def modip(self, enable=True):
""" Enable or disable the iptable rule
"""
if enable:
util.init_app(self.iptable)
else:
util.init_app(self.iptable.replace('-A', '-D'))
def modip(self, enable=True):
""" Enable or disable the iptable rule
"""
if enable:
util.init_app(self.iptable)
else:
util.init_app(self.iptable.replace('-A', '-D'))
def modip_rule(self, enable=True):
""" enables or disables the iptable rule for forwarding traffic locally
"""
if enable:
util.init_app(self.iptable_http.format(self.hooked_host))
else:
util.init_app(self.iptable_http.replace('-A', '-D').format(self.hooked_host))
def update():
"""Run update routine
"""
if not util.does_file_exist('./.git/config'):
util.Error(
'Not a git repo; please checkout from Github with \n\tgit clone http://github.com/hatRiot/zarp.git\n to update.'
)
else:
util.Msg('Updating Zarp...')
ret = util.init_app('git branch -a | grep \'* dev\'', True)
if len(ret) > 3:
util.Error(
'You appear to be on the dev branch. Please switch off dev to update.'
)
return
ret = util.init_app('git pull git://github.com/hatRiot/zarp.git HEAD',
True)
if 'Already up-to-date' in ret:
util.Msg('Zarp already up to date.')
elif 'fatal' in ret:
util.Error('Error updating Zarp: %s' % ret)
else:
from util import version
util.Msg('Zarp updated to version %s' % (version()))
def modip_rule(self, enable=True):
""" enables or disables the iptable rule for forwarding traffic locally
"""
if enable:
util.init_app(self.iptable_http.format(self.hooked_host))
else:
util.init_app(
self.iptable_http.replace('-A', '-D').format(self.hooked_host))
def modip(self, enable=True):
"""
Enable or disable the iptable rule
"""
to_exec = self.iptable.format(self.config['source_port'].value, self.config['dest_port'].value)
if enable:
util.init_app(to_exec)
else:
util.init_app(to_exec.replace('-A', '-D'))
def initialize(self):
"""Initialize AP"""
if not util.check_program('airbase-ng'):
util.Error('\'airbase-ng\' not found in local path.')
return False
self.running = True
ap_proc = None
try:
self.mon_adapt = util.get_monitor_adapter()
if self.mon_adapt is None:
self.mon_adapt = util.enable_monitor()
airbase_cmd = [
'airbase-ng',
'--essid', self.ap_essid,
self.mon_adapt
]
ap_proc = util.init_app(airbase_cmd, False)
util.Msg('Access point %s running.'%self.ap_essid)
while self.running: pass
except KeyboardInterrupt:
self.running = False
except Exception, er:
util.Error('Error with wireless AP: %s'%er)
def initialize(self):
"""Initialize AP"""
if not util.check_program('airbase-ng'):
util.Error('\'airbase-ng\' not found in local path.')
return False
self.running = True
ap_proc = None
try:
self.mon_adapt = util.get_monitor_adapter()
if self.mon_adapt is None:
self.mon_adapt = util.enable_monitor()
if self.mon_adapt is None:
util.Error('Could not find a wireless card in monitor mode')
return None
airbase_cmd = [
'airbase-ng', '--essid', self.ap_essid, self.mon_adapt
]
ap_proc = util.init_app(airbase_cmd, False)
util.Msg('Access point %s running.' % self.ap_essid)
raw_input() # block
except KeyboardInterrupt:
self.running = False
except Exception, er:
util.Error('Error with wireless AP: %s' % er)
def initialize(self):
"""Initialize AP"""
if not util.check_program('airbase-ng'):
util.Error('\'airbase-ng\' not found in local path.')
return False
self.running = True
ap_proc = None
try:
self.mon_adapt = util.get_monitor_adapter()
if self.mon_adapt is None:
self.mon_adapt = util.enable_monitor()
if self.mon_adapt is None:
util.Error('Could not find a wireless card in monitor mode')
self.running = False
return None
airbase_cmd = [
'airbase-ng',
'--essid', self.config['ap_essid'].value,
self.mon_adapt
]
ap_proc = util.init_app(airbase_cmd, False)
util.Msg('Access point %s running.' % \
self.config['ap_essid'].value)
raw_input() # block
except KeyboardInterrupt:
self.running = False
except Exception, er:
util.Error('Error with wireless AP: %s' % er)
def is_alive(self):
"""Check if the target is alive"""
if not self.target is None:
rval = init_app('ping -c 1 -w 1 %s'%self.target, True)
up = search('\d.*? received', rval)
if search('0', up.group(0)) is None:
return True
return False
def is_alive(self):
"""Check if the target is alive"""
if not self.target is None:
rval = init_app('ping -c 1 -w 1 %s' % self.target, True)
up = search('\d.*? received', rval)
if search('0', up.group(0)) is None:
return True
return False
def manage_iptable(self, enable=True):
"""Add/remove the iptable rules. Enable
to enable, else remove.
"""
if enable:
util.init_app(self.input_ipt_rule)
util.init_app(self.output_ipt_rule)
else:
util.init_app(self.input_ipt_rule.replace('-I', '-D'))
util.init_app(self.output_ipt_rule.replace('-I', '-D'))
def manage_iptable(self,enable=True):
"""Add/remove the iptable rules. Enable
to enable, else remove.
"""
if enable:
util.init_app(self.input_ipt_rule)
util.init_app(self.output_ipt_rule)
else:
util.init_app(self.input_ipt_rule.replace('-I','-D'))
util.init_app(self.output_ipt_rule.replace('-I','-D'))
def update():
if not util.does_file_exist('./.git/config'):
util.Error('Not a git repo; please checkout from Github with \n\tgit clone http://github.com/hatRiot/zarp.git\n to update.')
else:
util.Msg('Updating Zarp...')
ret = util.init_app('git branch -a | grep \'* dev\'', True)
if len(ret) > 3:
util.Error('You appear to be on the dev branch. Please switch off dev to update.')
return
ret = util.init_app('git pull git://github.com/hatRiot/zarp.git HEAD', True)
if 'Already up-to-date' in ret:
util.Msg('Zarp already up to date.')
elif 'fatal' in ret:
util.Error('Error updating Zarp: %s'%ret)
else:
from util import version
util.Msg('Zarp updated to version %s'%(version()))
def smb_info(ip):
if not util.check_program('smbclient'):
print '\t [-] Skipping SMB enumeration.'
return
tmp = 'smbclient -U GUEST -N --socket-options=\'TCP_NODELAY IPTOS_LOWDELAY\' -L %s'%(ip)
data = util.init_app(tmp, True)
# dump smb reponse
for line in data.split('\n'):
print '\t |-', line
def main(ctx, config, host, port, no_es, debug):
# initializing ctx.obj
ctx.obj = {}
if no_es: host, port = (None, None)
ctx.obj['ES_HOST'] = host
ctx.obj['ES_PORT'] = port
ctx.obj['DEBUG'] = debug
if ctx.obj['DEBUG']: click.echo('Debug is on.', err=True)
ctx.obj['APP_CTX'] = util.init_app(config, host=host, port=port)
def smb_info(self, ip):
if not util.check_program("smbclient"):
print "\t [-] Skipping SMB enumeration."
return
tmp = "smbclient -U GUEST -N --socket-options='TCP_NODELAY " "IPTOS_LOWDELAY' -L %s" % (ip)
data = util.init_app(tmp, True)
# dump smb reponse
for line in data.split("\n"):
print "\t |-", line
def smb_info(self, ip):
if not util.check_program('smbclient'):
print '\t [-] Skipping SMB enumeration.'
return
tmp = 'smbclient -U GUEST -N --socket-options=\'TCP_NODELAY IPTOS_LOWDELAY\' -L %s' % (
ip)
data = util.init_app(tmp, True)
# dump smb reponse
for line in data.split('\n'):
print '\t |-', line
def main(ctx, config, host, port, no_es, debug):
# initializing ctx.obj
ctx.obj = {}
if no_es:
click.echo('No ES index...', err=True)
host, port = (None, None)
ctx.obj['ES_HOST'] = host
click.echo('host is %s.' % host)
ctx.obj['ES_PORT'] = port
ctx.obj['DEBUG'] = debug
if ctx.obj['DEBUG']: click.echo('Debug is on.', err=True)
# click.echo('Config file is %s' % config)
ctx.obj['APP_CTX'] = util.init_app(config, host=host, port=port)
def update():
"""Run update routine
"""
if not util.does_file_exist("./.git/config"):
util.Error(
"Not a git repo; please checkout from Github with \n\t"
"git clone http://github.com/hatRiot/zarp.git\n to update."
)
else:
util.Msg("Updating Zarp...")
ret = util.init_app("git branch -a | grep '* dev'", True)
if len(ret) > 3:
util.Error("You appear to be on the dev branch." "Please switch off dev to update.")
return
ret = util.init_app("git pull git://github.com/hatRiot/zarp.git HEAD")
if "Already up-to-date" in ret:
util.Msg("Zarp already up to date.")
elif "fatal" in ret:
util.Error("Error updating Zarp: %s" % ret)
else:
from util import version
util.Msg("Zarp updated to version %s" % (version()))
def initialize(self):
try:
# try importing here so we can catch it right away
import paramiko
except ImportError:
util.Error('Paramiko libraries required for this module.')
return
level = getattr(paramiko.common, 'CRITICAL')
paramiko.common.logging.basicConfig(level=level)
# if the user did not specify a key, generate one
if self.priv_key is None:
if not util.check_program('openssl'):
util.Error('OpenSSL required to generate cert/key files.')
return
if not util.does_file_exist('./privkey.key'):
util.debug('Generating RSA private key...')
tmp = util.init_app('openssl genrsa -out privkey.key 2048',
True)
util.debug('privkey.key was generated.')
self.priv_key = './privkey.key'
try:
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,
True)
server_socket.settimeout(3)
server_socket.bind(('0.0.0.0', 22))
server_socket.listen(1)
self.running = True
while self.running:
try:
con, addr = server_socket.accept()
except KeyboardInterrupt:
return
except:
# timeout
continue
pkey = paramiko.RSAKey.from_private_key_file(self.priv_key)
transport = paramiko.Transport(con)
transport.add_server_key(pkey)
transport.set_subsystem_handler('handler', paramiko.SFTPServer,
SSHHandler)
context = {
'dump': self.dump,
'log_data': self.log_data,
'log_file': self.log_file
}
server = SSHStub(context)
try:
transport.start_server(server=server)
channel = transport.accept()
while transport.is_active():
sleep(1)
except socket.error as j:
if j.errno == 104:
# just means we've got a broken pipe, or
# the peer dropped unexpectedly
continue
else:
raise Exception()
except IOError:
util.Error('There was an error reading the keyfile.')
return False
except EOFError:
# thrown when we dont get the key correctly, or
# remote host gets mad because the key changed
continue
except:
raise Exception()
except KeyboardInterrupt:
pass
except Exception as j:
util.Error('Error with server: %s' % j)
finally:
self.running = False
self.cleanup()
def zone_transfer(self, addr):
record = util.init_app("dig %s axfr" % addr, True)
if 'failed: connection refused.' in record:
util.Error('Host disallowed zone transfer')
return
print record
#!/usr/bin/env python
from flask import Flask
import src.haokan.api
import src.haokan.models
import util
def make_app(debug=False, **kwargs):
app = Flask(__name__)
app.config.from_pyfile('config.py')
app.debug = not app.config['PRODUCTION']
app.jinja_env.auto_reload = app.debug
app.jinja_env.globals.update(**kwargs)
app.permanent_session_lifetime = 30 * 24 * 3600 # session live for seconds
return app
app = make_app()
src.haokan.models.init_app(app)
app.register_blueprint(src.haokan.api.app, url_prefix="/haokan/api")
util.init_app(app)
def zone_transfer(self, addr):
record = util.init_app("dig %s axfr" % addr)
if "failed: connection refused." in record:
util.Error("Host disallowed zone transfer")
return
print record
_exit(1)
# check for forwarding
system = platform.system().lower()
if system == 'darwin':
if not getoutput('sysctl -n net.inet.ip.forwarding') == '1':
util.Msg('IPv4 forwarding disabled. Enabling..')
tmp = getoutput(
'sudo sh -c \'sysctl -w net.inet.ip.forwarding=1\'')
if 'not permitted' in tmp:
util.Error('Error enabling IPv4 forwarding.')
exit(1)
elif system == 'linux':
if not getoutput('cat /proc/sys/net/ipv4/ip_forward') == '1':
util.Msg('IPv4 forwarding disabled. Enabling..')
tmp = getoutput(
'sudo sh -c \'echo "1" > /proc/sys/net/ipv4/ip_forward\'')
if len(tmp) > 0:
util.Error('Error enabling IPv4 forwarding.')
exit(1)
else:
util.Error('Unknown operating system. Cannot IPv4 forwarding.')
exit(1)
# create temporary directory for zarp to stash stuff
if exists("/tmp/.zarp"):
util.init_app("rm -fr /tmp/.zarp")
util.init_app("mkdir /tmp/.zarp")
main()
def zone_transfer(addr):
record = util.init_app("dig %s axfr"%addr, True)
if 'failed: connection refused.' in record:
util.Error('Host disallowed zone transfer')
return
print record
def main():
""" Zarp entry point
"""
# set up configuration
config.initialize()
# set up database
database.initialize()
# load modules
loader = LoadedModules()
loader.load()
util.Msg('Loaded %d modules.' % loader.total)
# handle command line options first
if len(argv) > 1:
parse_cmd.parse(argv, loader)
# menus
main_menu = [
'Poisoners', 'DoS Attacks', 'Sniffers', 'Scanners', 'Parameter',
'Services', 'Attacks', 'Sessions'
]
running = True
choice = -1
while running:
util.header()
choice = util.print_menu(main_menu)
if choice == 0:
# check if they've got running sessions!
cnt = stream.get_session_count()
if cnt > 0:
display = color.B_YELLOW + 'You have %d sessions running. ' + \
'Are you sure? ' + color.B_GREEN + '[' + color.B_YELLOW + \
'Y' + color.B_GREEN + '/' + color.B_YELLOW + 'n' + \
color.B_GREEN + '] ' + color.END
choice = raw_input(display % cnt)
if 'y' in choice.lower() or choice == '':
util.Msg('Shutting all sessions down...')
stream.stop_session('all', -1)
running = False
else:
util.debug("Exiting with session count: %d" % (cnt))
util.Msg("Exiting...")
running = False
# remove zarp temporary directory
util.init_app('rm -fr /tmp/.zarp/')
# recheck that all sessions are down
cnt = stream.get_session_count()
if cnt <= 0:
# some libs dont clean up their own threads, so
# we need to hard quit those to avoid hanging; FIXME
_exit(1)
elif choice == 1:
while True:
choice = util.print_menu([x().which for x in loader.poison])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.poison):
continue
else:
stream.initialize(loader.poison[choice - 1])
elif choice == 2:
while True:
choice = util.print_menu([x().which for x in loader.dos])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.dos):
continue
else:
stream.initialize(loader.dos[choice - 1])
elif choice == 3:
while True:
choice = util.print_menu([x().which for x in loader.sniffers])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.sniffers):
continue
else:
stream.initialize(loader.sniffers[choice - 1])
elif choice == 4:
while True:
choice = util.print_menu([x().which for x in loader.scanner])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.scanner):
continue
else:
stream.initialize(loader.scanner[choice - 1])
elif choice == 5:
while True:
choice = util.print_menu([x().which for x in loader.parameter])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.parameter):
continue
else:
stream.initialize(loader.parameter[choice - 1])
elif choice == 6:
while True:
choice = util.print_menu([x().which for x in loader.services])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.services):
continue
else:
stream.initialize(loader.services[choice - 1])
elif choice == 7:
while True:
choice = util.print_menu([x().which for x in loader.attacks])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.attacks):
continue
else:
stream.initialize(loader.attacks[choice - 1])
elif choice == 8:
session_manager.menu()
elif choice == -1:
pass
_exit(1)
# check for forwarding
system = platform.system().lower()
if system == 'darwin':
if not check_output('sysctl -n net.inet.ip.forwarding') == '1':
util.Msg('IPv4 forwarding disabled. Enabling..')
tmp = check_output(
'sudo sh -c \'sysctl -w net.inet.ip.forwarding=1\'')
if 'not permitted' in tmp:
util.Error('Error enabling IPv4 forwarding.')
exit(1)
elif system == 'linux':
if not check_output('cat /proc/sys/net/ipv4/ip_forward') == '1':
util.Msg('IPv4 forwarding disabled. Enabling..')
tmp = check_output(
'sudo sh -c \'echo "1" > /proc/sys/net/ipv4/ip_forward\'')
if len(tmp) > 0:
util.Error('Error enabling IPv4 forwarding.')
exit(1)
else:
util.Error('Unknown operating system. Cannot IPv4 forwarding.')
exit(1)
# create temporary directory for zarp to stash stuff
if exists("/tmp/.zarp"):
util.init_app("rm -fr /tmp/.zarp")
util.init_app("mkdir /tmp/.zarp")
main()
def initialize(self):
priv_key = self.config['priv_key'].value
try:
# try importing here so we can catch it right away
import paramiko
except ImportError:
util.Error('Paramiko libraries required for this module.')
return
level = getattr(paramiko.common, 'CRITICAL')
paramiko.common.logging.basicConfig(level=level)
# if the user did not specify a key, generate one
if priv_key is None:
if not util.check_program('openssl'):
util.Error('OpenSSL required to generate cert/key files.')
return
if not util.does_file_exist('./privkey.key'):
util.debug('Generating RSA private key...')
util.init_app('openssl genrsa -out privkey.key 2048')
util.debug('privkey.key was generated.')
priv_key = self.config['priv_key'].value = './privkey.key'
try:
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, True)
server_socket.settimeout(3)
server_socket.bind(('0.0.0.0', self.config['port'].value))
server_socket.listen(1)
self.running = True
while self.running:
try:
con, addr = server_socket.accept()
except KeyboardInterrupt:
return
except:
# timeout
continue
pkey = paramiko.RSAKey.from_private_key_file(priv_key)
transport = paramiko.Transport(con)
transport.add_server_key(pkey)
transport.set_subsystem_handler('handler', paramiko.SFTPServer, SSHHandler)
context = {'dump': self.dump, 'log_data': self.log_data,
'log_file': self.log_file}
server = SSHStub(context)
try:
transport.start_server(server=server)
transport.accept()
while transport.is_active():
sleep(1)
except socket.error as j:
if j.errno == 104:
# just means we've got a broken pipe, or
# the peer dropped unexpectedly
continue
else:
raise Exception()
except IOError:
util.Error('There was an error reading the keyfile.')
return False
except EOFError:
# thrown when we dont get the key correctly, or
# remote host gets mad because the key changed
continue
except:
raise Exception()
except KeyboardInterrupt:
pass
except Exception as j:
util.Error('Error with server: %s' % j)
finally:
self.running = False
self.cleanup()
def main():
""" Zarp entry point
"""
# set up configuration
config.initialize()
# set up database
database.initialize()
# load modules
loader = LoadedModules()
loader.load()
util.Msg('Loaded %d modules.' % loader.total)
# handle command line options first
if len(argv) > 1:
parse_cmd.parse(argv, loader)
# menus
main_menu = ['Poisoners', 'DoS Attacks', 'Sniffers', 'Scanners',
'Parameter', 'Services', 'Attacks', 'Sessions']
running = True
choice = -1
while running:
util.header()
choice = util.print_menu(main_menu)
if choice == 0:
# check if they've got running sessions!
cnt = stream.get_session_count()
if cnt > 0:
display = color.B_YELLOW + 'You have %d sessions running. ' + \
'Are you sure? ' + color.B_GREEN + '[' + color.B_YELLOW + \
'Y' + color.B_GREEN + '/' + color.B_YELLOW + 'n' + \
color.B_GREEN + '] ' + color.END
choice = raw_input(display % cnt)
if 'y' in choice.lower() or choice == '':
util.Msg('Shutting all sessions down...')
stream.stop_session('all', -1)
running = False
else:
util.debug("Exiting with session count: %d" % (cnt))
util.Msg("Exiting...")
running = False
# remove zarp temporary directory
util.init_app('rm -fr /tmp/.zarp/')
# recheck that all sessions are down
cnt = stream.get_session_count()
if cnt <= 0:
# some libs dont clean up their own threads, so
# we need to hard quit those to avoid hanging; FIXME
_exit(1)
elif choice == 1:
while True:
choice = util.print_menu([x().which for x in loader.poison])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.poison):
continue
else:
stream.initialize(loader.poison[choice - 1])
elif choice == 2:
while True:
choice = util.print_menu([x().which for x in loader.dos])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.dos):
continue
else:
stream.initialize(loader.dos[choice - 1])
elif choice == 3:
while True:
choice = util.print_menu([x().which for x in loader.sniffers])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.sniffers):
continue
else:
stream.initialize(loader.sniffers[choice - 1])
elif choice == 4:
while True:
choice = util.print_menu([x().which for x in loader.scanner])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.scanner):
continue
else:
stream.initialize(loader.scanner[choice - 1])
elif choice == 5:
while True:
choice = util.print_menu([x().which for x in loader.parameter])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.parameter):
continue
else:
stream.initialize(loader.parameter[choice - 1])
elif choice == 6:
while True:
choice = util.print_menu([x().which for x in loader.services])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.services):
continue
else:
stream.initialize(loader.services[choice - 1])
elif choice == 7:
while True:
choice = util.print_menu([x().which for x in loader.attacks])
if choice == 0:
break
elif choice == -1:
pass
elif choice > len(loader.attacks):
continue
else:
stream.initialize(loader.attacks[choice - 1])
elif choice == 8:
session_manager.menu()
elif choice == -1:
pass
