monkey/chaos_monkey/network/sshfinger.py

import re
import sys
import socket
import struct
import string
import logging
from network import HostFinger
import socket
import select
from network.tools import check_port_tcp
from model.host import VictimHost

SSH_PORT = 22
SSH_SERVICE = 'tcp-22'
SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
TIMEOUT = 30
BANNER_READ = 1024
LINUX_DIST_SSH = ['ubuntu', 'debian']

class SSHFinger(HostFinger):
    def __init__(self):
        self._config = __import__('config').WormConfiguration
        self._banner_regex = re.compile(SSH_REGEX, re.IGNORECASE)

    def _banner_match(self, host, banner):
        host.services[SSH_SERVICE]['name'] = 'ssh'
        for dist in LINUX_DIST_SSH:
            if banner.lower().find(dist) != -1:
                host.os['type'] = 'linux'
                os_version = banner.split(' ').pop().strip()
                if not host.os.has_key('version'):
                    host.os['version'] = os_version
                else:
                    host.services[SSH_SERVICE]['os-version'] = os_version
                break

    def get_host_fingerprint(self, host):
        assert isinstance(host, VictimHost)

        for service in host.services.values():
            banner = service.get('banner', '')
            if self._banner_regex.search(banner):
                self._banner_match(host, banner)
                return

        is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True)

        if is_open:
            host.services[SSH_SERVICE] = {}

            if banner:
                host.services[SSH_SERVICE]['banner'] = banner
                if self._banner_regex.search(banner):
                    self._banner_match(host, banner)
                return True

        return False
add support for simple fingerprinting by: ping, smb, ssh and open ports 2015-09-29 22:55:54 +08:00			`import re`
			`import sys`
			`import socket`
			`import struct`
			`import string`
			`import logging`
			`from network import HostFinger`
			`import socket`
			`import select`
			`from network.tools import check_port_tcp`
			`from model.host import VictimHost`

			`SSH_PORT = 22`
			`SSH_SERVICE = 'tcp-22'`
			`SSH_REGEX = 'SSH-\d\.\d-OpenSSH'`
			`TIMEOUT = 30`
			`BANNER_READ = 1024`
			`LINUX_DIST_SSH = ['ubuntu', 'debian']`

			`class SSHFinger(HostFinger):`
			`def __init__(self):`
			`self._config = __import__('config').WormConfiguration`
			`self._banner_regex = re.compile(SSH_REGEX, re.IGNORECASE)`

			`def _banner_match(self, host, banner):`
			`host.services[SSH_SERVICE]['name'] = 'ssh'`
			`for dist in LINUX_DIST_SSH:`
			`if banner.lower().find(dist) != -1:`
			`host.os['type'] = 'linux'`
			`os_version = banner.split(' ').pop().strip()`
			`if not host.os.has_key('version'):`
			`host.os['version'] = os_version`
			`else:`
			`host.services[SSH_SERVICE]['os-version'] = os_version`
			`break`

			`def get_host_fingerprint(self, host):`
			`assert isinstance(host, VictimHost)`

			`for service in host.services.values():`
			`banner = service.get('banner', '')`
			`if self._banner_regex.search(banner):`
			`self._banner_match(host, banner)`
			`return`

			`is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True)`

			`if is_open:`
			`host.services[SSH_SERVICE] = {}`

			`if banner:`
			`host.services[SSH_SERVICE]['banner'] = banner`
			`if self._banner_regex.search(banner):`
			`self._banner_match(host, banner)`
			`return True`

			`return False`