leon.boeck
/
ID2T-toolkit-BotnetTraffic
派生自 SPIN/ID2T-toolkit


			
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
							import enum


class Parameter(enum.Enum):
    """
    Defines the shortname for attack parameters. The shortname may be used for attack parameter specification
    when calling Core via the command line.
    """
    # recommended type: IP address -------------------------------
    IP_SOURCE = 'ip.src'  # source IP address
    IP_DESTINATION = 'ip.dst'  # destination IP address
    IP_DNS = 'ip.dns'  # IP address of DNS server
    HOSTING_IP = 'hosting.ip'
    IP_DESTINATION_END = 'ip.dst.end'
    # recommended type: MAC address ------------------------------
    MAC_SOURCE = 'mac.src'  # MAC address of source
    MAC_DESTINATION = 'mac.dst'  # MAC address of destination
    # recommended type: Port -------------------------------------
    PORT_OPEN = 'port.open'  # open ports
    PORT_DESTINATION = 'port.dst'  # destination ports
    PORT_SOURCE = 'port.src'  # source ports
    # recommended type: Integer positive -------------------------
    PACKETS_LIMIT = 'packets.limit'
    NUMBER_ATTACKERS = 'attackers.count'
    ATTACK_DURATION = 'attack.duration' # in seconds
    VICTIM_BUFFER = 'victim.buffer' # in packets
    TARGET_URI = 'target.uri'
    # recommended type: domain -----------------------------------
    TARGET_HOST = 'target.host'

    # recommended type: Float ------------------------------------
    PACKETS_PER_SECOND = 'packets.per-second'  # packets per second
    INJECT_AT_TIMESTAMP = 'inject.at-timestamp'  # unix epoch time (seconds.millis) where attack should be injected
    # recommended type: Packet Position ----------------------------------
    INJECT_AFTER_PACKET = 'inject.after-pkt'  # packet after which attack should be injected
    # recommended type: boolean  --------------------------------
    PORT_DEST_SHUFFLE = 'port.dst.shuffle'  # shuffles the destination ports if a list of ports is given
    PORT_DEST_ORDER_DESC = 'port.dst.order-desc'  # uses a descending port order instead of a ascending order
    IP_SOURCE_RANDOMIZE = 'ip.src.shuffle'  # randomizes the sources IP address if a list of IP addresses is given
    PORT_SOURCE_RANDOMIZE = 'port.src.shuffle'  # randomizes the source port if a list of sources ports is given

    PROTOCOL_VERSION = 'protocol.version'
    HOSTING_VERSION = 'hosting.version'
    SOURCE_PLATFORM = 'src.platform'
    CUSTOM_PAYLOAD = 'custom.payload'  # custom payload for ftp exploits
    CUSTOM_PAYLOAD_FILE = 'custom.payload.file'  # file that contains custom payload for ftp exploits

    NAT_PRESENT = 'nat.present'  # if NAT is active, external computers cannot initiate a communication in MembersMgmtCommAttack
    TTL_FROM_CAIDA = 'ttl.from.caida'  # if True, TTLs are assigned based on the TTL distributions from the CAIDA dataset

    NUMBER_INITIATOR_BOTS = 'bots.count'
    # recommended type: Filepath ------------------------------------
    FILE_CSV = 'file.csv'  # filepath to CSV containing a communication pattern
    FILE_XML = 'file.xml'  # filepath to XML containing a communication pattern
    # recommended type: CommType ------------------------------------
    COMM_TYPE = "comm.type"  # the locality of bots in botnet communication (e.g. local, external, mixed)
    # recommended type: Percentage (0.0-1.0) ------------------------------------
    IP_REUSE_TOTAL = 'ip.reuse.total'  # percentage of IPs in original PCAP to be reused
    IP_REUSE_LOCAL = 'ip.reuse.local'  # percentage of private IPs in original PCAP to be reused
    IP_REUSE_EXTERNAL = 'ip.reuse.external'  # percentage of public IPs in original PCAP to be reused
    # recommended type: Positive Integer between 0 and 100 ------------------------------------
    PACKET_PADDING = 'packet.padding'
    # calculate the destination port based on the hostname (like some botnets do)
    # otherwise the destination port is a normal ephemeral port
    BOTNET_DST_PORT_CALCULATION = "botnet.dstportcalculation"


class ParameterTypes(enum.Enum):
    """
    Defines types for parameters. These types may be used in the specification of allowed parameters within the
    individual attack classes. The type is used to verify the validity of the given value.
    """
    TYPE_IP_ADDRESS = 0
    TYPE_MAC_ADDRESS = 1
    TYPE_PORT = 2
    TYPE_INTEGER_POSITIVE = 3
    TYPE_TIMESTAMP = 4
    TYPE_BOOLEAN = 5
    TYPE_FLOAT = 6
    TYPE_PACKET_POSITION = 7  # used to derive timestamp from parameter INJECT_AFTER_PACKET
    TYPE_DOMAIN = 8
    TYPE_STRING = 9
    TYPE_FILEPATH = 10
    TYPE_COMM_TYPE = 11
    TYPE_PERCENTAGE = 12
    TYPE_PADDING = 13