bettercap 1.1.1 → 1.1.2

data/lib/bettercap/discovery/arp.rb

@@ -12,9 +12,11 @@ This project is released under the GPL 3 license.
 require 'bettercap/logger'
 require 'bettercap/shell'
 require 'bettercap/target'
+require 'bettercap/discovery/base'
 
 # Parse the ARP table searching for new hosts.
-class ArpAgent
+class ArpAgent < BaseAgent
+
   def self.parse( ctx )
     arp     = Shell.arp
     targets = []
@@ -24,7 +26,7 @@ class ArpAgent
     arp.split("\n").each do |line|
       m = /[^\s]+\s+\(([0-9\.]+)\)\s+at\s+([a-f0-9:]+).+#{ctx.ifconfig[:iface]}.*/i.match(line)
       if !m.nil?
-        if m[1] != ctx.gateway and m[1] != ctx.iface[:ip_saddr] and m[2] != 'ff:ff:ff:ff:ff:ff'
+        if m[1] != ctx.gateway and m[1] != ctx.ifconfig[:ip_saddr] and m[2] != 'ff:ff:ff:ff:ff:ff'
           target = Target.new( m[1], m[2] )
           targets << target
           Logger.debug "FOUND  #{target}"
@@ -34,4 +36,18 @@ class ArpAgent
 
     targets
   end
+
+  private
+
+  def send_probe( ip )
+    pkt = PacketFu::ARPPacket.new
+
+    pkt.eth_saddr     = pkt.arp_saddr_mac = @ifconfig[:eth_saddr]
+    pkt.eth_daddr     = 'ff:ff:ff:ff:ff:ff'
+    pkt.arp_daddr_mac = '00:00:00:00:00:00'
+    pkt.arp_saddr_ip  = @ifconfig[:ip_saddr]
+    pkt.arp_daddr_ip  = ip
+
+    pkt.to_w( @ifconfig[:iface] )
+  end
 end

data/lib/bettercap/discovery/base.rb

@@ -0,0 +1,64 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+require 'bettercap/logger'
+
+# Base class for discovery agents.
+class BaseAgent
+  def initialize( ifconfig, gw_ip, local_ip )
+    @local_ip = local_ip
+    @ifconfig = ifconfig
+    @queue    = Queue.new
+
+    net = ip = @ifconfig[:ip4_obj]
+
+    # loop each ip in our subnet and push it to the queue
+    while net.include?ip
+      # rescanning the gateway could cause an issue when the
+      # gateway itself has multiple interfaces ( LAN, WAN ... )
+      if ip != gw_ip and ip != local_ip
+        @queue.push ip
+      end
+
+      ip = ip.succ
+    end
+
+    # spawn the workers! ( tnx to https://blog.engineyard.com/2014/ruby-thread-pool )
+    @workers = (0...4).map do
+      Thread.new do
+        begin
+          while ip = @queue.pop(true)
+            Logger.debug "#{self.class.name} : Probing #{ip} ..."
+
+            send_probe ip.to_s
+          end
+        rescue Exception => e
+          Logger.debug "#{self.class.name} : #{ip} -> #{e.message}"
+        end
+      end
+    end
+  end
+
+  def wait
+    begin
+      @workers.map(&:join)
+    rescue Exception => e
+      Logger.debug "#{self.class.name}.wait: #{e.message}"
+    end
+  end
+
+  private
+
+  def send_probe( ip )
+    Logger.warn "#{self.class.name} not implemented!"
+  end
+end
+

data/lib/bettercap/discovery/icmp.rb

@@ -16,15 +16,15 @@ require 'bettercap/factories/firewall_factory'
 # Send a broadcast ping trying to filling the ARP table.
 class IcmpAgent
   def initialize( timeout = 5 )
-    @thread = Thread.new do
+    @thread = Thread.new {
       FirewallFactory.get_firewall.enable_icmp_bcast(true)
 
       if RUBY_PLATFORM =~ /darwin/
         ping = Shell.execute("ping -i #{timeout} -c 2 255.255.255.255")
-      elsif RUBY_PLATFORM =~ /linux/      
+      elsif RUBY_PLATFORM =~ /linux/
         ping = Shell.execute("ping -i #{timeout} -c 2 -b 255.255.255.255")
       end
-    end
+    }
   end
 
   def wait

data/lib/bettercap/discovery/syn.rb

@@ -9,57 +9,13 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/logger'
+require 'bettercap/discovery/base'
 
 # Send SYN probes trying to filling the ARP table.
-class SynAgent
-  def initialize( ifconfig, gw_ip, local_ip )
-    @local_ip = local_ip
-    @ifconfig = ifconfig
-    @queue    = Queue.new
-
-    net = ip = @ifconfig[:ip4_obj]
-
-    # loop each ip in our subnet and push it to the queue    
-    while net.include?ip
-      # rescanning the gateway could cause an issue when the 
-      # gateway itself has multiple interfaces ( LAN, WAN ... )
-      if ip != gw_ip and ip != local_ip
-        @queue.push ip
-      end
-
-      ip = ip.succ
-    end
-
-    # spawn the workers! ( tnx to https://blog.engineyard.com/2014/ruby-thread-pool )
-    @workers = (0...4).map do
-      Thread.new do
-        begin
-          while ip = @queue.pop(true)
-            Logger.debug "SYN Probing #{ip} ..."
-
-            pkt = get_packet ip.to_s
-
-            pkt.to_w( @ifconfig[:iface] )
-          end
-        rescue Exception => e
-          Logger.debug "#{ip} -> #{e.message}"
-        end
-      end
-    end
-  end
-
-  def wait
-    begin
-      @workers.map(&:join)
-    rescue Exception => e
-      Logger.debug "SynAgent.wait: #{e.message}"
-    end
-  end
-
+class SynAgent < BaseAgent
   private
 
-  def get_packet( destination )
+  def send_probe( ip )
     pkt = PacketFu::TCPPacket.new
     pkt.ip_v      = 4
     pkt.ip_hl     = 5
@@ -69,7 +25,7 @@ class SynAgent
     pkt.ip_ttl    = 115
     pkt.ip_proto  = 6	# TCP
     pkt.ip_saddr  = @local_ip
-    pkt.ip_daddr  = destination
+    pkt.ip_daddr  = ip
     pkt.payload   = "\xC\x0\xF\xF\xE\xE"
     pkt.tcp_flags.ack  = 0
     pkt.tcp_flags.fin  = 0
@@ -82,7 +38,8 @@ class SynAgent
     pkt.tcp_hlen       = 5
     pkt.tcp_dst        = rand(1024..65535)
     pkt.recalc
-    pkt
+
+    pkt.to_w( @ifconfig[:iface] )
   end
 end
 

data/lib/bettercap/discovery/udp.rb

@@ -9,66 +9,31 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/logger'
+require 'bettercap/discovery/base'
 
 # Send UDP probes trying to filling the ARP table.
-class UdpAgent
-  def initialize( ifconfig, gw_ip, local_ip )
-    @ifconfig = ifconfig
-    @port = 137
-    @message =
-      "\x82\x28\x00\x00\x00" +
-      "\x01\x00\x00\x00\x00" +
-      "\x00\x00\x20\x43\x4B" +
-      "\x41\x41\x41\x41\x41" +
-      "\x41\x41\x41\x41\x41" +
-      "\x41\x41\x41\x41\x41" +
-      "\x41\x41\x41\x41\x41" +
-      "\x41\x41\x41\x41\x41" +
-      "\x41\x41\x41\x41\x41" +
-      "\x00\x00\x21\x00\x01"
-
-    @queue = Queue.new
-
-    net = ip = @ifconfig[:ip4_obj]
-
-    # loop each ip in our subnet and push it to the queue    
-    while net.include?ip
-      # rescanning the gateway could cause an issue when the 
-      # gateway itself has multiple interfaces ( LAN, WAN ... )
-      if ip != gw_ip and ip != local_ip
-        @queue.push ip
-      end
-
-      ip = ip.succ
-    end
-
-    # spawn the workers! ( tnx to https://blog.engineyard.com/2014/ruby-thread-pool )
-    @workers = (0...4).map do
-      Thread.new do
-        begin
-          while ip = @queue.pop(true)
-            Logger.debug "Probing #{ip} ..."
-
-            # send netbios udp packet, just to fill ARP table            
-            sd = UDPSocket.new
-            sd.send( @message, 0, ip.to_s, @port )
-            sd = nil
-            # TODO: Parse response for hostname?
-          end
-        rescue Exception => e
-          Logger.debug "#{ip} -> #{e.message}"
-        end
-      end
-    end
-  end
-
-  def wait
-    begin
-      @workers.map(&:join) 
-    rescue Exception => e
-      Logger.debug "UdpAgent.wait: #{e.message}"
-    end
+class UdpAgent < BaseAgent
+  private
+
+  def send_probe( ip )
+    port = 137
+    message =
+        "\x82\x28\x00\x00\x00" +
+        "\x01\x00\x00\x00\x00" +
+        "\x00\x00\x20\x43\x4B" +
+        "\x41\x41\x41\x41\x41" +
+        "\x41\x41\x41\x41\x41" +
+        "\x41\x41\x41\x41\x41" +
+        "\x41\x41\x41\x41\x41" +
+        "\x41\x41\x41\x41\x41" +
+        "\x41\x41\x41\x41\x41" +
+        "\x00\x00\x21\x00\x01"
+
+    # send netbios udp packet, just to fill ARP table
+    sd = UDPSocket.new
+    sd.send( message, 0, ip.to_s, port )
+    sd = nil
+    # TODO: Parse response for hostname?
   end
 end
 

data/lib/bettercap/factories/firewall_factory.rb

@@ -16,7 +16,7 @@ require 'bettercap/firewalls/linux'
 class FirewallFactory
   @@instance = nil
 
-  def FirewallFactory.get_firewall
+  def self.get_firewall
     return @@instance unless @@instance.nil?
 
     if RUBY_PLATFORM =~ /darwin/

data/lib/bettercap/factories/parser_factory.rb

@@ -16,38 +16,40 @@ require 'bettercap/logger'
 class ParserFactory
   @@path = File.dirname(__FILE__) + '/../sniffer/parsers/'
 
-  def ParserFactory.available
-    avail = []
-    Dir.foreach( @@path ) do |file|
-      if file =~ /.rb/ and file != 'base.rb'
-        avail << file.gsub('.rb','').upcase
+  class << self
+    def available
+      avail = []
+      Dir.foreach( @@path ) do |file|
+        if file =~ /.rb/ and file != 'base.rb'
+          avail << file.gsub('.rb','').upcase
+        end
       end
+      avail
     end
-    avail
-  end
 
-  def ParserFactory.from_cmdline(v)
-    avail = ParserFactory.available
-    list = v.split(',').collect(&:strip).collect(&:upcase).reject{ |c| c.empty? }
-    list.each do |parser|
-        raise BetterCap::Error, "Invalid parser name '#{parser}'." unless avail.include?(parser) or parser == '*'
+    def from_cmdline(v)
+      avail = available
+      list = v.split(',').collect(&:strip).collect(&:upcase).reject{ |c| c.empty? }
+      list.each do |parser|
+          raise BetterCap::Error, "Invalid parser name '#{parser}'." unless avail.include?(parser) or parser == '*'
+      end
+      list
     end
-    list
-  end
 
-  def ParserFactory.load_by_names(parsers)
-    loaded = []
-    Dir.foreach( @@path ) do |file|
-      cname = file.gsub('.rb','').upcase        
-      if file =~ /.rb/ and file != 'base.rb' and ( parsers.include?(cname) or parsers == ['*'] )
-        Logger.debug "Loading parser #{cname} ..."
-          
-        require_relative "#{@@path}#{file}"
-        
-        loaded << Kernel.const_get("#{cname.capitalize}Parser").new
+    def ParserFactory.load_by_names(parsers)
+      loaded = []
+      Dir.foreach( @@path ) do |file|
+        cname = file.gsub('.rb','').upcase
+        if file =~ /.rb/ and file != 'base.rb' and ( parsers.include?(cname) or parsers == ['*'] )
+          Logger.debug "Loading parser #{cname} ..."
+
+          require_relative "#{@@path}#{file}"
+
+          loaded << Kernel.const_get("#{cname.capitalize}Parser").new
+        end
       end
+      loaded
     end
-    loaded
   end
 end
 

data/lib/bettercap/factories/spoofer_factory.rb

@@ -12,25 +12,31 @@ This project is released under the GPL 3 license.
 require 'bettercap/error'
 
 class SpooferFactory
-  def SpooferFactory.available
-    avail = []
-    Dir.foreach( File.dirname(__FILE__) + '/../spoofers/') do |file|
-      if file =~ /.rb/
-        avail << file.gsub('.rb','').upcase
+  class << self
+    def available
+      avail = []
+      Dir.foreach( File.dirname(__FILE__) + '/../spoofers/') do |file|
+        if file =~ /.rb/
+          avail << file.gsub('.rb','').upcase
+        end
       end
+      avail
     end
-    avail
-  end
 
-  def SpooferFactory.get_by_name(name)
-    avail = SpooferFactory.available
+    def get_by_name(name)
+      raise BetterCap::Error, "Invalid spoofer name '#{name}'!" unless available? name
+
+      name.downcase!
 
-    raise BetterCap::Error, "Invalid spoofer name '#{name}'!" unless avail.include? name
+      require_relative "../spoofers/#{name}"
 
-    name.downcase!
+      Kernel.const_get("#{name.capitalize}Spoofer").new
+    end
 
-    require_relative "../spoofers/#{name}"
+    private
 
-    Kernel.const_get("#{name.capitalize}Spoofer").new
+    def available?(name)
+      available.include?(name)
+    end
   end
 end

data/lib/bettercap/firewalls/linux.rb

@@ -14,23 +14,15 @@ require 'bettercap/shell'
 
 class LinuxFirewall < IFirewall
   def enable_forwarding(enabled)
-    if enabled then
-      Shell.execute('echo 1 > /proc/sys/net/ipv4/ip_forward')
-    else
-      Shell.execute('echo 0 > /proc/sys/net/ipv4/ip_forward')
-    end
+    Shell.execute("echo #{enabled ? 1 : 0} > /proc/sys/net/ipv4/ip_forward")
   end
 
   def forwarding_enabled?
     Shell.execute('cat /proc/sys/net/ipv4/ip_forward').strip == '1'
   end
-  
+
   def enable_icmp_bcast(enabled)
-    if enabled then
-      Shell.execute('echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts')       
-    else
-      Shell.execute('echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts')
-    end
+    Shell.execute("echo #{enabled ? 0 : 1} > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts")
   end
 
   def add_port_redirection( iface, proto, from, addr, to )

data/lib/bettercap/firewalls/osx.rb

@@ -14,34 +14,21 @@ require 'bettercap/shell'
 
 class OSXFirewall < IFirewall
   def enable_forwarding(enabled)
-    if enabled then
-      Shell.execute('sysctl -w net.inet.ip.forwarding=1')
-    else
-      Shell.execute('sysctl -w net.inet.ip.forwarding=0')
-    end
+    Shell.execute("sysctl -w net.inet.ip.forwarding=#{enabled ? 1 : 0}")
   end
 
   def enable_icmp_bcast(enabled)
-    if enabled then
-      Shell.execute('sysctl -w net.inet.icmp.bmcastecho=1') 
-    else
-      Shell.execute('sysctl -w net.inet.icmp.bmcastecho=0')       
-    end
+    Shell.execute("sysctl -w net.inet.icmp.bmcastecho=#{enabled ? 1 : 0}")
   end
 
-  def forwarding_enabled?()
+  def forwarding_enabled?
     Shell.execute('sysctl net.inet.ip.forwarding').strip.split(' ')[1] == '1'
   end
 
   def enable(enabled)
     begin
-      if enabled
-        Shell.execute('pfctl -e >/dev/null 2>&1')
-      else
-        Shell.execute('pfctl -d >/dev/null 2>&1')
-      end
-    rescue
-    end
+      Shell.execute("pfctl -#{enabled ? ?e : ?d} >/dev/null 2>&1")
+    rescue; end
   end
 
   def add_port_redirection( iface, proto, from, addr, to )