Merge pull request BinaryDefense#93 from corelan/master

stability improvements + allow empty smtp username
CybernetiX-S3C · Jan 10, 2020 · 487c2b3 · 487c2b3
2 parents d1a3808 + d2a02d1
commit 487c2b3
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 21 deletions.
diff --git a/src/core.py b/src/core.py
@@ -434,11 +434,15 @@ def update():
 
 
 def addressInNetwork(ip, net):
-   ipaddr = int(''.join([ '%02x' % int(x) for x in ip.split('.') ]), 16)
-   netstr, bits = net.split('/')
-   netaddr = int(''.join([ '%02x' % int(x) for x in netstr.split('.') ]), 16)
-   mask = (0xffffffff << (32 - int(bits))) & 0xffffffff
-   return (ipaddr & mask) == (netaddr & mask)
+   try:
+       ipaddr = int(''.join([ '%02x' % int(x) for x in ip.split('.') ]), 16)
+       netstr, bits = net.split('/')
+       netaddr = int(''.join([ '%02x' % int(x) for x in netstr.split('.') ]), 16)
+       mask = (0xffffffff << (32 - int(bits))) & 0xffffffff
+       return (ipaddr & mask) == (netaddr & mask)
+   except:
+       return False
+
 
 def is_whitelisted_ip(ip):
     # grab ips
@@ -665,7 +669,7 @@ def create_iptables_subset():
         for ip in bannedips:
            if not ip.startswith("#") and not ip.replace(" ","") == "":
               ip = ip.strip()
-              if ip != "":
+              if ip != "" and not ":" in ip:
                  test_ip = ip
                  if "/" in test_ip:
                      test_ip = test_ip.split("/")[0]
@@ -996,20 +1000,21 @@ def mail(to, subject, text):
         msg.attach(MIMEText(text))
         # prep the smtp server
         mailServer = smtplib.SMTP("%s" % (smtp_address), smtp_port)
-        if user == '':
-            write_console("[!] Email username is blank. please provide address in config file")
-        else:
-            # send ehlo
-            mailServer.ehlo()
+        #if user == '':
+        #    write_console("[!] Email username is blank. please provide address in config file")
+
+        # send ehlo
+        mailServer.ehlo()
+        if not user == "": 
             # tls support?
             mailServer.starttls()
             # some servers require ehlo again
             mailServer.ehlo()
             mailServer.login(user, pwd)
             # send the mail
-            write_log("Sending email to %s: %s" % (to, subject))
-            mailServer.sendmail(smtp_from, to, msg.as_string())
-            mailServer.close()
+        write_log("Sending email to %s: %s" % (to, subject))
+        mailServer.sendmail(smtp_from, to, msg.as_string())
+        mailServer.close()
 
     except Exception as err:
         write_log("Error, Artillery was unable to log into the mail server %s:%d" % (
@@ -1019,6 +1024,7 @@ def mail(to, subject, text):
         write_log(" %s" % emsg,2)
         write_console("[!] Artillery was unable to send email via %s:%d" % (smtp_address, smtp_port))
         write_console("[!] Error: %s" % emsg)
+        pass
 
 # kill running instances of artillery
 
@@ -1103,9 +1109,9 @@ def format_ips(url):
             if err == '404':
                 # Error 404, page not found!
                 write_log(
-                    "HTTPError: Error 404, URL {} not found.".format(urls))
+                    "HTTPError: Error 404, URL '%s' not found." % str(urls))
             else:
-                write_log("Received URL Error trying to download feed from '%s', Reason: %s" (urls, format(err)),1)
+                write_log("Received URL Error trying to download feed from '%s', Reason: %s" (urls, str(err)),1)
                 continue 
 
     try:

diff --git a/src/email_handler.py b/src/email_handler.py
@@ -11,6 +11,8 @@
 except ImportError: import _thread as thread
 from src.core import *
 
+from . import globals
+
 # check how long to send the email
 mail_time = read_config("EMAIL_FREQUENCY")
 
@@ -20,18 +22,24 @@
 def check_alert():
     # loop forever
     while 1:
+        mail_log_file = ""
+        mail_old_log_file = ""
+        if is_posix():
+            mail_log_file = "%s/src/program_junk/email_alerts.log" % globals.g_apppath
+            mail_old_log_file = "%s/src/program_junk/email_alerts.old" % globals.g_apppath
+        if is_windows():
+            mail_log_file = "%s\\src\\program_junk\\email_alerts.log" % globals.g_apppath
+            mail_old_log_file = "%s\\src\\program_junk\\email_alerts.old" % globals.g_apppath
         # if the file is there, read it in then trigger email
-        if os.path.isfile("/var/artillery/src/program_junk/email_alerts.log"):
+        if os.path.isfile(mail_log_file):
             # read open the file to be sent
-            fileopen = file(
-                "/var/artillery/src/program_junk/email_alerts.log", "r")
+            fileopen = open(mail_log_file, "r")
             data = fileopen.read()
             if is_config_enabled("EMAIL_ALERTS"):
                 send_mail("[!] " + socket.gethostname() + " | Artillery has new notifications for you. [!]",
                           data)
                 # save this for later just in case we need it
-                shutil.move("/var/artillery/src/program_junk/email_alerts.log",
-                            "/var/artillery/src/program_junk/email_alerts.old")
+                shutil.move(mail_log_file, mail_old_log_file)
         time.sleep(int(mail_time))
 
 # start a threat for checking email frequency