Created
December 18, 2013 00:29
-
-
Save 0xdevalias/8015348 to your computer and use it in GitHub Desktop.
Lair Drone for Bizsploit (rough hacky storage till i create a proper repo)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Copyright (c) 2013 Glenn 'devalias' Grant | |
import os | |
import sys | |
############## | |
# /dev/alias Import path hack for ./drone-bizsploit | |
############## | |
import pprint | |
mypath = os.path.abspath(os.path.join(os.path.dirname(os.path.realpath(__file__)), '..')) | |
sys.path.insert(0, | |
mypath | |
) | |
print "Mypath: %s" % mypath | |
############## | |
sys.path.append(os.path.abspath( | |
os.path.join(os.path.dirname(__file__), '..')) | |
) | |
from optparse import OptionParser | |
from lairdrone import api | |
from lairdrone import bizsploit | |
def main(): | |
""" | |
main point of execution | |
:return: | |
""" | |
# Support for environment variable project id | |
env_lair_project_id = os.getenv('LAIR_PROJECT_ID') | |
if env_lair_project_id == None: | |
env_lair_project_id = os.getenv('LAIR_PID') | |
usage = "usage: `%prog <project_id> <file>`\n or `%prog <file>` when LAIR_PROJECT_ID env var set" | |
description = "%prog imports Bizsploit files into Lair [ALPHA]" | |
parser = OptionParser(usage=usage, description=description, | |
version="%prog 0.0.1") | |
(options, args) = parser.parse_args() | |
if len(args) != 2 and env_lair_project_id == None: | |
print parser.get_usage() | |
print "opt1" | |
sys.exit(1) | |
# elif len(args) != 2: | |
# print parser.get_usage() | |
# print "opt2" | |
# sys.exit(1) | |
if len(args) == 1: | |
lair_project_id = env_lair_project_id | |
lair_file = args[0] | |
print "Using ProjectId from ENV: %s" % lair_project_id | |
elif len(args) == 2: | |
lair_project_id = args[0] | |
lair_file = args[1] | |
# Connect to the database | |
db = api.db_connect() | |
project = bizsploit.parse(lair_project_id, lair_file) | |
#api.save(project, db, bizsploit.TOOL) | |
print "Save to database currently disabled. Displaying details instead:" | |
pp = pprint.PrettyPrinter(indent=4) | |
pp.pprint(project) | |
sys.exit(0) | |
if __name__ == '__main__': | |
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Copyright (c) 2013 Glenn 'devalias' Grant | |
import os | |
import copy | |
#import xml.etree.ElementTree as et | |
from lairdrone import drone_models as models | |
from lairdrone import helper | |
OS_WEIGHT = 10 | |
TOOL = "bizsploit" | |
PRODUCT_SAP_etc = 'SAPetc' | |
# Output strings that may be of use | |
#root@netherdrake:~/pentest/bizsploit# ./bizploit -t ~/pentest/assessments/foo/bizsploit-foo_targets.stf | |
#Warning: It was not possible to load the RFC library, some connectors might not work. | |
#bizploit - Open Source ERP Penetration Testing Framework (v1.50) | |
# | |
#TCP-Pinging remote system 10.2.3.4 first. Available. | |
#The port scanning is being performed. Please wait, it could take a while. | |
#OPEN ports on target 10.2.3.4: | |
#Port Default Service | |
#---- --------------- | |
#1128/tcp SAPHostControl | |
#3200/tcp SAP Dispatcher | |
#3300/tcp SAP Gateway | |
#3600/tcp SAP Message Server | |
#8000/tcp SAP ICM HTTP | |
#8025/tcp SAP ICM HTTP | |
#8100/tcp SAP Message Server HTTP | |
#8101/tcp SAP Message Server HTTP | |
#40000/tcp SAP IGS - Multiplexer | |
#40001/tcp SAP IGS - Portwatcher | |
#40002/tcp SAP IGS - Portwatcher | |
#40080/tcp SAP IGS - HTTP Administration | |
#50013/tcp SAP Start Service | |
#50014/tcp SAP Start Service | |
#50113/tcp SAP Start Service | |
#59704/tcp SAP J2EE Dispatcher - P4 | |
#59713/tcp SAP Start Service | |
#Added SAPICM connector to target 0. | |
#Added SAPICM connector to target 0. | |
#Added SAPMC connector to target 0. | |
#Added SAPMC connector to target 0. | |
#Added SAPMC connector to target 0. | |
#Added SAPMC connector to target 0. | |
#Connector discovery completed. | |
# | |
#TCP-Pinging remote system 10.2.3.5 first. Available. | |
#The port scanning is being performed. Please wait, it could take a while. | |
#No OPEN ports on target 10.2.3.5 | |
#Connector discovery completed. | |
# | |
#Running 'icmInfo' against [10.2.3.4(0)-SAPICM(0)] | |
# Checking if the service is available... | |
# [VULN] The SAP ICM Info service is enabled at '/sap/public/info' | |
# Remote system information: | |
# RFC Log Version: 011 | |
# Release Status of SAP System: 701 | |
# Kernel Release: 720 | |
# Operating System: MyOS | |
# Database Host: my-db-host | |
# Central Database System: ORACLE | |
# Integer Format: Big Endian | |
# Hostname: my-sap-host | |
# Float Type Format: IEEE | |
# IP Address: 10.2.3.4 | |
# System ID: ABC | |
# RFC Destination: my-sap-host_ABC_00 | |
# Timezone: 36000 (diff from UTC in seconds) | |
# Character Set: 4102 | |
# Machine ID: 370 | |
#Execution finished with result code: OK | |
def parse(project, resource): | |
"""Parses a Bizsploit console output file and updates the Lair database | |
:param project: The project id | |
:param resource: The Bizsploit console output file | |
""" | |
# or xml string to be parsed | |
# Attempt to parse resource as file or string | |
try: | |
if os.path.isfile(resource): | |
file = open(resource,'r') | |
#tree = et.parse(resource) | |
#root = tree.getroot() | |
#else: | |
# root = et.fromstring(resource) | |
#except et.ParseError: | |
except IOError: | |
raise | |
# Create the project dictionary which acts as foundation of document | |
project_dict = copy.deepcopy(models.project_model) | |
project_dict['project_id'] = project | |
# Pull the command from the file | |
command_dict = copy.deepcopy(models.command_model) | |
command_dict['tool'] = TOOL | |
command_dict['command'] = './bizsploit TODO STUFF HERE > %s' % resource | |
#if root.tag == 'nmaprun': | |
# command_dict['command'] = root.attrib['args'] | |
#else: | |
# command = root.find('nmaprun') | |
# if command is not None: | |
# command_dict['command'] = command.attrib['args'] | |
#project_dict['commands'].append(command_dict) | |
project_dict['commands'].append(command_dict) | |
host_dict = copy.deepcopy(models.host_model) | |
host_dict['string_addr'] = 'localhost' | |
host_dict['long_addr'] = helper.ip2long('127.0.0.1') | |
host_dict['mac_addr'] = '00:11:22:33:44' | |
host_dict['last_modified_by'] = TOOL | |
port_dict = copy.deepcopy(models.port_model) | |
port_dict['port'] = 80 | |
port_dict['protocol'] = models.PROTOCOL_TCP | |
port_dict['service'] = 'MyService' | |
port_dict['product'] = 'MyProduct' + " " + 'v0.1' | |
port_dict['last_modified_by'] = TOOL | |
credential_dict = copy.deepcopy(models.credential_model) | |
credential_dict['username'] = 'MyUsername' | |
credential_dict['password'] = 'MyPassword' | |
credential_dict['hash'] = 'MyHash' | |
port_dict['credentials'].append(credential_dict) | |
note_dict = copy.deepcopy(models.note_model) | |
note_dict['title'] = 'Note Title' | |
note_dict['content'] = 'Note Contents' | |
note_dict['last_modified_by'] = TOOL | |
port_dict['notes'].append(note_dict) | |
host_dict['ports'].append(port_dict) | |
os_dict = copy.deepcopy(models.os_model) | |
os_dict['tool'] = TOOL | |
os_dict['weight'] = OS_WEIGHT | |
os_dict['fingerprint'] = 'MyOsFingerprint' | |
host_dict['os'].append(os_dict) | |
project_dict['hosts'].append(host_dict) | |
# # Process each 'host' in the file | |
# for host in root.findall('host'): | |
# | |
# host_dict = copy.deepcopy(models.host_model) | |
# | |
# # Find the host status | |
# status = host.find('status') | |
# if status is not None: | |
# if status.attrib['state'] != 'up': | |
# host_dict['alive'] = False | |
# | |
# if status is None or not host_dict.get('alive', False): | |
# # Don't import dead hosts | |
# continue | |
# | |
# # Find the IP address and/or MAC address | |
# for addr in host.findall('address'): | |
# | |
# # Get IP address | |
# if addr.attrib['addrtype'] == 'ipv4': | |
# host_dict['string_addr'] = addr.attrib['addr'] | |
# host_dict['long_addr'] = helper.ip2long(addr.attrib['addr']) | |
# elif addr.attrib['addrtype'] == 'mac': | |
# host_dict['mac_addr'] = addr.attrib['addr'] | |
# | |
# # Find the host names | |
# for hostname in host.iter('hostname'): | |
# host_dict['hostnames'].append(hostname.attrib['name']) | |
# | |
# # Find the ports | |
# for port in host.iter('port'): | |
# port_dict = copy.deepcopy(models.port_model) | |
# port_dict['port'] = int(port.attrib['portid']) | |
# port_dict['protocol'] = port.attrib['protocol'] | |
# | |
# # Find port status | |
# status = port.find('state') | |
# if status is not None: | |
# if status.attrib['state'] != 'open': | |
# continue | |
# port_dict['alive'] = True | |
# | |
# # Find port service and product | |
# service = port.find('service') | |
# if service is not None: | |
# port_dict['service'] = service.attrib['name'] | |
# if 'product' in service.attrib: | |
# if 'version' in service.attrib: | |
# port_dict['product'] = service.attrib['product'] + " " + service.attrib['version'] | |
# else: | |
# port_dict['product'] = service.attrib['product'] | |
# else: | |
# port_dict['product'] = "unknown" | |
# | |
# # Find NSE script output | |
# for script in port.findall('script'): | |
# note_dict = copy.deepcopy(models.note_model) | |
# note_dict['title'] = script.attrib['id'] | |
# note_dict['content'] = script.attrib['output'] | |
# note_dict['last_modified_by'] = TOOL | |
# port_dict['notes'].append(note_dict) | |
# | |
# host_dict['ports'].append(port_dict) | |
# | |
# # Find the Operating System | |
# os_dict = copy.deepcopy(models.os_model) | |
# os_dict['tool'] = TOOL | |
# os_list = list(host.iter('osmatch')) | |
# if os_list: | |
# os_dict['weight'] = OS_WEIGHT | |
# os_dict['fingerprint'] = os_list[0].attrib['name'] | |
# | |
# host_dict['os'].append(os_dict) | |
# | |
# project_dict['hosts'].append(host_dict) | |
# | |
return project_dict |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment