diff --git a/credslayer/parsers/ftp.py b/credslayer/parsers/ftp.py index fd54056..482f36e 100644 --- a/credslayer/parsers/ftp.py +++ b/credslayer/parsers/ftp.py @@ -1,12 +1,12 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/http.py b/credslayer/parsers/http.py index dd0e535..d92f9aa 100644 --- a/credslayer/parsers/http.py +++ b/credslayer/parsers/http.py @@ -3,7 +3,7 @@ import base64 from urllib.parse import parse_qs -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session @@ -26,7 +26,7 @@ 'j_password'] -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/imap.py b/credslayer/parsers/imap.py index e83562d..bae6f8b 100644 --- a/credslayer/parsers/imap.py +++ b/credslayer/parsers/imap.py @@ -1,12 +1,12 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/kerberos.py b/credslayer/parsers/kerberos.py index 601940f..f4df016 100644 --- a/credslayer/parsers/kerberos.py +++ b/credslayer/parsers/kerberos.py @@ -1,12 +1,12 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer) -> bool: +def analyse(session: Session, layer: BaseLayer) -> bool: logger.debug("Kerberos analysis...") return False diff --git a/credslayer/parsers/ldap.py b/credslayer/parsers/ldap.py index 0628ec1..d13b0a3 100644 --- a/credslayer/parsers/ldap.py +++ b/credslayer/parsers/ldap.py @@ -1,11 +1,11 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/mysql.py b/credslayer/parsers/mysql.py index e38ecc3..2b0f157 100644 --- a/credslayer/parsers/mysql.py +++ b/credslayer/parsers/mysql.py @@ -1,12 +1,12 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/ntlmssp.py b/credslayer/parsers/ntlmssp.py index c2b0309..0fc23f4 100644 --- a/credslayer/parsers/ntlmssp.py +++ b/credslayer/parsers/ntlmssp.py @@ -3,7 +3,7 @@ import base64 from typing import Tuple -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session @@ -30,12 +30,12 @@ def _fix_tshark_widechar_issue(layer) -> Tuple[str, str]: # Great resource : http://davenport.sourceforge.net/ntlm.html#theNtlmv2Response -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built if current_creds and hasattr(layer, "nt_status"): - status = int(layer.nt_status) + status = int(layer.nt_status, 16) if status == 0: # LOGON SUCCESS logger.found(session, "{} found: {}".format(current_creds.context["version"], current_creds.hash)) diff --git a/credslayer/parsers/pgsql.py b/credslayer/parsers/pgsql.py index 4c5b42a..6ad4e2c 100644 --- a/credslayer/parsers/pgsql.py +++ b/credslayer/parsers/pgsql.py @@ -1,12 +1,12 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/pop.py b/credslayer/parsers/pop.py index e818179..57ba703 100644 --- a/credslayer/parsers/pop.py +++ b/credslayer/parsers/pop.py @@ -1,11 +1,11 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import utils, logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/smtp.py b/credslayer/parsers/smtp.py index 5259cc5..757ec4a 100644 --- a/credslayer/parsers/smtp.py +++ b/credslayer/parsers/smtp.py @@ -2,13 +2,13 @@ from base64 import b64decode -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import utils, logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/snmp.py b/credslayer/parsers/snmp.py index 824abcd..18c30cf 100644 --- a/credslayer/parsers/snmp.py +++ b/credslayer/parsers/snmp.py @@ -1,12 +1,12 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): current_creds = session.credentials_being_built diff --git a/credslayer/parsers/telnet.py b/credslayer/parsers/telnet.py index 6a3df5d..1315001 100644 --- a/credslayer/parsers/telnet.py +++ b/credslayer/parsers/telnet.py @@ -1,5 +1,5 @@ # coding: utf-8 -from pyshark.packet.layer import Layer +from pyshark.packet.layers.base import BaseLayer from credslayer.core import logger from credslayer.core.session import Session @@ -27,7 +27,7 @@ def _is_username_duplicated(username: str) -> bool: return True -def analyse(session: Session, layer: Layer): +def analyse(session: Session, layer: BaseLayer): if not hasattr(layer, "data"): return diff --git a/tests/tests.py b/tests/tests.py index 553d7d8..f5efcec 100644 --- a/tests/tests.py +++ b/tests/tests.py @@ -76,13 +76,25 @@ def test_http_basic_auth(self): def test_http_post_auth(self): credentials_list = process_pcap("samples/http-post-auth.pcap").get_list_of_all_credentials() print(credentials_list) - self.assertTrue(Credentials('toto', 'Str0ngP4ssw0rd') in credentials_list) + self.assertTrue( + Credentials( + 'toto', + 'Str0ngP4ssw0rd', + context={'Method': 'POST', 'URL': 'http://192.168.56.101:1337/login'} + ) in credentials_list + ) self.assertTrue(len(credentials_list) == 1) def test_http_get_auth(self): credentials_list = process_pcap("samples/http-get-auth.pcap").get_list_of_all_credentials() print(credentials_list) - self.assertTrue(Credentials('admin', 'qwerty1234') in credentials_list) + self.assertTrue( + Credentials( + 'admin', + 'qwerty1234', + context={'Method': 'GET', 'URL': 'http://192.168.56.101:1337/login?login=admin&password=qwerty1234'} + ) in credentials_list + ) self.assertTrue(len(credentials_list) == 1) def test_ldap(self): @@ -180,7 +192,7 @@ def test_ntlmssp(self): self.assertTrue(len(remaining_credentials) == 6) self.assertTrue(Credentials(hash="administrator::example:ea46e3a07ea448d200000000000000000000000000000000:" "4d626ea83a02eee710571a2b84241788bd21e3a66ddbf4a5" - ":CHALLENGE_NOT_FOUND") in remaining_credentials) + ":CHALLENGE_NOT_FOUND", context={'version': 'NETNTLMv1'}) in remaining_credentials) class ManagerTest(unittest.TestCase):