infosecn1nja
/
Egress-Assess
mirror of https://github.com/infosecn1nja/Egress-Assess.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FTP Server is now configured to use PASV Mode. Added workaround for ICMP protocol types.

master
Pie Security 2016-08-14 14:18:20 +00:00
parent 67a0bb41e8
commit 15dfd3dd2b
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
protocols/servers/ftp_server.py
View File

@ -10,7 +10,7 @@ import sys
from pyftpdlib.authorizers import DummyAuthorizer from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.handlers import FTPHandler from pyftpdlib.handlers import FTPHandler
from pyftpdlib.servers import FTPServer from pyftpdlib.servers import FTPServer
import urllib
class Server: class Server:
@ -45,6 +45,10 @@ class Server:
# Define a customized banner (string returned when client connects) # Define a customized banner (string returned when client connects)
handler.banner = "Connecting to Egress-Assess's FTP server!" handler.banner = "Connecting to Egress-Assess's FTP server!"
#Define public address and passive ports making NAT configurations more predictable
public_ip = urllib.urlopen("http://api.ipify.org/").read()
handler.masquerade_address = public_ip
handler.passive_ports = range(60000, 60100)
try: try:
server = FTPServer(('', self.port), handler) server = FTPServer(('', self.port), handler)

12
setup/Dockerfile
View File

@ -15,6 +15,12 @@ RUN chmod +x /Egress-Assess/setup/setup-docker.sh
RUN bash -c "cd /Egress-Assess && ./setup/setup-docker.sh" RUN bash -c "cd /Egress-Assess && ./setup/setup-docker.sh"
EXPOSE 80 443 53/udp 25 21 20 445 EXPOSE 80 443 53/udp 25 21 20 445
ENTRYPOINT bash -c "cd /Egress-Assess && ./Egress-Assess.py --list-servers && ./Egress-Assess.py -h && bash" ENTRYPOINT bash -c "cd /Egress-Assess && ./Egress-Assess.py --list-servers && ./Egress-Assess.py -h && bash"
#Example Server Execution- Slight changes in port incase these are inuse #Example Client Execution
#Loots can be any local folder you want #docker run -it piesecurity/egress-assess
#docker run -it -p 25:25 -p 20:20 -p 21:21 -p 80:80 -p 445:445 -p 53:53/udp -p 444:443 -p 23:22 -v /home/ubuntu/loots:/Egress-Assess/data/ piesecurity/egress-assess #Example Server Execution- This requires all of the port mappings and location of your loots folder
#Slight changes in port incase these are already in use
#loots can be any local folder you want
#docker run -it -p 25:25 -p 20-21:20-21 -p 60000-60100:60000-60100 -p 80:80 -p 445:445 -p 53:53/udp -p 444:443 -p 23:22 -v /home/ubuntu/loots:/Egress-Assess/data/ piesecurity/egress-assess
#Special note for running the ICMP Server in Docker: Add the below iptables rule after the docker container is running
#iptables -t nat -A PREROUTING -p ICMP -i <internet_interface> -j DNAT --to-destination <dockerContainerIP>
#You can find the <dockerContainerIP> through the docker inpsect command, or just look at the rest of your iptables rules under the DOCKER chain