/**
* Execute command
*
* @param InputInterface $input Input instance
* @param OutputInterface $output Output instance
*
* @return int|null|void
*/
public function execute(InputInterface $input, OutputInterface $output)
{
$database = $input->getArgument('db');
$dumpFile = $input->getArgument('file');
if (!is_file($dumpFile) || !is_readable($dumpFile)) {
$output->writeln('<p-error>File is not readable</p-error>');
return 1;
}
$dumpFileType = PhpUtility::getMimeType($dumpFile);
$output->writeln('<h2>Restoring dump "' . $dumpFile . '" into database "' . $database . '"</h2>');
if (DatabaseConnection::databaseExists($database)) {
// Dropping
$output->writeln('<p>Dropping database</p>');
$query = 'DROP DATABASE IF EXISTS ' . DatabaseConnection::sanitizeSqlDatabase($database);
DatabaseConnection::exec($query);
}
// Creating
$output->writeln('<p>Creating database</p>');
$query = 'CREATE DATABASE ' . DatabaseConnection::sanitizeSqlDatabase($database);
DatabaseConnection::exec($query);
// Inserting
putenv('USER='******'MYSQL_PWD=' . DatabaseConnection::getDbPassword());
$commandMysql = new CommandBuilder('mysql', '--user=%s %s --one-database', array(DatabaseConnection::getDbUsername(), $database));
// Set server connection details
if ($input->getOption('host')) {
$commandMysql->addArgumentTemplate('-h %s', $input->getOption('host'));
}
if ($input->getOption('port')) {
$commandMysql->addArgumentTemplate('-P %s', $input->getOption('port'));
}
$commandFile = new CommandBuilder();
$commandFile->addArgument($dumpFile);
$commandFile->addPipeCommand($commandMysql);
switch ($dumpFileType) {
case 'application/x-bzip2':
$output->writeln('<p>Using BZIP2 decompression</p>');
$commandFile->setCommand('bzcat');
break;
case 'application/gzip':
case 'application/x-gzip':
$output->writeln('<p>Using GZIP decompression</p>');
$commandFile->setCommand('gzcat');
break;
case 'application/x-lzma':
case 'application/x-xz':
$output->writeln('<p>Using LZMA decompression</p>');
$commandFile->setCommand('xzcat');
break;
default:
$output->writeln('<p>Using plaintext (no decompression)</p>');
$commandFile->setCommand('cat');
break;
}
$output->writeln('<p>Reading dump</p>');
$commandFile->executeInteractive();
$output->writeln('<h2>Database "' . $database . '" restored</h2>');
return 0;
}
/**
* Execute command
*
* @param InputInterface $input Input instance
* @param OutputInterface $output Output instance
*
* @return int|null|void
*/
public function execute(InputInterface $input, OutputInterface $output)
{
$this->elevateProcess($input, $output);
$dockerInterface = $this->getApplication()->getConfigValue('docker', 'interface');
$output->writeln('<h2>Starting network sniffing</h2>');
$protocol = $this->getProtocol();
$command = new CommandBuilder();
switch ($protocol) {
// ############################################
// OSI LEVEL 2
// ############################################
// ##############
// ARP
// ##############
case 'arp':
$output->writeln('<p>Using protocol "arp"</p>');
$command->setCommand('tshark');
$command->addArgument('arp');
break;
// ############################################
// OSI LEVEL 3
// ############################################
// ##############
// ICMP
// ##############
// ############################################
// OSI LEVEL 3
// ############################################
// ##############
// ICMP
// ##############
case 'icmp':
$output->writeln('<p>Using protocol "icmp"</p>');
$command->setCommand('tshark');
$command->addArgument('icmp');
break;
// ############################################
// OSI LEVEL 4
// ############################################
// ##############
// TCP connections
// ##############
// ############################################
// OSI LEVEL 4
// ############################################
// ##############
// TCP connections
// ##############
case 'con':
case 'tcp':
$output->writeln('<p>Using protocol "tcp"</p>');
$command->setCommand('tshark');
$command->addArgumentRaw('-R "tcp.flags.syn==1 && tcp.flags.ack==0"');
break;
// ############################################
// OSI LEVEL 5-7
// ############################################
// ##############
// HTTP
// ##############
// ############################################
// OSI LEVEL 5-7
// ############################################
// ##############
// HTTP
// ##############
case 'http':
$output->writeln('<p>Using protocol "http"</p>');
$command->setCommand('tshark');
$command->addArgumentRaw('tcp port 80 or tcp port 443 -2 -V -R "http.request" -Tfields -e ip.dst -e http.request.method -e http.request.full_uri');
break;
// ##############
// HTTP (full)
// ##############
// ##############
// HTTP (full)
// ##############
case 'http-full':
$output->writeln('<p>Using protocol "http" (full mode)</p>');
$command->setCommand('tshark');
$command->addArgumentRaw('tcp port 80 or tcp port 443 -2 -V -R "http.request || http.response"');
break;
// ##############
// SOLR
// ##############
// ##############
// SOLR
// ##############
case 'solr':
$output->writeln('<p>Using protocol "solr"</p>');
$command->setCommand('tcpdump');
$command->addArgumentRaw('-nl -s0 -w- port 8983');
$pipeCommand = new CommandBuilder('strings', '-n -8');
$command->addPipeCommand($pipeCommand);
break;
// ##############
// ELASTICSEARCH
// ##############
// ##############
// ELASTICSEARCH
// ##############
case 'elasticsearch':
$output->writeln('<p>Using protocol "elasticsearch"</p>');
$command->setCommand('tcpdump');
$command->addArgumentRaw('-A -nn -s 0 \'tcp dst port 9200 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)\'');
break;
// ##############
// MEMCACHE
// ##############
// ##############
// MEMCACHE
// ##############
case 'memcache':
case 'memcached':
$output->writeln('<p>Using protocol "memcache"</p>');
$command->setCommand('tcpdump');
$command->addArgumentRaw('-s 65535 -A -ttt port 11211| cut -c 9- | grep -i \'^get\\|set\'');
break;
// ##############
// REDIS
// ##############
// ##############
// REDIS
// ##############
case 'redis':
$output->writeln('<p>Using protocol "redis"</p>');
$command->setCommand('tcpdump');
$command->addArgumentRaw('-s 65535 tcp port 6379');
break;
// ##############
// SMTP
// ##############
// ##############
// SMTP
// ##############
case 'smtp':
case 'mail':
$output->writeln('<p>Using protocol "smtp"</p>');
$command->setCommand('tshark');
$command->addArgumentRaw('tcp -f "port 25" -R "smtp"');
break;
// ##############
// MYSQL
// ##############
// ##############
// MYSQL
// ##############
case 'mysql':
$output->writeln('<p>Using protocol "mysql"</p>');
$command->setCommand('tshark');
$command->addArgumentRaw('tcp -d tcp.port==3306,mysql -T fields -e mysql.query "port 3306"');
break;
// ##############
// DNS
// ##############
// ##############
// DNS
// ##############
case 'dns':
$output->writeln('<p>Using protocol "dns"</p>');
$command->setCommand('tshark');
$command->addArgumentRaw('-nn -e ip.src -e dns.qry.name -E separator=" " -T fields port 53');
break;
// ##############
// HELP
// ##############
// ##############
// HELP
// ##############
default:
$output->writeln('<p-error>Protocol not supported:</p-error>');
$output->writeln('<p-error> OSI layer 7: http, solr, elasticsearch, memcache, redis, smtp, mysql, dns</p-error>');
$output->writeln('<p-error> OSI layer 4: tcp</p-error>');
$output->writeln('<p-error> OSI layer 3: icmp</p-error>');
$output->writeln('<p-error> OSI layer 2: arp</p-error>');
return 1;
break;
}
switch ($command->getCommand()) {
case 'tshark':
$output->writeln('<p>Using sniffer "tshark"</p>');
$command->addArgumentTemplate('-i %s', $dockerInterface);
break;
case 'tcpdump':
$output->writeln('<p>Using sniffer "tcpdump"</p>');
$command->addArgumentTemplate('-i %s', $dockerInterface);
break;
case 'ngrep':
$output->writeln('<p>Using sniffer "ngrep"</p>');
$command->addArgumentTemplate('-d %s', $dockerInterface);
break;
}
$this->setTerminalTitle('sniffer', $protocol, '(' . $command->getCommand() . ')');
$command->executeInteractive();
return 0;
}
