def smb_credential():
print("Starting SMB credential check")
device_ids = session.query(Service.device_id) \
.filter(Service.address == "445/tcp") \
.distinct()
devices = session.query(Device) \
.filter(Device.id.in_(device_ids), Device.ip_address.isnot(None))
smb_cred_checker = SMBCredentialChecker()
for device in devices.all():
print("Found SMB service at {}".format(device.ip_address))
try:
creds = smb_cred_checker.check(device.ip_address)
except Exception as e:
print(e)
continue
if creds:
print("Detected unauthenticated SMB server at {}".format(
device.ip_address))
(username, password) = creds
vn = Vulnerability(device_id=device.id,
type="smb_credential",
description="{}:{}".format(username, password)
if username and password else "(none)")
session.add(vn)
session.commit()
def create_or_update_device(mac_addr,
ip_addr=None,
hostname=None,
save_heartbeat=True):
device = session.query(Device).filter(
Device.mac_address == mac_addr).first()
if not device:
device = Device(mac_address=mac_addr)
session.add(device)
if ip_addr:
device.ip_address = ip_addr
if hostname:
device.hostname = hostname
elif ip_addr:
device.hostname = get_hostname(ip_addr)
session.commit()
if save_heartbeat:
heartbeat = Heartbeat(device_id=device.id)
session.add(heartbeat)
session.commit()
return device
def ssh_fingerprint():
print("Starting SSH fingerprint")
device_ids = session.query(Service.device_id) \
.filter(Service.address == "22/tcp") \
.distinct()
devices = session.query(Device) \
.filter(Device.id.in_(device_ids), Device.ip_address.isnot(None))
ssh_fingerprinter = SSHFingerprinter()
for device in devices.all():
print("Found SSH service at {}".format(device.ip_address))
try:
os_ver = ssh_fingerprinter.fingerprint(device.ip_address)
except Exception as e:
print(e)
continue
if not os_ver:
continue
print("Detected version {} at {}".format(os_ver, device.ip_address))
fp = Fingerprint(device_id=device.id,
type="operating_system_version",
value=os_ver)
session.add(fp)
session.commit()
def smb_fingerprint():
print("Starting SMB fingerprint")
device_ids = session.query(Fingerprint.device_id) \
.filter(Fingerprint.type == "operating_system", Fingerprint.value.ilike("%windows%")) \
.distinct()
devices = session.query(Device) \
.filter(Device.id.in_(device_ids), Device.ip_address.isnot(None))
smb_fingerprinter = SMBFingerprinter()
for device in devices.all():
print("Found Windows device at {}".format(device.ip_address))
try:
(major, minor, build,
_) = smb_fingerprinter.fingerprint(device.ip_address)
except Exception as e:
print(e)
continue
if not major:
continue
print("Detected version {}.{}.{} at {}".format(major, minor, build,
device.ip_address))
fp = Fingerprint(device_id=device.id,
type="operating_system_version",
value="{}.{}.{}".format(major, minor, build))
session.add(fp)
session.commit()
def persist_dhcp_fingerprint(mac_addr, os_match):
print("Storing DHCP fingerprint for {}".format(mac_addr))
device = create_or_update_device(mac_addr)
fp = Fingerprint(
device_id = device.id,
type = "operating_system",
value = os_match
)
session.add(fp)
session.commit()
def port_scan():
port_scanner = PortScanner(str(conf_ip))
for device in session.query(Device).filter(
Device.ip_address.isnot(None)).all():
print("Starting port scan for {}".format(device.ip_address))
for port in port_scanner.scan(device.ip_address, COMMON_PORTS):
print("Found {} at {}".format(port, device.ip_address))
service = Service(device_id=device.id,
type="port",
address="{}/tcp".format(port),
description="Open port at {}/tcp".format(port))
session.add(service)
session.commit()
def bonjour_scan():
print("Starting Bonjour scan")
bonjour_scanner = BonjourScanner()
for (ip, port, type) in bonjour_scanner.scan():
try:
device = session.query(Device).filter(
Device.ip_address == ip).one()
except NoResultFound:
print(
"Bonjour service {} is running on {}, but this device does not exist"
.format(type, ip))
continue
print("Found {} at {}".format(type, device.ip_address))
service = Service(device_id=device.id,
type="bonjour",
address=type,
description="Bonjour service at {}".format(port))
session.add(service)
session.commit()
def upnp_scan():
print("Starting UPnP scan")
upnp_scanner = UPnPScanner()
for (ip, usn) in upnp_scanner.scan():
try:
device = session.query(Device).filter(
Device.ip_address == ip).one()
except NoResultFound:
print(
"UPnP service {} is running on {}, but this device does not exist"
.format(usn, ip))
continue
print("Found {} at {}".format(usn, device.ip_address))
service = Service(device_id=device.id,
type="upnp",
address=usn,
description="UPnP service at {}".format(usn))
session.add(service)
session.commit()
def meta_fingerprint():
print("Starting meta fingerprint")
devices = session.query(Device).all()
meta_fingerprinter = MetaFingerprinter()
for device in devices:
try:
fp = meta_fingerprinter.fingerprint(device)
except Exception as e:
print(e)
continue
if not fp:
continue
for (type, value) in fp.items():
print("Found {} at {}".format(type, device.ip_address))
fp = Fingerprint(device_id=device.id, type=type, value=value)
session.add(fp)
session.commit()