xettercap 1.5.7xerob

data/lib/bettercap/network/target.rb

@@ -0,0 +1,168 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Network
+# This class represents a target, namely a single endpoint device on the
+# network.
+class Target
+  # The IP address of this device.
+  attr_accessor :ip
+  # The MAC address of the device network interface.
+  attr_accessor :mac
+  # Network object.
+  attr_accessor :network
+  # Vendor of the device network interface if available.
+  attr_accessor :vendor
+  # NetBIOS hostname of the device if available OR interface name in case of
+  # local address.
+  attr_accessor :name
+  # True if the IP attribute of this target needs to be updated.
+  attr_accessor :ip_refresh
+
+  # Timeout in seconds for the NBNS hostname resolution request.
+  NBNS_TIMEOUT = 30
+  # UDP port for the NBNS hostname resolution request.
+  NBNS_PORT    = 137
+  # Buffer size for the NBNS hostname resolution request.
+  NBNS_BUFSIZE = 65536
+  # NBNS hostname resolution request buffer.
+  NBNS_REQUEST = "\x82\x28\x0\x0\x0\x1\x0\x0\x0\x0\x0\x0\x20\x43\x4B\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x0\x0\x21\x0\x1"
+
+  @@prefixes = nil
+  @@lock = Mutex.new
+
+  # Create a +Target+ object given its +ip+ and (optional) +mac+ address.
+  # The +ip+ argument could also be a MAC address itself, in this case the
+  # ip address will be parsed from the computer ARP cache and updated
+  # accordingly.
+  def initialize( ip, mac=nil, network=nil, name=nil )
+    if Network::Validator.is_ip?(ip)
+      @ip         = ip
+      @ip_refresh = false
+    elsif Network::Validator.is_mac?(ip)
+      @ip         = nil
+      mac         = ip
+      @ip_refresh = true
+    else
+      raise BetterCap::Error, "'#{ip}' is not a valid IP or MAC address."
+    end
+
+    @mac      = Target.normalized_mac(mac) unless mac.nil?
+    @vendor   = Target.lookup_vendor(@mac) unless mac.nil?
+    @name     = name
+    @network  = network
+    @resolver = Thread.new { resolve! } unless Context.get.options.core.no_target_nbns or @ip.nil? or !@network.nil?
+  end
+
+  # Return the integer representation of the +ip+ attribute which can be
+  # used for sorting a list of +Target+ objects+
+  def sortable_ip
+    @ip.split('.').inject(0) {|total,value| (total << 8 ) + value.to_i}
+  end
+
+  # Return true if both the ip and mac are not nil.
+  def spoofable?
+    ( !@ip.nil? and !@mac.nil? )
+  end
+
+  # +mac+ attribute setter, it will normalize the +value+ and perform
+  # a vendor lookup.
+  def mac=(value)
+    @mac = Target.normalized_mac(value)
+    @vendor = Target.lookup_vendor(@mac) unless @mac.nil?
+  end
+
+  # Return a verbose string representation of this object.
+  def to_s(padding=true)
+    address = @ip.nil?? '???' : @ip
+    fmt     = padding ? '%-15s : %-17s' : '%s : %s'
+    vendor  = @vendor.nil?? " ( ??? )" : " ( #{@vendor} )"
+
+    s = sprintf( fmt, address, @mac )
+    s += " / #{@name}" unless @name.nil?
+    s += vendor
+    s
+  end
+
+  # Return a compact string representation of this object.
+  def to_s_compact
+    return "#{@name}/#{@ip}" if @name
+    @ip
+  end
+
+  # Return true if this +Target+ is equal to the specified +ip+ and +mac+,
+  # otherwise return false.
+  def equals?(ip, mac = nil)
+    # compare by ip if no mac
+    return ( @ip == ip ) if mac.nil?
+    # false if no mac or if it's different
+    return false if @mac.nil? || ( @mac != mac )
+
+    ###Logger.info "Found IP #{ip} for target #{@mac}!" if @ip.nil?
+    @ip = ip
+    return true
+  end
+
+  def self.normalized_mac(v)
+    v.split(':').map { |e| e.size == 2 ? e.upcase : "0#{e.upcase}" }.join(':')
+  end
+
+private
+
+  # Attempt to perform a NBNS name resolution for this target.
+  def resolve!
+    resp, sock = nil, nil
+    begin
+      sock = UDPSocket.open
+      sock.send( NBNS_REQUEST, 0, @ip, NBNS_PORT )
+      resp = if select([sock], nil, nil, NBNS_TIMEOUT)
+        sock.recvfrom(NBNS_BUFSIZE)
+      end
+      if resp
+        @name = parse_nbns_response resp
+        ###Logger.info "Found NetBIOS name '#{@name}' for address #{@ip}"
+      end
+    rescue Exception => e
+      Logger.debug e
+    ensure
+      sock.close if sock
+    end
+  end
+
+  # Given the +resp+ NBNS response, parse the hostname from it.
+  def parse_nbns_response resp
+    resp[0][57,15].to_s.strip
+  end
+
+  # Lookup the given +mac+ address in order to find its vendor.
+  def self.lookup_vendor( mac )
+    @@lock.synchronize {
+      if @@prefixes.nil?
+        Logger.debug 'Preloading hardware vendor prefixes ...'
+
+        @@prefixes = {}
+        filename = File.dirname(__FILE__) + '/hw-prefixes'
+        File.open( filename ).each do |line|
+          if line =~ /^([A-F0-9]{6})\s(.+)$/
+            @@prefixes[$1] = $2
+          end
+        end
+      end
+    }
+
+    @@prefixes[ mac.split(':')[0,3].join('').upcase ]
+  end
+end
+end
+end

data/lib/bettercap/network/validator.rb

@@ -0,0 +1,96 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+module BetterCap
+module Network
+# Simple class to perform validation of various addresses, ranges, etc.
+class Validator
+  # Basic expression to validate an IP address.
+  IP_ADDRESS_REGEX = '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})'
+  # Quite self explainatory :)
+  IP_OCTECT_MAX    = 255
+
+  # Return true if +ip+ is a valid IP address, otherwise false.
+  def self.is_ip?(ip)
+    if /\A#{IP_ADDRESS_REGEX}\Z/ =~ ip.to_s
+      return $~.captures.all? { |i| i.to_i <= IP_OCTECT_MAX }
+    end
+    false
+  end
+
+  # Return true if +port+ is a valid port, otherwise false.
+  def self.is_valid_port?(port)
+    port ||= ""
+    return false if port.strip.empty?
+    return false unless port =~ /^[0-9]+$/
+    port = port.to_i
+    return ( port > 0 and port <= 65535 )
+  end
+
+  # Extract valid IP addresses from +data+ and yields each one of them.
+  def self.each_ip(data)
+    data.scan(/(#{IP_ADDRESS_REGEX})/).each do |m|
+      yield( m[0] ) if m[0] != '0.0.0.0'
+    end
+  end
+
+  # Return true if +r+ is a valid IP address range ( 192.168.1.1-93 ), otherwise false.
+  def self.is_range?(r)
+    if /\A#{IP_ADDRESS_REGEX}\-(\d{1,3})\Z/ =~ r.to_s
+      return $~.captures.all? { |i| i.to_i <= IP_OCTECT_MAX }
+    end
+    false
+  end
+
+  # Parse +r+ as an IP range and return the first and last IP.
+  def self.parse_range(r)
+    first, last_part = r.split('-')
+    last = first.split('.')[0..2].join('.') + ".#{last_part}"
+    first = IPAddr.new(first)
+    last  = IPAddr.new(last)
+
+    [ first, last ]
+  end
+
+  # Parse +r+ as an IP range and yields each address in it.
+  def self.each_in_range(r)
+    first, last = self.parse_range(r)
+    loop do
+      yield first.to_s
+      break if first == last
+      first = first.succ
+    end
+  end
+
+  # Parse +m+ as a netmask and yields each address in it.
+  def self.each_in_netmask(m)
+    IPAddr.new(m).to_range.each do |o|
+       yield o.to_s
+    end
+  end
+
+  # Return true if +n+ is a valid IP netmask range ( 192.168.1.1/24 ), otherwise false.
+  def self.is_netmask?(n)
+    if /\A#{IP_ADDRESS_REGEX}\/(\d+)\Z/ =~ n.to_s
+      return $~.captures.all? { |i| i.to_i <= IP_OCTECT_MAX }
+    end
+    false
+  end
+
+  # Return true if +mac+ is a valid MAC address, otherwise false.
+  def self.is_mac?(mac)
+    ( /^[a-f0-9]{1,2}\:[a-f0-9]{1,2}\:[a-f0-9]{1,2}\:[a-f0-9]{1,2}\:[a-f0-9]{1,2}\:[a-f0-9]{1,2}$/i =~ mac.to_s )
+  end
+end
+
+end
+end

data/lib/bettercap/options/core_options.rb

@@ -0,0 +1,197 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+
+class CoreOptions
+  # Network interface.
+  attr_accessor :iface
+  # Gateway IP address.
+  attr_accessor :gateway
+  # Comma separated list of targets.
+  attr_accessor :targets
+  # Comma separated list of ip addresses to ignore.
+  attr_accessor :ignore
+  # If false will disable active network discovery, the program will just use
+  # the current ARP cache.
+  attr_accessor :discovery
+  # If true, targets NBNS hostname resolution won't be performed.
+  attr_accessor :no_target_nbns
+  # Log file name.
+  attr_accessor :logfile
+  # If true the Logger will prepend timestamps to each line.
+  attr_accessor :log_timestamp
+  # If true will suppress every log message which is not an error or a warning.
+  attr_accessor :silent
+  # If true will enable debug messages.
+  attr_accessor :debug
+  # If different than 0, this time will be used as a delay while sending packets.
+  attr_accessor :packet_throttle
+  # If true, bettercap will check for updates then exit.
+  attr_accessor :check_updates
+  # If not nil, the interface MAC address will be changed to this value.
+  attr_accessor :use_mac
+
+  def initialize( iface )
+    @iface           = iface
+    @gateway         = nil
+    @targets         = nil
+    @logfile         = nil
+    @log_timestamp   = false
+    @silent          = false
+    @debug           = false
+    @ignore          = nil
+    @discovery       = true
+    @no_target_nbns  = false
+    @packet_throttle = 0.0
+    @check_updates   = false
+    @use_mac         = nil
+  end
+
+  def parse!( ctx, opts )
+    opts.separator ""
+    opts.separator "MAIN:".bold
+    opts.separator ""
+
+    opts.on( '-I', '--interface IFACE', 'Network interface name - default: ' + @iface.to_s.yellow ) do |v|
+      @iface = v
+    end
+
+    opts.on( '--use-mac ADDRESS', 'Change the interface MAC address to this value before performing the attack.' ) do |v|
+      @use_mac = v
+      raise BetterCap::Error, "Invalid MAC address specified." unless Network::Validator.is_mac?(@use_mac)
+    end
+
+    opts.on( '--random-mac', 'Change the interface MAC address to a random one before performing the attack.' ) do |v|
+      @use_mac = [format('%0.2x', rand(256) & ~1), (1..5).map { format('%0.2x', rand(256)) }].join(':')
+    end
+
+    opts.on( '-G', '--gateway ADDRESS', 'Manually specify the gateway address, if not specified the current gateway will be retrieved and used. ' ) do |v|
+      @gateway = v
+      raise BetterCap::Error, "The specified gateway '#{v}' is not a valid IPv4 address." unless Network::Validator.is_ip?(v)
+    end
+
+    opts.on( '-T', '--target ADDRESS1,ADDRESS2', 'Target IP addresses, if not specified the whole subnet will be targeted.' ) do |v|
+      self.targets = v
+    end
+
+    opts.on( '--ignore ADDRESS1,ADDRESS2', 'Ignore these addresses if found while searching for targets.' ) do |v|
+      self.ignore = v
+    end
+
+    opts.on( '--no-discovery', "Do not actively search for hosts, just use the current ARP cache, default to #{'false'.yellow}." ) do
+      @discovery = false
+    end
+
+    opts.on( '--no-target-nbns', 'Disable target NBNS hostname resolution.' ) do
+      @no_target_nbns = true
+    end
+
+    opts.on( '--packet-throttle NUMBER', 'Number of seconds ( can be a decimal number ) to wait between each packet to be sent.' ) do |v|
+      @packet_throttle = v.to_f
+      raise BetterCap::Error, "Invalid packet throttle value specified." if @packet_throttle <= 0.0
+    end
+
+    opts.on( '--check-updates', 'Will check if any update is available and then exit.' ) do
+      @check_updates = true
+    end
+
+    opts.on( '-h', '--help', 'Display the available options.') do
+      puts opts
+      puts "\nFor examples & docs please visit " + "http://bettercap.org/docs/".bold
+      exit
+    end
+
+    opts.separator ""
+    opts.separator "LOGGING:".bold
+    opts.separator ""
+
+    opts.on( '-O', '--log LOG_FILE', 'Log all messages into a file, if not specified the log messages will be only print into the shell.' ) do |v|
+      @logfile = v
+    end
+
+    opts.on( '--log-timestamp', 'Enable logging with timestamps for each line, disabled by default.' ) do
+      @log_timestamp = true
+    end
+
+    opts.on( '-D', '--debug', 'Enable debug logging.' ) do
+      @debug = true
+    end
+
+    opts.on( '--silent', "Suppress every message which is not an error or a warning, default to #{'false'.yellow}." ) do
+      @silent = true
+    end
+
+  end
+
+  def validate!
+    raise BetterCap::Error, 'This software must run as root.' unless Process.uid == 0
+    raise BetterCap::Error, 'No default interface found, please specify one with the -I argument.' if @iface.nil?
+  end
+
+  # Return true if active host discovery is enabled, otherwise false.
+  def discovery?
+    ( @discovery and @targets.nil? )
+  end
+
+  # Split specified targets and parse them ( either as IP or MAC ), will raise a
+  # BetterCap::Error if one or more invalid addresses are specified.
+  def targets=(value)
+    @targets = []
+
+    value.split(",").each do |t|
+      if Network::Validator.is_ip?(t) or Network::Validator.is_mac?(t)
+        @targets << Network::Target.new(t)
+
+      elsif Network::Validator.is_range?(t)
+        Network::Validator.each_in_range( t ) do |address|
+          @targets << Network::Target.new(address)
+        end
+
+      elsif Network::Validator.is_netmask?(t)
+        Network::Validator.each_in_netmask(t) do |address|
+          @targets << Network::Target.new(address)
+        end
+
+      else
+        raise BetterCap::Error, "Invalid target specified '#{t}', valid formats are IP addresses, "\
+                                "MAC addresses, IP ranges ( 192.168.1.1-30 ) or netmasks ( 192.168.1.1/24 ) ."
+      end
+    end
+  end
+
+  # Setter for the #ignore attribute, will raise a BetterCap::Error if one
+  # or more invalid IP addresses are specified.
+  def ignore=(value)
+    @ignore = value.split(",")
+    valid   = @ignore.select { |target| Network::Validator.is_ip?(target) }
+
+    raise BetterCap::Error, "Invalid ignore addresses specified." if valid.empty?
+
+    invalid = @ignore - valid
+    invalid.each do |target|
+      Logger.warn "Not a valid address: #{target}"
+    end
+
+    @ignore = valid
+
+    Logger.warn "Ignoring #{valid.join(", ")} ."
+  end
+
+  # Return true if the +ip+ address needs to be ignored, otherwise false.
+  def ignore_ip?(ip)
+    !@ignore.nil? and @ignore.include?(ip)
+  end
+end
+
+end

data/lib/bettercap/options/options.rb

@@ -0,0 +1,165 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+# Parse command line arguments, set options and initialize +Context+
+# accordingly.
+class Options
+  # Core options
+  attr_reader :core
+  # Spoofing related options.
+  attr_reader :spoof
+  # Sniffing related options.
+  attr_reader :sniff
+  # Proxies related options.
+  attr_reader :proxies
+  # Misc servers related options.
+  attr_reader :servers
+
+  # Create a BetterCap::Options class instance using the specified network interface.
+  def initialize( iface )
+    @core    = CoreOptions.new iface
+    @spoof   = SpoofOptions.new
+    @sniff   = SniffOptions.new
+    @proxies = ProxyOptions.new
+    @servers = ServerOptions.new
+  end
+
+  # Initialize the BetterCap::Context, parse command line arguments and update program
+  # state accordingly.
+  # Will rise a BetterCap::Error if errors occurred.
+  def self.parse!
+    ctx = Context.get
+
+    OptionParser.new do |opts|
+      opts.version = BetterCap::VERSION
+      opts.banner = "Usage: bettercap [options]"
+
+      ctx.options.core.parse!( ctx, opts )
+      ctx.options.spoof.parse!( ctx, opts )
+      ctx.options.sniff.parse!( ctx, opts )
+      ctx.options.proxies.parse!( ctx, opts )
+      ctx.options.servers.parse!( ctx, opts )
+
+    end.parse!
+
+    # Initialize logging system.
+    Logger.init( ctx )
+
+    if ctx.options.core.check_updates
+      UpdateChecker.check
+      exit
+    end
+
+    # Validate options.
+    ctx.options.validate!( ctx )
+    # Load firewall instance, network interface informations and detect the
+    # gateway address.
+    ctx.update!
+
+    ctx
+  end
+
+  def validate!( ctx )
+    @core.validate!
+    @proxies.validate!( ctx )
+    # Print starting message.
+    starting_message
+  end
+
+  def need_gateway?
+    ( @core.discovery? or @spoof.enabled? )
+  end
+
+  # Helper method to create a Firewalls::Redirection object.
+  def redir( address, port, to, proto = 'TCP' )
+    Firewalls::Redirection.new( @core.iface, proto, nil, port, address, to )
+  end
+
+  # Helper method to create a Firewalls::Redirection object for a single address ( +from+ ).
+  def redir_single( from, address, port, to, proto = 'TCP' )
+    Firewalls::Redirection.new( @core.iface, proto, from, port, address, to )
+  end
+
+  # Create a list of BetterCap::Firewalls::Redirection objects which are needed
+  # given the specified command line arguments.
+  def get_redirections iface
+    redirections = []
+
+    if @servers.dnsd or @proxies.sslstrip?
+      redirections << redir( iface.ip, 53, @servers.dnsd_port )
+      redirections << redir( iface.ip, 53, @servers.dnsd_port, 'UDP' )
+    end
+
+    if @proxies.proxy
+      @proxies.http_ports.each do |port|
+        if @proxies.proxy_upstream_address.nil?
+          redirections << redir( iface.ip, port, @proxies.proxy_port )
+        else
+          redirections << redir_single( @proxies.proxy_upstream_address, iface.ip, port, @proxies.proxy_port )
+        end
+      end
+    end
+
+    if @proxies.proxy_https
+      @proxies.https_ports.each do |port|
+        if @proxies.proxy_upstream_address.nil?
+          redirections << redir( iface.ip, port, @proxies.proxy_https_port )
+        else
+          redirections << redir_single( @proxies.proxy_upstream_address, iface.ip, port, @proxies.proxy_port )
+        end
+      end
+    end
+
+    if @proxies.tcp_proxy
+      redirections << redir_single( @proxies.tcp_proxy_upstream_address, iface.ip, @proxies.tcp_proxy_upstream_port, @proxies.tcp_proxy_port )
+    end
+
+    if @proxies.custom_proxy
+      @proxies.http_ports.each do |port|
+        redirections << redir( @proxies.custom_proxy, port, @proxies.custom_proxy_port )
+      end
+    end
+
+    if @proxies.custom_https_proxy
+      @proxies.https_ports.each do |port|
+        redirections << redir( @proxies.custom_https_proxy, port, @proxies.custom_https_proxy_port )
+      end
+    end
+
+    @proxies.custom_redirections.each do |r|
+      redirections << redir( iface.ip, r[:from], r[:to], r[:proto] )
+    end
+
+    redirections
+  end
+
+  # Print the starting status message.
+  def starting_message
+    on     = '✔'.green
+    off    = '✘'.red
+    status = {
+      'spoofing'    => ( @spoof.enabled?  ? on : off ),
+      'discovery'   => ( @core.discovery? ? on : off ),
+      'sniffer'     => ( @sniff.enabled?  ? on : off ),
+      'tcp-proxy'   => ( @proxies.tcp_proxy ? on : off ),
+      'http-proxy'  => ( @proxies.proxy ? on : off ),
+      'https-proxy' => ( @proxies.proxy_https ? on : off ),
+      'sslstrip'    => ( @proxies.sslstrip? ? on : off ),
+      'http-server' => ( @servers.httpd ? on : off ),
+      'dns-server'  => ( @proxies.sslstrip? or @servers.dnsd ? on : off )
+    }
+
+  end
+end
+end