diff options
author | makefu <github@syntax-fehler.de> | 2013-01-14 14:46:22 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2013-01-14 14:46:22 +0100 |
commit | dbe2d838ba6834788265029162b2dd7d82473335 (patch) | |
tree | a4eb38f7fc91d91269b6f83453de62242c6ddc23 /god/census | |
parent | 5a782f6c8f7923f9f415afd504ce6e71acbc7fef (diff) | |
parent | abf9916bc1add17888308877fa4eb9da330297ef (diff) |
Merge branch 'master' of github.com:krebscode/painload
Conflicts:
god/temper/Makefile
god/temper/collectd-temper.sh
Diffstat (limited to 'god/census')
-rw-r--r-- | god/census/Makefile | 5 | ||||
-rw-r--r-- | god/census/README.md | 23 | ||||
-rw-r--r-- | god/census/TODO.md | 3 | ||||
-rw-r--r-- | god/census/VERSION | 1 | ||||
-rwxr-xr-x | god/census/arping.py | 34 | ||||
-rwxr-xr-x | god/census/arping_users.py | 92 | ||||
-rw-r--r-- | god/census/mac_names.lst | 14 | ||||
-rwxr-xr-x | god/census/sched-arping | 8 | ||||
-rw-r--r-- | god/census/title.lst | 11 |
9 files changed, 191 insertions, 0 deletions
diff --git a/god/census/Makefile b/god/census/Makefile new file mode 100644 index 00000000..9993bf2a --- /dev/null +++ b/god/census/Makefile @@ -0,0 +1,5 @@ +.phony: all + +all: arping.py arping_users.py +install: + ./sched-arping diff --git a/god/census/README.md b/god/census/README.md new file mode 100644 index 00000000..2842368d --- /dev/null +++ b/god/census/README.md @@ -0,0 +1,23 @@ +Census (formerly known as ARPING Users) +========== + +This is a simplified python script which checks the available subnet for computers online and returns a list of users which are online based on their mac-address + +The initial idea was to find known users in the given network, now it finds and stores everyone in the given network and might try to resolve these addresses into names. This is why the name `census` is coined for the project. + +Return Data +---------- +after trying to reach all hosts in the selected subnets the script spits out th e following data: +<pre> + { "timestamp" : 12345678, "data" : { "ip1" : ["mac1","mac2","macn"] } +</pre> + +Census is meant to be put into a cronjob or some kind of wrapper scripts as it is currently really really (2-3 minutes) slow. + +SNMPWALK Command +=============== + +For historic reasons, this is the snmpwalk command to pull the currently registered mac-addresses on the firewall: +<pre> +snmpwalk -c shammunity 10.42.0.1 1.3.6.1.2.1.3.1.1.2 +</pre> diff --git a/god/census/TODO.md b/god/census/TODO.md new file mode 100644 index 00000000..daacfd58 --- /dev/null +++ b/god/census/TODO.md @@ -0,0 +1,3 @@ +BUGS +===== + diff --git a/god/census/VERSION b/god/census/VERSION new file mode 100644 index 00000000..6c50e659 --- /dev/null +++ b/god/census/VERSION @@ -0,0 +1 @@ ++++++++[>+++++++>+++++++<<-]>.>---.<-. diff --git a/god/census/arping.py b/god/census/arping.py new file mode 100755 index 00000000..ed257441 --- /dev/null +++ b/god/census/arping.py @@ -0,0 +1,34 @@ +#!/usr/bin/python + +import logging +log = logging.getLogger('arpingy') +logging.disable(logging.WARNING) + +import os,sys +try: + if (os.geteuid() != 0): + raise Exception('no root permissions') + from scapy.all import * #might throws "no such module" + + def arpingy(iprange="10.42.1.0/24",iface='eth0'): + """Arping function takes IP Address or Network, returns nested mac/ip list""" + try: + conf.verb=0 + ans,unans=arping(iprange,iface=iface,timeout=3,retry=1) + + collection = [] + for snd, rcv in ans: + result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split() + log.debug(result) + return result # take just the first arp reply + except Exception as e: + print ("something went wrong while arpinging " + str(e)) + return [] + +except Exception as e: + raise Exception("Cannot load arping functions!" + str(e)) + + +if __name__ =='__main__': + logging.basicConfig(level=logging.DEBUG) + arpingy(sys.argv[1],sys.argv[2]) diff --git a/god/census/arping_users.py b/god/census/arping_users.py new file mode 100755 index 00000000..eb47f308 --- /dev/null +++ b/god/census/arping_users.py @@ -0,0 +1,92 @@ +#!/usr/bin/python +import subprocess,re,logging,sys +import json +from arping import arpingy +from multiprocessing import Pool +logging.basicConfig(level=logging.WARNING) +log = logging.getLogger("main") +DEV='eth1' +MAC_NAMES='mac_names.lst' +data = [] +my_addr = False +my_names = {} +ret = {} +quiet=False + +names = {} +if len(sys.argv) > 1 and sys.argv[1] == 'q': + quiet=True +def get_own_addr(): + data = subprocess.Popen(['/sbin/ifconfig',DEV], + stdout=subprocess.PIPE).communicate()[0].replace('\n','') + return re.sub(r'.*HWaddr ([0-9A-Fa-f:]*).*inet addr:([0-9.]*).*' , + r'\1 \2',data).split() + +def load_names(mac_file): + f = open(mac_file) + for l in f: + mac,name = l.split(' ',1) + names[mac] = name.replace('\n','') + f.close() + return names + +def print_config(): + log.info("My Addr : %s" %str(my_addr)) + log.info("MAC Names file: %s " %MAC_NAMES) + log.debug("Loaded names : ") + for mac,name in my_names.iteritems(): + log.debug("%s => %s" %(mac,name)) + +def init(): + my_addr = get_own_addr() + my_names = load_names(MAC_NAMES) + +def arping_helper(dic): + log.debug("trying arpingy(%s)" %dic) + return arpingy(**dic) + +def main(): + init() + print_config() + + for first in range(1,4): + for second in range(256): + data.append({'iprange':'10.42.'+str(first)+'.'+str(second),'iface':DEV}) + try: + log.info("creating new Pool") + p = Pool(35) + ret = filter(lambda x:x , p.map(arping_helper, data)) + log.info("killing it") + p.terminate() + + except Exception as e: + print 'you fail '+str(e) + sys.exit(1) + myip,mymac = get_own_addr() + ret.append([mymac,myip]) + + print_json(ret) + #print_names(ret) + +def print_names(ret): + for p in ret: + if not quiet: + print p[0] + " => " + p[1] + if p[1] in names: + print names[p[1]]+ " is online" + +def print_json(ret): + from time import time + output = {} + output["timestamp"] = time() + for i in ret: + mac = i[0] + ip = i[1] + if i[0] not in output: + output[mac] = [] + output[mac].append(ip) + print json.dumps(output) + +if __name__ == "__main__": + log.debug("starting arping_users") + main() diff --git a/god/census/mac_names.lst b/god/census/mac_names.lst new file mode 100644 index 00000000..5f123dbe --- /dev/null +++ b/god/census/mac_names.lst @@ -0,0 +1,14 @@ +00:40:63:c8:b5:a0 urkrebs +00:23:54:29:1d:3e hadez +00:26:c7:bd:a7:1a Martin +04:1e:64:05:39:28 Stephan +5c:59:48:22:2d:d2 Phil +00:21:00:fb:5c:b6 Kah-Hah +00:1e:64:27:3b:72 Felix +40:30:04:4f:de:73 Armin +00:26:c6:82:51:38 samuirai +3c:8b:fe:5c:4e:da Moh-Moh +00:26:bb:69:98:cc Jan +78:dd:08:d5:34:28 Patrick +78:ca:39:6e:ed:16 Tillman +00:22:43:25:61:79 Te vau diff --git a/god/census/sched-arping b/god/census/sched-arping new file mode 100755 index 00000000..14f8af3c --- /dev/null +++ b/god/census/sched-arping @@ -0,0 +1,8 @@ +#!/bin/sh + +TMP=`mktemp` +crontab -l >$TMP + +echo "23 * * * * $PWD/arping_users.py > $PWD/../db/arping" | +../util/bin/magic create "arping" $TMP +crontab $TMP diff --git a/god/census/title.lst b/god/census/title.lst new file mode 100644 index 00000000..dade858f --- /dev/null +++ b/god/census/title.lst @@ -0,0 +1,11 @@ +KM kh +KM lassulus +KM makefu +KM miefda +KM momo +KM pfleidi +KM rtjure +KM tv +CN cmile +CN infin +CP * |