Created
August 24, 2021 08:36
-
-
Save michelep/93bb278cef8fe2456b3a6b15a99647bd to your computer and use it in GitHub Desktop.
Fortigate WIFI Clients monitor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# | |
###################################################### | |
# Fortigate WiFi client monitor | |
# v0.0.1 - Michele "O-Zone" Pinassi | |
# | |
# This script, tested with Fortigate API 6.4.x, check if an user | |
# is connected on wifi network with more than CLIENT_TRIGGER clients. | |
# At the end, send a mail with username and device MACs connected | |
# | |
###################################################### | |
import pprint | |
import requests | |
import sys | |
import urllib | |
import smtplib | |
from email.mime.multipart import MIMEMultipart | |
from email.mime.text import MIMEText | |
import datetime | |
from time import strftime,gmtime | |
CLIENT_TRIGGER=2 | |
# | |
# MAIN | |
# | |
def main(): | |
fortigate_host = 'FORTIGATE_HOST' | |
fortigate_token = 'FORTIGATE_TOKEN' | |
whitelist = ['anonymous@...'] | |
# Disable HTTPS warnings | |
requests.packages.urllib3.disable_warnings() | |
wifiUsers = {} | |
try: | |
r = requests.get("https://%s/api/v2/monitor/wifi/client?access_token=%s"%(fortigate_host,fortigate_token), verify=False) | |
jsonResponse = r.json() | |
apClients = jsonResponse[u'results'] | |
for client in apClients: | |
for key, value in client.items(): | |
if key == u'user': | |
if wifiUsers.get(value) is not None: | |
wifiUsers[value]=wifiUsers[value]+1 | |
else: | |
wifiUsers[value]=1 | |
except Exception as err: | |
print('Oh oh! Something wrong happens: %s'%err) | |
mail_sender = "irt@..." | |
mail_receivers = ["sysadmin@..."] | |
userslist="" | |
userscount=0 | |
for key, value in wifiUsers.items(): | |
if key not in whitelist: | |
endpoint_macs="" | |
if value > CLIENT_TRIGGER: | |
# Fetch USER's endpoint MACs... | |
for client in apClients: | |
if client.get(u'user') == key: | |
endpoint_macs = client.get(u'mac')+"; "+endpoint_macs | |
# | |
print("User %s logged in from %d endpoints: %s"%(key,value,endpoint_macs)) | |
userslist = userslist + "<li>User %s logged in from %d endpoints: %s</li>"%(key,value,endpoint_macs) | |
userscount=userscount+1 | |
if userscount > 0: | |
msg = MIMEMultipart('alternative') | |
msg['Subject'] = "[IRT] WiFi client monitor - %d users detected"%(userscount) | |
msg['From'] = "irt@..." | |
msg['To'] = "irt@..." | |
text_message = """Visualizza la mail in HTML""" | |
html_message = """ | |
<p>In data {datetime} sono stati individuati i seguenti utenti connessi da più di 3 clients alla rete WiFi di Ateneo:</p> | |
<ul> | |
{userslist} | |
</ul> | |
""".format(datetime=strftime("%Y-%m-%d %H:%M:%S", gmtime()),userslist=userslist) | |
part1 = MIMEText(text_message, 'plain') | |
part2 = MIMEText(html_message, 'html') | |
msg.attach(part1) | |
msg.attach(part2) | |
try: | |
smtpObj = smtplib.SMTP('SMTP_SERVER') | |
smtpObj.sendmail(mail_sender, mail_receivers, msg.as_string()) | |
print "Successfully sent email" | |
smtpObj.quit() | |
except: | |
print "Oh oh! Something wrong happens :-(" | |
else: | |
# print "No users to warn" | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment