refactor library imports

! import only needed constants and functions
refactor other imports for every attack
refactor get_interval_pps name
refactor platform probability distribution
fix format in utility lib

code/Attack/BaseAttack.py

@@ -5,16 +5,16 @@ import os
 import random
 import re
 import tempfile
-from abc import abstractmethod, ABCMeta
-from scapy.layers.inet import Ether
 import numpy as np
 
-import ID2TLib.libpcapreader as pr
+from abc import abstractmethod, ABCMeta
+from scapy.layers.inet import Ether
 from scapy.utils import PcapWriter
 
 from Attack import AttackParameters
 from Attack.AttackParameters import Parameter
 from Attack.AttackParameters import ParameterTypes
+import ID2TLib.libpcapreader as pr
 
 
 class BaseAttack(metaclass=ABCMeta):

code/Attack/DDoSAttack.py

@@ -1,18 +1,18 @@
 import logging
-from random import randint, uniform, choice
 
+from random import randint, choice
 from lea import Lea
+from collections import deque
 from scipy.stats import gamma
+from scapy.layers.inet import IP, Ether, TCP, RandShort
 
 from Attack import BaseAttack
 from Attack.AttackParameters import Parameter as Param
 from Attack.AttackParameters import ParameterTypes
+from ID2TLib.Utility import update_timestamp, get_interval_pps, get_nth_random_element, index_increment
 
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
-from scapy.layers.inet import IP, Ether, TCP, RandShort
-from collections import deque
-from ID2TLib.Utility import *
 
 
 class DDoSAttack(BaseAttack.BaseAttack):
@@ -232,7 +232,7 @@ class DDoSAttack(BaseAttack.BaseAttack):
                     replies_count+=1
                     total_pkt_num += 1
 
-                attacker_pps = max(getIntervalPPS(complement_interval_attacker_pps, timestamp_next_pkt), (pps/num_attackers)/2)
+                attacker_pps = max(get_interval_pps(complement_interval_attacker_pps, timestamp_next_pkt), (pps / num_attackers) / 2)
                 timestamp_next_pkt = update_timestamp(timestamp_next_pkt, attacker_pps)
 
                 # Store timestamp of first packet (for attack label)

code/Attack/EternalBlueExploit.py

@@ -1,17 +1,18 @@
 import logging
-from random import randint, uniform
 
+from random import randint, uniform
 from lea import Lea
+from scapy.utils import RawPcapReader
+from scapy.layers.inet import Ether
 
 from Attack import BaseAttack
 from Attack.AttackParameters import Parameter as Param
 from Attack.AttackParameters import ParameterTypes
+from ID2TLib.Utility import update_timestamp, get_interval_pps
 
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
-from scapy.utils import RawPcapReader
-from scapy.layers.inet import IP, Ether, TCP, RandShort
-from ID2TLib.Utility import *
+
 
 class EternalBlueExploit(BaseAttack.BaseAttack):
     template_scan_pcap_path = "resources/Win7_eternalblue_scan.pcap"
@@ -183,7 +184,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt)
                 new_pkt.time = timestamp_next_pkt
 
-                pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                 timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#float(timeSteps.random())
             # Reply
             else:
@@ -275,7 +276,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
                         new_pkt.time = timestamp_next_pkt
 
-                        pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                        pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                         timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num] #float(timeSteps.random())
 
                     # Reply
@@ -305,7 +306,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
 
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
 
-                        pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                        pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                         timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#float(timeSteps.random())
 
                         new_pkt.time = timestamp_next_pkt
@@ -348,7 +349,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
                         new_pkt.time = timestamp_next_pkt
 
-                        pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                        pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                         timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]# float(timeSteps.random())
 
                     # Reply
@@ -378,7 +379,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
 
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
 
-                        pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                        pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                         timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]# float(timeSteps.random())
 
                         new_pkt.time = timestamp_next_pkt

code/Attack/JoomlaRegPrivExploit.py

@@ -1,17 +1,17 @@
 import logging
-from random import randint, uniform
 
+from random import randint
 from lea import Lea
+from scapy.utils import RawPcapReader
+from scapy.layers.inet import Ether
 
 from Attack import BaseAttack
 from Attack.AttackParameters import Parameter as Param
 from Attack.AttackParameters import ParameterTypes
+from ID2TLib.Utility import update_timestamp, get_interval_pps
 
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
-from scapy.utils import RawPcapReader
-from scapy.layers.inet import IP, Ether, TCP, RandShort
-from ID2TLib.Utility import *
 
 
 class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
@@ -186,7 +186,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
                 new_pkt = (eth_frame / ip_pkt/ tcp_pkt / str_tcp_seg)
                 new_pkt.time = timestamp_next_pkt
 
-                pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                 timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
 
             # Reply: Victim --> attacker
@@ -212,7 +212,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
                     victim_seq += max(strLen, 1)
 
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt / str_tcp_seg)
-                pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                 timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
                 new_pkt.time = timestamp_next_pkt
 

code/Attack/PortscanAttack.py

@@ -1,17 +1,18 @@
 import logging
 import csv
 
-from random import shuffle, randint, choice, uniform
-
+from random import shuffle, randint, choice
 from lea import Lea
+from scapy.layers.inet import IP, Ether, TCP
 
 from Attack import BaseAttack
 from Attack.AttackParameters import Parameter as Param
 from Attack.AttackParameters import ParameterTypes
-from ID2TLib.Utility import *
+from ID2TLib.Utility import update_timestamp, get_interval_pps
+
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
-from scapy.layers.inet import IP, Ether, TCP
+
 
 class PortscanAttack(BaseAttack.BaseAttack):
 
@@ -254,7 +255,7 @@ class PortscanAttack(BaseAttack.BaseAttack):
 
                 # else: destination port is NOT OPEN -> no reply is sent by target
 
-            pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt),10)
+            pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
             timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
 
         # store end time of attack

code/Attack/SMBLorisAttack.py

@@ -1,20 +1,18 @@
 import logging
-import csv
-
-from random import shuffle, randint, choice, uniform
 
+from random import randint, uniform
 from lea import Lea
+from scapy.layers.inet import IP, Ether, TCP
+from scapy.layers.netbios import NBTSession
 
 from Attack import BaseAttack
 from Attack.AttackParameters import Parameter as Param
 from Attack.AttackParameters import ParameterTypes
-from ID2TLib.Utility import *
-from ID2TLib.SMBLib import *
+from ID2TLib.Utility import update_timestamp
+from ID2TLib.SMBLib import smb_port
 
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
-from scapy.layers.inet import IP, Ether, TCP
-from scapy.layers.netbios import NBTSession
 
 # Resources:
 # https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/smb/smb_loris.rb
@@ -22,6 +20,7 @@ from scapy.layers.netbios import NBTSession
 # https://gist.githubusercontent.com/marcan/6a2d14b0e3eaa5de1795a763fb58641e/raw/565befecf4d9a4a27248d027a90b6e3e5994b5b6/smbloris.c
 # http://smbloris.com/
 
+
 class SMBLorisAttack(BaseAttack.BaseAttack):
 
     def __init__(self):

code/Attack/SMBScanAttack.py

@@ -1,21 +1,23 @@
 import logging
 
-from random import shuffle, randint, choice, uniform
+from random import shuffle, randint
 from lea import Lea
+from scapy.layers.inet import IP, Ether, TCP
+from scapy.layers.smb import *
+from scapy.layers.netbios import *
 
 from Attack import BaseAttack
 from Attack.AttackParameters import Parameter as Param
 from Attack.AttackParameters import ParameterTypes
 from ID2TLib.SMB2 import *
-from ID2TLib.Utility import *
-from ID2TLib.SMBLib import *
-
+from ID2TLib.Utility import update_timestamp, get_interval_pps, get_rnd_os, get_ip_range,\
+    generate_source_port_from_platform, get_filetime_format
+from ID2TLib.SMBLib import smb_port, smb_versions, smb_dialects, get_smb_version, get_smb_platform_data,\
+    invalid_smb_version
 
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
-from scapy.layers.inet import IP, Ether, TCP
-from scapy.layers.smb import *
-from scapy.layers.netbios import *
+
 
 class SMBScanAttack(BaseAttack.BaseAttack):
 
@@ -395,7 +397,7 @@ class SMBScanAttack(BaseAttack.BaseAttack):
                     reply.time = timestamp_reply
                     packets.append(reply)
 
-            pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+            pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
             timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
 
         # store end time of attack

code/Attack/SQLiAttack.py

@@ -1,7 +1,10 @@
 import logging
-from random import randint, uniform
 
+from random import randint
 from lea import Lea
+from scapy.utils import RawPcapReader
+from scapy.layers.inet import Ether
+from ID2TLib.Utility import update_timestamp, get_interval_pps
 
 from Attack import BaseAttack
 from Attack.AttackParameters import Parameter as Param
@@ -9,9 +12,6 @@ from Attack.AttackParameters import ParameterTypes
 
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
-from scapy.utils import RawPcapReader
-from scapy.layers.inet import IP, Ether, TCP, RandShort
-from ID2TLib.Utility import *
 
 
 class SQLiAttack(BaseAttack.BaseAttack):
@@ -187,7 +187,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
                     new_pkt = (eth_frame / ip_pkt/ tcp_pkt / str_tcp_seg)
                     new_pkt.time = timestamp_next_pkt
 
-                    pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                    pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                     timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
 
                 # Victim --> attacker
@@ -249,7 +249,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
                     new_pkt = (eth_frame / ip_pkt / tcp_pkt / str_tcp_seg)
                     new_pkt.time = timestamp_next_pkt
 
-                    pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+                    pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
                     timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
 
                 # Victim --> attacker

code/Attack/SalityBotnet.py

@@ -1,17 +1,16 @@
 import logging
-from random import randint, uniform
 
-from lea import Lea
+from random import randint
+from scapy.utils import RawPcapReader
+from scapy.layers.inet import Ether
 
 from Attack import BaseAttack
 from Attack.AttackParameters import Parameter as Param
 from Attack.AttackParameters import ParameterTypes
+from ID2TLib.Utility import update_timestamp, get_interval_pps
 
 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
-from scapy.utils import RawPcapReader
-from scapy.layers.inet import IP, Ether, TCP, RandShort
-from ID2TLib.Utility import *
 
 
 class SalityBotnet(BaseAttack.BaseAttack):
@@ -123,7 +122,7 @@ class SalityBotnet(BaseAttack.BaseAttack):
             new_pkt = (eth_frame / ip_pkt)
             new_pkt.time = timestamp_next_pkt
 
-            pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
+            pps = max(get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
             timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps)
 
             packets.append(new_pkt)

code/ID2TLib/SMB2.py

@@ -3,7 +3,6 @@ from scapy.fields import *
 from scapy.layers.netbios import NBTSession
 
 
-
 class SMB2_SYNC_Header(Packet):
     namez = "SMB2Negociate Protocol Response Header"
     fields_desc = [StrFixedLenField("Start","\xfeSMB", 4),
@@ -21,6 +20,7 @@ class SMB2_SYNC_Header(Packet):
                    LELongField("Signature1", 0),
                    LELongField("Signature2", 0)]
 
+
 #No Support of Security Buffer , Padding or Dialect Revision 0x0311
 class SMB2_Negotiate_Protocol_Response(Packet):
     namez = "SMB2Negociate Protocol Response"
@@ -41,6 +41,5 @@ class SMB2_Negotiate_Protocol_Response(Packet):
                    LEIntField("NegotiateContextOffset/Reserved2", 0)]
 
 
-
 bind_layers(NBTSession, SMB2_SYNC_Header,)
 bind_layers(SMB2_SYNC_Header, SMB2_Negotiate_Protocol_Response,)

code/ID2TLib/SMBLib.py

@@ -1,9 +1,8 @@
 from os import urandom
 from binascii import b2a_hex
+from random import random
 
-from ID2TLib.Utility import *
-
-from scapy.layers.netbios import *
+from ID2TLib.Utility import check_platform, get_filetime_format, get_rnd_boot_time
 
 # SMB port
 smb_port = 445

code/ID2TLib/Utility.py

@@ -1,14 +1,13 @@
-import logging
+import ipaddress
 
 from random import randint, uniform
-from datetime import datetime, timedelta, tzinfo
+from datetime import datetime
 from calendar import timegm
-
 from lea import Lea
 
-from scapy.layers.netbios import *
-
 platforms = {"win7", "win10", "winxp", "win8.1", "macos", "linux", "win8", "winvista", "winnt", "win2000"}
+platform_probability = {"win7": 48.43, "win10": 27.99, "winxp": 6.07, "win8.1": 6.07, "macos": 5.94, "linux": 3.38,
+                        "win8": 1.35, "winvista": 0.46, "winnt": 0.31}
 
 
 def update_timestamp(timestamp, pps, delay=0):
@@ -28,32 +27,33 @@ def update_timestamp(timestamp, pps, delay=0):
         return timestamp + uniform(1 / pps + delay, 1 / pps + randomdelay.random())
 
 
-def getIntervalPPS(complement_interval_pps, timestamp):
-            """
-            Gets the packet rate (pps) for a specific time interval.
+def get_interval_pps(complement_interval_pps, timestamp):
+    """
+    Gets the packet rate (pps) for a specific time interval.
 
-            :param complement_interval_pps: an array of tuples (the last timestamp in the interval, the packet rate in the crresponding interval).
-            :param timestamp: the timestamp at which the packet rate is required.
-            :return: the corresponding packet rate (pps) .
-            """
-            for row in complement_interval_pps:
-                if timestamp<=row[0]:
-                    return row[1]
-            return complement_interval_pps[-1][1] # in case the timstamp > capture max timestamp
+    :param complement_interval_pps: an array of tuples (the last timestamp in the interval, the packet rate in the
+    corresponding interval).
+    :param timestamp: the timestamp at which the packet rate is required.
+    :return: the corresponding packet rate (pps) .
+    """
+    for row in complement_interval_pps:
+        if timestamp<=row[0]:
+            return row[1]
+    return complement_interval_pps[-1][1] # in case the timstamp > capture max timestamp
 
 
 def get_nth_random_element(*element_list):
-            """
-            Returns the n-th element of every list from an arbitrary number of given lists.
-            For example, list1 contains IP addresses, list 2 contains MAC addresses. Use of this function ensures that
-            the n-th IP address uses always the n-th MAC address.
-            :param element_list: An arbitrary number of lists.
-            :return: A tuple of the n-th element of every list.
-            """
-            range_max = min([len(x) for x in element_list])
-            if range_max > 0: range_max -= 1
-            n = randint(0, range_max)
-            return tuple(x[n] for x in element_list)
+    """
+    Returns the n-th element of every list from an arbitrary number of given lists.
+    For example, list1 contains IP addresses, list 2 contains MAC addresses. Use of this function ensures that
+    the n-th IP address uses always the n-th MAC address.
+    :param element_list: An arbitrary number of lists.
+    :return: A tuple of the n-th element of every list.
+    """
+    range_max = min([len(x) for x in element_list])
+    if range_max > 0: range_max -= 1
+    n = randint(0, range_max)
+    return tuple(x[n] for x in element_list)
 
 
 def index_increment(number: int, max: int):
@@ -69,8 +69,7 @@ def get_rnd_os():
 
     :return: random platform as string
     """
-    os_dist = Lea.fromValFreqsDict({"win7": 48.43, "win10": 27.99, "winxp": 6.07, "win8.1": 6.07, "macos": 5.94,
-                                    "linux": 3.38, "win8": 1.35, "winvista": 0.46, "winnt": 0.31})
+    os_dist = Lea.fromValFreqsDict(platform_probability)
     return os_dist.random()