BasicPentestingtools/Firewall.py at main · AyaanJahanzebAhmed/BasicPentestingtools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import optparse
from scapy.all import *
import os

a = {0}


def validIPAddress(IP):
    def isIPv4(s):
        try:
            return str(int(s)) == s and 0 <= int(s) <= 255
        except:
            return False

    if IP.count(".") == 3 and all(isIPv4(i) for i in IP.split(".")):
        return True
    return False


def unblock(ipaddr):  # TO UNBLOCK ONE IP ADDRESS
    os.popen("iptables -D INPUT -s {} -j DROP".format(ipaddr))
    print("{} has been unblocked \n".format(ipaddr))


def block(ipaddr):  # TO BLOCK ONE IP ADDRESS
    os.popen("iptables -A INPUT -s {} -j DROP".format(ipaddr))
    print("{} has been blocked \n".format(ipaddr))


def packet(pkt):  # CALLED FROM FUNCTION blockall()
    if IP in pkt:
        source = pkt[IP].src
        if source not in a:
            a.add(source)
            if source != "10.0.2.5":
                block(source)


def blockall():  # TO BLOCK IPS AS LONG AS THE PROGRAM IS RUNNING
    while True:
        sniff(count=10, prn=packet)  # SNIFFS PACKETS RECIEVED


def unblockall():  # TO UNBLOCK ALL IPS
    os.popen("iptables -F INPUT")
    print("All IP addresses have been unblocked \n")


def showblockedips():  # DISPLAYS DETAILS OFF ALL THE BLOCKED IPS
    os.system("iptables -L INPUT -v -n ")


def option():  # FUNCTION TO GET THE INPUT FROM TH USER
    parser = optparse.OptionParser()
    parser.add_option("-i", "--block", dest="ip",help="Enter ip address to be blocked, enter 'all' to block  packets from all ips while the program is running  ")
    parser.add_option("-u", "--unblock", dest="ubip",help="Enter ip address to be unblocked,enter 'all'  to unblock packets from blocked ip addresses")
    parser.add_option("-s", "--showblocked", action="store_true", dest="show",help="To show the details of all blocked IP addresses and the number of packets blocked with respect to the IP address ")
    (options, arguments,) = parser.parse_args()
    parser = optparse.OptionParser()
    if options.show:  # ONLY ONE OPTION CAN BE AN INPUT
        if options.ubip:
            parser.error("Enter the correct input \n refer -help for manual ")
    if options.show:
        if options.ip:
            parser.error("Enter the correct input \n refer -help for manual ")
    if options.ip:
        if options.ubip:
            parser.error("Enter the correct input \n refer -help for manual ")
    if options.show:  # IF THE INPUT IS -s  OR --showblocked
        showblockedips()
        exit()
    elif options.ip:  # IF THE INPUT IS -i or block
        if options.ip == "all":         #IF INPUT IS -i OR--block is  all
            blockall()
        else:
            if validIPAddress(options.ip) == False:            #IF INVALID ADDRESS IN PUT AFTER -i or --block
                parser.error("Enter the correct input \n refer -help for manual  ")
            else:
                block(options.ip)
                exit()
    elif options.ubip:    # IF INPUT IS -u or --unblock
        if options.ubip == "all":   #IF INPUT IS -u after all
            unblockall()
        else:
            if validIPAddress(options.ubip) == False:   # IF INVALID IPADDRESS PUT IN AFTER  -u or --unblock
                parser.error("Enter the correct input \n refer -help for manual  ")
            else:
                unblock(options.ubip)
                exit()
    else:
        parser.error("Enter the correct input \n refer -help for manual  ")

option()