def handle_incident(self, icd):
logger.debug("storing file")
p = icd.path
md5 = md5file(p)
n = g_dionaea.config()['downloads']['dir'] + '/' + md5
i = incident("dionaea.download.complete.hash")
i.file = n
i.url = icd.url
if hasattr(icd, 'con'):
i.con = icd.con
i.md5hash = md5
i.report()
try:
f = os.stat(n)
i = incident("dionaea.download.complete.again")
logger.debug("file %s already existed" % md5)
except OSError:
logger.debug("saving new file %s to %s" % (md5, n))
os.link(p, n)
i = incident("dionaea.download.complete.unique")
i.file = n
if hasattr(icd, 'con'):
i.con = icd.con
i.url = icd.url
i.md5hash = md5
i.report()
def handle_incident(self, icd):
logger.debug("storing file")
p = icd.path
md5 = md5file(p)
n = g_dionaea.config()["downloads"]["dir"] + "/" + md5
i = incident("dionaea.download.complete.hash")
i.file = n
i.url = icd.url
if hasattr(icd, "con"):
i.con = icd.con
i.md5hash = md5
i.report()
try:
f = os.stat(n)
i = incident("dionaea.download.complete.again")
logger.debug("file %s already existed" % md5)
except OSError:
logger.debug("saving new file %s to %s" % (md5, n))
os.link(p, n)
i = incident("dionaea.download.complete.unique")
i.file = n
if hasattr(icd, "con"):
i.con = icd.con
i.url = icd.url
i.md5hash = md5
i.report()
def handle_incident(self, icd):
logger.debug("storing file")
p = icd.path
# ToDo: use sha1 or sha256
md5 = md5file(p)
# ToDo: use sys.path.join()
n = os.path.join(self.download_dir, md5)
i = incident("dionaea.download.complete.hash")
i.file = n
i.url = icd.url
if hasattr(icd, 'con'):
i.con = icd.con
i.md5hash = md5
i.report()
try:
os.stat(n)
i = incident("dionaea.download.complete.again")
logger.debug("file %s already existed" % md5)
except OSError:
logger.debug("saving new file %s to %s" % (md5, n))
os.link(p, n)
i = incident("dionaea.download.complete.unique")
i.file = n
if hasattr(icd, 'con'):
i.con = icd.con
i.url = icd.url
i.md5hash = md5
i.report()
def handle_incident(self, icd):
logger.debug("storing file")
p = icd.path
# ToDo: use sha1 or sha256
md5 = md5file(p)
# ToDo: use sys.path.join()
n = os.path.join(self.download_dir, md5)
i = incident("dionaea.download.complete.hash")
i.file = n
i.url = icd.url
if hasattr(icd, 'con'):
i.con = icd.con
i.md5hash = md5
i.report()
try:
os.stat(n)
i = incident("dionaea.download.complete.again")
logger.debug("file %s already existed" % md5)
except OSError:
logger.debug("saving new file %s to %s" % (md5, n))
os.link(p, n)
i = incident("dionaea.download.complete.unique")
i.file = n
if hasattr(icd, 'con'):
i.con = icd.con
i.url = icd.url
i.md5hash = md5
i.report()
def handle_incident_dionaea_download_complete_unique(self, icd):
cookie = str(uuid.uuid4())
i = incident("dionaea.upload.request")
i._url = self.backendurl
i.sha512 = sha512file(icd.file)
i.md5 = md5file(icd.file)
i.email = self.email
i.user = self.user
i.set('pass', self.passwd)
mr = submithttp_report(i.sha512, i.md5, icd.file)
if hasattr(icd, 'con'):
i.source_host = str(
struct.unpack('!I', socket.inet_aton(icd.con.remote.host))[0]
)
i.source_port = str(icd.con.remote.port)
i.target_host = str(
struct.unpack('!I', socket.inet_aton(icd.con.local.host))[0]
)
i.target_port = str(icd.con.local.port)
mr.saddr, mr.sport, mr.daddr, mr.dport = i.source_host, i.source_port, i.target_host, i.target_port
if hasattr(icd, 'url'):
i.url = icd.url
i.trigger = icd.url
try:
i.filename = urlparse(icd.url).path.split('/')[-1]
mr.filename = i.filename
except:
pass
mr.download_url = icd.url
i.filetype = filetype(icd.file)
mr.filetype = i.filetype
i._callback = "dionaea.modules.python.submithttp.result"
i._userdata = cookie
self.cookies[cookie] = mr
i.report()
def handle_incident_dionaea_download_complete_unique(self, icd):
logger.warning('handle_incident_dionaea_download_complete_unique')
cookie = str(uuid.uuid4())
i = incident("dionaea.upload.request")
i._url = self.backendurl
i.sha512 = sha512file(icd.file)
i.md5 = md5file(icd.file)
i.email = self.email
i.user = self.user
i.set('pass', self.passwd)
mr = submithttp_report(i.sha512, i.md5, icd.file)
if hasattr(icd, 'con'):
i.source_host = str(
struct.unpack('!I', socket.inet_aton(icd.con.remote.host))[0])
i.source_port = str(icd.con.remote.port)
i.target_host = str(
struct.unpack('!I', socket.inet_aton(icd.con.local.host))[0])
i.target_port = str(icd.con.local.port)
mr.saddr, mr.sport, mr.daddr, mr.dport = i.source_host, i.source_port, i.target_host, i.target_port
if hasattr(icd, 'url'):
i.url = icd.url
i.trigger = icd.url
try:
i.filename = urlparse(icd.url).path.split('/')[-1]
mr.filename = i.filename
except:
pass
mr.download_url = icd.url
i.filetype = filetype(icd.file)
mr.filetype = i.filetype
i._callback = "dionaea.modules.python.submithttp.result"
i._userdata = cookie
self.cookies[cookie] = mr
i.report()
dionaea_config = g_dionaea.config().get("dionaea")
self.download_dir = dionaea_config.get("download.dir")
if self.download_dir is None:
raise LoaderError("Setting download.dir not configured")
else:
if not os.path.isdir(self.download_dir):
raise LoaderError("'%s' is not a directory", self.download_dir)
if not os.access(self.download_dir, os.W_OK):
raise LoaderError("Not allowed to create files in the '%s' directory", self.dow
nload_dir)
def handle_incident(self, icd):
logger.debug("storing file")
p = icd.path
# ToDo: use sha1 or sha256
md5 = md5file(p)
# ToDo: use sys.path.join()
n = os.path.join(self.download_dir, md5)
i = incident("dionaea.download.complete.hash")
i.file = n
i.url = icd.url
if hasattr(icd, 'con'):
i.con = icd.con
i.md5hash = md5
i.report()
try:
os.stat(n)
i = incident("dionaea.download.complete.again")
logger.debug("file %s already existed" % md5)
except OSError:
