def syncNmapPortConfigFile(agentPath):
'''
Sync nmap port config with global probe's "port number to port name" mapping
'''
logger.debug('synchronizing nmap port config file')
portConfigFilename = agentPath + CollectorsParameters.getDiscoveryConfigFolder(
) + CollectorsParameters.FILE_SEPARATOR + 'portNumberToPortName.xml'
mamservice = File(portConfigFilename)
nmapservice = File(agentPath +
CollectorsParameters.getDiscoveryResourceFolder() +
CollectorsParameters.FILE_SEPARATOR + 'nmap-services')
if nmapservice.lastModified() > mamservice.lastModified():
return
nmapFile = FileOutputStream(nmapservice)
document = SAXBuilder(0).build(mamservice)
# document = parse(portConfigFilename)
ports = XmlWrapper(document.getRootElement().getChildren('portInfo'))
for port in ports:
if int(port.getAttributeValue("discover")):
portNumber = port.getAttributeValue("portNumber")
portName = port.getAttributeValue("portName")
portProtocol = port.getAttributeValue("portProtocol")
nmapFile.write("%s\t%s/%s\r\n" %
(portName, portNumber, portProtocol))
nmapFile.close()
def get_db_datasources(self, content):
from NTCMD_IIS import NamedDbDataSource, DbDataSource
dbDataSources = []
if content:
try:
document = SAXBuilder(0).build(StringReader(content))
results = document.getRootElement().getChildren("connectionStrings")
if results:
for result in results:
connectionEntries = result.getChildren("add")
for connectionEntry in connectionEntries:
connectionString = connectionEntry.getAttributeValue("connectionString")
if connectionString:
match = re.search("dsn\s*=\s*([a-zA-Z_0-9]+);?.*", connectionString, re.I)
if match:
dataSource = NamedDbDataSource(match.group(1))
else:
dataSource = DbDataSource(connectionString)
if dataSource.isValidDataSource():
dbDataSources.append(dataSource)
else:
logger.debug("DB Source did not validate")
except:
logger.warnException("Failed getting connection info.")
return dbDataSources
def get_db_datasources(self, content):
from NTCMD_IIS import NamedDbDataSource, DbDataSource
dbDataSources = []
if content:
try:
document = SAXBuilder(0).build(StringReader(content))
results = document.getRootElement().getChildren('connectionStrings')
if results:
for result in results:
connectionEntries = result.getChildren('add')
for connectionEntry in connectionEntries:
connectionString = connectionEntry.getAttributeValue('connectionString')
if connectionString:
match = re.search("dsn\s*=\s*([a-zA-Z_0-9]+);?.*", connectionString, re.I)
if match:
dataSource = NamedDbDataSource(match.group(1))
else:
dataSource = DbDataSource(connectionString)
if dataSource.isValidDataSource():
dbDataSources.append(dataSource)
else:
logger.debug('DB Source did not validate')
except:
logger.warnException('Failed getting connection info.')
return dbDataSources
def syncNmapPortConfigFile(agentPath):
'''
Sync nmap port config with global probe's "port number to port name" mapping
'''
logger.debug('synchronizing nmap port config file')
portConfigFilename = agentPath + CollectorsParameters.getDiscoveryConfigFolder() + CollectorsParameters.FILE_SEPARATOR + 'portNumberToPortName.xml'
mamservice = File(portConfigFilename)
nmapservice = File(agentPath + CollectorsParameters.getDiscoveryResourceFolder() + CollectorsParameters.FILE_SEPARATOR + 'nmap-services')
if nmapservice.lastModified() > mamservice.lastModified():
return
nmapFile = FileOutputStream(nmapservice)
document = SAXBuilder(0).build(mamservice)
# document = parse(portConfigFilename)
ports = XmlWrapper(document.getRootElement().getChildren('portInfo'))
for port in ports:
if int(port.getAttributeValue("discover")):
portNumber = port.getAttributeValue("portNumber")
portName = port.getAttributeValue("portName")
portProtocol = port.getAttributeValue("portProtocol")
nmapFile.write("%s\t%s/%s\r\n" % (portName, portNumber, portProtocol))
nmapFile.close()
def processNmapResult(fileName, OSHVResult, discoverOsName,
doServiceFingerprints, createApp, Framework):
try:
document = SAXBuilder(0).build(fileName)
except:
raise ValueError, "Can't parse XML document with nmap results. Skipped."
hosts = XmlWrapper(document.getRootElement().getChildren('host'))
for host in hosts:
hostOsh = None
ip = None
macs = []
addresses = XmlWrapper(host.getChildren('address'))
for address in addresses:
type = address.getAttributeValue('addrtype')
addr = address.getAttributeValue('addr')
if type == 'ipv4':
ip = addr
elif type == 'mac':
macs.append(addr)
hostnames = host.getChild('hostnames')
if (hostnames is not None) and netutils.isValidIp(ip):
hostnames = map(lambda elem: elem.getAttributeValue('name'),
XmlWrapper(hostnames.getChildren('hostname')))
hostname = hostnames and hostnames[
0] or None #using only first dnsname
os = host.getChild('os')
if os and discoverOsName:
osClass = os.getChild('osclass')
if not osClass:
osMatch = os.getChild('osmatch')
osClass = osMatch.getChild('osclass')
if osClass:
osType = osClass.getAttributeValue("type")
osFamily = osClass.getAttributeValue("osfamily")
osVendor = osClass.getAttributeValue("vendor")
hostClass = getHostClass(osType, osFamily)
if not hostClass:
Framework.reportWarning(
"Unknown OS detected. Vendor '%s', family '%s'" %
(osVendor, osFamily))
hostClass = "host"
hostOsh = modeling.createHostOSH(ip, hostClass)
hostOsh.setAttribute("host_vendor", osVendor)
osMatch = os.getChild('osmatch')
if osMatch:
separateCaption(hostOsh,
osMatch.getAttributeValue("name"))
hostOsh.setAttribute(
"host_osaccuracy",
osMatch.getAttributeValue("accuracy") + '%')
if not hostOsh:
hostOsh = modeling.createHostOSH(ip)
ipOsh = modeling.createIpOSH(ip, dnsname=hostname)
OSHVResult.add(ipOsh)
OSHVResult.add(finalizeHostOsh(hostOsh))
OSHVResult.add(modeling.createLinkOSH('contained', hostOsh, ipOsh))
for mac in macs:
if netutils.isValidMac(mac):
interfaceOsh = modeling.createInterfaceOSH(mac, hostOsh)
OSHVResult.add(interfaceOsh)
OSHVResult.add(
modeling.createLinkOSH('containment', interfaceOsh,
ipOsh))
applicationList = []
if not host.getChild('ports'):
return
ports = XmlWrapper(host.getChild('ports').getChildren('port'))
for port in ports:
portNumber = port.getAttributeValue('portid')
protocol = port.getAttributeValue('protocol')
serviceName = None
if doServiceFingerprints:
if port.getChild("state").getAttributeValue("state").find(
'open') == -1:
continue
serviceNode = port.getChild("service")
if serviceNode:
serviceName = serviceNode.getAttributeValue("name")
serviceProduct = serviceNode.getAttributeValue(
"product")
serviceVersion = serviceNode.getAttributeValue(
"version")
if createApp and serviceProduct and serviceProduct not in applicationList:
addApplicationCI(ip, hostOsh, serviceProduct,
serviceVersion, OSHVResult)
applicationList.append(serviceProduct)
addServiceAddressOsh(hostOsh, OSHVResult, ip, portNumber,
protocol, serviceName)
def processNmapResult(fileName, OSHVResult, discoverOsName, doServiceFingerprints, createApp, Framework):
try:
document = SAXBuilder(0).build(fileName)
except:
raise ValueError, "Can't parse XML document with nmap results. Skipped."
hosts = XmlWrapper(document.getRootElement().getChildren('host'))
for host in hosts:
hostOsh = None
ip = None
macs = []
addresses = XmlWrapper(host.getChildren('address'))
for address in addresses:
type = address.getAttributeValue('addrtype')
addr = address.getAttributeValue('addr')
if type == 'ipv4':
ip = addr
elif type == 'mac':
macs.append(addr)
hostnames = host.getChild('hostnames')
if (hostnames is not None) and netutils.isValidIp(ip):
hostnames = map(lambda elem: elem.getAttributeValue('name'), XmlWrapper(hostnames.getChildren('hostname')))
hostname = hostnames and hostnames[0] or None #using only first dnsname
os = host.getChild('os')
if os and discoverOsName:
osClass = os.getChild('osclass')
if not osClass:
osMatch = os.getChild('osmatch')
osClass = osMatch.getChild('osclass')
if osClass:
osType = osClass.getAttributeValue("type")
osFamily = osClass.getAttributeValue("osfamily")
osVendor = osClass.getAttributeValue("vendor")
hostClass = getHostClass(osType, osFamily)
if not hostClass:
Framework.reportWarning("Unknown OS detected. Vendor '%s', family '%s'" % (osVendor, osFamily))
hostClass = "host"
hostOsh = modeling.createHostOSH(ip, hostClass)
hostOsh.setAttribute("host_vendor", osVendor)
osMatch = os.getChild('osmatch')
if osMatch:
separateCaption(hostOsh, osMatch.getAttributeValue("name"))
hostOsh.setAttribute("host_osaccuracy", osMatch.getAttributeValue("accuracy") + '%')
if not hostOsh:
hostOsh = modeling.createHostOSH(ip)
ipOsh = modeling.createIpOSH(ip, dnsname=hostname)
OSHVResult.add(ipOsh)
OSHVResult.add(finalizeHostOsh(hostOsh))
OSHVResult.add(modeling.createLinkOSH('contained', hostOsh, ipOsh))
for mac in macs:
if netutils.isValidMac(mac):
interfaceOsh = modeling.createInterfaceOSH(mac, hostOsh)
OSHVResult.add(interfaceOsh)
OSHVResult.add(modeling.createLinkOSH('containment', interfaceOsh, ipOsh))
applicationList = []
if not host.getChild('ports'):
return
ports = XmlWrapper(host.getChild('ports').getChildren('port'))
for port in ports:
portNumber = port.getAttributeValue('portid')
protocol = port.getAttributeValue('protocol')
serviceName = None
if doServiceFingerprints:
if port.getChild("state").getAttributeValue("state").find('open') == -1:
continue
serviceNode = port.getChild("service")
if serviceNode:
serviceName = serviceNode.getAttributeValue("name")
serviceProduct = serviceNode.getAttributeValue("product")
serviceVersion = serviceNode.getAttributeValue("version")
if createApp and serviceProduct and serviceProduct not in applicationList:
addApplicationCI(ip,hostOsh,serviceProduct,serviceVersion, OSHVResult)
applicationList.append(serviceProduct)
addServiceAddressOsh(hostOsh, OSHVResult, ip, portNumber, protocol, serviceName)
