{ "info": { "author": "cblopez", "author_email": "", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: GNU General Public License v3 (GPLv3)", "Operating System :: Unix", "Programming Language :: Python :: 3", "Topic :: Security", "Topic :: System :: Networking :: Monitoring" ], "description": "# PSCAD* \n### \\*Python Services Checker & Anomaly Detector\n##### Created by Christian Barral Lopez, May 2019 \n\n This application is the second of the four modules that build ISAT(Internal Security Audit Toolkit).\n A tool created in Python 3, executable within every Linux Operating System divided into two modules: \n The **scanner** module, which focuses on services and OS recognition, and the **sniffer** module, \n aimed to capture network packets thanks to a MITM (Man In The Middle) technique. \n \n## Installation\n\n #####**Keep in mind! You need to have nmap installed before using this application. You can find how [here](https://nmap.org/download.html).**\n\n ### Automatic installation \n For using the application, you will need Python 3.3+ and the package manager, pip. \n **Run `sudo pip install pscad`** and you should be able to execute `pscad --help` on your terminal\n without using the `python` keyword.\n \n ### Manual installation\n \n #### setup.py \n Download the application code and go to the root directory of the project. Then execute `sudo python setup.py install`.\n \n \n #### Old school \n \n There's an `install.sh` file that comes with the project, you can find it in the root directory. Move there \n and execute `sudo ./install.sh`. \n \n \n If all of these three methods fail. Please install the requirements manually\n - Nmap: Install it with your OS package manager (`sudo yum install nmap`, `sudo pacman -S nmap`, ...)\n - netifaces: Install it with pip: `pip install netifaces`\n - reportlab: Install it with pip: `pip install reportlab`\n - scapy: Install it with pip: `pip install scapy`\n - configparser: Install it with pip: `pip install configparser`\n - python-nmap: Install it with pip: `pip install python-nmap` \n ##### Keep in mind: If you install by 'Old school' you'll need to execute `python pscad.py` on the PSCAD directory to make it work.\n \n## Launch the application \nThe application is launched by the `pscad` command. Two sub-commands are avaliable to use: `scan` \nand `sniff`. \nTo display the commands and a brief description, execute `pscad -h` or `pscad --help`.\n\n### Scan \nPSCAD's scanner uses the nmap application behind the scenes, but it offers a new abstraction level to configure standard nmap scans \na bit easier and adds some new options for CSV and PDF exportation, as well as scan comparison and persistent scanning features. \nYou can execute `pscad scan --help` to display the options. \n\n**Mandatory options (choose one)** \n dddd\n \n| Option | Description | \n|--------|:---------| \n| -t | Specify targets IP addresses. See help menu for examples. | \n| -i | Specify a .txt file to read one IP per line. | \n \n**Optional arguments** \n \n| Option | Description | \n|--------|:---------|\n| -p | Specify the ports to scan. See help menu for examples. | \n| -o | Select path to export all the generated files. | \n| -n | Write a base name for the CSV file. | \n| --type | Choose scan type. See help menu for more documentation. | \n| --closed-ports | Export closed ports information to CSV file. | \n| --skip-os | Do not scan OS. | \n| --diff DIFF_FILE | Select a previously created CSV file to compare those results with the scan to be performed. | \n| --output-pdf | Create a PDF file containing the scan information. | \n \nWhen the `scan` is executed, it will scan ports from 1 to 1024 and the Operating System for the selected hosts. All \nthe optional arguments are explained on the application's `--help` menu. \n##### PDF File \nThe **PDF file** is filled with the information found under the config/ directory. The **pdf.ini** has the text that will be written\nto it and it is completely customizable. The file assets/logo.jpg is the image used to generate the PDF cover. **If you would like to change that image, override\nthe file with your own, but it has to be named \"logo.jpg\"**. \n\n##### Command examples \n- `pscad scan -t 192.168.1.0/24 -p 21,22,53 --type NO_PING_SERVICES --output-pdf -o /tmp -n example`: Scan the hole 192.168.1.0 network,\nlooking for ports 21,22 and 53 and export the CSV file to /tmp with \"example\" as base name. Use a non-ICMP scan (force scan). Then, generate\na PDF file with the results. \n- `pscad scan -i targets.txt --closed-ports -n another_example --diff /tmp/previous_scan.csv --persistent`: Scan the targets inside the \"targets.txt\" file,\nscan default ports (1-1024) and export closed ports information, with \"another_example\" as base name. Keep running until user interruption \nand for each scan, create a .log file with the differences between the one being executed and the previous_scan.csv. \n\n#### Sniff \nThe PSCAD's sniffer uses ARP Poisoning to capture data from any host on the network and analyze packets based on a previous \n scan. You can execute `pscad sniff --help` to display the options. *Warning: Using the sniffer may cause network issues due to the ARP Poisoning performed. It is the user's responsibility\nto use it properly,*\n\n**Positional arguments** \n\n| Option | Description | \n|--------|:---------|\n| interface | Name of the network interface to be used. | \n| gateway | IP address of the network's gateway. | \n\n**Mandatory options (choose one)** \n\n| Option | Description | \n|--------|:---------|\n| -t, --target | Specify the targets IP addresses. See help menu for examples. | \n| -l, --localnet | Poison the hole network. Uses GARP (read below). | \n| -r, --randomize | Specify a number of random objectives to poison. The sniffer will poison the first N targets that respond to ARP. | \n \n**Optional arguments** \n \n| Option | Description | \n|--------|:---------|\n| -o | Select path to export all the generated files. | \n| -n | Write a base name for the .pcap file. | \n| -i | Select a CSV file generated by the scan and use it to generate a network profile for packet analyzing. | \n| -f, --filter | Apply a BPF filter. | \n| --timeout | Select a number of seconds to sniff. | \n| --packet-count | Set a packet limit to capture. | \n| --type | Select the type of G-ARP to use on --localnet sniffing. | \n| -v, --verbose | Level of verbosity. From 0 to 3. | \n\n##### G-ARP (Gratuitous ARP): One packet, hole network. \nAs said in the `sniff` mandatory options, the `l, --localnet` poison uses a packet called G-ARP. This type of packet is used\nto force ARP tables to update, but it may cause the network hosts to disconnect from the internet for a short time. See [RFC 5227](https://tools.ietf.org/html/rfc5227) \nfor more information. The `--type` option is used to select which type of ARP packets are going to be used. Normally, GARP should be \"who-is\" type, but\ndue to wrong OS implementations, some hosts may respond to \"is-at\" instead.\n\n##### Command examples \n- `pscad sniff -t 192.168.1.2-192.168.1.5 -o /tmp -n example --packet-count 4000 eth0 192.168.1.1`: Poison targets from 192.168.1.2 to \n192.168.1.5, export the .pcap file to /tmp with 'example' as base name. After counting 4000 packets, stop. Use the eth0 interface\nand know that 192.168.1.1 is the gateway.\n- `pscad sniff -l --type 3 -i /tmp/previous_scan.csv -f tcp --timeout 300 wlan0 10.10.10.1`: Poison the hole network and use both \"who-is\" and \"is-at\" ARP packets. Use \nthe previous_scan.csv file to analyze captured packets and export that information to a .log file. Only capture packets for 5 minutes and\njust those which have the TCP protocol.\n\n## Troubleshooting \n- **The application says that a directory X is not valid**: Make sure, if your are\n accessing a directory from the current execution path, that the directory starts with \"./\", like \"./X\".\n- **The scanner does not show any result in the outputted CSV**: The scanner only\nwrites in the CSV file when the host responded but had no opened ports or there\nwere some opened ports. If the target could not be scanned, that target will not\nappear in the output CSV file.\n- **The scanner does not show opened top ports, but they really are**: The scanner does not\nscan top ports by default, but well-known ports (1-1024). Use the `-p` parameter to specify\nanother port range. \n- **Using the** `--output-pdf` **option takes too long**: If it's taking too long,\nmake sure you do not use the `--closed-ports` parameter, it may cause serious delays\nwhen passing that information to the PDF file.\n- **The sniffer does not capture the specified hosts' packets**: Make sure the network\nuses dynamic ARP and an ARP Proxy is not configured. \n- **The .log file generated by the** `-i` **parameter from the sniffer shows weird characters\nwhen reading it from the terminal**: Expand your terminal to full screen and that will fix it.", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/cblopez/pscad", "keywords": "", "license": "GPLv3", "maintainer": "", "maintainer_email": "", "name": "PSCAD", "package_url": "https://pypi.org/project/PSCAD/", "platform": "", "project_url": "https://pypi.org/project/PSCAD/", "project_urls": { "Homepage": "https://github.com/cblopez/pscad" }, "release_url": "https://pypi.org/project/PSCAD/1.1.3/", "requires_dist": null, "requires_python": "", "summary": "A network toolkit that can be used to scan, sniff and discover hosts.", "version": "1.1.3" }, "last_serial": 5765366, "releases": { "1.1.1": [ { "comment_text": "", "digests": { "md5": "08cdfa7e0c182b1d2bf55760388fb305", "sha256": "1182af0a9e602d711064291a1ed2780535434a49d0c70e5ec7293eacd9130b15" }, "downloads": -1, "filename": "PSCAD-1.1.1.tar.gz", "has_sig": false, "md5_digest": "08cdfa7e0c182b1d2bf55760388fb305", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 42000, "upload_time": "2019-08-31T20:36:23", "url": "https://files.pythonhosted.org/packages/af/c6/79e1768c4d55d6631dcfa3d9ef2f0eafee8eaf3afa4ec58facce22041674/PSCAD-1.1.1.tar.gz" } ], "1.1.2": [ { "comment_text": "", "digests": { "md5": "49e0d2ec3aee6a03691b809aabc8c7ca", "sha256": "071077b2964e6e71a0dec5d9bf374a090148bd63508f6b483d72517d2c3b8ea6" }, "downloads": -1, "filename": "PSCAD-1.1.2.tar.gz", "has_sig": false, "md5_digest": "49e0d2ec3aee6a03691b809aabc8c7ca", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 42014, "upload_time": "2019-08-31T21:12:10", "url": "https://files.pythonhosted.org/packages/c5/8f/79eb2ff9624fb1006c2ff8b0ffc5e38867f0bbb6cc9261c13ebd60b328a9/PSCAD-1.1.2.tar.gz" } ], "1.1.3": [ { "comment_text": "", "digests": { "md5": "b65b1c954fca9f9c774d3c33e5fe7b2e", "sha256": "a8ac2191f4b41f4f6b550fb57cae58370df9ecae7ca489f03866217a7f937782" }, "downloads": -1, "filename": "PSCAD-1.1.3.tar.gz", "has_sig": false, "md5_digest": "b65b1c954fca9f9c774d3c33e5fe7b2e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 41927, "upload_time": "2019-08-31T21:18:49", "url": "https://files.pythonhosted.org/packages/7e/70/6226111072f7043ee7abf73db87d9715780ffb37394c131a13f2ab40c948/PSCAD-1.1.3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "b65b1c954fca9f9c774d3c33e5fe7b2e", "sha256": "a8ac2191f4b41f4f6b550fb57cae58370df9ecae7ca489f03866217a7f937782" }, "downloads": -1, "filename": "PSCAD-1.1.3.tar.gz", "has_sig": false, "md5_digest": "b65b1c954fca9f9c774d3c33e5fe7b2e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 41927, "upload_time": "2019-08-31T21:18:49", "url": "https://files.pythonhosted.org/packages/7e/70/6226111072f7043ee7abf73db87d9715780ffb37394c131a13f2ab40c948/PSCAD-1.1.3.tar.gz" } ] }