From 8098a9ee44f57bc3946b03ae1c7997371ebff21f Mon Sep 17 00:00:00 2001 From: morpheuslord Date: Wed, 18 Oct 2023 13:31:26 +0530 Subject: [PATCH] Optimized code and added PCAP analysis --- README.md | 42 +- commands/__pycache__/assets.cpython-311.pyc | Bin 11649 -> 12989 bytes .../__pycache__/dns_recon.cpython-311.pyc | Bin 3754 -> 3659 bytes commands/__pycache__/menus.cpython-311.pyc | Bin 30048 -> 33578 bytes commands/__pycache__/models.cpython-311.pyc | Bin 23932 -> 26985 bytes .../packet_analysis.cpython-311.pyc | Bin 0 -> 13060 bytes commands/assets.py | 38 +- commands/dns_recon.py | 58 +- commands/menus.py | 113 ++- commands/models.py | 138 ++-- commands/packet_analysis.py | 218 ++++++ gpt_vuln.py | 21 +- outputs/output.json | 0 package/GVA.egg-info/SOURCES.txt | 1 + package/GVA/menus.py | 397 ++++------- package/GVA/packet_analysis.py | 218 ++++++ package/README.md | 652 ++++++++++++++---- package/build/lib/GVA/menus.py | 358 ++++------ package/build/lib/GVA/packet_analysis.py | 218 ++++++ 19 files changed, 1742 insertions(+), 730 deletions(-) create mode 100644 commands/__pycache__/packet_analysis.cpython-311.pyc create mode 100644 commands/packet_analysis.py create mode 100644 outputs/output.json create mode 100644 package/GVA/packet_analysis.py create mode 100644 package/build/lib/GVA/packet_analysis.py diff --git a/README.md b/README.md index 274c839..ddd97cf 100644 --- a/README.md +++ b/README.md @@ -4,12 +4,13 @@ This is a Proof Of Concept application that demostrates how AI can be used to ge ## Requirements -- Python 3.10 +- Python 3.10 or above - All the packages mentioned in the requirements.txt file - OpenAI API - Bard API (MakerSuite Palm) - HuggingFace token (with llama2 access ) - IPGeolocation API +- Wireshark and tshark (both added to path) ## Usage Package @@ -27,6 +28,7 @@ from GVA.dns_recon import DNSRecon from GVA.geo import geo_ip_recon from GVA.jwt import JWTAnalyzer from GVA.menus import Menus +from GVA.packet_analysis import PacketAnalysis from GVA.ai_models import NMAP_AI_MODEL from GVA.ai_models import DNS_AI_MODEL from GVA.ai_models import JWT_AI_MODEL @@ -43,12 +45,14 @@ port_scanner = NetworkScanner() jwt_analizer = JWTAnalyzer() sub_recon = sub_enum() asset_codes = Assets() - +packet_analysis = PacketAnalysis() # KEEP IT BLANK IF YOU HAVE NO CLUE THE MENU WILL ASK TO FILL IT ONCE ACTIVE lkey = "LLAMA API KEY" lendpoint = "LLAMA ENDPOINT" keyset = "AI API KEY" +output_loc = "OUTPUT LOCATION FOR PCAP" +threads = 200 # Default INT 200 but can be increased. target_ip_hostname_or_token = "TARGET IP, HOSTNAME OR TOKEN" profile_num = "PROFILE FOR NMAP SCAN" ai_set = "AI OF CHOICE" @@ -62,6 +66,8 @@ Menus( lamma_key=lkey, llama_api_endpoint=lendpoint, initial_keyset=keyset, + threads=threads, + output_loc=output_loc, target=target_ip_hostname, profile_num=profile_num, ai_set=ai_set, @@ -125,6 +131,9 @@ python gpt_vuln.py --target --attack sub --list # Specify target for geolocation lookup python gpt_vuln.py --target --attack geo +# Specify PCAP file for packet analysis +python gpt_vuln.py --target --attack pcap --output --thread NUM of threads <200:default> + # Specify the AI to be used for nmap python gpt_vuln.py --target --attack nmap --profile <1-5> --ai llama /llama-api /bard / openai @@ -159,6 +168,7 @@ python gpt_vuln.py --menu True │ 3 │ Subdomain Enum │ │ 4 │ GEO-IP Enum │ | 5 | JWT Analysis | +| 6 | PCAP Analysis | │ q │ Quit │ └─────────┴────────────────┘ Enter your choice: @@ -521,6 +531,34 @@ target is jainuniversity.ac.in └─────────────────────────────┴─────────────────────────────────────────────────────────────────────────┘ ``` +#### PCAP OUTPUT + +``` +Collecting Json Data +Extracting IP details... +Extracting DNS details... +Extracting EAPOL details... +Extracting TCP STREAMS details... +TCP streams can take some time.. +Total Streams combination: 252 +Number of workers in progress: 250 +Completed + GVA Report for PCAP +┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ +┃ Identifiers ┃ Data ┃ +┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ +│ PacketAnalysis.Services │ ['49943', '49958', '49934', '49944', '49931', '443', '49957'] │ +│ PacketAnalysis.TCP Streams │ ['1', '4', '5', '2', '0', '3'] │ +│ PacketAnalysis.Sources Address │ ['█████████████', '1.1.1.1', '█████████████', '█████████████', '█████████████', '█████████████'] │ +│ PacketAnalysis.Destination Address │ ['█████████████', '1.1.1.1', '█████████████', '█████████████', '█████████████', '█████████████'] │ +│ PacketAnalysis.DNS Resolved │ [] │ +│ PacketAnalysis.DNS Query │ ['oneclient.sfx.ms'] │ +│ PacketAnalysis.DNS Response │ ['oneclient.sfx.ms.edgekey.net', 'e9659.dspg.akamaiedge.net', 'oneclient.sfx.ms'] │ +│ PacketAnalysis.EAPOL Data │ [] │ +│ PacketAnalysis. Total Streams Data │ 126 │ +└────────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────┘ +``` + # Usage GUI The GUI uses customtkinter for the running of the code. The interface is straight forward the only thing required to remember is: diff --git a/commands/__pycache__/assets.cpython-311.pyc b/commands/__pycache__/assets.cpython-311.pyc index ceba935aa01c42c3f4d0d450974dd4d10920b461..3b601f71f366ee5f7f0003f8ecc7323e6acd1328 100644 GIT binary patch delta 1895 zcmdUuT}+!*7{}k!PukL!kJ1l7`j)PRc9illz8s9z4rf`vgl-xaL%N-omK9pxzMVii zj9zH6%uslYpf@WCW*BFjX-uYxX7heYn_z;?wh(VL#tWA0LcQ|5Z`mS=OP1-4Cnvw> zdCvQPo|AK)^S*ud+lcC#QYoj%P`~Spyx{m!bw(unjf86yMweh0S*0k8<`EXaUD5L* z;)scJ6iGlYHp-+}G%d(d*Q?;Tc-YL;kvyiJpe#u(u(9Nv4V9JWnMjz8C+DJx@N^ok zic{!AsFC!lOEn|gH6z7Gv+%0qCxJj9EDXzTBh&(23Y*M`X{^I0Y~Z6-Y{rMM1#9@o zira8IwqZLT9mXBlfjhC2kGgO-`PPGb;RA&S9fA9b?}Dau<{a&$@m!j4ZZ@1EW;&8| z(lc+ePC9iyoGME~VP-nQE><}lY{hHx1f4GhCPRLgZ_F7AoEq~xgKk&Q@uJ5IrRw-w zl2DAC4)YnjR~CBwp+&PlGkY$=(8(yx^2=#Dnq+7$l@8B^6AS5hdQsWa)kU|Th(yDg z1Zyix0vR@y;WtlKJVRwAO=?6A=9Z;FCK-(6naQ;+~c`hrCe5CR_0=Pd9lL-uc(jNiMutnqdj_a zij(_!xu2K&(E<4=EU3rpqMRzmt75z=20y4*1wC~Tuj#IxK~z@AJ)H{z@+K(eD_GY4 zhz8)a(SoYr4V_++m9U7Spww&?A?nH?gtZRzG%5?U)VCuUnDi&%_j)x1v?}@q`>A(fMcapra7XKeZ(3513hZ~DFHuwJ{Nq+t zgG*}^4zea#lIkUw{$95c(S<*ZeW!72~8DW9M)R zCQT!qDyEYQ0vv)IUgpro!N;MCLpMQLcrl!SuTAZ8FNxAB0vdib^+~yebW{e`*7bgY zVQ7yc_-K6Hoo~3;YRN}7?3?y=_fE6vs_$dpmihDajowe^ug{m72e+FCi~NK;ZSOr} zYGK)I5Itk=zuUGBNensNsxAlb+qR`UwYpVpP767kMm=fEuJ?qWTZY;L^a~Qyq#KOmV{#rMnjN60V_(O;|Q~dS*ntYA)_tvq?kM0O|o!X zU8D)bV5Wm1LLE$M*9WnFNnfOJG@ToLnr|L9U~P=0+dv&x=NHiee?X4*D82phgGYK| zNx6V1|Xut`PbQu>h~^mB;`YcN2`+S3;kofio&rh8Zn& z!G&TyJaGh;PxI+Vg(aHh^S}Ar`JY_VWWuhco_+@Ht_aL}r!=ON3A%j}GSjzUQ)YPV z3vrf|Wl9gPb#}0oIXUuIh$ZO{{s@A4p~&1s`#MOm1r7)sL|(3$X!eN%w0RtGTu1lc;WF~lP0BU|Mb9fPh{Q` znNuf>i0Ax&pi8#|FQN2a@htn#_bouIdlcS>=JnZProcVogd5du=B?x=a+KmIe6Buo z%E7J7GC!hf7t0CLnk+-@-Nu}q>B!lKOEwoRM_HgJ(CUeW@iVZ;vg+wy0cTQc;{X5v diff --git a/commands/__pycache__/dns_recon.cpython-311.pyc b/commands/__pycache__/dns_recon.cpython-311.pyc index 2eb2622335cd308a1eedff50224b50701200357a..967f9cbbe5dc0d9eb47e68770bc3df6277c4b8c8 100644 GIT binary patch literal 3659 zcmb_fO>7&-6`uX!KV^v&ZAqqRGPVMWwM3^yT@-SfLad@6SXKgCF)T(lvF46#%FA79 zc4?c!s&;}DPzxVu!+?!MMtpKzxCb9{$f1WIO&bMhfn`CU!U6({7CH3B!VMt!Q1s1` zT$8k#s!e9NZ{C}o_vU+VX6Frm+12GmQ1;(FjQ{9C=xRqz0;?259r#xP(+`& zr+t^Mavdw$-9Fp9Oe+>0E!jS_k7JO|JZRlJ_S`zxs`cxhj`@9MMm`SF2-*q=V(?N& z3<90AX?vfKe+cYjTV&7z0-G;2BLwjYHsYgN@!=sp{I27}|F`&n-#&Zt7Dne={qFQy zuDsxL?3?*4KWg!~x8d;#%VXw&zXh1hw&D{*x{M2eWh}0I=aQxs)UhK+ghDQPNyuKtq<%anvr7Jm zD65j9TrL)l{CN3Cww;ss3MML!!I^H`IsCPDNL>TWS%zr(pn%efjAQdekkt#A*rrCm z*3=51O>_p~4t@#}O}LXS4nP3nkLle5yKhOcRa9!{ofzK+p! z5nPajEH<4N3tC3VnE?QGUV#~BWDOiB79hPY7jv5FOhG3kSGP5F1~^XDNWyRODwZyo z?(vxuiijnZz&!*Jn*0epOH5v(E_oy@iv67pLBw&zvqw@@ON7WD)jXUXVp~ z5v*qjy*nfeCDUJ*R7HY4xU#o-tw^?ZQ&-e~K|;ELHhlrZ7uodpd>I@xBIA`{sv1lg z{#1?a^#r#30V8<0;vcE{M-2bSR`}5RtH$tILv9vlSY+H?%%d3B{|SxDf)K_=nfuzy9R=pM*Xeym!44ovTLY%G0-| zx3~I+0Z}0QoKW4DZ_VDBEzfR+`fp9%nJh!SH3`rH;X1Tne|g{SePyUM*8RWWYT$UJ zJ(>S#u@X&Hqp9+AdG{#FZ72rHeYg9{P-`p?D5CK{M_>6<^pz)}j|M-!y1{ScD$z65 z=$UUYL*#b29NxkDwT;k5sS;hNMi>51>t8uhPjC5$KVQAMYPbj0MfeWxq=Kn9`ZRvv zCvNVyE{4+3c>hEaeU^;BKEVC1pP_VUoSPg*zaNfI1-Z`y45g9C)G_q=vH0}M+{O?? zX)-e7M_>5kGe6+IILZK>OSnyUCL=>W$z)7#CX-jhqC|OrCbL`=r1~4{>>`H%455jg z(3>S01@bHO6euDil+fFvMd(FTeH+LPyKe63xiMAak2xZbPSp@JAG<&4{Y{s}Zk#br zFZ|)G#T(07y)Efh`yUDUUURmD3;vIk3OV^=9T!Dt@+6nNWF5wYW{Ens?^4dvqj;aW zU#)xl8aWCg{r{mZ0jY5e!)&6MvD0r8?K9eco2dJSRcp@Im`Dx1Nd7_l{<*^o3(LO& Dbk1u( literal 3754 zcmb_fTWk~A89sBdJ$CHaaRQEIVtctcu9oZ;u?vJt*J()N0w&s66w)AT@En4JJ>$%b z0Y_skyINILLfQ#JS_Eo|`ar4jl1Co;KrdUeRUhoiQmv^XtyJwp-(1m35l{Wk*pA~6 zD#Y$N<8S_R`{(=4IdlH;Z(J@1g0$z00UYQ;=%1v}N^H}3F$u<(NI(LWMLBAk%F)v_ zMap!RnP$v8o3l(?%{nG)%W=~jg=jR61om?zSRT^|EyJ&ortJbfg`(Dfkz$lKn3z~J zxN~_mBZ+)A5v2@^D)Z@U>1KcPX0in9#R$Nc2%~9AK-089VMd@aiy8k$Z-LoThE~CX zEms_Z^>cRGD%jxZoWYGIras1LNi?h~FVAAtVEJpfXt0+F(y_QF8!nAup<>b zx6<53e~s20o%2}g(z;;GJ0+*)TxzXVYoK|547j{eQ*vpXz-o?%up*l4A^Ih|;6kXx z-PwKT#2%z>@-Vl-U@wxr6jGsID+$(4))cyk?p*2^P3Fi<+l;ntGg|8yy)oO{jOMl( z{ZRF`o`=v}YoDMw*v*Xuei)PGirU|*LkMcaTa;~C4`>av`*+Tz>92MJ-DEDJ8)SvM zHQP-}a9lHYxtynv9cj#`K8;!GZu@9k0xQs4R+HJXkGeXwenx53lDqApZE1|gZSmEu zQ{r)0(@wqbd^f$|)7w%ETAfX;qN$Yyt?V0XW#2%nr>(GUY3!?7#pkam{f;Xu{%Vs> zS5xPNsgqjjX|rit@Md*u7R~w?-lFA=H>uPu7Qc6HlPzw7yUA=E_S)-tdA8+s;CtuA zws@)gHqA?S=PrhmwYYk$zdTZ71Vdb>8m(>EnJieayTQZSQa4`Fe625SfxA``OLz=X3MS#c(xed;;?Vxak26mnC2wCwk>V9)jO|A)}IK=d*koq|fHn z6c6M_pclkK&eW3vi&0cL>NZ#fXRjDsEPhrJa8{AYu`SyPkR#Y&vm}bzvse`J5>S@O zactOli15V)Y&aY1lv0a%tQcLJN`{qhNVO_hhFLLa#T2FFB~if&IRV3+>E*G};Tc{| zU(H;{GkIB>!)aBS8J|q1&KI)cf#xISnY5J4@uHy2G$tJ)|4_bYI5#iB!j9HQ!O-Sv zqD}b`gyLJM*40z)8mKuv-+FhI2VxcPNYy)1c8=7%eYb7j_!4FFy6s#GgqL3GI2LJtcP8|m*5|nUV{Dm0sn+3g6@;2+~_NJ;LnbR+H!d0L)K(8vp;Z=PU!j^FH+CMTNV9!^ z-**`lxYn*%xS9MRYLErDEjE<+^5mwO7couw(ok2?=JRSIWCPLsmrBbSxr z#u9^VNE(u4g5!`grf>zwnNqky*O15m6JbDry^__Dk0h5E#s>Rjf9h<<;Ma(c zxEU{TOS~CgDdv=-m7$fPm7|rTRiIU%O+%Z8R*6=LHXUucSF(xNRq%$qNHT1QF!gQ* z#_Dt6{s0S4HMBt2j!d|*-4=O2?R%|MAF73e+I-0Or-3BY~yII|GHP?h#oNxyJ1i2Y1rt*A-ION!S+#k=)K)F^ZL ztjx)deZM|mDbc=(-NN7GGn%%drq@x2GxB29Co8$(!Ra9uzQb$hHZ~#U50XfG z_dgk`2Y$IeSMp`r8%N2WbogrHG2pV*j0vV2%V4xAllH;6CI_6` z;edO+O8Co;8VINB;J=Ml$ZHn+nOxY=yi|-h+OA~&0iMiSu=Q=Lk@hcw23)hGAfxy%wdCv1BKvkQ^B?;)bL%qTJjDDC$<<> z`ayAn^ZHOh^6@Z*pxJ7r(!s2@!H{2v%zi&NX5QorahpB-ZZx|F{65Yf?DvEQfZbMnh5R8Xiy2wUgPw!YQ1o*NVA z>`czNmPW3lk&jHAj0x*k4TXF>mu%N@VRb?vCdZbM&e1&*=)<7kE-o~qF07jwwt1$B zaT@CGM&X<|j_;(?>Jv*Lilf@Xx-}+%AN278@58kAOlS<)#`e&=%cr2AARtVp57Y4h-_XcpMo?U5F-2NJHa|jxw8LV3 z@+9ihzmN*|Nf@@aC+dqs-yE~F#4Rl`))i-6 zQPu@RHQDeLw*tzGwQ!kJxawk-`naV&#x}&+hA7)`&srEQs)|{w3$|$=M^u=XjrWG+uP25rwV{7AVZIrDQGdW|{s<^dk zUZ$pVvJ2`c*Mz^Ar8#bCjk{4LjTei~c`x{5m96p0))?CsXWOD| z8%(>+z!op6V+%iHEAFrr6I}60#Y92LN!vv6;**_IX~bALO=L#XHx#B)AcL54;QQca zEYtFJt15bwvO zxG6dyY^6s_@>sD)KHT;`Eur0O#ERb5+?h$PNL`I+u1Q)AXl@!^#b`dM&qBPFS=!kk zy;aX3{;<+FW|T&*ZWm;DwAhlhEAm3$1XFl!o=9P&PZaqc75QyKE#tW4j#g>>ke_ zRgaQhRkC+fgDrKkg{AsnW{zAtsvXzDgY{)nYF!E=?5Q`QuS4H1+Jnk$IItlz!5Lwy zo)!JyZJ6nwPQ=l%_Xo0Mn2-)O7G$RWe_=?7OHNP7xB;Wsm805IxGrb$n)zT*Nzy08 z%P#DFRyV5K$9NTqGou8f7r}Xr1@Z|nQ8IZ!sAUo*MEI*2^{dK<`~&18P5h! zdl}#fwU9PbT9Z7N=5oB%QLf6IJ*}#ePux~Lr?;5!9BL|>WAML`p~(WhYQ1=lneZGF zTKFyu2y4W;o%|n{a{A1aVk_^#Nd8w8#wqksI1R@GOQ0!G-c0uyPu~ds=M-qgoU5;5 z;kN5%itOX^R4ep2h~waof%1|E_!xwj5?gdx`jQEA-t%oo*G%LVqUoH-UyP;)EJF`7 z#$swmTxNQo#Jwe*YYV|PZ!Zi@rEsnVs+_S zPI}YEAigc(4LG>lo&m>(oqF+Z#G4au^CH|D&KWDm0O4JP1GC>L*nDMHWJyFO9*q`C*(E`EMT6D@ywxMxo(5 delta 2409 zcmaKtYfMvT7{}lD^z=%v&~lS<5$FX<1+15#XzC4JL_`T1*GB*d4A7x{?9q@ z`JeZFPdR&tyL+E%PiZtNg2!HB^Brj#)@IXRhOLJN)BQ$|krFTQsyoyDCXXpmYdSOi zS)Qy!t?kVA=Xi1`;fOD13`ZDe!z2z*E^28h+C0=WDOw(Ch7`?=TE<|Cn2(|{MJqtf zl%f@)rc2R^P|Hfu=A$M}(Tcq~PYFgTMw10$#js)6G0HH?F&r2b7*31@7?l`R7}XdH zy+*I$An$Q;q>gyg4-#+27>DzM@oZie!96NK8@HAc@htZRr4`W5-(Ir<+sBEIc&L|n zIIq$x!BHfbdCWX!DP}2V8D<$~Ic7O#1!jep+e+*z7?BopCk$eJhlj%EWjPSvlK}yX z8!k3hiRa{hYiS7#oAUSrB$5Z+8XH`!lEd}P>q;Re+u{rL2wmcM))=o+`h8tJJ3~If z58Ltrx>~drR4E7vlQ`E+!Rc8Cxn`fLcT#P;p|<^`wt-V{irI_CIk-`n0}cHeI94wg zj~4zef%1N{CN3qJImfpC^;kyqMG$$twz|QwtAJdqbk|~85gBE~Y!Bt2CH? zby<=33M{Qk$!`kUs)UxBEY7LHcRNePi8$?Ja}zih4@v~0H?daTt1a1U2adh zT=|L#=9!J~xy$yPTk(PGF+ZoVB~V$Tw3U%-dUx%PGBT-KTaD>wiMs|*_e2nxd_LQf)QPw)2z|kJtZ6U*hRj!#p}BZtVDxijQ}?_?bmC zOf90==sibi1ZZ1^_D%M{C%E6(YT?S@VzswD|2$l*<>J3>pUwTarBxL;kwa@%ZnTg~ z5_c`832wCk(`A#p1k(@8tjH@COTAulRY#F^Q)H_eE`*HSX&xp*5iXPk4=p)T^#OH64G-nz5|&3hSk}O> z%mha_8>egiTT``tTC227X(m|NI8)=7Hqun=R*&I}jbkJaN|H{Wbq20+IcWU~>2x2??{z?=QUS+$`Q%j~>vh2GUiGuH z=3YBAH>J@9Fj`ewP&wnEgb0QBl!6&0v=H*Ql!2~VM~z_U3l_y_cZ_fB=?Dqcc$MHo z*mH#zR_|gs3C;T*5bvv~V(ThI7(PJ6_-=MnKRcHp>{?-f)wAzh%xh7E6Z??1&QpS%{a&&&d!FKjcv4yiLEa3bnNEj>%fv10AhCf&C*DK4Kl7ec(bTJ3qyNS2?4`42H*8l(j diff --git a/commands/__pycache__/models.cpython-311.pyc b/commands/__pycache__/models.cpython-311.pyc index 8ab63980183786c92bdfc1b554503b14bee29ef2..ca79480c4144fd4315d1891165a375ee92838197 100644 GIT binary patch delta 5709 zcmeHLdu&tJ8TYkg$FZH4^KhJy96d5ju*pYAKv2XPNeEz@h*CtDp?pM?C9KQr*$&%$TUY?H5^)kLgk>6W zuP8M(D-e0=jNp%m=L7;;fb=kx&xrwn@P2<3BtbF1upYP z71h%cQ3SA8j9egMC>#|1st*-audp1+8h3Jxp9x8yj3Ri+ zFLaXuv|a!OAXN7|U>-uNM5ySG1TPRiFe^adF#tFUy(vzM5Y>WEyU76B0*b2fZ9{{O z34WOd6c<#^K@bE?Di=8=O9C0AyrfJEl#Kd$$(hNbDF`R}BuquVH6p;oVL2QPLYM=2 zWBM|200%4GtZsXg+fBTZKNy9ikR@R8)2M%SDo`OPoZ}_1QD$E?H_Uq_$jaG>YEYIr zA1z!G1K1A1{tl|pI07b9~0(R zoYB3adq9ZrVh}<)1?x)nGR^yp1ZDYbH0&bEtbE?jt4V=@0J}1oFe`@1ln^;D2omv* zK)eDFE(Ic%$y^Gpuq*{InF4ZXo)@Kp^gyN7#spOhV5SM={Hy@8Q8I^ti(~@_vLSQ$ zU{F2}i2(Dsh&W9Y*+qgP>ZPwnjBm-qz5?`+$ki|#)Lsn&A^bjT^{5(Z=#{n zz$JeC=w7aq?|86f|KD4-FSljq7y5%e`@x?5V9$QAXT#SiyJv6W%xtVSVBUvEWnJ$D z;Z_OzMeQRm*fv@Xv$Bai|`x8{<6ENnQnoaQ%kpDX9w2J z)QI&~gidzUxtYbCySa}Ncbz@jJv>sU08%AzB!Hs=oXhB5Xp6rrfu26>?nf9z&>{>W z>_a%jI$f=tpPh8ImhDGEGs0s4?2^l^E#=tTt}pgKj>J<4;|LQ74G1~}2ZDewi*OoY zBSH&;F9$zhUu^jU=S%#~{g#1!xA`D@XGbe{mi=i5&-Ek*cHYp}qX+0_gf;{xLOa64 zjO%f?pj)ULVJm>sLbqf6EJA^2KCGy3q!{YCn!yueK9ART_(=c2A$Ksyhj?g8>~_z` zFyoa+C%O3$GON?>!5Vsv_9FZjui=ox0M2X{A3;JUi?O!iM8yD2JVz0d@y2mz&sF6V zW8d3r<`{c(@9#I!6VNkEPa^v&51v69!ftkZ-#hhca|hCPA?!qW1mP>}Tb^`_O3bu# z-A<0;s-V>f-Rw$lSIzqTAN4ky)T~2zmzDIfT!!B0yAEe3);sXEEQQ@2=r&<;su{Y> zz8rX8yR(Ry4>#^Aju!`vabut)UJ}s6O;F5GEKo|JltC$nQURqBiWN!~lxkLSz*$@q ztD#WXz5_P)=2$sP7L&Orz5LItK%xWCvPNz^0OQ1?-C8 zhM0Zw!q{K6<+`d&dw#XN>X<2Jj#*-*v9efstRi5!RvfF0Sp%ilw6UsKHPywcXE=$Q z(FDq_X#?fgbn)5<>A5Ng zUe+A!J+C}J_vosN#KaTCk-s_MRRI`*&qW;h+e3y#CgO8m$GUd~l#;(3sKY@(;ng6c zRAWZc#A%SFuG~*BD$e2*=SdZL*zjQeyi=Pp`o zfl8_RwQ_TP^dhjQbl`A$32O9dgv$ueAUq3@Dl3%f9Z6XW+ZlUPHR=>2E0?mI@vEjT zba6@#e>?eS)h|%Wd`6KaU*?Z0r4D9Qw>H8a8fvNf8)Ue00Xz?1?TU>H-lVmSof>Me zBMpBEP!?pd}h zTed6=B#Yrr$LSlAmdfXbE)8Afo*KS9e3ARWQU>GBF7Cc(*}81mx-h_AIb`EA)H90@ z-?O-vE$$WW4arjLbK{rBuU0-ad3o}p_J130L;cP(3XWmVGZ zT}gY>^@f)l7LUHvbgk)PS+db_ef;I|o0Tt3UYlGp)@K>F-2q$nEL--hFm`=FS{EOC zWBkVWoyu1yUz@x~x|T`TlCd$lsXb3!GCI;GjdijrS#3*NtMOM=oB5^7jdiB92BBKh z;7r!GrS&?bAec0DTarD;mo`i;HSSv4@Cg1UCSgD`4ghGhS`29oz(W6L?W|*T^N$V> z=(s+%f5g{(OHW_KT)cvC6+!*xEI`d!0eOFWv6a`mCAVk*Y$H_Pe=|#gTfw~f^oP@EAO#4#!qxiX*oF2t&g9o^nVui g4(i#~iKKIc<7|taX$`(_X5X3CeK@UU?Wd3Z2btrk=>Px# delta 2275 zcmai#drZ?;6vuz}S6cd_EiD2qk5XDG$A3hjBPv=C)+hbXyj)=yb1;=@i4ZuE`!*vP2W(e#9C7*p}>`AL7^`Thsfw=YH?G z_ji8hp5ETNLH;;TRByz@$Qk?I*I=GUY3asoj?32sjm@WlwS=FIW<$s%Y#Ns6GUZ~&=4!YpY4POjSRlX&V>U~2MskI-ieh!luQRnvP3ARtt>?k zceE1dNYTN5SsWadTUgEtr&2o=PWl27QPtC4n;f*p6;TE{hB~9gDCWwk$wed7h+2e^ z!Y8JHBS!18$8a=BF~a<$Pu?#XSMlr;t&-1V%vrn*EoKgw2{qg{w&--0*Bj3yo@_te zKBcoy>+IK+cG$J1DBh=~8y$68oF&Yq5^I%3blFU*EHIH)qbQ>@Tohsx%%l}8%Mlw6 zt>zip1${y{G202YfEf`Z(Z0~ev($%ggAJylQma@O6!8r0CNj_1Pv;8eS-K5X{>HFweT@sisUkzoMZgK?nWqu}cU_?csCR?HudI#a8%;WR*_y#@wgWM`Q?)g+kXIwa4ji^V^(qOnp5O`kP zIv96Y$Tm1fSqsBPBiwT&v%fN+EBd`=GkR=6G$UFNNeEi`4401Bj=;m?S`lW13DG`> z!?1DrHPRlk6u&JYR=8f?OM0NJ!b4I+Cn{bO8?5MtGAN!Ui1-muS9DVVm0D_GD2N!GC1ro!uyWc ze4%t7#by62UCv82pM+xe2AF;8P4IDTA{m13YOfYQs6xFnkGYg*tZ;4=-H-*3(a~MZq_c)uXyyJY*?uGx9B0iWug8#)jwLq zzrH~aKQ7{bit2sqwQ%2)igCp4Rr#fUnP2W#_?7+`zp7JqJQ^I^^9^$M9!<@ zH9a#gtJ0R<*1jh;-RX2fP2+%4C>mRIgg7H2SijL=ep4J_Id4Sb^Ln@)-4SsYH!!qw z_6VM(8MA4*=i%6hmk|NPC}Iq;k0K&|!ZWy|Tlj%T6p#A``a1@O26qk( zg3_CkjMpfKxJGEfouHssq{ci_7uIG#LsJqw*|c={o`i`}kJlaQnMj&a=1wbfN2fhwdFX8WMX?0$j$14Y?FdMPb$HC;&Zo$8@NDN834+X2iA1jPEKO=-OQ1VhR0cS)4P1 h{@eUncND~Ths`TU!i1e?Xm@6|6YP1|O(3CX!(UQrSyKQ2 diff --git a/commands/__pycache__/packet_analysis.cpython-311.pyc b/commands/__pycache__/packet_analysis.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..db535d2a92559ae3e1b932ba44f1e39d127d68e8 GIT binary patch literal 13060 zcmcIKTWlNGmBaUt;!`9gilQXSdYO7ql5Hij<40smaV$Hs8hhhdwaYM^kxiQqb%u&8 z?l4go*$opI8^-I@a_S&#Hchlmx>bWd{MiIpAlL$n8DRho1`uFik&o_|f~0`gUwiHy zisDeBn||zYc;?=F&b{~C_j%k;Y&Hu4&qx0>NFV4Vi2p{Btw&!9e4B^B9fBe#O@c^j zW;7ZU)+V$`-Ha}&pV21`GX|WdOBj=;850ic6J*jnW5!`a!ji0;sl#Do!kV2x|Vaf6P{XVMI$>c&!w@G+f8r`U9YMx~sO zzMP<^Vx>y($5e`Zn}Wa{f+l7(6fvWvG&8y@#Ec&P2KXD{Z-PGwe>40o@UMfvm9kU% z*Yz_t%J4b?%`*aYP!5Wuos=2=TG}~lq%5x+pg~T``nqPOp0WXro6Aw{4roZg}?ITG@Ry!hSFTe zy~Dfcl&oFf3QdmNt9m#}8aP@Na$?;tY9t@;R}lVJ23;v&qLbHoC1LwAu_ z(1eUrvT;1hEW}f?F~eSsGS_9pnRsgchHSbJPf_UwHruo3#Gy;mO!^8FO$MKdCusK4 zg*ZcF;!8@NFnxpG6Vl7%Tq2s8O*2W^$S$%OIw@Nef=D7Alg$%1V)R@lo=%0dvYw?A zv$8JD&atS?!Qi8@@k5uQOzdj>75dT~lfFjBGVG<3)8`{E%qLO z#a^1jgA>6B7@hFkqHLq+3}lNam1YC#@e8Z4KB$#_6~Gd)skNA08}yZM}7|a8c@hev58XM>Mn*EpNNB4zW129&e5kQBQ z1D0IY*5)n$#udoHZ%QDoPjUgx=8C;Ml3A z298}oZKy%*+Cg2bedZnQtLN&O3tWAT_F2>==iD_Z>#9qxQKGe~L=Wd?8aWTN&RC;$ z9(9h#jGnEUhn$!57BtLN&Rc^U`<1G7l55Cp9j-7pxrPkvC|i$uMKSxhhH>I@IM>KE z)+pVf<~--)e9%r)jduFf)EeUEVCq5@H&_-@_^IONIM-0DIMudzCJ6No2pkVwf)$wa z<(g`8()9h>vxDDo&3<<7=x4vGW&X$Zvmf_!GuK>$ud4Z<3vdDGXR<~=2X^pX-Ov8a ze^qgN`@Qld{rW3s!d)e)3v zM(r$BkJ=BTD;sb}$d>K?*b2u}vuW8BRfbzODgoJC?x#`^lhxtD-r_@vpk88w(Cpw} zc^E(H8xMUW!$d(RNzs{wG;=+I3eI*^X(qc7bwPIa6eyQV#D=@!osrukd2*wn=^gqu zov+(yZoNBlZ-gg(8^MmB8$L4dWJ^VwzvXV%y{^1tqbYFLd(WGyzd(X@)MHRf9K+@i_42Edj#)*=p9)14zGEKSNGmOE_jcL-edV^9{5^6u)Jp} zjsS^oK=cjdPf19v(b;+>f5!&{?+vWj1pgDF|A~T0a{EEmarH``z@0O<&J-I3Pe}BH zcu%O5<$%=Q`$@}(Ei0VRepqZjT(Fn29FRP1ch25ATbvR+`$f-w-n0KfW6PcFt!%M# zMJqJ+iH&{vXC+7DCSkOl&`9l}PXZqXR+8mny2GC&K1{405xU33?lIokA-UTTF9#)0 z=elR_nrH7ytKbt-5*?j z@AAq)p=CsD87Ww#?!ixzA0}6){&-yIJ}GveT<<=;)_s~k^CO`Vx2o!=1kw$qxeZZ@y(+v?~IcgymXUt|P#zv%AYBuuU|&?S3e zP`rmRST;yqy`NnC@Z!p=Lf28T>*%sYYVLySn+{8XzV*Q1T3~S1A_Sfi15fdRryg#a zAm?95q9Ir`{mLVF!=g95NoY~A`wsqL;PZjs4E}ZyvU|^H6e#$@%a-D#HtP`61#peFJUPKGHlkXZ4f=`ISCs0DmMpuaMJtlNLEp|PP687w* zXzM7R71|DnZ3hrRV54{cFU3~YGLi?!LK8g}rdHjA0I|>m)=Blj+ zi6hvcK!B)xhv0~7TNvVJU}WTU0JWSJppMf3)W1*W^cj?+^l*C0kf|uK(%?iHJ~Mu7 z0M!`&%9As2hHGW&VmW;akG^U#K4;97MGbBl+#fkw=<6=fN6iV6W1N1egLdRC+#xzcjX;!lF>};s%*T%r03^A zX29Q&3(G{zD9UP7WDgK)O7fXS2}EK^3XH+?sT9q~R%qSad?upQU`av4K!IDJS~zQZ650uD)rDOy(YDBLJ{lrV|&q~^hnibEhs&C{$4INKq6DAGnfuvD^s zMoNa#Y#)Yx)6x869o);K6M4vUS$dFzI^@%9WKJRo>SMDGY> zMRC|7z5SxMKW~xR1_d&ZHx`V`ddU;qBrN7W4D#brQ^$H!Xss!<(kV0zicN$0$=#A1 zO>jWk`lO!W^`6nSo>8Iakl1rbaCR2RcJOg&$qWe~)5W(?> zlB*fc4anTszTVig*4VS65gL2N#@>Sd;e$FCU)NIX=Jy=9@8J)gl03Z-@${m%|K$Bw z0HF8OOZ z#EBg2!$k=1eAIgi>}x;7`-(niQ0>>M-CC^@Glw~%SXq0y63zfBFPspcmQ9*DBbc$u z_{zWzKAe~jQ;y_FPRHpvZ5GHm6M~1~f75mI1t=ddIChDH-RR#mQz1Rm4_GFIKpz0v zIt$K)44sM~WhG=*Rw?Q{CW+AY5}Ky4A|vZSMUxG9#mIHA^fOxsODTfz)>2qmSZJ>< zFD$&Em^nzwHdn2nN=DuQ0`?vNSUXM4dAsCqMdHHU{(B&m8O;iKb25LT;N5UEEqDFG zBRIN62S}d=Tffx0XT5cBt#xqKu(~L;j)|>fg*s{Isr8|;wV^R#=!7_Q0%o6U8c8hx z1y6rrvS^h~oGnZh_pdbl{MhP@&~Z%gJk5Ka29E+FG!i}i1^Y59I6IK&>1YAX0ME5Q zdw|PW<(Z34Q#`vSVeP*`yrF$VcLz=am@#EzHjI@1GmToUA0cwayf&|!)l%BmNo1r~ zk2##h6|;!aWh(0As?KfotkMvwoO({b17DT^fHPweZTCB#JTa>Qj~@wjsphP@6*&XA zIpL?K(GaP+4q}*K^$S|XMTT5v8u%gaA!pdpR*-1kBqHS&Vl#(n3f!4>$>@y;()hrt zpmG*b9B0$^JeDY+J(`!e?~&Q#UCkX3d*9S-%e)-%&made=sXN*nCs}Hm5pd)PO^BvQGAu9 z9wZMZqRE%3=+SJ?U+q7I@Gg|dqWYot_$Q}UGvbp|{PYX_lNXi<+|=EfMUqWvni!Ga z_}6+)^N#i=_~7w$Q09b|;eZTzsM+~MrsPyrHnG%001WI4=L~R?CKK` zDj=Y|nBS0*LDQK*{VMAcbc*T4p=5MUwkhKT+b-U)NyXG;Eg6XLq-1g^GjhT*izuI| z#Jo&`LmA%`knJTgCZdc2i=^+Df-k*egK!Jz*-qHcz}E^}biF5U z`r6jEa+uYaHX8iPqaPf8?=Zjj!uEUdiqL#jY`!Wq#Kneq z{^X_^@uF~~z;7^j-(gspUMmc(tcBXN5bmd7>{d(wg!)5b{h_=`YUxA@qMyevTMxbU z)3J`@2Hlqi{c*GDOREN;N@YYAU3_SK4x1iQ8HerT289vrdide0Z09*+Y6$K}R47v0 z$|c;CXstTLjGPInO6ns-gAPk0x>1ocy=qF4%6CDtb-O}!m{lEoRXtLrrdDCA?CRhd zBxVy&WqP)1C5Q|XX-f}R zHSX#Wpq!XLO9simrH69CI;j85{V}YOPs{5B-)2C^#EysZP~OiPs)ZcztL;wRNcnc5 zCW?(a3WfyELN$HnSCaXl7))6g4kkdT|yjMBZ&WZpWI)JXwK7hOuUKO&}b*I9D;SO|>1Wp1}i9k?eIPhAO4f-)5x2UA2=k4!&V zGB|KPhz{)YAsurTn1T~HItQ2D=!jzGV4jD>tapN8(oB$|V`&N(bMEXE2xGnp#oK|B zPE7+k6OAX>a5$W8s=$m-ovTDOSD+@wrq7z;v~=VLk!EZvt+NQ4HE#LS~sfS8~cds>5|D0_P)# zVt!(SV~SVqk-NeQRZg^`W<6hWHa;?=*bk65?$H)v4z4=Vk1R?PahKOAA}#KJ&}a*Y z$#)PyQVa7h2;4^CT?CNm&D;TybqCb~F)qt}@`W*|9$DbPV8;ZfPmE1xtuLn&R4^I6 z0^YhPT+lRRzz{}*s&F;E5V;DsGLiX8`GN~_5ur{|KpUTpBj2n(wir#JtClXGmSUXe{rFw^l(MUsuaLZgr(mXcugj39d`FajY8 zdVxWkiL9Yz&ul!Ap&5{Jl^LiQAB>7Y0X(DVPAhhR8gP*LF=CcMfJG&kF(Jx}%#!#j ztgMG3X)KB%Ay@q2>=(&?p6ti%YhNSV zi$GFJ!z9B3xlbhb@#H=n9TLc4ksRj9VaV}z-CK1<&qpm%uu}|-H7`%xwcN9S=h*6c`?b+OXvj8T-*Y!>Bgl>mG zEg>Cm+upJj=IfucvSb&EFSyfqK4bi!rYweN=w-3VBu?|z|c9&01MXmcF5>b?kj zj+=B}nhX&BPs_+@tL{%${b{G^Pi_sskd{I6D%gj%_Rj@~hCDJE!Iv~55!n)nB-7M9 z>>3f-8i5NP(FD5A5s4@c4!lRA?Gbzu*eSxw)`|-hEc35`tJ)?Ryp!VX8E>}N5eZVH zl}!@wy}w6MWL&~}y<#^&ry@QYQGop~088bc@fN)Ff3v!GKiotEs*rIV7|yL3iL zYw#_>UFpW9DOlUQ-Ya<;mY&N!I)ff(L5*6^gw!zS_NtD5m*#I{d02JN$ zv#NaVvp7}_8q5apa;rhZ5d%zsoj_?SYFwyZ)-& None: table.add_column("Discription", style="green") table.add_column("Other internal options", style="green") table.add_row("Attack", "--attack", "TXT/STRING", - "The Attack the user whats to run", "sub / dns / nmap / geo") - table.add_row("Target", "--target", "IP/HOSTNAME", + "The Attack the user whats to run", "sub / dns / nmap / geo/ jwt/ pcap") + table.add_row("Target", "--target", "IP/HOSTNAME/TOKEN/PCAP-FILE", "The target of the user", "None") table.add_row("Domain List", "--list", "Path to text file", "subdomain dictionary list", "Path") + table.add_row("Thread", "--thread", "INT", + "Number of threads for PCAP analysis", "200 (Default)") + table.add_row("Output", "--output", "Path to text file", + "Outputs the PCAP analysis", "Path") table.add_row("Profile", "--profile", "INT (1-13)", "The type of Nmap Scan the user intends", "None") table.add_row("AI", "--ai", "STRING", - "Choose your AI of choice", "bard / openai (default)") + "Choose your AI of choice", "/ LLAMA (RUNPOD OR LOCAL) /bard / openai (default)") table.add_row("menu", "--menu", "BOOL", "Interactive UI menu", "True / False (Default)") table.add_row("Rich Help", "--r", "STRING", @@ -86,7 +90,8 @@ def print_output(self, attack_type: str, jdata: str, ai: str) -> Any: table.add_column("Results", style="green") for key, value in data.items(): - table.add_row(key, value) + val = str(value) + table.add_row(key, str(val)) print(table) case 'bard': data = json.loads(jdata) @@ -95,7 +100,8 @@ def print_output(self, attack_type: str, jdata: str, ai: str) -> Any: table.add_column("Results", style="green") for key, value in data.items(): - table.add_row(key, value) + val = str(value) + table.add_row(key, str(val)) print(table) case 'llama': ai_out = Markdown(jdata) @@ -178,7 +184,8 @@ def print_output(self, attack_type: str, jdata: str, ai: str) -> Any: table.add_column("Results", style="green") for key, value in data.items(): - table.add_row(key, value) + val = str(value) + table.add_row(key, str(val)) print(table) case 'bard': data = json.loads(jdata) @@ -187,7 +194,8 @@ def print_output(self, attack_type: str, jdata: str, ai: str) -> Any: table.add_column("Results", style="green") for key, value in data.items(): - table.add_row(key, value) + val = str(value) + table.add_row(key, str(val)) print(table) case 'llama': ai_out = Markdown(jdata) @@ -229,3 +237,17 @@ def print_output(self, attack_type: str, jdata: str, ai: str) -> Any: console = Console() console.print(table) + case "PCAP": + data = json.loads(jdata) + table = Table(title="GVA Report for PCAP", show_header=True, header_style="bold magenta") + table.add_column("Identifiers", style="cyan") + table.add_column("Data", style="green") + + flattened_data: dict = self.flatten_json(data, separator='.') + + for key, value in flattened_data.items(): + value_str = str(value) + table.add_row(key, str(value_str)) + + console = Console() + console.print(table) diff --git a/commands/dns_recon.py b/commands/dns_recon.py index e8f309d..f5e92cc 100644 --- a/commands/dns_recon.py +++ b/commands/dns_recon.py @@ -1,49 +1,45 @@ from typing import Any, Optional +from rich import print import requests -import dns.resolver as dns_resolver_module -from rich.progress import track class DNSRecon: + analyze = '' + def dns_resolver(self, AIModels, target: str, akey: Optional[str], bkey: Optional[str], lkey, lendpoint, AI: str) -> Any: if target is not None: pass else: raise ValueError("InvalidTarget: Target Not Provided") - analyze = '' - # The DNS Records to be enumerated - record_types = ['A', 'AAAA', 'NS', 'CNAME', 'MX', 'PTR', 'SOA', 'TXT'] - for record_type in track(record_types): - try: - answer = dns_resolver_module.resolve(target, record_type) - for server in answer: - st = server.to_text() - analyze += f"\n{record_type} : {st}" - except dns_resolver_module.NoAnswer: - print('No record Found') - pass - except dns_resolver_module.NXDOMAIN: - print('NXDOMAIN record NOT Found') - pass - except dns_resolver_module.LifetimeTimeout: - print("Timed out, check your internet") - pass - except requests.exceptions.InvalidHeader: - pass - except KeyboardInterrupt: - print("Bye") - quit() + try: + print("✅ Domain Name Scanned") + Domain_scans = requests.get(f'https://api.hackertarget.com/dnslookup/?q={target}') + print("✅ Reverse DNS Scanned") + reverse_dns = requests.get(f'https://api.hackertarget.com/reversedns/?q={target}') + print("✅ Zone Transfer Scanned") + zone_transfer = requests.get(f'https://api.hackertarget.com/zonetransfer/?q={target}') + self.analyze = f""" +Domain Names: +{Domain_scans.text} + +Reverse Dns: +{reverse_dns.text} - response = "" +Zone Transfer: +{zone_transfer.text} +""" + except requests.Timeout: + print("❌ Request timeout error") + pass match AI: case 'openai': try: if akey is not None: - # Clean up Bearer token from newline characters akey = akey.replace('\n', '') else: raise ValueError("KeyNotFound: Key Not Provided") - response = AIModels.gpt_ai(akey, analyze) + print(self.analyze) + response = AIModels.gpt_ai(key=akey, analyze=self.analyze) except KeyboardInterrupt: print("Bye") quit() @@ -53,19 +49,19 @@ def dns_resolver(self, AIModels, target: str, akey: Optional[str], bkey: Optiona bkey = bkey.replace('\n', '') else: raise ValueError("KeyNotFound: Key Not Provided") - response = AIModels.BardAI(bkey, analyze) + response = AIModels.BardAI(bkey, self.analyze) except KeyboardInterrupt: print("Bye") quit() case 'llama': try: - response = AIModels.llama_AI(analyze, "local", lkey, lendpoint) + response = AIModels.llama_AI(self.analyze, "local", lkey, lendpoint) except KeyboardInterrupt: print("Bye") quit() case 'llama-api': try: - response = AIModels.llama_AI(analyze, "runpod", lkey, lendpoint) + response = AIModels.llama_AI(self.analyze, "runpod", lkey, lendpoint) except KeyboardInterrupt: print("Bye") quit() diff --git a/commands/menus.py b/commands/menus.py index afdaefd..2bdd655 100644 --- a/commands/menus.py +++ b/commands/menus.py @@ -8,6 +8,7 @@ from commands.geo import geo_ip_recon from commands.port_scanner import NetworkScanner from commands.jwt import JWTAnalyzer +from commands.packet_analysis import PacketAnalysis from commands.models import NMAP_AI_MODEL from commands.models import DNS_AI_MODEL from commands.models import JWT_AI_MODEL @@ -17,6 +18,7 @@ assets = Assets() dns_enum = DNSRecon() geo_ip = geo_ip_recon() +packetanalysis = PacketAnalysis() jwt_analyzer = JWTAnalyzer() p_ai_models = NMAP_AI_MODEL() dns_ai_models = DNS_AI_MODEL() @@ -24,22 +26,6 @@ port_scanner = NetworkScanner() sub_recon = sub_enum() console = Console() -target = "" -profile = "" -attack = "" -choice = "" -list_loc = "" -ai = "" -menu = "" -ai_set_args = "" -keyset = "" -akey_set = "" -bkey_set = "" -t = "" -profile_num = "" -ai_set = "" -llamakey = "" -llamaendpoint = "" def clearscr() -> None: @@ -68,7 +54,7 @@ def nmap_menu(self) -> None: table.add_row("3", "Set Profile") table.add_row("4", "Show options") table.add_row("5", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) self.option = input("Enter your choice: ") match self.option: @@ -168,9 +154,8 @@ def nmap_menu(self) -> None: AI=self.ai_set ) assets.print_output("Nmap", pout, self.ai_set) - case "r": - clearscr() - self.menu_term() + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -183,7 +168,7 @@ def dns_menu(self) -> None: table.add_row("2", "Set Target") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") match option: @@ -259,9 +244,8 @@ def dns_menu(self) -> None: AI=self.ai_set ) assets.print_output("DNS", dns_output, self.ai_set) - case "r": - clearscr() - self.menu_term() + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -274,7 +258,7 @@ def jwt_menu(self) -> None: table.add_row("2", "Set Token") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") match option: @@ -350,9 +334,62 @@ def jwt_menu(self) -> None: AI=self.ai_set ) assets.print_output("JWT", JWT_output, self.ai_set) - case "r": + case "q": + quit() + except KeyboardInterrupt: + print(Panel("Exiting Program")) + + def pcap_menu(self) -> None: + try: + table = Table() + table.add_column("Options", style="cyan") + table.add_column("Utility", style="green") + table.add_row("1", "Set Target file location") + table.add_row("2", "Set Output file location") + table.add_row("3", "Set Threads") + table.add_row("4", "Show options") + table.add_row("5", "Run Attack") + table.add_row("q", "Quit") + console.print(table) + self.option = input("Enter your choice: ") + match self.option: + case "1": clearscr() - self.menu_term() + print(Panel("Set Target PCAP file Location")) + self.t = input("Enter Target: ") + print(Panel(f"Target Set: {self.t}")) + self.pcap_menu() + case "2": + clearscr() + print(Panel("Set Output file Location")) + self.t = input("Enter Location: ") + print(Panel(f"Output Set: {self.output_loc}")) + self.pcap_menu() + case "3": + clearscr() + print(Panel("Set Number of threads")) + self.t = input("Enter Threads: ") + print(Panel(f"Threads Set: {self.threads}")) + self.pcap_menu() + case "4": + clearscr() + table1 = Table() + table1.add_column("Options", style="cyan") + table1.add_column("Value", style="green") + table1.add_row("Target PCAP file", str(self.t)) + table1.add_row("Output location", str(self.output_loc)) + table1.add_row("Threads set", str(self.threads)) + print(Panel(table1)) + self.pcap_menu() + case "5": + clearscr() + packetanalysis.PacketAnalyzer( + cap_loc=self.t, + save_loc=self.output_loc, + max_workers=self.threads + ) + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -365,7 +402,7 @@ def geo_menu(self) -> None: table.add_row("2", "Set Target") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) self.option = input("Enter your choice: ") match self.option: @@ -393,9 +430,8 @@ def geo_menu(self) -> None: clearscr() geo_output: str = geo_ip.geoip(self.keyset, self.t) assets.print_output("GeoIP", str(geo_output), ai="None") - case "r": - clearscr() - self.menu_term() + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -408,7 +444,7 @@ def sub_menu(self) -> None: table.add_row("2", "Set Target") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) self.option = input("Enter your choice: ") match self.option: @@ -437,15 +473,16 @@ def sub_menu(self) -> None: clearscr() sub_output: str = sub_recon.sub_enumerator(self.t, self.list_loc) console.print(sub_output, style="bold underline") - case "r": - clearscr() - self.menu_term() + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) - def __init__(self, lkey, lendpoint, keyset, t, profile_num, ai_set, akey_set, bkey_set, ai_set_args, llamakey, llamaendpoint) -> None: + def __init__(self, lkey, threads, output_loc, lendpoint, keyset, t, profile_num, ai_set, akey_set, bkey_set, ai_set_args, llamakey, llamaendpoint) -> None: try: self.lkey = lkey + self.threads = threads + self.output_loc = output_loc self.lendpoint = lendpoint self.keyset = keyset self.t = t @@ -464,6 +501,7 @@ def __init__(self, lkey, lendpoint, keyset, t, profile_num, ai_set, akey_set, bk table.add_row("3", "Subdomain Enum") table.add_row("4", "GEO-IP Enum") table.add_row("5", "JWT Analysis") + table.add_row("6", "PCAP Analysis") table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") @@ -483,6 +521,9 @@ def __init__(self, lkey, lendpoint, keyset, t, profile_num, ai_set, akey_set, bk case "5": clearscr() self.jwt_menu() + case "6": + clearscr() + self.pcap_menu() case "q": quit() except KeyboardInterrupt: diff --git a/commands/models.py b/commands/models.py index 9148111..6da4c06 100644 --- a/commands/models.py +++ b/commands/models.py @@ -11,26 +11,41 @@ class DNS_AI_MODEL(): @staticmethod def BardAI(key: str, data: Any) -> str: prompt = f""" - Do a DNS analysis on the provided DNS scan information - The DNS output must return in a JSON format accorging to the provided - output format. The data must be accurate in regards towards a pentest report. - The data must follow the following rules: - 1) The DNS scans must be done from a pentester point of view - 2) The final output must be minimal according to the format given - 3) The final output must be kept to a minimal + Perform a thorough DNS analysis based on the provided DNS scan information. The resulting output must conform to a JSON format designed for integration into a penetration testing (pentest) report. + The objective is to provide accurate and essential information from the perspective of a pentester, ensuring the final output is minimal and concise. + DNS Data to be Analyzed + Analysis Guidelines: + Pentester's Viewpoint: Approach the DNS analysis from a pentester's perspective, focusing on security implications and potential vulnerabilities. + Output Format Compliance: Ensure that the final output strictly adheres to the specified JSON format. Each section (DNS Records, Reverse DNS, Zone Transfer Scan) must be appropriately populated. + Conciseness: Keep the final output minimal. Include only crucial information relevant to a pentest report. + Insights to Include: + DNS Records: Provide information on A, AAAA, NS, MX, PTR, SOA, and TXT records. + Reverse DNS: Include details about the reverse DNS lookup, showcasing the relationship between IP addresses and corresponding domains. + Zone Transfer Scan: Indicate whether zone transfers are allowed and, if so, list the name servers associated. - The output format: - {{ + The output format: + {{ + "DNS_Records": {{ "A": [""], - "AAA": [""], + "AAAA": [""], "NS": [""], "MX": [""], "PTR": [""], "SOA": [""], "TXT": [""] + }}, + "Reverse_DNS": {{ + "IP_Address": "", + "Domain": "" + }}, + "Zone_Transfer_Scan": {{ + "Allowed": false, + "Name_Servers": [""] }} - DNS Data to be analyzed: {data} - """ + }} + + DNS Data to be analyzed: {data} + """ url = "https://generativelanguage.googleapis.com/v1beta2/models/text-bison-001:generateText?key=" + key @@ -103,23 +118,37 @@ def llama_AI(self, data: str, mode: str, lkey, lendpoint): def gpt_ai(analyze: str, key: Optional[str]) -> str: openai.api_key = key prompt = f""" - Do a DNS analysis on the provided DNS scan information - The DNS output must return in a JSON format accorging to the provided - output format. The data must be accurate in regards towards a pentest report. - The data must follow the following rules: - 1) The DNS scans must be done from a pentester point of view - 2) The final output must be minimal according to the format given - 3) The final output must be kept to a minimal + Perform a thorough DNS analysis based on the provided DNS scan information. The resulting output must conform to a JSON format designed for integration into a penetration testing (pentest) report. + The objective is to provide accurate and essential information from the perspective of a pentester, ensuring the final output is minimal and concise. + DNS Data to be Analyzed: + Analysis Guidelines: + Pentester's Viewpoint: Approach the DNS analysis from a pentester's perspective, focusing on security implications and potential vulnerabilities. + Output Format Compliance: Ensure that the final output strictly adheres to the specified JSON format. Each section (DNS Records, Reverse DNS, Zone Transfer Scan) must be appropriately populated. + Conciseness: Keep the final output minimal. Include only crucial information relevant to a pentest report. + Insights to Include: + DNS Records: Provide information on A, AAAA, NS, MX, PTR, SOA, and TXT records. + Reverse DNS: Include details about the reverse DNS lookup, showcasing the relationship between IP addresses and corresponding domains. + Zone Transfer Scan: Indicate whether zone transfers are allowed and, if so, list the name servers associated. The output format: {{ - "A": [""], - "AAA": [""], - "NS": [""], - "MX": [""], - "PTR": [""], - "SOA": [""], - "TXT": [""] + "DNS_Records": {{ + "A": [""], + "AAAA": [""], + "NS": [""], + "MX": [""], + "PTR": [""], + "SOA": [""], + "TXT": [""] + }}, + "Reverse_DNS": {{ + "IP_Address": "", + "Domain": "" + }}, + "Zone_Transfer_Scan": {{ + "Allowed": false, + "Name_Servers": [""] + }} }} DNS Data to be analyzed: {analyze} @@ -136,7 +165,8 @@ def gpt_ai(analyze: str, key: Optional[str]) -> str: stop=None, ) response = response['choices'][0]['message']['content'] - return dns_ai_data_regex(str(response)) + rsp = str(response) + return rsp except KeyboardInterrupt: print("Bye") quit() @@ -463,12 +493,14 @@ def llama_runpod_api(prompt: str, lkey: str, lendpoint: str) -> Any: def dns_ai_data_regex(json_string: str) -> Any: # Define the regular expression patterns for individual values A_pattern = r'"A": \["(.*?)"\]' - AAA_pattern = r'"AAA: \["(.*?)"\]' + AAA_pattern = r'"AAAA": \["(.*?)"\]' NS_pattern = r'"NS": \["(.*?)"\]' MX_pattern = r'"MX": \["(.*?)"\]' PTR_pattern = r'"PTR": \["(.*?)"\]' SOA_pattern = r'"SOA": \["(.*?)"\]' TXT_pattern = r'"TXT": \["(.*?)"\]' + Reverse_DNS_pattern = r'"Reverse_DNS": \{ "IP_Address": "(.*?)", "Domain": "(.*?)" \}' + Zone_Transfer_Scan_pattern = r'"Zone_Transfer_Scan": \{ "Allowed": (.*?), "Name_Servers": \["(.*?)"\] \}' # Initialize variables for extracted data A = None @@ -478,39 +510,61 @@ def dns_ai_data_regex(json_string: str) -> Any: PTR = None SOA = None TXT = None + Reverse_DNS_IP = None + Reverse_DNS_Domain = None + Zone_Transfer_Allowed = None + Zone_Transfer_Name_Servers = None # Extract individual values using patterns match = re.search(A_pattern, json_string) if match: A = match.group(1) - match = re.search(AAA_pattern, json_string) + match = re.search(AAA_pattern, json_string) if match: AAA = match.group(1) - match = re.search(NS_pattern, json_string) + match = re.search(NS_pattern, json_string) if match: NS = match.group(1) - match = re.search(MX_pattern, json_string) + match = re.search(MX_pattern, json_string) if match: MX = match.group(1) - match = re.search(PTR_pattern, json_string) + match = re.search(PTR_pattern, json_string) if match: PTR = match.group(1) - match = re.search(SOA_pattern, json_string) + match = re.search(SOA_pattern, json_string) if match: SOA = match.group(1) - match = re.search(TXT_pattern, json_string) + match = re.search(TXT_pattern, json_string) if match: TXT = match.group(1) + match = re.search(Reverse_DNS_pattern, json_string) + if match: + Reverse_DNS_IP = match.group(1) + Reverse_DNS_Domain = match.group(2) + match = re.search(Zone_Transfer_Scan_pattern, json_string) + if match: + Zone_Transfer_Allowed = bool(match.group(1)) + Zone_Transfer_Name_Servers = match.group(2) - # Create a dictionary to store the extracted data + # Create a dictionary to store the extracted data data = { - "A": A, - "AAA": AAA, - "NS": NS, - "MX": MX, - "PTR": PTR, - "SOA": SOA, - "TXT": TXT + "DNS_Records": { + "A": A, + "AAAA": AAA, + "NS": NS, + "MX": MX, + "PTR": PTR, + "SOA": SOA, + "TXT": TXT + }, + "Reverse_DNS": { + "IP_Address": Reverse_DNS_IP, + "Domain": Reverse_DNS_Domain + }, + "Zone_Transfer_Scan": { + "Allowed": Zone_Transfer_Allowed, + "Name_Servers": [Zone_Transfer_Name_Servers] if Zone_Transfer_Name_Servers else [] + } } # Convert the dictionary to JSON format diff --git a/commands/packet_analysis.py b/commands/packet_analysis.py new file mode 100644 index 0000000..81804f0 --- /dev/null +++ b/commands/packet_analysis.py @@ -0,0 +1,218 @@ +from rich import print +from subprocess import run, PIPE, STDOUT +from concurrent.futures import ThreadPoolExecutor +from typing import Any +from rich.console import Console +from rich.table import Table +import json +import re +import platform + + +class PacketAnalysis: + tshark_loc = "" + services = [] + tcp_streams = [] + sources = [] + destinations = [] + resolved = [] + dns_query_names = [] + dns_resp_names = [] + unique_eapol_data = [] + combined_json = [] + + def detect_tshark(self) -> None: + try: + osp = platform.system() + match osp: + case 'Darwin': + self.tshark_loc = "tshark" + case 'Linux': + self.tshark_loc = "tshark" + case 'Windows': + self.tshark_loc = '"C:\\Program Files\\Wireshark\\tshark.exe"' + except Exception: + pass + + def extract_network_info(self, json_data): + services = set() + tcp_streams = set() + source_addresses = set() + destination_addresses = set() + resolved_sources = set() + dns_query_names = set() + dns_resp_names = set() + unique_eapol_data = set() + + for entry in json_data: + layers = entry.get('_source', {}).get('layers', {}) + + tcp_layer = layers.get('tcp', {}) + if tcp_layer: + service = tcp_layer.get('tcp.srcport') + if service: + services.add(service) + if tcp_layer: + tcp_stream_val = tcp_layer.get('tcp.stream') + if service: + tcp_streams.add(tcp_stream_val) + + ip_layer = layers.get('ip', {}) + if ip_layer: + source_address = ip_layer.get('ip.src_host') + destination_address = ip_layer.get('ip.dst_host') + if source_address: + source_addresses.add(source_address) + if destination_address: + destination_addresses.add(destination_address) + + eth_layer = layers.get('eth', {}) + if eth_layer: + source_mac = eth_layer.get('eth.src') + resolved_source_mac = eth_layer.get('eth.src_tree', {}).get('eth.src_resolved') + if source_mac and resolved_source_mac: + resolved_sources.add(resolved_source_mac) + + dns_layer = layers.get('dns', {}) + if dns_layer: + queries = dns_layer.get('Queries', []) + if isinstance(queries, list): + for query in queries: + query_name = query.get('dns.qry.name') + if query_name: + dns_query_names.add(query_name) + elif isinstance(queries, dict): + for query_name, query_info in queries.items(): + dns_query_names.add(query_info.get('dns.qry.name')) + answers = dns_layer.get('Answers', []) + if isinstance(answers, list): + for answer in answers: + resp_name = answer.get('dns.resp.name') + if resp_name: + dns_resp_names.add(resp_name) + elif isinstance(answers, dict): + for resp_name, resp_info in answers.items(): + dns_resp_names.add(resp_info.get('dns.resp.name')) + + eapol_layer = layers.get('eapol', {}) + if eapol_layer: + eapol_data = eapol_layer.get('wlan_rsna_eapol.keydes.data', "") + unique_eapol_data.add(eapol_data) + + self.services = list(services) + self.tcp_streams = list(tcp_streams) + self.source_addresses = list(source_addresses) + self.destination_addresses = list(destination_addresses) + self.resolved_sources = list(resolved_sources) + self.dns_query_names = list(dns_query_names) + self.dns_resp_names = list(dns_resp_names) + self.unique_eapol_data = list(unique_eapol_data) + + def run_tshark_command(self, service, source, streams): + stream_cmd = f'{self.tshark_loc} -r test.pcap -q -z follow,tcp,raw,{streams} -Y "ip.addr=={source} and tcp.port=={service}"' + runner = run(stream_cmd, shell=True, stdout=PIPE, stderr=STDOUT, text=True) + output_lines = runner.stdout.splitlines() + node_regex = re.compile(r'Node (\d+): (.+)$') + data_regex = re.compile(r'\s+(.+)$') + node_0, node_1, data = None, None, None + for line in output_lines: + node_match = node_regex.match(line) + data_match = data_regex.match(line) + if node_match: + node_num, node_value = node_match.groups() + if node_num == '0': + node_0 = node_value + elif node_num == '1': + node_1 = node_value + elif data_match: + data = data_match.group(1) + + if node_0 is not None and node_1 is not None and data is not None: + return ['Source: ' f'{node_0}', 'Destination: ' f'{node_1}', 'stream: ' f'{streams}'] + else: + return [] + + def flatten_json(self, data: Any, separator: Any = '.') -> Any: + flattened_data = {} + for key, value in data.items(): + if isinstance(value, dict): + nested_data = self.flatten_json(value, separator) + for nested_key, nested_value in nested_data.items(): + flattened_data[key + separator + nested_key] = nested_value + else: + flattened_data[key] = value + return flattened_data + + def stream(self, service_list, source_list, tcp_streams_list, max_workers=20): + results = [] + + with ThreadPoolExecutor(max_workers=max_workers) as executor: + command_params = [(service, source, streams) for service in service_list for source in source_list for streams in tcp_streams_list] + print("Total Streams combination: ", len(command_params)) + print("Number of workers in progress: ", max_workers) + results = list(executor.map(lambda params: self.run_tshark_command(*params), command_params)) + results = [result for result in results if result] + self.combined_json = results + + def PacketAnalyzer(self, cap_loc, save_loc, max_workers): + self.detect_tshark() + print('Collecting Json Data') + raw_pcap = run(f"{self.tshark_loc} -r {cap_loc} -T json", shell=True, capture_output=True, text=True) + try: + raw_data = raw_pcap.stdout + json_data = json.loads(raw_data) + except json.JSONDecodeError as e: + print(f"Error decoding JSON: {e}") + json_data = [] + print('Extracting IP details...') + print('Extracting DNS details...') + print('Extracting EAPOL details...') + self.extract_network_info(json_data) + print('Extracting TCP STREAMS details...') + print('TCP streams can take some time..') + self.stream(service_list=self.services, + source_list=self.source_addresses, + tcp_streams_list=self.tcp_streams, + max_workers=max_workers) + print("Completed") + filtered_stream_data = self.combined_json + values = { + "PacketAnalysis": { + "Services": self.services, + "TCP Streams": self.tcp_streams, + "Sources Address": self.source_addresses, + "Destination Address": self.destination_addresses, + "DNS Resolved": self.resolved, + "DNS Query": self.dns_query_names, + "DNS Response": self.dns_resp_names, + "EAPOL Data": self.unique_eapol_data, + "Stream Data": filtered_stream_data + } + } + table_val = { + "PacketAnalysis": { + "Services": self.services, + "TCP Streams": self.tcp_streams, + "Sources Address": self.source_addresses, + "Destination Address": self.destination_addresses, + "DNS Resolved": self.resolved, + "DNS Query": self.dns_query_names, + "DNS Response": self.dns_resp_names, + "EAPOL Data": self.unique_eapol_data, + " Total Streams Data": str(len(filtered_stream_data)) + } + } + table = Table(title="GVA Report for PCAP", show_header=True, header_style="bold magenta") + table.add_column("Identifiers", style="cyan") + table.add_column("Data", style="green") + + flattened_data: dict = self.flatten_json(table_val, separator='.') + + for key, value in flattened_data.items(): + value_str = str(value) + table.add_row(key, str(value_str)) + + console = Console() + console.print(table) + with open(f'{save_loc}', 'w+') as file: + file.write(str(json.dumps(values))) diff --git a/gpt_vuln.py b/gpt_vuln.py index 5d9f8f8..6fb2509 100644 --- a/gpt_vuln.py +++ b/gpt_vuln.py @@ -10,6 +10,7 @@ from commands.geo import geo_ip_recon from commands.port_scanner import NetworkScanner from commands.jwt import JWTAnalyzer +from commands.packet_analysis import PacketAnalysis from commands.models import NMAP_AI_MODEL from commands.models import DNS_AI_MODEL from commands.models import JWT_AI_MODEL @@ -20,6 +21,7 @@ console = Console() dns_enum = DNSRecon() geo_ip = geo_ip_recon() +packet_analysis = PacketAnalysis() p_ai_models = NMAP_AI_MODEL() dns_ai_models = DNS_AI_MODEL() jwt_ai_models = JWT_AI_MODEL() @@ -35,11 +37,12 @@ bkey = os.getenv('BARD_API_KEY') lkey = os.getenv('RUNPOD_API_KEY') lendpoint = os.getenv('RUNPOD_ENDPOINT_ID') - +rloc = os.getcwd() +oloc = f'{rloc}\\outputs\\output.json' parser = argparse.ArgumentParser( description='Python-Nmap and chatGPT intigrated Vulnerability scanner') parser.add_argument('--target', metavar='target', type=str, - help='Target IP or hostname or JWT token') + help='Target IP, hostname, JWT token or pcap file location') parser.add_argument('--profile', metavar='profile', type=int, default=1, help='Enter Profile of scan 1-13 (Default: 1)', required=False) parser.add_argument('--attack', metavar='attack', type=str, @@ -48,6 +51,7 @@ sub - Subdomain Enumeration using the default array. dns - to perform DNS Enumeration and get openion from Chat-GPT jwt - Analyze JWT tokens and the related information + pcap - Pcap Packet Analysis ''', required=False) parser.add_argument('--list', metavar='list', type=str, help=''' @@ -55,6 +59,9 @@ ''', default='lists/default.txt', required=False) +parser.add_argument('--output', metavar='output', type=str, + help='Pcap analysis output file', default=oloc) +parser.add_argument('--threads', metavar='threads', type=int, help='Define the number of threads for pcap processing', default=200) parser.add_argument('--rich_menu', metavar='rich_menu', type=str, help='Shows a more clean help manu using rich only argument-input is help', default=help, @@ -75,11 +82,13 @@ choice = args.rich_menu list_loc = args.list ai = args.ai +output_loc = args.output menu = args.menu ai_set_args = "" keyset = "" akey_set = "" bkey_set = "" +threads = args.threads t = "" profile_num = "" ai_set = "" @@ -101,6 +110,8 @@ def main(target: Any) -> None: elif menu is True: Menus( lkey=lkey, + threads=threads, + output_loc=output_loc, lendpoint=lendpoint, keyset=keyset, t=t, @@ -154,6 +165,12 @@ def main(target: Any) -> None: AI=ai ) asset_codes.print_output("JWT", output, ai) + case 'pcap': + packet_analysis.PacketAnalyzer( + cap_loc=target, + save_loc=output_loc, + max_workers=threads + ) except KeyboardInterrupt: console.print_exception("Bye") quit() diff --git a/outputs/output.json b/outputs/output.json new file mode 100644 index 0000000..e69de29 diff --git a/package/GVA.egg-info/SOURCES.txt b/package/GVA.egg-info/SOURCES.txt index 62c9105..e469877 100644 --- a/package/GVA.egg-info/SOURCES.txt +++ b/package/GVA.egg-info/SOURCES.txt @@ -12,6 +12,7 @@ GVA/geo.py GVA/gui.py GVA/jwt.py GVA/menus.py +GVA/packet_analysis.py GVA/requirements.txt GVA/scanner.py GVA/subdomain.py diff --git a/package/GVA/menus.py b/package/GVA/menus.py index 803bbfb..ce94fd8 100644 --- a/package/GVA/menus.py +++ b/package/GVA/menus.py @@ -1,49 +1,31 @@ -import json import os import platform -from typing import Any from rich import print from rich.console import Console from rich.table import Table from rich.panel import Panel -from rich.console import Group -from rich.align import Align -from rich import box -from rich.markdown import Markdown from GVA.dns_recon import DNSRecon from GVA.geo import geo_ip_recon from GVA.scanner import NetworkScanner from GVA.subdomain import sub_enum from GVA.jwt import JWTAnalyzer +from GVA.assets import Assets +from GVA.packet_analysis import PacketAnalysis from GVA.ai_models import NMAP_AI_MODEL from GVA.ai_models import DNS_AI_MODEL from GVA.ai_models import JWT_AI_MODEL +assets = Assets() dns_enum = DNSRecon() geo_ip = geo_ip_recon() +packetanalysis = PacketAnalysis() +jwt_analyzer = JWTAnalyzer() p_ai_models = NMAP_AI_MODEL() dns_ai_models = DNS_AI_MODEL() jwt_ai_model = JWT_AI_MODEL() port_scanner = NetworkScanner() -jwt_analyzer = JWTAnalyzer() sub_recon = sub_enum() console = Console() -target = "" -profile = "" -attack = "" -choice = "" -list_loc = "" -ai = "" -menu = "" -ai_set_args = "" -keyset = "" -akey_set = "" -bkey_set = "" -t = "" -profile_num = "" -ai_set = "" -llamakey = "" -llamaendpoint = "" def clearscr() -> None: @@ -61,171 +43,6 @@ def clearscr() -> None: class Menus(): - def flatten_json(self, data: Any, separator: Any = '.') -> Any: - flattened_data = {} - for key, value in data.items(): - if isinstance(value, dict): - nested_data = self.flatten_json(value, separator) - for nested_key, nested_value in nested_data.items(): - flattened_data[key + separator + nested_key] = nested_value - else: - flattened_data[key] = value - return flattened_data - - def print_output(self, attack_type: str, jdata: str, ai: str) -> Any: - match attack_type: - case "Nmap": - match ai: - case 'openai': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(key, value) - print(table) - case 'bard': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(key, value) - print(table) - case 'llama': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case 'llama-api': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case "JWT": - match ai: - case 'openai': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(str(key), str(value)) - print(table) - case 'bard': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(str(key), str(value)) - print(table) - case 'llama': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case 'llama-api': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case "DNS": - match ai: - case 'openai': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(key, value) - print(table) - case 'bard': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(key, value) - print(table) - case 'llama': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case 'llama-api': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case "GeoIP": - data = json.loads(jdata) - table = Table(title="GVA Report for GeoIP", show_header=True, header_style="bold magenta") - table.add_column("Identifiers", style="cyan") - table.add_column("Data", style="green") - - flattened_data: dict = self.flatten_json(data, separator='.') - - for key, value in flattened_data.items(): - value_str = str(value) - table.add_row(key, value_str) - - console = Console() - console.print(table) def nmap_menu(self) -> None: try: @@ -237,7 +54,7 @@ def nmap_menu(self) -> None: table.add_row("3", "Set Profile") table.add_row("4", "Show options") table.add_row("5", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) self.option = input("Enter your choice: ") match self.option: @@ -298,6 +115,14 @@ def nmap_menu(self) -> None: table1.add_row("3", "-Pn -sS -sU -T4 -A -v") table1.add_row("4", "-Pn -p- -T4 -A -v") table1.add_row("5", "-Pn -sS -sU -T4 -A -PE -PP -PY -g 53 --script=vuln") + table1.add_row("6", "-Pn -sV -p- -A") + table1.add_row("7", "-Pn -sS -sV -O -T4 -A") + table1.add_row("8", "-Pn -sC") + table1.add_row("9", "-Pn -p 1-65535 -T4 -A -v") + table1.add_row("10", "-Pn -sU -T4") + table1.add_row("11", "-Pn -sV --top-ports 100") + table1.add_row("12", "-Pn -sS -sV -T4 --script=default,discovery,vuln") + table1.add_row("13", "-Pn -F") print(Panel(table1)) self.profile_num = input("Enter your Profile: ") print(Panel(f"Profile Set {self.profile_num}")) @@ -328,10 +153,9 @@ def nmap_menu(self) -> None: lendpoint=self.lendpoint, AI=self.ai_set ) - self.print_output("Nmap", pout, self.ai_set) - case "r": - clearscr() - self.menu_term() + assets.print_output("Nmap", pout, self.ai_set) + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -344,7 +168,7 @@ def dns_menu(self) -> None: table.add_row("2", "Set Target") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") match option: @@ -419,53 +243,9 @@ def dns_menu(self) -> None: lendpoint=self.lendpoint, AI=self.ai_set ) - self.print_output("DNS", dns_output, self.ai_set) - case "r": - clearscr() - self.menu_term() - except KeyboardInterrupt: - print(Panel("Exiting Program")) - - def geo_menu(self) -> None: - try: - table = Table() - table.add_column("Options", style="cyan") - table.add_column("Utility", style="green") - table.add_row("1", "ADD API Key") - table.add_row("2", "Set Target") - table.add_row("3", "Show options") - table.add_row("4", "Run Attack") - table.add_row("r", "Return") - console.print(table) - self.option = input("Enter your choice: ") - match self.option: - case "1": - clearscr() - self.keyset = input("Enter GEO-IP API: ") - print(Panel(f"GEOIP API Key Set: {self.keyset}")) - self.geo_menu() - case "2": - clearscr() - print(Panel("Set Target Hostname or IP")) - self.t = input("Enter Target: ") - print(Panel(f"Target Set: {self.t}")) - self.geo_menu() - case "3": - clearscr() - table1 = Table() - table1.add_column("Options", style="cyan") - table1.add_column("Value", style="green") - table1.add_row("API Key", str(self.keyset)) - table1.add_row("Target", str(self.t)) - print(Panel(table1)) - self.geo_menu() - case "4": - clearscr() - geo_output: str = geo_ip.geoip(self.keyset, self.t) - self.print_output("GeoIP", str(geo_output), ai="None") - case "r": - clearscr() - self.menu_term() + assets.print_output("DNS", dns_output, self.ai_set) + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -478,7 +258,7 @@ def jwt_menu(self) -> None: table.add_row("2", "Set Token") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") match option: @@ -553,10 +333,105 @@ def jwt_menu(self) -> None: llama_endpoint=self.lendpoint, AI=self.ai_set ) - self.print_output("JWT", JWT_output, self.ai_set) - case "r": + assets.print_output("JWT", JWT_output, self.ai_set) + case "q": + quit() + except KeyboardInterrupt: + print(Panel("Exiting Program")) + + def pcap_menu(self) -> None: + try: + table = Table() + table.add_column("Options", style="cyan") + table.add_column("Utility", style="green") + table.add_row("1", "Set Target file location") + table.add_row("2", "Set Output file location") + table.add_row("3", "Set Threads") + table.add_row("4", "Show options") + table.add_row("5", "Run Attack") + table.add_row("q", "Quit") + console.print(table) + self.option = input("Enter your choice: ") + match self.option: + case "1": + clearscr() + print(Panel("Set Target PCAP file Location")) + self.t = input("Enter Target: ") + print(Panel(f"Target Set: {self.t}")) + self.pcap_menu() + case "2": + clearscr() + print(Panel("Set Output file Location")) + self.t = input("Enter Location: ") + print(Panel(f"Output Set: {self.output_loc}")) + self.pcap_menu() + case "3": + clearscr() + print(Panel("Set Number of threads")) + self.t = input("Enter Threads: ") + print(Panel(f"Threads Set: {self.threads}")) + self.pcap_menu() + case "4": clearscr() - self.menu_term() + table1 = Table() + table1.add_column("Options", style="cyan") + table1.add_column("Value", style="green") + table1.add_row("Target PCAP file", str(self.t)) + table1.add_row("Output location", str(self.output_loc)) + table1.add_row("Threads set", str(self.threads)) + print(Panel(table1)) + self.pcap_menu() + case "5": + clearscr() + packetanalysis.PacketAnalyzer( + cap_loc=self.t, + save_loc=self.output_loc, + max_workers=self.threads + ) + case "q": + quit() + except KeyboardInterrupt: + print(Panel("Exiting Program")) + + def geo_menu(self) -> None: + try: + table = Table() + table.add_column("Options", style="cyan") + table.add_column("Utility", style="green") + table.add_row("1", "ADD API Key") + table.add_row("2", "Set Target") + table.add_row("3", "Show options") + table.add_row("4", "Run Attack") + table.add_row("q", "Quit") + console.print(table) + self.option = input("Enter your choice: ") + match self.option: + case "1": + clearscr() + self.keyset = input("Enter GEO-IP API: ") + print(Panel(f"GEOIP API Key Set: {self.keyset}")) + self.geo_menu() + case "2": + clearscr() + print(Panel("Set Target Hostname or IP")) + self.t = input("Enter Target: ") + print(Panel(f"Target Set: {self.t}")) + self.geo_menu() + case "3": + clearscr() + table1 = Table() + table1.add_column("Options", style="cyan") + table1.add_column("Value", style="green") + table1.add_row("API Key", str(self.keyset)) + table1.add_row("Target", str(self.t)) + print(Panel(table1)) + self.geo_menu() + case "4": + clearscr() + geo_output: str = geo_ip.geoip(self.keyset, self.t) + assets.print_output("GeoIP", str(geo_output), ai="None") + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -569,7 +444,7 @@ def sub_menu(self) -> None: table.add_row("2", "Set Target") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) self.option = input("Enter your choice: ") match self.option: @@ -598,25 +473,26 @@ def sub_menu(self) -> None: clearscr() sub_output: str = sub_recon.sub_enumerator(self.t, self.list_loc) console.print(sub_output, style="bold underline") - case "r": - clearscr() - self.menu_term() + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) - def __init__(self, lamma_key, llama_api_endpoint, initial_keyset, target, profile_num, ai_set, openai_akey_set, bard_key_set, ai_set_args, llama_runpod_key, llama_endpoint) -> None: + def __init__(self, lkey, threads, output_loc, lendpoint, keyset, t, profile_num, ai_set, akey_set, bkey_set, ai_set_args, llamakey, llamaendpoint) -> None: try: - self.lkey = lamma_key - self.lendpoint = llama_api_endpoint - self.keyset = initial_keyset - self.t = target + self.lkey = lkey + self.threads = threads + self.output_loc = output_loc + self.lendpoint = lendpoint + self.keyset = keyset + self.t = t self.profile_num = profile_num self.ai_set = ai_set - self.akey_set = openai_akey_set - self.bkey_set = bard_key_set + self.akey_set = akey_set + self.bkey_set = bkey_set self.ai_set_args = ai_set_args - self.llamakey = llama_runpod_key - self.llamaendpoint = llama_endpoint + self.llamakey = llamakey + self.llamaendpoint = llamaendpoint table = Table() table.add_column("Options", style="cyan") table.add_column("Utility", style="green") @@ -624,6 +500,8 @@ def __init__(self, lamma_key, llama_api_endpoint, initial_keyset, target, profil table.add_row("2", "DNS Enum") table.add_row("3", "Subdomain Enum") table.add_row("4", "GEO-IP Enum") + table.add_row("5", "JWT Analysis") + table.add_row("6", "PCAP Analysis") table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") @@ -643,6 +521,9 @@ def __init__(self, lamma_key, llama_api_endpoint, initial_keyset, target, profil case "5": clearscr() self.jwt_menu() + case "6": + clearscr() + self.pcap_menu() case "q": quit() except KeyboardInterrupt: diff --git a/package/GVA/packet_analysis.py b/package/GVA/packet_analysis.py new file mode 100644 index 0000000..81804f0 --- /dev/null +++ b/package/GVA/packet_analysis.py @@ -0,0 +1,218 @@ +from rich import print +from subprocess import run, PIPE, STDOUT +from concurrent.futures import ThreadPoolExecutor +from typing import Any +from rich.console import Console +from rich.table import Table +import json +import re +import platform + + +class PacketAnalysis: + tshark_loc = "" + services = [] + tcp_streams = [] + sources = [] + destinations = [] + resolved = [] + dns_query_names = [] + dns_resp_names = [] + unique_eapol_data = [] + combined_json = [] + + def detect_tshark(self) -> None: + try: + osp = platform.system() + match osp: + case 'Darwin': + self.tshark_loc = "tshark" + case 'Linux': + self.tshark_loc = "tshark" + case 'Windows': + self.tshark_loc = '"C:\\Program Files\\Wireshark\\tshark.exe"' + except Exception: + pass + + def extract_network_info(self, json_data): + services = set() + tcp_streams = set() + source_addresses = set() + destination_addresses = set() + resolved_sources = set() + dns_query_names = set() + dns_resp_names = set() + unique_eapol_data = set() + + for entry in json_data: + layers = entry.get('_source', {}).get('layers', {}) + + tcp_layer = layers.get('tcp', {}) + if tcp_layer: + service = tcp_layer.get('tcp.srcport') + if service: + services.add(service) + if tcp_layer: + tcp_stream_val = tcp_layer.get('tcp.stream') + if service: + tcp_streams.add(tcp_stream_val) + + ip_layer = layers.get('ip', {}) + if ip_layer: + source_address = ip_layer.get('ip.src_host') + destination_address = ip_layer.get('ip.dst_host') + if source_address: + source_addresses.add(source_address) + if destination_address: + destination_addresses.add(destination_address) + + eth_layer = layers.get('eth', {}) + if eth_layer: + source_mac = eth_layer.get('eth.src') + resolved_source_mac = eth_layer.get('eth.src_tree', {}).get('eth.src_resolved') + if source_mac and resolved_source_mac: + resolved_sources.add(resolved_source_mac) + + dns_layer = layers.get('dns', {}) + if dns_layer: + queries = dns_layer.get('Queries', []) + if isinstance(queries, list): + for query in queries: + query_name = query.get('dns.qry.name') + if query_name: + dns_query_names.add(query_name) + elif isinstance(queries, dict): + for query_name, query_info in queries.items(): + dns_query_names.add(query_info.get('dns.qry.name')) + answers = dns_layer.get('Answers', []) + if isinstance(answers, list): + for answer in answers: + resp_name = answer.get('dns.resp.name') + if resp_name: + dns_resp_names.add(resp_name) + elif isinstance(answers, dict): + for resp_name, resp_info in answers.items(): + dns_resp_names.add(resp_info.get('dns.resp.name')) + + eapol_layer = layers.get('eapol', {}) + if eapol_layer: + eapol_data = eapol_layer.get('wlan_rsna_eapol.keydes.data', "") + unique_eapol_data.add(eapol_data) + + self.services = list(services) + self.tcp_streams = list(tcp_streams) + self.source_addresses = list(source_addresses) + self.destination_addresses = list(destination_addresses) + self.resolved_sources = list(resolved_sources) + self.dns_query_names = list(dns_query_names) + self.dns_resp_names = list(dns_resp_names) + self.unique_eapol_data = list(unique_eapol_data) + + def run_tshark_command(self, service, source, streams): + stream_cmd = f'{self.tshark_loc} -r test.pcap -q -z follow,tcp,raw,{streams} -Y "ip.addr=={source} and tcp.port=={service}"' + runner = run(stream_cmd, shell=True, stdout=PIPE, stderr=STDOUT, text=True) + output_lines = runner.stdout.splitlines() + node_regex = re.compile(r'Node (\d+): (.+)$') + data_regex = re.compile(r'\s+(.+)$') + node_0, node_1, data = None, None, None + for line in output_lines: + node_match = node_regex.match(line) + data_match = data_regex.match(line) + if node_match: + node_num, node_value = node_match.groups() + if node_num == '0': + node_0 = node_value + elif node_num == '1': + node_1 = node_value + elif data_match: + data = data_match.group(1) + + if node_0 is not None and node_1 is not None and data is not None: + return ['Source: ' f'{node_0}', 'Destination: ' f'{node_1}', 'stream: ' f'{streams}'] + else: + return [] + + def flatten_json(self, data: Any, separator: Any = '.') -> Any: + flattened_data = {} + for key, value in data.items(): + if isinstance(value, dict): + nested_data = self.flatten_json(value, separator) + for nested_key, nested_value in nested_data.items(): + flattened_data[key + separator + nested_key] = nested_value + else: + flattened_data[key] = value + return flattened_data + + def stream(self, service_list, source_list, tcp_streams_list, max_workers=20): + results = [] + + with ThreadPoolExecutor(max_workers=max_workers) as executor: + command_params = [(service, source, streams) for service in service_list for source in source_list for streams in tcp_streams_list] + print("Total Streams combination: ", len(command_params)) + print("Number of workers in progress: ", max_workers) + results = list(executor.map(lambda params: self.run_tshark_command(*params), command_params)) + results = [result for result in results if result] + self.combined_json = results + + def PacketAnalyzer(self, cap_loc, save_loc, max_workers): + self.detect_tshark() + print('Collecting Json Data') + raw_pcap = run(f"{self.tshark_loc} -r {cap_loc} -T json", shell=True, capture_output=True, text=True) + try: + raw_data = raw_pcap.stdout + json_data = json.loads(raw_data) + except json.JSONDecodeError as e: + print(f"Error decoding JSON: {e}") + json_data = [] + print('Extracting IP details...') + print('Extracting DNS details...') + print('Extracting EAPOL details...') + self.extract_network_info(json_data) + print('Extracting TCP STREAMS details...') + print('TCP streams can take some time..') + self.stream(service_list=self.services, + source_list=self.source_addresses, + tcp_streams_list=self.tcp_streams, + max_workers=max_workers) + print("Completed") + filtered_stream_data = self.combined_json + values = { + "PacketAnalysis": { + "Services": self.services, + "TCP Streams": self.tcp_streams, + "Sources Address": self.source_addresses, + "Destination Address": self.destination_addresses, + "DNS Resolved": self.resolved, + "DNS Query": self.dns_query_names, + "DNS Response": self.dns_resp_names, + "EAPOL Data": self.unique_eapol_data, + "Stream Data": filtered_stream_data + } + } + table_val = { + "PacketAnalysis": { + "Services": self.services, + "TCP Streams": self.tcp_streams, + "Sources Address": self.source_addresses, + "Destination Address": self.destination_addresses, + "DNS Resolved": self.resolved, + "DNS Query": self.dns_query_names, + "DNS Response": self.dns_resp_names, + "EAPOL Data": self.unique_eapol_data, + " Total Streams Data": str(len(filtered_stream_data)) + } + } + table = Table(title="GVA Report for PCAP", show_header=True, header_style="bold magenta") + table.add_column("Identifiers", style="cyan") + table.add_column("Data", style="green") + + flattened_data: dict = self.flatten_json(table_val, separator='.') + + for key, value in flattened_data.items(): + value_str = str(value) + table.add_row(key, str(value_str)) + + console = Console() + console.print(table) + with open(f'{save_loc}', 'w+') as file: + file.write(str(json.dumps(values))) diff --git a/package/README.md b/package/README.md index df783d8..b4ec589 100644 --- a/package/README.md +++ b/package/README.md @@ -3,197 +3,566 @@ This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT made using openai-api, python-nmap, dnsresolver python modules and also use customtkinter and tkinter for the GUI version of the code. This project also has a CLI and a GUI interface, It is capable of doing network vulnerability analysis, DNS enumeration and also subdomain enumeration. ## Requirements -- Python 3.10 + +- Python 3.10 or above - All the packages mentioned in the requirements.txt file -- OpenAi api +- OpenAI API +- Bard API (MakerSuite Palm) +- HuggingFace token (with llama2 access ) +- IPGeolocation API +- Wireshark and tshark (both added to path) ## Usage Package ### Import packages -`pip install GVA` -or -`pip3 install GVA` + +```bash +cd package && pip3/pip install . +``` Simple import any of the 3 packages and then add define the variables accordingly + ```python -from GVA import profile -from GVA import dns -from GVA import subdomain +from GVA.scanner import NetworkScanner +from GVA.dns_recon import DNSRecon +from GVA.geo import geo_ip_recon +from GVA.jwt import JWTAnalyzer +from GVA.menus import Menus +from GVA.packet_analysis import PacketAnalysis +from GVA.ai_models import NMAP_AI_MODEL +from GVA.ai_models import DNS_AI_MODEL +from GVA.ai_models import JWT_AI_MODEL +from GVA.assets import Assets +from GVA.subdomain import sub_enum +from GVA import gui -key = "__API__KEY__" -profile.openai.api_key = key -dns.openai.api_key = key +# The components defined +dns_enum = DNSRecon() +geo_ip = geo_ip_recon() +p_ai_models = NMAP_AI_MODEL() +dns_ai_models = DNS_AI_MODEL() +port_scanner = NetworkScanner() +jwt_analizer = JWTAnalyzer() +sub_recon = sub_enum() +asset_codes = Assets() +packet_analysis = PacketAnalysis() -print(profile.p1("")) -print(dns.dnsr("")) -subdomain.sub("") +# KEEP IT BLANK IF YOU HAVE NO CLUE THE MENU WILL ASK TO FILL IT ONCE ACTIVE +lkey = "LLAMA API KEY" +lendpoint = "LLAMA ENDPOINT" +keyset = "AI API KEY" +output_loc = "OUTPUT LOCATION FOR PCAP" +threads = 200 # Default INT 200 but can be increased. +target_ip_hostname_or_token = "TARGET IP, HOSTNAME OR TOKEN" +profile_num = "PROFILE FOR NMAP SCAN" +ai_set = "AI OF CHOICE" +akey_set = "OPENAI API KEY" +bkey_set = "BARD API KEY" +ai_set_args = "" # Keep it blank at any cost +llamakey = "LLAMA RUNPOD API KEY" +llamaendpoint = "LLAMA RUNPOD ENDPOINT" + +Menus( + lamma_key=lkey, + llama_api_endpoint=lendpoint, + initial_keyset=keyset, + threads=threads, + output_loc=output_loc, + target=target_ip_hostname, + profile_num=profile_num, + ai_set=ai_set, + openai_akey_set=akey_set, + bard_key_set=bkey_set, + ai_set_args=ai_set_args, + llama_runpod_key=llamakey, + llama_endpoint=llamaendpoint +) + + +gui.application() ``` ## Usage CLI -- First Change the "__API__KEY__" part of the code with OpenAI api key +- First Change the "OPENAI_API_KEY", "GEOIP_API_KEY" and "BARD_API_KEY" part of the code with OpenAI api key and the IPGeolocation API key in the `.env` file +- For the `llama-api` option or specific the llama runpod serverless endpoint deployment option requires you to enter the `serverless endpoint ID` from runpod and also your `RUNPOD API KEY` + ```python -akey = "__API__KEY__" # Enter your API key +GEOIP_API_KEY = '' +OPENAI_API_KEY = '' +BARD_API_KEY = '' +RUNPOD_ENDPOINT_ID = '' +RUNPOD_API_KEY = '' ``` + - second install the packages + ```bash pip3 install -r requirements.txt or pip install -r requirements.txt ``` + - run the code python3 gpt_vuln.py + ```bash # Regular Help Menu python gpt_vuln.py --help # Rich Help Menu -python get_vuln.py --r help +python gpt_vuln.py --r help # Specify target with the attack -python gpt_vuln.py --target --attack dns/nmap +python gpt_vuln.py --target --attack dns/nmap/jwt # Specify target and profile for nmap -python get_vuln.py --target --attack nmap --profile <1-5> +python gpt_vuln.py --target --attack nmap --profile <1-13> (Default:1) # Specify target for DNS no profile needed -python get_vuln.py --target --attack dns +python gpt_vuln.py --target --attack dns + +# Specify target for Subdomain Enumeration no profile used default list file +python gpt_vuln.py --target --attack sub + +# Specify target for Subdomain Enumeration no profile used custom list file +python gpt_vuln.py --target --attack sub --list + +# Specify target for geolocation lookup +python gpt_vuln.py --target --attack geo + +# Specify PCAP file for packet analysis +python gpt_vuln.py --target --attack pcap --output --thread NUM of threads <200:default> + +# Specify the AI to be used for nmap +python gpt_vuln.py --target --attack nmap --profile <1-5> --ai llama /llama-api /bard / openai + +# Specify the AI to be used for dns +python gpt_vuln.py --target --attack dns --ai llama /llama-api /bard / openai + +# Specify the AI to be used for JWT analysis +python gpt_vuln.py --target --attack jwt --ai llama /llama-api /bard / openai + +# Interactive step by step cli interface +python gpt_vuln.py --menu True +``` -# Specify target for Subdomain Enumeration no profile needed -python get_vuln.py --target --attack sub +#### CLI Interface Option + +```bash + ________________________ +| GVA Usage in progress... | + ======================== + \ + \ + ^__^ + (oo)\_______ + (__)\ )\/\ + ||----w | + || || +┏━━━━━━━━━┳━━━━━━━━━━━━━━━━┓ +┃ Options ┃ Utility ┃ +┡━━━━━━━━━╇━━━━━━━━━━━━━━━━┩ +│ 1 │ Nmap Enum │ +│ 2 │ DNS Enum │ +│ 3 │ Subdomain Enum │ +│ 4 │ GEO-IP Enum │ +| 5 | JWT Analysis | +| 6 | PCAP Analysis | +│ q │ Quit │ +└─────────┴────────────────┘ +Enter your choice: ``` -Supported in both windows and linux +The CLI interface has a few things to note. + +- The API keys must be provided manually. +- The ones defined in the `.env` files work with the args options +- The process is similar but more organized. + +### My views on Bard + +Its same as Openai GPT3.5 but faster. It can generate the same answer but in 2 times the speed. + +### OS Supported + +| Preview | Code | Name | Working Status | OpenAI Status | Bard Status | LLama2 Status | +| -------------------------------------------------------------------------------------------------------------------- | ---- | --------- | -------------- | ------------- | ----------- | ----------------- | +| ![](https://raw.githubusercontent.com/EgoistDeveloper/operating-system-logos/master/src/48x48/LIN.png "LIN (48x48)") | LIN | GNU/Linux | ✅ | ✅ | ✅ | ❌ [did not test] | +| ![](https://raw.githubusercontent.com/EgoistDeveloper/operating-system-logos/master/src/48x48/WIN.png "WIN (48x48)") | WIN | Windows | ✅ | ✅ | ✅ | ✅ | ## Understanding the code Profiles: -| Parameter | Return data | Description | Nmap Command | -| :-------- | :------- | :-------------------------------- | :---------| -| `p1` | `json` | Effective Scan | `-Pn -sV -T4 -O -F`| -| `p2` | `json` | Simple Scan | `-Pn -T4 -A -v`| -| `p3` | `json` | Low Power Scan | `-Pn -sS -sU -T4 -A -v`| -| `p4` | `json` | Partial Intense Scan | `-Pn -p- -T4 -A -v`| -| `p5` | `json` | Complete Intense Scan | `-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln`| +| Parameter | Return data | Description | Nmap Command | +| :-------- | :---------- | :--------------------------------------------------- | :---------------------------------------------------- | +| `p1` | `json` | Effective Scan | `-Pn -sV -T4 -O -F` | +| `p2` | `json` | Simple Scan | `-Pn -T4 -A -v` | +| `p3` | `json` | Low Power Scan | `-Pn -sS -sU -T4 -A -v` | +| `p4` | `json` | Partial Intense Scan | `-Pn -p- -T4 -A -v` | +| `p5` | `json` | Complete Intense Scan | `-Pn -sS -sU -T4 -A -PE -PP -PY -g 53 --script=vuln` | +| `p6` | `json` | Comprehensive Service Version Detection | `-Pn -sV -p- -A` | +| `p7` | `json` | Aggressive Scan with OS Detection | `-Pn -sS -sV -O -T4 -A` | +| `p8` | `json` | Script Scan for Common Vulnerabilities | `-Pn -sC` | +| `p9` | `json` | Intense Scan, All TCP Ports | `-Pn -p 1-65535 -T4 -A -v` | +| `p10` | `json` | UDP Scan | `-Pn -sU -T4` | +| `p11` | `json` | Service and Version Detection for Top Ports | `-Pn -sV --top-ports 100` | +| `p12` | `json` | Aggressive Scan with NSE Scripts for Vulnerabilities | `-Pn -sS -sV -T4 --script=default,discovery,vuln` | +| `p13` | `json` | Fast Scan for Common Ports | `-Pn -F` | -The profile is the type of scan that will be executed by the nmap subprocess. The Ip or target will be provided via argparse. At first the custom nmap scan is run which has all the curcial arguments for the scan to continue. nextly the scan data is extracted from the huge pile of data which has been driven by nmap. the "scan" object has a list of sub data under "tcp" each labled according to the ports opened. once the data is extracted the data is sent to openai API davenci model via a prompt. the prompt specifically asks for an JSON output and the data also to be used in a certain manner. +The profile is the type of scan that will be executed by the nmap subprocess. The Ip or target will be provided via argparse. At first, the custom nmap scan is run which has all the crucial arguments for the scan to continue. Next, the scan data is extracted from the huge pile of data driven by nmap. the "scan" object has a list of sub-data under "tcp" each labelled according to the ports opened. once the data is extracted the data is sent to the openai API Davinci model via a prompt. the prompt specifically asks for a JSON output and the data also to be used in a certain manner. The entire structure of request that has to be sent to the openai API is designed in the completion section of the Program. + ```python -def profile(ip): - nm.scan('{}'.format(ip), arguments='-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln') - json_data = nm.analyse_nmap_xml_scan() - analize = json_data["scan"] - # Prompt about what the quary is all about - prompt = "do a vulnerability analysis of {} and return a vulnerabilty report in json".format(analize) - # A structure for the request - completion = openai.Completion.create( - engine=model_engine, - prompt=prompt, - max_tokens=1024, - n=1, - stop=None, - ) - response = completion.choices[0].text - return response -``` -### Output -nmap output: -```json -{ - "Vulnerability Report": { - "Target IP": "127.0.0.1", - "OS Detected": { - "Name": "Microsoft Windows 10 1607", - "Accuracy": "100", - "CPE": [ - "cpe:/o:microsoft:windows_10:1607" - ] - }, - "Open Ports": { - "Port 135": { - "State": "open", - "Reason": "syn-ack", - "Name": "msrpc", - "Product": "Microsoft Windows RPC", - "Version": "", - "Extra Info": "", - "Conf": "10", - "CPE": "cpe:/o:microsoft:windows" - }, - "Port 445": { - "State": "open", - "Reason": "syn-ack", - "Name": "microsoft-ds", - "Product": "", - "Version": "", - "Extra Info": "", - "Conf": "3", - "CPE": "" - } - }, - "Vulnerabilities": { - "Port 135": [], - "Port 445": [] +class NetworkScanner(): + def scanner(self, AIModels, ip: Optional[str], profile: int, akey: Optional[str], bkey: Optional[str], lkey, lendpoint, AI: str) -> str: + profile_arguments = { + 1: '-Pn -sV -T4 -O -F', + 2: '-Pn -T4 -A -v', + 3: '-Pn -sS -sU -T4 -A -v', + 4: '-Pn -p- -T4 -A -v', + 5: '-Pn -sS -sU -T4 -A -PE -PP -PY -g 53 --script=vuln', + 6: '-Pn -sV -p- -A', + 7: '-Pn -sS -sV -O -T4 -A', + 8: '-Pn -sC', + 9: '-Pn -p 1-65535 -T4 -A -v', + 10: '-Pn -sU -T4', + 11: '-Pn -sV --top-ports 100', + 12: '-Pn -sS -sV -T4 --script=default,discovery,vuln', + 13: '-Pn -F' } + # The scanner with GPT Implemented + nm.scan('{}'.format(ip), arguments='{}'.format(profile_arguments.get(profile))) + json_data = nm.analyse_nmap_xml_scan() + analyze = json_data["scan"] + match AI: + case 'openai': + try: + if akey is not None: + pass + else: + raise ValueError("KeyNotFound: Key Not Provided") + response = AIModels.GPT_AI(akey, analyze) + except KeyboardInterrupt: + print("Bye") + quit() + case 'bard': + try: + if bkey is not None: + pass + else: + raise ValueError("KeyNotFound: Key Not Provided") + response = AIModels.BardAI(bkey, analyze) + except KeyboardInterrupt: + print("Bye") + quit() + case 'llama': + try: + response = AIModels.Llama_AI(analyze, "local", lkey, lendpoint) + except KeyboardInterrupt: + print("Bye") + quit() + case 'llama-api': + try: + response = AIModels.Llama_AI(analyze, "runpod", lkey, lendpoint) + except KeyboardInterrupt: + print("Bye") + quit() + self.response = response + text = str(self.response) + return text + +``` + +# Regex + +We use Regex to extract only the important information from the custom prompt provided this reduces the total amount of unwanted +data + +```python +def extract_data(json_string): + # Define the regular expression patterns for individual values + critical_score_pattern = r'"critical score": \["(.*?)"\]' + os_information_pattern = r'"os information": \["(.*?)"\]' + open_ports_pattern = r'"open ports": \["(.*?)"\]' + open_services_pattern = r'"open services": \["(.*?)"\]' + vulnerable_service_pattern = r'"vulnerable service": \["(.*?)"\]' + found_cve_pattern = r'"found cve": \["(.*?)"\]' + + # Initialize variables for extracted data + critical_score = None + os_information = None + open_ports = None + open_services = None + vulnerable_service = None + found_cve = None + + # Extract individual values using patterns + match = re.search(critical_score_pattern, json_string) + if match: + critical_score = match.group(1) + + match = re.search(os_information_pattern, json_string) + if match: + os_information = match.group(1) + + match = re.search(open_ports_pattern, json_string) + if match: + open_ports = match.group(1) + + match = re.search(open_services_pattern, json_string) + if match: + open_services = match.group(1) + + match = re.search(vulnerable_service_pattern, json_string) + if match: + vulnerable_service = match.group(1) + + match = re.search(found_cve_pattern, json_string) + if match: + found_cve = match.group(1) + + # Create a dictionary to store the extracted data + data = { + "critical score": critical_score, + "os information": os_information, + "open ports": open_ports, + "open services": open_services, + "vulnerable service": vulnerable_service, + "found cve": found_cve } -} -``` -DNS Output: -target is google.com -```json - -{ - "A" : { - "ip": "142.250.195.174", - }, - "AAAA": { - "ip": "2404:6800:4007:826::200e" - }, - "NS": { - "nameservers": [ - "ns2.google.com.", - "ns1.google.com.", - "ns3.google.com.", - "ns4.google.com." - ] - }, - "MX" : { - "smtp": "10 smtp.google.com." - }, - "SOA" : { - "nameserver": "ns1.google.com.", - "admin": "dns-admin.google.com.", - "serial": "519979037", - "refresh": "900", - "retry": "900", - "expire": "1800", - "ttl": "60" - }, - "TXT": { - "onetrust-domain-verification": "de01ed21f2fa4d8781cbc3ffb89cf4ef", - "webexdomainverification.8YX6G": "6e6922db-e3e6-4a36-904e-a805c28087fa", - "globalsign-smime-dv": "CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=", - "google-site-verification": [ - "wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o", - "TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ" - ], - "docusign": [ - "05958488-4752-4ef2-95eb-aa7ba8a3bd0e", - "1b0a6754-49b1-4db5-8540-d2c12664b289" - ], - "atlassian-domain-verification": "5YjTmWmjI92ewqkx2oXmBaD60Td9zWon9r6eakvHX6B77zzkFQto8PQ9QsKnbf4I", - "v=spf1 include:_spf.google.com ~all": "v=spf1 include:_spf.google.com ~all", - "facebook-domain-verification": "22rm551cu4k0ab0bxsw536tlds4h95", - "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB": "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB", - "apple-domain-verification": "30afIBcvSuDV2PLX" - } -} + + # Convert the dictionary to JSON format + json_output = json.dumps(data) + + return json_output + + +def AI(key: str, data: Any) -> str: + openai.api_key = key + try: + prompt = f""" + Do a NMAP scan analysis on the provided NMAP scan information + The NMAP output must return in a JSON format accorging to the provided + output format. The data must be accurate in regards towards a pentest report. + The data must follow the following rules: + 1) The NMAP scans must be done from a pentester point of view + 2) The final output must be minimal according to the format given. + 3) The final output must be kept to a minimal. + 4) If a value not found in the scan just mention an empty string. + 5) Analyze everything even the smallest of data. + + The output format: + {{ + "critical score": [""], + "os information": [""], + "open ports": [""], + "open services": [""], + "vulnerable service": [""], + "found cve": [""] + }} + + NMAP Data to be analyzed: {data} + """ + # A structure for the request + completion = openai.Completion.create( + engine=model_engine, + prompt=prompt, + max_tokens=1024, + n=1, + stop=None, + ) + response = completion.choices[0].text + return extract_data(str(response)) + except KeyboardInterrupt: + print("Bye") + quit() +``` + +The AI code defines an output format and commands the AI to follow a few pre-determined rules to increase accuracy. +The regex extraction code does the extraction and further the main function arranges them into tables. + +## Using Bard AI + +For you to use Bard AI you must signup to the MakerSuit Palm API for developer access and generate your API key from there. For links and how this works you can use this video [MakerSuit](https://www.youtube.com/watch?v=Ce1AOchQMzA&t=128s) + +Once the API is acquired just add it to the `.env` file and you are good to go. + +## Using LLama2 AI + +Using LLama2 is one of the best offline and free options out there. It is currently under improvement I am working on a prompt that will better incorporate cybersecurity perspective into the AI. +I have to thank **@thisserand** and his [llama2_local](https://github.com/thisserand/llama2_local) repo and also his YT video [YT_Video](https://youtu.be/WzCS8z9GqHw). They were great resources. To be frank the llama2 code is 95% his, I just yanked the code and added a Flask API functionality to it. + +The Accuracy of the AI offline and outside the codes test was great and had equal accuracy to openai or bard but while in code it was facing a few issues may be because of the prompting and all. I will try and fix it. +The speed depends on your system and the GPU and CPU configs you have. currently, it is using the `TheBloke/Llama-2-7B-Chat-GGML` model and can be changed via the `portscanner` and `dnsrecon` files. + +For now, the llama code and scans are handled differently. After a few tests, I found out llama needs to be trained a little to operate like how I intended it to work so it needs some time. Any suggestions on how I can do that can be added to the discussions of this repo [Discussions Link](https://github.com/morpheuslord/GPT_Vuln-analyzer/discussions). For now, the output won't be a divided list of all the data instead will be an explanation of the vulnerability or issues discovered by the AI. + +### Output + +#### JWT Output: + +``` + GVA Report for JWT +┏━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ +┃ Variables ┃ Results ┃ +┡━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ +│ Algorithm Used │ HS256 │ +│ Header │ eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9 │ +│ Payload │ eyJzdWIiOiAiMTIzNDU2Nzg5MCIsICJuYW1lIjogIkpvaG4gRG9lIiwgImlhdCI6IDE1MTYyMzkwMjJ9 │ +│ Signature │ │ +│ PossibleAttacks │ None identified │ +│ VulnerableEndpoints │ Unable to determine without additional information │ +└─────────────────────┴──────────────────────────────────────────────────────────────────────────────────┘ +``` + +#### Nmap output: + +##### OpenAI and Bard: + +```table +┏━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ +┃ Elements ┃ Results ┃ +┡━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ +│ critical score │ High │ +│ os information │ Microsoft Windows 11 21H2 │ +│ open ports │ 80, 22, 445, 902, 912 │ +│ open services │ http, ssh, microsoft-ds, vmware-auth, vmware-auth │ +│ vulnerable service │ OpenSSH │ +│ found cve │ CVE-2023-28531 │ +└────────────────────┴─────────────────────────────────────────────────────┘ +``` + +##### LLama2 + +```table +╭───────────────────────────────────────────── The GVA LLama2 ──────────────────────────────────────────────╮ +│ │ +│ │ +│ │ +│ Based on the provided NMAP data, I have conducted a thorough analysis of the target system's open ports │ +│ and services, vulnerabilities, and operating system information. Here is my findings: Critical Score: │ +│ The critical score for this target system is 7 out of 10. The system has several open ports that could │ +│ potentially be exploited, including port 80 (HTTP), port 135 (RPC), and port 445 (Microsoft DS). While │ +│ These ports are not necessarily vulnerable, they do indicate that the system is running services that │ +│ could be targeted by attackers. Additionally, the system has an outdated version of Microsoft IIS │ +│ running on port 80, which could be a potential vulnerability. OS Information: The target system is │ +│ running Microsoft Windows 10 1607. Open Ports and Services: The target system has the following open │ +│ ports: │ +│ │ +│ • Port 80: HTTP (Microsoft IIS httpd) │ +│ • Port 135: RPC (Microsoft Windows RPC) │ +│ • Port 445: Microsoft DS │ +│ • Port 8000: Splunkd httpd All of these ports are currently open and have a state of "open". │ +│ Vulnerable Services: Based on the CVEs found in the NMAP data, there are several potential │ +│ vulnerabilities in the target system's services. These include: │ +│ • CVE-2019-1489: An elevation of privilege vulnerability in Microsoft IIS that could be exploited by │ +│ an attacker to gain control of the system. This vulnerability is related to the outdated version of │ +│ Microsoft IIS running on port 80. │ +│ • CVE-2017-0143: A remote code execution vulnerability in Microsoft Windows RPC that could be │ +│ exploited by an attacker to execute arbitrary code on the target system. This vulnerability is │ +│ related to the outdated version of Microsoft Windows RPC running on port 135. │ +│ • CVE-2020-1362: A remote code execution vulnerability in Microsoft DS that could be exploited by an │ +│ attacker to execute arbitrary code on the target system. This vulnerability is related to the │ +│ outdated version of Microsoft DS running on port 445. Found CVEs: The following C │ +│ │ +╰───────────────────────────────────────────────────────────────────────────────────────────────────────────╯ +``` + +#### DNS Output: + +target is jainuniversity.ac.in + +```table +┏━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ +┃ Elements ┃ Results ┃ +┡━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ +│ A │ 172.67.147.95", "104.21.41.132 │ +│ AAA │ │ +│ NS │ mia.ns.cloudflare.com.","paul.ns.cloudflare.com. │ +│ MX │ 30 aspmx5.googlemail.com.","30 aspmx4.googlemail.com.","20 alt2.aspmx.l.google.com.","30 │ +│ │ aspmx3.googlemail.com.","30 aspmx2.googlemail.com.","20 alt1.aspmx.l.google.com.","10 aspmx.l.google.com. │ +│ PTR │ │ +│ SOA │ mia.ns.cloudflare.com. dns.cloudflare.com. 2309618668 10000 2400 604800 3600 │ +│ TXT │ atlassian-sending-domain-verification=5b358ce4-5ad3-404d-b4b4-005bf933603b","include:_spf.atlassian.net │ +└──────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ +``` + +#### GEO Location output: + +```table +┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ +┃ Identifiers ┃ Data ┃ +┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ +│ ip │ █████████████ │ +│ continent_code │ AS │ +│ continent_name │ Asia │ +│ country_code2 │ IN │ +│ country_code3 │ IND │ +│ country_name │ India │ +│ country_capital │ New Delhi │ +│ state_prov │ Haryana │ +│ state_code │ IN-HR │ +│ district │ │ +│ city │ Gurugram │ +│ zipcode │ 122003 │ +│ latitude │ 28.44324 │ +│ longitude │ 77.05501 │ +│ is_eu │ False │ +│ calling_code │ +91 │ +│ country_tld │ .in │ +│ languages │ en-IN,hi,bn,te,mr,ta,ur,gu,kn,ml,or,pa,as,bh,sat,ks,ne,sd,kok,doi,mni,… │ +│ country_flag │ https://ipgeolocation.io/static/flags/in_64.png │ +│ geoname_id │ 9148991 │ +│ isp │ Bharti Airtel Limited │ +│ connection_type │ │ +│ organization │ Bharti Airtel Limited │ +│ currency.code │ INR │ +│ currency.name │ Indian Rupee │ +│ currency.symbol │ ₹ │ +│ time_zone.name │ Asia/Kolkata │ +│ time_zone.offset │ 5.5 │ +│ time_zone.current_time │ 2023-07-11 17:08:35.057+0530 │ +│ time_zone.current_time_unix │ 1689075515.057 │ +│ time_zone.is_dst │ False │ +│ time_zone.dst_savings │ 0 │ +└─────────────────────────────┴─────────────────────────────────────────────────────────────────────────┘ +``` + +#### PCAP OUTPUT + +``` +Collecting Json Data +Extracting IP details... +Extracting DNS details... +Extracting EAPOL details... +Extracting TCP STREAMS details... +TCP streams can take some time.. +Total Streams combination: 252 +Number of workers in progress: 250 +Completed + GVA Report for PCAP +┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ +┃ Identifiers ┃ Data ┃ +┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ +│ PacketAnalysis.Services │ ['49943', '49958', '49934', '49944', '49931', '443', '49957'] │ +│ PacketAnalysis.TCP Streams │ ['1', '4', '5', '2', '0', '3'] │ +│ PacketAnalysis.Sources Address │ ['█████████████', '1.1.1.1', '█████████████', '█████████████', '█████████████', '█████████████'] │ +│ PacketAnalysis.Destination Address │ ['█████████████', '1.1.1.1', '█████████████', '█████████████', '█████████████', '█████████████'] │ +│ PacketAnalysis.DNS Resolved │ [] │ +│ PacketAnalysis.DNS Query │ ['oneclient.sfx.ms'] │ +│ PacketAnalysis.DNS Response │ ['oneclient.sfx.ms.edgekey.net', 'e9659.dspg.akamaiedge.net', 'oneclient.sfx.ms'] │ +│ PacketAnalysis.EAPOL Data │ [] │ +│ PacketAnalysis. Total Streams Data │ 126 │ +└────────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────┘ ``` # Usage GUI + The GUI uses customtkinter for the running of the code. The interface is straight forward the only thing required to remember is: + - When using dns attack dont specify the profile ```bash @@ -201,14 +570,21 @@ python GVA_gui.py ``` ### main window + ![main](https://user-images.githubusercontent.com/70637311/228863455-993e0a21-c06c-44c7-87e6-68d758a78e2c.jpeg) ### output_DNS + ![dns_output](https://user-images.githubusercontent.com/70637311/228863540-553f8560-fdf5-48f7-96e8-1f831ab3a8f2.png) ### output_nmap + ![nmap_output](https://user-images.githubusercontent.com/70637311/228863611-5d8380f0-28d5-4925-9ad3-62cd28a1ecd4.png) +### oytput_geo + +![GEO_output](https://user-images.githubusercontent.com/70637311/230589239-b11c39df-b047-4fbb-bb68-61d30fe2b3c9.png) + ## Advantage - Can be used in developing a more advanced systems completly made of the API and scanner combination diff --git a/package/build/lib/GVA/menus.py b/package/build/lib/GVA/menus.py index aafd825..ce94fd8 100644 --- a/package/build/lib/GVA/menus.py +++ b/package/build/lib/GVA/menus.py @@ -1,47 +1,31 @@ -import json import os import platform -from typing import Any from rich import print from rich.console import Console from rich.table import Table from rich.panel import Panel -from rich.console import Group -from rich.align import Align -from rich import box -from rich.markdown import Markdown from GVA.dns_recon import DNSRecon from GVA.geo import geo_ip_recon from GVA.scanner import NetworkScanner +from GVA.subdomain import sub_enum +from GVA.jwt import JWTAnalyzer +from GVA.assets import Assets +from GVA.packet_analysis import PacketAnalysis from GVA.ai_models import NMAP_AI_MODEL from GVA.ai_models import DNS_AI_MODEL from GVA.ai_models import JWT_AI_MODEL -from GVA.subdomain import sub_enum +assets = Assets() dns_enum = DNSRecon() geo_ip = geo_ip_recon() +packetanalysis = PacketAnalysis() +jwt_analyzer = JWTAnalyzer() p_ai_models = NMAP_AI_MODEL() dns_ai_models = DNS_AI_MODEL() -jwt_analyzer = JWTAnalyzer() +jwt_ai_model = JWT_AI_MODEL() port_scanner = NetworkScanner() sub_recon = sub_enum() console = Console() -target = "" -profile = "" -attack = "" -choice = "" -list_loc = "" -ai = "" -menu = "" -ai_set_args = "" -keyset = "" -akey_set = "" -bkey_set = "" -t = "" -profile_num = "" -ai_set = "" -llamakey = "" -llamaendpoint = "" def clearscr() -> None: @@ -59,125 +43,6 @@ def clearscr() -> None: class Menus(): - def flatten_json(self, data: Any, separator: Any = '.') -> Any: - flattened_data = {} - for key, value in data.items(): - if isinstance(value, dict): - nested_data = self.flatten_json(value, separator) - for nested_key, nested_value in nested_data.items(): - flattened_data[key + separator + nested_key] = nested_value - else: - flattened_data[key] = value - return flattened_data - - def print_output(self, attack_type: str, jdata: str, ai: str) -> Any: - match attack_type: - case "Nmap": - match ai: - case 'openai': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(key, value) - print(table) - case 'bard': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(key, value) - print(table) - case 'llama': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case 'llama-api': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case "DNS": - match ai: - case 'openai': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(key, value) - print(table) - case 'bard': - data = json.loads(jdata) - table = Table(title=f"GVA Report for {attack_type}", show_header=True, header_style="bold magenta") - table.add_column("Variables", style="cyan") - table.add_column("Results", style="green") - - for key, value in data.items(): - table.add_row(key, value) - print(table) - case 'llama': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case 'llama-api': - ai_out = Markdown(jdata) - message_panel = Panel( - Align.center( - Group("\n", Align.center(ai_out)), - vertical="middle", - ), - box=box.ROUNDED, - padding=(1, 2), - title="[b red]The GVA LLama2", - border_style="blue", - ) - print(message_panel) - case "GeoIP": - data = json.loads(jdata) - table = Table(title="GVA Report for GeoIP", show_header=True, header_style="bold magenta") - table.add_column("Identifiers", style="cyan") - table.add_column("Data", style="green") - - flattened_data: dict = self.flatten_json(data, separator='.') - - for key, value in flattened_data.items(): - value_str = str(value) - table.add_row(key, value_str) - - console = Console() - console.print(table) def nmap_menu(self) -> None: try: @@ -189,7 +54,7 @@ def nmap_menu(self) -> None: table.add_row("3", "Set Profile") table.add_row("4", "Show options") table.add_row("5", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) self.option = input("Enter your choice: ") match self.option: @@ -250,6 +115,14 @@ def nmap_menu(self) -> None: table1.add_row("3", "-Pn -sS -sU -T4 -A -v") table1.add_row("4", "-Pn -p- -T4 -A -v") table1.add_row("5", "-Pn -sS -sU -T4 -A -PE -PP -PY -g 53 --script=vuln") + table1.add_row("6", "-Pn -sV -p- -A") + table1.add_row("7", "-Pn -sS -sV -O -T4 -A") + table1.add_row("8", "-Pn -sC") + table1.add_row("9", "-Pn -p 1-65535 -T4 -A -v") + table1.add_row("10", "-Pn -sU -T4") + table1.add_row("11", "-Pn -sV --top-ports 100") + table1.add_row("12", "-Pn -sS -sV -T4 --script=default,discovery,vuln") + table1.add_row("13", "-Pn -F") print(Panel(table1)) self.profile_num = input("Enter your Profile: ") print(Panel(f"Profile Set {self.profile_num}")) @@ -280,10 +153,9 @@ def nmap_menu(self) -> None: lendpoint=self.lendpoint, AI=self.ai_set ) - self.print_output("Nmap", pout, self.ai_set) - case "r": - clearscr() - self.menu_term() + assets.print_output("Nmap", pout, self.ai_set) + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -296,7 +168,7 @@ def dns_menu(self) -> None: table.add_row("2", "Set Target") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") match option: @@ -371,53 +243,9 @@ def dns_menu(self) -> None: lendpoint=self.lendpoint, AI=self.ai_set ) - self.print_output("DNS", dns_output, self.ai_set) - case "r": - clearscr() - self.menu_term() - except KeyboardInterrupt: - print(Panel("Exiting Program")) - - def geo_menu(self) -> None: - try: - table = Table() - table.add_column("Options", style="cyan") - table.add_column("Utility", style="green") - table.add_row("1", "ADD API Key") - table.add_row("2", "Set Target") - table.add_row("3", "Show options") - table.add_row("4", "Run Attack") - table.add_row("r", "Return") - console.print(table) - self.option = input("Enter your choice: ") - match self.option: - case "1": - clearscr() - self.keyset = input("Enter GEO-IP API: ") - print(Panel(f"GEOIP API Key Set: {self.keyset}")) - self.geo_menu() - case "2": - clearscr() - print(Panel("Set Target Hostname or IP")) - self.t = input("Enter Target: ") - print(Panel(f"Target Set: {self.t}")) - self.geo_menu() - case "3": - clearscr() - table1 = Table() - table1.add_column("Options", style="cyan") - table1.add_column("Value", style="green") - table1.add_row("API Key", str(self.keyset)) - table1.add_row("Target", str(self.t)) - print(Panel(table1)) - self.geo_menu() - case "4": - clearscr() - geo_output: str = geo_ip.geoip(self.keyset, self.t) - self.print_output("GeoIP", str(geo_output), ai="None") - case "r": - clearscr() - self.menu_term() + assets.print_output("DNS", dns_output, self.ai_set) + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -430,7 +258,7 @@ def jwt_menu(self) -> None: table.add_row("2", "Set Token") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") match option: @@ -505,10 +333,105 @@ def jwt_menu(self) -> None: llama_endpoint=self.lendpoint, AI=self.ai_set ) - self.print_output("JWT", JWT_output, self.ai_set) - case "r": + assets.print_output("JWT", JWT_output, self.ai_set) + case "q": + quit() + except KeyboardInterrupt: + print(Panel("Exiting Program")) + + def pcap_menu(self) -> None: + try: + table = Table() + table.add_column("Options", style="cyan") + table.add_column("Utility", style="green") + table.add_row("1", "Set Target file location") + table.add_row("2", "Set Output file location") + table.add_row("3", "Set Threads") + table.add_row("4", "Show options") + table.add_row("5", "Run Attack") + table.add_row("q", "Quit") + console.print(table) + self.option = input("Enter your choice: ") + match self.option: + case "1": + clearscr() + print(Panel("Set Target PCAP file Location")) + self.t = input("Enter Target: ") + print(Panel(f"Target Set: {self.t}")) + self.pcap_menu() + case "2": + clearscr() + print(Panel("Set Output file Location")) + self.t = input("Enter Location: ") + print(Panel(f"Output Set: {self.output_loc}")) + self.pcap_menu() + case "3": + clearscr() + print(Panel("Set Number of threads")) + self.t = input("Enter Threads: ") + print(Panel(f"Threads Set: {self.threads}")) + self.pcap_menu() + case "4": + clearscr() + table1 = Table() + table1.add_column("Options", style="cyan") + table1.add_column("Value", style="green") + table1.add_row("Target PCAP file", str(self.t)) + table1.add_row("Output location", str(self.output_loc)) + table1.add_row("Threads set", str(self.threads)) + print(Panel(table1)) + self.pcap_menu() + case "5": + clearscr() + packetanalysis.PacketAnalyzer( + cap_loc=self.t, + save_loc=self.output_loc, + max_workers=self.threads + ) + case "q": + quit() + except KeyboardInterrupt: + print(Panel("Exiting Program")) + + def geo_menu(self) -> None: + try: + table = Table() + table.add_column("Options", style="cyan") + table.add_column("Utility", style="green") + table.add_row("1", "ADD API Key") + table.add_row("2", "Set Target") + table.add_row("3", "Show options") + table.add_row("4", "Run Attack") + table.add_row("q", "Quit") + console.print(table) + self.option = input("Enter your choice: ") + match self.option: + case "1": + clearscr() + self.keyset = input("Enter GEO-IP API: ") + print(Panel(f"GEOIP API Key Set: {self.keyset}")) + self.geo_menu() + case "2": clearscr() - self.menu_term() + print(Panel("Set Target Hostname or IP")) + self.t = input("Enter Target: ") + print(Panel(f"Target Set: {self.t}")) + self.geo_menu() + case "3": + clearscr() + table1 = Table() + table1.add_column("Options", style="cyan") + table1.add_column("Value", style="green") + table1.add_row("API Key", str(self.keyset)) + table1.add_row("Target", str(self.t)) + print(Panel(table1)) + self.geo_menu() + case "4": + clearscr() + geo_output: str = geo_ip.geoip(self.keyset, self.t) + assets.print_output("GeoIP", str(geo_output), ai="None") + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) @@ -521,7 +444,7 @@ def sub_menu(self) -> None: table.add_row("2", "Set Target") table.add_row("3", "Show options") table.add_row("4", "Run Attack") - table.add_row("r", "Return") + table.add_row("q", "Quit") console.print(table) self.option = input("Enter your choice: ") match self.option: @@ -550,25 +473,26 @@ def sub_menu(self) -> None: clearscr() sub_output: str = sub_recon.sub_enumerator(self.t, self.list_loc) console.print(sub_output, style="bold underline") - case "r": - clearscr() - self.menu_term() + case "q": + quit() except KeyboardInterrupt: print(Panel("Exiting Program")) - def __init__(self, lamma_key, llama_api_endpoint, initial_keyset, target, profile_num, ai_set, openai_akey_set, bard_key_set, ai_set_args, llama_runpod_key, llama_endpoint) -> None: + def __init__(self, lkey, threads, output_loc, lendpoint, keyset, t, profile_num, ai_set, akey_set, bkey_set, ai_set_args, llamakey, llamaendpoint) -> None: try: - self.lkey = lamma_key - self.lendpoint = llama_api_endpoint - self.keyset = initial_keyset - self.t = target + self.lkey = lkey + self.threads = threads + self.output_loc = output_loc + self.lendpoint = lendpoint + self.keyset = keyset + self.t = t self.profile_num = profile_num self.ai_set = ai_set - self.akey_set = openai_akey_set - self.bkey_set = bard_key_set + self.akey_set = akey_set + self.bkey_set = bkey_set self.ai_set_args = ai_set_args - self.llamakey = llama_runpod_key - self.llamaendpoint = llama_endpoint + self.llamakey = llamakey + self.llamaendpoint = llamaendpoint table = Table() table.add_column("Options", style="cyan") table.add_column("Utility", style="green") @@ -576,6 +500,8 @@ def __init__(self, lamma_key, llama_api_endpoint, initial_keyset, target, profil table.add_row("2", "DNS Enum") table.add_row("3", "Subdomain Enum") table.add_row("4", "GEO-IP Enum") + table.add_row("5", "JWT Analysis") + table.add_row("6", "PCAP Analysis") table.add_row("q", "Quit") console.print(table) option = input("Enter your choice: ") @@ -592,6 +518,12 @@ def __init__(self, lamma_key, llama_api_endpoint, initial_keyset, target, profil case "4": clearscr() self.geo_menu() + case "5": + clearscr() + self.jwt_menu() + case "6": + clearscr() + self.pcap_menu() case "q": quit() except KeyboardInterrupt: diff --git a/package/build/lib/GVA/packet_analysis.py b/package/build/lib/GVA/packet_analysis.py new file mode 100644 index 0000000..81804f0 --- /dev/null +++ b/package/build/lib/GVA/packet_analysis.py @@ -0,0 +1,218 @@ +from rich import print +from subprocess import run, PIPE, STDOUT +from concurrent.futures import ThreadPoolExecutor +from typing import Any +from rich.console import Console +from rich.table import Table +import json +import re +import platform + + +class PacketAnalysis: + tshark_loc = "" + services = [] + tcp_streams = [] + sources = [] + destinations = [] + resolved = [] + dns_query_names = [] + dns_resp_names = [] + unique_eapol_data = [] + combined_json = [] + + def detect_tshark(self) -> None: + try: + osp = platform.system() + match osp: + case 'Darwin': + self.tshark_loc = "tshark" + case 'Linux': + self.tshark_loc = "tshark" + case 'Windows': + self.tshark_loc = '"C:\\Program Files\\Wireshark\\tshark.exe"' + except Exception: + pass + + def extract_network_info(self, json_data): + services = set() + tcp_streams = set() + source_addresses = set() + destination_addresses = set() + resolved_sources = set() + dns_query_names = set() + dns_resp_names = set() + unique_eapol_data = set() + + for entry in json_data: + layers = entry.get('_source', {}).get('layers', {}) + + tcp_layer = layers.get('tcp', {}) + if tcp_layer: + service = tcp_layer.get('tcp.srcport') + if service: + services.add(service) + if tcp_layer: + tcp_stream_val = tcp_layer.get('tcp.stream') + if service: + tcp_streams.add(tcp_stream_val) + + ip_layer = layers.get('ip', {}) + if ip_layer: + source_address = ip_layer.get('ip.src_host') + destination_address = ip_layer.get('ip.dst_host') + if source_address: + source_addresses.add(source_address) + if destination_address: + destination_addresses.add(destination_address) + + eth_layer = layers.get('eth', {}) + if eth_layer: + source_mac = eth_layer.get('eth.src') + resolved_source_mac = eth_layer.get('eth.src_tree', {}).get('eth.src_resolved') + if source_mac and resolved_source_mac: + resolved_sources.add(resolved_source_mac) + + dns_layer = layers.get('dns', {}) + if dns_layer: + queries = dns_layer.get('Queries', []) + if isinstance(queries, list): + for query in queries: + query_name = query.get('dns.qry.name') + if query_name: + dns_query_names.add(query_name) + elif isinstance(queries, dict): + for query_name, query_info in queries.items(): + dns_query_names.add(query_info.get('dns.qry.name')) + answers = dns_layer.get('Answers', []) + if isinstance(answers, list): + for answer in answers: + resp_name = answer.get('dns.resp.name') + if resp_name: + dns_resp_names.add(resp_name) + elif isinstance(answers, dict): + for resp_name, resp_info in answers.items(): + dns_resp_names.add(resp_info.get('dns.resp.name')) + + eapol_layer = layers.get('eapol', {}) + if eapol_layer: + eapol_data = eapol_layer.get('wlan_rsna_eapol.keydes.data', "") + unique_eapol_data.add(eapol_data) + + self.services = list(services) + self.tcp_streams = list(tcp_streams) + self.source_addresses = list(source_addresses) + self.destination_addresses = list(destination_addresses) + self.resolved_sources = list(resolved_sources) + self.dns_query_names = list(dns_query_names) + self.dns_resp_names = list(dns_resp_names) + self.unique_eapol_data = list(unique_eapol_data) + + def run_tshark_command(self, service, source, streams): + stream_cmd = f'{self.tshark_loc} -r test.pcap -q -z follow,tcp,raw,{streams} -Y "ip.addr=={source} and tcp.port=={service}"' + runner = run(stream_cmd, shell=True, stdout=PIPE, stderr=STDOUT, text=True) + output_lines = runner.stdout.splitlines() + node_regex = re.compile(r'Node (\d+): (.+)$') + data_regex = re.compile(r'\s+(.+)$') + node_0, node_1, data = None, None, None + for line in output_lines: + node_match = node_regex.match(line) + data_match = data_regex.match(line) + if node_match: + node_num, node_value = node_match.groups() + if node_num == '0': + node_0 = node_value + elif node_num == '1': + node_1 = node_value + elif data_match: + data = data_match.group(1) + + if node_0 is not None and node_1 is not None and data is not None: + return ['Source: ' f'{node_0}', 'Destination: ' f'{node_1}', 'stream: ' f'{streams}'] + else: + return [] + + def flatten_json(self, data: Any, separator: Any = '.') -> Any: + flattened_data = {} + for key, value in data.items(): + if isinstance(value, dict): + nested_data = self.flatten_json(value, separator) + for nested_key, nested_value in nested_data.items(): + flattened_data[key + separator + nested_key] = nested_value + else: + flattened_data[key] = value + return flattened_data + + def stream(self, service_list, source_list, tcp_streams_list, max_workers=20): + results = [] + + with ThreadPoolExecutor(max_workers=max_workers) as executor: + command_params = [(service, source, streams) for service in service_list for source in source_list for streams in tcp_streams_list] + print("Total Streams combination: ", len(command_params)) + print("Number of workers in progress: ", max_workers) + results = list(executor.map(lambda params: self.run_tshark_command(*params), command_params)) + results = [result for result in results if result] + self.combined_json = results + + def PacketAnalyzer(self, cap_loc, save_loc, max_workers): + self.detect_tshark() + print('Collecting Json Data') + raw_pcap = run(f"{self.tshark_loc} -r {cap_loc} -T json", shell=True, capture_output=True, text=True) + try: + raw_data = raw_pcap.stdout + json_data = json.loads(raw_data) + except json.JSONDecodeError as e: + print(f"Error decoding JSON: {e}") + json_data = [] + print('Extracting IP details...') + print('Extracting DNS details...') + print('Extracting EAPOL details...') + self.extract_network_info(json_data) + print('Extracting TCP STREAMS details...') + print('TCP streams can take some time..') + self.stream(service_list=self.services, + source_list=self.source_addresses, + tcp_streams_list=self.tcp_streams, + max_workers=max_workers) + print("Completed") + filtered_stream_data = self.combined_json + values = { + "PacketAnalysis": { + "Services": self.services, + "TCP Streams": self.tcp_streams, + "Sources Address": self.source_addresses, + "Destination Address": self.destination_addresses, + "DNS Resolved": self.resolved, + "DNS Query": self.dns_query_names, + "DNS Response": self.dns_resp_names, + "EAPOL Data": self.unique_eapol_data, + "Stream Data": filtered_stream_data + } + } + table_val = { + "PacketAnalysis": { + "Services": self.services, + "TCP Streams": self.tcp_streams, + "Sources Address": self.source_addresses, + "Destination Address": self.destination_addresses, + "DNS Resolved": self.resolved, + "DNS Query": self.dns_query_names, + "DNS Response": self.dns_resp_names, + "EAPOL Data": self.unique_eapol_data, + " Total Streams Data": str(len(filtered_stream_data)) + } + } + table = Table(title="GVA Report for PCAP", show_header=True, header_style="bold magenta") + table.add_column("Identifiers", style="cyan") + table.add_column("Data", style="green") + + flattened_data: dict = self.flatten_json(table_val, separator='.') + + for key, value in flattened_data.items(): + value_str = str(value) + table.add_row(key, str(value_str)) + + console = Console() + console.print(table) + with open(f'{save_loc}', 'w+') as file: + file.write(str(json.dumps(values)))