From 9ce0c50dcadf373b2292d88659805bc22297d8eb Mon Sep 17 00:00:00 2001
From: Laurent Ghigonis <laurent@p1sec.com>
Date: Mon, 22 Jul 2013 18:49:43 +0200
Subject: autoscan: works :)

---
 autoscan/autoscan.py | 50 ++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 36 insertions(+), 14 deletions(-)

diff --git a/autoscan/autoscan.py b/autoscan/autoscan.py
index 64e8759..182b8ba 100755
--- a/autoscan/autoscan.py
+++ b/autoscan/autoscan.py
@@ -1,10 +1,9 @@
 #!/bin/env python
 
 # autoscan - automatic fingerprint of visited networks
-# XXX IN PROGRESS 20130721 laurent
 # 2013, Laurent Ghigonis <laurent@gouloum.fr>
 
-# Usage: autoscan.py [interfaces]
+# Usage: autoscan.py [-d] [interfaces]
 # by default, monitor all network interfaces
 # Should work on all Linux versions
 
@@ -93,12 +92,19 @@ class Autoscan_iface(object):
                 self._do_tests_run(self._test_resolv_traceroute)
                 self._do_tests_run(self._test_explor_traceroute)
                 self._do_tests_run(self._test_explor_scan)
-                # XXX rename dir to YYYYMMDD_hhmmss_interface_[pubip/localip]
+		if self.found_pubip:
+			suffix = self.found_pubip
+		else:
+			suffix = self.found_ip4
+		newpath = self._storepath_get() + "_" + suffix
+		if self.verbose >= 1:
+			print "[*] %s" % newpath
+		os.rename(self._storepath_get(), newpath)
 
         def _do_tests_run(self, func):
                 try:
                         if self.verbose >= 1:
-                                print "[-] %s" % func
+                                print "[-] %s" % func.__name__
                         func()
                 except Exception, e:
                         print("test %s failed: %s" % (func, e))
@@ -108,7 +114,7 @@ class Autoscan_iface(object):
                 if os.fork() != 0:
                         return
                 # child
-                os.system("$(tcpdump -ni %s -w %s 2>/dev/null & sleep 10; kill %%1) &" % (
+                os.system("$(tcpdump -ni %s -w %s 2>/dev/null & sleep 15; kill %%1) &" % (
                         self.iface, self._storepath_get("pcap/tcpdump.pcap")))
                 sys.exit(0)
 
@@ -160,9 +166,9 @@ class Autoscan_iface(object):
 
         def _test_pubip_get(self):
                 out, err, code = self._exec(
-                        ['curl', 'ifconfig.me'])
+                        ['curl', '--retry', '3', 'ifconfig.me'])
                 self._store("pubip_get/ip", out)
-                self.found_pubip = out
+                self.found_pubip = out.strip()
 
         def _test_pubip_ping(self):
                 out, err, code = self._exec(
@@ -193,7 +199,10 @@ class Autoscan_iface(object):
         def _test_explor_scan(self):
                 target = re.sub('\.[0-9]+$', '', self.found_ip4) + "/24" # XXX v6
                 out, err, code = self._exec(
-                        ['nmap', '-oA', os.path.dirname(self._storepath_get("explor_scan/localnet")), '-p', '21,22,23,445,80,443,8080,8081,8082,8083', target])
+                        ['nmap', '-oA', self._storepath_get("explor_scan/localnet"), '-p', '21,22,23,445,80,443,8080,8081,8082,8083', target])
+                self._store("explor_scan/out", out)
+		if len(err) > 0:
+			self._store("explor_scan/err", err)
 
         def _exec(self, cmd):
                 p = subprocess.Popen(cmd,
@@ -210,9 +219,10 @@ class Autoscan_iface(object):
                 f.close()
                 os.chown(name, self.perm_uid, self.perm_gid)
 
-        def _storepath_get(self, suffix=""):
-                path = "%s/%s_%s/%s" % (self.logpath, self.date, self.iface,
-                                        suffix)
+        def _storepath_get(self, suffix=None):
+                path = "%s/%s_%s" % (self.logpath, self.date, self.iface)
+		if suffix:
+			path += "/" + suffix
                 d = os.path.dirname(path)
                 if not os.path.isdir(d):
                         os.makedirs(d)
@@ -227,18 +237,30 @@ if not os.geteuid() == 0:
 parser = argparse.ArgumentParser()
 parser.add_argument("interfaces", nargs='+',
                         help="Interface(s) to use")
+parser.add_argument("-m", "--monitor", action="store_true",
+                        help="Mode monitor: Stay in the background and automaticaly run when interface turns up")
+parser.add_argument("-r", "--runnow", action="store_true",
+                        help="Mode runnow (default): Run tests/scans now and exit")
 parser.add_argument("-f", "--foreground", action="store_true",
-                        help="Run in foreground, do not daemonize")
+                        help="Run in foreground for monitor mode, do not daemonize")
 parser.add_argument("-o", "--outdir", action="store", default=".",
                         help="Use DIR as output directory")
 parser.add_argument("-p", "--pubip", action="store", default="8.8.8.8",
                         help="Use target IP for public IP tests")
-parser.add_argument("-r", "--runnow", action="store_true",
-                        help="Run tests/scans now and exit")
 parser.add_argument("-v", "--verbose", action="store_true",
                         help="Increase output verbosity, default=0, max=2")
 args = parser.parse_args()
 
+if args.runnow and args.monitor:
+	print "Cannot specify both monitor and runnow modes !"
+	sys.exit(1)
+if args.runnow and args.foreground:
+	print "Cannot specify foreground with runnow, it's implicit !"
+	sys.exit(1)
+if not args.runnow and not args.monitor:
+	args.runnow = True
+	args.foreground = True
+
 for iface in args.interfaces:
         if os.fork() == 0:
                 autoscan = Autoscan_iface(iface, args.outdir, args.pubip,
-- 
cgit v1.2.3-59-g8ed1b