opensvp

#!/usr/bin/env python
#
# Copyright 2011-2012 Eric Leblond <eric@regit.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os,sys
import argparse

parser = argparse.ArgumentParser(description='Open selected pin hole in firewall')
parser.add_argument('-a', '--attacker', default=False, action="store_true", help='Work in attacker mode (spoofing attack)')
parser.add_argument('-s', '--server', default=False, action="store_true", help='Work in server mode')
parser.add_argument('-c', '--client', default=False, action="store_true", help='Work in client mode')
parser.add_argument('-n', '--nodpi', default=False, action="store_true", help='Work in DPI hiding mode')
parser.add_argument('-d', '--decode', default=False, help='Decode protocol message to extract IP params')
parser.add_argument('-t', '--target', default='192.168.2.2', help='IP address of target to attack')
parser.add_argument('-b', '--bind', default='', help='IP address to bind to')
parser.add_argument('-l', '--lport', default='', help='Port where server is listening')
parser.add_argument('-i', '--iface', default='eth0', help='Interface to use for sniffing communication')
parser.add_argument('-p', '--port', default=5432, help='Target port that should be open on server after attack')
parser.add_argument('-q', '--queue', default=0, help='Netfilter queue to use in nodpi mode')
parser.add_argument('-v', '--verbose', default=False, action="store_true", help="Show verbose output")
parser.add_argument('--helper', default='ftp', help='Protocol and helper to attack (ftp [default], ftp6, irc)')
args = parser.parse_args()

if args.helper not in ['ftp', 'ftp6', 'irc']:
    sys.exit("Selected protocol '%s' is not supported" % (args.helper))

if not (args.client == True or args.attacker == True or args.server == True or args.nodpi == True):
    sys.exit("At least one mode should be used")

if args.server == True:
    if args.client == True or args.attacker == True:
        sys.exit("Server, client, attacker mode are exclusive: leaving")
    import opensvp.server
    if args.helper == 'ftp':
        if args.lport == '':
            args.lport = 21
        target = opensvp.server.ftp(args.bind, int(args.lport), verbose=args.verbose)
    elif args.helper == 'irc':
        if args.lport == '':
            args.lport = 6667
        target = opensvp.server.irc(args.bind, int(args.lport), verbose=args.verbose)
    elif args.helper == 'ftp6':
        if args.lport == '':
            args.lport = 21
        target = opensvp.server.ftp6(args.bind, int(args.lport), verbose=args.verbose)
    else:
        sys.exit("Selected protocol is currently unsupported")

elif args.client == True:
    if args.server or args.attacker:
        sys.exit("Server, client, attacker mode are exclusive: leaving")
    import opensvp.client
    if args.helper == 'ftp':
        if args.lport == '':
            args.lport = 21
        target = opensvp.client.ftp(args.target, int(args.lport), int(args.port), verbose=args.verbose)
    elif args.helper == 'irc':
        if args.lport == '':
            args.lport = 6667
        target = opensvp.client.irc(args.target, int(args.lport), int(args.port), verbose=args.verbose)
    elif args.helper == 'ftp6':
        if args.lport == '':
            args.lport = 21
        target = opensvp.client.ftp6(args.target, int(args.lport), int(args.port), verbose=args.verbose)
    else:
        sys.exit("Selected protocol is currently unsupported")
elif args.attacker == True:
    if args.server or args.client:
        sys.exit("Server, client, attacker mode are exclusive: leaving")
    import opensvp.helper
    # if not root...kick out
    if not os.geteuid()==0:
        sys.stderr.write("Need to be root to run the script\n")
        sys.exit(1)
    if args.helper == 'ftp':
        target = opensvp.helper.ftp(args.iface, args.target, int(args.port), verbose=args.verbose)
    elif args.helper == 'irc':
        target = opensvp.helper.irc(args.iface, args.target, int(args.port), verbose=args.verbose)
    elif args.helper == 'ftp6':
        target = opensvp.helper.ftp6(args.iface, args.target, int(args.port), verbose=args.verbose)
    else:
        sys.exit("Selected protocol is currently unsupported")
elif args.nodpi == True:
    if args.server or args.client:
        sys.exit("Server, client, attacker mode are exclusive: leaving")
    import opensvp.nodpi
    # if not root...kick out
    if not os.geteuid()==0:
        sys.stderr.write("Need to be root to run the script\n")
        sys.exit(1)
    target = opensvp.nodpi.http_nodpi(args.iface, queue=int(args.queue), verbose=args.verbose)


if args.nodpi == True:
    print "Press CTRL+C to interrupt"

ret = target.run()
if ret is None:
    sys.exit("Error during process")

if args.server == True:
    print "You should be able to connect to %s:%d" % ret
if args.client == True:
    print "%s should be opened from outside" % ret