Accueil Explorer Aide
Connexion
SPIN
/
ID2T-toolkit
6
5
Fork 2
Fichiers Tickets 20 Pull Requests 0 Wiki
Aborescence: 581749ca07
Branches Tags
ID2T-toolkit
/
code
/
ID2TLib
/
Utility.py

Utility.py 2.8 KB
Historique Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. from random import randint
    2. 

  2. from datetime import datetime, timedelta, tzinfo
    3. 

  3. from calendar import timegm
    4. 

  4. 

  5. from lea import Lea
    6. 

  6. 

  7. from scapy.layers.netbios import *
    8. 

  8. 

  9. platforms = {"win7", "win10", "winxp", "win8.1", "macos", "linux", "win8", "winvista", "winnt", "win2000"}
    10. 

  10. 

  11. 

  12. def get_rnd_os():
    13. 

  13.     os_dist = Lea.fromValFreqsDict({"win7": 48.43, "win10": 27.99, "winxp": 6.07, "win8.1": 6.07, "macos": 5.94,
    14. 

  14.                                     "linux": 3.38, "win8": 1.35, "winvista": 0.46, "winnt": 0.31})
    15. 

  15.     return os_dist.random()
    16. 

  16. 

  17. 

  18. def check_platform(platform: str):
    19. 

  19.     if platform not in platforms:
    20. 

  20.         print("\nERROR: Invalid platform: " + platform + "." +
    21. 

  21.               "\n Please select one of the following platforms: ", platforms)
    22. 

  22.         exit(1)
    23. 

  23. 

  24. 

  25. def get_ip_range(start_ip: str, end_ip: str):
    26. 

  26.     start = ipaddress.ip_address(start_ip)
    27. 

  27.     end = ipaddress.ip_address(end_ip)
    28. 

  28.     ips = []
    29. 

  29.     if start < end:
    30. 

  30.         while start <= end:
    31. 

  31.             ips.append(start.exploded)
    32. 

  32.             start = start+1
    33. 

  33.     elif start > end:
    34. 

  34.         while start >= end:
    35. 

  35.             ips.append(start.exploded)
    36. 

  36.             start = start-1
    37. 

  37.     else:
    38. 

  38.         ips.append(start_ip)
    39. 

  39.     return ips
    40. 

  40. 

  41. 

  42. def generate_source_port_from_platform(platform: str, previousPort=0):
    43. 

  43.     check_platform(platform)
    44. 

  44.     if platform in {"winnt", "winxp", "win2000"}:
    45. 

  45.         if (previousPort == 0) or (previousPort + 1 > 5000):
    46. 

  46.             return randint(1024, 5000)
    47. 

  47.         else:
    48. 

  48.             return previousPort + 1
    49. 

  49.     elif platform == "linux":
    50. 

  50.         return randint(32768, 61000)
    51. 

  51.     else:
    52. 

  52.         if (previousPort == 0) or (previousPort + 1 > 65535):
    53. 

  53.             return randint(49152, 65535)
    54. 

  54.         else:
    55. 

  55.             return previousPort + 1
    56. 

  56. 

  57. 

  58. # FIXME: rework copy-pasted code
    59. 

  59. # source: http://reliablybroken.com/b/2009/09/working-with-active-directory-filetime-values-in-python/
    60. 

  60. # WORK IN PROGRESS
    61. 

  61. def get_filetime_format(timestamp):
    62. 

  62.     EPOCH_AS_FILETIME = 116444736000000000  # January 1, 1970 as MS file time
    63. 

  63.     HUNDREDS_OF_NANOSECONDS = 10000000
    64. 

  64.     boot_datetime = datetime.fromtimestamp(timestamp)
    65. 

  65.     if (boot_datetime.tzinfo is None) or (boot_datetime.tzinfo.utcoffset(boot_datetime) is None):
    66. 

  66.         boot_datetime = boot_datetime.replace(tzinfo=boot_datetime.tzname())
    67. 

  67.     boot_filetime = EPOCH_AS_FILETIME + (timegm(boot_datetime.timetuple()) * HUNDREDS_OF_NANOSECONDS)
    68. 

  68.     return boot_filetime + (boot_datetime.microsecond * 10)
    69. 

  69. 

  70. 

  71. def get_rnd_boot_time(timestamp, platform="winxp"):
    72. 

  72.     check_platform(platform)
    73. 

  73.     # FIXME: create probability distribution for each OS
    74. 

  74.     if platform is "linux":
    75. 

  75.         # four years
    76. 

  76.         timestamp -= randint(0, 126144000)
    77. 

  77.     if platform is "macOS":
    78. 

  78.         # three months
    79. 

  79.         timestamp -= randint(0, 7884000)
    80. 

  80.     else:
    81. 

  81.         # one month
    82. 

  82.         timestamp -= randint(0, 2678400)
    83. 

  83.     return get_filetime_format(timestamp)
    84.