def analyze(self, dict): evil = dict url = Url( re.search("URL: (?P<url>\S+),", dict['description']).group('url')) evil['id'] = md5.new( re.search(r"id=(?P<id>[a-f0-9]+)", dict['guid']).group('id')).hexdigest() try: date_string = re.search(r"\((?P<date>[0-9\-]+)\)", dict['title']).group('date') evil['date_added'] = datetime.datetime.strptime( date_string, "%Y-%m-%d") except AttributeError: pass try: evil['status'] = re.search(r"status: (?P<status>[^,]+)", dict['description']).group('status') except Exception: pass url.add_evil(evil) url.seen(first=evil['date_added']) self.commit_to_db(url)
def analyze(self, line): if line[0] == 'Number': return # split the entry into elements Number, Status, CC, Host, Port, Protocol, ASN, Last_Updated, First_Seen, Last_Seen, First_Active, Last_Active, SBL, Abuse_Contact, Details = line url = Url(url="{}://{}:{}".format(Protocol, Host, Port)) url['tags'] = ['asprox'] evil = {} evil['status'] = Status evil['cc'] = CC evil['status'] = Status evil['date_added'] = datetime.datetime.strptime(First_Seen, "%Y-%m-%d %H:%M:%S") evil['last_seen'] = datetime.datetime.strptime(Last_Seen, "%Y-%m-%d %H:%M:%S") if Last_Seen else datetime.datetime.utcnow() evil['sbl'] = SBL evil['abuse_contact'] = Abuse_Contact evil['description'] = Details if Details else "N/A" evil['id'] = md5.new(First_Seen+Host).hexdigest() evil['source'] = self.name url.seen(first=evil['date_added'], last=evil['last_seen']) url.add_evil(evil) self.commit_to_db(url)
def analyze(self, line): if line[0] == 'Number': return Number,Status,CC,Host,Port,Protocol, ASN, Last_Updated, First_Seen, Last_Seen, First_Active, Last_Active, SBL, Abuse_Contact, Details = line # split the entry into elements url = Url(url="{}://{}:{}".format(Protocol, Host, Port)) url['tags'] = ['asprox'] evil = {} evil['status'] = Status evil['cc'] = CC evil['status'] = Status print First_Seen evil['date_added'] = datetime.datetime.strptime(First_Seen, "%Y-%m-%d %H:%M:%S") print Last_Seen evil['last_seen'] = datetime.datetime.strptime(Last_Seen, "%Y-%m-%d %H:%M:%S") if Last_Seen else datetime.datetime.utcnow() evil['sbl'] = SBL evil['abuse_contact'] = Abuse_Contact evil['description'] = Details if Details else "N/A" evil['id'] = md5.new(First_Seen+Host).hexdigest() evil['source'] = self.name url.seen(first=evil['date_added'], last=evil['last_seen']) url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): evil = dict evil['date_added'] = datetime.datetime.strptime(dict['first_seen'], "%d-%m-%Y") # url evil['url'] = dict['url'] evil['id'] = md5.new(evil['url'] + dict['first_seen']).hexdigest() evil['description'] = self.description evil['source'] = self.name url = Url(url=evil['url'], tags=[dict['malware']]) url.seen(first=evil['date_added']) url.add_evil(evil) self.commit_to_db(url) # ip evil['url'] = dict['ip'] evil['id'] = md5.new(evil['url'] + dict['first_seen']).hexdigest() ip = Ip(ip=dict['ip'], tags=[dict['malware']]) ip.seen(first=evil['date_added']) ip.add_evil(evil) self.commit_to_db(ip)
def analyze(self, dict): # Create the new URL and store it in the DB evil = dict url = Url(url=re.search("Host: (?P<url>[^,]+),", dict['description']).group('url')) evil['id'] = md5.new(dict['guid']).hexdigest() url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): evil = dict evil['url'] = dict['url'] evil['id'] = md5.new(evil['url'] + 'HostsFileEXP').hexdigest() evil['description'] = self.description evil['source'] = self.name url = Url(url=evil['url']) url.seen() url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): g = re.match(r'^URL: (?P<url>.+), IP Address: (?P<ip>[\d.]+), Country: (?P<country>[A-Z]{2}), ASN: (?P<asn>\d+), MD5: (?P<md5>[a-f0-9]+)$', dict['description']) evil = g.groupdict() evil['description'] = "N/A" evil['link'] = dict['link'] evil['id'] = md5.new(dict['description']).hexdigest() evil['source'] = self.name url = Url(url=evil['url']) url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): evil = dict evil['url'] = dict['url'] evil['id'] = md5.new('fumik0' + evil['url']).hexdigest() evil['description'] = 'Mark by tracker.fumik0.com' evil['source'] = self.name url = Url(url=evil['url']) url.seen() url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): g = re.match( r'^URL: (?P<url>.+), IP Address: (?P<ip>[\d.]+), Country: (?P<country>[A-Z]{2}), ASN: (?P<asn>\d+), MD5: (?P<md5>[a-f0-9]+)$', dict['description']) evil = g.groupdict() evil['description'] = "N/A" evil['link'] = dict['link'] evil['id'] = md5.new(dict['description']).hexdigest() evil['source'] = self.name url = Url(url=evil['url']) url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): g = re.match(r'^URL: (?P<url>.+), IP Address: (?P<ip>[\d.]+), Country: (?P<country>[A-Z]{2}), ASN: (?P<asn>\d+), MD5: (?P<md5>[a-f0-9]+)$', dict['description']) if g: evil = g.groupdict() evil['description'] = "N/A" evil['link'] = dict['link'] try: d=dict['description'].encode('UTF-8') evil['id'] = md5.new(d).hexdigest() evil['source'] = self.name url = Url(url=evil['url']) url.add_evil(evil) self.commit_to_db(url) except UnicodeError: sys.stderr.write('error Unicode : %s' % dict['description'])
def analyze(self, dict): try: url = toolbox.find_urls(dict["title"])[0] except Exception: return # if no URL is found, bail url = Url(url=url, tags=[dict["description"].lower()]) evil = {} evil["description"] = "%s CC" % (dict["description"].lower()) evil["date_added"] = datetime.datetime.strptime(dict["pubDate"], "%d-%m-%Y") evil["id"] = md5.new(dict["title"] + dict["pubDate"] + dict["description"]).hexdigest() evil["source"] = self.name url.seen(first=evil["date_added"]) url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): evil = {} evil['description'] = dict['title'] try: evil['date_added'] = datetime.datetime.strptime(dict['description'], "%d/%b/%Y") except ValueError: evil['date_added'] = datetime.datetime.strptime(dict['description'], "%b/%Y") evil['source'] = self.name # nasty hack because of utf-8 encoded strings evil['id'] = md5.new(dict['title'].encode('utf-8').encode('hex') + dict['link'] + dict['description']).hexdigest() url = Url(url=dict['link'], tags=[dict['title'].lower()]) url.seen(first=evil['date_added']) url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): try: url = toolbox.find_urls(dict['title'])[0] except Exception: return # if no URL is found, bail url = Url(url=url, tags=['evil']) evil = {} dict['pubDate'] = dict['pubDate'].split('+')[0] evil['description'] = "%s CC" % (dict['description'].lower()) evil['date_added'] = datetime.datetime.strptime(dict['pubDate'], "%a, %d %b %Y %X ") evil['id'] = md5.new(dict['title']+dict['pubDate']+dict['description']).hexdigest() evil['source'] = self.name url.seen(first=evil['date_added']) url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): g = re.match( r"^URL: (?P<url>.+), IP Address: (?P<ip>[\d.]+), Country: (?P<country>[A-Z]{2}), ASN: (?P<asn>\d+), MD5: (?P<md5>[a-f0-9]+)$", dict["description"], ) if g: evil = g.groupdict() evil["description"] = "N/A" evil["link"] = dict["link"] try: d = dict["description"].encode("UTF-8") evil["id"] = md5.new(d).hexdigest() evil["source"] = self.name url = Url(url=evil["url"]) url.add_evil(evil) url.seen() self.commit_to_db(url) except UnicodeError: sys.stderr.write("error Unicode : %s" % dict["description"])
def analyze(self, dict): evil = {} evil['description'] = dict['title'] try: evil['date_added'] = datetime.datetime.strptime( dict['description'], "%d/%b/%Y") except ValueError: evil['date_added'] = datetime.datetime.strptime( dict['description'], "%b/%Y") evil['source'] = self.name # nasty hack because of utf-8 encoded strings evil['id'] = md5.new(dict['title'].encode('utf-8').encode('hex') + dict['link'] + dict['description']).hexdigest() url = Url(url=dict['link'], tags=[dict['title'].lower()]) url.seen(first=evil['date_added']) url.add_evil(evil) self.commit_to_db(url)
def analyze(self, dict): evil = dict url = Url(re.search("URL: (?P<url>\S+),", dict["description"]).group("url")) evil["id"] = md5.new(re.search(r"id=(?P<id>[a-f0-9]+)", dict["guid"]).group("id")).hexdigest() try: date_string = re.search(r"\((?P<date>[0-9\-]+)\)", dict["title"]).group("date") evil["date_added"] = datetime.datetime.strptime(date_string, "%Y-%m-%d") except AttributeError: pass try: evil["status"] = re.search(r"status: (?P<status>[^,]+)", dict["description"]).group("status") except Exception: pass url.add_evil(evil) url.seen(first=evil["date_added"]) self.commit_to_db(url)