def insert_selected_modules_network_event(ip, port, module_name, machine_name):
"""
insert selected modules event to honeypot_events collection
Args:
ip: connected ip
port: connected port
module_name: module name ran on the port
machine_name: real machine name
Returns:
ObjectId(inserted_id)
"""
global honeypot_events_queue
honeypot_events_queue.append({
"ip":
ip,
"port":
int(port),
"module_name":
module_name,
"date":
now(),
"machine_name":
machine_name,
"event_type":
"honeypot_event",
"country":
str(IP2Location.get_country_short(ip).decode())
})
return
def insert_other_network_event(ip, port, machine_name):
"""
insert other network events (port scan, etc..) to network_events collection
Args:
ip: connected ip
port: connected port
machine_name: real machine name
Returns:
ObjectId(inserted_id)
"""
global network_events_queue
network_events_queue.append({
"ip":
ip,
"port":
int(port),
"date":
now(),
"machine_name":
machine_name,
"country":
str(IP2Location.get_country_short(ip).decode())
})
return
def on_any_event(self, event):
if not (event.event_type == 'modified' and event.is_directory) \
and not is_excluded(event.src_path, self.EXCLUDES):
insert_to_file_change_events_collection(
FileEventsData(file_path=byte_to_str(event.src_path),
status=byte_to_str(event.event_type),
module_name=self.module_name,
date=now(),
is_directory=event.is_directory))
def info(content,
log_in_file=None,
mode=None,
event=None,
language=None,
thread_tmp_filename=None):
"""
build the info message, log the message in
database if requested, rewrite the thread temporary file
Args:
content: content of the message
log_in_file: log filename name
mode: write mode, [w, w+, wb, a, ab, ...]
event: standard event in JSON structure
language: the language
thread_tmp_filename: thread temporary filename
Returns:
None
"""
if is_not_run_from_api(): # prevent to stdout if run from API
if version() == 2:
sys.stdout.write(
color.color_cmd("yellow") + "[+] [{0}] ".format(now()) +
color.color_cmd("green") + content.encode("utf8") +
color.color_cmd("reset") + "\n")
else:
sys.stdout.buffer.write(
bytes(
color.color_cmd("yellow") + "[+] [{0}] ".format(now()) +
color.color_cmd("green") + content +
color.color_cmd("reset") + "\n", "utf8"))
sys.stdout.flush()
# TODO: implement log functionality later
# if event: # if an event is present log it
# from core.log import __log_into_file
# __log_into_file(log_in_file, mode, json.dumps(event), language)
# # if thread temporary filename present, rewrite it
# if thread_tmp_filename:
# __log_into_file(thread_tmp_filename, "w", "0", language)
return
def error(content):
"""
build the error message
Args:
content: content of the message
Returns:
the message in error structure - None
"""
if is_not_run_from_api():
if version() is 2:
sys.stdout.write(
color.color("red") + "[X] [{0}] ".format(now()) +
color.color("yellow") + content.encode("utf8") +
color.color("reset") + "\n")
else:
sys.stdout.buffer.write(
(color.color("red") + "[X] [{0}] ".format(now()) +
color.color("yellow") + content + color.color("reset") +
"\n").encode("utf8"))
sys.stdout.flush()
return
def warn(content):
"""
build the warn message
Args:
content: content of the message
Returns:
the message in warn structure - None
"""
if is_not_run_from_api():
if version() == 2:
sys.stdout.write(
color.color_cmd("blue") + "[!] [{0}] ".format(now()) +
color.color_cmd("yellow") + content.encode("utf8") +
color.color_cmd("reset") + "\n")
else:
sys.stdout.buffer.write(
bytes(
color.color_cmd("blue") + "[!] [{0}] ".format(now()) +
color.color_cmd("yellow") + content +
color.color_cmd("reset") + "\n", "utf8"))
sys.stdout.flush()
return
def insert_selected_modules_network_event(ip_dest, port_dest, ip_src, port_src,
module_name, machine_name):
"""
insert selected modules event to honeypot_events collection
Args:
ip_dest: dest ip (machine)
port_dest: dest port (machine)
ip_src: src ip
port_src: src port
module_name: module name ran on the port
machine_name: real machine name
Returns:
ObjectId(inserted_id)
"""
if is_verbose_mode():
verbose_info(
"Received honeypot event, ip_dest:{0}, port_dest:{1}, "
"ip_src:{2}, port_src:{3}, module_name:{4}, machine_name:{5}".
format(ip_dest, port_dest, ip_src, port_src, module_name,
machine_name))
global honeypot_events_queue
honeypot_events_queue.append({
"ip_dest":
byte_to_str(ip_dest),
"port_dest":
int(port_dest),
"ip_src":
byte_to_str(ip_src),
"port_src":
int(port_src),
"module_name":
module_name,
"date":
now(),
"machine_name":
machine_name,
"event_type":
"honeypot_event",
"country_ip_src":
byte_to_str(IP2Location.get_country_short(byte_to_str(ip_src))),
"country_ip_dest":
byte_to_str(IP2Location.get_country_short(byte_to_str(ip_dest)))
})
return
def error(content):
"""
build the error message
Args:
content: content of the message
Returns:
the message in error structure - None
"""
logger.error(content)
sys.stdout.buffer.write(
(color.color_cmd("red") + "[X] [{0}] ".format(now()) +
color.color_cmd("yellow") + content + color.color_cmd("reset") +
"\n").encode("utf8"))
sys.stdout.flush()
return
def info(content):
"""
build the info message, log the message in
database if requested, rewrite the thread temporary file
Args:
content: content of the message
Returns:
None
"""
sys.stdout.buffer.write(
bytes(
color.color_cmd("yellow") + "[+] [{0}] ".format(now()) +
color.color_cmd("green") + content + color.color_cmd("reset") +
"\n", "utf8"))
sys.stdout.flush()
return
def warn(content):
"""
build the warn message
Args:
content: content of the message
Returns:
the message in warn structure - None
"""
logger.warning(content)
sys.stdout.buffer.write(
bytes(
color.color_cmd("blue") + "[!] [{0}] ".format(now()) +
color.color_cmd("yellow") + content + color.color_cmd("reset") +
"\n", "utf8"))
sys.stdout.flush()
return
def verbose_info(content):
"""
build the info message, log the message in database
if requested, rewrite the thread temporary file
Args:
content: content of the message
Returns:
None
"""
if is_verbose_mode():
logger.info(content)
sys.stdout.buffer.write(
bytes(
color.color_cmd("cyan") + "[v] [{0}] ".format(now()) +
color.color_cmd("grey") + content + color.color_cmd("reset") +
"\n", "utf8"))
sys.stdout.flush()
return
def insert_other_network_event(ip_dest, port_dest, ip_src, port_src,
machine_name):
"""
insert other network events (port scan, etc..) to network_events collection
Args:
ip_dest: dest ip (machine)
port_dest: dest port (machine)
ip_src: src ip
port_src: src port
machine_name: real machine name
Returns:
ObjectId(inserted_id)
"""
if is_verbose_mode():
verbose_info("Received network event, ip_dest:{0}, port_dest:{1}, "
"ip_src:{2}, port_src:{3}, machine_name:{4}".format(
ip_dest, port_dest, ip_src, port_src, machine_name))
global network_events_queue
network_events_queue.append({
"ip_dest":
byte_to_str(ip_dest),
"port_dest":
int(port_dest),
"ip_src":
byte_to_str(ip_src),
"port_src":
int(port_src),
"date":
now(),
"machine_name":
machine_name,
"country_ip_src":
byte_to_str(IP2Location.get_country_short(byte_to_str(ip_src))),
"country_ip_dest":
byte_to_str(IP2Location.get_country_short(byte_to_str(ip_dest)))
})
return