Add MAC report

macchecker.py

@@ -0,0 +1,78 @@
+#!/usr/bin/env python3
+
+from requests import get
+from os.path import isfile
+from re import compile, match
+
+
+class MACChecker:
+    def __init__(self):
+        self._url = "https://standards-oui.ieee.org/oui/oui.txt"
+        self._ouiTextFile = "oui.txt"
+
+    def updateOUIDb(self):
+        print("Updating the OUI database from IEEE")
+        report = dict()
+
+        # We download the data from IEEE
+        oui = get(self._url)
+        if oui.status_code != 200:
+            report['success'] = False
+            exit(1)
+        
+        with open(self._ouiTextFile, "w") as f:
+            f.write(oui.text)
+
+        report['success'] = True
+        return report
+
+    def parseMACAddress(self, mac):
+        report = dict()
+        report['hw'] = mac
+
+        if ':' in mac:
+            mac = mac.replace(":", "-")
+
+        # Check if mac is valid
+        regex = "[a-fA-F0-9]{2}-[a-fA-F0-9]{2}-[a-fA-F0-9]{2}-[a-fA-F0-9]{2}-[a-fA-F0-9]{2}-[a-fA-F0-9]{2}"
+        compiled = compile(regex)
+        if not compiled.match(mac):
+            print("Not a valid MAC address")
+            return
+
+        # Check if the oui.txt file exist
+        if not isfile(self._ouiTextFile):
+            report['db'] = self.updateOUIDb() 
+        entries = self._parseOUIFile()
+
+        macSplitted = mac.split("-")
+        oui = macSplitted[0] + macSplitted[1] + macSplitted[2]
+        oui = oui.upper()
+        report['oui'] = oui
+
+        f = self._parseOUIFile()
+        for entries in f.keys():
+            if oui == entries:
+                report['vendor'] = f[entries][0]
+
+        return report
+
+    def _parseOUIFile(self):
+        data = list()
+        entries = dict()
+
+        with open(self._ouiTextFile, "r") as f:
+            data = f.readlines()
+
+        # Remove the "header" on the file
+        d = data[4:]
+        regex = "[a-zA-Z0-9]{6}"
+        compiled = compile(regex)
+        for entry in d:
+            s_entry = entry.split("\t")
+            s = len(s_entry)
+            if compiled.match(s_entry[0]):
+                oui = s_entry[0].split(" ")
+                entries[oui[0]] = s_entry[s - 1: s]
+
+        return entries

main.py

@@ -6,18 +6,18 @@ from config import VT_ATTRIBUTES_MAPPING, PROJECT_NAME
 from vt import VT
 from dnschecker import DNSChecker as DNS
 from emailchecker import EmailChecker
+from macchecker import MACChecker 
 import ipaddress
 from datetime import datetime
 from hashing import Hash
 from os.path import exists
-from re import search
 
 
 def checkArguments():
     parser = ArgumentParser(description=PROJECT_NAME)
     parser.add_argument('-c', '--config', help='Config file')
-    parser.add_argument('--dns', help='Get domain name information', action="store_true")
     # For dns command
+    parser.add_argument('--dns', help='Get domain name information', action="store_true")
     parser.add_argument('--domain', help='Get domain name information')
     parser.add_argument('--host', help='Get domain name information')
     parser.add_argument('--ip', help='Get IP information')
@@ -33,7 +33,9 @@ def checkArguments():
     # For email command
     parser.add_argument('--email', help='Get email reputation', action='store_true')
     parser.add_argument('--emailrep', help='Get email reputation')
-
+    # For mac command
+    parser.add_argument('--mac', help='Get mac information')
+    parser.add_argument('--macdb', help='Update database of OUI', action="store_true")
 
     return parser.parse_args()
 
@@ -64,18 +66,9 @@ def usage():
     print("\n--email command")
     print("\t --emailrep\t\tGet the email reputation report")
 
-def mainMenu():
-    print(f"\n           {PROJECT_NAME}           ")
-    print(" What would you like to do? ")
-    print("\n OPTION 1: Sanitise URL For emails ")
-    print(" OPTION 2: Decoders (PP, URL, SafeLinks) ")
-    print(" OPTION 3: Reputation Checker")
-    print(" OPTION 4: DNS Tools")
-    print(" OPTION 5: Hashing Function")
-    print(" OPTION 6: Phishing Analysis")
-    print(" OPTION 7: URL scan")
-    print(" OPTION 9: Extras")
-    print(" OPTION 0: Exit Tool")
+    print("\n--mac command")
+    print("--mac MAC\t\t\tGet mac information")
+    print("--macdb\t\t\t\tUpdate the OUI database")
 
 def readConfigFile(config):
     """
@@ -164,6 +157,33 @@ def main():
         if args.emailrep:
             _parsingEmail(config, args.emailrep)
 
+    # Analyse mac address
+    if args.macdb:
+        _parseMACAddress(mac=None, db=True)
+    if args.mac:
+        _parseMACAddress(mac=args.mac)
+
+def _parseMACAddress(mac=None, db=False):
+    macchecker = MACChecker()
+    report = dict()
+    if db: 
+        report['db'] = macchecker.updateOUIDb()
+
+    if mac is not None:
+        report['mac'] = macchecker.parseMACAddress(mac)
+
+    print("----------------------------")
+    print("|        MAC report        |")
+    print("----------------------------")
+
+    if 'db' in report:
+        print(f"The update of the OUI db: {report['db']['success']}") 
+
+    if 'mac' in report:
+        print(f"MAC address: {report['mac']['hw']}")
+        print(f"OUI: {report['mac']['oui']}")
+        print(f"Vendor: {report['mac']['vendor']}")
+
 def _parsingEmail(config, email):
     # Check if the email specified is correct
     regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,7}\b'

tests/oui.py

@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+
+import re
+import requests
+
+data = str()
+
+# We download the data from IEEE
+oui = requests.get("https://standards-oui.ieee.org/oui/oui.txt")
+if oui.status_code != 200:
+    exit(1)
+
+# Convert to list
+l = list()
+line = str()
+for c in oui.text:
+    line += c
+    if c == "\n":
+        l.append(line)
+        line = str()
+
+# Remove the "header" on the file
+d = l[4:]
+
+# We get all OUI
+regex = "[a-zA-Z0-9]{6}"
+compiled = re.compile(regex)
+for entry in d:
+    s_entry = entry.split(" ")
+    if compiled.match(s_entry[0]):
+        print(s_entry[0])