Changeset 5899
- Timestamp:
- 04/09/11 10:10:51 (2 years ago)
- Files:
-
- 1 modified
-
zion/trunk/umit/zion/core/zion.py (modified) (23 diffs)
Legend:
- Unmodified
- Added
- Removed
-
zion/trunk/umit/zion/core/zion.py
r5835 r5899 59 59 """ 60 60 return self.__option 61 61 62 62 def reset_options(self): 63 63 """ … … 79 79 """ 80 80 self.notify('update_status', "Host scanning started\n") 81 81 82 82 if self.__option.has(options.OPTION_PORTS): 83 83 ports = self.__option.get(options.OPTION_PORTS) … … 94 94 for target in self.__target: 95 95 print target 96 96 97 97 self.notify('scan_finished', self.__target[0]) 98 98 99 99 def do_capture(self, dev=None): 100 100 """ … … 134 134 if mode == options.FORGE_MODE_SYN: 135 135 self.do_scan() 136 136 137 137 self.notify('update_status', 'Capturing packets\n') 138 138 139 139 if fields!=None: 140 140 s.fields = fields … … 150 150 print 'Unimplemented forge mode %s.' % mode 151 151 152 152 153 153 def do_forge_mode_syn(self, s, target, target_port, addr, port): 154 154 """ 155 155 """ 156 156 157 157 amount = self.__option.get(options.OPTION_CAPTURE_AMOUNT) 158 158 … … 184 184 except KeyboardInterrupt: 185 185 packet.stop() 186 186 187 187 188 188 def run(self, outq=None): … … 190 190 """ 191 191 self.__outq = outq 192 192 193 193 if self.__option.has(options.OPTION_HELP): 194 194 195 195 print options.HELP_TEXT 196 196 197 197 elif self.__option.has(options.OPTION_DETECT): 198 198 199 199 self.notify('update_status', 'OS Detection Started\n') 200 200 201 201 print 202 202 print 'OS Detection' 203 203 print '------------' 204 204 205 205 # configure parameters for OS detection 206 206 if not self.__option.has(options.OPTION_CAPTURE_AMOUNT): 207 207 self.__option.add('--capture-amount',AMOUNT_OS_DETECTION) 208 208 if not self.__option.has(options.OPTION_SEND_INTERVAL): 209 self.__option.add('-i',SEND_INTERVAL) 209 self.__option.add('-i',SEND_INTERVAL) 210 210 self.__option.add('-f','syn') 211 211 212 212 print 'Capturing packets' 213 213 self.do_forge(['tcp.seq']) 214 214 215 215 self.notify('update_status', 'Creating time series\n') 216 216 217 217 print 'Calculating PRNG' 218 218 Rt = self.calculate_PRNG() 219 219 220 220 self.notify('update_status', 'Building attractors\n') 221 221 222 222 print 'Creating attractors' 223 223 self.__classification(Rt) 224 224 225 225 self.notify('update_status', 'Performing OS fingerprint matching\n') 226 226 227 227 print 'Matching' 228 228 result = self.__matching() 229 229 230 230 self.notify('matching_finished', result) 231 232 231 232 233 233 elif self.__option.has(options.OPTION_SYNPROXY): 234 234 235 235 self.notify('update_status', 'Syn Proxy Detection Started\n\n') 236 236 237 237 synproxy = self.synproxy_detection() 238 238 if synproxy==True: … … 240 240 else: 241 241 print 'Target isnt synproxy' 242 242 243 243 self.notify('synproxy_finished', synproxy) 244 244 245 245 elif self.__option.has(options.OPTION_HONEYD): 246 246 247 247 self.notify('update_status', 'Honeyd Detection Started\n') 248 248 249 249 honeyd = self.honeyd_detection() 250 250 if honeyd==False: … … 252 252 else: 253 253 print 'Target is honeyd' 254 254 255 255 self.notify('honeyd_finished', honeyd) 256 256 257 257 elif self.__option.has(options.OPTION_FORGE): 258 258 259 259 self.notify('update_status', 'Forge started\n') 260 260 … … 268 268 269 269 self.notify('update_status', 'Scanning host\n') 270 270 271 271 print 272 272 print 'TCP SYN port scan results' … … 274 274 275 275 self.do_scan() 276 276 277 277 elif self.__option.has(options.OPTION_CAPTURE): 278 278 … … 281 281 print '-----------------' 282 282 283 self.do_capture() 283 self.do_capture() 284 284 285 285 else: 286 286 print options.HELP_TEXT 287 288 287 288 289 289 def honeyd_detection(self): 290 """ Detect if target are an honeyd. """ 290 """ Detect if target are an honeyd. """ 291 291 # configure parameters for honeyd detection 292 292 if not self.__option.has(options.OPTION_CAPTURE_AMOUNT): 293 293 self.__option.add('--capture-amount',AMOUNT_HONEYD_DETECTION) 294 294 self.__option.add('-f','syn') 295 295 296 296 self.do_forge(['tcp.seq']) 297 297 Rt = self.calculate_PRNG() 298 298 299 299 if len(Rt) > 0: 300 300 … … 304 304 if not len(values)==1: 305 305 return False 306 306 307 307 # verify constant increments 308 308 cycle = Rt[:5] … … 314 314 if increments.count(k)==4: 315 315 return True 316 316 317 317 return False 318 318 else: 319 319 return False 320 321 322 320 321 322 323 323 def synproxy_detection(self): 324 324 """ Detect if target is an syn proxy. """ 325 325 326 326 # configure parameters for honeyd detection 327 327 if not self.__option.has(options.OPTION_CAPTURE_AMOUNT): 328 328 self.__option.add('--capture-amount',1) 329 329 self.__option.add('-f','syn') 330 330 331 331 self.notify('update_status','Searching for open ports\n') 332 332 333 333 target = self.__target[0] 334 334 335 335 # search for open ports in target 336 336 self.do_scan() 337 337 ports = target.get_open_ports() 338 338 339 339 self.notify('update_status','Generate random ports\n') 340 340 341 341 origin_port1 = random.randint(1024, 65535) 342 342 while True: … … 347 347 s = sniff.Sniff() 348 348 addr = self.__option.get(options.OPTION_FORGE_ADDR) 349 349 350 350 self.notify('update_status','Sending packets\n') 351 351 s.fields = ['tcp.seq'] … … 358 358 self.do_forge_mode_syn(s, target, ports[0], addr, origin_port1) 359 359 isn3 = self.__capture_result[0][1] 360 360 361 361 if isn1!=isn2 and isn1==isn3: 362 362 return True 363 363 else: 364 364 return False 365 366 365 366 367 367 def calculate_PRNG(self): 368 368 """ Calculate Pseudo Random Number Generator from ISN captured. """ 369 369 370 370 if len(self.__capture_result) == 0: 371 371 print 'Error: no results available' … … 375 375 if self.__capture_result[i][1][0] <> 'None': 376 376 isn.append(int(self.__capture_result[i][1][0])) 377 377 378 378 ordered = True 379 379 380 380 # verify if isn numbers are ordered ascendly 381 381 for i in range(1,len(isn)): … … 383 383 ordered = False 384 384 break 385 385 386 386 Rt = [] 387 387 388 388 if ordered==False: 389 389 Rt = isn … … 391 391 for i in range(len(isn)-1): 392 392 Rt.append(isn[i+1] - isn[i]) 393 393 394 394 return Rt 395 396 395 396 397 397 def __classification(self,Rt): 398 398 """ Get attractors and put them in SOM. """ 399 399 400 400 self.__attractors = [] 401 401 402 402 # normalize results 403 403 max_val = max(Rt) 404 404 min_val = min(Rt) 405 405 ratio = 2/(max_val-min_val) 406 406 407 407 self.__som = som.new(2,(30,30)) 408 408 self.__matrix = matrix.new(len(Rt)-1,2) 409 409 410 410 for i in range(len(Rt)-1): 411 411 x = Rt[i+1] … … 414 414 matrix.set(self.__matrix, i, 0, x) 415 415 matrix.set(self.__matrix, i, 1, y) 416 417 self.notify('attractors_built', self.__attractors) 416 417 self.notify('attractors_built', self.__attractors) 418 418 419 419 som.caracterization(self.__som, self.__matrix, EPOCHS) 420 420 421 421 def __matching(self): 422 422 """ … … 425 425 dmin = sys.maxint 426 426 id_min = None 427 427 428 428 conn = sqlite3.connect('umit/zion/db/db.sqlite') 429 429 c = conn.cursor() 430 430 c.execute('SELECT software.pk, s_attractor.fp FROM software INNER JOIN fingerprint ON software.pk = fingerprint.fk_software INNER JOIN s_attractor ON s_attractor.pk = fingerprint.fk_sig1') 431 431 432 432 for fingerprint in c: 433 433 attractor = cPickle.loads(str(fingerprint[1])) … … 437 437 dmin = d 438 438 id_min = fingerprint[0] 439 439 440 440 details = None 441 441 if id_min!=None: … … 445 445 else: 446 446 print 'no fingerprints available in database' 447 447 448 448 return details 449 449 450 450 def get_attractors(self): 451 451 """ Return the list of attractors. """ 452 452 return self.__attractors 453 453 454 454 def notify(self, signal, param=None): 455 455 """
