formac
Cole Deck 2 years ago
parent faafcf8505
commit d38e1384a6

3
.gitignore vendored

@ -1,2 +1,3 @@
__pycache__/ __pycache__/
build/ build/
config.yaml

@ -0,0 +1,14 @@
sftp:
host: ec2-3-86-186-51.compute-1.amazonaws.com
user: ec2-user
keyfile: keyfile-admin.pem
filepath:
send: /home/ec2-user/incoming
recieve: /home/ec2-user/outgoing
ui:
darkmode: true
core:
autokill: false
localadmin: true

@ -1,5 +1,4 @@
0xf44ee3942e7d,FRAMEWORKWIN,Cole,1664325206 0xf44ee3942e7d,FRAMEWORKWIN,Cole,1664330576
Discord.exe,TCP,[2620:f3:8000:5050:2c24:f8cf:930c:11ae]:64280,[2607:f8b0:4009:809::2010]:443,ESTABLISHED,17860
tailscale-ipn.exe,TCP,127.0.0.1:63227,127.0.0.1:41112,ESTABLISHED,13244 tailscale-ipn.exe,TCP,127.0.0.1:63227,127.0.0.1:41112,ESTABLISHED,13244
nxnode.bin,TCP,127.0.0.1:63192,127.0.0.1:22753,ESTABLISHED,11476 nxnode.bin,TCP,127.0.0.1:63192,127.0.0.1:22753,ESTABLISHED,11476
nxnode.bin,TCP,127.0.0.1:63191,127.0.0.1:1550,ESTABLISHED,11476 nxnode.bin,TCP,127.0.0.1:63191,127.0.0.1:1550,ESTABLISHED,11476
@ -52,19 +51,13 @@ nxnode.bin,TCP,127.0.0.1:4831,127.0.0.1:62764,ESTABLISHED,11476
nxserver.bin,TCP,127.0.0.1:4362,127.0.0.1:49766,ESTABLISHED,7620 nxserver.bin,TCP,127.0.0.1:4362,127.0.0.1:49766,ESTABLISHED,7620
nxserver.bin,TCP,127.0.0.1:2739,127.0.0.1:49764,ESTABLISHED,7620 nxserver.bin,TCP,127.0.0.1:2739,127.0.0.1:49764,ESTABLISHED,7620
nxnode.bin,TCP,127.0.0.1:1550,127.0.0.1:63191,ESTABLISHED,11476 nxnode.bin,TCP,127.0.0.1:1550,127.0.0.1:63191,ESTABLISHED,11476
nxnode.bin,TCP,104.194.96.68:64754,162.159.136.232:443,TIME_WAIT,0 firefox.exe,TCP,104.194.96.68:60181,208.59.79.12:443,ESTABLISHED,16812
nxnode.bin,TCP,104.194.96.68:64331,208.59.79.12:443,TIME_WAIT,0 pwsh.exe,TCP,104.194.96.68:60176,104.45.136.42:443,ESTABLISHED,8172
firefox.exe,TCP,104.194.96.68:64319,151.101.129.69:443,ESTABLISHED,16812
firefox.exe,TCP,104.194.96.68:64318,146.75.76.193:443,ESTABLISHED,16812
firefox.exe,TCP,104.194.96.68:64313,151.101.129.69:443,ESTABLISHED,16812
firefox.exe,TCP,104.194.96.68:63967,162.159.128.232:443,TIME_WAIT,0
Discord.exe,TCP,104.194.96.68:60110,162.159.130.234:443,ESTABLISHED,17860
firefox.exe,TCP,104.194.96.68:54110,52.41.253.170:443,ESTABLISHED,16812 firefox.exe,TCP,104.194.96.68:54110,52.41.253.170:443,ESTABLISHED,16812
syncthing.exe,TCP,104.194.96.68:53909,128.173.88.78:22067,ESTABLISHED,6668 syncthing.exe,TCP,104.194.96.68:53909,128.173.88.78:22067,ESTABLISHED,6668
tailscaled.exe,TCP,104.194.96.68:53392,18.156.90.224:80,ESTABLISHED,7688 tailscaled.exe,TCP,104.194.96.68:53392,18.156.90.224:80,ESTABLISHED,7688
Discord.exe,TCP,104.194.96.68:53339,162.159.135.234:443,ESTABLISHED,5596
tailscaled.exe,TCP,104.194.96.68:53214,199.38.182.118:443,ESTABLISHED,7688 tailscaled.exe,TCP,104.194.96.68:53214,199.38.182.118:443,ESTABLISHED,7688
VSCodium.exe,TCP,104.194.96.68:50895,76.76.21.241:443,ESTABLISHED,11116
VSCodium.exe,TCP,104.194.96.68:50894,76.76.21.9:443,ESTABLISHED,11116
svchost.exe,TCP,104.194.96.68:49420,13.64.180.106:443,ESTABLISHED,5456 svchost.exe,TCP,104.194.96.68:49420,13.64.180.106:443,ESTABLISHED,5456
VcomSvc.exe,TCP,100.106.209.107:63898,192.168.1.173:5000,ESTABLISHED,5424 VcomSvc.exe,TCP,100.106.209.107:63898,192.168.1.173:5000,ESTABLISHED,5424
Windows System,TCP,100.106.209.107:53857,192.168.1.11:445,ESTABLISHED,4 Windows System,TCP,100.106.209.107:53857,192.168.1.11:445,ESTABLISHED,4

1 0xf44ee3942e7d,FRAMEWORKWIN,Cole,1664325206 0xf44ee3942e7d,FRAMEWORKWIN,Cole,1664330576
Discord.exe,TCP,[2620:f3:8000:5050:2c24:f8cf:930c:11ae]:64280,[2607:f8b0:4009:809::2010]:443,ESTABLISHED,17860
2 tailscale-ipn.exe,TCP,127.0.0.1:63227,127.0.0.1:41112,ESTABLISHED,13244 tailscale-ipn.exe,TCP,127.0.0.1:63227,127.0.0.1:41112,ESTABLISHED,13244
3 nxnode.bin,TCP,127.0.0.1:63192,127.0.0.1:22753,ESTABLISHED,11476 nxnode.bin,TCP,127.0.0.1:63192,127.0.0.1:22753,ESTABLISHED,11476
4 nxnode.bin,TCP,127.0.0.1:63191,127.0.0.1:1550,ESTABLISHED,11476 nxnode.bin,TCP,127.0.0.1:63191,127.0.0.1:1550,ESTABLISHED,11476
51 nxserver.bin,TCP,127.0.0.1:4362,127.0.0.1:49766,ESTABLISHED,7620 nxserver.bin,TCP,127.0.0.1:4362,127.0.0.1:49766,ESTABLISHED,7620
52 nxserver.bin,TCP,127.0.0.1:2739,127.0.0.1:49764,ESTABLISHED,7620 nxserver.bin,TCP,127.0.0.1:2739,127.0.0.1:49764,ESTABLISHED,7620
53 nxnode.bin,TCP,127.0.0.1:1550,127.0.0.1:63191,ESTABLISHED,11476 nxnode.bin,TCP,127.0.0.1:1550,127.0.0.1:63191,ESTABLISHED,11476
54 nxnode.bin,TCP,104.194.96.68:64754,162.159.136.232:443,TIME_WAIT,0 firefox.exe,TCP,104.194.96.68:60181,208.59.79.12:443,ESTABLISHED,16812
55 nxnode.bin,TCP,104.194.96.68:64331,208.59.79.12:443,TIME_WAIT,0 pwsh.exe,TCP,104.194.96.68:60176,104.45.136.42:443,ESTABLISHED,8172
firefox.exe,TCP,104.194.96.68:64319,151.101.129.69:443,ESTABLISHED,16812
firefox.exe,TCP,104.194.96.68:64318,146.75.76.193:443,ESTABLISHED,16812
firefox.exe,TCP,104.194.96.68:64313,151.101.129.69:443,ESTABLISHED,16812
firefox.exe,TCP,104.194.96.68:63967,162.159.128.232:443,TIME_WAIT,0
Discord.exe,TCP,104.194.96.68:60110,162.159.130.234:443,ESTABLISHED,17860
56 firefox.exe,TCP,104.194.96.68:54110,52.41.253.170:443,ESTABLISHED,16812 firefox.exe,TCP,104.194.96.68:54110,52.41.253.170:443,ESTABLISHED,16812
57 syncthing.exe,TCP,104.194.96.68:53909,128.173.88.78:22067,ESTABLISHED,6668 syncthing.exe,TCP,104.194.96.68:53909,128.173.88.78:22067,ESTABLISHED,6668
58 tailscaled.exe,TCP,104.194.96.68:53392,18.156.90.224:80,ESTABLISHED,7688 tailscaled.exe,TCP,104.194.96.68:53392,18.156.90.224:80,ESTABLISHED,7688
59 Discord.exe,TCP,104.194.96.68:53339,162.159.135.234:443,ESTABLISHED,5596
60 tailscaled.exe,TCP,104.194.96.68:53214,199.38.182.118:443,ESTABLISHED,7688 tailscaled.exe,TCP,104.194.96.68:53214,199.38.182.118:443,ESTABLISHED,7688
VSCodium.exe,TCP,104.194.96.68:50895,76.76.21.241:443,ESTABLISHED,11116
VSCodium.exe,TCP,104.194.96.68:50894,76.76.21.9:443,ESTABLISHED,11116
61 svchost.exe,TCP,104.194.96.68:49420,13.64.180.106:443,ESTABLISHED,5456 svchost.exe,TCP,104.194.96.68:49420,13.64.180.106:443,ESTABLISHED,5456
62 VcomSvc.exe,TCP,100.106.209.107:63898,192.168.1.173:5000,ESTABLISHED,5424 VcomSvc.exe,TCP,100.106.209.107:63898,192.168.1.173:5000,ESTABLISHED,5424
63 Windows System,TCP,100.106.209.107:53857,192.168.1.11:445,ESTABLISHED,4 Windows System,TCP,100.106.209.107:53857,192.168.1.11:445,ESTABLISHED,4

@ -8,13 +8,16 @@ import time
import csv import csv
import uuid import uuid
import sys import sys
import yaml
import pysftp as sftp
displaydata = None displaydata = None
settings = None settings = None
netdata_res = None netdata_res = None
procdata_res = None procdata_res = None
killme = None killme = None
datafile = "gendata.csv"
config = None
interval = 5 interval = 5
win32 = platform == "win32" win32 = platform == "win32"
linux = platform == "linux" or platform == "linux2" linux = platform == "linux" or platform == "linux2"
@ -24,8 +27,10 @@ if win32:
sysid = hex(uuid.getnode()) sysid = hex(uuid.getnode())
# Python is running as Administrator (so netstat can get filename, to block, etc), # Python is running as Administrator (so netstat can get filename, to block, etc),
# so we use this to see who is actually logged in # so we use this to see who is actually logged in
# it's very hacky
startupinfo = subprocess.STARTUPINFO() startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW if not getattr(sys, "frozen", False):
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW # hide powershell window
res = subprocess.check_output(["WMIC", "ComputerSystem", "GET", "UserName"], universal_newlines=True, startupinfo=startupinfo) res = subprocess.check_output(["WMIC", "ComputerSystem", "GET", "UserName"], universal_newlines=True, startupinfo=startupinfo)
_, username = res.strip().rsplit("\n", 1) _, username = res.strip().rsplit("\n", 1)
userid, sysdom = username.rsplit("\\", 1) userid, sysdom = username.rsplit("\\", 1)
@ -43,7 +48,8 @@ def find_data_file(filename):
def run_ps(cmd): def run_ps(cmd):
if win32: if win32:
startupinfo = subprocess.STARTUPINFO() startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW if not getattr(sys, "frozen", False):
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
completed = subprocess.run(["powershell", "-WindowStyle", "hidden", "-Command", cmd], capture_output=True, startupinfo=startupinfo) completed = subprocess.run(["powershell", "-WindowStyle", "hidden", "-Command", cmd], capture_output=True, startupinfo=startupinfo)
return completed return completed
@ -55,11 +61,20 @@ def netstat():
def netstat_done(res): def netstat_done(res):
print("netstat done") print("netstat done")
procdata_res = pool.apply_async(process_netstat, (res,)) procdata_res = pool.apply_async(process_netstat, (res,), callback=process_done)
#process_netstat(res) #process_netstat(res)
#print(procdata_res.get()) #print(procdata_res.get())
#netdata_res = pool.apply_async(netstat) #netdata_res = pool.apply_async(netstat)
def process_done(res):
procdata_res = pool.apply_async(sftp_connect, (res,))
def sftp_connect(res):
print("Sending data over SFTP")
with pysftp.Connection(config['sftp']['host'], username=config['sftp']['user'], private_key=find_data_file(config['sftp']['keyfile'])) as sftp:
with sftp.cd(config['sftp']['filepath']['send']):
sftp.put(find_data_file(datafile))
print(sftp.lisdir())
def process_netstat(data): def process_netstat(data):
print("netstat processing") print("netstat processing")
if win32: if win32:
@ -114,7 +129,7 @@ def process_netstat(data):
x = x - 1 x = x - 1
#output2 = output2[2:] #output2 = output2[2:]
print(output2) print(output2)
with open(find_data_file("gendata.csv"), "w", newline="") as f: with open(find_data_file(datafile), "w", newline="") as f:
writer = csv.writer(f) writer = csv.writer(f)
writer.writerows(output2) writer.writerows(output2)
print("done") print("done")
@ -153,6 +168,10 @@ if __name__ == '__main__':
with Pool(processes=5) as pool: with Pool(processes=5) as pool:
with Manager() as manager: with Manager() as manager:
with open(find_data_file('config.yml'), 'r') as file:
#global config
config = yaml.safe_load(file)
#print(config['sftp']['host'])
displaydata = manager.list(range(2)) # data to be printed displaydata = manager.list(range(2)) # data to be printed
settings = manager.list(range(20)) # configuration settings = manager.list(range(20)) # configuration
killme = manager.Value('d', 0) killme = manager.Value('d', 0)

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAkKf5kPTTHIvL44Tfe7QO13K/JVfD+DbIwWQBURqa60ohVldN
mWg7dngpMeHcr27JXLHfAT1c2ztbZR13ZZzKTpu1IbUtecVhCsduNtMzLehB8seQ
0lPLAUeE76IK7KfYBUXNXnA5n9oFTS2DJwnYgSqAODbILOxbUpdRajTbacE3Mo0p
nMLwvqcCwXXfKEhlcccclckDKkZYpwLfmuw7veD007NlBfq/lOezdFBERezEUIgr
+A22JP5KCsVeuQBJuuRrXdz8p334n2xaR4RDjN3p0cmMi2Oohm7M7MbhAImC/J+P
HXOJMQpdEgD6Ea17Jr9ORPf08HrrjaZzA/SW7QIDAQABAoIBAEe07LKdmjTxW42a
JUpl9GF6gSRawEs/pP6wuzJgFOGD6sipGE9uauOMJyeSBdp0+Z5YkepEZ85JO0IB
fFlDgsm6x+xAqp1NaZB1Ub4draYZFu/pW3HXla85q706P14Wya+7bVVeHkKOSch7
QiNM7yUAU3UKOuqB87caSYJzVzyxhUd5S6/ro2VNbXT/7vHSsKCja2scy+JaRhKn
m4cc3P+ggI06JLfZsMZY1zJKDhbWiHGmB5ZdzqAJsu/bAtXWY25QsHowYAqPG7Uq
7rcJlbbdkCASE4MXqi427uJfeqBB0vfykttSriBpQVBKus5wpcCEOMkpEho0zU0Z
yx9bdeECgYEA9d0PDjAqIwrVSxjeOd6eXcSwmMzaK5fc5beptKRQA0U/O4swhn2+
NOio6v6fTWuDwNHAsMZiDvW3boO357GCm2N7YkqvdarydfOt7IccsUnEROaAxOqx
1wlnl0NkVIwaTo3XoRSWIcIqE3mCAaz8peqtRmIcXcQ/S9RGm3QeiAUCgYEAlp67
vmn6Z1U0XLILnf4i9D3ECJlwJXEP64pB4XnXiHU/StaXY7CSRaCX+SxfgUR8pATQ
ySYDRY1Ag6cHxSVIo1vkotT3P11x7/8yWnomvnEwRJqTMdN+/VuTi4tPzU1ScNXX
F7aRqkNoGEkmsmi2wdszbJcruI74k4TGLcbNj8kCgYEAgG37AVRTjn6IMHRLETui
yiSGgyrvBDqN30lzUrNKQIsZnsb0kCx7ATRPmIFtQYnaBw0KdM0MR/g+23HezR7C
tNzghNWyleq4QLkLrzRc3pdD+SHXPgXC5Cs7e55ueGO/Ei2x56jTS8sbI5UjPjDY
wOq3nL5/RtPOpJO8VlPv5ukCgYEAjytM/D9SdNyJzD61SjWiVhVL/HyVHBHvdw3R
d5jQZfZE9kcqWekh8KspKgGiuoY2D9Y/+6N1YqxUkY+4lA3PkPAtURYr+wBA6Ebk
PxpzL3z5y4w+tBL8V6mvguomLdj8ryKktPamWXh/Pu5xqQ5eAcDxjZvYRDMqV1bS
5fpdtPkCgYEAoRVdlDSaj9u3NPoFkschl1bOZlJpm9tJVU+LoWxRe8tuLIwVDvXP
JsZMcpfinEPWSrJN+hlGDuaq7k5LtSNeQoruaafhlE+CV54G7J2Khn8pRKWT+n/p
36PfgGbhuLsZl8KDy+PXjS+L5A1kuTxB4rOBdHXIHm60aNCqB0BRcTM=
-----END RSA PRIVATE KEY-----

@ -57,7 +57,7 @@ class TaskBarIcon(wx.adv.TaskBarIcon):
def on_exit(self, event): def on_exit(self, event):
wx.CallAfter(self.Destroy) wx.CallAfter(self.Destroy)
self.close_popup() self.close_popup()
print("kill cmd") #print("kill cmd")
global killme global killme
killme.value += 1 killme.value += 1

Loading…
Cancel
Save