diff --git a/.gitignore b/.gitignore index 811ddaf..4753d83 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ __pycache__/ build/ config.yaml +0xf44ee3942e7dgendata.csv +0xf44ee3942e7agendata.csv +admin-key.ppk diff --git a/config.yml b/config.yml index 7ea42c2..ced14b0 100644 --- a/config.yml +++ b/config.yml @@ -1,14 +1,17 @@ sftp: - host: ec2-3-86-186-51.compute-1.amazonaws.com + host: ec2-34-232-29-46.compute-1.amazonaws.com user: ec2-user + port: 22 keyfile: keyfile-admin.pem filepath: - send: /home/ec2-user/incoming - recieve: /home/ec2-user/outgoing + send: /home/ec2-user/Incoming/Incoming_Data + login: /home/ec2-user/Incoming/Login + recieve: /home/ec2-user/Outgoing ui: darkmode: true core: autokill: false - localadmin: true \ No newline at end of file + localadmin: true + interval: 10 \ No newline at end of file diff --git a/gendata.csv b/gendata.csv deleted file mode 100644 index 1ef25e6..0000000 --- a/gendata.csv +++ /dev/null @@ -1,64 +0,0 @@ -0xf44ee3942e7d,FRAMEWORKWIN,Cole,1664330576 -tailscale-ipn.exe,TCP,127.0.0.1:63227,127.0.0.1:41112,ESTABLISHED,13244 -nxnode.bin,TCP,127.0.0.1:63192,127.0.0.1:22753,ESTABLISHED,11476 -nxnode.bin,TCP,127.0.0.1:63191,127.0.0.1:1550,ESTABLISHED,11476 -nxnode.bin,TCP,127.0.0.1:63190,127.0.0.1:21667,ESTABLISHED,11476 -nxclient.bin,TCP,127.0.0.1:62772,127.0.0.1:15334,ESTABLISHED,12168 -nxclient.bin,TCP,127.0.0.1:62771,127.0.0.1:14346,ESTABLISHED,12168 -nxclient.bin,TCP,127.0.0.1:62770,127.0.0.1:32580,ESTABLISHED,12168 -nxnode.bin,TCP,127.0.0.1:62769,127.0.0.1:25001,ESTABLISHED,11476 -nxnode.bin,TCP,127.0.0.1:62767,127.0.0.1:24790,ESTABLISHED,11476 -nxnode.bin,TCP,127.0.0.1:62764,127.0.0.1:4831,ESTABLISHED,11476 -firefox.exe,TCP,127.0.0.1:54101,127.0.0.1:54100,ESTABLISHED,2220 -firefox.exe,TCP,127.0.0.1:54100,127.0.0.1:54101,ESTABLISHED,2220 -firefox.exe,TCP,127.0.0.1:54099,127.0.0.1:54098,ESTABLISHED,16812 -firefox.exe,TCP,127.0.0.1:54098,127.0.0.1:54099,ESTABLISHED,16812 -python.exe,TCP,127.0.0.1:53388,127.0.0.1:53387,ESTABLISHED,6380 -python.exe,TCP,127.0.0.1:53387,127.0.0.1:53388,ESTABLISHED,6380 -VSCodium.exe,TCP,127.0.0.1:53380,127.0.0.1:53379,ESTABLISHED,9272 -VSCodium.exe,TCP,127.0.0.1:53379,127.0.0.1:53380,ESTABLISHED,9272 -nxserver.bin,TCP,127.0.0.1:53359,127.0.0.1:17141,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:53352,127.0.0.1:25137,ESTABLISHED,7620 -nxservice64.exe,TCP,127.0.0.1:49777,127.0.0.1:19492,ESTABLISHED,5244 -nxserver.bin,TCP,127.0.0.1:49772,127.0.0.1:7426,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:49768,127.0.0.1:15484,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:49767,127.0.0.1:7973,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:49766,127.0.0.1:4362,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:49765,127.0.0.1:5244,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:49764,127.0.0.1:2739,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:49704,127.0.0.1:32876,ESTABLISHED,7620 -AppleMobileDeviceService.exe,TCP,127.0.0.1:49674,127.0.0.1:5354,ESTABLISHED,4888 -AppleMobileDeviceService.exe,TCP,127.0.0.1:49670,127.0.0.1:5354,ESTABLISHED,4888 -tailscaled.exe,TCP,127.0.0.1:41112,127.0.0.1:63227,ESTABLISHED,7688 -nxserver.bin,TCP,127.0.0.1:32876,127.0.0.1:49704,ESTABLISHED,7620 -nxclient.bin,TCP,127.0.0.1:32580,127.0.0.1:62770,ESTABLISHED,12168 -nxserver.bin,TCP,127.0.0.1:25137,127.0.0.1:53352,ESTABLISHED,7620 -nxclient.bin,TCP,127.0.0.1:25001,127.0.0.1:62769,ESTABLISHED,12168 -nxserver.bin,TCP,127.0.0.1:24790,127.0.0.1:62767,ESTABLISHED,7620 -nxnode.bin,TCP,127.0.0.1:22753,127.0.0.1:63192,ESTABLISHED,11476 -nxnode.bin,TCP,127.0.0.1:21667,127.0.0.1:63190,ESTABLISHED,11476 -nxservice64.exe,TCP,127.0.0.1:19492,127.0.0.1:49777,ESTABLISHED,5244 -nxserver.bin,TCP,127.0.0.1:17141,127.0.0.1:53359,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:15484,127.0.0.1:49768,ESTABLISHED,7620 -nxclient.bin,TCP,127.0.0.1:15334,127.0.0.1:62772,ESTABLISHED,12168 -nxclient.bin,TCP,127.0.0.1:14346,127.0.0.1:62771,ESTABLISHED,12168 -nxserver.bin,TCP,127.0.0.1:7973,127.0.0.1:49767,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:7426,127.0.0.1:49772,ESTABLISHED,7620 -mDNSResponder.exe,TCP,127.0.0.1:5354,127.0.0.1:49674,ESTABLISHED,4948 -mDNSResponder.exe,TCP,127.0.0.1:5354,127.0.0.1:49670,ESTABLISHED,4948 -nxserver.bin,TCP,127.0.0.1:5244,127.0.0.1:49765,ESTABLISHED,7620 -nxnode.bin,TCP,127.0.0.1:4831,127.0.0.1:62764,ESTABLISHED,11476 -nxserver.bin,TCP,127.0.0.1:4362,127.0.0.1:49766,ESTABLISHED,7620 -nxserver.bin,TCP,127.0.0.1:2739,127.0.0.1:49764,ESTABLISHED,7620 -nxnode.bin,TCP,127.0.0.1:1550,127.0.0.1:63191,ESTABLISHED,11476 -firefox.exe,TCP,104.194.96.68:60181,208.59.79.12:443,ESTABLISHED,16812 -pwsh.exe,TCP,104.194.96.68:60176,104.45.136.42:443,ESTABLISHED,8172 -firefox.exe,TCP,104.194.96.68:54110,52.41.253.170:443,ESTABLISHED,16812 -syncthing.exe,TCP,104.194.96.68:53909,128.173.88.78:22067,ESTABLISHED,6668 -tailscaled.exe,TCP,104.194.96.68:53392,18.156.90.224:80,ESTABLISHED,7688 -Discord.exe,TCP,104.194.96.68:53339,162.159.135.234:443,ESTABLISHED,5596 -tailscaled.exe,TCP,104.194.96.68:53214,199.38.182.118:443,ESTABLISHED,7688 -svchost.exe,TCP,104.194.96.68:49420,13.64.180.106:443,ESTABLISHED,5456 -VcomSvc.exe,TCP,100.106.209.107:63898,192.168.1.173:5000,ESTABLISHED,5424 -Windows System,TCP,100.106.209.107:53857,192.168.1.11:445,ESTABLISHED,4 -Windows System,TCP,100.106.209.107:53856,192.168.1.216:445,ESTABLISHED,4 diff --git a/ippigeon.py b/ippigeon.py index 1bd4c03..9f8f148 100644 --- a/ippigeon.py +++ b/ippigeon.py @@ -9,28 +9,31 @@ import csv import uuid import sys import yaml -import pysftp as sftp +from fabric import Connection displaydata = None settings = None netdata_res = None procdata_res = None killme = None -datafile = "gendata.csv" +datafile = "" +#print(datafile) config = None -interval = 5 +interval = 10 win32 = platform == "win32" linux = platform == "linux" or platform == "linux2" macos = platform == "darwin" # Get unique system values if win32: sysid = hex(uuid.getnode()) + datafile += sysid + datafile += "gendata.csv" # Python is running as Administrator (so netstat can get filename, to block, etc), # so we use this to see who is actually logged in # it's very hacky startupinfo = subprocess.STARTUPINFO() - if not getattr(sys, "frozen", False): - startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW # hide powershell window + #if not getattr(sys, "frozen", False): + startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW # hide powershell window res = subprocess.check_output(["WMIC", "ComputerSystem", "GET", "UserName"], universal_newlines=True, startupinfo=startupinfo) _, username = res.strip().rsplit("\n", 1) userid, sysdom = username.rsplit("\\", 1) @@ -48,12 +51,25 @@ def find_data_file(filename): def run_ps(cmd): if win32: startupinfo = subprocess.STARTUPINFO() - if not getattr(sys, "frozen", False): - startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW - completed = subprocess.run(["powershell", "-WindowStyle", "hidden", "-Command", cmd], capture_output=True, startupinfo=startupinfo) + #print("DICKS") + #if not getattr(sys, "frozen", False): + # print("test") + # + #completed = subprocess.run(["powershell", "-Command", cmd], capture_output=True, startupinfo=startupinfo) + #else: + # print("alt") + startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW # , "-WindowStyle", "hidden" + completed = subprocess.run(["powershell", "-Command", cmd], capture_output=True, startupinfo=startupinfo) + #completed = subprocess.run(["powershell", "-WindowStyle", "hidden", "-Command", cmd], capture_output=True, startupinfo=startupinfo) + return completed +def setup_child(): + sys.stdout = Logger(filename=find_data_file("output.log")) + sys.stderr = Logger(filename=find_data_file("output.log")) + def netstat(): + setup_child() print("netstat started") if win32: data = run_ps("netstat -n -o -b") @@ -67,15 +83,27 @@ def netstat_done(res): #netdata_res = pool.apply_async(netstat) def process_done(res): - procdata_res = pool.apply_async(sftp_connect, (res,)) + print("uploading to sftp...") + sftp_connect(4) + #procdata_res = pool.apply_async(sftp_connect, (res,)) def sftp_connect(res): print("Sending data over SFTP") - with pysftp.Connection(config['sftp']['host'], username=config['sftp']['user'], private_key=find_data_file(config['sftp']['keyfile'])) as sftp: - with sftp.cd(config['sftp']['filepath']['send']): - sftp.put(find_data_file(datafile)) - print(sftp.lisdir()) + c = Connection(host=config['sftp']['host'], user=config['sftp']['user'], port=config['sftp']['port'], connect_kwargs={"key_filename": find_data_file(config['sftp']['keyfile']),}) + c.put(find_data_file(datafile), remote=config['sftp']['filepath']['send']) + command = 'ls ' + config['sftp']['filepath']['send'] + c.run(command) + + + + #cnopts = pysftp.CnOpts(knownhosts=find_data_file('known_hosts')) + + #with pysftp.Connection(config['sftp']['host'], username=config['sftp']['user'], private_key=find_data_file(config['sftp']['keyfile']), cnopts=cnopts) as sftp: + #with sftp.cd(config['sftp']['filepath']['send']): + #sftp.put(find_data_file(datafile)) + def process_netstat(data): + setup_child() print("netstat processing") if win32: #output = data.stdout @@ -128,11 +156,11 @@ def process_netstat(data): #print("Garbage data", string) x = x - 1 #output2 = output2[2:] - print(output2) + #print(output2) with open(find_data_file(datafile), "w", newline="") as f: writer = csv.writer(f) writer.writerows(output2) - print("done") + print("done creating csv") def killall(): kids = active_children() @@ -149,7 +177,7 @@ def mainloop(pool): global procdata_res global rawdata global killme - print(killme) + #print(killme) if killme.value > 0: #print("killing") killall() @@ -161,19 +189,37 @@ def mainloop(pool): netdata_res = pool.apply_async(netstat, callback=netstat_done) sleep(interval) +class Logger(object): + def __init__(self, filename="output.log"): + self.log = open(filename, "a") + self.terminal = sys.stdout + + def write(self, message): + self.log.write(message) + #close(filename) + #self.log = open(filename, "a") + self.terminal.write(message) + + def flush(self): + print("") + if __name__ == '__main__': freeze_support() # required if packaged into single EXE # create manager to share data to me, background, foreground # create worker pool - + + sys.stdout = Logger(filename=find_data_file("output.log")) + sys.stderr = Logger(filename=find_data_file("output.log")) + with Pool(processes=5) as pool: with Manager() as manager: with open(find_data_file('config.yml'), 'r') as file: #global config config = yaml.safe_load(file) #print(config['sftp']['host']) + interval = config['core']['interval'] displaydata = manager.list(range(2)) # data to be printed - settings = manager.list(range(20)) # configuration + settings = manager.list(range(20)) # configuration killme = manager.Value('d', 0) #killme = False # launch background UI app as process diff --git a/known_hosts b/known_hosts new file mode 100644 index 0000000..a379106 --- /dev/null +++ b/known_hosts @@ -0,0 +1 @@ +ec2-34-232-29-46.compute-1.amazonaws.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM8sLlu0mu1PqYXk+a9XYHXXFiOaxk/2tIS5O3q+3ah13bd5Iz+NSxS0bXT7TdMTA/lD1kWMUXROEauADgIfT98= diff --git a/output.log b/output.log new file mode 100644 index 0000000..9890f93 --- /dev/null +++ b/output.log @@ -0,0 +1,98 @@ +start loopTraceback (most recent call last): + +Exception ignored in atexit callbackException ignored in sys.unraisablehookException ignored in atexit callbackException ignored in sys.unraisablehookException ignored in: Exception ignored in sys.unraisablehookstart loop +netstat starting +netstat done +uploading to sftp... +Sending data over SFTP +0xf44ee3942e7agendata.csv + +start loop +netstat starting +netstat done +uploading to sftp... +Sending data over SFTP +0xf44ee3942e7agendata.csv + + + +Traceback (most recent call last): + File "c:\Users\Cole\ff\ippigeon.py", line 236, in + mainloop(pool) + File "c:\Users\Cole\ff\ippigeon.py", line 190, in mainloop + sleep(interval) +KeyboardInterrupt + + + + +Traceback (most recent call last): + File "c:\Users\Cole\ff\ippigeon.py", line 236, in + mainloop(pool) + File "c:\Users\Cole\ff\ippigeon.py", line 190, in mainloop + sleep(interval) +KeyboardInterrupt +Process SpawnPoolWorker-5: +Traceback (most recent call last): + File "C:\Program Files\Python310\lib\multiprocessing\process.py", line 314, in _bootstrap + self.run() + File "C:\Program Files\Python310\lib\multiprocessing\process.py", line 108, in run + self._target(*self._args, **self._kwargs) + File "C:\Program Files\Python310\lib\multiprocessing\pool.py", line 114, in worker + task = get() + File "C:\Program Files\Python310\lib\multiprocessing\queues.py", line 364, in get + with self._rlock: + File "C:\Program Files\Python310\lib\multiprocessing\synchronize.py", line 95, in __enter__ + return self._semlock.__enter__() +KeyboardInterrupt +netstat started +Process SpawnPoolWorker-5: +Traceback (most recent call last): + File "C:\Program Files\Python310\lib\multiprocessing\process.py", line 314, in _bootstrap + self.run() + File "C:\Program Files\Python310\lib\multiprocessing\process.py", line 108, in run + self._target(*self._args, **self._kwargs) + File "C:\Program Files\Python310\lib\multiprocessing\pool.py", line 114, in worker + task = get() + File "C:\Program Files\Python310\lib\multiprocessing\queues.py", line 364, in get + with self._rlock: + File "C:\Program Files\Python310\lib\multiprocessing\synchronize.py", line 95, in __enter__ + return self._semlock.__enter__() +KeyboardInterrupt + + + + + +Process SpawnPoolWorker-5: +Traceback (most recent call last): + File "C:\Program Files\Python310\lib\multiprocessing\process.py", line 314, in _bootstrap + self.run() + File "C:\Program Files\Python310\lib\multiprocessing\process.py", line 108, in run + self._target(*self._args, **self._kwargs) + File "C:\Program Files\Python310\lib\multiprocessing\pool.py", line 114, in worker + task = get() + File "C:\Program Files\Python310\lib\multiprocessing\queues.py", line 364, in get + with self._rlock: + File "C:\Program Files\Python310\lib\multiprocessing\synchronize.py", line 95, in __enter__ + return self._semlock.__enter__() +KeyboardInterrupt +netstat started +Process SpawnPoolWorker-5: +Traceback (most recent call last): + File "C:\Program Files\Python310\lib\multiprocessing\process.py", line 314, in _bootstrap + self.run() + File "C:\Program Files\Python310\lib\multiprocessing\process.py", line 108, in run + self._target(*self._args, **self._kwargs) + File "C:\Program Files\Python310\lib\multiprocessing\pool.py", line 114, in worker + task = get() + File "C:\Program Files\Python310\lib\multiprocessing\queues.py", line 364, in get + with self._rlock: + File "C:\Program Files\Python310\lib\multiprocessing\synchronize.py", line 95, in __enter__ + return self._semlock.__enter__() +KeyboardInterrupt + + + + + diff --git a/setup.py b/setup.py index 538d6f9..d6a2f6c 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ from cx_Freeze import setup, Executable # Dependencies are automatically detected, but it might need fine tuning. # "packages": ["os"] is used as example only -build_exe_options = {"packages": ["os"], "excludes": ["tkinter"], "include_msvcr": True, "include_files": ["icon.png", "IPPigeon.lnk"], "optimize": 2} +build_exe_options = {"packages": ["os"], "excludes": ["tkinter"], "include_msvcr": True, "include_files": ["icon.png", "IPPigeon.lnk", "config.yml", "known_hosts"], "optimize": 2} # base="Win32GUI" should be used only for Windows GUI app base = None