def add(self, moduleExe, moduleId, hash, external=False): """ Add a module to the list and start it, this method is called both on external events and from CLI interaction """ if moduleId in self.modules: print "[ModuleCoordinator]: Id already used, choose another" return if self.haleConf.get("xmpp", "use") == 'True': monitored = producerBot.ProducerBot().getMonitoredBotnets() botnet = moduleExe.getConfig()['botnet'] if not external and monitored != None: if hash in monitored or producerBot.ProducerBot().sendTrackReq( hash): self.putError("Botnet: " + hash + " already monitored") return self.modules[moduleId] = moduleExe self.configHashes[moduleId] = hash conf = self.modules[moduleId].getConfig() coord = self.geo.record_by_name(conf['botnet']) if coord == None: self.putError("Unkown host: " + conf['botnet']) self.modules.pop(moduleId) self.configHashes.pop(moduleId) return moduleExe.run()
def putToXMPP(self, data, config, botnethash): """ Tell producer bot to output log message in the share channel """ logmsg = '[' + botnethash + '] ' + data producerBot.ProducerBot().sendLog(logmsg)
def doDownload(self, url, extfilename): """ Download file from captured url and check its PE header when downloaded. """ proxyInfo = self.prox.getRandomProxy() if proxyInfo == None: pass else: if len(proxyInfo['USER']) == 0: socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, proxyInfo['HOST'], proxyInfo['PORT']) else: socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, proxyInfo['HOST'], proxyInfo['PORT'], proxyInfo['USER'], proxyInfo['PASS']) socket.socket = socks.socksocket opener = urllib2.build_opener() opener.addheaders = [('User-agent', '')] try: fp = opener.open(url) except Exception: return urlinfo = fp.info() if "text/html" in urlinfo['Content-Type']: # no executable fp.close() return content = "".join(fp.readlines()) fp.close() try: os.remove(tmp_file) except: pass md5 = hashlib.new('md5') hash = md5.update(content) fname = md5.hexdigest() filename = extfilename if not os.path.exists(filename): fp = open(filename, 'a+') fp.write(content) fp.close() try: pe = pefile.PE(filename, fast_load=True) except Exception: os.remove(filename) return os.remove(filename) content = base64.b64encode(content) if self.haleConf.get("xmpp", "use") == 'True': producerBot.ProducerBot().sendFile(content, fname) botnetobject = Botnet.objects.get(botnethashvalue=self.botnethash) try: File(botnet=botnetobject, hash=fname, content=content, filename=filename).save() botnetobject.save() except IntegrityError: pass
def stop(self, moduleId): """ Stop a module with id moduleId """ if moduleId not in self.modules.keys(): return "No such id running" if self.haleConf.get("xmpp", "use") == 'True': producerBot.ProducerBot().removeBotnet(self.configHashes[moduleId]) self.configHashes.pop(moduleId) self.modules[moduleId].stop() self.modules.pop(moduleId)
def __init__(self): """ Constructor to set up objects to be used """ self.allowNone = True self.useDateTime = False moduleManager.handle_modules_onstart() self.haleConf = configHandler.ConfigHandler().loadHaleConf() moduleCoordinator.ModuleCoordinator(self.haleConf).start() if self.haleConf.get("xmpp", "use") == 'True': producerBot.ProducerBot(self.haleConf).run() self.moduleDirChange = ModuleDirChangeThread() self.moduleDirChange.start() self.config = configHandler.ConfigHandler() self.modlist = []