This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository mum. See http://git.chorem.org/mum.git commit 639391c7338c194c33196c8ec6ed91a226f06687 Author: Alexis Guilbaud <guilbaud@codelutin.com> Date: Thu Apr 9 11:07:28 2015 +0200 detection module open_ports_detection added + bug fix on init_conn: now the port is well pre-configured --- app/module_loader.py | 2 ++ .../detection_modules/open_ports_detection.py | 26 ++++++++++++++++++++++ app/modules/storage_modules/shelve_db.py | 11 ++++----- 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/app/module_loader.py b/app/module_loader.py index 6841807..0e89ef1 100644 --- a/app/module_loader.py +++ b/app/module_loader.py @@ -81,8 +81,10 @@ class ModuleLoader: modules.HostNotFoundException) try: if re.search('^\d{1,3}(-\d{1,3})?[.]\d{1,3}(-\d{1,3})?[.]\d{1,3}(-\d{1,3})?[.]\d{1,3}(-\d{1,3})?$', param): + # the parameter is an IP range ip_range = nmap_mod_instance.check_ip_range(param) else: + # the parameter is not an IP range, so we considere it as an hostname. ip_range = nmap_mod_instance.launch_detection_with_hostname(param) return ip_range except modules.HostNotFoundException.HostNotFoundException as hnfe: diff --git a/app/modules/detection_modules/open_ports_detection.py b/app/modules/detection_modules/open_ports_detection.py new file mode 100644 index 0000000..9a39bc5 --- /dev/null +++ b/app/modules/detection_modules/open_ports_detection.py @@ -0,0 +1,26 @@ +__author__ = 'aguilbaud' +import json + +compatible_os = ['linux', 'unix'] + + +def run_detection(conn, db): + cmd = "netstat -tuln" + stdout = conn.exec_command(cmd) + dict_total = {} + l_number = 0 + for line in stdout.splitlines(): + # we ignore the first 2 lines which contains no information + if l_number < 2: + l_number += 1 + else: + fields = line.split() + if fields[0] not in dict_total: + dict_total[fields[0]] = [] + """ + ip_fields = fields[3].split(':') # x.x.x.x:port if IPv4, :::port if IPv6 + port_number = ip_fields[len(ip_fields) - 1] + dict_total[fields[0]].append(port_number) + """ + dict_total[fields[0]].append(fields[3]) + db.save_detection(conn.get_addr_host(), "open_ports_detection", json.dumps(dict_total)) \ No newline at end of file diff --git a/app/modules/storage_modules/shelve_db.py b/app/modules/storage_modules/shelve_db.py index 98487f8..01f1f78 100644 --- a/app/modules/storage_modules/shelve_db.py +++ b/app/modules/storage_modules/shelve_db.py @@ -196,17 +196,18 @@ class shelve_db: 'params': {param1: type1, param2: type2, ...} } } - :return: + :return: a dictionary containing: + {conn_mod_name: {'priority': int, 'port': int, param1: None, param2: None, ...}, ...} """ dict_conn = {} for port in dict_nmap_res['openports']: if port["portname"] in conn_infos: - dict_conn[port["portname"]] = { - "priority": 0, - "port": int(port["portid"]) - } + # if this open port is part of the loaded connections + dict_conn[port["portname"]] = {} for param in conn_infos[port["portname"]]['params']: dict_conn[port["portname"]][param] = None + dict_conn[port["portname"]]["priority"] = 0 + dict_conn[port["portname"]]["port"] = int(port["portid"]) return dict_conn def get_conn_param(self, args): -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.