c_meyer/SpyGuard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First commit!

Browse Source
This commit is contained in:
sda
2022-11-06 15:51:33 +01:00
parent 283cf9630f
commit 64daa44e9f
225 changed files with 94329 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/frontend/app/__init__.py Executable file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from sqlalchemy import create_engine, MetaData, Table
from sqlalchemy.orm import scoped_session, mapper
from sqlalchemy.orm.session import sessionmaker
import sys
parent = "/".join(sys.path[0].split("/")[:-2])
engine = create_engine('sqlite:////{}/database.sqlite3'.format(parent), convert_unicode=True)
metadata = MetaData(bind=engine)
session = scoped_session(sessionmaker(autocommit=False, autoflush=False, bind=engine))
class Model(object):
query = session.query_property()

29
server/frontend/app/blueprints/analysis.py Executable file
View File

@ -0,0 +1,29 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import re
import os
import json
import sys
from flask import Blueprint, jsonify
from app.classes.analysis import Analysis
import subprocess as sp
import json
analysis_bp = Blueprint("analysis", __name__)
@analysis_bp.route("/start/<token>", methods=["GET"])
def api_start_analysis(token):
"""
Start an analysis
"""
return jsonify(Analysis(token).start())
@analysis_bp.route("/report/<token>", methods=["GET"])
def api_report_analysis(token):
"""
Get the report of an analysis
"""
return jsonify(Analysis(token).get_report())

26
server/frontend/app/blueprints/capture.py Executable file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from flask import jsonify, Blueprint
from app.classes.capture import Capture
capture = Capture()
capture_bp = Blueprint("capture", __name__)
@capture_bp.route("/start", methods=["GET"])
def api_capture_start():
""" Start the capture """
return jsonify(capture.start_capture())
@capture_bp.route("/stop", methods=["GET"])
def api_capture_stop():
""" Stop the capture """
return jsonify(capture.stop_capture())
@capture_bp.route("/stats", methods=["GET"])
def api_capture_stats():
""" Stop the capture """
return jsonify(capture.get_capture_stats())

13
server/frontend/app/blueprints/device.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from flask import jsonify, Blueprint
from app.classes.device import Device
device_bp = Blueprint("device", __name__)
@device_bp.route("/get/<token>", methods=["GET"])
def api_device_get(token):
""" Get device assets """
return jsonify(Device(token).get())

90
server/frontend/app/blueprints/misc.py Executable file
View File

@ -0,0 +1,90 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import subprocess as sp
from flask import Blueprint, jsonify
from app.utils import *
from app.classes.capture import stop_monitoring
import re
import sys
import os
misc_bp = Blueprint("misc", __name__)
@misc_bp.route("/delete-captures", methods=["GET"])
def api_delete_captures():
"""
Delete the zombies capture folders (if any)
"""
if delete_captures() and stop_monitoring():
return jsonify({"message": "Captures deleted", "status": True})
else:
return jsonify({"message": "Issue while removing captures", "status": False})
@misc_bp.route("/reboot", methods=["GET"])
def api_reboot():
"""
Reboot the device
"""
if read_config(("frontend", "reboot_option")):
sp.Popen("shutdown -r now", shell=True)
return jsonify({"mesage": "Let's reboot."})
else:
return jsonify({"message": "Option disabled", "status": False})
@misc_bp.route("/quit", methods=["GET"])
def api_quit():
"""
Quit the interface (Chromium browser)
"""
if read_config(("frontend", "quit_option")):
sp.Popen('pkill -INT -f "chromium-browser"', shell=True)
return jsonify({"message": "Let's quit", "status": True})
else:
return jsonify({"message": "Option disabled", "status": False})
@misc_bp.route("/shutdown", methods=["GET"])
def api_shutdown():
"""
Reboot the device
"""
if read_config(("frontend", "shutdown_option")):
sp.Popen("shutdown -h now", shell=True)
return jsonify({"message": "Let's shutdown", "status": True})
else:
return jsonify({"message": "Option disabled", "status": False})
@misc_bp.route("/config", methods=["GET"])
def get_config():
"""
Get configuration keys relative to the GUI
"""
return jsonify({
"battery_level" : get_battery_level(),
"wifi_level" : get_wifi_level(),
"virtual_keyboard": read_config(("frontend", "virtual_keyboard")),
"download_links": read_config(("frontend", "download_links")),
"sparklines": read_config(("frontend", "sparklines")),
"shutdown_option": read_config(("frontend", "shutdown_option")),
"backend_option": read_config(("frontend", "backend_option")),
"remote_backend" : read_config(("backend", "remote_access")),
"iface_out": read_config(("network", "out")),
"user_lang": read_config(("frontend", "user_lang")),
"choose_net": read_config(("frontend", "choose_net")),
"slideshow": read_config(("frontend", "slideshow")),
"iocs_number" : get_iocs_number()
})
@misc_bp.route("/battery", methods=["GET"])
def battery_level():
"""
Return the battery level
"""
return jsonify({
"battery_level" : get_battery_level()
})

36
server/frontend/app/blueprints/network.py Executable file
View File

@ -0,0 +1,36 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from flask import Blueprint, jsonify, request
from app.classes.network import Network
network = Network()
network_bp = Blueprint("network", __name__)
@network_bp.route("/status", methods=["GET"])
def api_network_status():
""" Get the network status of eth0, wlan0 """
return jsonify(network.check_status())
@network_bp.route("/wifi/list", methods=["GET"])
def api_get_wifi_list():
""" List available WIFI networks """
return jsonify(network.wifi_list_networks())
@network_bp.route("/wifi/setup", methods=["POST", "OPTIONS"])
def api_set_wifi():
""" Set an access point and a password """
if request.method == "POST":
data = request.get_json()
res = network.wifi_setup(data["ssid"], data["password"])
return jsonify(res)
else:
return ""
@network_bp.route("/ap/start", methods=["GET"])
def api_start_ap():
""" Start an access point """
return jsonify(network.start_hotspot())

21
server/frontend/app/blueprints/save.py Executable file
View File

@ -0,0 +1,21 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from flask import Blueprint, jsonify, request
from app.classes.save import Save
from app.classes.device import Device
save = Save()
save_bp = Blueprint("save", __name__)
@save_bp.route("/usb-check", methods=["GET"])
def api_usb_list():
""" List connected usb devices """
return save.usb_check()
@save_bp.route("/save-capture/<token>/<method>", methods=["GET"])
def api_save_capture(token, method):
""" Save the capture on the USB or for download """
return save.save_capture(token, method)

78
server/frontend/app/classes/analysis.py Executable file
View File

@ -0,0 +1,78 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import subprocess as sp
import json
import sys
import re
import os
class Analysis(object):
def __init__(self, token):
self.token = token if re.match(r"[A-F0-9]{8}", token) else None
def start(self) -> dict:
"""Start the analysis of the captured communication by lauching
analysis.py with the capture token as a paramater.
Returns:
dict: operation status
"""
if self.token is not None:
parent = "/".join(sys.path[0].split("/")[:-2])
sp.Popen(
[sys.executable, "{}/analysis/analysis.py".format(parent), "/tmp/{}".format(self.token)])
return {"status": True,
"message": "Analysis started",
"token": self.token}
else:
return {"status": False,
"message": "Bad token provided",
"token": "null"}
def get_report(self) -> dict:
"""Generate a small json report of the analysis
containing the alerts and the device properties.
Returns:
dict: alerts, pcap and device info.
"""
device, alerts, pcap = {}, {}, {}
# Getting device configuration.
if os.path.isfile("/tmp/{}/assets/device.json".format(self.token)):
with open("/tmp/{}/assets/device.json".format(self.token), "r") as f:
device = json.load(f)
# Getting pcap infos.
if os.path.isfile("/tmp/{}/assets/capinfos.json".format(self.token)):
with open("/tmp/{}/assets/capinfos.json".format(self.token), "r") as f:
pcap = json.load(f)
# Getting alerts configuration.
if os.path.isfile("/tmp/{}/assets/alerts.json".format(self.token)):
with open("/tmp/{}/assets/alerts.json".format(self.token), "r") as f:
alerts = json.load(f)
# Getting detection methods.
if os.path.isfile("/tmp/{}/assets/detection_methods.json".format(self.token)):
with open("/tmp/{}/assets/detection_methods.json".format(self.token), "r") as f:
methods = json.load(f)
# Getting records.
if os.path.isfile("/tmp/{}/assets/records.json".format(self.token)):
with open("/tmp/{}/assets/records.json".format(self.token), "r") as f:
records = json.load(f)
if device != {} and alerts != {}:
return {"alerts": alerts,
"device": device,
"methods": methods,
"pcap": pcap,
"records": records}
else:
return {"message": "No report yet"}

161
server/frontend/app/classes/capture.py Executable file
View File

@ -0,0 +1,161 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import subprocess as sp
from app.utils import stop_monitoring, read_config, get_iocs, get_device_uuid
from app.classes.network import Network
from os import mkdir, path, chmod
import sys
import json
import random
class Capture(object):
def __init__(self):
self.random_choice_alphabet = "ABCDEF1234567890"
self.rules_file = "/tmp/rules"
self.generate_rule_file()
def start_capture(self) -> dict:
"""Start a dumpcap capture on the created AP interface and save
the generated pcap in a temporary directory under /tmp/.
Returns:
dict: Capture token and operation status.
"""
# Few context variable assignment
self.capture_token = "".join([random.choice(self.random_choice_alphabet) for i in range(8)])
self.capture_dir = "/tmp/{}/".format(self.capture_token)
self.assets_dir = "/tmp/{}/assets/".format(self.capture_token)
self.iface = read_config(("network", "in"))
self.pcap = self.capture_dir + "capture.pcap"
self.rules_file = "/tmp/rules"
# For packets monitoring
self.list_pkts = []
self.last_pkts = 0
# Make the capture and the assets directory
mkdir(self.capture_dir)
chmod(self.capture_dir, 0o777)
mkdir(self.assets_dir)
chmod(self.assets_dir, 0o777)
# Kill possible potential process
stop_monitoring()
# Writing the instance UUID for reporting.
with open("/tmp/{}/assets/instance.json".format(self.capture_token), "w") as f:
f.write(json.dumps({ "instance_uuid" : get_device_uuid().strip() }))
try:
sp.Popen(["dumpcap", "-n", "-i", self.iface, "-w", self.pcap])
sp.Popen(["suricata", "-c", "/etc/suricata/suricata.yaml", "-i", self.iface, "-l", self.assets_dir, "-S", self.rules_file])
return { "status": True,
"message": "Capture started",
"capture_token": self.capture_token }
except:
return { "status": False,
"message": f"Unexpected error: {sys.exc_info()[0]}"}
def get_capture_stats(self) -> dict:
""" Get some dirty capture statistics in order to have a sparkline
in the background of capture view.
Returns:
dict: dict containing stats associated to the capture
"""
with open("/sys/class/net/{}/statistics/tx_packets".format(self.iface)) as f:
tx_pkts = int(f.read())
with open("/sys/class/net/{}/statistics/rx_packets".format(self.iface)) as f:
rx_pkts = int(f.read())
if self.last_pkts == 0:
self.last_pkts = tx_pkts + rx_pkts
return {"status": True,
"packets": [0*400]}
else:
curr_pkts = (tx_pkts + rx_pkts) - self.last_pkts
self.last_pkts = tx_pkts + rx_pkts
self.list_pkts.append(curr_pkts)
return {"status": True,
"packets": self.beautify_stats(self.list_pkts)}
@staticmethod
def beautify_stats(data) -> list:
"""Add 0 at the end of the array if the len of the array is less
than max_len. Else, get the last 100 stats. This allows to
show a kind of "progressive chart" in the background for
the first packets.
Args:
data (list): list of integers
Returns:
list: list of integers
"""
max_len = 400
if len(data) >= max_len:
return data[-max_len:]
else:
return data + [1] * (max_len - len(data))
def stop_capture(self) -> dict:
"""Stop dumpcap & suricata if any instance present & ask create_capinfos.
Returns:
dict: operation status
"""
network = Network()
# We stop the monitoring and the associated hotspot.
if stop_monitoring():
if network.delete_hotspot():
self.create_capinfos()
return {"status": True,
"message": "Capture stopped"}
else:
return {"status": False,
"message": "No active hotspot"}
else:
return {"status": False,
"message": "No active capture"}
def create_capinfos(self) -> bool:
"""Creates a capinfo json file.
Returns:
bool: True if everything worked well.
"""
self.pcap = self.capture_dir + "capture.pcap"
infos = sp.Popen(["capinfos", self.pcap], stdout=sp.PIPE, stderr=sp.PIPE)
infos = infos.communicate()[0]
data = {}
for l in infos.decode().splitlines():
try:
l = l.split(": ") if ": " in l else l.split("= ")
if len(l[0]) and len(l[1]):
data[l[0].strip()] = l[1].strip()
except:
continue
with open("{}capinfos.json".format(self.assets_dir), 'w') as f:
json.dump(data, f)
return True
def generate_rule_file(self) -> bool:
"""Generate a suricata rules files.
Returns:
bool: operation status.
"""
rules = [r[0] for r in get_iocs("snort")]
try:
with open(self.rules_file, "w+") as f:
f.write("\n".join(rules))
return True
except:
return False

61
server/frontend/app/classes/device.py Executable file
View File

@ -0,0 +1,61 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cmath import rect
import subprocess as sp
from app.utils import read_config
import json
import os
import re
class Device(object):
def __init__(self, token):
self.iface_in = read_config(("network", "in"))
self.token = token if re.match(r"[A-F0-9]{8}", token) else None
return None
def get(self) -> dict:
"""Get the device properties (such as Mac address, name, IP etc.)
By reading the device.json file if exists. Or reading the leases
files and writing the result into device.json.
Returns:
dict: device infos.
"""
if not os.path.isfile("/tmp/{}/assets/device.json".format(self.token)):
device = self.read_leases()
if device["status"] != False:
with open("/tmp/{}/assets/device.json".format(self.token), "w") as f:
f.write(json.dumps(device))
else:
with open("/tmp/{}/assets/device.json".format(self.token)) as f:
device = json.load(f)
return device
def read_leases(self) -> dict:
"""Get the first connected device to the generated
networks by using ARP.
Returns:
dict: connected device.
"""
sh = sp.Popen(["arp"], stdout=sp.PIPE, stderr=sp.PIPE)
sh = sh.communicate()
for line in sh[0].splitlines():
line = line.decode("utf8")
if self.iface_in in line:
rec = [x for x in line.split(" ") if x]
if rec[-1] == self.iface_in and rec[1] == "ether":
return {
"status": True,
"name": rec[2],
"ip_address": rec[0],
"mac_address": rec[2]
}
else:
return {"status": False,
"message": "Device not connected"}

181
server/frontend/app/classes/network.py Executable file
View File

@ -0,0 +1,181 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import subprocess as sp
import netifaces as ni
import requests
import re
import qrcode
import base64
import random
import requests
from app.utils import read_config
from io import BytesIO
class Network(object):
def __init__(self):
self.AP_SSID = False
self.AP_PASS = False
self.iface_out = read_config(("network", "out"))
self.iface_in = read_config(("network", "in"))
self.random_choice_alphabet = "abcdef1234567890"
def check_status(self) -> dict:
"""The method check_status check the IP addressing of the connected interface
and return its associated IP.
Returns:
dict: contains the network context.
"""
ctx = { "internet": self.check_internet() }
for iface in ni.interfaces():
if iface != self.iface_in and iface.startswith(("wl", "en", "et")):
addrs = ni.ifaddresses(iface)
try:
ctx["ip_out"] = addrs[ni.AF_INET][0]["addr"]
except:
ctx["ip_out"] = "Not connected"
return ctx
def wifi_list_networks(self) -> dict:
"""List the available wifi networks by using nmcli
Returns:
dict: list of available networks.
"""
networks = []
if self.iface_out.startswith("wl"):
sh = sp.Popen(["nmcli", "-f", "SSID,SIGNAL", "dev", "wifi", "list", "ifname", self.iface_out], stdout=sp.PIPE, stderr=sp.PIPE)
sh = sh.communicate()
for network in [n.decode("utf8") for n in sh[0].splitlines()][1:]:
name = network.strip()[:-3].strip()
signal = network.strip()[-3:].strip()
if name not in [n["name"] for n in networks] and name != "--":
networks.append({"name" : name, "signal" : int(signal) })
return { "networks": networks }
def wifi_setup(self, ssid, password) -> dict:
"""Connect to a WiFi network by using nmcli
Args:
ssid (str): Network SSID
password (str): Network password
Returns:
dict: operation status
"""
if len(password) >= 8 and len(ssid):
sh = sp.Popen(["nmcli", "dev", "wifi", "connect", ssid, "password", password, "ifname", self.iface_out], stdout=sp.PIPE, stderr=sp.PIPE)
sh = sh.communicate()
if re.match(".*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}.*", sh[0].decode('utf8')):
return {"status": True,
"message": "Wifi connected"}
else:
return {"status": False,
"message": "Wifi not connected"}
else:
return {"status": False,
"message": "Empty SSID or/and password length less than 8 chars."}
def start_hotspot(self) -> dict:
"""Generates an Access Point by using nmcli and provide to
the GUI the associated ssid, password and qrcode.
Returns:
dict: hostpost description
"""
self.delete_hotspot()
try:
if read_config(("network", "tokenized_ssids")):
token = "".join([random.choice(self.random_choice_alphabet) for i in range(4)])
self.AP_SSID = random.choice(read_config(("network", "ssids"))) + "-" + token
else:
self.AP_SSID = random.choice(read_config(("network", "ssids")))
except:
token = "".join([random.choice(self.random_choice_alphabet) for i in range(4)])
self.AP_SSID = "wifi-" + token
self.AP_PASS = "".join([random.choice(self.random_choice_alphabet) for i in range(8)])
sp.Popen(["nmcli", "con", "add", "type", "wifi", "ifname", self.iface_in, "con-name", self.AP_SSID, "autoconnect", "yes", "ssid", self.AP_SSID]).wait()
sp.Popen(["nmcli", "con", "modify", self.AP_SSID, "802-11-wireless.mode", "ap", "802-11-wireless.band", "bg", "ipv4.method", "shared"]).wait()
sp.Popen(["nmcli", "con", "modify", self.AP_SSID, "wifi-sec.key-mgmt", "wpa-psk", "wifi-sec.psk", self.AP_PASS]).wait()
if self.launch_hotstop():
return {"status": True,
"message": "AP started",
"ssid": self.AP_SSID,
"password": self.AP_PASS,
"qrcode": self.generate_qr_code()}
else:
return {"status": False,
"message": "Error while creating AP."}
def generate_qr_code(self) -> str:
"""Returns a QRCode based on the SSID and the password.
Returns:
str: String representing the QRcode as data scheme.
"""
qrc = qrcode.make("WIFI:S:{};T:WPA;P:{};;".format(self.AP_SSID, self.AP_PASS))
buffered = BytesIO()
qrc.save(buffered, format="PNG")
return "data:image/png;base64,{}".format(base64.b64encode(buffered.getvalue()).decode("utf8"))
def launch_hotstop(self) -> bool:
"""This method enables the hotspot by asking nmcli to activate it,
then the result is checked against a regex in order to know if everything is good.
Returns:
bool: true if hotspot created.
"""
sh = sp.Popen(["nmcli", "con", "up", self.AP_SSID], stdout=sp.PIPE, stderr=sp.PIPE)
sh = sh.communicate()
return re.match(".*/ActiveConnection/[0-9]+.*", sh[0].decode("utf8"))
def check_internet(self) -> bool:
"""Check the internet link just with a small http request
to an URL present in the configuration
Returns:
bool: True if everything works.
"""
try:
url = read_config(("network", "internet_check"))
requests.get(url, timeout=10)
return True
except:
return False
def delete_hotspot(self) -> bool:
"""
Delete the previously created hotspot.
"""
sh = sp.Popen(["nmcli", "con", "show"], stdout=sp.PIPE, stderr=sp.PIPE)
for line in sh.communicate()[0].splitlines():
line = line.decode('utf8')
if self.iface_in in line:
ssids = re.search("^[a-zA-Z]+\-[0-9a-f]{4}", line)
if ssids:
sp.Popen(["nmcli", "con", "delete", ])
sh = sp.Popen(["nmcli", "con", "delete", ssids[0]], stdout=sp.PIPE, stderr=sp.PIPE)
sh = sh.communicate()
if re.match(".*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}.*", sh[0].decode("utf8")):
return True
else:
return False

77
server/frontend/app/classes/save.py Executable file
View File

@ -0,0 +1,77 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import io
import re
import shutil
from datetime import datetime
import psutil
import pyudev
from flask import jsonify, send_file
class Save():
def __init__(self):
self.mount_point = ""
return None
def usb_check(self) -> dict:
"""Check if an USB storage is connected or not.
Returns:
dict: contains the connection status.
"""
self.usb_devices = []
context = pyudev.Context()
removable = [device for device in context.list_devices(
subsystem='block', DEVTYPE='disk')]
for device in removable:
if "usb" in device.sys_path:
partitions = [device.device_node for device in context.list_devices(
subsystem='block', DEVTYPE='partition', parent=device)]
for p in psutil.disk_partitions():
if p.device in partitions:
self.mount_point = p.mountpoint
return jsonify({"status": True,
"message": "USB storage connected"})
self.mount_point = ""
return jsonify({"status": False,
"message": "USB storage not connected"})
def save_capture(self, token, method) -> any:
"""Save the capture to the USB device or push a ZIP
file to download.
Args:
token (str): capture token
method (str): method used to save
Returns:
dict: operation status OR Flask answer.
"""
if re.match(r"[A-F0-9]{8}", token):
try:
if method == "usb":
cd = datetime.now().strftime("%d%m%Y-%H%M")
if shutil.make_archive("{}/SpyGuard_{}".format(self.mount_point, cd), "zip", "/tmp/{}/".format(token)):
shutil.rmtree("/tmp/{}/".format(token))
return jsonify({"status": True,
"message": "Capture saved on the USB key"})
elif method == "url":
cd = datetime.now().strftime("%d%m%Y-%H%M")
if shutil.make_archive("/tmp/SpyGuard_{}".format(cd), "zip", "/tmp/{}/".format(token)):
shutil.rmtree("/tmp/{}/".format(token))
with open("/tmp/SpyGuard_{}.zip".format(cd), "rb") as f:
return send_file(
io.BytesIO(f.read()),
mimetype="application/octet-stream",
as_attachment=True,
attachment_filename="SpyGuard_{}.zip".format(cd))
except:
return jsonify({"status": False,
"message": "Error while saving capture"})
else:
return jsonify({"status": False,
"message": "Bad token value"})

165
server/frontend/app/utils.py Executable file
View File

@ -0,0 +1,165 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import glob
import os
import re
import shutil
import hashlib
import sqlite3
import subprocess as sp
from functools import reduce
import psutil
import yaml
def get_device_uuid() -> str:
"""Get the device UUID
Returns:
str: device uuid
"""
uuid_not_found = False
try:
with open("/sys/class/dmi/id/product_uuid", "r") as uuid:
return uuid.read()
except:
uuid_not_found = True
try:
with open("/proc/cpuinfo") as f:
for line in f.readlines():
if line.startswith("Serial"):
serial = line.split(":")[1].strip().encode('utf8')
hash = hashlib.md5(serial).hexdigest()
return f"{hash[0:8]}-{hash[8:12]}-{hash[12:16]}-{hash[16:20]}-{hash[20:]}"
except:
uuid_not_found = True
if uuid_not_found:
return "00000000-0000-0000-0000-000000000000"
def read_config(path) -> any:
"""Read a value from the configuration file
Args:
path (turple): The path as ('category', 'key')
Returns:
any: The configuration element.
"""
config = yaml.load(open("/usr/share/spyguard/config.yaml", "r"), Loader=yaml.SafeLoader)
return reduce(dict.get, path, config)
def write_config(cat, key, value):
"""Write a new value in the configuration file.
Args:
cat (str): Category where to write
key (str): Key to be written
value (str): Value to write
Returns:
bool: True if successful.
"""
try:
config = yaml.load(open("/usr/share/spyguard/config.yaml", "r"), Loader=yaml.SafeLoader)
config[cat][key] = value
with open("/usr/share/spyguard/config.yaml", "w") as yaml_file:
yaml_file.write(yaml.dump(config, default_flow_style=False))
return True
except:
return False
def delete_captures() -> bool:
"""Delete potential capture zombies.
Returns:
bool: True if successful.
"""
try:
# Deleting zombies capture directories
for d in os.listdir("/tmp/"):
if re.match("[A-F0-9]{8}", d):
shutil.rmtree(os.path.join("/tmp/", d))
# Deleting zombies hotspot
sh = sp.Popen(["nmcli", "con", "show"], stdout=sp.PIPE, stderr=sp.PIPE)
for line in sh.communicate()[0].splitlines():
res = re.search("^[a-zA-Z]+\-[0-9a-f]{4}", line.decode('utf8'))
if res: sp.Popen(["nmcli", "con", "delete", res[0]])
return True
except:
return False
def get_battery_level() -> int:
"""Get the battery level.
Returns 101 is the power supply is connected or not found.
Returns:
int: level of the battery.
"""
if os.path.isdir("/sys/class/power_supply/"):
for file_path in glob.glob("/sys/class/power_supply/*/*"):
if file_path.endswith("/online"):
with open(file_path, "r") as f:
if int(f.read()):
return 101
for file_path in glob.glob("/sys/class/power_supply/*/*"):
if file_path.endswith("/capacity"):
with open(file_path, "r") as f:
return int(f.read())
# If nothing found, return 101 as a default.
return 101
def get_wifi_level() -> int:
"""Get the level of the WiFi interface (out)
Returns:
int: WiFi level
"""
try:
sh = sp.Popen(["iwconfig", read_config(('network', 'out'))], stdout=sp.PIPE, stderr=sp.PIPE)
res = sh.communicate()[0].decode('utf8')
m = re.search("Link Quality=(?P<quality>\d+)/(?P<quality_max>\d+)", res)
return (int(m.group('quality'))/int(m.group('quality_max')))*100
except:
return 0
def get_iocs_number() -> int:
"""Get number of IOCs in the database
Returns:
int: number of IOCs
"""
with sqlite3.connect("/usr/share/spyguard/database.sqlite3") as c:
cur = c.cursor()
return len(cur.execute("SELECT * FROM iocs").fetchall())
def get_iocs(ioc_type) -> list:
"""Get a list of IOCs specified by their type.
Returns:
list: list containing the IOCs
"""
with sqlite3.connect("/usr/share/spyguard/database.sqlite3") as c:
cur = c.cursor()
cur.execute("SELECT value, tag FROM iocs WHERE type = ? ORDER BY value", (ioc_type,))
res = cur.fetchall()
return [[r[0], r[1]] for r in res] if res is not None else []
def stop_monitoring() -> bool:
"""Just stop monitoring processes.
Returns:
bool: True by default.
"""
for proc in psutil.process_iter():
if proc.name() == "dumpcap":
proc.terminate()
sp.Popen(["suricatasc", "-c", "shutdown"])
return True # Yeah, I know...

51
server/frontend/main.py Executable file
View File

@ -0,0 +1,51 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from flask import Flask, render_template, send_from_directory, redirect, abort
from app.blueprints.network import network_bp
from app.blueprints.capture import capture_bp
from app.blueprints.device import device_bp
from app.blueprints.analysis import analysis_bp
from app.blueprints.save import save_bp
from app.blueprints.misc import misc_bp
from app.utils import read_config
app = Flask(__name__, template_folder="/usr/share/spyguard/app/frontend/dist")
@app.route("/", methods=["GET"])
def main():
"""
Return the index.html generated by Vue
"""
return render_template("index.html")
@app.route("/<p>/<path:path>", methods=["GET"])
def get_file(p, path):
"""
Return the frontend assets (css, js files, fonts etc.)
"""
rp = "/usr/share/spyguard/app/frontend/dist/{}".format(p)
return send_from_directory(rp, path) if p in ["css", "fonts", "js", "img"] else redirect("/")
@app.errorhandler(404)
def page_not_found(e):
return redirect("/")
# API Blueprints.
app.register_blueprint(network_bp, url_prefix='/api/network')
app.register_blueprint(capture_bp, url_prefix='/api/capture')
app.register_blueprint(device_bp, url_prefix='/api/device')
app.register_blueprint(analysis_bp, url_prefix='/api/analysis')
app.register_blueprint(save_bp, url_prefix='/api/save')
app.register_blueprint(misc_bp, url_prefix='/api/misc')
if __name__ == '__main__':
port = ""
try:
port = int(read_config(("frontend", "http_port")))
except:
port = 80
if read_config(("frontend", "remote_access")):
app.run(host="0.0.0.0", port=port)
else:
app.run(port=port)