From d87d7d813e099d570568684a1a3e8f58fc678726 Mon Sep 17 00:00:00 2001
From: Fabian Martinez Portantier <fabian@portantier.com>
Date: Sun, 20 May 2018 21:08:08 -0300
Subject: [PATCH] new habu.asydns command

---
 README.md              | 19 ++++++++++
 habu/cli/cmd_asydns.py | 85 ++++++++++++++++++++++++++++++++++++++++++
 habu/cli/cmd_mhr.py    | 73 ++++++++++++++++++++++++++++++++++++
 setup.py               |  5 ++-
 4 files changed, 181 insertions(+), 1 deletion(-)
 create mode 100644 habu/cli/cmd_asydns.py
 create mode 100644 habu/cli/cmd_mhr.py

diff --git a/README.md b/README.md
index ebcfbf5..d3a9f1f 100644
--- a/README.md
+++ b/README.md
@@ -119,6 +119,25 @@ Columns: Seconds from last packet | IP | MAC | Vendor
 6   192.168.0.7     54:f2:01:db:35:58   Samsung Electronics Co.,Ltd
 ```
 
+## habu.asydns: AsyDNS protocol client
+
+This command requests DNS domain names based on public and private 
+RSA keys using the AsyDNS protocol (<https://github.com/portantier/asydns>).
+
+``` {.sourceCode .bash}
+$ habu.asydns -v
+Generating RSA key ...
+Loading RSA key ...
+{
+    "ip": "181.31.41.231",
+    "name": "07286e90fd6e7e6be61d6a7919967c7cf3bbfb23a36edbc72b6d7c53.a.asydns.org"
+}
+
+$ dig +short 07286e90fd6e7e6be61d6a7919967c7cf3bbfb23a36edbc72b6d7c53.a.asydns.org
+181.31.41.231
+```
+
+
 ## habu.contest: Check your connection capabilities
 
 This command tries to connect to various services and check if you can
diff --git a/habu/cli/cmd_asydns.py b/habu/cli/cmd_asydns.py
new file mode 100644
index 0000000..a30919d
--- /dev/null
+++ b/habu/cli/cmd_asydns.py
@@ -0,0 +1,85 @@
+import base64
+import json
+from pathlib import Path
+import logging
+import click
+import pwd
+import os
+import requests
+from Crypto import Random
+from Crypto.Hash import SHA224
+from Crypto.PublicKey import RSA
+from Crypto.Signature import PKCS1_v1_5
+
+
+@click.command()
+@click.option('-u', 'url', default='https://asydns.org', help='API URL')
+@click.option('-g', 'generate', is_flag=True, default=False, help='Force the generation of a new key pair')
+@click.option('-r', 'revoke', is_flag=True, default=False, help='Revoke the public key')
+@click.option('-v', 'verbose', is_flag=True, default=False, help='Verbose output')
+def cmd_asydns(url, generate, revoke, verbose):
+
+    if verbose:
+        logging.basicConfig(level=logging.INFO, format='%(message)s')
+
+    homedir = Path(pwd.getpwuid(os.getuid()).pw_dir)
+
+    dotdir = homedir / '.asydns'
+    dotdir.mkdir(exist_ok=True)
+
+    pub_file = dotdir / 'rsa.pub'
+    key_file = dotdir / 'rsa.key'
+
+    if generate or not key_file.is_file():
+
+        logging.info('Generating RSA key ...')
+        random_generator = Random.new().read
+        key = RSA.generate(2048, random_generator)
+        pub = key.publickey()
+
+        with key_file.open('w') as k:
+            k.write(key.exportKey('PEM').decode())
+
+        with pub_file.open('w') as p:
+            p.write(pub.exportKey('PEM').decode())
+
+
+    logging.info('Loading RSA key ...')
+    with key_file.open() as k:
+        key = RSA.importKey(k.read())
+
+    with pub_file.open() as p:
+        pub = RSA.importKey(p.read())
+
+
+    r = requests.get(url + '/api')
+
+    if r.status_code != 200:
+        logging.error('Error')
+        logging.error(r.content.decode())
+        return False
+
+    j = r.json()
+
+    challenge = base64.b64decode(j['challenge'])
+    signer = PKCS1_v1_5.new(key)
+    response = signer.sign(SHA224.new(challenge))
+    response = base64.b64encode(response).decode()
+
+    if revoke:
+        r = requests.delete(url + '/api', json={'pub': pub.exportKey('PEM').decode(), 'challenge' : j['challenge'], 'response': response})
+    else:
+        r = requests.post(url + '/api', json={'pub': pub.exportKey('PEM').decode(), 'challenge' : j['challenge'], 'response': response})
+
+    if r.status_code != 200:
+        logging.error('Error')
+        logging.error(r.content.decode())
+        return False
+
+    print(json.dumps(r.json(), indent=4))
+
+    return True
+
+if __name__ == '__main__':
+    cmd_asydns()
+
diff --git a/habu/cli/cmd_mhr.py b/habu/cli/cmd_mhr.py
new file mode 100644
index 0000000..4350a53
--- /dev/null
+++ b/habu/cli/cmd_mhr.py
@@ -0,0 +1,73 @@
+import hashlib
+import json
+import logging
+import re
+import socket
+from pathlib import Path
+from time import gmtime, strftime
+
+import click
+
+from habu.lib.loadcfg import loadcfg
+
+
+def get_cymru(this_hash):
+    """
+    Example Output::
+        {
+            'detected': '86',
+            'last_seen': '01-06-2014T22:34:57Z'
+        }
+    source: http://code.google.com/p/malwarecookbook/
+    site : http://www.team-cymru.org/Services/MHR/
+    """
+    host = 'hash.cymru.com'
+    request = '%s\r\n' % this_hash
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    try:
+        s.connect((host, 43))
+        s.send('begin\r\n'.encode())
+        s.recv(1024)
+        s.send(request.encode())
+        response = s.recv(1024)
+        s.send('end\r\n'.encode())
+        s.close()
+        if len(response) > 0:
+            resp_re = re.compile('\S+ (\d+) (\S+)')
+            match = resp_re.match(response.decode())
+            if 'NO_DATA' in match.group(2):
+                return dict(last_seen_utc=strftime("%Y-%m-%dT%H:%M:%SZ",
+                                           gmtime(int(match.group(1)))),
+                                           detected=match.group(2),
+                                           response_code=404)
+            else:
+                return dict(last_seen_utc=strftime("%Y-%m-%dT%H:%M:%SZ",
+                                           gmtime(int(match.group(1)))),
+                                           detected=match.group(2),
+                                           response_code=200)
+    except socket.error:
+        return dict(error='socket error', response_code=500)
+
+
+@click.command()
+@click.argument('input', type=click.File('rb'))
+@click.option('-o', 'output', type=click.File('w'), default='-', help='Output file (default: stdout)')
+@click.option('-v', 'verbose', is_flag=True, default=False, help='Verbose output')
+def cmd_shodan(input, output, verbose):
+
+    habucfg = loadcfg()
+
+    if verbose:
+        logging.basicConfig(level=logging.INFO, format='%(message)s')
+
+    filename = Path(input.name).name
+
+    data = input.read()
+
+    sha1 = hashlib.sha1(data).hexdigest()
+
+    output.write(json.dumps(get_cymru(sha1), indent=4, sort_keys=True))
+    output.write('\n')
+
+if __name__ == '__main__':
+    cmd_shodan()
diff --git a/setup.py b/setup.py
index 5650bb4..826a981 100644
--- a/setup.py
+++ b/setup.py
@@ -5,7 +5,7 @@
 
 setup(
     name='habu',
-    version='0.0.68',
+    version='0.0.70',
     description='Python Network Hacking Toolkit',
     long_description=readme,
     long_description_content_type='text/markdown',
@@ -18,6 +18,7 @@
         'click',
         'lxml',
         'prompt_toolkit',
+        'pycrypto',
         'pygments',
         'regex',
         'requests',
@@ -34,6 +35,7 @@
         habu.arping=habu.cli.cmd_arping:cmd_arping
         habu.arpoison=habu.cli.cmd_arpoison:cmd_arpoison
         habu.arpsniff=habu.cli.cmd_arpsniff:cmd_arpsniff
+        habu.asydns=habu.cli.cmd_asydns:cmd_asydns
         habu.b64=habu.cli.cmd_b64:cmd_b64
         habu.contest=habu.cli.cmd_contest:cmd_contest
         habu.ctfr=habu.cli.cmd_ctfr:cmd_ctfr
@@ -52,6 +54,7 @@
         habu.jshell=habu.cli.cmd_jshell:cmd_jshell
         habu.karma=habu.cli.cmd_karma:cmd_karma
         habu.land=habu.cli.cmd_land:cmd_land
+        habu.mhr=habu.cli.cmd_mhr:cmd_mhr
         habu.ping=habu.cli.cmd_ping:cmd_ping
         habu.shodan=habu.cli.cmd_shodan:cmd_shodan
         habu.snmp_crack=habu.cli.cmd_snmp_crack:cmd_snmp_crack