├── .gitignore ├── .travis.yml ├── Dockerfile ├── LICENSE ├── README.md ├── config.json ├── config ├── config.go └── options.go ├── controllers ├── controller.go ├── hosts.go ├── iface.go ├── job.go ├── logger.go ├── networks.go ├── params.go ├── ports.go ├── render.go └── services.go ├── daemon.go ├── helpers ├── ctx │ └── ctx.go ├── host_fetcher.go └── net │ ├── network.go │ └── network_test.go ├── models ├── ap.go ├── capture.go ├── client.go ├── db.go ├── discovery_job.go ├── host.go ├── iface.go ├── init.go ├── internal │ ├── base.go │ └── db.go ├── job.go ├── job_test.go ├── jobs │ └── output_holder.go ├── network.go ├── port.go ├── process_job.go ├── process_unix_test.go ├── radar_job.go └── service.go ├── tools ├── network-radar.go └── network-radar │ ├── analyzer.go │ ├── analyzer_test.go │ ├── ctx.go │ ├── host_fetcher.go │ ├── host_receiver.go │ ├── model │ └── walker.go │ ├── netbios │ └── nb.go │ ├── network-radar.go │ ├── prober.go │ └── prober_test.go └── views ├── ap.go ├── client.go ├── host.go ├── iface.go ├── job.go ├── network.go ├── port.go ├── service.go └── view.go /.gitignore: -------------------------------------------------------------------------------- 1 | ### Go template 2 | # Compiled Object files, Static and Dynamic libs (Shared Objects) 3 | *.o 4 | *.a 5 | *.so 6 | 7 | # Folders 8 | _obj 9 | _test 10 | 11 | # Architecture specific extensions/prefixes 12 | *.[568vq] 13 | [568vq].out 14 | 15 | *.cgo1.go 16 | *.cgo2.c 17 | _cgo_defun.c 18 | _cgo_gotypes.go 19 | _cgo_export.* 20 | 21 | _testmain.go 22 | 23 | *.exe 24 | *.test 25 | *.prof 26 | ### JetBrains template 27 | .idea/ 28 | 29 | ## File-based project format: 30 | *.iws 31 | 32 | ## Plugin-specific files: 33 | 34 | # IntelliJ 35 | /out/ 36 | 37 | # mpeltonen/sbt-idea plugin 38 | .idea_modules/ 39 | 40 | # JIRA plugin 41 | atlassian-ide-plugin.xml 42 | 43 | # Crashlytics plugin (for Android Studio and IntelliJ) 44 | com_crashlytics_export_strings.xml 45 | crashlytics.properties 46 | crashlytics-build.properties 47 | fabric.properties 48 | # Created by .ignore support plugin (hsz.mobi) 49 | 50 | sample_nmap_out.xml 51 | *.tar.gz 52 | *.db -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | sudo: required 4 | 5 | addons: 6 | apt: 7 | packages: 8 | - libpcap-dev 9 | env: 10 | - CSPLOIT_CONFIG="${TRAVIS_BUILD_DIR}/config.json" 11 | 12 | notifications: 13 | slack: 14 | rooms: 15 | - csploit:BYr15dcnal0Dm6UZRafBqWSC#travis 16 | 17 | services: 18 | - docker 19 | 20 | script: 21 | - docker build -t csploit . 22 | - docker run -d csploit 23 | - docker ps -a 24 | - go build -v 25 | - go test -v ./... 26 | - go test -v ./tools/... 27 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine 2 | 3 | MAINTAINER DeveloppSoft 4 | 5 | RUN apk --update add libpcap-dev git alpine-sdk 6 | RUN rm -f /var/cache/apk/* 7 | 8 | RUN mkdir -p /go/src/github.com/cSploit/daemon 9 | ADD . /go/src/github.com/cSploit/daemon 10 | 11 | WORKDIR /go/src/github.com/cSploit/daemon 12 | 13 | RUN go get -v ./... 14 | RUN go build 15 | 16 | CMD ./daemon 17 | 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | cSploit daemon 2 | ============== 3 | 4 | [![Build Status](https://travis-ci.org/cSploit/daemon.svg?branch=develop)](https://travis-ci.org/cSploit/daemon) 5 | 6 | This is the core of the cSploit project. 7 | It has been made to manage, provide, find and work with found resources. 8 | 9 | As of now this software does not work, it's just a preview to 10 | perform an hand-off of the work as I found other devs that want to contribute. 11 | 12 | Just run it 13 | ----------- 14 | > ** Coming soon! ** ( docker run ... ) 15 | 16 | 17 | Env setup 18 | --------- 19 | 20 | To work with Go lang you need to specify a path where Go will download 21 | the required modules: `export GOPATH="$HOME/.gocode"` for instance. 22 | 23 | Install `libpcap-dev libc-dev gcc git go` packages, 24 | then get the sources `go get -t -u github.com/cSploit/daemon`. 25 | 26 | After that sources are ready to be modified or built at `$GOPATH/src/github.com/cSploit/daemon`. 27 | 28 | **Next commands assumes that your current cirectory is that one.** 29 | 30 | Development 31 | ------- 32 | 33 | To build the daemon run: 34 | 35 | ```bash 36 | go build -i . 37 | ``` 38 | 39 | To run tests simply run: 40 | 41 | ```bash 42 | go test -v ./... # run all tests 43 | go test -v ./tools/... # run all tests in 'tools' 44 | ``` 45 | 46 | To start the daemon: 47 | 48 | ```bash 49 | sudo ./daemon # root needed to sniff packets 50 | ``` 51 | 52 | And read nmap output from a file called `sample_nmap_out.xml`. 53 | you can generate it by running `nmap -oX sample_nmap_out.xml -sV -T4 -O 192.168.0.0/24`. 54 | 55 | Fork all the things! 56 | ----------- 57 | You can manage your fork while contributing to the project, give [this](https://splice.com/blog/contributing-open-source-git-repositories-go/) a read :wink: . 58 | In this way you can easily make pull rquests and experiments. 59 | 60 | 61 | Tricks 62 | ----------- 63 | 64 | In IntellijIDEA ( which I suggest you to use ) open the project from 65 | `$GOPATH/src/github.com/cSploit/daemon` and you're ready to *Go*! 66 | -------------------------------------------------------------------------------- /config.json: -------------------------------------------------------------------------------- 1 | { 2 | "db": { 3 | "dialect": "sqlite3", 4 | "args": [ 5 | "./dev.db?_busy_timeout=5000" 6 | ] 7 | }, 8 | "scan": { 9 | "passive": true 10 | } 11 | } -------------------------------------------------------------------------------- /config/config.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package config 19 | 20 | import ( 21 | "encoding/json" 22 | "io/ioutil" 23 | ) 24 | 25 | type DbConfig struct { 26 | Dialect string `json:"dialect"` 27 | Args []interface{} `josn:"args"` 28 | } 29 | 30 | type ScanConfig struct { 31 | Passive bool `json:"passive"` 32 | } 33 | 34 | type Config struct { 35 | Db DbConfig `json:"db"` 36 | Scan ScanConfig `json:"scan"` 37 | } 38 | 39 | // global configuration object 40 | var Conf Config 41 | 42 | func LoadFrom(fpath string) error { 43 | var content []byte 44 | var err error 45 | 46 | if content, err = ioutil.ReadFile(fpath); err != nil { 47 | return err 48 | } 49 | 50 | if err = json.Unmarshal(content, &Conf); err != nil { 51 | return err 52 | } 53 | 54 | return nil 55 | } 56 | 57 | func Load() error { 58 | return LoadFrom(configPath) 59 | } 60 | -------------------------------------------------------------------------------- /config/options.go: -------------------------------------------------------------------------------- 1 | package config 2 | 3 | import ( 4 | "flag" 5 | "github.com/ianschenck/envflag" 6 | ) 7 | 8 | var configPath string 9 | 10 | func init() { 11 | const ( 12 | configPathDefault = "config.json" 13 | configPathUsage = "path to config file" 14 | ) 15 | 16 | env_prefix := "CSPLOIT_" 17 | 18 | flag.StringVar(&configPath, "config", configPathDefault, configPathUsage) 19 | flag.StringVar(&configPath, "c", configPathDefault, configPathUsage) 20 | envflag.StringVar(&configPath, env_prefix+"CONFIG", configPathDefault, configPathUsage) 21 | } 22 | -------------------------------------------------------------------------------- /controllers/controller.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package controllers 19 | 20 | import "github.com/gin-gonic/gin" 21 | 22 | type Controller struct { 23 | EntityName string 24 | Create, Index, Show, Update, Delete gin.HandlerFunc 25 | } 26 | 27 | func (ctrl Controller) Setup(r gin.IRouter) { 28 | id_path := "/:" + ctrl.EntityName + "_" + idLabel 29 | 30 | if ctrl.Index != nil { 31 | r.GET("/", ctrl.Index) 32 | } 33 | if ctrl.Create != nil { 34 | r.POST("/", ctrl.Create) 35 | } 36 | if ctrl.Show != nil { 37 | r.GET(id_path, ctrl.Show) 38 | } 39 | if ctrl.Update != nil { 40 | r.PATCH(id_path, ctrl.Update) 41 | r.PUT(id_path, ctrl.Update) 42 | } 43 | if ctrl.Delete != nil { 44 | r.DELETE(id_path, ctrl.Delete) 45 | } 46 | } 47 | 48 | func (ctrl Controller) NestedGroup(r gin.IRouter, relativePath string, args ...gin.HandlerFunc) *gin.RouterGroup { 49 | id_path := "/:" + ctrl.EntityName + "_" + idLabel 50 | return r.Group(id_path+relativePath, args...) 51 | } 52 | -------------------------------------------------------------------------------- /controllers/hosts.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package controllers 19 | 20 | import ( 21 | "github.com/cSploit/daemon/models" 22 | "github.com/cSploit/daemon/views" 23 | "github.com/gin-gonic/gin" 24 | ) 25 | 26 | var HostsController = Controller{ 27 | EntityName: "host", 28 | Index: hostsIndex, 29 | Show: hostsShow, 30 | } 31 | 32 | func hostsIndex(c *gin.Context) { 33 | 34 | hosts := make([]models.Host, 0) 35 | db := models.GetDbInstance() 36 | 37 | dbRes := db.Preload("Ports", "state = ?", "open").Find(&hosts) 38 | 39 | renderView(c, views.HostsIndex, hosts, dbRes) 40 | } 41 | 42 | func hostsShow(c *gin.Context) { 43 | var id uint64 44 | 45 | if err := fetchId(c, "host", &id); err != nil { 46 | return 47 | } 48 | 49 | db := models.GetDbInstance() 50 | 51 | var host models.Host 52 | 53 | dbRes := db.Preload("Ports").Preload("Ports.Service"). 54 | Preload("Network").Find(&host, id) 55 | 56 | renderView(c, views.HostsShow, host, dbRes) 57 | } 58 | -------------------------------------------------------------------------------- /controllers/iface.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "github.com/cSploit/daemon/helpers" 5 | "github.com/cSploit/daemon/models" 6 | "github.com/cSploit/daemon/tools/network-radar" 7 | "github.com/cSploit/daemon/views" 8 | "github.com/gin-gonic/gin" 9 | "github.com/vektra/errors" 10 | "net" 11 | "net/http" 12 | "strconv" 13 | ) 14 | 15 | var IfaceController = Controller{ 16 | EntityName: "iface", 17 | Index: ifaceIndex, 18 | Show: ifaceShow, 19 | //TODO: methods ( POST /ifaces/1/scan ) [ gutron ] 20 | } 21 | 22 | var radars = make(map[uint]network_radar.NetworkRadar) 23 | 24 | func ifaceIndex(c *gin.Context) { 25 | var ifaces []models.Iface 26 | 27 | db := models.GetDbInstance().Find(&ifaces) 28 | 29 | renderView(c, views.IfaceIndex, ifaces, db) 30 | } 31 | 32 | func ifaceShow(c *gin.Context) { 33 | var id uint64 34 | 35 | if fetchId(c, "iface", &id) != nil { 36 | return 37 | } 38 | 39 | iface := models.Iface{} 40 | 41 | db := models.GetDbInstance().Find(&iface, id) 42 | 43 | renderView(c, views.IfaceShow, iface, db) 44 | } 45 | 46 | func IfaceScan(c *gin.Context) { 47 | var id uint64 48 | var err error 49 | var job *models.Job 50 | var passive = false 51 | var netIface *net.Interface 52 | 53 | if fetchId(c, "iface", &id) != nil { 54 | return 55 | } 56 | 57 | iface := &models.Iface{} 58 | 59 | db := models.GetDbInstance(). 60 | Preload("Jobs", "? = type AND finished_at = NULL", models.RadarJobKind). 61 | Find(iface, id) 62 | 63 | if db.Error != nil { 64 | goto done 65 | } 66 | 67 | if len(iface.Jobs) > 0 { 68 | db.Error = errors.Format("Radar already running") 69 | goto done 70 | } 71 | 72 | if arg, haveIt := c.GetPostForm("passive"); haveIt { 73 | if passive, err = strconv.ParseBool(arg); err != nil { 74 | db.Error = err 75 | goto error 76 | } 77 | } 78 | 79 | if netIface, err = net.InterfaceByName(iface.Name); err != nil { 80 | goto error 81 | } 82 | 83 | if job, err = IfaceScanz(iface, netIface, passive); err == nil { 84 | goto done 85 | } 86 | 87 | error: 88 | log.Error(err) 89 | c.AbortWithStatus(http.StatusInternalServerError) 90 | 91 | return 92 | 93 | done: 94 | 95 | renderView(c, views.JobShow, job, db) 96 | } 97 | 98 | // just an hack, will improve it when will switch to gutron 99 | func IfaceScanz(model *models.Iface, iface *net.Interface, passive bool) (*models.Job, error) { 100 | 101 | nr := network_radar.NetworkRadar{ 102 | Iface: iface, 103 | Passive: passive, 104 | Receiver: models.NotifyHostSeen, 105 | Fetcher: helpers.BaseFetcher, 106 | } 107 | 108 | if err := nr.Start(); err != nil { 109 | return nil, err 110 | } 111 | 112 | job := &models.Job{} 113 | radarJob := &models.RadarJob{Job: *job} 114 | 115 | job.Ifaces = append(job.Ifaces, *model) 116 | 117 | if err := models.GetDbInstance().Save(radarJob).Error; err != nil { 118 | return nil, err 119 | } 120 | 121 | radars[radarJob.ID] = nr 122 | 123 | job.Radar = radarJob //FIXME: is this necessary ? 124 | 125 | return job, nil 126 | } 127 | -------------------------------------------------------------------------------- /controllers/job.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models" 5 | "github.com/cSploit/daemon/views" 6 | "github.com/gin-gonic/gin" 7 | "gopkg.in/oleiade/reflections.v1" 8 | "reflect" 9 | "strings" 10 | ) 11 | 12 | func init() { 13 | j := models.Job{} 14 | 15 | fields, _ := reflections.Fields(j) 16 | 17 | for _, f := range fields { 18 | if tag, e := reflections.GetFieldTag(j, f, "gorm"); e == nil && strings.Contains(tag, "many2many") { 19 | v, _ := reflections.GetField(j, f) // []Host 20 | t := reflect.TypeOf(v).Elem() // Host 21 | 22 | jobRelationships = append(jobRelationships, t) 23 | } 24 | } 25 | } 26 | 27 | // contains Types detected as affected entities 28 | var jobRelationships = make([]reflect.Type, 0) 29 | 30 | var JobController = Controller{ 31 | EntityName: "job", 32 | Index: jobIndex, 33 | Show: jobShow, 34 | } 35 | 36 | func jobIndex(c *gin.Context) { 37 | var id uint64 38 | var found []models.Job 39 | 40 | db := models.GetDbInstance() 41 | 42 | // if a entity_id is available in the URL use it to restrict the searched jobs 43 | 44 | for _, eType := range jobRelationships { 45 | name := strings.ToLower(eType.Name()) 46 | if getId(c, name, &id) == nil { 47 | entityPtr := reflect.New(eType).Interface() 48 | if err := reflections.SetField(entityPtr, "ID", uint(id)); err != nil { 49 | db.Error = err 50 | goto fetched 51 | } 52 | 53 | ass := db.Model(entityPtr).Association("Jobs") 54 | 55 | if ass.Error != nil { 56 | db.Error = ass.Error 57 | goto fetched 58 | } 59 | 60 | db.Error = ass.Find(&found).Error 61 | goto fetched 62 | } 63 | } 64 | 65 | db = db.Find(&found) 66 | 67 | fetched: 68 | 69 | renderView(c, views.JobIndex, found, db) 70 | } 71 | 72 | func jobShow(c *gin.Context) { 73 | var id uint64 74 | var j models.Job 75 | 76 | if fetchId(c, "job", &id) != nil { 77 | return 78 | } 79 | 80 | db := models.GetDbInstance().Find(&j, id) 81 | 82 | renderView(c, views.JobShow, j, db) 83 | } 84 | -------------------------------------------------------------------------------- /controllers/logger.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package controllers 19 | 20 | import "github.com/op/go-logging" 21 | 22 | var log = logging.MustGetLogger("controller") 23 | -------------------------------------------------------------------------------- /controllers/networks.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package controllers 19 | 20 | import ( 21 | "github.com/cSploit/daemon/models" 22 | "github.com/cSploit/daemon/views" 23 | "github.com/gin-gonic/gin" 24 | ) 25 | 26 | var NetworkController = Controller{ 27 | EntityName: "network", 28 | Index: networksIndex, 29 | Show: networksShow, 30 | } 31 | 32 | func networksIndex(c *gin.Context) { 33 | db := models.GetDbInstance() 34 | var networks []models.Network 35 | 36 | dbRes := db.Find(&networks) 37 | 38 | renderView(c, views.NetworkIndex, networks, dbRes) 39 | } 40 | 41 | func networksShow(c *gin.Context) { 42 | db := models.GetDbInstance() 43 | var network models.Network 44 | var id uint64 45 | 46 | if fetchId(c, "network", &id) != nil { 47 | return 48 | } 49 | 50 | dbRes := db.Preload("Hosts").Find(&network, id) 51 | 52 | renderView(c, views.NetworkShow, network, dbRes) 53 | } 54 | -------------------------------------------------------------------------------- /controllers/params.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package controllers 19 | 20 | import ( 21 | "errors" 22 | "github.com/gin-gonic/gin" 23 | "net/http" 24 | "strconv" 25 | ) 26 | 27 | const idLabel = "id" 28 | 29 | func fetchId(c *gin.Context, entityName string, id *uint64) (e error) { 30 | if e = getId(c, entityName, id); e != nil { 31 | c.AbortWithError(http.StatusBadRequest, e) 32 | } 33 | 34 | return 35 | } 36 | 37 | func getId(c *gin.Context, entityName string, id *uint64) (e error) { 38 | var i uint64 39 | path := entityName + "_" + idLabel 40 | 41 | if s, exists := c.Params.Get(path); exists { 42 | if i, e = strconv.ParseUint(s, 10, 64); e == nil { 43 | *id = i 44 | } 45 | } else { 46 | e = errors.New(path + " not found") 47 | } 48 | return 49 | } 50 | -------------------------------------------------------------------------------- /controllers/ports.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package controllers 19 | 20 | import ( 21 | "github.com/cSploit/daemon/models" 22 | "github.com/cSploit/daemon/views" 23 | "github.com/gin-gonic/gin" 24 | ) 25 | 26 | var PortsController = Controller{ 27 | EntityName: "port", 28 | Index: portsIndex, 29 | Show: portsShow, 30 | } 31 | 32 | func portsIndex(c *gin.Context) { 33 | var ports []models.Port 34 | var host_id uint64 35 | 36 | db := models.GetDbInstance() 37 | 38 | if fetchId(c, "host", &host_id) != nil { 39 | return 40 | } 41 | 42 | dbRes := db.Preload("Service").Where("host_id = ?", host_id).Find(&ports) 43 | 44 | renderView(c, views.PortIndex, ports, dbRes) 45 | } 46 | 47 | func portsShow(c *gin.Context) { 48 | var port models.Port 49 | var host_id uint64 50 | var id uint64 51 | 52 | db := models.GetDbInstance() 53 | 54 | if fetchId(c, "host", &host_id) != nil { 55 | return 56 | } 57 | 58 | if fetchId(c, "port", &id) != nil { 59 | return 60 | } 61 | 62 | dbRes := db.Preload("Service").Where("host_id = ?", host_id).Find(&port, id) 63 | 64 | renderView(c, views.PortShow, port, dbRes) 65 | } 66 | -------------------------------------------------------------------------------- /controllers/render.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package controllers 19 | 20 | import ( 21 | "github.com/cSploit/daemon/views" 22 | "github.com/gin-gonic/gin" 23 | "github.com/jinzhu/gorm" 24 | "net/http" 25 | ) 26 | 27 | func renderView(c *gin.Context, render views.RenderFunc, args interface{}, dbResult *gorm.DB) { 28 | 29 | var err error 30 | var res interface{} 31 | 32 | if dbResult != nil { 33 | if dbResult.RecordNotFound() { 34 | c.AbortWithStatus(http.StatusNotFound) 35 | return 36 | } else if dbResult.Error != nil { 37 | err = dbResult.Error 38 | goto error 39 | } 40 | } 41 | 42 | res = render(args) 43 | 44 | c.JSON(http.StatusOK, res) 45 | 46 | return 47 | 48 | error: 49 | log.Error(err) 50 | c.AbortWithError(http.StatusInternalServerError, err) 51 | } 52 | -------------------------------------------------------------------------------- /controllers/services.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package controllers 19 | 20 | import ( 21 | "github.com/cSploit/daemon/models" 22 | "github.com/cSploit/daemon/views" 23 | "github.com/gin-gonic/gin" 24 | ) 25 | 26 | var ServicesController = Controller{ 27 | EntityName: "service", 28 | Index: servicesIndex, 29 | Show: servicesShow, 30 | } 31 | 32 | func servicesIndex(c *gin.Context) { 33 | var host_id uint64 34 | var services []models.Service 35 | 36 | db := models.GetDbInstance() 37 | 38 | if fetchId(c, "host", &host_id) != nil { 39 | return 40 | } 41 | 42 | dbRes := db.Joins("JOIN ports ON port_id = ports.id").Where("host_id = ?", host_id).Find(&services) 43 | 44 | renderView(c, views.ServiceIndex, services, dbRes) 45 | } 46 | 47 | func servicesShow(c *gin.Context) { 48 | var host_id uint64 49 | var id uint64 50 | var svc models.Service 51 | 52 | db := models.GetDbInstance() 53 | 54 | if fetchId(c, "host", &host_id) != nil { 55 | return 56 | } 57 | 58 | if fetchId(c, "service", &id) != nil { 59 | return 60 | } 61 | 62 | dbRes := db.Joins("JOIN ports ON port_id = ports.id").Where("host_id = ?", host_id).Find(&svc, "services.id = ?", id) 63 | 64 | renderView(c, views.ServiceShow, svc, dbRes) 65 | } 66 | -------------------------------------------------------------------------------- /daemon.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package main 19 | 20 | import ( 21 | "github.com/cSploit/daemon/controllers" 22 | "github.com/cSploit/daemon/models" 23 | "github.com/gin-gonic/gin" 24 | "gopkg.in/gin-contrib/cors.v1" 25 | "github.com/lair-framework/go-nmap" 26 | "github.com/op/go-logging" 27 | 28 | "flag" 29 | "github.com/cSploit/daemon/config" 30 | "github.com/ianschenck/envflag" 31 | "github.com/jinzhu/gorm" 32 | "io/ioutil" 33 | "net" 34 | "os" 35 | ) 36 | 37 | var log = logging.MustGetLogger("daemon") 38 | 39 | func loadScanFromFile(f string) error { 40 | xml, err := ioutil.ReadFile(f) 41 | 42 | if err != nil { 43 | return err 44 | } 45 | 46 | scan, err := nmap.Parse(xml) 47 | 48 | if err != nil { 49 | return err 50 | } 51 | 52 | db := models.GetDbInstance() 53 | 54 | for _, h := range scan.Hosts { 55 | db.Create(models.NewHost(h)) 56 | } 57 | 58 | return nil 59 | } 60 | 61 | func initAllHostWithNetwork(ifName string, ipAddr string) { 62 | var hosts []models.Host 63 | 64 | db := models.GetDbInstance() 65 | network := models.NewNetwork("wlan0", "10.169.64.0/20") 66 | 67 | db.Find(&hosts) 68 | 69 | network.Hosts = hosts 70 | 71 | db.Create(network) 72 | } 73 | 74 | func addSomeRemoteHost() { 75 | g, f := "google.com", "facebook.com" 76 | 77 | h1 := &models.Host{ 78 | Name: &g, 79 | IpAddr: "172.217.16.174", 80 | } 81 | h2 := &models.Host{ 82 | Name: &f, 83 | IpAddr: "31.13.76.68", 84 | } 85 | db := models.GetDbInstance() 86 | 87 | db.Create(h1) 88 | db.Create(h2) 89 | } 90 | 91 | func startRadars() { 92 | ifaces, err := net.Interfaces() 93 | 94 | if err != nil { 95 | panic(err) 96 | } 97 | 98 | for _, iface := range ifaces { 99 | 100 | if iface.Flags&net.FlagLoopback != 0 { 101 | continue 102 | } 103 | 104 | i, err := models.FindIfaceByName(iface.Name) 105 | 106 | if err == gorm.ErrRecordNotFound { 107 | i, err = models.CreateIface(iface) 108 | } 109 | 110 | if err != nil { 111 | log.Error(err) 112 | continue 113 | } 114 | 115 | if job, err := controllers.IfaceScanz(i, &iface, config.Conf.Scan.Passive); err != nil { 116 | log.Error(err) 117 | } else { 118 | log.Infof("NetworkRadar succesfully started on interface %s: job#%d", iface.Name, job.ID) 119 | } 120 | } 121 | } 122 | 123 | func main() { 124 | flag.Parse() 125 | envflag.Parse() 126 | 127 | if err := config.Load(); err != nil { 128 | panic(err) 129 | } 130 | 131 | if err := models.Setup(); err != nil { 132 | log.Fatalf("unable to setup model: %v", err) 133 | panic("unable to setup model") 134 | } 135 | 136 | logging.SetBackend(logging.NewLogBackend(os.Stderr, "", 0)) 137 | 138 | startRadars() 139 | 140 | router := gin.Default() 141 | 142 | router.Use(cors.Default()) //TODO: true CORS rules 143 | 144 | hosts := router.Group("/hosts") 145 | { 146 | hc := controllers.HostsController 147 | hc.Setup(hosts) 148 | ports := hc.NestedGroup(hosts, "/ports") 149 | { 150 | controllers.PortsController.Setup(ports) 151 | } 152 | services := hc.NestedGroup(hosts, "/services") 153 | { 154 | controllers.ServicesController.Setup(services) 155 | } 156 | jobs := hc.NestedGroup(hosts, "/jobs") 157 | { 158 | controllers.JobController.Setup(jobs) 159 | } 160 | } 161 | networks := router.Group("networks") 162 | { 163 | nc := controllers.NetworkController 164 | nc.Setup(networks) 165 | 166 | jobs := nc.NestedGroup(networks, "/jobs") 167 | { 168 | controllers.JobController.Setup(jobs) 169 | } 170 | } 171 | ifaces := router.Group("ifaces") 172 | { 173 | ic := controllers.IfaceController 174 | ic.Setup(ifaces) 175 | actions := ic.NestedGroup(ifaces, "/") 176 | { 177 | actions.POST("scan", controllers.IfaceScan) 178 | } 179 | 180 | jobs := ic.NestedGroup(ifaces, "/jobs") 181 | { 182 | controllers.JobController.Setup(jobs) 183 | } 184 | } 185 | jobs := router.Group("jobs") 186 | { 187 | controllers.JobController.Setup(jobs) 188 | } 189 | 190 | router.Run(":8080") 191 | } 192 | -------------------------------------------------------------------------------- /helpers/ctx/ctx.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package ctx 19 | 20 | import ( 21 | "golang.org/x/net/context" 22 | "net" 23 | ) 24 | 25 | type key int 26 | 27 | const ipNetKey key = 0 28 | const ifaceKey key = 1 29 | 30 | func WithIpNet(ctx context.Context, ipNet *net.IPNet) context.Context { 31 | return context.WithValue(ctx, ipNetKey, ipNet) 32 | } 33 | 34 | func GetIpNet(ctx context.Context) *net.IPNet { 35 | return ctx.Value(ipNetKey).(*net.IPNet) 36 | } 37 | 38 | func WithIface(ctx context.Context, iface net.Interface) context.Context { 39 | return context.WithValue(ctx, ifaceKey, iface) 40 | } 41 | 42 | func GetIface(ctx context.Context) net.Interface { 43 | return ctx.Value(ifaceKey).(net.Interface) 44 | } 45 | 46 | func HaveIface(ctx context.Context) bool { 47 | return ctx.Value(ifaceKey) != nil 48 | } 49 | -------------------------------------------------------------------------------- /helpers/host_fetcher.go: -------------------------------------------------------------------------------- 1 | package helpers 2 | 3 | import ( 4 | "golang.org/x/net/context" 5 | "net" 6 | "github.com/cSploit/daemon/models" 7 | nr "github.com/cSploit/daemon/tools/network-radar" 8 | "github.com/op/go-logging" 9 | ) 10 | 11 | var log = logging.MustGetLogger("helpers") 12 | 13 | type HostFetcher struct { 14 | network *models.Network 15 | ctx context.Context 16 | } 17 | 18 | func (hf HostFetcher) WithNetwork(ipNet *net.IPNet) nr.HostFetcher { 19 | i := models.FindOrCreateNetwork(ipNet) 20 | return HostFetcher{network: i, ctx: hf.ctx} 21 | } 22 | 23 | func (hf HostFetcher) WithContext(ctx context.Context) nr.HostFetcher { 24 | return HostFetcher{network: hf.network, ctx: ctx} 25 | } 26 | 27 | func (hf HostFetcher) Find() <-chan net.IP { 28 | c := make(chan net.IP) 29 | var hosts []models.Host 30 | 31 | if hf.network != nil { 32 | hosts = hf.network.Hosts 33 | } else if err := models.GetDbInstance().Find(&hosts).Error; err != nil { 34 | log.Error(err) 35 | return c 36 | } 37 | 38 | go func() { 39 | for _, h := range hosts { 40 | ip := net.ParseIP(h.IpAddr) 41 | 42 | if ip == nil { 43 | log.Warningf("unable to parse ip '%s' for host %s", h.IpAddr, h) 44 | continue 45 | } 46 | 47 | select { 48 | case c <- ip: 49 | case <-hf.ctx.Done(): 50 | return 51 | } 52 | } 53 | }() 54 | 55 | return c 56 | } 57 | 58 | var BaseFetcher = HostFetcher{} 59 | -------------------------------------------------------------------------------- /helpers/net/network.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package net 19 | 20 | import ( 21 | "bytes" 22 | "encoding/binary" 23 | "fmt" 24 | "github.com/google/gopacket" 25 | "github.com/google/gopacket/layers" 26 | "github.com/op/go-logging" 27 | "math" 28 | "net" 29 | "github.com/lair-framework/go-nmap" 30 | ) 31 | 32 | var ( 33 | log = logging.MustGetLogger("helpers") 34 | ) 35 | 36 | var privateNetworks = [...]*net.IPNet{ 37 | {IP: net.IPv4(127, 0, 0, 1), Mask: net.CIDRMask(8, 32)}, 38 | {IP: net.IPv4(10, 0, 0, 0), Mask: net.CIDRMask(8, 32)}, 39 | {IP: net.IPv4(172, 16, 0, 0), Mask: net.CIDRMask(12, 32)}, 40 | {IP: net.IPv4(192, 168, 0, 0), Mask: net.CIDRMask(16, 32)}, 41 | {IP: net.IP{0xfc, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, Mask: net.CIDRMask(7, 128)}, 42 | } 43 | 44 | // gives the interface that is used to connect to an IP 45 | func InterfaceForIp(ip net.IP) (net.Interface, error) { 46 | ifaces, err := net.Interfaces() 47 | 48 | if err != nil { 49 | return net.Interface{}, err 50 | } 51 | 52 | for _, iface := range ifaces { 53 | addrs, err := iface.Addrs() 54 | 55 | if err != nil { 56 | continue 57 | } 58 | 59 | for _, addr := range addrs { 60 | switch addr.(type) { 61 | case *net.IPNet: 62 | ipNet := addr.(*net.IPNet) 63 | if ipNet.Contains(ip) { 64 | return iface, nil 65 | } 66 | } 67 | } 68 | } 69 | 70 | return net.Interface{}, fmt.Errorf("Address %s unreachable", ip) 71 | } 72 | 73 | func GetInterfaceIP(iface net.Interface) (*net.IPNet, error) { 74 | return getIfaceIp(iface, false) 75 | } 76 | 77 | func GetInterfaceIPv4(iface net.Interface) (*net.IPNet, error) { 78 | return getIfaceIp(iface, true) 79 | } 80 | 81 | func GetAttachedIpNetworks() ([]*net.IPNet, error) { 82 | ifaces, err := net.Interfaces() 83 | 84 | if err != nil { 85 | return nil, err 86 | } 87 | 88 | res := make([]*net.IPNet, 0) 89 | 90 | for _, iface := range ifaces { 91 | addrs, err := iface.Addrs() 92 | 93 | if err != nil { 94 | log.Error(err) 95 | continue 96 | } 97 | 98 | for _, addr := range addrs { 99 | switch addr.(type) { 100 | case *net.IPNet: 101 | ipNet := addr.(*net.IPNet) 102 | res = append(res, ipNet) 103 | default: 104 | log.Debugf("iface %s: got address <%T>: %v", iface, addr, addr) 105 | } 106 | } 107 | } 108 | 109 | return res, nil 110 | } 111 | 112 | func IsPrivate(ip net.IP) bool { 113 | for _, ipNet := range privateNetworks { 114 | if ipNet.Contains(ip) { 115 | return true 116 | } 117 | } 118 | 119 | return false 120 | } 121 | 122 | // deprecated 123 | func GetMyEndpoints() ([]gopacket.Endpoint, error) { 124 | ifaces, err := net.Interfaces() 125 | 126 | if err != nil { 127 | return nil, err 128 | } 129 | 130 | var res = make([]gopacket.Endpoint, 0) 131 | 132 | for _, iface := range ifaces { 133 | addrs, err := iface.Addrs() 134 | 135 | if err != nil { 136 | log.Error(err) 137 | continue 138 | } 139 | 140 | for _, addr := range addrs { 141 | switch addr.(type) { 142 | case *net.IPNet: 143 | ipNet := addr.(*net.IPNet) 144 | var et gopacket.EndpointType 145 | 146 | if ipNet.IP.To4() != nil { 147 | et = layers.EndpointIPv4 148 | } else { 149 | et = layers.EndpointIPv6 150 | } 151 | e := gopacket.NewEndpoint(et, ipNet.IP) 152 | res = append(res, e) 153 | default: 154 | log.Debugf("iface %s: got address <%T>: %v", iface, addr, addr) 155 | } 156 | } 157 | } 158 | 159 | return res, nil 160 | } 161 | 162 | func ParseHwAddr(a interface{}) (uint64, error) { 163 | switch a.(type) { 164 | default: 165 | return 0, fmt.Errorf("unexpected type %T", a) 166 | case nmap.Address: 167 | str := a.(nmap.Address).Addr 168 | // vendor = a.(nmap.Address).Vendor 169 | return MACStringToUInt(str) 170 | case string: 171 | str := a.(string) 172 | return MACStringToUInt(str) 173 | case net.HardwareAddr: 174 | return MacAddrToUInt(a.(net.HardwareAddr)) 175 | case *net.HardwareAddr: 176 | return MacAddrToUInt(*(a.(*net.HardwareAddr))) 177 | } 178 | } 179 | 180 | func MACStringToUInt(str string) (uint64, error) { 181 | hw, err := net.ParseMAC(str) 182 | if err != nil { 183 | log.Warning("Bad MAC Address: ", err) 184 | return 0, err 185 | } 186 | return MacAddrToUInt(hw) 187 | } 188 | 189 | func MacAddrToUInt(hw net.HardwareAddr) (uint64, error) { 190 | var val uint64 191 | var raw []byte 192 | 193 | if len(hw) < 8 { 194 | raw = make([]byte, 8) 195 | copy(raw[8-len(hw):], hw) 196 | } else { 197 | raw = hw 198 | } 199 | 200 | buf := bytes.NewReader(raw) 201 | err := binary.Read(buf, binary.BigEndian, &val) 202 | 203 | if err != nil { 204 | log.Warningf("unable to convert %v to uint64: %v", hw, err) 205 | return 0, err 206 | } 207 | 208 | return val, nil 209 | } 210 | 211 | func BuildBroadcastAddress(ipNet *net.IPNet) net.IP { 212 | res := ipNet.IP.Mask(ipNet.Mask) 213 | 214 | for i := 0; i < len(res); i++ { 215 | res[i] &= ipNet.Mask[i] 216 | res[i] |= ipNet.Mask[i] ^ 0xff 217 | } 218 | 219 | return res 220 | } 221 | 222 | // NextIP increase the passed ip by 1 223 | func NextIP(ip net.IP) { 224 | for i := len(ip) - 1; i >= 0; i-- { 225 | ip[i]++ 226 | if ip[i] != 0 { 227 | break 228 | } 229 | } 230 | } 231 | 232 | func CopyIP(ip net.IP) net.IP { 233 | // attempt to reduce size 234 | if ip4 := ip.To4(); ip4 != nil { 235 | ip = ip4 236 | } 237 | 238 | res := make(net.IP, len(ip)) 239 | copy(res, ip) 240 | return res 241 | } 242 | 243 | func NumHosts(ipNet *net.IPNet) uint64 { 244 | ones, bits := ipNet.Mask.Size() 245 | zeros := float64(bits - ones) 246 | res := math.Pow(2, zeros) - 2 247 | res = math.Max(res, 0) 248 | 249 | return uint64(res) 250 | } 251 | 252 | // IPNetTo4 convert an IP Network to it's IPv4 short form. 253 | // if the given IP network is not an IPv4 Network it returns nil 254 | func IPNetTo4(ipNet *net.IPNet) *net.IPNet { 255 | if ip4 := ipNet.IP.To4(); ip4 != nil { 256 | return &net.IPNet{ 257 | IP: ip4, 258 | Mask: ipNet.Mask[len(ipNet.Mask)-4:], 259 | } 260 | } 261 | return nil 262 | } 263 | 264 | func getIfaceIp(iface net.Interface, ipv4Only bool) (*net.IPNet, error) { 265 | var addrs []net.Addr 266 | var err error 267 | 268 | if addrs, err = iface.Addrs(); err != nil { 269 | return nil, err 270 | } 271 | 272 | for _, a := range addrs { 273 | if ipnet, ok := a.(*net.IPNet); ok { 274 | if net4 := IPNetTo4(ipnet); net4 != nil { 275 | ipnet = net4 276 | } else if ipv4Only { 277 | continue 278 | } 279 | return ipnet, nil 280 | } 281 | } 282 | 283 | return nil, fmt.Errorf("no IP addresses for interface '%s'", iface) 284 | } 285 | -------------------------------------------------------------------------------- /helpers/net/network_test.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package net 19 | 20 | import ( 21 | "github.com/stretchr/testify/assert" 22 | "net" 23 | "testing" 24 | "github.com/lair-framework/go-nmap" 25 | ) 26 | 27 | func TestBuildBroadcastAddress(t *testing.T) { 28 | _, ipNet, _ := net.ParseCIDR("192.168.0.1/24") 29 | brAddr := net.ParseIP("192.168.0.255") 30 | 31 | res := BuildBroadcastAddress(ipNet) 32 | 33 | assert.True(t, brAddr.Equal(res)) 34 | } 35 | 36 | func TestNextIP(t *testing.T) { 37 | cur := net.ParseIP("192.168.1.255") 38 | next := net.ParseIP("192.168.2.0") 39 | NextIP(cur) 40 | 41 | assert.True(t, next.Equal(cur)) 42 | } 43 | 44 | func TestNumHosts(t *testing.T) { 45 | _, ipNet, _ := net.ParseCIDR("192.168.0.1/27") 46 | a := assert.New(t) 47 | 48 | res := NumHosts(ipNet) 49 | 50 | a.Equal(uint64(30), res) 51 | 52 | _, ipNet, _ = net.ParseCIDR("192.168.0.1/16") 53 | res = NumHosts(ipNet) 54 | 55 | a.Equal(uint64(65534), res) 56 | 57 | _, ipNet, _ = net.ParseCIDR("192.168.0.1/0") 58 | res = NumHosts(ipNet) 59 | 60 | a.Equal(uint64(4294967296)-2, res) 61 | 62 | _, ipNet, _ = net.ParseCIDR("127.0.0.1/8") 63 | ipNet.IP = net.IPv4(127, 0, 0, 1) 64 | res = NumHosts(ipNet) 65 | 66 | a.Equal(uint64(16777216)-2, res) 67 | } 68 | 69 | func TestMacConversion(t *testing.T) { 70 | mac1, _ := net.ParseMAC("01:23:45:67:89:ab") 71 | mac2, _ := net.ParseMAC("01:23:45:67:89:ab:cd:ef") 72 | mac3, _ := net.ParseMAC("01:23:45:67:89:ab:cd:ef:00:00:01:23:45:67:89:ab:cd:ef:00:00") 73 | 74 | if _, err := MacAddrToUInt(mac1); err != nil { 75 | t.Fatalf("unable to convert %v to id: %v", mac1, err) 76 | } 77 | if _, err := MacAddrToUInt(mac2); err != nil { 78 | t.Fatalf("unable to convert %v to id: %v", mac2, err) 79 | } 80 | if _, err := MacAddrToUInt(mac3); err != nil { 81 | t.Fatalf("unable to convert %v to id: %v", mac3, err) 82 | } 83 | } 84 | 85 | func TestMACStringToUInt(t *testing.T) { 86 | samples := []struct { 87 | Addr string 88 | Val uint64 89 | }{ 90 | {"68:a3:c4:6f:fb:88", 115052584631176}, 91 | } 92 | 93 | for _, s := range samples { 94 | m, err := net.ParseMAC(s.Addr) 95 | 96 | if err != nil { 97 | t.Fatalf("Sample MAC '%s' is broken, please fix it: %v", s.Addr, err) 98 | } 99 | 100 | n := nmap.Address{Addr: s.Addr, AddrType: "mac", Vendor: "Cisco"} 101 | 102 | for _, i := range []interface{}{m, n, s.Addr} { 103 | res, err := ParseHwAddr(i) 104 | 105 | if err != nil { 106 | t.Errorf("failed to create HwAddr from interface %T: %v", i, err) 107 | } else if res != s.Val { 108 | t.Errorf("using interface %T: expected %v, got %v", i, s.Val, res) 109 | } 110 | } 111 | } 112 | } -------------------------------------------------------------------------------- /models/ap.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models/internal" 5 | "os" 6 | "strconv" 7 | "strings" 8 | "time" 9 | ) 10 | 11 | func init() { 12 | internal.RegisterModels(&AP{}) 13 | } 14 | 15 | // Access Point ( courtesy of aircrack ) 16 | type AP struct { 17 | internal.Base 18 | Bssid string `json:"bssid"` 19 | First time.Time `json:"first_seen"` 20 | Last time.Time `json:"last_seen"` 21 | Channel int `json:"channel"` 22 | Speed int `json:"speed"` 23 | Privacy string `json:"privacy"` 24 | Cipher string `json:"cipher"` 25 | Auth string `json:"auth"` 26 | Power int `json:"power"` 27 | Beacons int `json:"beacons"` 28 | IVs int `json:"ivs"` 29 | Lan string `json:"lan_ip"` 30 | IdLen int `json:"id_len"` 31 | Essid string `json:"essid"` 32 | Key string `json:"key"` 33 | //Wps bool `json:"wps"` 34 | 35 | // Does the fake auth succeed? 36 | FakeAuthed bool `json:"fake_auth"` 37 | 38 | Iface Iface `json:"-"` 39 | IfaceId uint `json:"-"` 40 | Jobs []Job `json:"-" gorm:"many2many:job_aps;"` 41 | } 42 | 43 | // DEAUTH infinitely the AP using broadcast address 44 | func (a *AP) Deauth() (j Job, e error) { 45 | pj, e := CreateProcessJob("aireplay-ng", "-0", "0", "-a", a.Bssid, a.Iface.Name) 46 | 47 | if e == nil { 48 | j = pj.Job 49 | db := internal.Db 50 | db.Model(&j).Update("Name", "Deauth ["+a.Bssid+"]") 51 | db.Model(&j).Association("Aps").Append(a) 52 | } 53 | 54 | return 55 | } 56 | 57 | // Try a fake auth on the ap 58 | func (a *AP) FakeAuth() (j Job, e error) { 59 | pj, e := CreateProcessJob("aireplay-ng", "-1", "0", "-a", a.Bssid, "-T", "1", a.Iface.Name) 60 | 61 | if e == nil { 62 | j = pj.Job 63 | db := internal.Db 64 | db.Model(&j).Update("Name", "FakeAuth ["+a.Bssid+"]") 65 | db.Model(&j).Association("Aps").Append(a) 66 | } 67 | 68 | go a.checkFakeAuth(pj) 69 | 70 | return 71 | } 72 | 73 | func (a *AP) checkFakeAuth(pj *ProcessJob) { 74 | for { 75 | if pj.ExitStatus == nil { 76 | time.Sleep(time.Second * 1) 77 | } 78 | } 79 | 80 | if strings.Contains(pj.Output, "Association successful") { 81 | a.FakeAuthed = true 82 | } else { 83 | a.FakeAuthed = false 84 | } 85 | } 86 | 87 | // ARP replay!! 88 | func (a *AP) ArpReplay(iface string) (j Job, e error) { 89 | pj, e := CreateProcessJob("aireplay-ng", "-3", "-a", a.Bssid, a.Iface.Name) 90 | 91 | if e == nil { 92 | j = pj.Job 93 | db := internal.Db 94 | db.Model(&j).Update("Name", "ArpReplay ["+a.Bssid+"]") 95 | db.Model(&j).Association("Aps").Append(a) 96 | } 97 | 98 | return 99 | } 100 | 101 | var captures_nb = 0 102 | 103 | // Start a capture process 104 | func (a *AP) Capture() (j Job, e error) { 105 | path := "go-wifi_capture-" + strconv.Itoa(captures_nb) 106 | captures_nb += 1 107 | 108 | // Make a specific dir so we do not mix captures 109 | err := os.Mkdir(path, 0755) 110 | if err != nil { 111 | log.Error(err) 112 | } 113 | 114 | path += "/go-wifi" 115 | ch := strconv.Itoa(a.Channel) 116 | pj, e := CreateProcessJob("airodump-ng", "--write", path, "-c", ch, "--output-format", "pcap", "--bssid", a.Bssid, a.Iface.Name) 117 | 118 | if e == nil { 119 | j = pj.Job 120 | db := internal.Db 121 | db.Model(&j).Update("Name", "Capture ["+a.Bssid+"]") 122 | db.Model(&j).Association("Aps").Append(a) 123 | 124 | //TODO: start a routine that update the Capture record 125 | capture := &Capture{Ap: *a, ApId: a.ID, File: path + "-01.pcap"} 126 | db.Save(capture) 127 | } 128 | 129 | return 130 | } 131 | 132 | func FindAp(id uint) (a *AP, e error) { 133 | a = &AP{} 134 | e = internal.Db.Find(a, id).Error 135 | return 136 | } 137 | 138 | func FindApByBssid(bssid string) (a *AP, e error) { 139 | a = &AP{} 140 | e = internal.Db.Where("bssid = ?", bssid).Find(a).Error 141 | return 142 | } 143 | -------------------------------------------------------------------------------- /models/capture.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "errors" 5 | "github.com/cSploit/daemon/models/internal" 6 | "io/ioutil" 7 | "os" 8 | "strconv" 9 | "strings" 10 | "time" 11 | ) 12 | 13 | //TODO: turn it into tcpdump capture, with a field which specify the physical medium type ( 802.11 or Ethernet ) 14 | //TODO: Handshake entity { nonce, hmac, ... } 15 | 16 | // TODO: IVs 17 | 18 | // TODO: trying keys jobs 19 | 20 | // an airodump capture file 21 | type Capture struct { 22 | internal.Base 23 | 24 | Key string `json:"key"` 25 | Handshake bool `json:"has_handshake"` 26 | Cracking bool `json:"cracking"` 27 | File string `json:"-"` 28 | 29 | Dict string `json:"dict"` 30 | 31 | Ap AP `json:"-"` 32 | ApId uint `json:"ap_id"` 33 | } 34 | 35 | var key_nb int 36 | 37 | // Return ascii key; if cracking WEP dict can be null 38 | func (c *Capture) Crack() (j Job, e error) { 39 | // Do not crack a second time! 40 | if c.Key != "" { 41 | e = errors.New("Already cracked") 42 | return 43 | } 44 | 45 | c.Cracking = true 46 | 47 | if c.Ap.Privacy == "WPA" || c.Ap.Privacy == "WPA2" { 48 | if c.Dict != "" { 49 | j, e = c.crackWPA() 50 | } else { 51 | e = errors.New("Dictionnary needed for WPA(2) attack") 52 | } 53 | } else if c.Ap.Privacy == "WEP" { 54 | j, e = c.crackWEP() 55 | } else { 56 | e = errors.New("Target seems not to be encrypted") 57 | } 58 | 59 | return 60 | } 61 | 62 | func (c *Capture) crackWPA() (j Job, e error) { 63 | path_to_key := os.TempDir() + "go-wifi_key" + strconv.Itoa(key_nb) 64 | key_nb += 1 65 | 66 | pj, e := CreateProcessJob("aircrack-ng", "-a", "2", "-l", path_to_key, "-w", c.Dict, "-b", c.Ap.Bssid, c.File) 67 | 68 | if e == nil { 69 | j = pj.Job 70 | db := internal.Db 71 | db.Model(&j).Update("Name", "CrackWpa ["+c.Ap.Bssid+"]") 72 | db.Model(&j).Association("Aps").Append(c) 73 | } 74 | 75 | go c.waitCrack(pj, path_to_key) 76 | return 77 | } 78 | 79 | func (c *Capture) crackWEP() (j Job, e error) { 80 | path_to_key := os.TempDir() + "go-wifi_key" + strconv.Itoa(key_nb) 81 | key_nb += 1 82 | 83 | pj, e := CreateProcessJob("aircrack-ng", "-D", "-z", "-a", "1", "-l", path_to_key, "-b", c.Ap.Bssid, c.File) 84 | 85 | if e == nil { 86 | j = pj.Job 87 | db := internal.Db 88 | db.Model(&j).Update("Name", "CrackWep ["+c.Ap.Bssid+"]") 89 | db.Model(&j).Association("Aps").Append(c) 90 | } 91 | 92 | go c.waitCrack(pj, path_to_key) 93 | return 94 | } 95 | 96 | func (c *Capture) waitCrack(pj *ProcessJob, path_to_key string) { 97 | for { 98 | if pj.ExitStatus == nil { 99 | time.Sleep(time.Second * 1) 100 | } 101 | } 102 | 103 | key_buff, err := ioutil.ReadFile(path_to_key) 104 | if err == nil { 105 | c.Key = string(key_buff) 106 | } 107 | 108 | c.Cracking = false 109 | } 110 | 111 | func (c *Capture) CheckForHandshake() (j Job, e error) { 112 | // Thank you wifite (l. 2478, has_handshake_aircrack) 113 | // build a temp dict 114 | path := os.TempDir() + "fake-dict" 115 | 116 | file, e := os.Create(path) 117 | if e != nil { 118 | // Got an error, exit 119 | return 120 | } 121 | defer file.Close() 122 | 123 | file.WriteString("that_is_a_fake_key_no_one_will_use") 124 | 125 | pj, e := CreateProcessJob("aircrack-ng", "-a", "2", "-w", path, "-b", c.Ap.Bssid, c.File) 126 | 127 | if e == nil { 128 | j = pj.Job 129 | db := internal.Db 130 | db.Model(&j).Update("Name", "CheckHandshake ["+c.Ap.Bssid+"]") 131 | db.Model(&j).Association("Aps").Append(c) 132 | } 133 | 134 | go c.waitHandshakeTester(pj, file) 135 | return 136 | } 137 | 138 | func (c *Capture) waitHandshakeTester(pj *ProcessJob, file *os.File) { 139 | for { 140 | if pj.ExitStatus == nil { 141 | time.Sleep(time.Second * 1) 142 | } 143 | } 144 | 145 | if strings.Contains(pj.Output, "Passphrase not in dictionary") { 146 | c.Handshake = true 147 | } else { 148 | c.Handshake = false 149 | } 150 | 151 | os.Remove(file.Name()) 152 | } 153 | -------------------------------------------------------------------------------- /models/client.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models/internal" 5 | "time" 6 | ) 7 | 8 | // A wifi client ( courtesy of aircrack ) 9 | type Client struct { 10 | internal.Base 11 | // MAC address 12 | First time.Time `json:"first_seen"` 13 | Last time.Time `json:"last_seen"` 14 | Station string `json:"station"` 15 | Power int `json:"power"` 16 | Packets int `json:"packets"` 17 | Bssid string `json:"bssid"` 18 | Probed string `json:"probed_essids"` 19 | 20 | Iface Iface `json:"-"` 21 | IfaceId uint `json:"-"` 22 | Jobs []Job `json:"-" gorm:"many2many:job_clients"` 23 | } 24 | 25 | // DEAUTH infinitely the Client 26 | func (c *Client) Deauth() (j Job, e error) { 27 | pj, e := CreateProcessJob("aireplay-ng", "-0", "0", "-a", c.Station, "-d", c.Bssid, c.Iface.Name) 28 | 29 | if e != nil { 30 | j = pj.Job 31 | internal.Db.Model(&j).Update("Name", "Deauth ["+c.Station+"]") 32 | internal.Db.Model(&j).Association("job_clients").Append(c) 33 | internal.Db.Model(&j).Association("job_ifaces").Append(&(c.Iface)) 34 | } 35 | 36 | return 37 | } 38 | 39 | func FindClient(id uint) (c *Client, e error) { 40 | c = &Client{} 41 | e = internal.Db.Find(c, id).Error 42 | return 43 | } 44 | 45 | func FindClientByMac(mac_addr string) (c *Client, e error) { 46 | c = &Client{} 47 | e = internal.Db.Where("station = ?", mac_addr).Find(c).Error 48 | return 49 | } 50 | -------------------------------------------------------------------------------- /models/db.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models/internal" 5 | "github.com/jinzhu/gorm" 6 | ) 7 | 8 | func GetDbInstance() *gorm.DB { 9 | return internal.Db 10 | } 11 | -------------------------------------------------------------------------------- /models/discovery_job.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "encoding/csv" 5 | "github.com/cSploit/daemon/models/internal" 6 | "github.com/jinzhu/gorm" 7 | "io" 8 | "io/ioutil" 9 | "path" 10 | "strconv" 11 | "strings" 12 | "time" 13 | ) 14 | 15 | var aircrackTimeLayout = "2006-01-02 15:04:05" 16 | 17 | type DiscoveryJob struct { 18 | internal.Base 19 | 20 | Dir string `json:"-"` 21 | 22 | Job Job 23 | JobId uint 24 | } 25 | 26 | func (d *DiscoveryJob) parseOne(file string) error { 27 | // Dirty hack to have a clean dump 28 | //TODO: from stdout ? 29 | dump, err := ioutil.ReadFile(file) 30 | if err != nil { 31 | return err 32 | } 33 | 34 | dump_str := string(dump) 35 | // Replace endline with just an \n 36 | dump_str = strings.Replace(dump_str, ", \r\n", ", \n", -1) 37 | dump_str = strings.Replace(dump_str, ",\r\n", ",\n", -1) 38 | dump_split := strings.SplitN(dump_str, "\r\n", 4) 39 | 40 | // Extract the two parts of the csv 41 | dump_aps := dump_split[2] 42 | dump_clients := dump_split[3] 43 | dump_clients = strings.SplitN(dump_clients, "\r\n", 2)[1] 44 | 45 | // End of dirty hack, fill the structs 46 | reader_aps := csv.NewReader(strings.NewReader(dump_aps)) 47 | reader_clients := csv.NewReader(strings.NewReader(dump_clients)) 48 | 49 | // Start with the aps 50 | for { 51 | record, csv_err := reader_aps.Read() 52 | if csv_err == io.EOF { 53 | break 54 | } 55 | if csv_err != nil { 56 | return err 57 | } 58 | 59 | // Okay, fill an AP struct then append to the dump 60 | ap, e := FindApByBssid(record[0]) 61 | 62 | if e == gorm.ErrRecordNotFound { 63 | ap = &AP{} 64 | } else if e != nil { 65 | log.Error(e) 66 | continue 67 | } 68 | 69 | // TODO: clean that 70 | // FIXME: I am too lazy to check the errors 71 | 72 | ap.Bssid = record[0] 73 | ap.First, _ = time.Parse(aircrackTimeLayout, record[1]) 74 | ap.Last, _ = time.Parse(aircrackTimeLayout, record[2]) 75 | ap.Channel, _ = strconv.Atoi(record[3]) 76 | ap.Speed, _ = strconv.Atoi(record[4]) 77 | ap.Privacy = record[5] 78 | ap.Cipher = record[6] 79 | ap.Auth = record[7] 80 | ap.Power, _ = strconv.Atoi(record[8]) 81 | ap.Beacons, _ = strconv.Atoi(record[9]) 82 | ap.IVs, _ = strconv.Atoi(record[10]) 83 | ap.Lan = strings.Replace(record[11], " ", "", -1) 84 | ap.IdLen, _ = strconv.Atoi(record[12]) 85 | ap.Essid = record[13] 86 | ap.Key = record[14] 87 | 88 | if err := internal.Db.Save(ap); err != nil { 89 | log.Error(err) 90 | } else if err := internal.Db.Model(&(d.Job)).Association("job_aps").Append(ap).Error; err != nil { 91 | log.Error(err) 92 | } 93 | } 94 | 95 | // Continue with the clients 96 | for { 97 | record, csv_err := reader_clients.Read() 98 | if csv_err == io.EOF { 99 | break 100 | } 101 | if csv_err != nil { 102 | return err 103 | } 104 | 105 | // Okay, fill a Client struct then append to the dump 106 | client, e := FindClientByMac(record[0]) 107 | 108 | if e == gorm.ErrRecordNotFound { 109 | client = &Client{} 110 | } else if e != nil { 111 | log.Error(e) 112 | continue 113 | } 114 | 115 | // TODO: clean that 116 | // FIXME: too lazy to fix the errors 117 | client.Station = record[0] 118 | client.First, _ = time.Parse(aircrackTimeLayout, record[1]) 119 | client.Last, _ = time.Parse(aircrackTimeLayout, record[2]) 120 | client.Power, _ = strconv.Atoi(record[3]) 121 | client.Packets, _ = strconv.Atoi(record[4]) 122 | client.Bssid = record[5] 123 | client.Probed = record[6] 124 | 125 | if err := internal.Db.Save(client); err != nil { 126 | log.Error(err) 127 | } else if err := internal.Db.Model(&(d.Job)).Association("job_clients").Append(client).Error; err != nil { 128 | log.Error(err) 129 | } 130 | } 131 | 132 | return nil 133 | } 134 | 135 | func (d *DiscoveryJob) Parse() error { 136 | files, e := ioutil.ReadDir(d.Dir) 137 | 138 | if e != nil { 139 | return e 140 | } 141 | 142 | for _, fi := range files { 143 | if fi.IsDir() { 144 | continue 145 | } 146 | if !strings.HasSuffix(fi.Name(), ".csv") { 147 | continue 148 | } 149 | 150 | if err := d.parseOne(path.Join(d.Dir, fi.Name())); err != nil { 151 | return err 152 | } 153 | } 154 | 155 | return nil 156 | } 157 | -------------------------------------------------------------------------------- /models/host.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package models 19 | 20 | import ( 21 | netHelper "github.com/cSploit/daemon/helpers/net" 22 | "github.com/cSploit/daemon/models/internal" 23 | "github.com/lair-framework/go-nmap" 24 | "github.com/op/go-logging" 25 | "net" 26 | "time" 27 | ) 28 | 29 | func init() { 30 | internal.RegisterModels(&Host{}) 31 | } 32 | 33 | var log = logging.MustGetLogger("daemon") 34 | 35 | type Host struct { 36 | ID uint `json:"id"` 37 | CreatedAt time.Time `json:"first_seen"` 38 | UpdatedAt time.Time `json:"last_seen"` 39 | Name *string `json:"name,omitempty"` 40 | IpAddr string `gorm:"index" json:"ip_addr"` 41 | HwAddr *string `json:"hw_addr,omitempty"` 42 | HwAddrId *uint64 `gorm:"index" json:"-"` 43 | Ports []Port `json:"ports"` 44 | Network *Network `json:"-"` 45 | NetworkID uint `json:"network_id,omitempty"` 46 | Jobs []Job `json:"jobs" gorm:"many2many:job_hosts"` 47 | } 48 | 49 | func NewHost(h nmap.Host) *Host { 50 | res := new(Host) 51 | 52 | res.Ports = make([]Port, 0) 53 | 54 | for _, p := range h.Ports { 55 | res.Ports = append(res.Ports, *NewPort(p)) 56 | } 57 | 58 | for _, a := range h.Addresses { 59 | if a.AddrType == "mac" { 60 | hwId, err := netHelper.ParseHwAddr(a) 61 | 62 | if err != nil { 63 | log.Warningf("unable to load MAC address: %v", err) 64 | } 65 | res.HwAddrId = &hwId 66 | res.HwAddr = &a.Addr 67 | 68 | log.Debugf("created HW Addr: %v", res.HwAddr) 69 | } else { 70 | res.IpAddr = a.Addr 71 | } 72 | } 73 | 74 | return res 75 | } 76 | 77 | func NotifyHostSeen(hwAddr net.HardwareAddr, ipAddr net.IP, name *string) { 78 | hwId, err := netHelper.MacAddrToUInt(hwAddr) 79 | 80 | if err != nil { 81 | log.Error(err) 82 | return 83 | } 84 | 85 | var host Host 86 | 87 | dbRes := internal.Db.Find(&host, "hw_addr_id = ?", hwId) 88 | 89 | if dbRes.RecordNotFound() { 90 | onNewHost(hwAddr, ipAddr, name) 91 | } else if dbRes.Error != nil { 92 | log.Error(dbRes.Error) 93 | } else { 94 | onHostSeen(&host, ipAddr, name) 95 | } 96 | } 97 | 98 | //TODO: fire an event for each of these functions 99 | 100 | func onNewHost(hwAddr net.HardwareAddr, ipAddr net.IP, name *string) { 101 | if hwId, err := netHelper.MacAddrToUInt(hwAddr); err != nil { 102 | log.Error(err) 103 | return 104 | } else { 105 | hwStr := hwAddr.String() 106 | 107 | host := Host{ 108 | HwAddr: &hwStr, 109 | HwAddrId: &hwId, 110 | IpAddr: ipAddr.String(), 111 | Name: name, 112 | } 113 | 114 | if err := internal.Db.Create(&host).Error; err != nil { 115 | log.Error(err) 116 | } 117 | } 118 | } 119 | 120 | func onHostSeen(host *Host, ipAddr net.IP, name *string) { 121 | now := time.Now() 122 | if host.UpdatedAt.Add(time.Second).Before(now) { 123 | host.IpAddr = ipAddr.String() 124 | host.Name = name 125 | host.UpdatedAt = now 126 | if err := internal.Db.Save(host).Error; err != nil { 127 | log.Error(err) 128 | } 129 | } 130 | } 131 | -------------------------------------------------------------------------------- /models/iface.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models/internal" 5 | "io/ioutil" 6 | "net" 7 | "os" 8 | ) 9 | 10 | func init() { 11 | internal.RegisterModels(&Iface{}) 12 | } 13 | 14 | // A network interface 15 | type Iface struct { 16 | internal.Base 17 | Name string `json:"name"` 18 | 19 | Aps []AP `json:"-"` 20 | Clients []Client `json:"-"` 21 | Jobs []Job `json:"-" gorm:"many2many:job_ifaces"` 22 | } 23 | 24 | func (iface *Iface) StartDiscovery() (d *DiscoveryJob, e error) { 25 | dir, e := ioutil.TempDir("", "airodump-") 26 | 27 | if e != nil { 28 | return 29 | } 30 | 31 | pj, e := CreateProcessJob("airodump-ng", "--write", os.TempDir()+"/discovery", "--output-format", "csv", "--wps", iface.Name) 32 | 33 | if e != nil { 34 | os.Remove(dir) 35 | return 36 | } 37 | 38 | d = &DiscoveryJob{} 39 | d.Dir = dir 40 | d.Job = pj.Job 41 | 42 | e = internal.Db.Save(d).Error 43 | return 44 | } 45 | 46 | func FindIface(id uint) (i *Iface, e error) { 47 | i = &Iface{} 48 | e = internal.Db.Find(i, id).Error 49 | return 50 | } 51 | 52 | func FindIfaceByName(name string) (i *Iface, e error) { 53 | i = &Iface{} 54 | e = internal.Db.Where("name = ?", name).Find(i).Error 55 | return 56 | } 57 | 58 | func CreateIface(iface net.Interface) (i *Iface, e error) { 59 | i = &Iface{Name: iface.Name} 60 | e = internal.Db.Save(i).Error 61 | return 62 | } 63 | -------------------------------------------------------------------------------- /models/init.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import "github.com/cSploit/daemon/models/internal" 4 | 5 | func Setup() error { 6 | return internal.OpenDb() 7 | } 8 | -------------------------------------------------------------------------------- /models/internal/base.go: -------------------------------------------------------------------------------- 1 | package internal 2 | 3 | import "time" 4 | 5 | // the same as gorm.Model, but without the DeletedAt 6 | type Base struct { 7 | ID uint `gorm:"primary_key" json:"id"` 8 | CreatedAt time.Time `json:"created_at"` 9 | UpdatedAt time.Time `json:"updated_at"` 10 | } 11 | -------------------------------------------------------------------------------- /models/internal/db.go: -------------------------------------------------------------------------------- 1 | package internal 2 | 3 | import ( 4 | "github.com/cSploit/daemon/config" 5 | "github.com/ianschenck/envflag" 6 | "github.com/jinzhu/gorm" 7 | _ "github.com/jinzhu/gorm/dialects/sqlite" 8 | "sync" 9 | ) 10 | 11 | var ( 12 | Db *gorm.DB 13 | models []interface{} 14 | join_tables []string 15 | once sync.Once 16 | ) 17 | 18 | func OpenDb() error { 19 | return openDb(false) 20 | } 21 | 22 | func openDb(drop_tables bool) error { 23 | var dd *gorm.DB 24 | var err error 25 | 26 | if dd, err = gorm.Open(config.Conf.Db.Dialect, config.Conf.Db.Args...); err != nil { 27 | return err 28 | } 29 | 30 | if drop_tables { 31 | dd.DropTableIfExists(models...) 32 | for _, table_name := range join_tables { 33 | dd.DropTableIfExists(table_name) 34 | } 35 | } 36 | 37 | dd = dd.Debug().AutoMigrate(models...) 38 | 39 | if dd.Error == nil { 40 | Db = dd 41 | } 42 | 43 | return dd.Error 44 | } 45 | 46 | func ClearDb() { 47 | for _, model := range models { 48 | Db.Delete(model) 49 | } 50 | for _, table_name := range join_tables { 51 | Db.Exec("DELETE FROM " + table_name) 52 | } 53 | } 54 | 55 | func OpenDbForTests() { 56 | once.Do(func() { 57 | envflag.Parse() 58 | 59 | if err := config.Load(); err != nil { 60 | panic(err) 61 | } 62 | 63 | if err := openDb(true); err != nil { 64 | panic(err) 65 | } 66 | }) 67 | } 68 | 69 | func RegisterModels(model ...interface{}) { 70 | models = append(models, model...) 71 | } 72 | 73 | func RegisterJoinTables(table_name ...string) { 74 | join_tables = append(join_tables, table_name...) 75 | } 76 | 77 | //TODO: UpdateCallback { e -> wsConns.each { c -> c.write("entity changed:" + e) } } [Event system] 78 | -------------------------------------------------------------------------------- /models/job.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "database/sql/driver" 5 | "github.com/cSploit/daemon/models/internal" 6 | "time" 7 | ) 8 | 9 | func init() { 10 | internal.RegisterModels(&Job{}) 11 | internal.RegisterJoinTables("job_hosts", "job_aps", "job_networks", "job_clients", "job_ifaces") 12 | } 13 | 14 | type ( 15 | JobKind int64 16 | 17 | // A running task 18 | Job struct { 19 | internal.Base 20 | FinishedAt *time.Time `json:"finished_at"` 21 | Name string `json:"name"` 22 | Type JobKind `json:"type"` 23 | 24 | // affected entities 25 | Aps []AP `json:"-" gorm:"many2many:job_aps"` 26 | Clients []Client `json:"-" gorm:"many2many:job_clients"` 27 | Hosts []Host `json:"-" gorm:"many2many:job_hosts"` 28 | Networks []Network `json:"-" gorm:"many2many:job_networks"` 29 | Ifaces []Iface `json:"-" gorm:"many2many:job_ifaces"` 30 | 31 | // concrete jobs 32 | Radar *RadarJob `json:"-"` 33 | Process *ProcessJob `json:"-"` 34 | //TODO: DiscoveryJob, MonitorJob 35 | } 36 | ) 37 | 38 | var jobKindNames = map[JobKind]string{} 39 | 40 | func registerJobKind(kind JobKind, name string /*, ViewHandlerFunction*/) { 41 | if _, ok := jobKindNames[kind]; ok { 42 | panic("job kind already registered: " + name) 43 | } 44 | jobKindNames[kind] = name 45 | } 46 | 47 | func (k JobKind) String() string { 48 | return jobKindNames[k] 49 | } 50 | 51 | // used for json serialization 52 | func (k JobKind) MarshalText() ([]byte, error) { 53 | return []byte(k.String()), nil 54 | } 55 | 56 | // DB deserialization 57 | func (k *JobKind) Scan(value interface{}) error { 58 | *k = JobKind(value.(int64)) 59 | return nil 60 | } 61 | 62 | // DB serialization 63 | func (k JobKind) Value() (driver.Value, error) { 64 | return int64(k), nil 65 | } 66 | 67 | func (j *Job) Is(kind JobKind) bool { 68 | return j.Type == kind 69 | } 70 | 71 | func FindJob(id uint) (j *Job, e error) { 72 | j = &Job{} 73 | e = internal.Db.Find(j, id).Error 74 | return 75 | } 76 | -------------------------------------------------------------------------------- /models/job_test.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models/internal" 5 | "github.com/ianschenck/envflag" 6 | . "github.com/onsi/gomega" 7 | "github.com/stretchr/testify/require" 8 | "testing" 9 | ) 10 | 11 | func TestJobHosts(t *testing.T) { 12 | envflag.Parse() 13 | internal.OpenDbForTests() 14 | 15 | h := Host{IpAddr: "test"} 16 | db := internal.Db 17 | var jobs []Job 18 | 19 | pj, err := CreateProcessJob("date") 20 | 21 | require.Nil(t, err) 22 | 23 | db.Create(&h) 24 | 25 | db.Model(&(pj.Job)).Association("Hosts").Append(h) 26 | 27 | require.Nil(t, db.Model(&h).Association("Jobs").Error) 28 | 29 | db.Model(&h).Association("Jobs").Find(&jobs) 30 | 31 | require.Equal(t, 1, len(jobs)) 32 | require.Equal(t, pj.JobId, jobs[0].ID) 33 | } 34 | 35 | func TestRegisterJobKind(t *testing.T) { 36 | RegisterTestingT(t) 37 | 38 | v1, v2 := false, false 39 | k1 := JobKind(500) 40 | k2 := JobKind(500) 41 | 42 | f := func() { 43 | registerJobKind(k1, "good") 44 | v1 = true 45 | registerJobKind(k2, "fail") 46 | v2 = true 47 | } 48 | 49 | Expect(f).To(Panic()) 50 | Expect(v1).To(BeTrue()) 51 | Expect(v2).To(BeFalse()) 52 | } 53 | -------------------------------------------------------------------------------- /models/jobs/output_holder.go: -------------------------------------------------------------------------------- 1 | package jobs 2 | 3 | import ( 4 | "strings" 5 | "unicode/utf8" 6 | ) 7 | 8 | type ( 9 | OutputHolder struct { 10 | Output []*outputLine `gorm:"-" json:"output"` 11 | //TODO: hide merged 12 | MergedOutput *string `json:"-"` 13 | } 14 | 15 | outputLine struct { 16 | dest outputDestination `json:"destination"` 17 | line string `json:"line"` 18 | } 19 | 20 | outputDestination rune 21 | ) 22 | 23 | const ( 24 | stdoutDest outputDestination = 'O' 25 | stderrDest outputDestination = 'E' 26 | ) 27 | 28 | func parseOutputLine(line string) *outputLine { 29 | 30 | first, i := utf8.DecodeRuneInString(line) 31 | 32 | return &outputLine{ 33 | dest: outputDestination(first), 34 | line: line[i:], 35 | } 36 | } 37 | 38 | func parseText(text string) (res []*outputLine) { 39 | for _, line := range strings.Split(text, "\n") { 40 | res = append(res, parseOutputLine(line)) 41 | } 42 | return 43 | } 44 | 45 | func (oh *OutputHolder) AddToStdout(line string) { 46 | if oh.MergedOutput == nil { 47 | t := "" 48 | oh.MergedOutput = &t 49 | } 50 | 51 | s := *oh.MergedOutput 52 | s += string(stdoutDest) + line + "\n" 53 | } 54 | 55 | func (oh *OutputHolder) AddToStderr(line string) { 56 | if oh.MergedOutput == nil { 57 | t := "" 58 | oh.MergedOutput = &t 59 | } 60 | 61 | s := *oh.MergedOutput 62 | s += string(stderrDest) + line + "\n" 63 | } 64 | 65 | func (oh *OutputHolder) Load() { 66 | if oh.MergedOutput == nil { 67 | return 68 | } 69 | 70 | oh.Output = parseText(*oh.MergedOutput) 71 | } 72 | -------------------------------------------------------------------------------- /models/network.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package models 19 | 20 | import ( 21 | netHelper "github.com/cSploit/daemon/helpers/net" 22 | "github.com/cSploit/daemon/models/internal" 23 | "net" 24 | ) 25 | 26 | func init() { 27 | internal.RegisterModels(&Network{}) 28 | } 29 | 30 | type Network struct { 31 | ID uint `gorm:"primary_key" json:"id"` 32 | IfaceName string `json:"iface_name"` 33 | IpAddr string `json:"ip_addr"` 34 | Hosts []Host `json:"hosts"` 35 | } 36 | 37 | func NewNetwork(ifName, ipAddr string) *Network { 38 | return &Network{ 39 | IfaceName: ifName, 40 | IpAddr: ipAddr, 41 | } 42 | } 43 | 44 | func FindNetwork(ipNet *net.IPNet) *Network { 45 | network := &Network{} 46 | 47 | dbRes := internal.Db.Where("ip_addr = ?", ipNet.String()).Find(network) 48 | 49 | if dbRes.RecordNotFound() { 50 | return nil 51 | } else if dbRes.Error != nil { 52 | log.Warning(dbRes.Error) 53 | return nil 54 | } 55 | 56 | return network 57 | } 58 | 59 | func CreateNetwork(ipNet *net.IPNet) *Network { 60 | var ifName string 61 | 62 | if iface, err := netHelper.InterfaceForIp(ipNet.IP); err != nil { 63 | log.Error(err) 64 | ifName = "unknown" 65 | } else { 66 | ifName = iface.Name 67 | } 68 | 69 | network := NewNetwork(ifName, ipNet.String()) 70 | 71 | dbRes := internal.Db.Create(network) 72 | 73 | if dbRes.Error != nil { 74 | log.Error(dbRes.Error) 75 | return nil 76 | } 77 | 78 | return network 79 | } 80 | 81 | func FindOrCreateNetwork(ipNet *net.IPNet) *Network { 82 | res := FindNetwork(ipNet) 83 | 84 | if res == nil { 85 | res = CreateNetwork(ipNet) 86 | } 87 | 88 | return res 89 | } 90 | 91 | func (n *Network) GetHosts() []Host { 92 | var hosts []Host 93 | 94 | dbRes := internal.Db.Where("network_id = ?", n.ID).Find(&hosts) 95 | 96 | if dbRes.Error != nil { 97 | log.Error(dbRes.Error) 98 | return hosts 99 | } 100 | 101 | return hosts 102 | } 103 | -------------------------------------------------------------------------------- /models/port.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package models 19 | 20 | import ( 21 | "github.com/cSploit/daemon/models/internal" 22 | "github.com/lair-framework/go-nmap" 23 | ) 24 | 25 | func init() { 26 | internal.RegisterModels(&Port{}) 27 | } 28 | 29 | type Port struct { 30 | ID uint `json:"id"` 31 | HostId uint `json:"host_id"` 32 | Protocol string `json:"protocol"` // (ip|tcp|udp|sctp) 33 | Number int `json:"number"` 34 | State string `json:"state"` // "open","filtered","unfiltered","closed","open|filtered","closed|filtered","unknown" 35 | Service *Service `json:"-"` 36 | } 37 | 38 | func NewPort(p nmap.Port) *Port { 39 | 40 | res := &Port{Protocol: p.Protocol, Number: p.PortId, State: p.State.State} 41 | 42 | if p.Service.Name != "" && p.Service.Name != "unknown" { 43 | res.Service = NewService(p.Service) 44 | } 45 | 46 | return res 47 | } 48 | -------------------------------------------------------------------------------- /models/process_job.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models/internal" 5 | "io" 6 | "io/ioutil" 7 | "os/exec" 8 | "strings" 9 | "syscall" 10 | "time" 11 | ) 12 | 13 | func init() { 14 | internal.RegisterModels(&ProcessJob{}) 15 | registerJobKind(ProcessJobKind, "process") 16 | } 17 | 18 | const ProcessJobKind JobKind = 1 19 | 20 | var commands = make(map[uint]*exec.Cmd) 21 | 22 | //TODO: event system 23 | var completed = make(map[uint]chan int) 24 | 25 | type ( 26 | ProcessJob struct { 27 | //TODO: hide job 28 | Job Job 29 | JobId uint `gorm:"primary_key"` 30 | 31 | Command string `json:"command"` 32 | Args string `json:"args"` 33 | 34 | //TODO: OutputHolder 35 | Output string `json:"output"` 36 | 37 | ExitStatus *int `json:"exit_status"` 38 | } 39 | 40 | ioManager struct { 41 | job *ProcessJob 42 | stdin io.Writer 43 | } 44 | ) 45 | 46 | func (m ioManager) Write(p []byte) (int, error) { 47 | m.job.Output += string(p) 48 | //TODO: save output asynchronously 49 | //TODO: save stdout and stderr separately but with correct order ( OutputHolder ) 50 | if err := internal.Db.Model(m.job).Update("Output", m.job.Output).Error; err != nil { 51 | log.Error(err) 52 | } 53 | return len(p), nil 54 | } 55 | 56 | func (m ioManager) WriteToStdin(p []byte) (int, error) { 57 | return m.stdin.Write(p) 58 | } 59 | 60 | func (m ioManager) CloseStdin() (e error) { 61 | if closer, ok := m.stdin.(io.Closer); ok { 62 | e = closer.Close() 63 | } 64 | return 65 | } 66 | 67 | func (pj *ProcessJob) onStartFail(err error) { 68 | t := time.Now() 69 | status := 0 70 | db := internal.Db 71 | 72 | db.Model(pj).Updates(map[string]interface{}{ 73 | "Output": err.Error(), 74 | "ExitStatus": &status, 75 | }) 76 | 77 | db.Model(&pj.Job).Update("FinishedAt", &t) 78 | 79 | pj.onDone() 80 | } 81 | 82 | func (pj *ProcessJob) onDone() { 83 | completed[pj.JobId] <- 0 84 | } 85 | 86 | func runCommand(pj ProcessJob, cmd *exec.Cmd) { 87 | statusCode := 0 88 | 89 | if err := cmd.Start(); err != nil { 90 | pj.onStartFail(err) 91 | return 92 | } 93 | 94 | err := cmd.Wait() 95 | end := time.Now() 96 | db := internal.Db 97 | 98 | log.Debugf("process %v exited: err=%v", pj, err) 99 | 100 | if exiterr, ok := err.(*exec.ExitError); ok { 101 | if status, ok := exiterr.Sys().(syscall.WaitStatus); ok { 102 | statusCode = status.ExitStatus() 103 | //TODO: signal and other goodies 104 | } 105 | } else if err != nil { 106 | log.Errorf("unexpected wait error %v", err) 107 | } 108 | 109 | if err := db.Model(&pj).Update("ExitStatus", &statusCode).Error; err != nil { 110 | log.Error(err) 111 | } 112 | 113 | if err := db.Model(&pj.Job).Update("FinishedAt", &end).Error; err != nil { 114 | log.Error(err) 115 | } 116 | 117 | pj.onDone() 118 | } 119 | 120 | func CreateProcessJob(command string, args ...string) (*ProcessJob, error) { 121 | 122 | name := command 123 | 124 | if len(args) > 0 { 125 | name += " " + strings.Join(args, " ") 126 | } 127 | 128 | j := Job{Name: name} 129 | 130 | pj := &ProcessJob{ 131 | Command: command, 132 | Args: strings.Join(args, string(0x17)), 133 | Job: j, 134 | } 135 | 136 | if e := internal.Db.Create(pj).Error; e != nil { 137 | return nil, e 138 | } 139 | 140 | cmd := exec.Command(command, args...) 141 | 142 | iom := &ioManager{job: pj} 143 | 144 | if stdin, err := cmd.StdinPipe(); err != nil { 145 | log.Error(err) 146 | log.Warning("failed to attach process stdin") 147 | iom.stdin = ioutil.Discard 148 | } else { 149 | iom.stdin = stdin 150 | } 151 | 152 | cmd.Stdout = iom 153 | cmd.Stderr = iom 154 | 155 | completed[pj.JobId] = make(chan int, 1) 156 | commands[pj.JobId] = cmd 157 | 158 | go runCommand(*pj, cmd) 159 | 160 | return pj, nil 161 | } 162 | 163 | func FindProcessJob(id uint) (*ProcessJob, error) { 164 | j := &ProcessJob{} 165 | 166 | if e := internal.Db.Find(j, id).Error; e != nil { 167 | return nil, e 168 | } 169 | 170 | return j, nil 171 | } 172 | 173 | func (pj *ProcessJob) cmd() *exec.Cmd { 174 | return commands[pj.JobId] 175 | } 176 | 177 | func (pj *ProcessJob) ioManager() *ioManager { 178 | return pj.cmd().Stdout.(*ioManager) 179 | } 180 | 181 | // write to process stdin 182 | func (pj *ProcessJob) Write(p []byte) (int, error) { 183 | return pj.ioManager().WriteToStdin(p) 184 | } 185 | 186 | // close process stdin 187 | func (pj *ProcessJob) CloseInput() { 188 | pj.ioManager().CloseStdin() 189 | } 190 | -------------------------------------------------------------------------------- /models/process_unix_test.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models/internal" 5 | "github.com/ianschenck/envflag" 6 | "github.com/stretchr/testify/require" 7 | "testing" 8 | ) 9 | 10 | func TestCreateProcessJob(t *testing.T) { 11 | envflag.Parse() 12 | internal.OpenDbForTests() 13 | 14 | pj, err := CreateProcessJob("date") 15 | 16 | require.Nil(t, err) 17 | require.NotNil(t, pj) 18 | require.Contains(t, commands, pj.JobId) 19 | } 20 | 21 | func TestFindProcessJob(t *testing.T) { 22 | envflag.Parse() 23 | internal.OpenDbForTests() 24 | 25 | pj, _ := CreateProcessJob("date") 26 | 27 | pj1, err := FindProcessJob(pj.JobId) 28 | 29 | require.Nil(t, err) 30 | require.NotNil(t, pj1) 31 | 32 | pj2, err := FindProcessJob(0) 33 | 34 | require.Nil(t, pj2) 35 | require.Error(t, err) 36 | } 37 | 38 | func TestProcessOutput(t *testing.T) { 39 | envflag.Parse() 40 | internal.OpenDbForTests() 41 | 42 | pj, _ := CreateProcessJob("date") 43 | 44 | cmd := commands[pj.JobId] 45 | 46 | require.NotNil(t, cmd) 47 | 48 | <-completed[pj.JobId] 49 | 50 | pj, _ = FindProcessJob(pj.JobId) 51 | 52 | require.NotNil(t, pj.ExitStatus) 53 | require.Equal(t, 0, *pj.ExitStatus) 54 | require.NotEmpty(t, pj.Output) 55 | } 56 | -------------------------------------------------------------------------------- /models/radar_job.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "github.com/cSploit/daemon/models/internal" 5 | ) 6 | 7 | func init() { 8 | internal.RegisterModels(&RadarJob{}) 9 | registerJobKind(RadarJobKind, "radar") 10 | } 11 | 12 | //TODO atExit(markAllRadarsAsFinished) 13 | 14 | const RadarJobKind JobKind = 2 15 | 16 | type RadarJob struct { 17 | internal.Base 18 | Job Job 19 | JobId uint 20 | } 21 | -------------------------------------------------------------------------------- /models/service.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package models 19 | 20 | import ( 21 | "github.com/cSploit/daemon/models/internal" 22 | "github.com/lair-framework/go-nmap" 23 | ) 24 | 25 | func init() { 26 | internal.RegisterModels(&Service{}) 27 | } 28 | 29 | type Service struct { 30 | ID uint `json:"id" gorm:"primary_key"` 31 | Name string `json:"name"` 32 | Product string `json:"product,omitempty"` 33 | Version string `json:"version,omitempty"` 34 | PortID uint `json:"-"` 35 | } 36 | 37 | func NewService(s nmap.Service) *Service { 38 | return &Service{Name: s.Name, Version: s.Version, Product: s.Product} 39 | } 40 | 41 | func (s *Service) FormatName() string { 42 | var res = s.Name 43 | 44 | if s.Product != "" { 45 | res += " - " + s.Product 46 | } 47 | 48 | if s.Version != "" { 49 | res += " ( " + s.Version + " )" 50 | } 51 | 52 | return res 53 | } 54 | -------------------------------------------------------------------------------- /tools/network-radar.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package tools 19 | -------------------------------------------------------------------------------- /tools/network-radar/analyzer.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package network_radar 19 | 20 | import ( 21 | "net" 22 | "sync" 23 | 24 | ctxHelper "github.com/cSploit/daemon/helpers/ctx" 25 | netHelper "github.com/cSploit/daemon/helpers/net" 26 | "github.com/google/gopacket" 27 | "github.com/google/gopacket/layers" 28 | "github.com/google/gopacket/pcap" 29 | "golang.org/x/net/context" 30 | ) 31 | 32 | var ( 33 | localEndpoints = struct { 34 | sync.RWMutex 35 | Points []gopacket.Endpoint 36 | }{} 37 | ) 38 | 39 | type analyzer struct { 40 | ctx context.Context 41 | // networks that the analyzer will deal with 42 | WatchedNetworks []*net.IPNet 43 | Receiver HostReceiverFunc 44 | } 45 | 46 | func init() { 47 | //TODO spawn endpoints poller 48 | res, err := netHelper.GetMyEndpoints() 49 | 50 | if err != nil { 51 | log.Error(err) 52 | return 53 | } 54 | 55 | localEndpoints.Lock() 56 | localEndpoints.Points = res 57 | localEndpoints.Unlock() 58 | } 59 | 60 | func (a *analyzer) isInternal(ip net.IP) bool { 61 | for _, ipNet := range a.WatchedNetworks { 62 | if ipNet.Contains(ip) { 63 | return true 64 | } 65 | } 66 | return false 67 | } 68 | 69 | func (a *analyzer) onPacket(pkt gopacket.Packet) { 70 | //TODO: Application Layer ( NetBIOS ) 71 | if pkt.NetworkLayer() != nil { 72 | a.analyzeNetworkPkt(pkt) 73 | } else if pkt.LinkLayer() != nil { 74 | a.analyzeLinkPkt(pkt) 75 | } 76 | } 77 | 78 | func isOurEndpoint(e gopacket.Endpoint) bool { 79 | localEndpoints.RLock() 80 | defer localEndpoints.RUnlock() 81 | 82 | for _, ee := range localEndpoints.Points { 83 | if ee == e { 84 | return true 85 | } 86 | } 87 | return false 88 | } 89 | 90 | func (a *analyzer) analyzeLinkPkt(pkt gopacket.Packet) { 91 | if arpLayer := pkt.Layer(layers.LayerTypeARP); arpLayer != nil { 92 | a.analyzeARP(pkt) 93 | } 94 | } 95 | 96 | func (a *analyzer) analyzeARP(pkt gopacket.Packet) { 97 | ll := pkt.LinkLayer() 98 | flow := ll.LinkFlow() 99 | 100 | if isOurEndpoint(flow.Src()) { 101 | log.Debugf("skipping sent ARP packet") 102 | return 103 | } 104 | 105 | if a.Receiver == nil { 106 | log.Debugf("Receiver is null, ARP packet lost") 107 | return 108 | } 109 | 110 | arp := pkt.Layer(layers.LayerTypeARP).(*layers.ARP) 111 | 112 | hwAddr := net.HardwareAddr(flow.Src().Raw()) 113 | ipAddr := net.IP(arp.SourceProtAddress) 114 | 115 | go a.Receiver(hwAddr, ipAddr, nil) 116 | } 117 | 118 | func (a *analyzer) analyzeNetworkPkt(pkt gopacket.Packet) { 119 | ll := pkt.LinkLayer() 120 | nl := pkt.NetworkLayer() 121 | 122 | llSrc, llDst := ll.LinkFlow().Endpoints() 123 | nlSrc, nlDst := nl.NetworkFlow().Endpoints() 124 | 125 | var lle, nle gopacket.Endpoint 126 | 127 | if !isOurEndpoint(nlSrc) { 128 | lle = llSrc 129 | nle = nlSrc 130 | } else { 131 | lle = llDst 132 | nle = nlDst 133 | } 134 | 135 | if nle.EndpointType() != layers.EndpointIPv4 && nle.EndpointType() != layers.EndpointIPv6 { 136 | log.Debugf("skipping non-ip packet: %v", pkt) 137 | return 138 | } 139 | 140 | hwAddr := net.HardwareAddr(lle.Raw()) 141 | ipAddr := net.IP(nlSrc.Raw()) 142 | 143 | if a.isInternal(ipAddr) || netHelper.IsPrivate(ipAddr) { 144 | go a.Receiver(hwAddr, ipAddr, nil) 145 | } 146 | } 147 | 148 | // start sniffing and analyzing packets 149 | func (a *analyzer) Start() error { 150 | ifName := "any" 151 | 152 | if ctxHelper.HaveIface(a.ctx) { 153 | ifName = ctxHelper.GetIface(a.ctx).Name 154 | } 155 | 156 | if len(a.WatchedNetworks) == 0 { 157 | networks, err := netHelper.GetAttachedIpNetworks() 158 | 159 | if err != nil { 160 | return err 161 | } 162 | 163 | a.WatchedNetworks = networks 164 | } 165 | 166 | handle, err := pcap.OpenLive(ifName, 1024, true, pcap.BlockForever) 167 | 168 | if err != nil { 169 | return err 170 | } 171 | 172 | source := gopacket.NewPacketSource(handle, handle.LinkType()) 173 | 174 | go func() { 175 | defer handle.Close() 176 | for { 177 | select { 178 | case p, more := <-source.Packets(): 179 | if !more { 180 | return 181 | } 182 | //TODO: use workers 183 | a.onPacket(p) 184 | case <-a.ctx.Done(): 185 | return 186 | } 187 | } 188 | }() 189 | 190 | return nil 191 | } 192 | -------------------------------------------------------------------------------- /tools/network-radar/analyzer_test.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package network_radar 19 | 20 | import ( 21 | "github.com/google/gopacket" 22 | "github.com/google/gopacket/layers" 23 | "testing" 24 | ) 25 | 26 | // took from wireshark 27 | // a good NetBIOS query to my router, ETH + IP + UDP + NetBIOS 28 | 29 | var goodNBQueryPkt = []byte{ 30 | 0x00, 0x26, 0x5a, 0x9d, 0xf0, 0x76, 0x64, 0x70, 0x02, 0xda, 0x03, 0x05, 0x08, 0x00, 0x45, 0x00, 31 | 0x00, 0x4e, 0x08, 0x8b, 0x40, 0x00, 0x40, 0x11, 0xb0, 0xab, 0xc0, 0xa8, 0x00, 0x17, 0xc0, 0xa8, 32 | 0x00, 0x01, 0xb0, 0x49, 0x00, 0x89, 0x00, 0x3a, 0x0c, 0xdd, 0x82, 0x28, 0x00, 0x00, 0x00, 0x01, 33 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x43, 0x4b, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 34 | 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 35 | 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x00, 0x00, 0x21, 0x00, 0x01, 36 | } 37 | 38 | var arpRequestPkt = []byte{ 39 | 0x00, 0x01, 0x00, 0x01, 0x00, 0x06, 0x64, 0xbc, 0x0c, 0x83, 0x97, 0x99, 0x00, 0x00, 0x08, 0x06, 40 | 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x64, 0xbc, 0x0c, 0x83, 0x97, 0x99, 0xc0, 0xa8, 41 | 0x00, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0xa8, 0x00, 0x01, 42 | } 43 | 44 | func TestAnalyzeNetBIOS(t *testing.T) { 45 | pkt := gopacket.NewPacket(goodNBQueryPkt, layers.LayerTypeEthernet, gopacket.Default) 46 | 47 | for _, l := range pkt.Layers() { 48 | t.Logf("contains: %v", l.LayerType()) 49 | } 50 | 51 | if pkt.NetworkLayer() == nil { 52 | t.Error("created packet does not implement Network layer") 53 | t.Fail() 54 | } 55 | } 56 | 57 | func TestAnalyzeARP(t *testing.T) { 58 | pkt := gopacket.NewPacket(arpRequestPkt, layers.LayerTypeLinuxSLL, gopacket.Default) 59 | 60 | for _, l := range pkt.Layers() { 61 | t.Logf("contains: %v", l.LayerType()) 62 | } 63 | 64 | t.Logf("Link layer: %v", pkt.LinkLayer()) 65 | 66 | if pkt.Layer(layers.LayerTypeARP) == nil { 67 | t.Error("created packet do not implement ARP layer") 68 | t.Fail() 69 | } 70 | 71 | } 72 | -------------------------------------------------------------------------------- /tools/network-radar/ctx.go: -------------------------------------------------------------------------------- 1 | package network_radar 2 | 3 | type localCtxKey int 4 | 5 | const fetcherKey localCtxKey = 1 // iota ? -------------------------------------------------------------------------------- /tools/network-radar/host_fetcher.go: -------------------------------------------------------------------------------- 1 | package network_radar 2 | 3 | import ( 4 | "net" 5 | "golang.org/x/net/context" 6 | ) 7 | 8 | // fetch known hosts 9 | type HostFetcher interface { 10 | WithContext(context.Context) HostFetcher 11 | WithNetwork(*net.IPNet) HostFetcher 12 | Find() <-chan net.IP 13 | } -------------------------------------------------------------------------------- /tools/network-radar/host_receiver.go: -------------------------------------------------------------------------------- 1 | package network_radar 2 | 3 | import "net" 4 | 5 | // Receive notification about seen hosts 6 | // hwAddr is the link address of the host, ipAddr it's IP one and name it's DNS or NetBIOS name if available 7 | type HostReceiverFunc func(hwAddr net.HardwareAddr, ipAddr net.IP, name *string) 8 | 9 | 10 | -------------------------------------------------------------------------------- /tools/network-radar/model/walker.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package model 19 | 20 | import ( 21 | "golang.org/x/net/context" 22 | "net" 23 | ) 24 | 25 | // A KnownHostsIPWalker shall retrieve all known hosts IPs 26 | // and send them down to the returned channel 27 | type KnownHostsIPWalker func(ctx context.Context) <-chan net.IP 28 | -------------------------------------------------------------------------------- /tools/network-radar/netbios/nb.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package netbios 19 | 20 | import ( 21 | "net" 22 | ) 23 | 24 | var nbQuery = [...]byte{ 25 | 0x82, 0x28, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 26 | 0x00, 0x00, 0x20, 0x43, 0x4B, 0x41, 0x41, 0x41, 0x41, 0x41, 27 | 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 28 | 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 29 | 0x41, 0x41, 0x41, 0x41, 0x41, 0x00, 0x00, 0x21, 0x00, 0x01, 30 | } 31 | 32 | const nbQuerySz = len(nbQuery) 33 | 34 | func SendQuery(nbSock *net.UDPConn, addr net.IP) error { 35 | var cnt int 36 | var err error 37 | 38 | udpAddr := &net.UDPAddr{IP: addr, Port: 137} 39 | 40 | for sent := 0; sent < nbQuerySz; sent += cnt { 41 | cnt, err = nbSock.WriteToUDP(nbQuery[sent:], udpAddr) 42 | 43 | if err != nil { 44 | return err 45 | } 46 | } 47 | 48 | return nil 49 | } 50 | -------------------------------------------------------------------------------- /tools/network-radar/network-radar.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package network_radar 19 | 20 | import ( 21 | "fmt" 22 | ctxHelper "github.com/cSploit/daemon/helpers/ctx" 23 | "github.com/op/go-logging" 24 | "github.com/vektra/errors" 25 | "golang.org/x/net/context" 26 | "net" 27 | ) 28 | 29 | var ( 30 | log = logging.MustGetLogger("network-radar") 31 | ) 32 | 33 | type NetworkRadar struct { 34 | Passive bool 35 | Iface *net.Interface 36 | Addresses []net.Addr 37 | ctx context.Context 38 | Cancel context.CancelFunc 39 | Receiver HostReceiverFunc 40 | Fetcher HostFetcher 41 | } 42 | 43 | func (nr *NetworkRadar) startProbing() error { 44 | var lastErr error 45 | var skipLoopback bool 46 | 47 | if nr.Fetcher == nil { 48 | return errors.New("Active scan requires an HostFetcher") 49 | } 50 | 51 | nr.Fetcher = nr.Fetcher.WithContext(nr.ctx) 52 | 53 | if len(nr.Addresses) == 0 { 54 | if nr.Iface != nil { 55 | nr.Addresses, lastErr = nr.Iface.Addrs() 56 | } else { 57 | nr.Addresses, lastErr = net.InterfaceAddrs() 58 | } 59 | 60 | if lastErr != nil { 61 | return lastErr 62 | } 63 | 64 | skipLoopback = true 65 | } 66 | 67 | lastErr = errors.New("no network to probe for") 68 | activated := 0 69 | 70 | for _, a := range nr.Addresses { 71 | 72 | ipNet, ok := a.(*net.IPNet) 73 | 74 | if !ok { 75 | log.Debugf("skipping non-ip address: <%T> %v", a, a) 76 | continue 77 | } 78 | 79 | if skipLoopback && ipNet.IP.IsLoopback() { 80 | continue 81 | } 82 | 83 | ctx := ctxHelper.WithIpNet(nr.ctx, ipNet) 84 | ctx = context.WithValue(ctx, fetcherKey, nr.Fetcher) 85 | 86 | if err := ProbeNetBIOS(ctx); err != nil { 87 | log.Error(err) 88 | lastErr = err 89 | } else { 90 | activated++ 91 | } 92 | 93 | if err := ProbeKnownHosts(ctx); err != nil { 94 | log.Error(err) 95 | lastErr = err 96 | } else { 97 | activated++ 98 | } 99 | } 100 | 101 | if activated == 0 { 102 | return fmt.Errorf("unable to start probers: %v", lastErr) 103 | } 104 | 105 | return nil 106 | } 107 | 108 | func (nr *NetworkRadar) Start() error { 109 | nr.ctx, nr.Cancel = context.WithCancel(context.Background()) 110 | 111 | if nr.Iface != nil { 112 | nr.ctx = ctxHelper.WithIface(nr.ctx, *(nr.Iface)) 113 | } 114 | 115 | a := analyzer{ctx: nr.ctx, Receiver: nr.Receiver} 116 | 117 | if err := a.Start(); err != nil { 118 | return err 119 | } 120 | 121 | if !nr.Passive { 122 | if err := nr.startProbing(); err != nil { 123 | nr.Cancel() 124 | return err 125 | } 126 | } 127 | 128 | return nil 129 | } 130 | -------------------------------------------------------------------------------- /tools/network-radar/prober.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package network_radar 19 | 20 | import ( 21 | "fmt" 22 | ctxHelper "github.com/cSploit/daemon/helpers/ctx" 23 | netHelper "github.com/cSploit/daemon/helpers/net" 24 | "github.com/cSploit/daemon/tools/network-radar/model" 25 | "github.com/cSploit/daemon/tools/network-radar/netbios" 26 | "github.com/google/gopacket" 27 | "github.com/google/gopacket/layers" 28 | "github.com/google/gopacket/pcap" 29 | "github.com/vektra/errors" 30 | "golang.org/x/net/context" 31 | "math" 32 | "net" 33 | "sync" 34 | "time" 35 | ) 36 | 37 | // hosts4sock is preferred amount of hosts t probe per open socket 38 | const hosts4sock = 32 39 | 40 | // maxSocks is maximum number of opened sockets 41 | const maxSocks = 32 42 | 43 | func walkNetwork(ctx context.Context) <-chan net.IP { 44 | c := make(chan net.IP) 45 | ipNet := ctxHelper.GetIpNet(ctx) 46 | 47 | go func() { 48 | defer close(c) 49 | 50 | ip := ipNet.IP.Mask(ipNet.Mask) 51 | bcast := netHelper.BuildBroadcastAddress(ipNet) 52 | 53 | // single address network 54 | if ip.Equal(bcast) { 55 | c <- ip 56 | return 57 | } 58 | 59 | for netHelper.NextIP(ip); !ip.Equal(bcast); netHelper.NextIP(ip) { 60 | if !ip.IsGlobalUnicast() { 61 | continue 62 | } 63 | 64 | res := netHelper.CopyIP(ip) 65 | select { 66 | case c <- res: 67 | case <-ctx.Done(): 68 | return 69 | } 70 | } 71 | }() 72 | 73 | return c 74 | } 75 | 76 | func loopKnownHosts(ctx context.Context, loopDuration time.Duration, walker model.KnownHostsIPWalker) <-chan net.IP { 77 | c := make(chan net.IP) 78 | ticker := time.NewTicker(loopDuration) 79 | 80 | pipe := func(in <-chan net.IP) { 81 | for ip := range in { 82 | select { 83 | case c <- ip: 84 | case <-ctx.Done(): 85 | return 86 | } 87 | } 88 | } 89 | 90 | go func() { 91 | var warned bool 92 | 93 | defer close(c) 94 | defer ticker.Stop() 95 | 96 | for { 97 | select { 98 | case <-ticker.C: 99 | start := time.Now() 100 | pipe(walker(ctx)) 101 | elapsed := time.Since(start) 102 | if !warned && elapsed > loopDuration { 103 | warned = true 104 | log.Warningf("Want to walk the known hosts every %v but we took %v", 105 | loopDuration, elapsed) 106 | } 107 | case <-ctx.Done(): 108 | return 109 | } 110 | } 111 | }() 112 | 113 | return c 114 | } 115 | 116 | func nbProbe(ctx context.Context, c <-chan net.IP) (<-chan struct{}, error) { 117 | nbConn, err := net.ListenUDP("udp", nil) 118 | 119 | if err != nil { 120 | return nil, err 121 | } 122 | 123 | done := make(chan struct{}) 124 | 125 | go func() { 126 | defer nbConn.Close() 127 | defer close(done) 128 | for { 129 | select { 130 | case ip, more := <-c: 131 | if !more { 132 | return 133 | } 134 | err := netbios.SendQuery(nbConn, ip) 135 | if err != nil { 136 | log.Error(err) 137 | } 138 | case <-ctx.Done(): 139 | return 140 | } 141 | } 142 | }() 143 | 144 | return done, nil 145 | } 146 | 147 | func ipv4ArpRequestGenerator(ctx context.Context, c <-chan net.IP) <-chan gopacket.SerializeBuffer { 148 | iface := ctxHelper.GetIface(ctx) 149 | ipNet := ctxHelper.GetIpNet(ctx) 150 | 151 | srcIp := ipNet.IP.To4() 152 | 153 | opts := gopacket.SerializeOptions{ 154 | FixLengths: true, 155 | ComputeChecksums: true, 156 | } 157 | eth := &layers.Ethernet{ 158 | SrcMAC: iface.HardwareAddr, 159 | DstMAC: net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 160 | EthernetType: layers.EthernetTypeARP, 161 | } 162 | arp := &layers.ARP{ 163 | AddrType: layers.LinkTypeEthernet, 164 | Protocol: layers.EthernetTypeIPv4, 165 | HwAddressSize: 6, 166 | ProtAddressSize: 4, 167 | Operation: layers.ARPRequest, 168 | SourceHwAddress: []byte(iface.HardwareAddr), 169 | SourceProtAddress: []byte(srcIp), 170 | DstHwAddress: []byte{0, 0, 0, 0, 0, 0}, 171 | } 172 | 173 | out := make(chan gopacket.SerializeBuffer) 174 | 175 | go func() { 176 | defer close(out) 177 | 178 | for { 179 | select { 180 | case ip, more := <-c: 181 | if !more { 182 | return 183 | } 184 | 185 | buf := gopacket.NewSerializeBuffer() 186 | 187 | arp.SourceProtAddress = []byte(ip.To4()) 188 | gopacket.SerializeLayers(buf, opts, eth, arp) 189 | 190 | log.Debugf("ARP Request length: %d", len(buf.Bytes())) 191 | 192 | out <- buf 193 | case <-ctx.Done(): 194 | return 195 | } 196 | } 197 | }() 198 | 199 | return out 200 | } 201 | 202 | func interfaceWriter(ctx context.Context, c <-chan gopacket.SerializeBuffer) error { 203 | iface := ctxHelper.GetIface(ctx) 204 | handle, err := pcap.OpenLive(iface.Name, 0, true, pcap.BlockForever) 205 | 206 | if err != nil { 207 | return err 208 | } 209 | 210 | go func() { 211 | defer handle.Close() 212 | 213 | for { 214 | select { 215 | case buf, more := <-c: 216 | if !more { 217 | return 218 | } 219 | handle.WritePacketData(buf.Bytes()) 220 | case <-ctx.Done(): 221 | return 222 | } 223 | } 224 | }() 225 | 226 | return nil 227 | } 228 | 229 | func mergeBufs(ctx context.Context, chans ...<-chan gopacket.SerializeBuffer) <-chan gopacket.SerializeBuffer { 230 | var wg sync.WaitGroup 231 | 232 | out := make(chan gopacket.SerializeBuffer) 233 | 234 | pipe := func(c <-chan gopacket.SerializeBuffer) { 235 | defer wg.Done() 236 | 237 | for buf := range c { 238 | select { 239 | case out <- buf: 240 | case <-ctx.Done(): 241 | return 242 | } 243 | } 244 | } 245 | 246 | wg.Add(len(chans)) 247 | 248 | for _, c := range chans { 249 | go pipe(c) 250 | } 251 | 252 | go func() { 253 | wg.Wait() 254 | close(out) 255 | }() 256 | 257 | return out 258 | } 259 | 260 | func tryToReduceSize(ipNet *net.IPNet) *net.IPNet { 261 | if net4 := netHelper.IPNetTo4(ipNet); net4 != nil { 262 | return net4 263 | } 264 | return ipNet 265 | } 266 | 267 | func ProbeNetBIOS(ctx context.Context) error { 268 | var lastErr error 269 | 270 | ipNet := ctxHelper.GetIpNet(ctx) 271 | 272 | N := netHelper.NumHosts(ipNet) 273 | 274 | if N == 0 { 275 | return fmt.Errorf("Network '%s' is empty", ipNet) 276 | } 277 | 278 | ctx, cancel := context.WithCancel(ctx) 279 | NSenders := int(math.Ceil(float64(N) / hosts4sock)) 280 | NSenders = int(math.Min(float64(NSenders), maxSocks)) 281 | ips := walkNetwork(ctx) 282 | activated := 0 283 | 284 | log.Infof("starting NetBIOS prober for network '%s' {N: %d, NSenders: %d }", ipNet, N, NSenders) 285 | 286 | for i := 0; i < NSenders; i++ { 287 | _, lastErr = nbProbe(ctx, ips) 288 | 289 | if lastErr != nil { 290 | log.Error(lastErr) 291 | continue 292 | } 293 | 294 | activated++ 295 | } 296 | 297 | if activated == 0 { 298 | cancel() 299 | return fmt.Errorf("Cannot create probes: %v", lastErr) 300 | } 301 | 302 | return nil 303 | } 304 | 305 | func ProbeKnownHosts(ctx context.Context) error { 306 | ipNet := ctxHelper.GetIpNet(ctx) 307 | fetcher := ctx.Value(fetcherKey).(HostFetcher) 308 | ctx, cancel := context.WithCancel(ctx) 309 | 310 | if net4 := netHelper.IPNetTo4(ipNet); net4 == nil { 311 | return errors.New("IPv6 not implemented yet") 312 | } else { 313 | ipNet = net4 314 | ctx = ctxHelper.WithIpNet(ctx, ipNet) 315 | } 316 | 317 | N := netHelper.NumHosts(ipNet) 318 | 319 | if N == 0 { 320 | return fmt.Errorf("Network '%s' is empty", ipNet) 321 | } 322 | 323 | iface, err := netHelper.InterfaceForIp(ipNet.IP) 324 | 325 | if err != nil { 326 | return err 327 | } 328 | 329 | ctx = ctxHelper.WithIface(ctx, iface) 330 | 331 | walker := func(ctx context.Context) <-chan net.IP { 332 | return fetcher.Find() 333 | } 334 | ips := loopKnownHosts(ctx, time.Second, walker) 335 | 336 | NGens := int(math.Ceil(float64(N) / hosts4sock)) 337 | NGens = int(math.Min(float64(NGens), maxSocks)) 338 | var buffChannels []<-chan gopacket.SerializeBuffer 339 | 340 | log.Infof("starting ARP prober for network '%s' {N: %d, NGens: %d, iface : %v}", ipNet, N, NGens, iface) 341 | 342 | for i := 0; i < NGens; i++ { 343 | bufc := ipv4ArpRequestGenerator(ctx, ips) 344 | 345 | //TODO: ipv6NeighborRequestGenerator 346 | 347 | buffChannels = append(buffChannels, bufc) 348 | } 349 | 350 | bufs := mergeBufs(ctx, buffChannels...) 351 | 352 | if err := interfaceWriter(ctx, bufs); err != nil { 353 | cancel() 354 | return err 355 | } 356 | 357 | return nil 358 | } 359 | -------------------------------------------------------------------------------- /tools/network-radar/prober_test.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package network_radar 19 | 20 | /* 21 | usually you'll get some error due to the high rate of emitting packets 22 | 23 | errno: operation not permitted 24 | dmesg: nf_conntrack: table full, dropping packet 25 | solution: increase /proc/sys/net/ipv4/netfilter/ip_conntrack_max 26 | 27 | errno: invalid argument 28 | dmesg: neighbour: arp_cache: neighbor table overflow! 29 | solution: http://www.cyberciti.biz/faq/centos-redhat-debian-linux-neighbor-table-overflow/ 30 | */ 31 | 32 | import ( 33 | ctxHelper "github.com/cSploit/daemon/helpers/ctx" 34 | "golang.org/x/net/context" 35 | "net" 36 | "sync" 37 | "testing" 38 | ) 39 | 40 | func BenchmarkNbProber24_1(b *testing.B) { 41 | _, ipNet, _ := net.ParseCIDR("127.0.0.1/24") 42 | 43 | benchOne(b, ipNet, 1) 44 | } 45 | 46 | func BenchmarkNbProber24_4(b *testing.B) { 47 | _, ipNet, _ := net.ParseCIDR("127.0.0.1/24") 48 | 49 | benchOne(b, ipNet, 4) 50 | } 51 | 52 | func BenchmarkNbProber24_8(b *testing.B) { 53 | _, ipNet, _ := net.ParseCIDR("127.0.0.1/24") 54 | 55 | benchOne(b, ipNet, 8) 56 | } 57 | 58 | func benchOne(b *testing.B, ipNet *net.IPNet, NSenders int) { 59 | ctx := context.Background() 60 | ctx = ctxHelper.WithIpNet(ctx, ipNet) 61 | wg := sync.WaitGroup{} 62 | 63 | b.ResetTimer() 64 | 65 | for i := 0; i < b.N; i++ { 66 | ips := walkNetwork(ctx) 67 | for j := 0; j < NSenders; j++ { 68 | done, err := nbProbe(ctx, ips) 69 | if err != nil { 70 | panic(err) 71 | } 72 | wg.Add(1) 73 | go func() { 74 | <-done 75 | wg.Done() 76 | }() 77 | } 78 | wg.Wait() 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /views/ap.go: -------------------------------------------------------------------------------- 1 | package views 2 | 3 | import "github.com/cSploit/daemon/models" 4 | 5 | type apShowView struct { 6 | models.AP 7 | IfaceView interface{} `json:"iface"` 8 | JobsView interface{} `json:"jobs"` 9 | } 10 | 11 | func ApIndex(arg interface{}) interface{} { 12 | return arg 13 | } 14 | 15 | func ApShow(arg interface{}) interface{} { 16 | ap := arg.(models.AP) 17 | 18 | view := apShowView{ 19 | AP: ap, 20 | IfaceView: IfaceIndex(ap.Iface), 21 | JobsView: JobIndex(ap.Jobs), 22 | } 23 | 24 | return view 25 | } 26 | -------------------------------------------------------------------------------- /views/client.go: -------------------------------------------------------------------------------- 1 | package views 2 | 3 | import "github.com/cSploit/daemon/models" 4 | 5 | type clientShowView struct { 6 | models.Client 7 | Iface interface{} `json:"iface"` 8 | Jobs interface{} `json:"jobs"` 9 | } 10 | 11 | func ClientIndex(arg interface{}) interface{} { 12 | return arg 13 | } 14 | 15 | func ClientShow(arg interface{}) interface{} { 16 | client := arg.(models.Client) 17 | 18 | ifaces := []models.Iface{client.Iface} 19 | 20 | return &clientShowView{ 21 | Client: client, 22 | Iface: IfaceIndex(ifaces), 23 | Jobs: JobIndex(client.Jobs), 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /views/host.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package views 19 | 20 | import "github.com/cSploit/daemon/models" 21 | 22 | type hostIdxElem struct { 23 | models.Host 24 | OpenPortCount int `json:"open_port_count"` 25 | HidePorts string `json:"ports,omitempty"` 26 | } 27 | 28 | type hostShowView struct { 29 | models.Host 30 | HideNetworkID string `json:"network_id,omitempty"` 31 | PortsView interface{} `json:"ports"` 32 | NetworkView interface{} `json:"network,omitempty"` 33 | } 34 | 35 | func HostsIndex(arg interface{}) interface{} { 36 | hosts := arg.([]models.Host) 37 | res := make([]hostIdxElem, len(hosts)) 38 | 39 | for i, h := range hosts { 40 | // we assume that h.Ports contains all 41 | // and only the open ports 42 | 43 | res[i] = hostIdxElem{ 44 | Host: h, 45 | OpenPortCount: len(h.Ports), 46 | } 47 | } 48 | 49 | return res 50 | } 51 | 52 | func HostsShow(arg interface{}) interface{} { 53 | host := arg.(models.Host) 54 | var net interface{} 55 | 56 | portsView := PortIndex(host.Ports) 57 | 58 | if host.Network != nil { 59 | net = networkAsChild(*host.Network) 60 | } 61 | 62 | res := hostShowView{ 63 | Host: host, 64 | PortsView: portsView, 65 | NetworkView: net, 66 | } 67 | 68 | return res 69 | } 70 | -------------------------------------------------------------------------------- /views/iface.go: -------------------------------------------------------------------------------- 1 | package views 2 | 3 | import "github.com/cSploit/daemon/models" 4 | 5 | type ifaceShowView struct { 6 | models.Iface 7 | Aps interface{} `json:"aps"` 8 | Clients interface{} `json:"clients"` 9 | Jobs interface{} `json:"jobs"` 10 | } 11 | 12 | func IfaceIndex(arg interface{}) interface{} { 13 | return arg 14 | } 15 | 16 | func IfaceShow(arg interface{}) interface{} { 17 | iface := arg.(models.Iface) 18 | 19 | return &ifaceShowView{ 20 | Iface: iface, 21 | Aps: ApIndex(iface.Aps), 22 | Clients: ClientIndex(iface.Clients), 23 | Jobs: JobIndex(iface.Jobs), 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /views/job.go: -------------------------------------------------------------------------------- 1 | package views 2 | 3 | import "github.com/cSploit/daemon/models" 4 | 5 | type jobShowView struct { 6 | models.Job 7 | Aps interface{} `json:"aps"` 8 | Clients interface{} `json:"clients"` 9 | Hosts interface{} `json:"hosts"` 10 | Networks interface{} `json:"networks"` 11 | Ifaces interface{} `json:"ifaces"` 12 | Process interface{} `json:"process"` 13 | } 14 | 15 | type processJobShowView struct { 16 | models.ProcessJob 17 | hiddenJob string `json:"job,omitempty"` 18 | } 19 | 20 | func JobIndex(arg interface{}) interface{} { 21 | return arg 22 | } 23 | 24 | func JobShow(arg interface{}) interface{} { 25 | job := arg.(models.Job) 26 | 27 | return &jobShowView{ 28 | Job: job, 29 | Aps: ApIndex(job.Aps), 30 | Clients: ClientIndex(job.Clients), 31 | Hosts: HostsIndex(job.Hosts), 32 | Networks: NetworkIndex(job.Networks), 33 | Ifaces: IfaceIndex(job.Ifaces), 34 | Process: processJobShow(job.Process), 35 | } 36 | } 37 | 38 | func processJobShow(pj *models.ProcessJob) interface{} { 39 | if pj == nil { 40 | return nil 41 | } 42 | 43 | return &processJobShowView{ProcessJob: *pj} 44 | } 45 | -------------------------------------------------------------------------------- /views/network.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package views 19 | 20 | import "github.com/cSploit/daemon/models" 21 | 22 | type networkIdxElem struct { 23 | models.Network 24 | HideHosts string `json:"hosts,omitempty"` 25 | } 26 | 27 | type networkShowView struct { 28 | models.Network 29 | OverrideHosts interface{} `json:"hosts,omitempty"` 30 | } 31 | 32 | func NetworkIndex(args interface{}) interface{} { 33 | nets := args.([]models.Network) 34 | res := make([]networkIdxElem, len(nets)) 35 | 36 | for i, n := range nets { 37 | res[i] = networkIdxElem{Network: n} 38 | } 39 | 40 | return res 41 | } 42 | 43 | func NetworkShow(arg interface{}) interface{} { 44 | net := arg.(models.Network) 45 | res := networkShowView{Network: net} 46 | 47 | if len(net.Hosts) > 0 { 48 | res.OverrideHosts = HostsIndex(net.Hosts) 49 | } 50 | 51 | return res 52 | } 53 | 54 | func networkAsChild(arg interface{}) interface{} { 55 | network := arg.(models.Network) 56 | return networkIdxElem{Network: network} 57 | } 58 | -------------------------------------------------------------------------------- /views/port.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package views 19 | 20 | import "github.com/cSploit/daemon/models" 21 | 22 | type portIdxElem struct { 23 | models.Port 24 | HideHostId string `json:"host_id,omitempty"` 25 | ServiceID uint `json:"service_id,omitempty"` 26 | ServiceName string `json:"service_name,omitempty"` 27 | } 28 | 29 | type portShowView struct { 30 | models.Port 31 | Service interface{} `json:"service,omitempty"` 32 | } 33 | 34 | func PortIndex(args interface{}) interface{} { 35 | ports := args.([]models.Port) 36 | res := make([]portIdxElem, len(ports)) 37 | 38 | for i, p := range ports { 39 | var svc string 40 | var svc_id uint 41 | 42 | if p.Service != nil { 43 | svc = p.Service.FormatName() 44 | svc_id = p.Service.ID 45 | } 46 | 47 | res[i] = portIdxElem{ 48 | Port: p, 49 | ServiceName: svc, 50 | ServiceID: svc_id, 51 | } 52 | } 53 | 54 | return res 55 | } 56 | 57 | func PortShow(arg interface{}) interface{} { 58 | port := arg.(models.Port) 59 | 60 | view := &portShowView{Port: port} 61 | 62 | if port.Service != nil { 63 | view.Service = ServiceShow(*port.Service) 64 | } 65 | 66 | return view 67 | } 68 | -------------------------------------------------------------------------------- /views/service.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package views 19 | 20 | import "github.com/cSploit/daemon/models" 21 | 22 | func ServiceIndex(arg interface{}) interface{} { 23 | svc := arg.([]models.Service) 24 | 25 | return svc 26 | } 27 | 28 | func ServiceShow(arg interface{}) interface{} { 29 | svc := arg.(models.Service) 30 | 31 | return svc 32 | } 33 | 34 | func serviceAsChild(arg interface{}) interface{} { 35 | svc := arg.(*models.Service) 36 | 37 | if svc == nil { 38 | return "" 39 | } else { 40 | return svc.FormatName() 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /views/view.go: -------------------------------------------------------------------------------- 1 | /* cSploit - a simple penetration testing suite 2 | * Copyright (C) 2016 Massimo Dragano aka tux_mind 3 | * 4 | * cSploit is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation, either version 3 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * cSploit is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with cSploit. If not, see . 16 | * 17 | */ 18 | package views 19 | 20 | // Return a template filled with the input model 21 | type RenderFunc func(interface{}) interface{} 22 | --------------------------------------------------------------------------------