-
Notifications
You must be signed in to change notification settings - Fork 0
/
tmchecker.py
executable file
·135 lines (120 loc) · 4.66 KB
/
tmchecker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/env python3
import sys
import socket
import time
import subprocess
import base64
import jwt
import hashlib
import requests
from Crypto.PublicKey import RSA
import json
import urllib3
import getopt
from pprint import pprint
urllib3.disable_warnings()
timeout = 1 # enough for internal network
HOST_LIST = "scan.lst" # The file containing hosts, IP, or MAC addresses of the targets
PORT = "12345" # Listening port in which targets are connected with Trend Micro Officescan/Apex ONE Server
Export = "result.lst" # Scan output stored here
result_list = list()
hostList = list()
adType = "ip"
addr = ""
details = list()
detailSwitch = False
class bcolors:
HEADER = '\033[95m'
OKBLUE = '\033[94m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
def create_checksum(http_method, raw_url, headers, request_body):
string_to_hash = http_method.upper() + '|' + raw_url.lower() + '|' + headers + '|' + request_body
base64_string = base64.b64encode(hashlib.sha256(str.encode(string_to_hash)).digest()).decode('utf-8')
return base64_string
def create_jwt_token(appication_id, api_key, http_method, raw_url, headers, request_body,
iat=time.time(), algorithm='HS256', version='V1'):
checksum = create_checksum(http_method, raw_url, headers, request_body)
payload = {'appid': appication_id,
'iat': iat,
'version': version,
'checksum': checksum}
token = jwt.encode(payload, api_key, algorithm=algorithm).decode('utf-8')
return token
# Setup the call info of the TMCM server (server url, application id, api key)
use_url_base = 'https://IP:443' # Trend Micro Control Manager/Apex Central server address
use_application_id = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
use_api_key = 'xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx' # API key of Trend Micro CM/AC Server
# This is the path for ProductAgents API
productAgentAPIPath = '/WebApp/API/AgentResource/ProductAgents'
# currently Canonical-Request-Headers will always be empty
canonicalRequestHeaders = ''
#using TrendMicro ApexCentral API to check whether the machine(IP) has an apex agent installed.
def hasTMAgent(host,adType='ip'):
useQueryString = "?ip_address=" + host
if adType == 'mac':
useQueryString = "?mac_address=" + host
useRequestBody = ''
jwt_token = create_jwt_token(use_application_id, use_api_key, 'GET',
productAgentAPIPath + useQueryString,
canonicalRequestHeaders, useRequestBody, iat=time.time())
headers = {'Authorization': 'Bearer ' + jwt_token}
r = requests.get(use_url_base + productAgentAPIPath + useQueryString, headers=headers, data=useRequestBody, verify=False)
if not 'result_content' in r.json() or len(r.json()['result_content']) == 0:
return False
return r.json()['result_content']
def checkIP(addr):
try:
socket.inet_aton(addr)
except socket.error:
return False
return True
try:
opts, args = getopt.getopt(sys.argv[1:],"t:a:l:d",["type=","address=","list=","details"])
except getopt.GetoptError:
print ('TMCheck.py [--type=mac] [--address=[IP]|[MAC]]')
sys.exit(2)
for opt, arg in opts:
if opt in ('-t','--type'):
adType = arg
elif opt in ('-a','--address'):
addr = arg
elif opt in ('-l','--list'):
HOST_LIST = arg
elif opt in ('-d','--details'):
detailSwitch = True
if addr and addr != "":
if not hasTMAgent(addr,adType): # check if we can connect with the host on the specified port
print (f"{bcolors.FAIL}" + addr + " ...No Agent")
result_list.append(addr)
else:
if detailSwitch:
pprint(hasTMAgent(addr,adType))
print (f"{bcolors.OKGREEN}" + addr + " ...Agent Installed")
else:
hostList = [line.rstrip('\n') for line in open(HOST_LIST)]
hostList = dict.fromkeys(hostList)
for HOST in hostList:
HOST = HOST.strip()
if not HOST or HOST == " ":
continue
elif not checkIP(HOST) and adType == "ip":
print(f"{bcolors.WARNING} Wrong IP format in " + HOST_LIST)
continue
elif not hasTMAgent(HOST,adType): # check if we can connect with the host on the specified port
print (f"{bcolors.FAIL}" + HOST + " ...No Agent")
result_list.append(HOST)
else:
if detailSwitch:
pprint(hasTMAgent(HOST,adType))
print (f"{bcolors.OKGREEN}" + HOST + " ...Agent Installed")
if Export:
fh = open(Export,'w')
fh.writelines(["%s\n" % host for host in result_list])
fh.close()
else:
print("No addresses provided")