willem/inquisitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: willem:fb68cd03752fb15a98cc19177c2b5b23a21a089f
Branches Tags
willem:master
..
compare: willem:dec71886f70efa5c44c575ec0afe3f98a26d2763
Branches Tags
willem:master

No commits in common. "fb68cd03752fb15a98cc19177c2b5b23a21a089f" and "dec71886f70efa5c44c575ec0afe3f98a26d2763" have entirely different histories.
fb68cd0375 ... dec71886f7

3 changed files with 1 additions and 72 deletions
Show Stats Expand all files Collapse all files

3
inquisitor/Dockerfile
View File

@ -25,9 +25,6 @@ RUN python3 -m venv /opt/venv && \
COPY src/ ./src/ COPY src/ ./src/
COPY entrypoint.sh . COPY entrypoint.sh .
# Copy custom bashrc for interactive shell
COPY bashrc /root/.bashrc
# Make entrypoint script executable # Make entrypoint script executable
RUN chmod +x entrypoint.sh RUN chmod +x entrypoint.sh

67
inquisitor/bashrc
View File

@ -1,67 +0,0 @@
# Custom bashrc for Inquisitor container
get_container_info() {
local container_name=$1
local ip_var=$2
local mac_var=$3
echo "Getting network info for $container_name..."
# Get MAC and IP address from Docker network
local ip=$(docker inspect $container_name --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}')
local mac=$(docker inspect $container_name --format '{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}')
if [ -z "$ip" ] || [ -z "$mac" ]; then
echo "Error: Could not get network info for $container_name"
exit 1
fi
echo "$container_name: IP=$ip, MAC=$mac"
export $ip_var=$ip
export $mac_var=$mac
}
# Get network information from FTP containers
get_container_info "ftp-client" "TARGET_IP" "TARGET_MAC"
get_container_info "ftp-server" "GATEWAY_IP" "GATEWAY_MAC"
# Display banner
cat << 'EOF'
██╗███╗ ██╗ ██████╗ ██╗ ██╗██╗███████╗██╗████████╗ ██████╗ ██████╗
██║████╗ ██║██╔═══██╗██║ ██║██║██╔════╝██║╚══██╔══╝██╔═══██╗██╔══██╗
██║██╔██╗ ██║██║ ██║██║ ██║██║███████╗██║ ██║ ██║ ██║██████╔╝
██║██║╚██╗██║██║▄▄ ██║██║ ██║██║╚════██║██║ ██║ ██║ ██║██╔══██╗
██║██║ ╚████║╚██████╔╝╚██████╔╝██║███████║██║ ██║ ╚██████╔╝██║ ██║
╚═╝╚═╝ ╚═══╝ ╚══▀▀═╝ ╚═════╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝
ARP Spoofing & Network Analysis Tool
Version 1.0.0
========================================================================
Welcome to the Inquisitor container!
Environment Variables:
TARGET_IP: $TARGET_IP
TARGET_MAC: $TARGET_MAC
GATEWAY_IP: $GATEWAY_IP
GATEWAY_MAC: $GATEWAY_MAC
Quick Commands:
inquisitor - Start interactive ARP spoofing
sniff-ftp - Start FTP packet sniffing
restore-arp - Restore ARP tables
help - Show all available commands
EOF
# Activate virtual environment automatically
source /opt/venv/bin/activate
# Custom aliases
alias inquisitor='python3 /app/src/inquisitor.py $TARGET_IP $TARGET_MAC $GATEWAY_IP $GATEWAY_MAC'
# Custom prompt
export PS1='\[\033[1;32m\][inquisitor@\h]\[\033[0m\] \[\033[1;34m\]\w\[\033[0m\] $ '

3
inquisitor/src/inquisitor.py
View File

@ -40,12 +40,11 @@ def ftp_packet_callback(packet):
""" """
if packet.haslayer('IP') and packet.haslayer('TCP'): if packet.haslayer('IP') and packet.haslayer('TCP'):
if packet['TCP'].dport == 21 or packet['TCP'].sport == 21: if packet['TCP'].dport == 21 or packet['TCP'].sport == 21:
payload = bytes(packet['TCP'].payload).decode(errors='ignore')
print(f"the FTP payload: {payload}")
# print(f"FTP Packet: {packet.summary()}") # print(f"FTP Packet: {packet.summary()}")
if b"RETR" in bytes(packet['TCP'].payload): if b"RETR" in bytes(packet['TCP'].payload):
# Extract filename from FTP RETR command # Extract filename from FTP RETR command
payload = bytes(packet['TCP'].payload).decode(errors='ignore') payload = bytes(packet['TCP'].payload).decode(errors='ignore')
print(f"the FTP payload: {payload}")
parts = payload.split() parts = payload.split()
if "RETR" in parts: if "RETR" in parts:
idx = parts.index("RETR") idx = parts.index("RETR")