def init_sensor():
global _cap
global _datalink
items = []
for cmd, regex in (("/sbin/ifconfig", r"inet addr:([\d.]+) .*Mask:([\d.]+)"), ("ipconfig", r"IPv4 Address[^\n]+([\d.]+)\s+Subnet Mask[^\n]+([\d.]+)")):
try:
items = re.findall(regex, subprocess.check_output(cmd))
break
except OSError:
pass
for ip, mask in items:
LOCAL_NETWORKS.append((addr_to_int(ip) & addr_to_int(mask), addr_to_int(mask)))
HOST_ADDRESSES.add(ip)
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("google.com", 0))
HOST_ADDRESSES.add(s.getsockname()[0])
except:
pass
try:
if not os.path.isdir(LOG_DIRECTORY):
os.makedirs(LOG_DIRECTORY)
except Exception, ex:
if "Permission denied" in str(ex):
exit("[x] please run with sudo/Administrator privileges")
else:
raise
def fetch():
retval = {}
content = retrieve_content(__url__)
if __check__ in content:
for match in re.finditer(r"([\d.]+)/(\d+)", content):
prefix, mask = match.groups()
start_int = addr_to_int(prefix) & make_mask(int(mask))
end_int = start_int | ((1 << 32 - int(mask)) - 1)
for address in xrange(start_int, end_int + 1):
retval[int_to_addr(address)] = (__info__, __reference__)
return retval
def fetch():
retval = {}
content = retrieve_content(__url__)
if __check__ in content:
for match in re.finditer(r"([\d.]+)/(\d+)", content):
prefix, mask = match.groups()
start_int = addr_to_int(prefix) & make_mask(int(mask))
end_int = start_int | ((1 << 32 - int(mask)) - 1)
for address in xrange(start_int, end_int + 1):
retval[int_to_addr(address)] = (__info__, __reference__)
return retval
def init_sensor():
global _cap
global _datalink
items = []
for cmd, regex in (
("/sbin/ifconfig", r"inet addr:([\d.]+) .*Mask:([\d.]+)"),
("ipconfig",
r"IPv4 Address[^\n]+([\d.]+)\s+Subnet Mask[^\n]+([\d.]+)")):
try:
items = re.findall(regex, subprocess.check_output(cmd))
break
except OSError:
pass
for ip, mask in items:
LOCAL_NETWORKS.append(
(addr_to_int(ip) & addr_to_int(mask), addr_to_int(mask)))
HOST_ADDRESSES.add(ip)
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("google.com", 0))
HOST_ADDRESSES.add(s.getsockname()[0])
except:
pass
try:
if not os.path.isdir(LOG_DIRECTORY):
os.makedirs(LOG_DIRECTORY)
except Exception, ex:
if "Permission denied" in str(ex):
exit("[x] please run with sudo/Administrator privileges")
else:
raise
def fetch():
retval = {}
content = retrieve_content(__url__)
if __check__ in content:
for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+)/(\d+)", content):
prefix, mask = match.groups()
mask = int(mask)
if MIN_BLACKLIST_MASK <= mask <= MAX_BLACKLIST_MASK:
start_int = addr_to_int(prefix) & make_mask(mask)
end_int = start_int | ((1 << 32 - mask) - 1)
for address in xrange(start_int, end_int + 1):
retval[int_to_addr(address)] = (__info__, __reference__)
return retval
def fetch():
retval = {}
content = retrieve_content(__url__)
if __check__ in content:
for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+)/(\d+)", content):
prefix, mask = match.groups()
mask = int(mask)
if MIN_BLACKLIST_MASK <= mask <= MAX_BLACKLIST_MASK:
start_int = addr_to_int(prefix) & make_mask(mask)
end_int = start_int | ((1 << 32 - mask) - 1)
for address in xrange(start_int, end_int + 1):
retval[int_to_addr(address)] = (__info__, __reference__)
return retval
def fetch():
retval = {}
content = retrieve_content(__url__)
if __check__ in content:
for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+)/(\d+)", content):
prefix, mask = match.groups()
mask = int(mask)
start_int = addr_to_int(prefix) & make_mask(mask)
end_int = start_int | ((1 << 32 - mask) - 1)
if 0 <= end_int - start_int <= 1024:
address = start_int
while start_int <= address <= end_int:
retval[int_to_addr(address)] = (__info__, __reference__)
address += 1
return retval
def _events(self, params):
session = self.get_session()
if session is None:
self.send_response(httplib.UNAUTHORIZED)
self.send_header("Connection", "close")
return None
start, end, size, total = None, None, -1, None
content = None
log_path = os.path.join(config.LOG_DIR, "%s.log" % params.get("date", ""))
if os.path.exists(log_path):
total = os.stat(log_path).st_size
if self.headers.get("Range"):
match = re.search(r"bytes=(\d+)-(\d+)", self.headers["Range"])
if match:
start, end = int(match.group(1)), int(match.group(2))
max_size = end - start + 1
end = min(total - 1, end)
size = end - start + 1
if start == 0 or not session.range_handle:
session.range_handle = open(log_path, "rb")
if session.netfilters is None:
session.range_handle.seek(start)
self.send_response(httplib.PARTIAL_CONTENT)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, total))
content = session.range_handle.read(size)
else:
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
buffer, addresses, netmasks, regex = cStringIO.StringIO(), set(), [], ""
for netfilter in session.netfilters:
if not netfilter:
continue
if '/' in netfilter:
netmasks.append(netfilter)
elif re.search(r"\A[\d.]+\Z", netfilter):
addresses.add(netfilter)
elif '\.' in netfilter:
regex = r" %s " % netfilter
else:
print "[!] invalid network filter '%s'" % netfilter
return
for line in session.range_handle:
display = False
if regex and re.search(regex, line):
display = True
elif addresses or netmasks:
for match in re.finditer(r" (\d+\.\d+\.\d+\.\d+) ", line):
if not display:
ip = match.group(1)
else:
break
if ip in addresses:
display = True
break
elif netmasks:
for _ in netmasks:
prefix, mask = _.split('/')
if addr_to_int(ip) & make_mask(int(mask)) == addr_to_int(prefix):
addresses.add(ip)
display = True
break
if display:
buffer.write(line)
if buffer.tell() >= max_size:
break
content = buffer.getvalue()
end = start + len(content) - 1
self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, end + 1 + max_size * (len(content) >= max_size)))
if len(content) < max_size:
session.range_handle.close()
session.range_handle = None
if size == -1:
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
self.end_headers()
with open(log_path, "rb") as f:
while True:
data = f.read(io.DEFAULT_BUFFER_SIZE)
if not data:
break
else:
self.wfile.write(data)
else:
self.send_response(httplib.NOT_FOUND)
self.send_header("Connection", "close")
return content
isolation_level=None,
check_same_thread=False) as con:
cur = con.cursor()
cur.execute("BEGIN TRANSACTION")
cur.execute(
"CREATE TABLE ranges (start_int INT, end_int INT, name TEXT)"
)
with open(IPCAT_CSV_FILE) as f:
for row in f:
if not row.startswith('#') and not row.startswith(
'start'):
row = row.strip().split(",")
cur.execute(
"INSERT INTO ranges VALUES (?, ?, ?)",
(addr_to_int(row[0]), addr_to_int(
row[1]), row[2]))
cur.execute("COMMIT")
cur.close()
con.commit()
except Exception, ex:
print "[!] something went wrong during ipcat database update ('%s')" % ex
_chown(IPCAT_CSV_FILE)
_chown(IPCAT_SQLITE_FILE)
def main():
update()
def _events(self, params):
session = self.get_session()
if session is None:
self.send_response(httplib.UNAUTHORIZED)
self.send_header("Connection", "close")
self.end_headers()
return None
start, end, size, total = None, None, -1, None
content = None
log_path = os.path.join(config.LOG_DIRECTORY,
"%s.log" % params.get("date", ""))
if os.path.exists(log_path):
total = os.stat(log_path).st_size
if self.headers.get("Range"):
match = re.search(r"bytes=(\d+)-(\d+)",
self.headers["Range"])
if match:
start, end = int(match.group(1)), int(match.group(2))
max_size = end - start + 1
end = min(total - 1, end)
size = end - start + 1
if start == 0 or not session.range_handle:
session.range_handle = open(log_path, "rb")
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
if session.netfilters is None:
session.range_handle.seek(start)
self.send_response(httplib.PARTIAL_CONTENT)
self.send_header(
"Content-Range",
"bytes %d-%d/%d" % (start, end, total))
content = session.range_handle.read(size)
else:
buffer, addresses, netmasks = cStringIO.StringIO(
), set(), []
for netfilter in session.netfilters:
if not netfilter:
continue
if '/' in netfilter:
netmasks.append(netfilter)
elif re.search(r"\A[\d.]+\Z", netfilter):
addresses.add(netfilter)
else:
print "[!] invalid network filter '%s'" % netfilter
return
for line in session.range_handle.xreadlines():
display = False
for match in re.finditer(
r" (\d+\.\d+\.\d+\.\d+) ", line):
if not display:
ip = match.group(1)
else:
break
if ip in addresses:
display = True
break
elif netmasks:
for _ in netmasks:
prefix, mask = _.split('/')
if addr_to_int(ip) & make_mask(
int(mask)) == addr_to_int(
prefix):
addresses.add(ip)
display = True
break
if display:
buffer.write(line)
if buffer.tell() >= max_size:
break
content = buffer.getvalue()
end = start + len(content) - 1
self.send_header(
"Content-Range", "bytes %d-%d/%d" %
(start, end, end + 1 + max_size *
(len(content) >= max_size)))
if len(content) < max_size:
session.range_handle.close()
session.range_handle = None
if size == -1:
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
self.end_headers()
with open(log_path, "rb") as f:
while True:
data = f.read(io.DEFAULT_BUFFER_SIZE)
if not data:
break
else:
self.wfile.write(data)
return content
def _login(self, params):
valid = False
if params.get("username") and params.get("password"):
for entry in (config.USERS or []):
entry = re.sub(r"\s", "", entry)
username, stored_hash, uid, netfilter = entry.split(':')
hash_parts = stored_hash.split('$')
if username == params.get("username"):
try:
if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]):
valid = True
break
except:
if config.SHOW_DEBUG:
traceback.print_exc()
if valid:
session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header("Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))
if netfilter in ("", "0.0.0.0/0"):
netfilters = None
else:
addresses = set()
netmasks = set()
for item in set(re.split(r"[;,]", netfilter)):
item = item.strip()
if '/' in item:
_ = item.split('/')[-1]
if _.isdigit() and int(_) >= 16:
lower = addr_to_int(item.split('/')[0])
mask = make_mask(int(_))
upper = lower | (0xffffffff ^ mask)
while lower <= upper:
addresses.add(int_to_addr(lower))
lower += 1
else:
netmasks.add(item)
elif '-' in item:
_ = item.split('-')
lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
while lower <= upper:
addresses.add(int_to_addr(lower))
lower += 1
elif re.search(r"\d+\.\d+\.\d+\.\d+", item):
addresses.add(item)
netfilters = netmasks
if addresses:
netfilters.add(get_regex(addresses))
SESSIONS[session_id] = AttribDict({"username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration})
else:
time.sleep(UNAUTHORIZED_SLEEP_TIME)
self.send_response(httplib.UNAUTHORIZED)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
content = "Login %s" % ("success" if valid else "failed")
try:
subprocess.check_output("logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\"" % (NAME.lower(), os.getpid(), "Accepted" if valid else "Failed", params.get("username"), self.client_address[0], self.client_address[1]), stderr=subprocess.STDOUT, shell=True)
except Exception:
if config.SHOW_DEBUG:
traceback.print_exc()
return content
def _events(self, params):
session = self.get_session()
if session is None:
self.send_response(httplib.UNAUTHORIZED)
self.send_header("Connection", "close")
self.end_headers()
return None
start, end, size, total = None, None, -1, None
content = None
log_path = os.path.join(config.LOG_DIRECTORY, "%s.log" % params.get("date", ""))
if os.path.exists(log_path):
total = os.stat(log_path).st_size
if self.headers.get("Range"):
match = re.search(r"bytes=(\d+)-(\d+)", self.headers["Range"])
if match:
start, end = int(match.group(1)), int(match.group(2))
max_size = end - start + 1
end = min(total - 1, end)
size = end - start + 1
if start == 0 or not session.range_handle:
session.range_handle = open(log_path, "rb")
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
if session.netfilter in (None, "", "0.0.0.0/0"):
session.range_handle.seek(start)
self.send_response(httplib.PARTIAL_CONTENT)
self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, total))
content = session.range_handle.read(size)
else:
content, addresses, netmasks = "", set(), []
for _ in set(re.split(r"[;,]", session.netfilter)):
if '/' in _:
netmasks.append(_)
elif re.search(r"\A[\d.]+\Z", _):
addresses.add(_)
else:
print "[!] invalid network filter '%s'" % _
return
for line in session.range_handle.xreadlines():
display = False
for ip in set(re.findall(r"\d+\.\d+\.\d+\.\d+", line)):
if display:
break
elif ip in addresses:
display = True
break
else:
for _ in netmasks:
prefix, mask = _.split('/')
if addr_to_int(ip) & make_mask(int(mask)) == addr_to_int(prefix):
addresses.add(ip)
display = True
break
if display:
content += line
if len(content) >= max_size:
break
end = start + len(content) - 1
self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, end + 1 + max_size * (len(content) >= max_size)))
if len(content) < max_size:
session.range_handle.close()
session.range_handle = None
if size == -1:
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
self.end_headers()
with open(log_path, "rb") as f:
while True:
data = f.read(io.DEFAULT_BUFFER_SIZE)
if not data:
break
else:
self.wfile.write(data)
return content
def _login(self, params):
valid = False
if params.get("username") and params.get("password"):
for entry in (config.USERS or []):
entry = re.sub(r"\s", "", entry)
username, stored_hash, uid, netfilter = entry.split(':')
hash_parts = stored_hash.split('$')
if username == params.get("username"):
try:
if (pbkdf2(params.get("password"),
hash_parts[1].decode("hex"),
int(hash_parts[2])).encode("hex") ==
hash_parts[3]):
valid = True
break
except:
if DEBUG:
traceback.print_exc()
if valid:
session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header(
"Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" %
(session_id,
time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))
if netfilter in ("", "0.0.0.0/0"):
netfilters = None
else:
netfilters = set(re.split(r"[;,]", netfilter))
for netfilter in set(netfilters):
netfilter = netfilter.strip()
if '/' in netfilter:
_ = netfilter.split('/')[-1]
if _.isdigit() and int(_) >= 20:
lower = addr_to_int(netfilter.split('/')[0])
mask = make_mask(int(_))
upper = lower | (0xffffffff ^ mask)
while lower <= upper:
netfilters.add(int_to_addr(lower))
lower += 1
netfilters.remove(netfilter)
elif '-' in netfilter:
_ = netfilter.split('-')
lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
while lower <= upper:
netfilters.add(int_to_addr(lower))
lower += 1
netfilters.remove(netfilter)
elif not netfilter:
netfilters.remove(netfilter)
SESSIONS[session_id] = AttribDict({
"username": username,
"uid": uid,
"netfilters": netfilters,
"expiration": expiration
})
else:
time.sleep(UNAUTHORIZED_SLEEP_TIME)
self.send_response(httplib.UNAUTHORIZED)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
content = "Login %s" % ("success" if valid else "failed")
return content
def _login(self, params):
valid = False
if params.get("username") and params.get("password"):
for entry in (config.USERS or []):
entry = re.sub(r"\s", "", entry)
username, stored_hash, uid, netfilter = entry.split(':')
hash_parts = stored_hash.split('$')
if username == params.get("username"):
try:
if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]):
valid = True
break
except:
if DEBUG:
traceback.print_exc()
if valid:
session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header("Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))
if netfilter in ("", "0.0.0.0/0"):
netfilters = None
else:
netfilters = set(re.split(r"[;,]", netfilter))
for netfilter in set(netfilters):
netfilter = netfilter.strip()
if '/' in netfilter:
_ = netfilter.split('/')[-1]
if _.isdigit() and int(_) >= 20:
lower = addr_to_int(netfilter.split('/')[0])
mask = make_mask(int(_))
upper = lower | (0xffffffff ^ mask)
while lower <= upper:
netfilters.add(int_to_addr(lower))
lower += 1
netfilters.remove(netfilter)
elif '-' in netfilter:
_ = netfilter.split('-')
lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
while lower <= upper:
netfilters.add(int_to_addr(lower))
lower += 1
netfilters.remove(netfilter)
elif not netfilter:
netfilters.remove(netfilter)
SESSIONS[session_id] = AttribDict({"username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration})
else:
time.sleep(UNAUTHORIZED_SLEEP_TIME)
self.send_response(httplib.UNAUTHORIZED)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
content = "Login %s" % ("success" if valid else "failed")
return content
def _process_packet(packet, sec, usec):
try:
if _datalink == pcapy.DLT_LINUX_SLL:
packet = packet[2:]
eth_header = struct.unpack("!HH8sH", packet[:ETH_LENGTH])
eth_protocol = socket.ntohs(eth_header[3])
if eth_protocol == IPPROTO: # IP
ip_header = struct.unpack("!BBHHHBBH4s4s",
packet[ETH_LENGTH:ETH_LENGTH + 20])
ip_length = ip_header[2]
packet = packet[:ETH_LENGTH + ip_length] # truncate
iph_length = (ip_header[0] & 0xF) << 2
protocol = ip_header[6]
src_ip = socket.inet_ntoa(ip_header[8])
dst_ip = socket.inet_ntoa(ip_header[9])
proto = IPPROTO_LUT.get(protocol)
local_src = False
for prefix, mask in LOCAL_NETWORKS:
if addr_to_int(src_ip) & mask == prefix:
local_src = True
break
if proto is None or any(_ in (config.IGNORE_ADDRESSES or "")
for _ in (src_ip, dst_ip)):
return
if HOST_ADDRESSES and dst_ip not in HOST_ADDRESSES:
return
# only process SYN packets
if protocol == socket.IPPROTO_TCP: # TCP
if local_src:
return
i = iph_length + ETH_LENGTH
src_port, dst_port, _, _, _, flags = struct.unpack(
"!HHLLBB", packet[i:i + 14])
if any(
str(_) in (config.IGNORE_PORTS or "")
for _ in (src_port, dst_port)):
return
dst_key = "%s:%s:%s" % (proto, dst_ip, dst_port)
stat_key = "%s:%s" % (dst_key, src_ip)
if flags == 2: # SYN set (only)
if dst_key not in _traffic:
_traffic[dst_key] = set()
_traffic[dst_key].add(src_ip)
if stat_key not in _auxiliary:
_auxiliary[stat_key] = [sec, sec, 1]
else:
_auxiliary[stat_key][1] = sec
_auxiliary[stat_key][2] += 1
else:
if protocol == socket.IPPROTO_UDP: # UDP
i = iph_length + ETH_LENGTH
_ = packet[i:i + 4]
if len(_) < 4:
return
src_port, dst_port = struct.unpack("!HH", _)
if src_port < 1024 and dst_port > 1024 and dst_ip in HOST_ADDRESSES: # potential reflection/amplification (junk) responses (e.g. service response to fake src_ip)
return
else: # non-TCP/UDP (e.g. ICMP)
src_port, dst_port = '-', '-'
if any(
str(_) in (config.IGNORE_PORTS or "")
for _ in (src_port, dst_port)):
return
dst_key = "%s:%s:%s" % (proto, dst_ip, dst_port)
stat_key = "%s:%s" % (dst_key, src_ip)
flow = tuple(
sorted((addr_to_int(src_ip), src_port, addr_to_int(dst_ip),
dst_port)))
if flow not in _auxiliary:
_auxiliary[flow] = True
if local_src:
return
if dst_key not in _traffic:
_traffic[dst_key] = set()
_traffic[dst_key].add(src_ip)
_auxiliary[stat_key] = [sec, sec, 1]
elif stat_key in _auxiliary:
_auxiliary[stat_key][1] = sec
_auxiliary[stat_key][2] += 1
except:
if config.SHOW_DEBUG:
traceback.print_exc()
finally:
_log_write()
def _process_packet(packet, sec, usec):
try:
if _datalink == pcapy.DLT_LINUX_SLL:
packet = packet[2:]
eth_header = struct.unpack("!HH8sH", packet[:ETH_LENGTH])
eth_protocol = socket.ntohs(eth_header[3])
if eth_protocol == IPPROTO: # IP
ip_header = struct.unpack("!BBHHHBBH4s4s", packet[ETH_LENGTH:ETH_LENGTH + 20])
ip_length = ip_header[2]
packet = packet[:ETH_LENGTH + ip_length] # truncate
iph_length = (ip_header[0] & 0xF) << 2
protocol = ip_header[6]
src_ip = socket.inet_ntoa(ip_header[8])
dst_ip = socket.inet_ntoa(ip_header[9])
proto = IPPROTO_LUT.get(protocol)
local_src = False
for prefix, mask in LOCAL_NETWORKS:
if addr_to_int(src_ip) & mask == prefix:
local_src = True
break
if proto is None or any(_ in (config.IGNORE_ADDRESSES or "") for _ in (src_ip, dst_ip)):
return
if HOST_ADDRESSES and dst_ip not in HOST_ADDRESSES:
return
# only process SYN packets
if protocol == socket.IPPROTO_TCP: # TCP
if local_src:
return
i = iph_length + ETH_LENGTH
src_port, dst_port, _, _, _, flags = struct.unpack("!HHLLBB", packet[i:i + 14])
if any(str(_) in (config.IGNORE_PORTS or "") for _ in (src_port, dst_port)):
return
dst_key = "%s:%s:%s" % (proto, dst_ip, dst_port)
stat_key = "%s:%s" % (dst_key, src_ip)
if flags == 2: # SYN set (only)
if dst_key not in _traffic:
_traffic[dst_key] = set()
_traffic[dst_key].add(src_ip)
if stat_key not in _auxiliary:
_auxiliary[stat_key] = [sec, sec, 1]
else:
_auxiliary[stat_key][1] = sec
_auxiliary[stat_key][2] += 1
else:
if protocol == socket.IPPROTO_UDP: # UDP
i = iph_length + ETH_LENGTH
_ = packet[i:i + 4]
if len(_) < 4:
return
src_port, dst_port = struct.unpack("!HH", _)
if src_port < 1024 and dst_port > 1024 and dst_ip in HOST_ADDRESSES: # potential reflection/amplification (junk) responses (e.g. service response to fake src_ip)
return
else: # non-TCP/UDP (e.g. ICMP)
src_port, dst_port = '-', '-'
if any(str(_) in (config.IGNORE_PORTS or "") for _ in (src_port, dst_port)):
return
dst_key = "%s:%s:%s" % (proto, dst_ip, dst_port)
stat_key = "%s:%s" % (dst_key, src_ip)
flow = tuple(sorted((addr_to_int(src_ip), src_port, addr_to_int(dst_ip), dst_port)))
if flow not in _auxiliary:
_auxiliary[flow] = True
if local_src:
return
if dst_key not in _traffic:
_traffic[dst_key] = set()
_traffic[dst_key].add(src_ip)
_auxiliary[stat_key] = [sec, sec, 1]
elif stat_key in _auxiliary:
_auxiliary[stat_key][1] = sec
_auxiliary[stat_key][2] += 1
except:
if config.SHOW_DEBUG:
traceback.print_exc()
finally:
_log_write()
else:
try:
if os.path.exists(IPCAT_SQLITE_FILE):
os.remove(IPCAT_SQLITE_FILE)
with sqlite3.connect(IPCAT_SQLITE_FILE, isolation_level=None, check_same_thread=False) as con:
cur = con.cursor()
cur.execute("BEGIN TRANSACTION")
cur.execute("CREATE TABLE ranges (start_int INT, end_int INT, name TEXT)")
with open(IPCAT_CSV_FILE) as f:
for row in f:
if not row.startswith('#') and not row.startswith('start'):
row = row.strip().split(",")
cur.execute("INSERT INTO ranges VALUES (?, ?, ?)", (addr_to_int(row[0]), addr_to_int(row[1]), row[2]))
cur.execute("COMMIT")
cur.close()
con.commit()
except Exception, ex:
print "[!] something went wrong during ipcat database update ('%s')" % ex
_chown(IPCAT_CSV_FILE)
_chown(IPCAT_SQLITE_FILE)
def main():
update()
if __name__ == "__main__":
main()
def _login(self, params):
valid = False
if params.get("username") and params.get("password"):
for entry in (config.USERS or []):
entry = re.sub(r"\s", "", entry)
username, stored_hash, uid, netfilter = entry.split(':')
hash_parts = stored_hash.split('$')
if username == params.get("username"):
try:
if (pbkdf2(params.get("password"),
hash_parts[1].decode("hex"),
int(hash_parts[2])).encode("hex") ==
hash_parts[3]):
valid = True
break
except:
if config.SHOW_DEBUG:
traceback.print_exc()
if valid:
session_id = os.urandom(SESSION_ID_LENGTH).encode("hex")
expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS
self.send_response(httplib.OK)
self.send_header("Connection", "close")
self.send_header(
"Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" %
(session_id,
time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration))))
if netfilter in ("", "0.0.0.0/0"):
netfilters = None
else:
addresses = set()
netmasks = set()
for item in set(re.split(r"[;,]", netfilter)):
item = item.strip()
if '/' in item:
_ = item.split('/')[-1]
if _.isdigit() and int(_) >= 16:
lower = addr_to_int(item.split('/')[0])
mask = make_mask(int(_))
upper = lower | (0xffffffff ^ mask)
while lower <= upper:
addresses.add(int_to_addr(lower))
lower += 1
else:
netmasks.add(item)
elif '-' in item:
_ = item.split('-')
lower, upper = addr_to_int(_[0]), addr_to_int(_[1])
while lower <= upper:
addresses.add(int_to_addr(lower))
lower += 1
elif re.search(r"\d+\.\d+\.\d+\.\d+", item):
addresses.add(item)
netfilters = netmasks
if addresses:
netfilters.add(get_regex(addresses))
SESSIONS[session_id] = AttribDict({
"username": username,
"uid": uid,
"netfilters": netfilters,
"expiration": expiration
})
else:
time.sleep(UNAUTHORIZED_SLEEP_TIME)
self.send_response(httplib.UNAUTHORIZED)
self.send_header("Connection", "close")
self.send_header("Content-Type", "text/plain")
content = "Login %s" % ("success" if valid else "failed")
if not subprocess.mswindows:
try:
subprocess.check_output(
"logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\""
% (NAME.lower(), os.getpid(), "Accepted"
if valid else "Failed", params.get("username"),
self.client_address[0], self.client_address[1]),
stderr=subprocess.STDOUT,
shell=True)
except Exception:
if config.SHOW_DEBUG:
traceback.print_exc()
return content