ip_address]['Port/Protocol'])
            hostnames = list_to_str(results[ip_address]['Domains'])
            notes = results[ip_address]['Notes']
            os, os_version = fingerprint_decision(
                results[ip_address]['Operating System'],
Exemplo n.º 13
0
    def _send_payload(self, params, method):

        p = list()
        self._wrapUrl.kwargs[method] = dict()

        if isinstance(params, list):
            for i in params:
                self._wrapUrl.kwargs[method][i] = ""
        elif isinstance(params, dict):
            for key, value in params.items():
                p.append(key)
                self._wrapUrl.kwargs[method][key] = value

        logger.info("%s params detected." % (len(params)))

        # check each param
        for param in p:
            logger.info("Checking parameter %s..." % (param))
            # check payloads on each param
            try:
                for payload in self.payloads:
                    #try:
                    # save original data
                    original = self._wrapUrl.kwargs[method][param]
                    self._wrapUrl.kwargs[method][param] = payload
                    logger.debug("Sending payload %s..." % (payload))
                    # do request
                    req = new_request(self._wrapUrl)

                    if req is None:
                        break

                    # check if payload exist on response
                    if self.randStr in str(req.content, "utf-8") or str(
                            self.randInt) in str(req.content, "utf-8"):
                        if self._check_browser(
                                self._wrapUrl,
                                method) is not None or self._browser is True:
                            # close browser
                            if not self._browser:
                                self._force_close_browser(self._open_browser)
                            self.xss_flag = True
                            # print data
                            logger.success("FOUND -> Payload: %s" % (payload))
                            logger.success("Vulnerable URL  -> %s" %
                                           (self._wrapUrl._url))
                            logger.success("Vulnerable Input -> %s" % (param))

                            return 1
                    else:
                        self._wrapUrl.kwargs[method][param] = original

                if not self.xss_flag:
                    # close browser
                    if not self._browser:
                        self._force_close_browser(self._open_browser)
                    logger.warn("Parameter name %s might not be injectable" %
                                (param))
            except Exception as e:
                logger.debug(e)
            except KeyboardInterrupt:
                raise KeyboardInterrupt
Exemplo n.º 14
0
    with open(csv_filename, 'w') as csvwrite:
        # set field names
        fieldnames = ['IP Address', 'Port/Protocol', 'Domains', 'Operating System', 'OS Version', 'Notes']
        writer = csv.DictWriter(csvwrite, fieldnames=fieldnames, dialect=csv.excel, quoting=csv.QUOTE_ALL)
        
        # write CSV header
        writer.writeheader()

        # iterate through xml(s)
        for xml_report in nmap_xml_reports:
            try:
                # trying to load xml file
                nmap_report = NmapParser.parse_fromfile(xml_report)
                logger.info("%s host(s) loaded from %s" % (len(nmap_report.hosts), xml_report))
            except Exception, e:
                logger.warn("XML file %s corrupted or format not recognized" % xml_report)
                # keep looking for others xml
                continue

            # start a cumulative dictionary
            results = nmap_combine(nmap_report, results)
            #print "results: %s" % len(results)

        logger.info("Wraping up results")
        for ip_address in results:
            # colecting info for each field
            open_ports = check_ports(results[ip_address]['Port/Protocol'])
            hostnames = list_to_str(results[ip_address]['Domains'])
            notes = results[ip_address]['Notes']
            os, os_version = fingerprint_decision(results[ip_address]['Operating System'], results[ip_address]['Port/Protocol'])
            #print ip_address, results[ip_address]['Operating System']
Exemplo n.º 15
0
def warn(message):
    """warn log"""
    log.warn(message)