Головна сторінка Огляд Довідка
Увійти
stefan.schmidt
/
ID2T-toolkit
відгалужено від SPIN/ID2T-toolkit
3
0
Відгалуження 0
Файли
Переглянути джерело

add ip_dst list support to Portscan

Jens Keim 6 роки тому
батько
beeee8e5af
коміт
745c10ffee
2 змінених файлів з 125 додано та 117 видалено
Розділений вигляд Показати статистику Diff
  1. 8 1
      code/Attack/BaseAttack.py
  2. 117 116
      code/Attack/PortscanAttack.py

+ 8 - 1
code/Attack/BaseAttack.py
Переглянути файл 

@@ -609,9 +609,16 @@ class BaseAttack(metaclass=abc.ABCMeta):
 
         :param ip_destination: destination IP address.
 
         """
 
         equal = False
 
-        if isinstance(ip_source, list):
 
+        if isinstance(ip_source, list) and isinstance(ip_destination, list):
 
+            for ip in ip_source:
 
+                if ip in ip_destination:
 
+                    equal = True
 
+        elif isinstance(ip_source, list):
 
             if ip_destination in ip_source:
 
                 equal = True
 
+        elif isinstance(ip_destination, list):
 
+            if ip_source in ip_destination:
 
+                equal = True
 
         else:
 
             if ip_source == ip_destination:
 
                 equal = True

+ 117 - 116
code/Attack/PortscanAttack.py
Переглянути файл 

@@ -111,126 +111,127 @@ class PortscanAttack(BaseAttack.BaseAttack):
 
         if isinstance(ip_source, list):
 
             ip_source = ip_source[0]
 
         ip_destination = self.get_param_value(atkParam.Parameter.IP_DESTINATION)
 
-        if isinstance(ip_destination, list):
 
-            ip_destination = ip_destination[0]
 
+        if not isinstance(ip_destination, list):
 
+            ip_destination = [ip_destination]
 
 
         # Check ip.src == ip.dst
 
         self.ip_src_dst_equal_check(ip_source, ip_destination)
 
 
-        # Select open ports
 
-        ports_open = self.get_param_value(atkParam.Parameter.PORT_OPEN)
 
-        if ports_open == 1:  # user did not specify open ports
 
-            # the ports that were already used by ip.dst (direction in) in the background traffic are open ports
 
-            ports_used_by_ip_dst = self.statistics.process_db_query(
 
-                "SELECT portNumber FROM ip_ports WHERE portDirection='in' AND ipAddress='" + ip_destination + "'")
 
-            if ports_used_by_ip_dst:
 
-                ports_open = ports_used_by_ip_dst
 
-            else:  # if no ports were retrieved from database
 
-                # Take open ports from nmap-service file
 
-                # ports_temp = self.get_ports_from_nmap_service_dst(100)
 
-                # ports_open = ports_temp[0:rnd.randint(1,10)]
 
-                # OR take open ports from the most used ports in traffic statistics
 
-                ports_open = self.statistics.process_db_query(
 
-                    "SELECT portNumber FROM ip_ports GROUP BY portNumber ORDER BY SUM(portCount) DESC LIMIT " + str(
 
-                        rnd.randint(1, 10)))
 
-        # in case of one open port, convert ports_open to array
 
-        if not isinstance(ports_open, list):
 
-            ports_open = [ports_open]
 
-
 
-        # Set MSS (Maximum Segment Size) based on MSS distribution of IP address
 
-        source_mss_dist = self.statistics.get_mss_distribution(ip_source)
 
-        if len(source_mss_dist) > 0:
 
-            source_mss_prob_dict = lea.Lea.fromValFreqsDict(source_mss_dist)
 
-            source_mss_value = source_mss_prob_dict.random()
 
-        else:
 
-            source_mss_value = Util.handle_most_used_outputs(self.statistics.get_most_used_mss_value())
 
-        destination_mss_dist = self.statistics.get_mss_distribution(ip_destination)
 
-        if len(destination_mss_dist) > 0:
 
-            destination_mss_prob_dict = lea.Lea.fromValFreqsDict(destination_mss_dist)
 
-            destination_mss_value = destination_mss_prob_dict.random()
 
-        else:
 
-            destination_mss_value = Util.handle_most_used_outputs(self.statistics.get_most_used_mss_value())
 
-
 
-        # Set TTL based on TTL distribution of IP address
 
-        source_ttl_dist = self.statistics.get_ttl_distribution(ip_source)
 
-        if len(source_ttl_dist) > 0:
 
-            source_ttl_prob_dict = lea.Lea.fromValFreqsDict(source_ttl_dist)
 
-            source_ttl_value = source_ttl_prob_dict.random()
 
-        else:
 
-            source_ttl_value = Util.handle_most_used_outputs(self.statistics.get_most_used_ttl_value())
 
-        destination_ttl_dist = self.statistics.get_ttl_distribution(ip_destination)
 
-        if len(destination_ttl_dist) > 0:
 
-            destination_ttl_prob_dict = lea.Lea.fromValFreqsDict(destination_ttl_dist)
 
-            destination_ttl_value = destination_ttl_prob_dict.random()
 
-        else:
 
-            destination_ttl_value = Util.handle_most_used_outputs(self.statistics.get_most_used_ttl_value())
 
-
 
-        # Set Window Size based on Window Size distribution of IP address
 
-        source_win_dist = self.statistics.get_win_distribution(ip_source)
 
-        if len(source_win_dist) > 0:
 
-            source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist)
 
-            source_win_value = source_win_prob_dict.random()
 
-        else:
 
-            source_win_value = Util.handle_most_used_outputs(self.statistics.get_most_used_win_size())
 
-        destination_win_dist = self.statistics.get_win_distribution(ip_destination)
 
-        if len(destination_win_dist) > 0:
 
-            destination_win_prob_dict = lea.Lea.fromValFreqsDict(destination_win_dist)
 
-            destination_win_value = destination_win_prob_dict.random()
 
-        else:
 
-            destination_win_value = Util.handle_most_used_outputs(self.statistics.get_most_used_win_size())
 
-
 
-        min_delay, max_delay = self.get_reply_delay(ip_destination)
 
-
 
-        for dport in dest_ports:
 
-            # Parameters changing each iteration
 
-            if self.get_param_value(atkParam.Parameter.IP_SOURCE_RANDOMIZE) and isinstance(ip_source, list):
 
-                ip_source = rnd.choice(ip_source)
 
-
 
-            # 1) Build request package
 
-            request_ether = inet.Ether(src=mac_source, dst=mac_destination)
 
-            request_ip = inet.IP(src=ip_source, dst=ip_destination, ttl=source_ttl_value)
 
-
 
-            # Random src port for each packet
 
-            sport = rnd.randint(1, 65535)
 
-
 
-            request_tcp = inet.TCP(sport=sport, dport=dport, window=source_win_value, flags='S',
 
-                                   options=[('MSS', source_mss_value)])
 
-
 
-            request = (request_ether / request_ip / request_tcp)
 
-
 
-            request.time = timestamp_next_pkt
 
-            # Append request
 
-            self.packets.append(request)
 
-
 
-            # 2) Build reply (for open ports) package
 
-            if dport in ports_open:  # destination port is OPEN
 
-                reply_ether = inet.Ether(src=mac_destination, dst=mac_source)
 
-                reply_ip = inet.IP(src=ip_destination, dst=ip_source, ttl=destination_ttl_value, flags='DF')
 
-                reply_tcp = inet.TCP(sport=dport, dport=sport, seq=0, ack=1, flags='SA', window=destination_win_value,
 
-                                     options=[('MSS', destination_mss_value)])
 
-                reply = (reply_ether / reply_ip / reply_tcp)
 
-
 
-                timestamp_reply = Util.update_timestamp(timestamp_next_pkt, pps, min_delay)
 
-                while timestamp_reply <= timestamp_prv_reply:
 
-                    timestamp_reply = Util.update_timestamp(timestamp_prv_reply, pps, min_delay)
 
-                timestamp_prv_reply = timestamp_reply
 
-
 
-                reply.time = timestamp_reply
 
-                self.packets.append(reply)
 
-
 
-                # requester confirms
 
-                confirm_ether = request_ether
 
-                confirm_ip = request_ip
 
-                confirm_tcp = inet.TCP(sport=sport, dport=dport, seq=1, window=0, flags='R')
 
-                confirm = (confirm_ether / confirm_ip / confirm_tcp)
 
-                timestamp_confirm = Util.update_timestamp(timestamp_reply, pps, min_delay)
 
-                confirm.time = timestamp_confirm
 
-                self.packets.append(confirm)
 
-
 
-                # else: destination port is NOT OPEN -> no reply is sent by target
 
-
 
-            pps = max(Util.get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
 
-            timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps)
 
+        for ip in ip_destination:
 
+            # Select open ports
 
+            ports_open = self.get_param_value(atkParam.Parameter.PORT_OPEN)
 
+            if ports_open == 1:  # user did not specify open ports
 
+                # the ports that were already used by ip.dst (direction in) in the background traffic are open ports
 
+                ports_used_by_ip_dst = self.statistics.process_db_query(
 
+                    "SELECT portNumber FROM ip_ports WHERE portDirection='in' AND ipAddress='" + ip + "'")
 
+                if ports_used_by_ip_dst:
 
+                    ports_open = ports_used_by_ip_dst
 
+                else:  # if no ports were retrieved from database
 
+                    # Take open ports from nmap-service file
 
+                    # ports_temp = self.get_ports_from_nmap_service_dst(100)
 
+                    # ports_open = ports_temp[0:rnd.randint(1,10)]
 
+                    # OR take open ports from the most used ports in traffic statistics
 
+                    ports_open = self.statistics.process_db_query(
 
+                        "SELECT portNumber FROM ip_ports GROUP BY portNumber ORDER BY SUM(portCount) DESC LIMIT " + str(
 
+                            rnd.randint(1, 10)))
 
+            # in case of one open port, convert ports_open to array
 
+            if not isinstance(ports_open, list):
 
+                ports_open = [ports_open]
 
+
 
+            # Set MSS (Maximum Segment Size) based on MSS distribution of IP address
 
+            source_mss_dist = self.statistics.get_mss_distribution(ip_source)
 
+            if len(source_mss_dist) > 0:
 
+                source_mss_prob_dict = lea.Lea.fromValFreqsDict(source_mss_dist)
 
+                source_mss_value = source_mss_prob_dict.random()
 
+            else:
 
+                source_mss_value = Util.handle_most_used_outputs(self.statistics.get_most_used_mss_value())
 
+            destination_mss_dist = self.statistics.get_mss_distribution(ip)
 
+            if len(destination_mss_dist) > 0:
 
+                destination_mss_prob_dict = lea.Lea.fromValFreqsDict(destination_mss_dist)
 
+                destination_mss_value = destination_mss_prob_dict.random()
 
+            else:
 
+                destination_mss_value = Util.handle_most_used_outputs(self.statistics.get_most_used_mss_value())
 
+
 
+            # Set TTL based on TTL distribution of IP address
 
+            source_ttl_dist = self.statistics.get_ttl_distribution(ip_source)
 
+            if len(source_ttl_dist) > 0:
 
+                source_ttl_prob_dict = lea.Lea.fromValFreqsDict(source_ttl_dist)
 
+                source_ttl_value = source_ttl_prob_dict.random()
 
+            else:
 
+                source_ttl_value = Util.handle_most_used_outputs(self.statistics.get_most_used_ttl_value())
 
+            destination_ttl_dist = self.statistics.get_ttl_distribution(ip)
 
+            if len(destination_ttl_dist) > 0:
 
+                destination_ttl_prob_dict = lea.Lea.fromValFreqsDict(destination_ttl_dist)
 
+                destination_ttl_value = destination_ttl_prob_dict.random()
 
+            else:
 
+                destination_ttl_value = Util.handle_most_used_outputs(self.statistics.get_most_used_ttl_value())
 
+
 
+            # Set Window Size based on Window Size distribution of IP address
 
+            source_win_dist = self.statistics.get_win_distribution(ip_source)
 
+            if len(source_win_dist) > 0:
 
+                source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist)
 
+                source_win_value = source_win_prob_dict.random()
 
+            else:
 
+                source_win_value = Util.handle_most_used_outputs(self.statistics.get_most_used_win_size())
 
+            destination_win_dist = self.statistics.get_win_distribution(ip)
 
+            if len(destination_win_dist) > 0:
 
+                destination_win_prob_dict = lea.Lea.fromValFreqsDict(destination_win_dist)
 
+                destination_win_value = destination_win_prob_dict.random()
 
+            else:
 
+                destination_win_value = Util.handle_most_used_outputs(self.statistics.get_most_used_win_size())
 
+
 
+            min_delay, max_delay = self.get_reply_delay(ip)
 
+
 
+            for dport in dest_ports:
 
+                # Parameters changing each iteration
 
+                if self.get_param_value(atkParam.Parameter.IP_SOURCE_RANDOMIZE) and isinstance(ip_source, list):
 
+                    ip_source = rnd.choice(ip_source)
 
+
 
+                # 1) Build request package
 
+                request_ether = inet.Ether(src=mac_source, dst=mac_destination)
 
+                request_ip = inet.IP(src=ip_source, dst=ip, ttl=source_ttl_value)
 
+
 
+                # Random src port for each packet
 
+                sport = rnd.randint(1, 65535)
 
+
 
+                request_tcp = inet.TCP(sport=sport, dport=dport, window=source_win_value, flags='S',
 
+                                       options=[('MSS', source_mss_value)])
 
+
 
+                request = (request_ether / request_ip / request_tcp)
 
+
 
+                request.time = timestamp_next_pkt
 
+                # Append request
 
+                self.packets.append(request)
 
+
 
+                # 2) Build reply (for open ports) package
 
+                if dport in ports_open:  # destination port is OPEN
 
+                    reply_ether = inet.Ether(src=mac_destination, dst=mac_source)
 
+                    reply_ip = inet.IP(src=ip, dst=ip_source, ttl=destination_ttl_value, flags='DF')
 
+                    reply_tcp = inet.TCP(sport=dport, dport=sport, seq=0, ack=1, flags='SA', window=destination_win_value,
 
+                                         options=[('MSS', destination_mss_value)])
 
+                    reply = (reply_ether / reply_ip / reply_tcp)
 
+
 
+                    timestamp_reply = Util.update_timestamp(timestamp_next_pkt, pps, min_delay)
 
+                    while timestamp_reply <= timestamp_prv_reply:
 
+                        timestamp_reply = Util.update_timestamp(timestamp_prv_reply, pps, min_delay)
 
+                    timestamp_prv_reply = timestamp_reply
 
+
 
+                    reply.time = timestamp_reply
 
+                    self.packets.append(reply)
 
+
 
+                    # requester confirms
 
+                    confirm_ether = request_ether
 
+                    confirm_ip = request_ip
 
+                    confirm_tcp = inet.TCP(sport=sport, dport=dport, seq=1, window=0, flags='R')
 
+                    confirm = (confirm_ether / confirm_ip / confirm_tcp)
 
+                    timestamp_confirm = Util.update_timestamp(timestamp_reply, pps, min_delay)
 
+                    confirm.time = timestamp_confirm
 
+                    self.packets.append(confirm)
 
+
 
+                    # else: destination port is NOT OPEN -> no reply is sent by target
 
+
 
+                pps = max(Util.get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10)
 
+                timestamp_next_pkt = Util.update_timestamp(timestamp_next_pkt, pps)
 
 
     def generate_attack_pcap(self):
 
         """