Merge pull request #1178 from mandiant/add-internet-detector

Add internet_detector scheduled task

packages/fakenet-ng.vm/fakenet-ng.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
   <metadata>
     <id>fakenet-ng.vm</id>
-    <version>3.3</version>
+    <version>3.3.0.20241124</version>
     <description>FakeNet-NG is a dynamic network analysis tool.</description>
     <authors>Mandiant</authors>
     <dependencies>

packages/fakenet-ng.vm/tools/default.ini

@@ -114,7 +114,7 @@ DefaultUDPListener:    ProxyUDPListener
 # NOTE: This setting is only honored when 'RedirectAllTraffic' is enabled.
 
 BlackListPortsTCP: 139
-BlackListPortsUDP: 67, 68, 137, 138, 443, 1900, 5355, 53
+BlackListPortsUDP: 67, 68, 137, 138, 443, 1900, 5355
 
 # Specify processes to ignore when diverting traffic. Windows example used
 # here.
@@ -275,6 +275,7 @@ Listener:    HTTPListener
 UseSSL:      No
 Webroot:     defaultFiles/
 Timeout:     10
+#ProcessBlackList: dmclient.exe, OneDrive.exe, svchost.exe, backgroundTaskHost.exe, GoogleUpdate.exe, chrome.exe
 DumpHTTPPosts: Yes
 DumpHTTPPostsFilePrefix: http
 Hidden:      False
@@ -345,5 +346,4 @@ Port:        110
 Protocol:    TCP
 Listener:    POPListener
 UseSSL:      No
-Hidden:      False
-
+Hidden:      False

packages/internet_detector.vm/internet_detector.vm.nuspec

@@ -2,13 +2,13 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>internet_detector.vm</id>
-    <version>1.0.0.20241112</version>
+    <version>1.0.0.20241209</version>
     <authors>Elliot Chernofsky and Ana Martinez Gomez</authors>
     <description>Tool that changes the background and a taskbar icon if it detects internet connectivity</description>
     <dependencies>
       <dependency id="common.vm" version="0.0.0.20241029" />
       <dependency id="libraries.python3.vm" version="0.0.0.20240726" />
-      <dependency id="fakenet-ng.vm" version="3.2.0.20240902" />
+      <dependency id="fakenet-ng.vm" version="3.3" />
     </dependencies>
   </metadata>
 </package>

packages/internet_detector.vm/tools/chocolateyinstall.ps1

@@ -23,8 +23,7 @@ Copy-Item "$imagesPath\*" ${Env:VM_COMMON_DIR} -Force
 
 VM-Install-Shortcut -toolName $toolName -category $category -executablePath "$toolDir/$toolName.exe"
 
-# TODO - Uncomment when FakeNet BlackList for DNS is fixed/addressed. https://github.com/mandiant/flare-fakenet-ng/issues/190
-# # Create scheduled task for tool to run every 2 minutes.
-# $action = New-ScheduledTaskAction -Execute $rawToolPath
-# $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 2)
-# Register-ScheduledTask -Action $action -Trigger $trigger -TaskName 'Internet Detector' -Force
+# Create scheduled task for tool to run every 2 minutes.
+$action = New-ScheduledTaskAction -Execute "$toolDir/$toolName.exe"
+$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 2)
+Register-ScheduledTask -Action $action -Trigger $trigger -TaskName 'Internet Detector' -Force

packages/internet_detector.vm/tools/internet_detector.pyw

@@ -12,13 +12,16 @@
 VERSION = "1.0.0"
 TOOL_NAME = "internet_detector"
 
-import threading
-import requests
+import win32event
 import win32api
 import win32gui
 import win32con
-import urllib3
+import winerror
 import winreg
+
+import threading
+import requests
+import urllib3
 import signal
 import ctypes
 import time
@@ -60,6 +63,16 @@ default_palette = None
 hicon_indicator_off = None
 hicon_indicator_on = None
 
+def is_already_running():
+    global mutex
+    # Try to create a mutex with a unique name.
+    mutex_name = f"{{{os.path.basename(__file__).replace('.py', '')}}}"  # Use filename as part of mutex name
+    try:
+        mutex = win32event.CreateMutex(None, False, mutex_name)  # False means don't acquire initially
+        return winerror.ERROR_ALREADY_EXISTS == win32api.GetLastError()
+    except Exception as e:
+        print(f"Mutex creation error: {e}")
+        return False  # Assume not running if error
 
 def signal_handler(sig, frame):
     global check_thread, tray_icon_thread, tray_icon
@@ -377,7 +390,12 @@ def set_wallpaper(image_path):
 
 
 def main_loop():
-    global stop_event, check_thread, tray_icon_thread, tray_icon
+    global stop_event, check_thread, tray_icon_thread, tray_icon, mutex
+
+    if is_already_running():
+        print("Another instance is already running. Exiting.")
+        return
+
     # Create and start the threads
     tray_icon_thread = threading.Thread(target=tray_icon_loop)
     check_thread = threading.Thread(target=check_internet_loop)
@@ -423,3 +441,7 @@ if __name__ == "__main__":
     print(f"Current color: {default_color}")
 
     main_loop()
+
+    # Release the mutex when the application exits
+    if mutex:
+        win32api.CloseHandle(mutex)