Пример #1
0
def main():
    """
    Main method to control the program flow
    """
    # set runtime name
    Vault.set_runtime_name(Util.datetime_to_string())

    # create runtime directory
    mkdir(f"{SESSION_CACHE_PATH}/{Vault.get_runtime_name()}")

    # set up threading
    Thread.set_interrupt(False)
    event = threading.Event()

    # start threads
    manager_thread = manager(event)
    Escapy.async_sniff(custom_action)

    # menu
    info_data = [
        f"{RED}Sniffer is running but not saving anything locally{RESET}",
        f"{GREEN}Sniffer is running saving packets locally{RESET}"
    ]
    option = [
        "Type \"start\" to start saving: ", "Type \"stop\" to stop saving: "
    ]

    while True:
        print(info_data[0 if not Vault.get_saving() else 1], end="\n")
        print(
            f"Dashboard: {YELLOW}http://127.0.0.1:8000{RESET} | \'q\' to stop")
        user_input = input(option[0 if not Vault.get_saving() else 1])
        if not Vault.get_saving() and user_input == "start":
            Util.start_saving()

        elif Vault.get_saving() and user_input == "stop":
            Util.stop_saving()

        elif user_input == "q":
            break

        else:
            print(f"{YELLOW}Invalid option{RESET}", end="\n\n")

    # SAVE TO FILE IF PROGRAM ENDED AND SAVING IS TRUE
    if Vault.get_saving():
        Util.stop_saving()

    # interrupt threads
    Thread.set_interrupt(True)
    event.set()
    Escapy.stop()

    # wait for threads to complete
    manager_thread.join()
Пример #2
0
def index():
    ''' If method == GET , returns HTML Page 
        If method == POST, returns data for protocl piechart
    '''
    if request.method != "POST":
        return render_template("index.html", status=Vault.get_saving())

    global COMMON_PROTOCOLS
    protocol_dict = {}

    for header in Vault.get_session_headers():
        if 'TCP' in header or 'UDP' in header:
            header_list = header[4:].replace('_', '-').split('-')
            if header_list[1] in COMMON_PROTOCOLS or header_list[
                    3] in COMMON_PROTOCOLS:
                try:
                    prot = COMMON_PROTOCOLS[header_list[1]]
                except Exception:
                    prot = COMMON_PROTOCOLS[header_list[3]]
                protocol_dict[prot] = protocol_dict[
                    prot] + 1 if prot in protocol_dict else 1
            else:
                protocol_dict["Other"] = protocol_dict[
                    "Other"] + 1 if "Other" in protocol_dict else 1

        else:
            protocol_dict["Other"] = protocol_dict[
                "Other"] + 1 if "Other" in protocol_dict else 1
    return jsonify(protocol_dict)
Пример #3
0
def view_arp():
    '''returns arp page'''
    arp_sessions = [
        session for session in Vault.get_session_headers() if 'ARP' in session
    ]
    return render_template("viewarp.html",
                           arp_sessions=arp_sessions,
                           status=Vault.get_saving())
Пример #4
0
def view_udp():
    '''returns UDP stream page'''
    udp_sessions = get_formatted_header('UDP')
    payload = None
    return render_template("viewudp.html",
                           udp_sessions=udp_sessions,
                           payload=payload,
                           status=Vault.get_saving())
Пример #5
0
def view_tcp():
    '''returns TCP stream page'''
    tcp_sessions = get_formatted_header('TCP')
    payload = None
    return render_template("viewtcp.html",
                           tcp_sessions=tcp_sessions,
                           payload=payload,
                           status=Vault.get_saving())
Пример #6
0
def logs():
    ''' If method == GET , returns logs page
        If method == POST, returns content of selected rule file
    '''
    if request.method == "POST":
        message = Util.tail(LOG_FILE, 20)
        return message

    return render_template("logs.html", status=Vault.get_saving())
Пример #7
0
def savefile():
    ''' returns viewfile page with all the saved files '''
    pcap_files = [
        f for f in listdir(CAP_PATH) if isfile(join(CAP_PATH, f))
        if f[-4:] == ".cap"
    ]

    carved_files = [
        f for f in listdir(CARVED_DIR) if isfile(join(CARVED_DIR, f))
    ]
    return render_template("viewfile.html",
                           pcap_files=pcap_files,
                           carved_files=carved_files,
                           status=Vault.get_saving())
Пример #8
0
def add_rule():
    ''' If method == GET , returns addrule page
        If method == POST, creates yara rule , and return back to page
    '''
    if request.method == "POST":
        filename = request.form["filename"]
        author = request.form["author"]
        rule_name = request.form["rulename"]
        tag = request.form["tag"]
        description = request.form["description"]
        strings = request.form["strings"]
        condition = request.form["condition"]

        # save to yara config
        Rule.create_rule(filename, author, rule_name, tag, description,
                         strings, condition)
        return redirect(request.url)
    return render_template("addrule.html", status=Vault.get_saving())
Пример #9
0
def network():
    ''' If method == GET , returns network mapping page 
        If method == POST, returns mapping_dict,ip_list,mal_list for network mapping
    '''
    if request.method == "POST":
        mal_list = []
        mapping, ip_list = Vault.get_mapping()
        flagged_dict = Vault.get_flagged()
        for _, obj in flagged_dict.items():
            if 'endpoint' in obj.identifier:
                for match in obj.strings:
                    mal_list.append(match[2].decode('utf-8'))

        return jsonify(mapping, ip_list, mal_list)

    return render_template("network.html",
                           status=Vault.get_saving(),
                           data=Vault.get_mapping())
Пример #10
0
def flagged():
    ''' If method == GET , returns flagged page
        If method == POST, returns payload of flagged packet
    '''
    if request.method == "POST":
        key = request.json["data"].strip()
        flagged_dict = Vault.get_flagged()

        flagged_obj = flagged_dict[key]
        if flagged_obj.identifier == "payload":
            return flagged_obj.payload

        strings_list = []
        for i in range(len(flagged_obj.strings)):
            strings_list.append(
                (flagged_obj.strings[i][0], flagged_obj.strings[i][0],
                 flagged_obj.strings[i][2].decode('utf-8')))

        return jsonify(strings_list)
    return render_template("flagged.html",
                           flagged_packets=Vault.get_flagged(),
                           status=Vault.get_saving())
Пример #11
0
def yara_rules():
    ''' If method == GET , returns rule page
        If method == POST, returns content of selected rule file
    '''
    threat_rules = YaraFiles.get_threat_rules()
    mal_rules = YaraFiles.get_mal_rules()
    custom_rules = YaraFiles.get_custom_rules()

    if request.method == "POST":
        file_name = request.data.decode('utf-8')
        if file_name in threat_rules:
            return threat_rules[file_name]
        elif file_name in mal_rules:
            return mal_rules[file_name]
        elif file_name in custom_rules:
            return custom_rules[file_name]

        return "Yara File Not Found"

    return render_template("viewrules.html",
                           threat_rules=threat_rules.keys(),
                           mal_rules=mal_rules.keys(),
                           custom_rules=custom_rules.keys(),
                           status=Vault.get_saving())