Browse Source

Merge branch 'refactor_documentation_SKIP_CI' of stefan.schmidt/ID2T-toolkit into master

Carlos Garcia 6 years ago
parent
commit
0cfbced39f

+ 22 - 3
code/Attack/BaseAttack.py

@@ -467,7 +467,7 @@ class BaseAttack(metaclass=abc.ABCMeta):
         """
         """
            Gets the minimum and the maximum reply delay for all the connections of a specific IP.
            Gets the minimum and the maximum reply delay for all the connections of a specific IP.
 
 
-           :param ip_dst: The IP to reterive its reply delay.
+           :param ip_dst: The IP to retrieve its reply delay.
            :return minDelay: minimum delay
            :return minDelay: minimum delay
            :return maxDelay: maximum delay
            :return maxDelay: maximum delay
 
 
@@ -493,7 +493,7 @@ class BaseAttack(metaclass=abc.ABCMeta):
            (IP,port) to host B (IP,port)
            (IP,port) to host B (IP,port)
 
 
            :param exploit_raw_packets: A set of packets contains several conversations.
            :param exploit_raw_packets: A set of packets contains several conversations.
-           :return conversations: A set of arrays, each array contains the packet of specifc conversation
+           :return conversations: A set of arrays, each array contains the packet of specific conversation
            :return orderList_conversations: An array contains the conversations ids (IP_A,port_A, IP_b,port_B) in the
            :return orderList_conversations: An array contains the conversations ids (IP_A,port_A, IP_b,port_B) in the
            order they appeared in the original packets.
            order they appeared in the original packets.
            """
            """
@@ -672,11 +672,21 @@ class BaseAttack(metaclass=abc.ABCMeta):
         """
         """
 
 
         def is_invalid(ip_address_param: ipaddress.IPv4Address):
         def is_invalid(ip_address_param: ipaddress.IPv4Address):
+            """
+            TODO FILL ME
+            :param ip_address_param:
+            :return:
+            """
             return ip_address_param.is_multicast or ip_address_param.is_unspecified or ip_address_param.is_loopback or \
             return ip_address_param.is_multicast or ip_address_param.is_unspecified or ip_address_param.is_loopback or \
                    ip_address_param.is_link_local or ip_address_param.is_reserved or ip_address_param.is_private
                    ip_address_param.is_link_local or ip_address_param.is_reserved or ip_address_param.is_private
 
 
         # Generate a random IP from specific class
         # Generate a random IP from specific class
         def generate_address(ip_class_param):
         def generate_address(ip_class_param):
+            """
+            TODO FILL ME
+            :param ip_class_param:
+            :return:
+            """
             if ip_class_param == "Unknown":
             if ip_class_param == "Unknown":
                 return ipaddress.IPv4Address(random.randint(0, 2 ** 32 - 1))
                 return ipaddress.IPv4Address(random.randint(0, 2 ** 32 - 1))
             else:
             else:
@@ -718,10 +728,19 @@ class BaseAttack(metaclass=abc.ABCMeta):
         """
         """
 
 
         def is_invalid(ip_address: ipaddress.IPv6Address):
         def is_invalid(ip_address: ipaddress.IPv6Address):
+            """
+            TODO FILL ME
+            :param ip_address:
+            :return:
+            """
             return ip_address.is_multicast or ip_address.is_unspecified or ip_address.is_loopback or \
             return ip_address.is_multicast or ip_address.is_unspecified or ip_address.is_loopback or \
                    ip_address.is_link_local or ip_address.is_private or ip_address.is_reserved
                    ip_address.is_link_local or ip_address.is_private or ip_address.is_reserved
 
 
         def generate_address():
         def generate_address():
+            """
+            TODO FILL ME
+            :return:
+            """
             return ipaddress.IPv6Address(random.randint(0, 2 ** 128 - 1))
             return ipaddress.IPv6Address(random.randint(0, 2 ** 128 - 1))
 
 
         ip_addresses = []
         ip_addresses = []
@@ -742,7 +761,7 @@ class BaseAttack(metaclass=abc.ABCMeta):
         Generates n random MAC addresses.
         Generates n random MAC addresses.
 
 
         :param n: The number of MAC addresses to be generated.
         :param n: The number of MAC addresses to be generated.
-        :return: A single MAC addres, or if n>1, a list of MAC addresses
+        :return: A single MAC address, or if n>1, a list of MAC addresses
         """
         """
 
 
         def is_invalid(address_param: str):
         def is_invalid(address_param: str):

+ 8 - 0
code/Attack/DDoSAttack.py

@@ -75,6 +75,9 @@ class DDoSAttack(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.VICTIM_BUFFER, rnd.randint(1000, 10000))
         self.add_param_value(atkParam.Parameter.VICTIM_BUFFER, rnd.randint(1000, 10000))
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
+        """
+        Creates the attack packets.
+        """
         buffer_size = 1000
         buffer_size = 1000
 
 
         # Determine source IP and MAC address
         # Determine source IP and MAC address
@@ -284,6 +287,11 @@ class DDoSAttack(BaseAttack.BaseAttack):
                 self.packets = []
                 self.packets = []
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
+
+        :return: The location of the generated pcap file.
+        """
         if len(self.packets) > 0:
         if len(self.packets) > 0:
             self.packets = sorted(self.packets, key=lambda pkt: pkt.time)
             self.packets = sorted(self.packets, key=lambda pkt: pkt.time)
             self.path_attack_pcap = self.write_attack_pcap(self.packets, True, self.path_attack_pcap)
             self.path_attack_pcap = self.write_attack_pcap(self.packets, True, self.path_attack_pcap)

+ 8 - 1
code/Attack/EternalBlueExploit.py

@@ -79,7 +79,9 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.INJECT_AFTER_PACKET, rnd.randint(0, self.statistics.get_packet_count()))
         self.add_param_value(atkParam.Parameter.INJECT_AFTER_PACKET, rnd.randint(0, self.statistics.get_packet_count()))
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
-
+        """
+        Creates the attack packets.
+        """
         # Timestamp
         # Timestamp
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
@@ -312,6 +314,11 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                     self.packets.append(new_pkt)
                     self.packets.append(new_pkt)
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
+
+        :return: The location of the generated pcap file.
+        """
         # Store timestamp of first packet (for attack label)
         # Store timestamp of first packet (for attack label)
         self.attack_start_utime = self.packets[0].time
         self.attack_start_utime = self.packets[0].time
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time

+ 13 - 3
code/Attack/FTPWinaXeExploit.py

@@ -12,16 +12,18 @@ logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 
 
 # noinspection PyPep8
 # noinspection PyPep8
 
 
+#FTP Port used for Creation of packets
 ftp_port = 21
 ftp_port = 21
 
 
 
 
 class FTPWinaXeExploit(BaseAttack.BaseAttack):
 class FTPWinaXeExploit(BaseAttack.BaseAttack):
     def __init__(self):
     def __init__(self):
         """
         """
-        Creates a new instance of the FTPWinaXeExploit.
+        Creates a new instance of the FTPExploit.
+        This attack injects a buffer overflow for the WinaXe FTP-client into the output pcap file.
         """
         """
         # Initialize attack
         # Initialize attack
-        super(FTPWinaXeExploit, self).__init__("FTPWinaXe Exploit", "Injects an WinaXe 7.7 FTP Exploit.",
+        super(FTPWinaXeExploit, self).__init__("FTPWinaXe Exploit", "Injects a WinaXe 7.7 FTP buffer overflow.",
                                                "Privilege elevation")
                                                "Privilege elevation")
 
 
         # Define allowed parameters and their type
         # Define allowed parameters and their type
@@ -74,7 +76,9 @@ class FTPWinaXeExploit(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.CUSTOM_PAYLOAD_FILE, '')
         self.add_param_value(atkParam.Parameter.CUSTOM_PAYLOAD_FILE, '')
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
-
+        """
+        Creates the attack packets.
+        """
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
 
 
         # Timestamp
         # Timestamp
@@ -154,6 +158,7 @@ class FTPWinaXeExploit(BaseAttack.BaseAttack):
 
 
         custom_payload_file = self.get_param_value(atkParam.Parameter.CUSTOM_PAYLOAD_FILE)
         custom_payload_file = self.get_param_value(atkParam.Parameter.CUSTOM_PAYLOAD_FILE)
 
 
+        # Generation of payload of the FTP exploit packet
         if custom_payload == '':
         if custom_payload == '':
             if custom_payload_file == '':
             if custom_payload_file == '':
                 payload = Util.get_rnd_bytes(custom_payload_limit, Util.forbidden_chars)
                 payload = Util.get_rnd_bytes(custom_payload_limit, Util.forbidden_chars)
@@ -203,6 +208,11 @@ class FTPWinaXeExploit(BaseAttack.BaseAttack):
         self.packets.append(fin_ack_ack)
         self.packets.append(fin_ack_ack)
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
+
+        :return: The location of the generated pcap file.
+        """
         # store end time of attack
         # store end time of attack
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time
 
 

+ 7 - 0
code/Attack/JoomlaRegPrivExploit.py

@@ -78,6 +78,9 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
                               self.statistics.get_pps_received(most_used_ip_address)) / 2)
                               self.statistics.get_pps_received(most_used_ip_address)) / 2)
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
+        """
+        Creates the attack packets.
+        """
         # Timestamp
         # Timestamp
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
 
 
@@ -219,7 +222,11 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
         exploit_raw_packets.close()
         exploit_raw_packets.close()
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
 
 
+        :return: The location of the generated pcap file.
+        """
         # Store timestamp of first packet (for attack label)
         # Store timestamp of first packet (for attack label)
         self.attack_start_utime = self.packets[0].time
         self.attack_start_utime = self.packets[0].time
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time

+ 8 - 1
code/Attack/MS17ScanAttack.py

@@ -78,7 +78,9 @@ class MS17ScanAttack(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.INJECT_AFTER_PACKET, rnd.randint(0, self.statistics.get_packet_count()))
         self.add_param_value(atkParam.Parameter.INJECT_AFTER_PACKET, rnd.randint(0, self.statistics.get_packet_count()))
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
-
+        """
+        Creates the attack packets.
+        """
         # Timestamp
         # Timestamp
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
@@ -219,6 +221,11 @@ class MS17ScanAttack(BaseAttack.BaseAttack):
         exploit_raw_packets.close()
         exploit_raw_packets.close()
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
+
+        :return: The location of the generated pcap file.
+        """
         # Store timestamp of first packet (for attack label)
         # Store timestamp of first packet (for attack label)
         self.attack_start_utime = self.packets[0].time
         self.attack_start_utime = self.packets[0].time
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time

+ 10 - 1
code/Attack/PortscanAttack.py

@@ -17,6 +17,7 @@ class PortscanAttack(BaseAttack.BaseAttack):
     def __init__(self):
     def __init__(self):
         """
         """
         Creates a new instance of the PortscanAttack.
         Creates a new instance of the PortscanAttack.
+        This attack injects TCP Syn-requests and respective responses into the output pcap file.
         """
         """
         # Initialize attack
         # Initialize attack
         super(PortscanAttack, self).__init__("Portscan Attack", "Injects a nmap 'regular scan'",
         super(PortscanAttack, self).__init__("Portscan Attack", "Injects a nmap 'regular scan'",
@@ -55,7 +56,7 @@ class PortscanAttack(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.MAC_SOURCE, self.statistics.get_mac_address(most_used_ip_address))
         self.add_param_value(atkParam.Parameter.MAC_SOURCE, self.statistics.get_mac_address(most_used_ip_address))
 
 
         random_ip_address = self.statistics.get_random_ip_address()
         random_ip_address = self.statistics.get_random_ip_address()
-        # ip-dst should be valid and not equal to ip.src
+        # ip.dst should be valid and not equal to ip.src
         while not self.is_valid_ip_address(random_ip_address) or random_ip_address == most_used_ip_address:
         while not self.is_valid_ip_address(random_ip_address) or random_ip_address == most_used_ip_address:
             random_ip_address = self.statistics.get_random_ip_address()
             random_ip_address = self.statistics.get_random_ip_address()
 
 
@@ -76,6 +77,9 @@ class PortscanAttack(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.INJECT_AFTER_PACKET, rnd.randint(0, self.statistics.get_packet_count()))
         self.add_param_value(atkParam.Parameter.INJECT_AFTER_PACKET, rnd.randint(0, self.statistics.get_packet_count()))
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
+        """
+        Creates the attack packets.
+        """
         mac_source = self.get_param_value(atkParam.Parameter.MAC_SOURCE)
         mac_source = self.get_param_value(atkParam.Parameter.MAC_SOURCE)
         mac_destination = self.get_param_value(atkParam.Parameter.MAC_DESTINATION)
         mac_destination = self.get_param_value(atkParam.Parameter.MAC_DESTINATION)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
@@ -229,6 +233,11 @@ class PortscanAttack(BaseAttack.BaseAttack):
             timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps)
             timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps)
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
+
+        :return: The location of the generated pcap file.
+        """
         # store end time of attack
         # store end time of attack
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time
 
 

+ 11 - 1
code/Attack/SMBLorisAttack.py

@@ -18,6 +18,8 @@ class SMBLorisAttack(BaseAttack.BaseAttack):
     def __init__(self):
     def __init__(self):
         """
         """
         Creates a new instance of the SMBLorisAttack.
         Creates a new instance of the SMBLorisAttack.
+        This attack injects special SMB-packets, which exploit the SMBLoris DoS vulnerability, into the output pcap
+        file.
         """
         """
         # Initialize attack
         # Initialize attack
         super(SMBLorisAttack, self).__init__("SMBLoris Attack", "Injects an SMBLoris (D)DoS Attack",
         super(SMBLorisAttack, self).__init__("SMBLoris Attack", "Injects an SMBLoris (D)DoS Attack",
@@ -72,6 +74,9 @@ class SMBLorisAttack(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.ATTACK_DURATION, 30)
         self.add_param_value(atkParam.Parameter.ATTACK_DURATION, 30)
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
+        """
+        Creates the attack packets.
+        """
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
 
 
         # Timestamp
         # Timestamp
@@ -179,7 +184,7 @@ class SMBLorisAttack(BaseAttack.BaseAttack):
                 timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps)
                 timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps)
                 self.packets.append(ack)
                 self.packets.append(ack)
 
 
-                # send NBT session header paket with maximum LENGTH-field
+                # send NBT session header packet with maximum LENGTH-field
                 req_tcp = inet.TCP(sport=sport, dport=SMBLib.smb_port, seq=attacker_seq, ack=victim_seq, flags='AP',
                 req_tcp = inet.TCP(sport=sport, dport=SMBLib.smb_port, seq=attacker_seq, ack=victim_seq, flags='AP',
                                    window=source_win_value, options=[('MSS', source_mss_value)])
                                    window=source_win_value, options=[('MSS', source_mss_value)])
                 req_payload = NBTSession(TYPE=0x00, LENGTH=0x1FFFF)
                 req_payload = NBTSession(TYPE=0x00, LENGTH=0x1FFFF)
@@ -201,6 +206,11 @@ class SMBLorisAttack(BaseAttack.BaseAttack):
                 sport += 1
                 sport += 1
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
+
+        :return: The location of the generated pcap file.
+        """
         # store end time of attack
         # store end time of attack
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time
 
 

+ 19 - 6
code/Attack/SMBScanAttack.py

@@ -19,6 +19,9 @@ class SMBScanAttack(BaseAttack.BaseAttack):
     def __init__(self):
     def __init__(self):
         """
         """
         Creates a new instance of the SMBScanAttack.
         Creates a new instance of the SMBScanAttack.
+        This Attack injects TCP Syn Requests to the port 445 of several ips and related response into the output
+        pcap file.
+        If port 445 is open, it will simulate and inject the SMB Protocol Negotiation too.
         """
         """
         # Initialize attack
         # Initialize attack
         super(SMBScanAttack, self).__init__("SmbScan Attack", "Injects an SMB scan",
         super(SMBScanAttack, self).__init__("SmbScan Attack", "Injects an SMB scan",
@@ -86,6 +89,9 @@ class SMBScanAttack(BaseAttack.BaseAttack):
         self.add_param_value(atkParam.Parameter.PROTOCOL_VERSION, "1")
         self.add_param_value(atkParam.Parameter.PROTOCOL_VERSION, "1")
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
+        """
+        Creates the attack packets.
+        """
 
 
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
 
 
@@ -224,6 +230,7 @@ class SMBScanAttack(BaseAttack.BaseAttack):
                     confirm.time = timestamp_confirm
                     confirm.time = timestamp_confirm
                     self.packets.append(confirm)
                     self.packets.append(confirm)
 
 
+                    # 3) Build SMB Negotiation packets
                     smb_mid = rnd.randint(1, 65535)
                     smb_mid = rnd.randint(1, 65535)
                     smb_pid = rnd.randint(1, 65535)
                     smb_pid = rnd.randint(1, 65535)
                     smb_req_tail_arr = []
                     smb_req_tail_arr = []
@@ -242,6 +249,7 @@ class SMBScanAttack(BaseAttack.BaseAttack):
                             smb_req_tail_arr.append(SMBNegociate_Protocol_Request_Tail(BufferData=dia))
                             smb_req_tail_arr.append(SMBNegociate_Protocol_Request_Tail(BufferData=dia))
                             smb_req_tail_size += len(SMBNegociate_Protocol_Request_Tail(BufferData=dia))
                             smb_req_tail_size += len(SMBNegociate_Protocol_Request_Tail(BufferData=dia))
 
 
+                    # Creation of SMB Negotiate Protocol Request packet
                     smb_req_head = SMBNegociate_Protocol_Request_Header(Flags2=0x2801, PID=smb_pid, MID=smb_mid,
                     smb_req_head = SMBNegociate_Protocol_Request_Header(Flags2=0x2801, PID=smb_pid, MID=smb_mid,
                                                                         ByteCount=smb_req_tail_size)
                                                                         ByteCount=smb_req_tail_size)
                     smb_req_length = len(smb_req_head) + smb_req_tail_size
                     smb_req_length = len(smb_req_head) + smb_req_tail_size
@@ -281,8 +289,9 @@ class SMBScanAttack(BaseAttack.BaseAttack):
                     end = Util.get_filetime_format(timestamp_smb_rsp - diff * 0.1)
                     end = Util.get_filetime_format(timestamp_smb_rsp - diff * 0.1)
                     system_time = rnd.randint(begin, end)
                     system_time = rnd.randint(begin, end)
 
 
+                    # Creation of SMB Negotiate Protocol Response packets
                     if smb_version is not "1" and hosting_version is not "1":
                     if smb_version is not "1" and hosting_version is not "1":
-                        smb_rsp_paket = SMB2.SMB2_SYNC_Header(Flags=1)
+                        smb_rsp_packet = SMB2.SMB2_SYNC_Header(Flags=1)
                         smb_rsp_negotiate_body =\
                         smb_rsp_negotiate_body =\
                             SMB2.SMB2_Negotiate_Protocol_Response(DialectRevision=0x02ff, SecurityBufferOffset=124,
                             SMB2.SMB2_Negotiate_Protocol_Response(DialectRevision=0x02ff, SecurityBufferOffset=124,
                                                                   SecurityBufferLength=len(security_blob),
                                                                   SecurityBufferLength=len(security_blob),
@@ -291,22 +300,22 @@ class SMBScanAttack(BaseAttack.BaseAttack):
                                                                   MaxWriteSize=data_size, SystemTime=system_time,
                                                                   MaxWriteSize=data_size, SystemTime=system_time,
                                                                   ServerStartTime=server_start_time,
                                                                   ServerStartTime=server_start_time,
                                                                   ServerGuid=server_guid)
                                                                   ServerGuid=server_guid)
-                        smb_rsp_length = len(smb_rsp_paket) + len(smb_rsp_negotiate_body)
+                        smb_rsp_length = len(smb_rsp_packet) + len(smb_rsp_negotiate_body)
                     else:
                     else:
-                        smb_rsp_paket =\
+                        smb_rsp_packet =\
                             SMBNegociate_Protocol_Response_Advanced_Security(Start="\xffSMB", PID=smb_pid, MID=smb_mid,
                             SMBNegociate_Protocol_Response_Advanced_Security(Start="\xffSMB", PID=smb_pid, MID=smb_mid,
                                                                              DialectIndex=5, SecurityBlob=security_blob)
                                                                              DialectIndex=5, SecurityBlob=security_blob)
-                        smb_rsp_length = len(smb_rsp_paket)
+                        smb_rsp_length = len(smb_rsp_packet)
                     smb_rsp_net_bio = NBTSession(TYPE=0x00, LENGTH=smb_rsp_length)
                     smb_rsp_net_bio = NBTSession(TYPE=0x00, LENGTH=smb_rsp_length)
                     smb_rsp_tcp = inet.TCP(sport=SMBLib.smb_port, dport=sport, flags='PA', seq=victim_seq,
                     smb_rsp_tcp = inet.TCP(sport=SMBLib.smb_port, dport=sport, flags='PA', seq=victim_seq,
                                            ack=attacker_seq)
                                            ack=attacker_seq)
                     smb_rsp_ip = inet.IP(src=ip, dst=ip_source, ttl=destination_ttl_value)
                     smb_rsp_ip = inet.IP(src=ip, dst=ip_source, ttl=destination_ttl_value)
                     smb_rsp_ether = inet.Ether(src=mac_destination, dst=mac_source)
                     smb_rsp_ether = inet.Ether(src=mac_destination, dst=mac_source)
-                    victim_seq += len(smb_rsp_net_bio) + len(smb_rsp_paket)
+                    victim_seq += len(smb_rsp_net_bio) + len(smb_rsp_packet)
                     if smb_version is not "1" and hosting_version is not "1":
                     if smb_version is not "1" and hosting_version is not "1":
                         victim_seq += len(smb_rsp_negotiate_body)
                         victim_seq += len(smb_rsp_negotiate_body)
 
 
-                    smb_rsp_combined = (smb_rsp_ether / smb_rsp_ip / smb_rsp_tcp / smb_rsp_net_bio / smb_rsp_paket)
+                    smb_rsp_combined = (smb_rsp_ether / smb_rsp_ip / smb_rsp_tcp / smb_rsp_net_bio / smb_rsp_packet)
                     if smb_version is not "1" and hosting_version is not "1":
                     if smb_version is not "1" and hosting_version is not "1":
                         smb_rsp_combined = (smb_rsp_combined / smb_rsp_negotiate_body)
                         smb_rsp_combined = (smb_rsp_combined / smb_rsp_negotiate_body)
 
 
@@ -361,7 +370,11 @@ class SMBScanAttack(BaseAttack.BaseAttack):
             timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps)
             timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps)
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
 
 
+        :return: The location of the generated pcap file.
+        """
         # store end time of attack
         # store end time of attack
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time
 
 

+ 7 - 0
code/Attack/SQLiAttack.py

@@ -80,6 +80,9 @@ class SQLiAttack(BaseAttack.BaseAttack):
                               self.statistics.get_pps_received(most_used_ip_address)) / 2)
                               self.statistics.get_pps_received(most_used_ip_address)) / 2)
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
+        """
+        Creates the attack packets.
+        """
         # Timestamp
         # Timestamp
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
         pps = self.get_param_value(atkParam.Parameter.PACKETS_PER_SECOND)
@@ -241,7 +244,11 @@ class SQLiAttack(BaseAttack.BaseAttack):
         exploit_raw_packets.close()
         exploit_raw_packets.close()
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
 
 
+        :return: The location of the generated pcap file.
+        """
         # Store timestamp of first packet (for attack label)
         # Store timestamp of first packet (for attack label)
         self.attack_start_utime = self.packets[0].time
         self.attack_start_utime = self.packets[0].time
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time

+ 8 - 0
code/Attack/SalityBotnet.py

@@ -56,6 +56,9 @@ class SalityBotnet(BaseAttack.BaseAttack):
                               self.statistics.get_pps_received(most_used_ip_address)) / 2)
                               self.statistics.get_pps_received(most_used_ip_address)) / 2)
 
 
     def generate_attack_packets(self):
     def generate_attack_packets(self):
+        """
+        Creates the attack packets.
+        """
 
 
         # Timestamp
         # Timestamp
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
         timestamp_next_pkt = self.get_param_value(atkParam.Parameter.INJECT_AT_TIMESTAMP)
@@ -132,6 +135,11 @@ class SalityBotnet(BaseAttack.BaseAttack):
         exploit_raw_packets.close()
         exploit_raw_packets.close()
 
 
     def generate_attack_pcap(self):
     def generate_attack_pcap(self):
+        """
+        Creates a pcap containing the attack packets.
+
+        :return: The location of the generated pcap file.
+        """
         # Store timestamp of first packet (for attack label)
         # Store timestamp of first packet (for attack label)
         self.attack_start_utime = self.packets[0].time
         self.attack_start_utime = self.packets[0].time
         self.attack_end_utime = self.packets[-1].time
         self.attack_end_utime = self.packets[-1].time

+ 2 - 2
code/Core/AttackController.py

@@ -131,7 +131,7 @@ class AttackController:
         Takes as input the name of an attack (classname) and the attack parameters as string. Parses the string of
         Takes as input the name of an attack (classname) and the attack parameters as string. Parses the string of
         attack parameters, creates the attack by writing the attack packets and returns the path of the written pcap.
         attack parameters, creates the attack by writing the attack packets and returns the path of the written pcap.
 
 
-        :param attack: The classname of the attack to injecect.
+        :param attack: The classname of the attack to inject.
         :param params: The parameters for attack customization, see attack class for supported params.
         :param params: The parameters for attack customization, see attack class for supported params.
         :param time: Measure packet generation time or not.
         :param time: Measure packet generation time or not.
         :return: The file path to the created pcap file.
         :return: The file path to the created pcap file.
@@ -148,7 +148,7 @@ class AttackController:
                 params_dict.append(entry.split('='))
                 params_dict.append(entry.split('='))
             params_dict = dict(params_dict)
             params_dict = dict(params_dict)
             # Check if Parameter.INJECT_AT_TIMESTAMP and Parameter.INJECT_AFTER_PACKET are provided at the same time
             # Check if Parameter.INJECT_AT_TIMESTAMP and Parameter.INJECT_AFTER_PACKET are provided at the same time
-            # if TRUE: delete Paramter.INJECT_AT_TIMESTAMP (lower priority) and use Parameter.INJECT_AFTER_PACKET
+            # if TRUE: delete Parameter.INJECT_AT_TIMESTAMP (lower priority) and use Parameter.INJECT_AFTER_PACKET
             if (atkParam.Parameter.INJECT_AFTER_PACKET.value in params_dict) and (
             if (atkParam.Parameter.INJECT_AFTER_PACKET.value in params_dict) and (
                         atkParam.Parameter.INJECT_AT_TIMESTAMP.value in params_dict):
                         atkParam.Parameter.INJECT_AT_TIMESTAMP.value in params_dict):
                 print("CONFLICT: Parameters", atkParam.Parameter.INJECT_AT_TIMESTAMP.value, "and",
                 print("CONFLICT: Parameters", atkParam.Parameter.INJECT_AT_TIMESTAMP.value, "and",

+ 16 - 0
code/Core/Controller.py

@@ -143,6 +143,11 @@ class Controller:
 
 
     @staticmethod
     @staticmethod
     def process_help(params):
     def process_help(params):
+        """
+        TODO: FILL ME
+        :param params:
+        :return:
+        """
         if not params:
         if not params:
             print("Query mode allows you to enter SQL-queries as well as named queries.")
             print("Query mode allows you to enter SQL-queries as well as named queries.")
             print()
             print()
@@ -243,7 +248,18 @@ class Controller:
         """
         """
 
 
         def make_completer(vocabulary):
         def make_completer(vocabulary):
+            """
+            TODO: FILL ME
+            :param vocabulary:
+            :return:
+            """
             def custom_template(text, state):
             def custom_template(text, state):
+                """
+                TODO: FILL ME
+                :param text:
+                :param state:
+                :return:
+                """
                 results = [x for x in vocabulary if x.startswith(text)] + [None]
                 results = [x for x in vocabulary if x.startswith(text)] + [None]
                 return results[state]
                 return results[state]
 
 

+ 143 - 2
code/Core/Statistics.py

@@ -46,7 +46,7 @@ class Statistics:
         statistics are calculated by the PCAP file processor and saved into the newly created database. Otherwise the
         statistics are calculated by the PCAP file processor and saved into the newly created database. Otherwise the
         statistics are gathered directly from the existing database.
         statistics are gathered directly from the existing database.
 
 
-        :param flag_write_file: Indicates whether the statistics should be written addiotionally into a text file (True)
+        :param flag_write_file: Indicates whether the statistics should be written additionally into a text file (True)
         or not (False)
         or not (False)
         :param flag_recalculate_stats: Indicates whether eventually existing statistics should be recalculated
         :param flag_recalculate_stats: Indicates whether eventually existing statistics should be recalculated
         :param flag_print_statistics: Indicates whether the gathered basic statistics should be printed to the terminal
         :param flag_print_statistics: Indicates whether the gathered basic statistics should be printed to the terminal
@@ -222,6 +222,11 @@ class Statistics:
         # self.stats_db.process_user_defined_query output is list of tuples, thus, we ned [0][0] to access data
         # self.stats_db.process_user_defined_query output is list of tuples, thus, we ned [0][0] to access data
 
 
         def count_frequncy(values_list):
         def count_frequncy(values_list):
+            """
+            TODO : FILL ME
+            :param values_list:
+            :return:
+            """
             values, freq_output = [], []
             values, freq_output = [], []
             for x in values_list:
             for x in values_list:
                 if x in values:
                 if x in values:
@@ -513,34 +518,62 @@ class Statistics:
         return Util.handle_most_used_outputs(self.process_db_query("most_used(ipAddress)"))
         return Util.handle_most_used_outputs(self.process_db_query("most_used(ipAddress)"))
 
 
     def get_ttl_distribution(self, ip_address: str):
     def get_ttl_distribution(self, ip_address: str):
+        """
+        TODO: FILL ME
+        :param ip_address:
+        :return:
+        """
         result = self.process_db_query('SELECT ttlValue, ttlCount from ip_ttl WHERE ipAddress="' + ip_address + '"')
         result = self.process_db_query('SELECT ttlValue, ttlCount from ip_ttl WHERE ipAddress="' + ip_address + '"')
         result_dict = {key: value for (key, value) in result}
         result_dict = {key: value for (key, value) in result}
         return result_dict
         return result_dict
 
 
     def get_mss_distribution(self, ip_address: str):
     def get_mss_distribution(self, ip_address: str):
+        """
+        TODO: FILL ME
+        :param ip_address:
+        :return:
+        """
         result = self.process_db_query('SELECT mssValue, mssCount from tcp_mss WHERE ipAddress="' + ip_address + '"')
         result = self.process_db_query('SELECT mssValue, mssCount from tcp_mss WHERE ipAddress="' + ip_address + '"')
         result_dict = {key: value for (key, value) in result}
         result_dict = {key: value for (key, value) in result}
         return result_dict
         return result_dict
 
 
     def get_win_distribution(self, ip_address: str):
     def get_win_distribution(self, ip_address: str):
+        """
+        TODO: FILL ME
+        :param ip_address:
+        :return:
+        """
         result = self.process_db_query('SELECT winSize, winCount from tcp_win WHERE ipAddress="' + ip_address + '"')
         result = self.process_db_query('SELECT winSize, winCount from tcp_win WHERE ipAddress="' + ip_address + '"')
         result_dict = {key: value for (key, value) in result}
         result_dict = {key: value for (key, value) in result}
         return result_dict
         return result_dict
 
 
     def get_tos_distribution(self, ip_address: str):
     def get_tos_distribution(self, ip_address: str):
+        """
+        TODO: FILL ME
+        :param ip_address:
+        :return:
+        """
         result = self.process_db_query('SELECT tosValue, tosCount from ip_tos WHERE ipAddress="' + ip_address + '"')
         result = self.process_db_query('SELECT tosValue, tosCount from ip_tos WHERE ipAddress="' + ip_address + '"')
         result_dict = {key: value for (key, value) in result}
         result_dict = {key: value for (key, value) in result}
         return result_dict
         return result_dict
 
 
     def get_ip_address_count(self):
     def get_ip_address_count(self):
+        """
+        TODO: FILL ME
+        :return:
+        """
         return self.process_db_query("SELECT COUNT(*) FROM ip_statistics")
         return self.process_db_query("SELECT COUNT(*) FROM ip_statistics")
 
 
     def get_ip_addresses(self):
     def get_ip_addresses(self):
+        """
+        TODO: FILL ME
+        :return:
+        """
         return self.process_db_query("SELECT ipAddress FROM ip_statistics")
         return self.process_db_query("SELECT ipAddress FROM ip_statistics")
 
 
     def get_random_ip_address(self, count: int = 1):
     def get_random_ip_address(self, count: int = 1):
         """
         """
-        :param count: The number of IP addreses to return
+        :param count: The number of IP addresses to return
         :return: A randomly chosen IP address from the dataset or iff param count is greater than one, a list of
         :return: A randomly chosen IP address from the dataset or iff param count is greater than one, a list of
         randomly chosen IP addresses
         randomly chosen IP addresses
         """
         """
@@ -710,6 +743,15 @@ class Statistics:
         """
         """
 
 
         def plot_distribution(query_output, title, x_label, y_label, file_ending: str):
         def plot_distribution(query_output, title, x_label, y_label, file_ending: str):
+            """
+            TODO: FILL ME
+            :param query_output:
+            :param title:
+            :param x_label:
+            :param y_label:
+            :param file_ending:
+            :return:
+            """
             plt.gcf().clear()
             plt.gcf().clear()
             graphx, graphy = [], []
             graphx, graphy = [], []
             for row in query_output:
             for row in query_output:
@@ -728,6 +770,11 @@ class Statistics:
             return out
             return out
 
 
         def plot_ttl(file_ending: str):
         def plot_ttl(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT ttlValue, SUM(ttlCount) FROM ip_ttl GROUP BY ttlValue")
                 "SELECT ttlValue, SUM(ttlCount) FROM ip_ttl GROUP BY ttlValue")
             title = "TTL Distribution"
             title = "TTL Distribution"
@@ -737,6 +784,11 @@ class Statistics:
                 return plot_distribution(query_output, title, x_label, y_label, file_ending)
                 return plot_distribution(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_mss(file_ending: str):
         def plot_mss(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT mssValue, SUM(mssCount) FROM tcp_mss GROUP BY mssValue")
                 "SELECT mssValue, SUM(mssCount) FROM tcp_mss GROUP BY mssValue")
             title = "MSS Distribution"
             title = "MSS Distribution"
@@ -746,6 +798,11 @@ class Statistics:
                 return plot_distribution(query_output, title, x_label, y_label, file_ending)
                 return plot_distribution(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_win(file_ending: str):
         def plot_win(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT winSize, SUM(winCount) FROM tcp_win GROUP BY winSize")
                 "SELECT winSize, SUM(winCount) FROM tcp_win GROUP BY winSize")
             title = "Window Size Distribution"
             title = "Window Size Distribution"
@@ -755,6 +812,11 @@ class Statistics:
                 return plot_distribution(query_output, title, x_label, y_label, file_ending)
                 return plot_distribution(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_protocol(file_ending: str):
         def plot_protocol(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             plt.gcf().clear()
             plt.gcf().clear()
             result = self.stats_db.process_user_defined_query(
             result = self.stats_db.process_user_defined_query(
                 "SELECT protocolName, SUM(protocolCount) FROM ip_protocols GROUP BY protocolName")
                 "SELECT protocolName, SUM(protocolCount) FROM ip_protocols GROUP BY protocolName")
@@ -784,6 +846,11 @@ class Statistics:
                 print("Error plot protocol: No protocol values found!")
                 print("Error plot protocol: No protocol values found!")
 
 
         def plot_port(file_ending: str):
         def plot_port(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             plt.gcf().clear()
             plt.gcf().clear()
             result = self.stats_db.process_user_defined_query(
             result = self.stats_db.process_user_defined_query(
                 "SELECT portNumber, SUM(portCount) FROM ip_ports GROUP BY portNumber")
                 "SELECT portNumber, SUM(portCount) FROM ip_ports GROUP BY portNumber")
@@ -805,6 +872,11 @@ class Statistics:
 
 
         # This distribution is not drawable for big datasets
         # This distribution is not drawable for big datasets
         def plot_ip_src(file_ending: str):
         def plot_ip_src(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             plt.gcf().clear()
             plt.gcf().clear()
             result = self.stats_db.process_user_defined_query(
             result = self.stats_db.process_user_defined_query(
                 "SELECT ipAddress, pktsSent FROM ip_statistics")
                 "SELECT ipAddress, pktsSent FROM ip_statistics")
@@ -836,6 +908,11 @@ class Statistics:
 
 
         # This distribution is not drawable for big datasets
         # This distribution is not drawable for big datasets
         def plot_ip_dst(file_ending: str):
         def plot_ip_dst(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             plt.gcf().clear()
             plt.gcf().clear()
             result = self.stats_db.process_user_defined_query(
             result = self.stats_db.process_user_defined_query(
                 "SELECT ipAddress, pktsReceived FROM ip_statistics")
                 "SELECT ipAddress, pktsReceived FROM ip_statistics")
@@ -866,6 +943,15 @@ class Statistics:
             return out
             return out
 
 
         def plot_interval_statistics(query_output, title, x_label, y_label, file_ending: str):
         def plot_interval_statistics(query_output, title, x_label, y_label, file_ending: str):
+            """
+            TODO: FILL ME
+            :param query_output:
+            :param title:
+            :param x_label:
+            :param y_label:
+            :param file_ending:
+            :return:
+            """
             plt.gcf().clear()
             plt.gcf().clear()
             graphx, graphy = [], []
             graphx, graphy = [], []
             for row in query_output:
             for row in query_output:
@@ -891,6 +977,11 @@ class Statistics:
             return out
             return out
 
 
         def plot_interval_pkt_count(file_ending: str):
         def plot_interval_pkt_count(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, pktsCount FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, pktsCount FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "Packet Rate"
             title = "Packet Rate"
@@ -900,6 +991,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_ip_src_ent(file_ending: str):
         def plot_interval_ip_src_ent(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, ipSrcEntropy FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, ipSrcEntropy FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "Source IP Entropy"
             title = "Source IP Entropy"
@@ -909,6 +1005,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_ip_dst_ent(file_ending: str):
         def plot_interval_ip_dst_ent(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, ipDstEntropy FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, ipDstEntropy FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "Destination IP Entropy"
             title = "Destination IP Entropy"
@@ -918,6 +1019,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_new_ip(file_ending: str):
         def plot_interval_new_ip(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, newIPCount FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, newIPCount FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "IP Novelty Distribution"
             title = "IP Novelty Distribution"
@@ -927,6 +1033,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_new_port(file_ending: str):
         def plot_interval_new_port(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, newPortCount FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, newPortCount FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "Port Novelty Distribution"
             title = "Port Novelty Distribution"
@@ -936,6 +1047,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_new_ttl(file_ending: str):
         def plot_interval_new_ttl(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, newTTLCount FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, newTTLCount FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "TTL Novelty Distribution"
             title = "TTL Novelty Distribution"
@@ -945,6 +1061,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_new_tos(file_ending: str):
         def plot_interval_new_tos(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, newToSCount FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, newToSCount FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "ToS Novelty Distribution"
             title = "ToS Novelty Distribution"
@@ -954,6 +1075,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_new_win_size(file_ending: str):
         def plot_interval_new_win_size(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, newWinSizeCount FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, newWinSizeCount FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "Window Size Novelty Distribution"
             title = "Window Size Novelty Distribution"
@@ -963,6 +1089,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_new_mss(file_ending: str):
         def plot_interval_new_mss(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             query_output = self.stats_db.process_user_defined_query(
             query_output = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, newMSSCount FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, newMSSCount FROM interval_statistics ORDER BY lastPktTimestamp")
             title = "MSS Novelty Distribution"
             title = "MSS Novelty Distribution"
@@ -972,6 +1103,11 @@ class Statistics:
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
                 return plot_interval_statistics(query_output, title, x_label, y_label, file_ending)
 
 
         def plot_interval_ip_dst_cum_ent(file_ending: str):
         def plot_interval_ip_dst_cum_ent(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             plt.gcf().clear()
             plt.gcf().clear()
             result = self.stats_db.process_user_defined_query(
             result = self.stats_db.process_user_defined_query(
                 "SELECT lastPktTimestamp, ipDstCumEntropy FROM interval_statistics ORDER BY lastPktTimestamp")
                 "SELECT lastPktTimestamp, ipDstCumEntropy FROM interval_statistics ORDER BY lastPktTimestamp")
@@ -1004,6 +1140,11 @@ class Statistics:
                 return out
                 return out
 
 
         def plot_interval_ip_src_cum_ent(file_ending: str):
         def plot_interval_ip_src_cum_ent(file_ending: str):
+            """
+            TODO: FILL ME
+            :param file_ending:
+            :return:
+            """
             plt.gcf().clear()
             plt.gcf().clear()
 
 
             result = self.stats_db.process_user_defined_query(
             result = self.stats_db.process_user_defined_query(

+ 1 - 1
code/ID2TLib/PcapFile.py

@@ -27,7 +27,7 @@ class PcapFile(object):
 
 
     def get_file_hash(self):
     def get_file_hash(self):
         """
         """
-        Returns the hash for the loaded PCAP file. The hash is calculated bsaed on:
+        Returns the hash for the loaded PCAP file. The hash is calculated based on:
 
 
         - the file size in bytes
         - the file size in bytes
         - the first 224*40000 bytes of the file
         - the first 224*40000 bytes of the file

+ 2 - 2
code/ID2TLib/SMB2.py

@@ -2,7 +2,7 @@ import scapy.packet as packet
 import scapy.fields as field
 import scapy.fields as field
 import scapy.layers.netbios as netbios
 import scapy.layers.netbios as netbios
 
 
-
+# TODO: FILL ME
 class SMB2_SYNC_Header(packet.Packet):
 class SMB2_SYNC_Header(packet.Packet):
     namez = "SMB2Negociate Protocol Response Header"
     namez = "SMB2Negociate Protocol Response Header"
     fields_desc = [field.StrFixedLenField("Start", "\xfeSMB", 4),
     fields_desc = [field.StrFixedLenField("Start", "\xfeSMB", 4),
@@ -21,7 +21,7 @@ class SMB2_SYNC_Header(packet.Packet):
                    field.LELongField("Signature2", 0)]
                    field.LELongField("Signature2", 0)]
 
 
 
 
-# No Support of Security Buffer , Padding or Dialect Revision 0x0311
+# TODO: FILL ME Description was not correct anymore
 class SMB2_Negotiate_Protocol_Response(packet.Packet):
 class SMB2_Negotiate_Protocol_Response(packet.Packet):
     namez = "SMB2Negociate Protocol Response"
     namez = "SMB2Negociate Protocol Response"
     fields_desc = [field.LEShortField("StructureSize", 65),
     fields_desc = [field.LEShortField("StructureSize", 65),

+ 4 - 1
code/ID2TLib/TestLibrary.py

@@ -3,10 +3,13 @@ import os
 import random as rnd
 import random as rnd
 
 
 import ID2TLib.Utility as Util
 import ID2TLib.Utility as Util
-
+# Directory of test resource files
 test_resource_dir = Util.TEST_DIR
 test_resource_dir = Util.TEST_DIR
+# Path to reference pcap
 test_pcap = Util.TEST_DIR + "reference_1998.pcap"
 test_pcap = Util.TEST_DIR + "reference_1998.pcap"
+# Several ips in the reference pcap
 test_pcap_ips = ["10.0.2.15", "52.85.173.182"]
 test_pcap_ips = ["10.0.2.15", "52.85.173.182"]
+# Empty array for testing purposes
 test_pcap_empty = []
 test_pcap_empty = []
 
 
 """
 """

+ 9 - 2
code/ID2TLib/Utility.py

@@ -18,21 +18,28 @@ ROOT_DIR = CODE_DIR + "../"
 RESOURCE_DIR = ROOT_DIR + "resources/"
 RESOURCE_DIR = ROOT_DIR + "resources/"
 TEST_DIR = RESOURCE_DIR + "test/"
 TEST_DIR = RESOURCE_DIR + "test/"
 
 
+# List of common operation systems
 platforms = {"win7", "win10", "winxp", "win8.1", "macos", "linux", "win8", "winvista", "winnt", "win2000"}
 platforms = {"win7", "win10", "winxp", "win8.1", "macos", "linux", "win8", "winvista", "winnt", "win2000"}
+# Distribution of common operation systems
 platform_probability = {"win7": 48.43, "win10": 27.99, "winxp": 6.07, "win8.1": 6.07, "macos": 5.94, "linux": 3.38,
 platform_probability = {"win7": 48.43, "win10": 27.99, "winxp": 6.07, "win8.1": 6.07, "macos": 5.94, "linux": 3.38,
                         "win8": 1.35, "winvista": 0.46, "winnt": 0.31}
                         "win8": 1.35, "winvista": 0.46, "winnt": 0.31}
 
 
+# List of no-ops
 x86_nops = {b'\x90', b'\xfc', b'\xfd', b'\xf8', b'\xf9', b'\xf5', b'\x9b'}
 x86_nops = {b'\x90', b'\xfc', b'\xfd', b'\xf8', b'\xf9', b'\xf5', b'\x9b'}
+# List of pseudo no-ops (includes ops which won't change the state e.g. read access)
 x86_pseudo_nops = {b'\x97', b'\x96', b'\x95', b'\x93', b'\x92', b'\x91', b'\x99', b'\x4d', b'\x48', b'\x47', b'\x4f',
 x86_pseudo_nops = {b'\x97', b'\x96', b'\x95', b'\x93', b'\x92', b'\x91', b'\x99', b'\x4d', b'\x48', b'\x47', b'\x4f',
                    b'\x40', b'\x41', b'\x37', b'\x3f', b'\x27', b'\x2f', b'\x46', b'\x4e', b'\x98', b'\x9f', b'\x4a',
                    b'\x40', b'\x41', b'\x37', b'\x3f', b'\x27', b'\x2f', b'\x46', b'\x4e', b'\x98', b'\x9f', b'\x4a',
                    b'\x44', b'\x42', b'\x43', b'\x49', b'\x4b', b'\x45', b'\x4c', b'\x60', b'\x0e', b'\x1e', b'\x50',
                    b'\x44', b'\x42', b'\x43', b'\x49', b'\x4b', b'\x45', b'\x4c', b'\x60', b'\x0e', b'\x1e', b'\x50',
                    b'\x55', b'\x53', b'\x51', b'\x57', b'\x52', b'\x06', b'\x56', b'\x54', b'\x16', b'\x58', b'\x5d',
                    b'\x55', b'\x53', b'\x51', b'\x57', b'\x52', b'\x06', b'\x56', b'\x54', b'\x16', b'\x58', b'\x5d',
                    b'\x5b', b'\x59', b'\x5f', b'\x5a', b'\x5e', b'\xd6'}
                    b'\x5b', b'\x59', b'\x5f', b'\x5a', b'\x5e', b'\xd6'}
+# Characters which result in operational behaviour (e.g. FTPWinaXeExploit.py)
 forbidden_chars = [b'\x00', b'\x0a', b'\x0d']
 forbidden_chars = [b'\x00', b'\x0a', b'\x0d']
 
 
+# Used in get_attacker_config
 attacker_port_mapping = {}
 attacker_port_mapping = {}
+# Used in get_attacker_config
 attacker_ttl_mapping = {}
 attacker_ttl_mapping = {}
-
+# Identifier for attacks
 generic_attack_names = {"attack", "exploit"}
 generic_attack_names = {"attack", "exploit"}
 
 
 
 
@@ -65,7 +72,7 @@ def get_interval_pps(complement_interval_pps, timestamp):
     for row in complement_interval_pps:
     for row in complement_interval_pps:
         if timestamp <= row[0]:
         if timestamp <= row[0]:
             return row[1]
             return row[1]
-    return complement_interval_pps[-1][1]  # in case the timstamp > capture max timestamp
+    return complement_interval_pps[-1][1]  # in case the timestamp > capture max timestamp
 
 
 
 
 def get_nth_random_element(*element_list):
 def get_nth_random_element(*element_list):