def close(self):
cfg = config()
if ( self.bytes_written > 0 ):
self.server.fs.update_size(self.filename, self.bytes_written)
if self.realfile is not None:
try:
shasum = hashlib.sha256(open(self.realfile, 'rb').read()).hexdigest()
except Exception as e:
print format(e)
return self.server.fs.close(self.fd)
msg = 'SHA sum %s of file %s' % (shasum, self.realfile)
print msg
hash_path = '%s/%s' % (cfg.get('honeypot', 'download_path'), shasum)
if not os.path.exists(hash_path):
print "moving " + self.realfile + " -> " + hash_path
shutil.move(self.realfile, hash_path)
if cfg.has_option('virustotal', 'apikey'):
virustotal.get_report(shasum, self.filename, 'SFTP')
else:
print "deleting " + self.realfile + " with sha sum " + shasum
os.remove(self.realfile)
f = self.server.fs.getfile(self.filename)
f[9] = hash_path
if cfg.has_option('virustotal', 'apikey'):
print "now checking Virustotal backlogs ssh"
virustotal_backlogs.check()
return self.server.fs.close(self.fd)
def success(self, data):
if not os.path.isfile(self.safeoutfile):
print "there's no " + self.safeoutfile
self.exit()
shasum = hashlib.sha256(open(self.safeoutfile,
'rb').read()).hexdigest()
hash_path = '%s/%s' % (self.download_path, shasum)
msg = '%s SHA sum %s of URL %s in file %s' % \
(self.protocol.realClientIP, shasum,
self.url, self.fileName)
print msg
self.protocol.logDispatch(msg)
cfg = self.protocol.env.cfg
vt_check = 1
if re.search("\.sh$", self.url):
m = magic.open(magic.MAGIC_NONE)
m.load()
filetype = m.file(self.safeoutfile)
if re.search("ASCII", filetype):
vt_check = 0
if not os.path.exists(hash_path):
print "moving " + self.safeoutfile + " -> " + hash_path
shutil.move(self.safeoutfile, hash_path)
if cfg.has_option('virustotal', 'apikey') and vt_check:
virustotal.get_report(shasum,
self.fakeoutfile.split('/')[-1],
self.url, self.protocol)
else:
print "deleting " + self.safeoutfile + " SHA sum: " + shasum
os.remove(self.safeoutfile)
self.safeoutfile = hash_path
if cfg.has_option('virustotal', 'apikey'):
print "now checking Virustotal backlogs wget"
virustotal_backlogs.check()
print "Updating realfile to " + hash_path
f = self.fs.getfile(self.outfile)
f[9] = hash_path
self.exit()
def success(self, data):
if not os.path.isfile(self.safeoutfile):
print "there's no " + self.safeoutfile
self.exit()
shasum = hashlib.sha256(open(self.safeoutfile, 'rb').read()).hexdigest()
hash_path = '%s/%s' % (self.download_path, shasum)
msg = '%s SHA sum %s of URL %s in file %s' % \
(self.protocol.realClientIP, shasum,
self.url, self.fileName)
print msg
self.protocol.logDispatch(msg)
cfg = self.protocol.env.cfg
vt_check = 1
if re.search("\.sh$", self.url):
m = magic.open(magic.MAGIC_NONE)
m.load()
filetype = m.file(self.safeoutfile)
if re.search("ASCII", filetype):
vt_check = 0
if not os.path.exists(hash_path):
print "moving " + self.safeoutfile + " -> " + hash_path
shutil.move(self.safeoutfile, hash_path)
if cfg.has_option('virustotal', 'apikey') and vt_check:
virustotal.get_report(shasum, self.fakeoutfile.split('/')[-1], self.url, self.protocol)
else:
print "deleting " + self.safeoutfile + " SHA sum: " + shasum
os.remove(self.safeoutfile)
self.safeoutfile = hash_path
if cfg.has_option('virustotal', 'apikey'):
print "now checking Virustotal backlogs wget"
virustotal_backlogs.check()
print "Updating realfile to " + hash_path
f = self.fs.getfile(self.outfile)
f[9] = hash_path
self.exit()
def close(self):
cfg = config()
if (self.bytes_written > 0):
self.server.fs.update_size(self.filename, self.bytes_written)
if self.realfile is not None:
try:
shasum = hashlib.sha256(open(self.realfile,
'rb').read()).hexdigest()
except Exception as e:
print format(e)
return self.server.fs.close(self.fd)
msg = 'SHA sum %s of file %s' % (shasum, self.realfile)
print msg
hash_path = '%s/%s' % (cfg.get('honeypot',
'download_path'), shasum)
if not os.path.exists(hash_path):
print "moving " + self.realfile + " -> " + hash_path
shutil.move(self.realfile, hash_path)
if cfg.has_option('virustotal', 'apikey'):
virustotal.get_report(shasum, self.filename, 'SFTP')
else:
print "deleting " + self.realfile + " with sha sum " + shasum
os.remove(self.realfile)
f = self.server.fs.getfile(self.filename)
f[9] = hash_path
if cfg.has_option('virustotal', 'apikey'):
print "now checking Virustotal backlogs ssh"
virustotal_backlogs.check()
return self.server.fs.close(self.fd)
