Merge pull request #17 from ShellCode33/develop

Merge develop into master

credslayer/parsers/ftp.py

@@ -1,12 +1,12 @@
 # coding: utf-8
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/http.py

@@ -3,7 +3,7 @@
 import base64
 from urllib.parse import parse_qs
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
@@ -26,7 +26,7 @@
                                  'j_password']
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/imap.py

@@ -1,12 +1,12 @@
 # coding: utf-8
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/kerberos.py

@@ -1,12 +1,12 @@
 # coding: utf-8
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer) -> bool:
+def analyse(session: Session, layer: BaseLayer) -> bool:
     logger.debug("Kerberos analysis...")
 
     return False

credslayer/parsers/ldap.py

@@ -1,11 +1,11 @@
 # coding: utf-8
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/mysql.py

@@ -1,12 +1,12 @@
 # coding: utf-8
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/ntlmssp.py

@@ -3,7 +3,7 @@
 import base64
 from typing import Tuple
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
@@ -30,12 +30,12 @@ def _fix_tshark_widechar_issue(layer) -> Tuple[str, str]:
 
 # Great resource : http://davenport.sourceforge.net/ntlm.html#theNtlmv2Response
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 
     if current_creds and hasattr(layer, "nt_status"):
-        status = int(layer.nt_status)
+        status = int(layer.nt_status, 16)
 
         if status == 0:  # LOGON SUCCESS
             logger.found(session, "{} found: {}".format(current_creds.context["version"], current_creds.hash))

credslayer/parsers/pgsql.py

@@ -1,12 +1,12 @@
 # coding: utf-8
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/pop.py

@@ -1,11 +1,11 @@
 # coding: utf-8
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import utils, logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/smtp.py

@@ -2,13 +2,13 @@
 
 from base64 import b64decode
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import utils, logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/snmp.py

@@ -1,12 +1,12 @@
 # coding: utf-8
 
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     current_creds = session.credentials_being_built
 

credslayer/parsers/telnet.py

@@ -1,5 +1,5 @@
 # coding: utf-8
-from pyshark.packet.layer import Layer
+from pyshark.packet.layers.base import BaseLayer
 
 from credslayer.core import logger
 from credslayer.core.session import Session
@@ -27,7 +27,7 @@ def _is_username_duplicated(username: str) -> bool:
     return True
 
 
-def analyse(session: Session, layer: Layer):
+def analyse(session: Session, layer: BaseLayer):
 
     if not hasattr(layer, "data"):
         return

tests/tests.py

@@ -76,13 +76,25 @@ def test_http_basic_auth(self):
     def test_http_post_auth(self):
         credentials_list = process_pcap("samples/http-post-auth.pcap").get_list_of_all_credentials()
         print(credentials_list)
-        self.assertTrue(Credentials('toto', 'Str0ngP4ssw0rd') in credentials_list)
+        self.assertTrue(
+            Credentials(
+                'toto',
+                'Str0ngP4ssw0rd',
+                context={'Method': 'POST', 'URL': 'http://192.168.56.101:1337/login'}
+            ) in credentials_list
+        )
         self.assertTrue(len(credentials_list) == 1)
 
     def test_http_get_auth(self):
         credentials_list = process_pcap("samples/http-get-auth.pcap").get_list_of_all_credentials()
         print(credentials_list)
-        self.assertTrue(Credentials('admin', 'qwerty1234') in credentials_list)
+        self.assertTrue(
+                Credentials(
+                    'admin', 
+                    'qwerty1234', 
+                    context={'Method': 'GET', 'URL': 'http://192.168.56.101:1337/login?login=admin&password=qwerty1234'}
+                ) in credentials_list
+        )
         self.assertTrue(len(credentials_list) == 1)
 
     def test_ldap(self):
@@ -180,7 +192,7 @@ def test_ntlmssp(self):
         self.assertTrue(len(remaining_credentials) == 6)
         self.assertTrue(Credentials(hash="administrator::example:ea46e3a07ea448d200000000000000000000000000000000:"
                                          "4d626ea83a02eee710571a2b84241788bd21e3a66ddbf4a5"
-                                         ":CHALLENGE_NOT_FOUND") in remaining_credentials)
+                                         ":CHALLENGE_NOT_FOUND", context={'version': 'NETNTLMv1'}) in remaining_credentials)
 
 
 class ManagerTest(unittest.TestCase):