def syncNmapPortConfigFile(agentPath): ''' Sync nmap port config with global probe's "port number to port name" mapping ''' logger.debug('synchronizing nmap port config file') portConfigFilename = agentPath + CollectorsParameters.getDiscoveryConfigFolder( ) + CollectorsParameters.FILE_SEPARATOR + 'portNumberToPortName.xml' mamservice = File(portConfigFilename) nmapservice = File(agentPath + CollectorsParameters.getDiscoveryResourceFolder() + CollectorsParameters.FILE_SEPARATOR + 'nmap-services') if nmapservice.lastModified() > mamservice.lastModified(): return nmapFile = FileOutputStream(nmapservice) document = SAXBuilder(0).build(mamservice) # document = parse(portConfigFilename) ports = XmlWrapper(document.getRootElement().getChildren('portInfo')) for port in ports: if int(port.getAttributeValue("discover")): portNumber = port.getAttributeValue("portNumber") portName = port.getAttributeValue("portName") portProtocol = port.getAttributeValue("portProtocol") nmapFile.write("%s\t%s/%s\r\n" % (portName, portNumber, portProtocol)) nmapFile.close()
def get_db_datasources(self, content): from NTCMD_IIS import NamedDbDataSource, DbDataSource dbDataSources = [] if content: try: document = SAXBuilder(0).build(StringReader(content)) results = document.getRootElement().getChildren("connectionStrings") if results: for result in results: connectionEntries = result.getChildren("add") for connectionEntry in connectionEntries: connectionString = connectionEntry.getAttributeValue("connectionString") if connectionString: match = re.search("dsn\s*=\s*([a-zA-Z_0-9]+);?.*", connectionString, re.I) if match: dataSource = NamedDbDataSource(match.group(1)) else: dataSource = DbDataSource(connectionString) if dataSource.isValidDataSource(): dbDataSources.append(dataSource) else: logger.debug("DB Source did not validate") except: logger.warnException("Failed getting connection info.") return dbDataSources
def get_db_datasources(self, content): from NTCMD_IIS import NamedDbDataSource, DbDataSource dbDataSources = [] if content: try: document = SAXBuilder(0).build(StringReader(content)) results = document.getRootElement().getChildren('connectionStrings') if results: for result in results: connectionEntries = result.getChildren('add') for connectionEntry in connectionEntries: connectionString = connectionEntry.getAttributeValue('connectionString') if connectionString: match = re.search("dsn\s*=\s*([a-zA-Z_0-9]+);?.*", connectionString, re.I) if match: dataSource = NamedDbDataSource(match.group(1)) else: dataSource = DbDataSource(connectionString) if dataSource.isValidDataSource(): dbDataSources.append(dataSource) else: logger.debug('DB Source did not validate') except: logger.warnException('Failed getting connection info.') return dbDataSources
def syncNmapPortConfigFile(agentPath): ''' Sync nmap port config with global probe's "port number to port name" mapping ''' logger.debug('synchronizing nmap port config file') portConfigFilename = agentPath + CollectorsParameters.getDiscoveryConfigFolder() + CollectorsParameters.FILE_SEPARATOR + 'portNumberToPortName.xml' mamservice = File(portConfigFilename) nmapservice = File(agentPath + CollectorsParameters.getDiscoveryResourceFolder() + CollectorsParameters.FILE_SEPARATOR + 'nmap-services') if nmapservice.lastModified() > mamservice.lastModified(): return nmapFile = FileOutputStream(nmapservice) document = SAXBuilder(0).build(mamservice) # document = parse(portConfigFilename) ports = XmlWrapper(document.getRootElement().getChildren('portInfo')) for port in ports: if int(port.getAttributeValue("discover")): portNumber = port.getAttributeValue("portNumber") portName = port.getAttributeValue("portName") portProtocol = port.getAttributeValue("portProtocol") nmapFile.write("%s\t%s/%s\r\n" % (portName, portNumber, portProtocol)) nmapFile.close()
def processNmapResult(fileName, OSHVResult, discoverOsName, doServiceFingerprints, createApp, Framework): try: document = SAXBuilder(0).build(fileName) except: raise ValueError, "Can't parse XML document with nmap results. Skipped." hosts = XmlWrapper(document.getRootElement().getChildren('host')) for host in hosts: hostOsh = None ip = None macs = [] addresses = XmlWrapper(host.getChildren('address')) for address in addresses: type = address.getAttributeValue('addrtype') addr = address.getAttributeValue('addr') if type == 'ipv4': ip = addr elif type == 'mac': macs.append(addr) hostnames = host.getChild('hostnames') if (hostnames is not None) and netutils.isValidIp(ip): hostnames = map(lambda elem: elem.getAttributeValue('name'), XmlWrapper(hostnames.getChildren('hostname'))) hostname = hostnames and hostnames[ 0] or None #using only first dnsname os = host.getChild('os') if os and discoverOsName: osClass = os.getChild('osclass') if not osClass: osMatch = os.getChild('osmatch') osClass = osMatch.getChild('osclass') if osClass: osType = osClass.getAttributeValue("type") osFamily = osClass.getAttributeValue("osfamily") osVendor = osClass.getAttributeValue("vendor") hostClass = getHostClass(osType, osFamily) if not hostClass: Framework.reportWarning( "Unknown OS detected. Vendor '%s', family '%s'" % (osVendor, osFamily)) hostClass = "host" hostOsh = modeling.createHostOSH(ip, hostClass) hostOsh.setAttribute("host_vendor", osVendor) osMatch = os.getChild('osmatch') if osMatch: separateCaption(hostOsh, osMatch.getAttributeValue("name")) hostOsh.setAttribute( "host_osaccuracy", osMatch.getAttributeValue("accuracy") + '%') if not hostOsh: hostOsh = modeling.createHostOSH(ip) ipOsh = modeling.createIpOSH(ip, dnsname=hostname) OSHVResult.add(ipOsh) OSHVResult.add(finalizeHostOsh(hostOsh)) OSHVResult.add(modeling.createLinkOSH('contained', hostOsh, ipOsh)) for mac in macs: if netutils.isValidMac(mac): interfaceOsh = modeling.createInterfaceOSH(mac, hostOsh) OSHVResult.add(interfaceOsh) OSHVResult.add( modeling.createLinkOSH('containment', interfaceOsh, ipOsh)) applicationList = [] if not host.getChild('ports'): return ports = XmlWrapper(host.getChild('ports').getChildren('port')) for port in ports: portNumber = port.getAttributeValue('portid') protocol = port.getAttributeValue('protocol') serviceName = None if doServiceFingerprints: if port.getChild("state").getAttributeValue("state").find( 'open') == -1: continue serviceNode = port.getChild("service") if serviceNode: serviceName = serviceNode.getAttributeValue("name") serviceProduct = serviceNode.getAttributeValue( "product") serviceVersion = serviceNode.getAttributeValue( "version") if createApp and serviceProduct and serviceProduct not in applicationList: addApplicationCI(ip, hostOsh, serviceProduct, serviceVersion, OSHVResult) applicationList.append(serviceProduct) addServiceAddressOsh(hostOsh, OSHVResult, ip, portNumber, protocol, serviceName)
def processNmapResult(fileName, OSHVResult, discoverOsName, doServiceFingerprints, createApp, Framework): try: document = SAXBuilder(0).build(fileName) except: raise ValueError, "Can't parse XML document with nmap results. Skipped." hosts = XmlWrapper(document.getRootElement().getChildren('host')) for host in hosts: hostOsh = None ip = None macs = [] addresses = XmlWrapper(host.getChildren('address')) for address in addresses: type = address.getAttributeValue('addrtype') addr = address.getAttributeValue('addr') if type == 'ipv4': ip = addr elif type == 'mac': macs.append(addr) hostnames = host.getChild('hostnames') if (hostnames is not None) and netutils.isValidIp(ip): hostnames = map(lambda elem: elem.getAttributeValue('name'), XmlWrapper(hostnames.getChildren('hostname'))) hostname = hostnames and hostnames[0] or None #using only first dnsname os = host.getChild('os') if os and discoverOsName: osClass = os.getChild('osclass') if not osClass: osMatch = os.getChild('osmatch') osClass = osMatch.getChild('osclass') if osClass: osType = osClass.getAttributeValue("type") osFamily = osClass.getAttributeValue("osfamily") osVendor = osClass.getAttributeValue("vendor") hostClass = getHostClass(osType, osFamily) if not hostClass: Framework.reportWarning("Unknown OS detected. Vendor '%s', family '%s'" % (osVendor, osFamily)) hostClass = "host" hostOsh = modeling.createHostOSH(ip, hostClass) hostOsh.setAttribute("host_vendor", osVendor) osMatch = os.getChild('osmatch') if osMatch: separateCaption(hostOsh, osMatch.getAttributeValue("name")) hostOsh.setAttribute("host_osaccuracy", osMatch.getAttributeValue("accuracy") + '%') if not hostOsh: hostOsh = modeling.createHostOSH(ip) ipOsh = modeling.createIpOSH(ip, dnsname=hostname) OSHVResult.add(ipOsh) OSHVResult.add(finalizeHostOsh(hostOsh)) OSHVResult.add(modeling.createLinkOSH('contained', hostOsh, ipOsh)) for mac in macs: if netutils.isValidMac(mac): interfaceOsh = modeling.createInterfaceOSH(mac, hostOsh) OSHVResult.add(interfaceOsh) OSHVResult.add(modeling.createLinkOSH('containment', interfaceOsh, ipOsh)) applicationList = [] if not host.getChild('ports'): return ports = XmlWrapper(host.getChild('ports').getChildren('port')) for port in ports: portNumber = port.getAttributeValue('portid') protocol = port.getAttributeValue('protocol') serviceName = None if doServiceFingerprints: if port.getChild("state").getAttributeValue("state").find('open') == -1: continue serviceNode = port.getChild("service") if serviceNode: serviceName = serviceNode.getAttributeValue("name") serviceProduct = serviceNode.getAttributeValue("product") serviceVersion = serviceNode.getAttributeValue("version") if createApp and serviceProduct and serviceProduct not in applicationList: addApplicationCI(ip,hostOsh,serviceProduct,serviceVersion, OSHVResult) applicationList.append(serviceProduct) addServiceAddressOsh(hostOsh, OSHVResult, ip, portNumber, protocol, serviceName)