monkey/chaos_monkey/network/httpfinger.py

from network import HostFinger


class HTTPFinger(HostFinger):
    """
    Goal is to recognise HTTP servers, where what we currently care about is apache.
    """

    def __init__(self):
        self._config = __import__('config').WormConfiguration
        self.HTTP = [(port, str(port)) for port in self._config.HTTP_PORTS]

    @staticmethod
    def _banner_match(service, host, banner):
        pass

    def get_host_fingerprint(self, host):
        assert isinstance(host, VictimHost)
        from requests import get
        from requests.exceptions import Timeout, ConnectionError
        from contextlib import closing

        for port in self.HTTP:
            # check both http and https
            http = "http://" + host.ip_addr + ":" + port[1]
            https = "https://" + host.ip_addr + ":" + port[1]

            # try http, we don't optimise for 443
            for url in (http, https):
                try:
                    with closing(get(url, verify=False, timeout=1, stream=True)) as req:
                        server = req.headers.get('Server')
                        host.services['tcp-' + port[1]] = server
                        break  # https will be the same on the same port
                except Timeout:
                    pass
                except ConnectionError:  # Someone doesn't like us
                    pass

        return True
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00			`from network import HostFinger`


			`class HTTPFinger(HostFinger):`
PEP8 2016-08-25 20:45:47 +08:00			`"""`
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00			`Goal is to recognise HTTP servers, where what we currently care about is apache.`
PEP8 2016-08-25 20:45:47 +08:00			`"""`

Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00			`def __init__(self):`
			`self._config = __import__('config').WormConfiguration`
PEP8 2016-08-25 20:45:47 +08:00			`self.HTTP = [(port, str(port)) for port in self._config.HTTP_PORTS]`
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00
			`@staticmethod`
			`def _banner_match(service, host, banner):`
			`pass`

			`def get_host_fingerprint(self, host):`
			`assert isinstance(host, VictimHost)`
			`from requests import get`
PEP8 2016-08-25 20:45:47 +08:00			`from requests.exceptions import Timeout, ConnectionError`
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00			`from contextlib import closing`

Fixed some bugs in HTTP fingerprinting 2016-08-25 20:43:59 +08:00			`for port in self.HTTP:`
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00			`# check both http and https`
PEP8 2016-08-25 20:45:47 +08:00			`http = "http://" + host.ip_addr + ":" + port[1]`
			`https = "https://" + host.ip_addr + ":" + port[1]`
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00
			`# try http, we don't optimise for 443`
Fixed some bugs in HTTP fingerprinting 2016-08-25 20:43:59 +08:00			`for url in (http, https):`
			`try:`
			`with closing(get(url, verify=False, timeout=1, stream=True)) as req:`
			`server = req.headers.get('Server')`
PEP8 2016-08-25 20:45:47 +08:00			`host.services['tcp-' + port[1]] = server`
			`break # https will be the same on the same port`
Fixed some bugs in HTTP fingerprinting 2016-08-25 20:43:59 +08:00			`except Timeout:`
			`pass`
PEP8 2016-08-25 20:45:47 +08:00			`except ConnectionError: # Someone doesn't like us`
Fixed some bugs in HTTP fingerprinting 2016-08-25 20:43:59 +08:00			`pass`
Added basic HTTP fingering by using banner grabbing 2016-08-24 23:31:16 +08:00
PEP8 2016-08-25 20:45:47 +08:00			`return True`