def dotransform(request, response, config): msg = "Workspace Configuration" title = "Workspace Confguration" fieldNames = ["Workspace Name", "Company Name", "Domain", "Radius"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) while 1: if fieldValues is None: break errmsg = "" for i in range(len(fieldNames)): if fieldValues[i].strip() == "": errmsg += ('"%s" is a required field.\n\n' % fieldNames[i]) if errmsg == "": break # no problems found fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues) create_workspace(fieldValues[0]) set_domain(fieldValues[0], fieldValues[2]) set_company(fieldValues[0], fieldValues[1]) set_radius(fieldValues[0], fieldValues[3]) e = Workspace(fieldValues[0], cname=fieldValues[1], domain=fieldValues[2]) response += e return response
def dotransform(request, response, config): if 'workspace' in request.fields: workspace = request.fields['workspace'] latitude = request.fields['latitude'] longitude = request.fields['longitude'] else: workspace = request.value msg = "Enter Latitude and Longitude" title = "Coordinates to Query for Pushpin" fieldNames = ["Latitude", "Longitude"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) while 1: if fieldValues is None: break errmsg = "" for i in range(len(fieldNames)): if fieldValues[i].strip() == "": errmsg += ('"%s" is a required field.\n\n' % fieldNames[i]) if errmsg == "": break # no problems found fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues) latitude = fieldValues[0] longitude = fieldValues[1] run_pushpin(workspace, latitude, longitude) dbcon = db_connect(request.value) pushpin_list = get_pushpin(dbcon) for pin in pushpin_list: if 'Twitter' == pin[0]: e = TwitterPin(pin[0]) e += Field("workspace", workspace, displayname='Workspace') response += e elif 'Shodan' == pin[0]: e = ShodanPin(pin[0]) e += Field("workspace", workspace, displayname='Workspace') response += e elif 'Picasa' == pin[0]: e = PicasaPin(pin[0]) e += Field("workspace", workspace, displayname='Workspace') response += e elif 'Flickr' == pin[0]: e = FlickrPin(pin[0]) e += Field("workspace", workspace, displayname='Workspace') response += e return response
def dotransform(request, response, config): msg = 'Enter Search Criteria' title = 'Kippo search for sessions by IP' fieldNames = ["IP"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) if fieldValues[0] != '': s_ip = fieldValues[0] else: return response + UIMessage('You need to type an IP address!!') host = request.value x = db_connect(host) try: cursor = x.cursor() query = ("select * from sessions where ip like %s") cursor.execute(query, (s_ip,)) for (id, starttime, endtime, sensor, ip, termsize, client) in cursor: e = KippoSession('%s' %(id)) e.starttime = ('%s' %(starttime)) e.endtime = ('%s' %(endtime)) e.sensor = ('%s' %(sensor)) e.ipaddr = ('%s' %(ip)) e.termsize = ('%s' %(termsize)) e.client = ('%s' %(client)) e += Field('kippoip', host, displayname='Kippo IP') response += e return response except: return response + UIMessage(x)
def dotransform(request, response): pcap = request.value folder = request.fields["sniffMyPackets.outputfld"] msg = "Enter the new protocol type & port" title = "L0 - Decode As [SmP]" fieldNames = ["Port", "Traffic Type", "Protocol"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) d_port = fieldValues[0] d_type = fieldValues[1] d_proto = fieldValues[2] # Create lua script template for user defined decode as lua = [] lua.append("do \n") lua.append("\tlocal " + d_proto + '_dissector_table=DissectorTable.get("' + d_proto + '.port")\n') lua.append("\tlocal " + d_type + "_dissector=" + d_proto + "_dissector_table:get_dissector(" + d_port + ")\n") lua.append("\t" + d_proto + "_dissector_table:add(" + d_port + "," + d_type + "_dissector)\n") lua.append("end") lau_out = "".join(lua) # Write lua script to file for later use. lua_file = folder + "/decodes.lua" f = open(lua_file, "w") f.write(lau_out) f.close e = DecodeAs(lua_file) e += Field("pcapsrc", request.value, displayname="Original pcap File", matchingrule="loose") e += Field("sniffMyPackets.outputfld", folder, displayname="Folder Location") response += e return response
def dotransform(request, response): msg = "Enter Search Criteria" title = "Kippo search for sessions by IP" fieldNames = ["IP"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) if fieldValues[0] != "": s_ip = fieldValues[0] else: return response + UIMessage("You need to type an IP address!!") host = request.fields["kippodatabase"] x = db_connect(host) try: cursor = x.cursor() query = "select * from sessions where ip like %s" cursor.execute(query, (s_ip,)) for (id, starttime, endtime, sensor, ip, termsize, client) in cursor: e = KippoSession("%s" % (id)) e.starttime = "%s" % (starttime) e.endtime = "%s" % (endtime) e.sensor = "%s" % (sensor) e.ipaddr = "%s" % (ip) e.termsize = "%s" % (termsize) e.client = "%s" % (client) e += Field("kippodatabase", host, displayname="Kippo Database") response += e return response except Exception as e: return response + UIMessage(str(e))
def dotransform(request, response, config): msg = 'Enter Search Criteria' title = 'Kippo search for sessions by IP' fieldNames = ["IP"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) if fieldValues[0] != '': s_ip = fieldValues[0] else: return response + UIMessage('You need to type an IP address!!') host = request.value x = db_connect(host) try: cursor = x.cursor() query = ("select * from sessions where ip like %s") cursor.execute(query, (s_ip, )) for (id, starttime, endtime, sensor, ip, termsize, client) in cursor: e = KippoSession('%s' % (id)) e.starttime = ('%s' % (starttime)) e.endtime = ('%s' % (endtime)) e.sensor = ('%s' % (sensor)) e.ipaddr = ('%s' % (ip)) e.termsize = ('%s' % (termsize)) e.client = ('%s' % (client)) e += Field('kippoip', host, displayname='Kippo IP') response += e return response except: return response + UIMessage(x)
def dotransform(request, response): interface = request.fields['sniffMyPackets.interface'] tmpfolder = request.value tstamp = int(time()) fileName = tmpfolder + '/' +str(tstamp)+ '-filtered.pcap' if 'sniffMyPackets.count' in request.fields: pktcount = int(request.fields['sniffMyPackets.count']) else: pktcount = 300 msg = 'Enter bpf filter' title = 'L0 - Capture Packets with BPF [SmP]' fieldNames = ["Filter"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) bpf_filter = fieldValues[0] pkts = sniff(iface=interface, count=pktcount, filter=bpf_filter) wrpcap(fileName, pkts) e = pcapFile(fileName) e.outputfld = tmpfolder response += e return response
def dotransform(request, response): interface = request.fields['sniffMyPackets.interface'] tmpfolder = request.value tstamp = int(time()) fileName = tmpfolder + '/' + str(tstamp) + '-filtered.pcap' if 'sniffMyPackets.count' in request.fields: pktcount = int(request.fields['sniffMyPackets.count']) else: pktcount = 300 msg = 'Enter bpf filter' title = 'L0 - Capture Packets with BPF [SmP]' fieldNames = ["Filter"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) bpf_filter = fieldValues[0] pkts = sniff(iface=interface, count=pktcount, filter=bpf_filter) wrpcap(fileName, pkts) e = pcapFile(fileName) e.outputfld = tmpfolder response += e return response
def dotransform(request, response): msg = 'Enter Start & End Date' title = 'Kippo search for sessions by date range' fieldNames = ["Start Date", "End Date"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) if fieldValues[0] or fieldValues[1] != '': s_date = datetime.strptime(fieldValues[0], '%Y-%m-%d') e_date = datetime.strptime(fieldValues[1], '%Y-%m-%d') else: return response + UIMessage('Specify a start & end date') host = request.fields['kippodatabase'] x = db_connect(host) try: cursor = x.cursor() query = "select * from sessions where starttime between %s and %s" cursor.execute(query, (s_date,e_date)) for (id, starttime, endtime, sensor, ip, termsize, client) in cursor: e = KippoSession('%s' %(id)) e.starttime = ('%s' %(starttime)) e.endtime = ('%s' %(endtime)) e.sensor = ('%s' %(sensor)) e.ipaddr = ('%s' %(ip)) e.termsize = ('%s' %(termsize)) e.client = ('%s' %(client)) e += Field('kippodatabase', host, displayname='Kippo Databse') response += e return response except Exception as e: return response + UIMessage(str(e))
def dotransform(request, response, config): workspace = request.value contacts_gather(workspace) contacts_enum(workspace) msg = "Contact Mangle to Create Email addresses enter <fn>.<ln>, etc" title = "Mangle Contacts to Emails" fieldNames = ["Pattern"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) while 1: if fieldValues is None: break errmsg = "" for i in range(len(fieldNames)): if fieldValues[i].strip() == "": errmsg += ('"%s" is a required field.\n\n' % fieldNames[i]) if errmsg == "": break # no problems found fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues) contacts_mangle(workspace, fieldValues[0]) dbcon = db_connect(workspace) contact_list = get_contacts(dbcon) for fullname in contact_list: if fullname[0] is None or fullname[1] is None: pass else: e = Person(fullname[0] + ' ' + fullname[1]) e += Field("workspace", workspace, displayname='Workspace') e += Field("fname", fullname[0], displayname='First Name') e += Field("lname", fullname[1], displayname='Last Name') e += Field("title", fullname[3], displayname='Title') e += Field("location", str(fullname[4]) + ', ' + str(fullname[5]), displayname='Location') e += Label("Title", fullname[3]) e += Label("Location", str(fullname[4]) + ', ' + str(fullname[5])) response += e return response
def dotransform(request, response, config): workspace = request.value contacts_gather(workspace) contacts_enum(workspace) msg = "Contact Mangle to Create Email addresses enter <fn>.<ln>, etc" title = "Mangle Contacts to Emails" fieldNames = ["Pattern"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) while 1: if fieldValues is None: break errmsg = "" for i in range(len(fieldNames)): if fieldValues[i].strip() == "": errmsg += '"%s" is a required field.\n\n' % fieldNames[i] if errmsg == "": break # no problems found fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues) contacts_mangle(workspace, fieldValues[0]) dbcon = db_connect(workspace) contact_list = get_contacts(dbcon) for fullname in contact_list: if fullname[0] is None or fullname[1] is None: pass else: e = Person(fullname[0] + " " + fullname[1]) e += Field("workspace", workspace, displayname="Workspace") e += Field("fname", fullname[0], displayname="First Name") e += Field("lname", fullname[1], displayname="Last Name") e += Field("title", fullname[3], displayname="Title") e += Field("location", str(fullname[4]) + ", " + str(fullname[5]), displayname="Location") e += Label("Title", fullname[3]) e += Label("Location", str(fullname[4]) + ", " + str(fullname[5])) response += e return response
def dotransform(request, response): folder = '' try: if 'sniffMyPackets.outputfld' in request.fields: folder = request.fields['sniffMyPackets.outputfld'] else: folder = request.value except: return response + UIMessage('No folder created or specified') file_list = [] hash_list = [] msg = 'Enter output file' title = 'L0 - Hash all the files [SmP]' fieldNames = ["File Name"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) hash_file = fieldValues[0] for path, subdirs, files in os.walk(folder): for name in files: fname = name fpath = os.path.join(path, name) if fpath not in file_list: file_list.append(fpath) i = len(folder) + 1 for s in file_list: fh = open(s, 'r') sha1hash = hashlib.sha1(fh.read()).hexdigest() fh = open(s, 'r') md5hash = hashlib.md5(fh.read()).hexdigest() fhash = s[i:] + ' ' + str(sha1hash) + ' ' + str(md5hash) if fhash not in hash_list: hash_list.append(fhash) f = open(hash_file, 'w') f.write("\n".join(hash_list)) f.close() e = GenericFile(hash_file) e.linklabel = 'Hash File' e += Field('sniffMyPackets.outputfld', folder, displayname='Folder Location') response += e return response
def dotransform(request, response): pcap = request.value pkts = rdpcap(pcap) folder = request.fields['sniffMyPackets.outputfld'] new_file = folder + '/replay-' + request.value[42:] msg = 'Enter the new IPs to rewrite the pcap file with' title = 'L0 - Rewrite pcap file for replay [SmP]' fieldNames = ["New Source IP", "New Destination IP"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) new_src = fieldValues[0] new_dst = fieldValues[1] old_src = pkts[0][IP].src old_dst = pkts[0][IP].dst for p in pkts: del p[IP].chksum del p[TCP].chksum for p in pkts: if p.haslayer(IP): if p[IP].src == old_src: p[IP].src = new_src p[IP].dst = new_dst if p[IP].dst == old_src: p[IP].src = new_dst p[IP].dst = new_src wrpcap(new_file, pkts) e = pcapFile(new_file) e.linklabel = 'New pcap\nsrc:' + str(new_src) + '\ndst:' + str(new_dst) e.linkcolor = 0x33CC33 e.outputfld = folder e += Field('pcapsrc', request.value, displayname='Original pcap File', matchingrule='loose') response += e return response
def login(): client = None if not path.exists(cookie('facebook')): for i in range(0, 3): token = multenterbox("Enter a valid Facebook access token", ['Access Token'], [''])[0] try: client = GraphAPI(token) client.request('me') fmutex('facebook').write(token) return client except GraphAPIError, e: print str(e) pass raise GraphAPIError('Unable to query GraphAPI')
def dotransform(request, response): pcap = request.value folder = request.fields['sniffMyPackets.outputfld'] msg = 'Enter the new protocol type & port' title = 'L0 - Decode As [SmP]' fieldNames = ["Port", "Traffic Type", "Protocol"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) d_port = fieldValues[0] d_type = fieldValues[1] d_proto = fieldValues[2] # Create lua script template for user defined decode as lua = [] lua.append('do \n') lua.append('\tlocal ' + d_proto + '_dissector_table=DissectorTable.get("' + d_proto + '.port")\n') lua.append('\tlocal ' + d_type + '_dissector=' + d_proto + '_dissector_table:get_dissector(' + d_port + ')\n') lua.append('\t' + d_proto + '_dissector_table:add(' + d_port + ',' + d_type + '_dissector)\n') lua.append('end') lau_out = ''.join(lua) # Write lua script to file for later use. lua_file = folder + '/decodes.lua' f = open(lua_file, 'w') f.write(lau_out) f.close e = DecodeAs(lua_file) e += Field('pcapsrc', request.value, displayname='Original pcap File', matchingrule='loose') e += Field('sniffMyPackets.outputfld', folder, displayname='Folder Location') response += e return response
def dotransform(request, response): db_file = request.value msg = 'Enter output filename (including path)' title = 'Watcher - Zip database' fieldNames = ["File Name"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) save_file = fieldValues[0] zip_out = zipfile.ZipFile(save_file, 'w') zip_out.write(db_file) zip_out.close() e = ZipFile(save_file) response += e return response
def dotransform(request, response): folder = '' try: if 'sniffMyPackets.outputfld' in request.fields: folder = request.fields['sniffMyPackets.outputfld'] else: folder = request.value except: return response + UIMessage('No folder created or specified') msg = 'Enter output filename (including path)' title = 'L0 - Zip pcap folder [SmP]' fieldNames = ["File Name"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) save_file = fieldValues[0] def zipdir(path, zip): for root, dirs, files in os.walk(path): for file in files: zip.write(os.path.join(root, file)) myzip = zipfile.ZipFile(save_file, 'w') zipdir(folder, myzip) myzip.close() fh = open(save_file, 'rb') sha1hash = hashlib.sha1(fh.read()).hexdigest() fh = open(save_file, 'rb') md5hash = hashlib.md5(fh.read()).hexdigest() e = ZipFile(save_file) e.zipmd5hash = md5hash e.zipsha1hash = sha1hash e.linklabel = 'Zip File' e += Field('outputfld', folder, displayname='Folder Location') response += e return response
def dotransform(request, response): db_file = request.value msg = 'Enter output filename (including path)' title = 'Watcher - Export Database to CSV' fieldNames = ["File Name"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) save_file = fieldValues[0] conn = sqlite3.connect(db_file) cursor = conn.cursor() cursor.execute("select * from ssid;") csv_writer = csv.writer(open(save_file, 'wt')) csv_writer.writerow([i[0] for i in cursor.description]) csv_writer.writerows(cursor) del csv_writer e = CSVFile(save_file) response += e return response
def dotransform(request, response): db_file = request.value msg = "Enter output filename (including path)" title = "Watcher - Export Database to CSV" fieldNames = ["File Name"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) save_file = fieldValues[0] conn = sqlite3.connect(db_file) cursor = conn.cursor() cursor.execute("select * from ssid;") csv_writer = csv.writer(open(save_file, "wt")) csv_writer.writerow([i[0] for i in cursor.description]) csv_writer.writerows(cursor) del csv_writer e = CSVFile(save_file) response += e return response
def dotransform(request, response): pcap = request.value pkts = rdpcap(pcap) r_pkts = [] folder = request.fields['sniffMyPackets.outputfld'] tstamp = int(time()) new_file = folder + '/search-results-' + str(tstamp) + '.pcap' msg = 'Enter Search Criteria' title = 'L0 - Simple pcap search [SmP]' fieldNames = ["Source", "Destination", "Port", "Free Text"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) s_ip = fieldValues[0] if s_ip == '': s_ip = None d_ip = fieldValues[1] if d_ip == '': d_ip = None port = fieldValues[2] if port == '': port = None text = fieldValues[3] if text == '': text = None if s_ip or d_ip is not None: for p in pkts: if p.haslayer(IP): if p[IP].src == s_ip and not None: r_pkts.append(p) if p[IP].dst == d_ip and not None: r_pkts.append(p) if port is not None: for p in pkts: if p.haslayer(TCP): if int(port) == p[TCP].sport and not None: r_pkts.append(p) if int(port) == p[TCP].dport and not None: r_pkts.append(p) if text is not None: for p in pkts: if p.haslayer(Raw): if text in p[Raw].load and not None: r_pkts.append(p) if len(r_pkts) > 0: wrpcap(new_file, r_pkts) else: return response + UIMessage('Sorry no packets found!!') pktcount = len(r_pkts) e = pcapFile(new_file) e.outputfld = folder e += Field('pcapsrc', request.value, displayname='Original pcap File', matchingrule='loose') e += Field('pktcnt', pktcount, displayname='Number of packets', matchingrule='loose') e.linklabel = 'Search Results' response += e return response
def do_transform(self, request, response, config): ip_entity = request.entity # Test for properties -------------------------------------------// try: test = ip_entity['id'] if ip_entity['id'] is not None: title = "Confirmation" msg = """This IPv4Address is already bound to a Metasploit Host. \n Do you really want to change the concerned properties ?""" confirm = gui.choicebox(title=title, msg=msg, choices=['Yes', 'No']) if confirm == 'No': return response except KeyError: pass # Select Workspaces & Hosts -------------------------------------// url = config['EffectiveCouscous.local.baseurl'] + 'workspaces' workspaces = apitools.get_json_dict(url, config) title = "Workspace Choice" msg = "Please choose a workspace for Host selection" ws_names = [workspace['name'] for workspace in workspaces] choice = gui.choicebox(title=title, msg=msg, choices=(ws_names)) # Select Hosts url = config['EffectiveCouscous.local.baseurl'] + 'hosts' params = (('workspace', '{0}'.format(choice)), ) hosts = apitools.get_json_dict(url, config, params=params) title = "Host Choice" msg = "Choose a Metasploit Host to associate with this IPv4Address" host_infos = [] host_names = [] for host in hosts: info = '{0} {1}'.format(host['address'], host['name']) host_infos.append(info) host_names.append(host['name']) host_infos.append("Add Host") raw_choice = gui.choicebox(title=title, msg=msg, choices=(host_infos)) host = {} if "Add Host" in raw_choice: host['name'] = "Add Host" else: for h in hosts: if h['address'] in raw_choice: host = h # If existing host ---------------------------------------------// if host['name'] != "Add Host": ip_entity['ipv4-address'] = host['address'] ip_entity.host_id = host['id'] ip_entity.workspace_id = host['workspace_id'] ip_entity.icon_url = network_interface ip_entity.origin_tool = 'Metasploit' response + ip_entity # If New Host --------------------------------------------------// if host['name'] == 'Add Host': url = config['EffectiveCouscous.local.baseurl'] + 'hosts' title = "New Host" msg = """Enter Host properties for creating a Host in Metasploit""" field_names = [ "Address", "MAC", "Host Name", "OS Name", "OS Flavor", 'OS SP', 'OS Language', 'Purpose', 'Info', 'Comments', 'Scope', 'Virtual Host', 'Architecture', 'State' ] field_values = [] field_values = gui.multenterbox(title=title, msg=msg, fields=field_names, values=field_values) while 1: if field_values == None: break errmsg = "" for i in range(len(field_names)): if field_values[i].strip() == "": errmsg += ('"%s" is a required field.\n\n' % field_names[i]) if errmsg == "": break field_values = gui.multenterbox(errmsg, field_values, fields=field_names) # Post Host dict = {} dict['workspace'] = choice dict['host'] = field_values[0] dict['mac'] = field_values[1] dict['name'] = field_values[2] dict['os_name'] = field_values[3] dict['os_flavor'] = field_values[4] dict['os_sp'] = field_values[5] dict['os_lang'] = field_values[6] dict['purpose'] = field_values[7] dict['info'] = field_values[8] dict['comments'] = field_values[9] dict['scope'] = field_values[10] dict['virtual_host'] = field_values[11] dict['arch'] = field_values[12] dict['state'] = field_values[13] data = json.dumps(dict) post = apitools.post_json(url, data, config) # Fetch attributes of new Host host_dict = post.json()['data'] ip_entity['ipv4-address'] = host_dict['address'] ip_entity.host_id = host_dict['id'] ip_entity.workspace_id = host_dict['workspace_id'] ip_entity.icon_url = network_interface ip_entity.origin_tool = 'Metasploit' response + ip_entity return response
def do_transform(self, request, response, config): service_entity = request.entity # Select workspace & Service --------------------------------------// url = config['EffectiveCouscous.local.baseurl'] + 'workspaces' workspaces = apitools.get_json_dict(url, config) title = "Workspace Choice" msg = """Choose a Metasploit Workspace for Service selection""" ws_names = [workspace['name'] for workspace in workspaces] ws_choice = gui.choicebox(title=title, msg=msg, choices=(ws_names)) # Select Service -------------------------------------------------// service_url = config['EffectiveCouscous.local.baseurl'] + 'services' params = (('workspace', '{0}'.format(ws_choice)), ) services = apitools.get_json_dict(service_url, config, params=params) title = "Service Choice" msg = """Choose a Metasploit Service to associate with this Service""" service_names = [] service_infos = [] for service in services: info = '%s %s %s' % (service['host']['address'], service['port'], service['info']) service_infos.append(info) service_names.append(service['info']) service_infos.append("Add Service") raw_choice = gui.choicebox(title=title, msg=msg, choices=(service_infos)) service = {} if "Add Service" in raw_choice: service['info'] = "Add Service" else: for s in services: if (s['info'] in raw_choice) and (str(s['port']) in raw_choice): service = s # If existing Service --------------------------------------// if service['info'] != "Add Service": msf_service = getServiceEntity(service['name'], service['info']) if service['info'] == '': msf_service.info = '-' else: msf_service.info = service['info'] if service['name'] == '': msf_service.name = '-' else: msf_service.name = service['name'] if service['proto'] == '': msf_service.proto = '-' else: msf_service.proto = service['proto'] if service['port'] == '': msf_service.port = '-' else: msf_service.port = service['port'] if service['host']['id'] is None: msf_service.host_id = '-' else: msf_service.host_id = service['host']['id'] if service['id'] == '': msf_service.id = '-' else: msf_service.service_id = service['id'] if service['host']['workspace_id'] == '': msf_service.workspaceid = '-' else: msf_service.workspace_id = service['host']['workspace_id'] msf_service.display = "{port}:{proto}/{name}".format( port=service['port'], proto=service['proto'], name=service['name']) msf_service.state = service['state'] msf_service.created_at = service['created_at'] msf_service.updated_at = service['updated_at'] response += msf_service # If new Service -------------------------------------------------// if service['info'] == "Add Service": title = "New Service" msg = "Add properties to create a Service in Metasploit" field_names = [ 'Workspace', 'Host IP', 'Port number', 'Protocol', 'Service Name', 'Text (Info)', 'State' ] field_values = [] field_values = gui.multenterbox(msg, fields=field_names) while 1: if field_values == None: break errmsg = "" for i in range(len(field_names)): if field_values[i].strip() == "": errmsg += ('"%s" is a required field.\n\n' % field_names[i]) if errmsg == "": break field_values = gui.multenterbox(errmsg, field_values, fields=field_names) # Create Service in Metasploit dict = {} dict['workspace'] = field_values[0] dict['host'] = field_values[1] dict['port'] = field_values[2] dict['proto'] = field_values[3] dict['name'] = field_values[4] dict['info'] = field_values[5] dict['state'] = field_values[6] data = json.dumps(dict) post = apitools.post_json(service_url, data) # Fetch new Service in Metasploit new = post.json()['data'] msf_service = getServiceEntity(service['name'], service['info']) msf_service.info = new['info'] msf_service.name = new['name'] msf_service.proto = new['proto'] msf_service.host_id = new['host']['id'] msf_service.id = new['id'] msf_service.workspace_id = new['host']['workspace_id'] msf_service.display = "{port}:{proto}/{name}".format( port=new['port'], proto=new['proto'], name=new['name']) msf_service.state = new['state'] msf_service.created_at = new['created_at'] msf_service.updated_at = new['updated_at'] response += msf_service return response
def dotransform(request, response): # pcap file pulled from Maltego pcap = request.value usedb = config['working/usedb'] # Check to see if we are using the database or not if usedb == 0: return response + UIMessage('You have chosen not to use a database') else: pass # Connect to the database so we can insert the record created below x = mongo_connect() c = x['INDEX'] # Check the file exists first (so we don't add crap to the database try: open(pcap) except IOError: return response + UIMessage('The file doesn\'t exist') # Check the pcap file is in the correct format (not pcap-ng) try: f_format = check_pcap(pcap) if 'BAD' in f_format: return response + UIMessage( 'File format is pcap-ng, not supported by sniffMyPackets, please convert.' ) except Exception as e: return response + UIMessage(str(e)) # Hash the pcap file try: md5hash = md5_for_file(pcap) sha1hash = sha1_for_file(pcap) except Exception as e: return response + UIMessage(str(e)) # Get the file size try: filesize = check_size(pcap) except Exception as e: return response + UIMessage(str(e)) # Check the pcap file doesn't exist in the database already (based on MD5 hash) try: s = x.INDEX.find({"MD5 Hash": md5hash}).count() if s > 0: r = x.INDEX.find({"MD5 Hash": md5hash}, {"PCAP ID": 1, "_id": 0}) for i in r: e = SessionID(i['PCAP ID']) e += Field('sniffmypacketsv2.pcapfile', pcap, displayname='PCAP File') response += e return response else: pass except Exception as e: return response + UIMessage(str(e)) # Popup message box for entering comments about the pcap file msg = 'Enter Comments' title = 'Comments' field_names = ["Comments"] field_values = [] field_values = multenterbox(msg, title, field_names) # General variables used to build the index comments = field_values[0] now = time.strftime("%c") pcap_id = str(uuid.uuid4())[:12].replace('-', '') # Get a count of packets available try: pkcount = packet_count(pcap) except Exception as e: return response + UIMessage(str(e)) # Get the start/end time of packets try: pcap_time = get_time(pcap) except Exception as e: return response + UIMessage(str(e)) # Check for working directory, if it doesn't exist create it. w = config['working/directory'].strip('\'') try: if w != '': w = w + '/' + pcap_id if not os.path.exists(w): os.makedirs(w) else: return response + UIMessage( 'No working directory set, check your config file') except Exception as e: return response + UIMessage(e) # Build a dictonary object to upload into the database index = OrderedDict({ 'PCAP ID': pcap_id, 'PCAP Path': pcap, 'Working Directory': w, 'Upload Time': now, 'Comments': comments, 'MD5 Hash': md5hash, 'SHA1 Hash': sha1hash, 'Packet Count': pkcount, 'First Packet': pcap_time[0], 'Last Packet': pcap_time[1], 'File Size': filesize }) # Insert record into the database c.insert(index) # Return the entity with Session ID into Maltego r = SessionID(pcap_id) r += Field('sniffmypacketsv2.pcapfile', pcap, displayname='PCAP File') response += r return response
def do_transform(self, request, response, config): netblock = request.entity # Select Workspaces url = config['EffectiveCouscous.local.baseurl'] + 'workspaces' workspaces = apitools.get_json_dict(url, config) title = "Workspace Choice" msg = "Choose a Metasploit workspace to associate with this Netblock" ws_names = [workspace['name'] for workspace in workspaces] ws_names.append('Add Workspace') workspace = {} choice = gui.choicebox(msg=msg, title=title, choices=(ws_names)) if choice == "Add Workspace": workspace['name'] = "Add Workspace" else: for ws in workspaces: if ws['name'] == choice: workspace = ws # If Existing Workspace --------------------------------------------------------------- // if workspace['name'] != "Add Workspace": # Set Values netblock.name = '-' if workspace['name'] is None else workspace[ 'name'] netblock.workspace_id = workspace['id'] netblock.boundary = '-' if workspace[ 'boundary'] is None else workspace['boundary'] netblock.description = '-' if workspace[ 'description'] is None else workspace['description'] netblock.owner_id = '-' if workspace[ 'owner_id'] is None or '-' else workspace['owner_id'] netblock.limit_to_network = workspace['limit_to_network'] netblock.import_fingerprint = workspace['import_fingerprint'] netblock.created_at = workspace['created_at'] netblock.updated_at = workspace['updated_at'] netblock.origin_tool = 'Metasploit' # IP Range and Boundary if workspace['boundary'] is not None: netblock['ipv4-range'] = netblock.boundary # Add to response response + netblock # If New Workspace ------------------------------------------------------------------- // if workspace['name'] == "Add Workspace": msg = "New Workspace" fieldNames = ["Name"] fieldValues = gui.multenterbox(msg, fields=fieldNames) while 1: if fieldValues == None: break errmsg = "" for i in range(len(fieldNames)): if fieldValues[i].strip() == "": errmsg += ('"%s" is a required field.\n\n' % fieldNames[i]) if errmsg == "": break fieldValues = gui.multenterbox(errmsg, fieldValues, fieldNames) # Create and Fetch Workspace in Metasploit dict = {} dict['name'] = fieldValues[0] data = json.dumps(dict) post = apitools.post_json(url, data, config) workspaces = apitools.get_json_dict(url, config) ws = [] for workspace in workspaces: if workspace['name'] == dict['name']: ws.append(workspace) workspace = ws[0] # Set Values netblock.name = '-' if workspace['name'] is None else workspace[ 'name'] netblock.workspace_id = workspace['id'] netblock.boundary = '-' if workspace[ 'boundary'] is None else workspace['boundary'] netblock.description = '-' if workspace[ 'description'] is None else workspace['description'] netblock.owner_id = '-' if workspace[ 'owner_id'] is None else workspace['owner_id'] netblock.limit_to_network = workspace['limit_to_network'] netblock.import_fingerprint = workspace['import_fingerprint'] netblock.created_at = workspace['created_at'] netblock.updated_at = workspace['updated_at'] netblock.origin_tool = 'Metasploit' # IP Range and Boundary if workspace['boundary'] is not None: netblock['ipv4-range'] = netblock.boundary # Add to response response + netblock return response
def dotransform(request, response): # pcap file pulled from Maltego pcap = request.value usedb = config['working/usedb'] # Check to see if we are using the database or not if usedb == 0: return response + UIMessage('You have chosen not to use a database') else: pass # Connect to the database so we can insert the record created below x = mongo_connect() c = x['INDEX'] # Check the file exists first (so we don't add crap to the database try: open(pcap) except IOError: return response + UIMessage('The file doesn\'t exist') # Check the pcap file is in the correct format (not pcap-ng) try: f_format = check_pcap(pcap) if 'BAD' in f_format: return response + UIMessage('File format is pcap-ng, not supported by sniffMyPackets, please convert.') except Exception as e: return response + UIMessage(str(e)) # Hash the pcap file try: md5hash = md5_for_file(pcap) sha1hash = sha1_for_file(pcap) except Exception as e: return response + UIMessage(str(e)) # Get the file size try: filesize = check_size(pcap) except Exception as e: return response + UIMessage(str(e)) # Check the pcap file doesn't exist in the database already (based on MD5 hash) try: s = x.INDEX.find({"MD5 Hash": md5hash}).count() if s > 0: r = x.INDEX.find({"MD5 Hash": md5hash}, {"PCAP ID": 1, "_id": 0}) for i in r: e = SessionID(i['PCAP ID']) e += Field('sniffmypacketsv2.pcapfile', pcap, displayname='PCAP File') response += e return response else: pass except Exception as e: return response + UIMessage(str(e)) # Popup message box for entering comments about the pcap file msg = 'Enter Comments' title = 'Comments' field_names = ["Comments"] field_values = [] field_values = multenterbox(msg, title, field_names) # General variables used to build the index comments = field_values[0] now = time.strftime("%c") pcap_id = str(uuid.uuid4())[:12].replace('-', '') # Get a count of packets available try: pkcount = packet_count(pcap) except Exception as e: return response + UIMessage(str(e)) # Get the start/end time of packets try: pcap_time = get_time(pcap) except Exception as e: return response + UIMessage(str(e)) # Check for working directory, if it doesn't exist create it. w = config['working/directory'].strip('\'') try: if w != '': w = w + '/' + pcap_id if not os.path.exists(w): os.makedirs(w) else: return response + UIMessage('No working directory set, check your config file') except Exception as e: return response + UIMessage(e) # Build a dictonary object to upload into the database index = OrderedDict({'PCAP ID': pcap_id, 'PCAP Path': pcap, 'Working Directory': w, 'Upload Time': now, 'Comments': comments, 'MD5 Hash': md5hash, 'SHA1 Hash': sha1hash, 'Packet Count': pkcount, 'First Packet': pcap_time[0], 'Last Packet': pcap_time[1], 'File Size': filesize}) # Insert record into the database c.insert(index) # Return the entity with Session ID into Maltego r = SessionID(pcap_id) r += Field('sniffmypacketsv2.pcapfile', pcap, displayname='PCAP File') response += r return response