public SingleCommandRunner(Analyzer analyzer, Processor processor, Sniffer sniffer, string[] args)
{
_sniffer = sniffer;
_analyzer = analyzer;
_processor = processor;
_files = new List <string>();
_hashes = new HashSet <PcapAnalyzer.NetworkHash>();
_connections = new HashSet <PcapAnalyzer.NetworkConnection>();
_passwords = new HashSet <NetworkPassword>();
_extractedFiles = new HashSet <NetworkFile>();
_voipCalls = new HashSet <CommonUi.VoipCall>();
_dnsMappings = new HashSet <PcapAnalyzer.DnsNameMapping>();
_analyzer.ParsedItemDetected += OnParsedItemDetected;
_analyzer.UpdatedItemProprertyDetected += UpdatedPropertyInItemDetected;
_processor.ProcessingFinished += (s, e) => this.ExportResults();
_processor.FileProcessingStatusChanged += (s, e) => this.PrintFileStatusUpdate(s, e);
// This is done to catch Ctrl + C key press by the user.
Console.CancelKeyPress += (s, e) => { this.ExportResults(); Environment.Exit(0); };
// Parse user arguments.
CommandLine.Parser.Default.ParseArguments <SingleCommandFlags>(args).WithParsed <SingleCommandFlags>((cliFlags) => _cliFlags = cliFlags);
}
public BruteSharkCli()
{
_tcpPacketsCount = 0;
_tcpSessionsCount = 0;
_printingLock = new object();
_passwords = new HashSet <PcapAnalyzer.NetworkPassword>();
_hashes = new HashSet <NetworkHash>();
_files = new List <string>();
_processor = new PcapProcessor.Processor();
_analyzer = new PcapAnalyzer.Analyzer();
_shell = new CliShell(seperator: "Brute-Shark > ");
// TODO: create command for this.
_processor.BuildTcpSessions = true;
// Contract the events.
_processor.TcpPacketArived += (s, e) => _analyzer.Analyze(CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
_processor.TcpPacketArived += (s, e) => this.UpdateTcpPacketsCount();
_processor.TcpSessionArived += (s, e) => this.UpdateTcpSessionsCount();
_processor.TcpSessionArived += (s, e) => _analyzer.Analyze(CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
_analyzer.ParsedItemDetected += OnParsedItemDetected;
// Add commands to the Cli Shell.
_shell.AddCommand(new CliShellCommand("add-file", p => _files.Add(p), "Add file to analyze. Usage: add-file <FILE-PATH>"));
_shell.AddCommand(new CliShellCommand("start", p => StartAnalyzing(), "Start analyzing"));
_shell.AddCommand(new CliShellCommand("show-passwords", p => PrintPasswords(), "Print passwords."));
_shell.AddCommand(new CliShellCommand("show-hashes", p => PrintHashes(), "Print Hashes"));
_shell.AddCommand(new CliShellCommand("export-hashes", p => ExportHashes(p), "Export all Hashes to Hascat format input files. Usage: export-hashes <OUTPUT-DIRECTORY>"));
}
public CliShell(PcapAnalyzer.Analyzer analyzer, PcapProcessor.Processor processor, Sniffer sniffer, string seperator = ">")
{
_sniffer = sniffer;
_tcpPacketsCount = 0;
_udpPacketsCount = 0;
_udpStreamsCount = 0;
_tcpSessionsCount = 0;
liveCapture = false;
this.Seperator = seperator;
_printingLock = new object();
_files = new List <string>();
_networkDevice = null;
_processor = processor;
_analyzer = analyzer;
_analyzer.ParsedItemDetected += OnParsedItemDetected;
_processor.TcpPacketArived += (s, e) => this.UpdateTcpPacketsCount();
_processor.UdpPacketArived += (s, e) => this.UpdateUdpPacketsCount();
_processor.TcpSessionArrived += (s, e) => this.UpdateTcpSessionsCount();
_processor.UdpSessionArrived += (s, e) => this.UpdateUdpStreamsCount();
sniffer.TcpPacketArived += (s, e) => this.UpdateTcpPacketsCount();
sniffer.UdpPacketArived += (s, e) => this.UpdateUdpPacketsCount();
sniffer.TcpSessionArrived += (s, e) => this.UpdateTcpSessionsCount();
sniffer.UdpSessionArrived += (s, e) => this.UpdateUdpStreamsCount();
_hashes = new HashSet <PcapAnalyzer.NetworkHash>();
_passwords = new HashSet <PcapAnalyzer.NetworkPassword>();
_connections = new HashSet <PcapAnalyzer.NetworkConnection>();
this._commands = new List <CliShellCommand>();
AddCommand(new CliShellCommand("add-file", p => AddFile(p), "Add file to analyze. Usage: add-file <FILE-PATH>"));
AddCommand(new CliShellCommand("start", p => StartAnalyzing(), "Start analyzing"));
AddCommand(new CliShellCommand("show-passwords", p => PrintPasswords(), "Print passwords."));
AddCommand(new CliShellCommand("show-modules", p => PrintModules(), "Print modules."));
AddCommand(new CliShellCommand("show-hashes", p => PrintHashes(), "Print Hashes"));
AddCommand(new CliShellCommand("show-networkmap", p => PrintNetworkMap(), "Prints the network map as a json string. Usage: show-networkmap"));
AddCommand(new CliShellCommand("export-hashes", p => Utilities.ExportHashes(p, _hashes), "Export all Hashes to Hascat format input files. Usage: export-hashes <OUTPUT-DIRECTORY>"));
AddCommand(new CliShellCommand("capture-from-device", p => InitLiveCapture(p), "Capture live traffic from a network device, Usage: capture-from-device <device-name>"));
AddCommand(new CliShellCommand("capture-promiscious-mode", p => sniffer.PromisciousMode = true, "Capture live traffic from a network device on promiscious mode (requires superuser privileges, default is normal mode)"));
AddCommand(new CliShellCommand("set-captrue-filter", p => VerifyFilter(p), "Set a capture filter to the live traffic capture(filters must be bpf syntax filters)"));
AddCommand(new CliShellCommand("show-network-devices", p => PrintNetworkDevices(), "Show the available network devices for live capture"));
AddCommand(new CliShellCommand("export-networkmap", p => CommonUi.Exporting.ExportNetworkMap(p, _connections), "Export network map to a json file for neo4j. Usage: export-networkmap <OUTPUT-file>"));
// Add the help command
this.AddCommand(new CliShellCommand(
"help",
param => this.PrintCommandsWithDescription(),
"Print help menu"));
// Add the exit command
this.AddCommand(new CliShellCommand(
"exit",
param => this._exit = true,
"Exit CLI"));
LoadModules(_analyzer.AvailableModulesNames);
}
public CliShell(PcapAnalyzer.Analyzer analyzer, PcapProcessor.Processor processor, string seperator = ">")
{
_tcpPacketsCount = 0;
_udpPacketsCount = 0;
_udpStreamsCount = 0;
_tcpSessionsCount = 0;
this.Seperator = seperator;
_printingLock = new object();
_files = new List <string>();
_processor = processor;
_analyzer = analyzer;
_analyzer.ParsedItemDetected += OnParsedItemDetected;
_processor.TcpPacketArived += (s, e) => this.UpdateTcpPacketsCount();
_processor.UdpPacketArived += (s, e) => this.UpdateUdpPacketsCount();
_processor.TcpSessionArrived += (s, e) => this.UpdateTcpSessionsCount();
_processor.UdpSessionArrived += (s, e) => this.UpdateUdpStreamsCount();
_hashes = new HashSet <PcapAnalyzer.NetworkHash>();
_passwords = new HashSet <PcapAnalyzer.NetworkPassword>();
_connections = new HashSet <PcapAnalyzer.NetworkConnection>();
this._commands = new List <CliShellCommand>();
AddCommand(new CliShellCommand("add-file", p => AddFile(p), "Add file to analyze. Usage: add-file <FILE-PATH>"));
AddCommand(new CliShellCommand("start", p => StartAnalyzing(), "Start analyzing"));
AddCommand(new CliShellCommand("show-passwords", p => PrintPasswords(), "Print passwords."));
AddCommand(new CliShellCommand("show-modules", p => PrintModules(), "Print modules."));
AddCommand(new CliShellCommand("show-hashes", p => PrintHashes(), "Print Hashes"));
AddCommand(new CliShellCommand("show-networkmap", p => PrintNetworkMap(), "Prints the network map as a json string. Usage: show-networkmap"));
AddCommand(new CliShellCommand("export-hashes", p => Utilities.ExportHashes(p, _hashes), "Export all Hashes to Hascat format input files. Usage: export-hashes <OUTPUT-DIRECTORY>"));
AddCommand(new CliShellCommand("export-networkmap", p => CommonUi.Exporting.ExportNetworkMap(p, _connections), "Export network map to a json file for neo4j. Usage: export-networkmap <OUTPUT-file>"));
// Add the help command
this.AddCommand(new CliShellCommand(
"help",
param => this.PrintCommandsWithDescription(),
"Print help menu"));
// Add the exit command
this.AddCommand(new CliShellCommand(
"exit",
param => this._exit = true,
"Exit CLI"));
LoadModules(_analyzer.AvailableModulesNames);
}
public BruteSharkCli(string[] args)
{
_args = args;
_processor = new PcapProcessor.Processor();
_analyzer = new PcapAnalyzer.Analyzer();
// TODO: create command for this.
_processor.BuildTcpSessions = true;
_processor.BuildUdpSessions = true;
// Contract the events.
_processor.UdpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
_processor.TcpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
_processor.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
_processor.UdpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpStreamToAnalyzerUdpStream(e.UdpSession));
}
public SingleCommandRunner(Analyzer analyzer, Processor processor, string[] args)
{
_analyzer = analyzer;
_processor = processor;
_files = new List <string>();
_hashes = new HashSet <NetworkHash>();
_connections = new HashSet <PcapAnalyzer.NetworkConnection>();
_passwords = new HashSet <NetworkPassword>();
_extractedFiles = new HashSet <NetworkFile>();
_analyzer.ParsedItemDetected += OnParsedItemDetected;
_processor.ProcessingFinished += (s, e) => this.ExportResults();
_processor.FileProcessingStatusChanged += (s, e) => this.PrintFileStatusUpdate(s, e);
// Parse user arguments.
CommandLine.Parser.Default.ParseArguments <SingleCommandFlags>(args).WithParsed <SingleCommandFlags>((cliFlags) => _cliFlags = cliFlags);
}
public Cli()
{
_tcpPacketsCount = 0;
_tcpSessionsCount = 0;
_printingLock = new object();
_passwords = new HashSet <PcapAnalyzer.NetworkPassword>();
_hashes = new HashSet <NetworkHash>();
_files = new List <string>();
_processor = new PcapProcessor.Processor();
_analyzer = new PcapAnalyzer.Analyzer();
// TODO: create command for this.
_processor.BuildTcpSessions = true;
// Contract the events.
_processor.TcpPacketArived += (s, e) => _analyzer.Analyze(CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
_processor.TcpPacketArived += (s, e) => this.UpdateTcpPacketsCount();
_processor.TcpSessionArived += (s, e) => this.UpdateTcpSessionsCount();
_processor.TcpSessionArived += (s, e) => _analyzer.Analyze(CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
_analyzer.ParsedItemDetected += OnParsedItemDetected;
}