antfarm 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. data/CHANGELOG +9 -0
  2. data/{README → README.rdoc} +39 -5
  3. data/bin/antfarm +37 -4
  4. data/db/migrate/010_create_dns_entries.rb +32 -0
  5. data/db/migrate/011_create_actions.rb +34 -0
  6. data/db/migrate/012_create_services.rb +36 -0
  7. data/db/migrate/013_create_operating_systems.rb +34 -0
  8. data/db/schema.rb +30 -22
  9. data/lib/antfarm.jar +0 -0
  10. data/lib/antfarm.rb +4 -0
  11. data/lib/antfarm/action.rb +29 -0
  12. data/lib/antfarm/dns_entry.rb +23 -0
  13. data/lib/antfarm/ip_interface.rb +38 -26
  14. data/lib/antfarm/ip_network.rb +3 -3
  15. data/lib/antfarm/layer2_interface.rb +16 -3
  16. data/lib/antfarm/layer3_network.rb +4 -4
  17. data/lib/antfarm/node.rb +6 -0
  18. data/lib/antfarm/operating_system.rb +25 -0
  19. data/lib/antfarm/service.rb +25 -0
  20. data/lib/console.rb +9 -0
  21. data/lib/cpscript.rb +70 -0
  22. data/lib/dbmanage.rb +34 -5
  23. data/lib/init/initializer.rb +25 -3
  24. data/lib/scparse.rb +14 -1
  25. data/lib/scripts/cisco/parse-pix-config.rb +5 -14
  26. data/lib/scripts/manipulate-dns.rb +87 -0
  27. data/lib/scripts/nmap/parse-xml.rb +147 -0
  28. data/lib/scripts/pcap/parse-pcap-file.rb +83 -21
  29. data/lib/scripts/viz/display-networks.rb +16 -25
  30. data/lib/scripts/viz/display-traffic.rb +111 -0
  31. data/lib/scripts/viz/dump-graphml.rb +1 -1
  32. data/lib/version.rb +5 -0
  33. data/rails/app/controllers/actions_controller.rb +5 -0
  34. data/rails/app/controllers/dns_entries_controller.rb +4 -0
  35. data/rails/app/controllers/layer3_interfaces_controller.rb +2 -2
  36. data/rails/app/controllers/nodes_controller.rb +4 -4
  37. data/rails/app/controllers/operating_systems_controller.rb +5 -0
  38. data/rails/app/controllers/services_controller.rb +5 -0
  39. data/rails/app/controllers/traffic_controller.rb +1 -0
  40. data/rails/app/views/layouts/application.html.erb +35 -0
  41. data/rails/public/stylesheets/site.css +11 -0
  42. metadata +26 -35
  43. data/lib/scripts/load-route.rb +0 -79
  44. data/lib/scripts/load-router-nomac.rb +0 -60
  45. data/lib/scripts/load-router.rb +0 -59
  46. data/lib/scripts/nmap/parse-xml-results.rb +0 -240
  47. data/lib/scripts/route.rb +0 -89
  48. data/lib/scripts/tethereal/load-arp.rb +0 -67
  49. data/lib/scripts/tethereal/load-ip.rb +0 -65
  50. data/rails/app/helpers/application_helper.rb +0 -3
  51. data/rails/app/helpers/ethernet_interfaces_helper.rb +0 -2
  52. data/rails/app/helpers/ip_interfaces_helper.rb +0 -2
  53. data/rails/app/helpers/ip_networks_helper.rb +0 -2
  54. data/rails/app/helpers/layer2_interfaces_helper.rb +0 -2
  55. data/rails/app/helpers/layer3_interfaces_helper.rb +0 -5
  56. data/rails/app/helpers/layer3_networks_helper.rb +0 -2
  57. data/rails/app/helpers/nodes_helper.rb +0 -2
  58. data/rails/app/helpers/private_networks_helper.rb +0 -2
  59. data/rails/app/helpers/traffic_helper.rb +0 -2
  60. data/rails/app/views/layouts/ethernet_interfaces.html.erb +0 -15
  61. data/rails/app/views/layouts/ip_interfaces.html.erb +0 -15
  62. data/rails/app/views/layouts/ip_networks.html.erb +0 -15
  63. data/rails/app/views/layouts/layer2_interfaces.html.erb +0 -15
  64. data/rails/app/views/layouts/layer3_interfaces.html.erb +0 -15
  65. data/rails/app/views/layouts/layer3_networks.html.erb +0 -15
  66. data/rails/app/views/layouts/nodes.html.erb +0 -15
  67. data/rails/app/views/layouts/private_networks.html.erb +0 -15
  68. data/rails/app/views/layouts/traffic.html.erb +0 -15
  69. data/rails/public/000-index.html +0 -277
@@ -1,60 +0,0 @@
1
- #!/usr/bin/ruby -w
2
-
3
- # Copyright (2008) Sandia Corporation.
4
- # Under the terms of Contract DE-AC04-94AL85000 with Sandia Corporation,
5
- # the U.S. Government retains certain rights in this software.
6
- #
7
- # Original Author: Michael Berg, Sandia National Laboratories <mjberg@sandia.gov>
8
- # Modified By: Bryan T. Richardson, Sandia National Laboratories <btricha@sandia.gov>
9
- #
10
- # This library is free software; you can redistribute it and/or modify it
11
- # under the terms of the GNU Lesser General Public License as published by
12
- # the Free Software Foundation; either version 2.1 of the License, or (at
13
- # your option) any later version.
14
- #
15
- # This library is distributed in the hope that it will be useful, but WITHOUT
16
- # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
17
- # FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
18
- # details.
19
- #
20
- # You should have received a copy of the GNU Lesser General Public License
21
- # along with this library; if not, write to the Free Software Foundation, Inc.,
22
- # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23
-
24
- require 'antfarm'
25
-
26
- require 'antfarm/layer2/ethernet'
27
- require 'antfarm/layer3/ip'
28
-
29
- require 'antfarm/simplify'
30
-
31
- # Pull in DB username/password and other configuration settings
32
- require 'antfarm-config.rb'
33
-
34
-
35
- db = DBI.connect($dbname, $dblogin, $dbpasswd)
36
- verbose = true
37
-
38
- node_table = Antfarm::Node.new(db)
39
- layer2_if_table = Antfarm::Layer2_Interface.new(db, verbose)
40
- ip_if_table = Antfarm::IP_Interface.new(db, verbose)
41
-
42
- list = File.open(ARGV[0])
43
-
44
- router_name = list.readline.strip!
45
- new_node_id = node_table.insert(0.75, router_name)
46
-
47
- list.each {|line|
48
- ip_addr = line
49
- ip_addr.strip!
50
-
51
- ip_if_id = ip_if_table.insert(0.75, ip_addr)
52
- # Get Node associated with the IP
53
- layer2_if_id = ip_if_table.layer2_interface_having(ip_if_id)
54
- node_id = layer2_if_table.node_having(layer2_if_id)
55
- # Merge the default anonymous node_id with the new router node_id
56
- node_table.merge(new_node_id, node_id)
57
- }
58
- list.close
59
-
60
- db.disconnect
@@ -1,59 +0,0 @@
1
- #!/usr/bin/ruby -w
2
-
3
- # Copyright (2008) Sandia Corporation.
4
- # Under the terms of Contract DE-AC04-94AL85000 with Sandia Corporation,
5
- # the U.S. Government retains certain rights in this software.
6
- #
7
- # Original Author: Michael Berg, Sandia National Laboratories <mjberg@sandia.gov>
8
- # Modified By: Bryan T. Richardson, Sandia National Laboratories <btricha@sandia.gov>
9
- #
10
- # This library is free software; you can redistribute it and/or modify it
11
- # under the terms of the GNU Lesser General Public License as published by
12
- # the Free Software Foundation; either version 2.1 of the License, or (at
13
- # your option) any later version.
14
- #
15
- # This library is distributed in the hope that it will be useful, but WITHOUT
16
- # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
17
- # FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
18
- # details.
19
- #
20
- # You should have received a copy of the GNU Lesser General Public License
21
- # along with this library; if not, write to the Free Software Foundation, Inc.,
22
- # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23
-
24
- require 'antfarm'
25
-
26
- require 'antfarm/layer2/ethernet'
27
- require 'antfarm/layer3/ip'
28
-
29
- require 'antfarm/simplify'
30
-
31
- # Pull in DB username/password and other configuration settings
32
- require 'antfarm-config.rb'
33
-
34
-
35
- db = DBI.connect($dbname, $dblogin, $dbpasswd)
36
- verbose = true
37
-
38
- node_table = Antfarm::Node.new(db)
39
- ethernet_if_table = Antfarm::Ethernet_Interface.new(db, verbose)
40
- ip_if_table = Antfarm::IP_Interface.new(db, verbose)
41
-
42
- list = File.open(ARGV[0])
43
-
44
- router_name = list.readline.strip!
45
- node_id = node_table.insert(0.75, router_name)
46
-
47
- list.each {|line|
48
- (ethernet_addr, ip_addr) = line.split(' ')
49
- ethernet_addr.strip!
50
- ip_addr.strip!
51
-
52
- layer2_if_id = ethernet_if_table.insert(0.75, ethernet_addr, node_id)
53
- ip_if_table.insert(0.75, ip_addr, layer2_if_id)
54
- }
55
- list.close
56
-
57
- ethernet_if_table.merge_by_mac_address
58
-
59
- db.disconnect
@@ -1,240 +0,0 @@
1
- # Copyright (2008) Sandia Corporation.
2
- # Under the terms of Contract DE-AC04-94AL85000 with Sandia Corporation,
3
- # the U.S. Government retains certain rights in this software.
4
- #
5
- # Original Author: Michael Berg, Sandia National Laboratories <mjberg@sandia.gov>
6
- # Modified By: Bryan T. Richardson, Sandia National Laboratories <btricha@sandia.gov>
7
- #
8
- # This library is free software; you can redistribute it and/or modify it
9
- # under the terms of the GNU Lesser General Public License as published by
10
- # the Free Software Foundation; either version 2.1 of the License, or (at
11
- # your option) any later version.
12
- #
13
- # This library is distributed in the hope that it will be useful, but WITHOUT
14
- # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15
- # FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
16
- # details.
17
- #
18
- # You should have received a copy of the GNU Lesser General Public License
19
- # along with this library; if not, write to the Free Software Foundation, Inc.,
20
- # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21
-
22
- require 'dbi'
23
- require 'rexml/document'
24
- require '/home/michael/Projects/security-tools/tool-db/common/common-tables'
25
-
26
-
27
- class NmapDB
28
-
29
- def initialize(db)
30
- @db = db
31
-
32
- @host_state = Host_State.new(@db)
33
- @os_detection = OS_Detection.new(@db)
34
- @port_state = Port_State.new(@db)
35
- @service_detection = Service_Detection.new(@db)
36
-
37
- @ports_scanned = Hash.new
38
-
39
- # Query to insert a new row into the Nmap_Scan table
40
- nmap_scan_insert_str = "INSERT INTO Nmap_Scan"
41
- nmap_scan_insert_str += " (tool_run_id, scan_type, protocol, services)"
42
- nmap_scan_insert_str += " VALUES"
43
- nmap_scan_insert_str += " (?, ?, ?, ?)"
44
- @nmap_scan_insert = @db.prepare(nmap_scan_insert_str)
45
- end
46
-
47
-
48
- def string_to_portlist(string)
49
- result = Array.new
50
-
51
- ranges = string.split(',')
52
- ranges.each {|range|
53
- (start, stop) = range.split('-')
54
- unless stop
55
- stop = start
56
- end
57
- for i in (start.to_i)..(stop.to_i)
58
- result.push(i)
59
- end
60
- }
61
- result.sort!
62
- result.uniq!
63
-
64
- return result
65
- end
66
-
67
-
68
- def load(io_handle)
69
- nmap_data = (REXML::Document.new(io_handle)).root
70
- nmap_data.elements.each("/nmaprun") {|nmaprun|
71
- unless nmaprun.attributes["xmloutputversion"] == "1.0"
72
- puts "Unknown XML version for nmap!!!!"
73
- # TODO: throw an error
74
- end
75
-
76
- vendor = "Fyodor"
77
- product = nmaprun.attributes["scanner"]
78
- version = nmaprun.attributes["version"]
79
- command_line = nmaprun.attributes["args"]
80
- puts "#{product} #{version}"
81
- puts "#{command_line}"
82
-
83
- tool_run = Tool_Run.new(@db, vendor, product, version)
84
-
85
- # The started/finished times in the Nmap XML files are in UNIX epoch time
86
- ts_fmt = "%Y-%m-%d %H:%M:%S %Z"
87
- time_started = Time.at(nmaprun.attributes["start"].to_i)
88
- time_finished = Time.at(nmaprun.elements["runstats/finished"].attributes["time"].to_i)
89
- time_started_str = time_started.strftime(ts_fmt)
90
- time_finished_str = time_finished.strftime(ts_fmt)
91
-
92
- puts "scan time: #{time_started_str} - #{time_finished_str}"
93
-
94
- # Insert Nmap run meta-data into DB
95
- tool_run_id = tool_run.insert(command_line, time_started, time_finished)
96
-
97
- # The types of scans performed and the proto/ports scanned
98
- nmaprun.elements.each("scaninfo") {|scaninfo|
99
- scan_type = scaninfo.attributes["type"]
100
- scan_protocol = scaninfo.attributes["protocol"]
101
- scan_services = scaninfo.attributes["services"]
102
-
103
- @nmap_scan_insert.execute(tool_run_id, scan_type, scan_protocol, scan_services)
104
-
105
- # Need to track this info since many ports are "scanned but not listed"
106
- # in all of Nmap's available output formats.
107
- @ports_scanned[scan_protocol] = string_to_portlist(scan_services)
108
- }
109
-
110
- # Process each host scanned
111
- nmaprun.elements.each("host") {|host|
112
- host_address = host.elements["address"].attributes["addr"]
113
- host_state = case host.elements["status"].attributes["state"]
114
- when "up"
115
- true
116
- when "down"
117
- false
118
- else
119
- nil
120
- end
121
- host_certainty = 1.0
122
-
123
- # Insert host status into DB
124
- host_state_id = @host_state.insert(tool_run_id, host_address, host_state, host_certainty)
125
-
126
- puts "#{host_address}: #{host_state}"
127
-
128
- # Further processing only needs to be done for hosts that are "up"
129
- if host_state
130
- # Make a copy of @ports_scanned that can be worked on destructively for this host
131
- host_ports_scanned = Hash.new
132
- @ports_scanned.keys.each {|port_protocol|
133
- host_ports_scanned[port_protocol] = @ports_scanned[port_protocol].clone
134
- }
135
-
136
- extraports_state = case host.elements["ports/extraports"].attributes["state"]
137
- when "open"
138
- true
139
- when "closed"
140
- false
141
- else
142
- nil
143
- end
144
-
145
- # Parse and handle ports explicitely listed in the file
146
- host.elements.each("ports/port") {|port|
147
- # Port information
148
- port_protocol = port.attributes["protocol"]
149
- port_number = port.attributes["portid"].to_i
150
- port_state = case port.elements["state"].attributes["state"]
151
- when "open"
152
- true
153
- when "closed"
154
- false
155
- else
156
- nil
157
- end
158
- port_certainty = 0.9
159
-
160
- # This port was listed, so we don't need to handle it later
161
- host_ports_scanned[port_protocol].delete(port_number)
162
-
163
- print "\t#{port_number}/#{port_protocol}"
164
-
165
- # Insert port state into the DB
166
- port_state_id = @port_state.insert(host_state_id, port_protocol, port_number,
167
- port_state, port_certainty)
168
-
169
- # Only store service information for open ports
170
- if port_state
171
- service = port.elements["service"]
172
- service_name = service.attributes["name"]
173
- method = service.attributes["method"]
174
- service_certainty = 0.9 * ((service.attributes["conf"]).to_f / 10.0)
175
-
176
- service_product = service.attributes["product"]
177
- service_version = service.attributes["version"]
178
- service_extra_info = service.attributes["extrainfo"]
179
-
180
- service_str = ""
181
- if service_product
182
- service_str += "#{service_product}"
183
- end
184
- if service_version
185
- service_str += " #{service_version}"
186
- end
187
- if service_extra_info
188
- service_str += " #{service_extra_info}"
189
- end
190
-
191
- print " [#{service_name}: #{service_product} #{service_version} #{service_extra_info}]"
192
- print " (#{method}:#{service_certainty})"
193
-
194
- # Insert detected service into the DB
195
- @service_detection.insert(port_state_id,
196
- service_name, service_str, service_certainty)
197
- end
198
-
199
- print "\n"
200
- }
201
-
202
- # Handle extra ports that are "scanned but not listed"
203
- host_ports_scanned.keys.each {|port_protocol|
204
- host_ports_scanned[port_protocol].each {|port_number|
205
- # Insert port state into the DB
206
- port_certainty = 0.9
207
- port_state_id = @port_state.insert(host_state_id, port_protocol, port_number,
208
- extraports_state, port_certainty)
209
- }
210
- }
211
-
212
-
213
- # Parse and handle OS identification
214
- host.elements.each("os/osclass") {|os|
215
- os_vendor = os.attributes["vendor"]
216
- os_family = os.attributes["osfamily"]
217
- os_gen = os.attributes["osgen"]
218
- os_certainty = 0.9 * ((os.attributes["accuracy"]).to_f / 100.0)
219
-
220
- puts "#{os_vendor}: #{os_family} #{os_gen} (certainty: #{os_certainty})"
221
-
222
- # Insert detected OS into the DB
223
- @os_detection.insert(host_state_id,
224
- os_vendor, os_family, os_gen, os_certainty)
225
- }
226
- host.elements.each("os/osmatch") {|os|
227
- os_match = os.attributes["name"]
228
- os_certainty = 0.9 * ((os.attributes["accuracy"]).to_f / 100.0)
229
-
230
- puts "#{os_match} (certainty: #{os_certainty})"
231
- }
232
-
233
- puts ""
234
- end
235
- } # end nmaprun block
236
- } # end nmap_data block
237
- end
238
-
239
- end # class NmapDB
240
-
@@ -1,89 +0,0 @@
1
- # Copyright (2008) Sandia Corporation.
2
- # Under the terms of Contract DE-AC04-94AL85000 with Sandia Corporation,
3
- # the U.S. Government retains certain rights in this software.
4
- #
5
- # Original Author: Michael Berg, Sandia National Laboratories <mjberg@sandia.gov>
6
- # Modified By: Bryan T. Richardson, Sandia National Laboratories <btricha@sandia.gov>
7
- #
8
- # This library is free software; you can redistribute it and/or modify it
9
- # under the terms of the GNU Lesser General Public License as published by
10
- # the Free Software Foundation; either version 2.1 of the License, or (at
11
- # your option) any later version.
12
- #
13
- # This library is distributed in the hope that it will be useful, but WITHOUT
14
- # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15
- # FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
16
- # details.
17
- #
18
- # You should have received a copy of the GNU Lesser General Public License
19
- # along with this library; if not, write to the Free Software Foundation, Inc.,
20
- # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21
-
22
- require 'antfarm/common'
23
- require 'antfarm/node'
24
- require 'antfarm/layer3/ip'
25
-
26
- module Antfarm
27
-
28
- class IP_Path < AntfarmObject
29
-
30
- def initialize(db_handle, verbose = false)
31
- super(db_handle, verbose)
32
-
33
- @node_table = Node.new(db, verbose)
34
- @layer2_if_table = Layer2_Interface.new(db, verbose)
35
- @layer3_if_table = Layer3_Interface.new(db, verbose)
36
- @ip_net_table = IP_Network.new(db, verbose)
37
- @ip_if_table = IP_Interface.new(db, verbose)
38
- end
39
-
40
-
41
- def insert(addr_path)
42
- path = Array.new
43
- node_id_path = Array.new
44
-
45
- # Insert the nodes
46
- for addr in addr_path
47
- if addr
48
- iface = Hash.new
49
- # Insert IP address
50
- ip_if_id = @ip_if_table.insert(0.75, addr)
51
- # Get IP network and Node associated with the IP
52
- ip_net_id = @ip_if_table.layer3_network_having(ip_if_id)
53
- layer2_if_id = @ip_if_table.layer2_interface_having(ip_if_id)
54
- node_id = @layer2_if_table.node_having(layer2_if_id)
55
- # Store the needed information for the next step
56
- iface['ip_interface_id'] = ip_if_id
57
- iface['ip_network_id'] = ip_net_id
58
- iface['node_id'] = node_id
59
- path.push(iface)
60
- node_id_path.push(node_id)
61
- end
62
- end
63
-
64
- # Insert the edges
65
- for i in 0..(path.size - 2)
66
- u = path[i]
67
- v = path[i + 1]
68
- if u and v
69
- # Get nodes connected to the IP network
70
- connected_nodes = @ip_net_table.nodes_connected_to(v['ip_network_id'])
71
- unless connected_nodes.include?(u['node_id'])
72
- # Create a new Layer2_Interface for the Node
73
- layer2_if_id = @layer2_if_table.insert(CF_LACK_OF_PROOF, nil,
74
- u['node_id'])
75
- # Connect a new "unknown" Layer3_Interface that
76
- # is connected to the specified layer3_net_id
77
- @layer3_if_table.insert(CF_LACK_OF_PROOF, "IP",
78
- v['ip_network_id'], layer2_if_id)
79
-
80
- end
81
- end
82
- end
83
-
84
- return node_id_path
85
- end
86
-
87
- end # class NetworkPath
88
-
89
- end # module Antfarm