From d38e1384a6998a116b38638ea8bbd54a82979f25 Mon Sep 17 00:00:00 2001 From: Cole Deck Date: Tue, 27 Sep 2022 21:04:49 -0500 Subject: [PATCH] add sftp --- .gitignore | 3 ++- config.yml | 14 ++++++++++++++ gendata.csv | 15 ++++----------- ippigeon.py | 29 ++++++++++++++++++++++++----- keyfile-admin.pem | 27 +++++++++++++++++++++++++++ taskbartool.py | 2 +- 6 files changed, 72 insertions(+), 18 deletions(-) create mode 100644 config.yml create mode 100644 keyfile-admin.pem diff --git a/.gitignore b/.gitignore index 5034363..811ddaf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ __pycache__/ -build/ \ No newline at end of file +build/ +config.yaml diff --git a/config.yml b/config.yml new file mode 100644 index 0000000..7ea42c2 --- /dev/null +++ b/config.yml @@ -0,0 +1,14 @@ +sftp: + host: ec2-3-86-186-51.compute-1.amazonaws.com + user: ec2-user + keyfile: keyfile-admin.pem + filepath: + send: /home/ec2-user/incoming + recieve: /home/ec2-user/outgoing + +ui: + darkmode: true + +core: + autokill: false + localadmin: true \ No newline at end of file diff --git a/gendata.csv b/gendata.csv index 6c3484c..1ef25e6 100644 --- a/gendata.csv +++ b/gendata.csv @@ -1,5 +1,4 @@ -0xf44ee3942e7d,FRAMEWORKWIN,Cole,1664325206 -Discord.exe,TCP,[2620:f3:8000:5050:2c24:f8cf:930c:11ae]:64280,[2607:f8b0:4009:809::2010]:443,ESTABLISHED,17860 +0xf44ee3942e7d,FRAMEWORKWIN,Cole,1664330576 tailscale-ipn.exe,TCP,127.0.0.1:63227,127.0.0.1:41112,ESTABLISHED,13244 nxnode.bin,TCP,127.0.0.1:63192,127.0.0.1:22753,ESTABLISHED,11476 nxnode.bin,TCP,127.0.0.1:63191,127.0.0.1:1550,ESTABLISHED,11476 @@ -52,19 +51,13 @@ nxnode.bin,TCP,127.0.0.1:4831,127.0.0.1:62764,ESTABLISHED,11476 nxserver.bin,TCP,127.0.0.1:4362,127.0.0.1:49766,ESTABLISHED,7620 nxserver.bin,TCP,127.0.0.1:2739,127.0.0.1:49764,ESTABLISHED,7620 nxnode.bin,TCP,127.0.0.1:1550,127.0.0.1:63191,ESTABLISHED,11476 -nxnode.bin,TCP,104.194.96.68:64754,162.159.136.232:443,TIME_WAIT,0 -nxnode.bin,TCP,104.194.96.68:64331,208.59.79.12:443,TIME_WAIT,0 -firefox.exe,TCP,104.194.96.68:64319,151.101.129.69:443,ESTABLISHED,16812 -firefox.exe,TCP,104.194.96.68:64318,146.75.76.193:443,ESTABLISHED,16812 -firefox.exe,TCP,104.194.96.68:64313,151.101.129.69:443,ESTABLISHED,16812 -firefox.exe,TCP,104.194.96.68:63967,162.159.128.232:443,TIME_WAIT,0 -Discord.exe,TCP,104.194.96.68:60110,162.159.130.234:443,ESTABLISHED,17860 +firefox.exe,TCP,104.194.96.68:60181,208.59.79.12:443,ESTABLISHED,16812 +pwsh.exe,TCP,104.194.96.68:60176,104.45.136.42:443,ESTABLISHED,8172 firefox.exe,TCP,104.194.96.68:54110,52.41.253.170:443,ESTABLISHED,16812 syncthing.exe,TCP,104.194.96.68:53909,128.173.88.78:22067,ESTABLISHED,6668 tailscaled.exe,TCP,104.194.96.68:53392,18.156.90.224:80,ESTABLISHED,7688 +Discord.exe,TCP,104.194.96.68:53339,162.159.135.234:443,ESTABLISHED,5596 tailscaled.exe,TCP,104.194.96.68:53214,199.38.182.118:443,ESTABLISHED,7688 -VSCodium.exe,TCP,104.194.96.68:50895,76.76.21.241:443,ESTABLISHED,11116 -VSCodium.exe,TCP,104.194.96.68:50894,76.76.21.9:443,ESTABLISHED,11116 svchost.exe,TCP,104.194.96.68:49420,13.64.180.106:443,ESTABLISHED,5456 VcomSvc.exe,TCP,100.106.209.107:63898,192.168.1.173:5000,ESTABLISHED,5424 Windows System,TCP,100.106.209.107:53857,192.168.1.11:445,ESTABLISHED,4 diff --git a/ippigeon.py b/ippigeon.py index 55987d1..1bd4c03 100644 --- a/ippigeon.py +++ b/ippigeon.py @@ -8,13 +8,16 @@ import time import csv import uuid import sys +import yaml +import pysftp as sftp displaydata = None settings = None netdata_res = None procdata_res = None killme = None - +datafile = "gendata.csv" +config = None interval = 5 win32 = platform == "win32" linux = platform == "linux" or platform == "linux2" @@ -24,8 +27,10 @@ if win32: sysid = hex(uuid.getnode()) # Python is running as Administrator (so netstat can get filename, to block, etc), # so we use this to see who is actually logged in + # it's very hacky startupinfo = subprocess.STARTUPINFO() - startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW + if not getattr(sys, "frozen", False): + startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW # hide powershell window res = subprocess.check_output(["WMIC", "ComputerSystem", "GET", "UserName"], universal_newlines=True, startupinfo=startupinfo) _, username = res.strip().rsplit("\n", 1) userid, sysdom = username.rsplit("\\", 1) @@ -43,7 +48,8 @@ def find_data_file(filename): def run_ps(cmd): if win32: startupinfo = subprocess.STARTUPINFO() - startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW + if not getattr(sys, "frozen", False): + startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW completed = subprocess.run(["powershell", "-WindowStyle", "hidden", "-Command", cmd], capture_output=True, startupinfo=startupinfo) return completed @@ -55,11 +61,20 @@ def netstat(): def netstat_done(res): print("netstat done") - procdata_res = pool.apply_async(process_netstat, (res,)) + procdata_res = pool.apply_async(process_netstat, (res,), callback=process_done) #process_netstat(res) #print(procdata_res.get()) #netdata_res = pool.apply_async(netstat) +def process_done(res): + procdata_res = pool.apply_async(sftp_connect, (res,)) + +def sftp_connect(res): + print("Sending data over SFTP") + with pysftp.Connection(config['sftp']['host'], username=config['sftp']['user'], private_key=find_data_file(config['sftp']['keyfile'])) as sftp: + with sftp.cd(config['sftp']['filepath']['send']): + sftp.put(find_data_file(datafile)) + print(sftp.lisdir()) def process_netstat(data): print("netstat processing") if win32: @@ -114,7 +129,7 @@ def process_netstat(data): x = x - 1 #output2 = output2[2:] print(output2) - with open(find_data_file("gendata.csv"), "w", newline="") as f: + with open(find_data_file(datafile), "w", newline="") as f: writer = csv.writer(f) writer.writerows(output2) print("done") @@ -153,6 +168,10 @@ if __name__ == '__main__': with Pool(processes=5) as pool: with Manager() as manager: + with open(find_data_file('config.yml'), 'r') as file: + #global config + config = yaml.safe_load(file) + #print(config['sftp']['host']) displaydata = manager.list(range(2)) # data to be printed settings = manager.list(range(20)) # configuration killme = manager.Value('d', 0) diff --git a/keyfile-admin.pem b/keyfile-admin.pem new file mode 100644 index 0000000..6fb5cb6 --- /dev/null +++ b/keyfile-admin.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAkKf5kPTTHIvL44Tfe7QO13K/JVfD+DbIwWQBURqa60ohVldN +mWg7dngpMeHcr27JXLHfAT1c2ztbZR13ZZzKTpu1IbUtecVhCsduNtMzLehB8seQ +0lPLAUeE76IK7KfYBUXNXnA5n9oFTS2DJwnYgSqAODbILOxbUpdRajTbacE3Mo0p +nMLwvqcCwXXfKEhlcccclckDKkZYpwLfmuw7veD007NlBfq/lOezdFBERezEUIgr ++A22JP5KCsVeuQBJuuRrXdz8p334n2xaR4RDjN3p0cmMi2Oohm7M7MbhAImC/J+P +HXOJMQpdEgD6Ea17Jr9ORPf08HrrjaZzA/SW7QIDAQABAoIBAEe07LKdmjTxW42a +JUpl9GF6gSRawEs/pP6wuzJgFOGD6sipGE9uauOMJyeSBdp0+Z5YkepEZ85JO0IB +fFlDgsm6x+xAqp1NaZB1Ub4draYZFu/pW3HXla85q706P14Wya+7bVVeHkKOSch7 +QiNM7yUAU3UKOuqB87caSYJzVzyxhUd5S6/ro2VNbXT/7vHSsKCja2scy+JaRhKn +m4cc3P+ggI06JLfZsMZY1zJKDhbWiHGmB5ZdzqAJsu/bAtXWY25QsHowYAqPG7Uq +7rcJlbbdkCASE4MXqi427uJfeqBB0vfykttSriBpQVBKus5wpcCEOMkpEho0zU0Z +yx9bdeECgYEA9d0PDjAqIwrVSxjeOd6eXcSwmMzaK5fc5beptKRQA0U/O4swhn2+ +NOio6v6fTWuDwNHAsMZiDvW3boO357GCm2N7YkqvdarydfOt7IccsUnEROaAxOqx +1wlnl0NkVIwaTo3XoRSWIcIqE3mCAaz8peqtRmIcXcQ/S9RGm3QeiAUCgYEAlp67 +vmn6Z1U0XLILnf4i9D3ECJlwJXEP64pB4XnXiHU/StaXY7CSRaCX+SxfgUR8pATQ +ySYDRY1Ag6cHxSVIo1vkotT3P11x7/8yWnomvnEwRJqTMdN+/VuTi4tPzU1ScNXX +F7aRqkNoGEkmsmi2wdszbJcruI74k4TGLcbNj8kCgYEAgG37AVRTjn6IMHRLETui +yiSGgyrvBDqN30lzUrNKQIsZnsb0kCx7ATRPmIFtQYnaBw0KdM0MR/g+23HezR7C +tNzghNWyleq4QLkLrzRc3pdD+SHXPgXC5Cs7e55ueGO/Ei2x56jTS8sbI5UjPjDY +wOq3nL5/RtPOpJO8VlPv5ukCgYEAjytM/D9SdNyJzD61SjWiVhVL/HyVHBHvdw3R +d5jQZfZE9kcqWekh8KspKgGiuoY2D9Y/+6N1YqxUkY+4lA3PkPAtURYr+wBA6Ebk +PxpzL3z5y4w+tBL8V6mvguomLdj8ryKktPamWXh/Pu5xqQ5eAcDxjZvYRDMqV1bS +5fpdtPkCgYEAoRVdlDSaj9u3NPoFkschl1bOZlJpm9tJVU+LoWxRe8tuLIwVDvXP +JsZMcpfinEPWSrJN+hlGDuaq7k5LtSNeQoruaafhlE+CV54G7J2Khn8pRKWT+n/p +36PfgGbhuLsZl8KDy+PXjS+L5A1kuTxB4rOBdHXIHm60aNCqB0BRcTM= +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/taskbartool.py b/taskbartool.py index 8b52cc8..8f52240 100644 --- a/taskbartool.py +++ b/taskbartool.py @@ -57,7 +57,7 @@ class TaskBarIcon(wx.adv.TaskBarIcon): def on_exit(self, event): wx.CallAfter(self.Destroy) self.close_popup() - print("kill cmd") + #print("kill cmd") global killme killme.value += 1