Exemplo n.º 1
0
def parse_beacon(dtg, addr, ssid):
    device = get_device(addr)
    
    recent = Device.objects(Q(events__timestamp__gte=datetime.utcnow() - timedelta(minutes=10)) | Q(events__ssid__ne=ssid), mac=addr)
    if len(recent) == 0:
        event = Beacon()
        event.ssid = ssid
        event.timestamp = datetime.utcnow()
        device.events.append(event)
        device.save()

        dev = selector.select('Device', mac=addr).first()
        if dev == None:
            dev = Node('Device', mac=addr, last_seen=str(datetime.utcnow()), vendor=device.vendor)
            graph.create(dev)
        
        ss = selector.select('SSID', ssid=ssid).first()
        if ss == None:
            ss = Node('SSID', ssid=ssid, timestamp=str(datetime.utcnow()))
            graph.create(ss)

        if len(list(graph.match(start_node=dev, rel_type='beacon', end_node=ss))) == 0:
            rel = Relationship(dev, 'beacon', ss)
            graph.create(rel)
        
        print("%s[+] (%s) AP beacon: %s (%s) -> '%s'" % (Term.GREEN, dtg, addr, device.vendor, ssid))
Exemplo n.º 2
0
def parse_response(dtg, addr, dest, ssid):
    device = get_device(addr)

    recent = Device.objects(Q(events__timestamp__gte=datetime.utcnow() - timedelta(minutes=10)) | Q(events__dest__ne=ssid), mac=addr)
    if len(recent) == 0:
        event = Beacon()
        event.timestamp = datetime.utcnow()
        event.ssid = ssid
        device.events.append(event)
        device.save()

        dev = selector.select('Device', mac=dest).first()
        if dev == None:
            dev = Node('Device', mac=dest, last_seen=str(datetime.utcnow()), vendor=device.vendor)
            graph.create(dev)

        ss = selector.select('SSID', ssid=ssid).first()
        if ss == None:
            ss = Node('SSID', ssid=ssid, timestamp=str(datetime.utcnow()))
            graph.create(ss)

        if len(list(graph.match(start_node=dev, rel_type='probe', end_node=ss))) == 0:
            rel = Relationship(dev, 'response', ss)
            graph.create(rel)
            print('Hidden SSID Discovered %s -> %s' % (dest, ssid))