def __init__(self, db): self.db = db self.BaseDomain = BaseDomainRepository(db, self.name) self.Domain = DomainRepository(db, self.name) self.IPAddress = IPRepository(db, self.name) self.CIDR = CIDRRepository(db, self.name) self.ScopeCIDR = ScopeCIDRRepository(db, self.name)
class Report(ReportTemplate): ''' This report displays all of the CIDR information, as well as the IP addresses and associated domains. ''' markdown = ['###', '####', '-', '--'] name = "" def __init__(self, db): self.BaseDomain = BaseDomainRepository(db) self.Domain = DomainRepository(db) self.IPAddress = IPRepository(db) self.CIDR = CIDRRepository(db) def run(self, args): # Cidrs = self.CIDR. results = {} CIDRs = self.CIDR.all() for c in CIDRs: if results.get(c.org_name, False): if not results[c.org_name].get(c.cidr, False): results[c.org_name][c.cidr] = {} else: results[c.org_name] = {c.cidr: {}} for ip in c.ip_addresses: if ip.passive_scope: results[c.org_name][c.cidr][ip.ip_address] = [] for d in ip.domains: if d.passive_scope: results[c.org_name][c.cidr][ip.ip_address].append( d.domain) res = [] for cidr in sorted(results.keys()): if not cidr: res.append("") else: res.append(cidr) for ranges in sorted(results[cidr].keys()): res.append("\t" + ranges) for ips in sorted(results[cidr][ranges].keys()): res.append("\t\t" + ips) for domain in sorted(results[cidr][ranges][ips]): res.append("\t\t\t" + domain) self.process_output(res, args)
class Report(ReportTemplate): """ This report displays all of the various Base Domains, Domains, and IP Addresses with scoping information """ markdown = ["###", "`"] name = "CertReport" def __init__(self, db): self.IPAddress = IPRepository(db) self.Domains = DomainRepository(db) self.BaseDomains = BaseDomainRepository(db) self.CIDRs = CIDRRepository(db) def set_options(self): super(Report, self).set_options() def run(self, args): results = [] base_domains = self.BaseDomains.all() for b in base_domains: results.append("%s\tActive Scope: %s\tPassive Scope: %s" % (b.domain, b.in_scope, b.passive_scope)) for d in b.subdomains: results.append("\t%s\tActive Scope: %s\tPassive Scope: %s" % (d.domain, d.in_scope, d.passive_scope)) cidrs = self.CIDRs.all() results.append("\n\n") for c in cidrs: results.append("%s - %s" % (c.cidr, c.org_name)) for ip in c.ip_addresses: results.append("\t%s\tActive Scope: %s\tPassive Scope: %s" % (ip.ip_address, ip.in_scope, ip.passive_scope)) self.process_output(results, args)
class Module(ModuleTemplate): ''' Ingests domains and IPs. Domains get ip info and cidr info, and IPs get CIDR info. ''' name = "Ingestor" def __init__(self, db): self.db = db self.BaseDomain = BaseDomainRepository(db, self.name) self.Domain = DomainRepository(db, self.name) self.IPAddress = IPRepository(db, self.name) self.CIDR = CIDRRepository(db, self.name) self.ScopeCIDR = ScopeCIDRRepository(db, self.name) def set_options(self): super(Module, self).set_options() self.options.add_argument( '-f', '--import_file', help="File containing domains to import. One per line") self.options.add_argument('-d', '--domain', help="Single domain to import") self.options.add_argument( '-i', '--import_ips', help="File containing IPs and ranges, one per line.") self.options.add_argument('-Id', '--import_database_domains', help='Import domains from database', action="store_true") self.options.add_argument('-Ii', '--import_database_ips', help='Import IPs from database', action="store_true") self.options.add_argument( '--force', help="Force processing again, even if already processed", action="store_true") def run(self, args): if args.import_file: domains = open(args.import_file) for line in domains: if line.strip(): self.process_domain(line.strip(), force_scope=True) self.Domain.commit() if args.domain: self.process_domain(args.domain, force_scope=True) self.Domain.commit() if args.import_database_domains: if args.force: domains = self.Domain.all() else: domains = self.Domain.all(tool=self.name) for d in domains: # pdb.set_trace() self.process_domain(d.domain) self.Domain.commit() if args.import_ips: try: ips = open(args.import_ips) for line in ips: if line.strip(): if '/' in line or '-' in line: self.process_cidr(line) else: self.process_ip(line.strip(), force_scope=True) self.Domain.commit() except IOError: if '/' in args.import_ips or '-' in args.import_ips: self.process_cidr(args.import_ips) else: self.process_ip(args.import_ips.strip(), force_scope=True) self.Domain.commit() if args.import_database_ips: for ip in self.IPAddress.all(): self.process_ip(ip.ip_address) self.Domain.commit() def get_domain_ips(self, domain): ips = [] try: answers = dns.resolver.query(domain, 'A') for a in answers: ips.append(a.address) return ips except: return [] def process_domain(self, domain_str, force_scope=False): # First check if the root domain exists, and if it doesn't, add it created, domain = self.Domain.find_or_create( only_tool=True, domain=domain_str, force_in_scope=force_scope) # if not created: # # print("%s already processed, skipping." % domain_str) # return print("Processing %s" % domain_str) # Next get ip addresses of domain ips = self.get_domain_ips(domain_str) for i in ips: ip = self.process_ip(i, force_scope=force_scope) domain.ip_addresses.append(ip) domain.save() def process_ip(self, ip_str, force_scope=False): created, ip = self.IPAddress.find_or_create(only_tool=True, ip_address=ip_str, force_in_scope=force_scope) if created: print(" - Found New IP: %s" % ip_str) res = self.check_private_subnets(ip_str) if res: cidr_data = res else: try: res = IPWhois(ip_str).lookup_whois(get_referral=True) except: res = IPWhois(ip_str).lookup_whois() cidr_data = [] for n in res['nets']: if ',' in n['cidr']: for cidr_str in n['cidr'].split(', '): cidr_data.append([cidr_str, n['description']]) else: cidr_data.append([n['cidr'], n['description']]) try: cidr_data = [ cidr_d for cidr_d in cidr_data if IPAddress(ip_str) in IPNetwork(cidr_d[0]) ] except: pdb.set_trace() cidr_len = len(IPNetwork(cidr_data[0][0])) matching_cidr = cidr_data[0] for c in cidr_data: if len(IPNetwork(c[0])) < cidr_len: matching_cidr = c print("New CIDR found: %s - %s" % (matching_cidr[1], matching_cidr[0])) cidr = self.CIDR.find_or_create(only_tool=True, cidr=matching_cidr[0], org_name=matching_cidr[1])[1] ip.cidr = cidr ip.save() # else: # print(" - IP Already processed: %s" % ip_str) return ip def check_private_subnets(self, ip_str): for cidr in private_subnets: if IPAddress(ip_str) in cidr: return ([str(cidr), 'Non-Public Subnet'], ) return False def process_cidr(self, line): if '/' in line: print("Adding %s to scoped CIDRs" % line.strip()) self.ScopeCIDR.find_or_create(cidr=line.strip()) elif '-' in line: start_ip, end_ip = line.strip().replace(' ', '').split('-') if '.' not in end_ip: end_ip = '.'.join(start_ip.split('.')[:3] + [end_ip]) cidrs = iprange_to_cidrs(start_ip, end_ip) for c in cidrs: print("Adding %s to scoped CIDRs" % str(c)) self.ScopeCIDR.find_or_create(cidr=str(c))
def __init__(self, db): self.IPAddress = IPRepository(db) self.Domains = DomainRepository(db) self.BaseDomains = BaseDomainRepository(db) self.CIDRs = CIDRRepository(db)
def __init__(self, db): self.Domain = DomainRepository(db) self.IPAddress = IPRepository(db) self.CIDR = CIDRRepository(db)
#!/usr/bin/python from armory import initialize_database from armory import get_config_options from database.repositories import BaseDomainRepository, DomainRepository, IPRepository, CIDRRepository, UserRepository, CredRepository, VulnRepository, PortRepository, UrlRepository, ScopeCIDRRepository config = get_config_options() db = initialize_database(config) Domains = DomainRepository(db, "Shell Client") BaseDomains = BaseDomainRepository(db, "Shell Client") IPAddresses = IPRepository(db, "Shell Client") CIDRs = CIDRRepository(db, "Shell Client") Users = UserRepository(db, "Shell Client") Creds = CredRepository(db, "Shell Client") Vulns = VulnRepository(db, "Shell Client") Ports = PortRepository(db, "Shell Client") Urls = UrlRepository(db, "Shell Client") ScopeCIDRs = ScopeCIDRRepository(db, "Shell Client") print("Make sure to use this script with ipython and -i") print(" ipython -i shell.py") print("Available database modules: Domains, BaseDomains, IPAddresses,") print(" CIDRs, Users, Creds, Vulns, Services, Ports, Urls, ScopeCIDRs")