def files_types(mongodb): try: auth.require(role='access_normalized') except AAAException as e: return HTTPError(401, e.message) result = simple_group('file', 'content_guess', mongodb) return jsonify(result, response)
def urls(mongodb): try: auth.require(role='access_normalized') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} if 'limit' in query_keys: limit = int(request.query.limit) else: limit = 50 if 'url_regex' in query_keys: query_dict['url'] = {'$regex': request.query.url_regex} if 'hash' in query_keys: hash_length = len(request.query['hash']) if hash_length is 128: query_dict['extractions.hashes.sha512'] = request.query['hash'] elif hash_length is 40: query_dict['extractions.hashes.sha1'] = request.query['hash'] elif hash_length is 32: query_dict['extractions.hashes.md5'] = request.query['hash'] else: abort( 400, '{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. ' ) result = list(mongodb['url'].find(query_dict, fields={ '_id': False }).limit(limit)) return jsonify({'urls': result}, response)
def hpfeeds(mongodb): try: auth.require(role='access_all') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} mongo_keys = {'_id', 'id', 'channel'} #intersection common_keys = (set(query_keys) & mongo_keys) try: for item in common_keys: if item.endswith('_id'): query_dict[item] = ObjectId(request.query[item]) elif item == 'id': query_dict['_' + item] = ObjectId(request.query[item]) else: query_dict[item] = request.query[item] except InvalidId: abort(400, 'Not a valid ObjectId.') if 'limit' in query_keys: limit = int(request.query.limit) else: limit = 50 result = list(mongodb['hpfeed'].find(query_dict).sort('timestamp', -1).limit(limit)) return jsonify({'hpfeeds': result}, response)
def hpfeeds(mongodb): try: auth.require(role="access_all") except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} mongo_keys = {"_id", "id", "channel"} # intersection common_keys = set(query_keys) & mongo_keys try: for item in common_keys: if item.endswith("_id"): query_dict[item] = ObjectId(request.query[item]) elif item == "id": query_dict["_" + item] = ObjectId(request.query[item]) else: query_dict[item] = request.query[item] except InvalidId: abort(400, "Not a valid ObjectId.") if "limit" in query_keys: limit = int(request.query.limit) else: limit = 50 result = list(mongodb["hpfeed"].find(query_dict).sort("timestamp", -1).limit(limit)) return jsonify({"hpfeeds": result}, response)
def urls(mongodb): try: auth.require(role='access_normalized') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} if 'limit' in query_keys: limit = int(request.query.limit) else: limit = 50 if 'url_regex' in query_keys: query_dict['url'] = {'$regex': request.query.url_regex} if 'hash' in query_keys: hash_length = len(request.query['hash']) if hash_length is 128: query_dict['extractions.hashes.sha512'] = request.query['hash'] elif hash_length is 40: query_dict['extractions.hashes.sha1'] = request.query['hash'] elif hash_length is 32: query_dict['extractions.hashes.md5'] = request.query['hash'] else: abort(400, '{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. ') result = list(mongodb['url'].find(query_dict, fields={'_id': False}).limit(limit)) return jsonify({'urls': result}, response)
def get_files(mongodb): try: auth.require(role='access_normalized') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} if 'limit' in query_keys: limit = int(request.query.limit) else: limit = 50 if 'hash' in query_keys: hash_length = len(request.query['hash']) if hash_length is 128: query_dict['hashes.sha512'] = request.query['hash'] elif hash_length is 40: query_dict['hashes.sha1'] = request.query['hash'] elif hash_length is 32: query_dict['hashes.md5'] = request.query['hash'] else: abort(400, '{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. ') else: abort(400, 'Only supported query parameter is "hash"') p_limit = {'_id': False} if 'no_data' in query_keys: p_limit['data'] = False result = list(mongodb['file'].find(query_dict, fields=p_limit).limit(limit)) return jsonify({'files': result}, response)
def files_types(mongodb): try: auth.require(role="access_normalized") except AAAException as e: return HTTPError(401, e.message) return HTTPError(410, "This part of the API has been temporarily disabled to due to performance issues.") result = simple_group("file", "content_guess", mongodb) return jsonify(result, response)
def files_types(mongodb): try: auth.require(role='access_normalized') except AAAException as e: return HTTPError(401, e.message) return HTTPError( 410, 'This part of the API has been temporarily disabled to due to performance issues.' ) result = simple_group('file', 'content_guess', mongodb) return jsonify(result, response)
def session_protocols(mongodb): """ Returns a grouped list of all protocols intercepted. Example: {"protocols": [{"count": 680, "protocol": "http"}, {"count": 125, "protocol": "ssh}, {"count": 74, "protocol": "imap}]} """ auth.require(role='access_normalized') result = simple_group('session', 'protocol', mongodb) return jsonify(result, response)
def session_protocols(mongodb): """ Returns a grouped list of all protocols intercepted. Example: {"protocols": [{"count": 680, "protocol": "http"}, {"count": 125, "protocol": "ssh}, {"count": 74, "protocol": "imap}]} """ return HTTPError(410, 'This part of the API has been temporarily disabled to due to performance issues.') auth.require(role='access_normalized') result = simple_group('session', 'protocol', mongodb) return jsonify(result, response)
def hpfeeds(mongodb): try: auth.require(role='access_all') except AAAException as e: return HTTPError(401, e.message) tmp_result = mongodb['daily_stats'].find_one({'_id': 'total'}) del tmp_result['_id'] result = [] for key, value in tmp_result.items(): result.append({'channel': key, 'count': value}) return jsonify({'stats': result}, response)
def hpfeeds(mongodb): try: auth.require(role="access_all") except AAAException as e: return HTTPError(401, e.message) tmp_result = mongodb["daily_stats"].find_one({"_id": "total"}) del tmp_result["_id"] result = [] for key, value in tmp_result.items(): result.append({"channel": key, "count": value}) return jsonify({"stats": result}, response)
def sessions_get_by_query(mongodb): try: auth.require(role='access_normalized') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} mongo_keys = { 'id', '_id', 'protocol', 'source_ip', 'source_port', 'destination_ip', 'destination_port', 'honeypot' } #intersection common_keys = (set(query_keys) & mongo_keys) for item in common_keys: if item.endswith('_id'): query_dict[item] = ObjectId(request.query[item]) elif item is 'id': query_dict['_' + item] = ObjectId(request.query[item]) elif item.endswith('_port'): query_dict[item] = int(request.query[item]) else: query_dict[item] = request.query[item] if 'limit' in query_keys: limit = int(request.query.limit) else: limit = 50 #remove ip of honeypot if user is not authorized to see it u = auth.current_user.role lvl = auth._store.roles[u] needed_lvl = auth._store.roles['access_normalized'] p_limit = {'_id': False} if lvl < needed_lvl: p_limit = {'destination_ip': False} result = list(mongodb['session'].find(spec=query_dict, fields=p_limit).limit(limit)) return jsonify({'sessions': result}, response)
def get_dorks(mongodb): try: auth.require(role='public') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} #set default parameters sort_key = 'count' sort_order = -1 limit = 200 if 'sort_by' in query_keys: sort_key = request.query.sort_by if 'sort_order' in query_keys: try: sort_order = int(request.query.sort_order) except ValueError: raise HTTPError(400, 'sort_order must be an integer.') if 'regex' in query_keys: query_dict['content'] = {'$regex': request.query.regex} #inurl, intitle, etc. if 'type' in query_keys: query_dict['type'] = request.query.type if 'limit' in query_keys: limit = int(request.query.limit) result = list(mongodb['dork'].find(query_dict).sort( sort_key, sort_order).limit(limit)) #delete mongo _id - better way? for entry in result: entry['firsttime'] = entry['_id'].generation_time del entry['_id'] return jsonify({'dorks': result}, response)
def get_dorks(mongodb): try: auth.require(role='public') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} #set default parameters sort_key = 'count' sort_order = -1 limit = 200 if 'sort_by' in query_keys: sort_key = request.query.sort_by if 'sort_order' in query_keys: try: sort_order = int (request.query.sort_order) except ValueError: raise HTTPError(400, 'sort_order must be an integer.') if 'regex' in query_keys: query_dict['content'] = {'$regex': request.query.regex} #inurl, intitle, etc. if 'type' in query_keys: query_dict['type'] = request.query.type if 'limit' in query_keys: limit = int(request.query.limit) result = list(mongodb['dork'].find(query_dict).sort(sort_key, sort_order).limit(limit)) #delete mongo _id - better way? for entry in result: entry['firsttime'] = entry['_id'].generation_time del entry['_id'] return jsonify({'dorks': result}, response)
def hpfeeds(mongodb): try: auth.require(role='access_all') except AAAException as e: return HTTPError(401, e.message) if 'date' in request.query and 'channel' in request.query: query = {'date': request.query.date, 'channel': request.query.channel} elif 'date' in request.query: query = {'date': request.query.date} elif 'channel' in request.query: query = {'channel': request.query.channel} else: abort(404, 'Bad Request') results = list(mongodb['daily_stats'].find(query)) for result in results: del result['_id'] return jsonify({'stats': results}, response)
def hpfeeds(mongodb): try: auth.require(role='access_all') except AAAException as e: return HTTPError(401, e.message) if 'date' in request.query and 'channel' in request.query: query = {'date': request.query.date, 'channel': request.query.channel} elif 'date' in request.query: query = {'date': request.query.date} elif 'channel' in request.query: query = {'channel': request.query.channel} else: abort(404, 'muhaha') results = list(mongodb['daily_stats'].find(query)) for result in results: del result['_id'] return jsonify({'stats': results}, response)
def hpfeeds(mongodb): try: auth.require(role="access_all") except AAAException as e: return HTTPError(401, e.message) if "date" in request.query and "channel" in request.query: query = {"date": request.query.date, "channel": request.query.channel} elif "date" in request.query: query = {"date": request.query.date} elif "channel" in request.query: query = {"channel": request.query.channel} else: abort(404, "muhaha") results = list(mongodb["daily_stats"].find(query)) for result in results: del result["_id"] return jsonify({"stats": results}, response)
def sessions_get_by_query(mongodb): try: auth.require(role='access_normalized') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} mongo_keys = {'id', '_id', 'protocol', 'source_ip', 'source_port', 'destination_ip', 'destination_port', 'honeypot'} #intersection common_keys = (set(query_keys) & mongo_keys) for item in common_keys: if item.endswith('_id'): query_dict[item] = ObjectId(request.query[item]) elif item is 'id': query_dict['_' + item] = ObjectId(request.query[item]) elif item.endswith('_port'): query_dict[item] = int(request.query[item]) else: query_dict[item] = request.query[item] if 'limit' in query_keys: limit = int(request.query.limit) else: limit = 50 #remove ip of honeypot if user is not authorized to see it u = auth.current_user.role lvl = auth._store.roles[u] needed_lvl = auth._store.roles['access_normalized'] if lvl < needed_lvl: p_limit = {'destination_ip': False} else: p_limit = None result = list(mongodb['session'].find(spec=query_dict, fields=p_limit).limit(limit)) return jsonify({'sessions': result}, response)
def get_files(mongodb): try: auth.require(role='access_normalized') except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} if 'limit' in query_keys: limit = int(request.query.limit) else: limit = 50 if 'hash' in query_keys: hash_length = len(request.query['hash']) if hash_length is 128: query_dict['hashes.sha512'] = request.query['hash'] elif hash_length is 40: query_dict['hashes.sha1'] = request.query['hash'] elif hash_length is 32: query_dict['hashes.md5'] = request.query['hash'] else: abort( 400, '{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. ' ) else: abort(400, 'Only supported query parameter is "hash"') p_limit = {'_id': False} if 'no_data' in query_keys: p_limit['data'] = False result = list(mongodb['file'].find(query_dict, fields=p_limit).limit(limit)) return jsonify({'files': result}, response)
def get_files(mongodb): try: auth.require(role="access_normalized") except AAAException as e: return HTTPError(401, e.message) query_keys = request.query.keys() query_dict = {} if "limit" in query_keys: limit = int(request.query.limit) else: limit = 50 if "hash" in query_keys: hash_length = len(request.query["hash"]) if hash_length is 128: query_dict["hashes.sha512"] = request.query["hash"] elif hash_length is 40: query_dict["hashes.sha1"] = request.query["hash"] elif hash_length is 32: query_dict["hashes.md5"] = request.query["hash"] else: abort( 400, "{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. ", ) else: abort(400, 'Only supported query parameter is "hash"') p_limit = {"_id": False} if "no_data" in query_keys: p_limit["data"] = False result = list(mongodb["file"].find(query_dict, fields=p_limit).limit(limit)) return jsonify({"files": result}, response)