Beispiel #1
0
 def __init__(self, botnet):
     self.botnet = botnet
     self.mal_formed = False
     self.botnet_db = database.BotnetInfoDB()
     try:
         if "udp://" in botnet.irc_addr:
                 botnet.irc_addr = botnet.irc_addr.partition("udp://")[2]
         self.irc_host = botnet.irc_addr.split(':')[0]
         self.irc_port = int(botnet.irc_addr.split(':')[1])
     except Exception as e:
         self.log("IRC server address mal-formed: '%s' error: %s" %
                  (botnet.irc_addr, str(e)))
         self.mal_formed = True
     self.irc_server_pass = botnet.irc_server_pwd
     self.nick = botnet.irc_nick
     self.user = botnet.irc_user
     self.mode = botnet.irc_mode
     if isinstance(botnet.irc_channel, (str, unicode)):
         self.chan_list = botnet.irc_channel.split(', ')
     else:
         self.chan_list = botnet.irc_channel
     self.channel_names = []
     self.log(" ".join([self.irc_host, str(self.irc_port),
                        self.nick, self.user]))
     self.retried = False
Beispiel #2
0
 def botnet_to_db(self, botnet):
     self.botnet_id = None
     botnet_db = database.BotnetInfoDB()
     if len(botnet.irc_channel) > 0:
         channel = ', '.join(botnet.irc_channel)
     else:
         channel = ""
     duplicate_botnet_id = botnet_db.select_by_features(
         botnet.irc_addr, channel)
     if not duplicate_botnet_id:
         botnet_db.connect()
         self.botnet_id = botnet_db.insert(botnet)
         botnet_db.close()
     else:
         botnet_db.update_time(botnet.last_analysis_date,
                               duplicate_botnet_id[0])
Beispiel #3
0
 def db_import(self):
     sandbox_db = database.SandboxDB()
     sandbox_list = sandbox_db.get_credentials()
     sandbox_db.close()
     botnet_db = database.BotnetInfoDB()
     botnet_db.connect()
     for botnet in sandbox_list:
         if not isinstance(botnet.irc_channel, (str, unicode)):
             channel = ', '.join(botnet.irc_channel)
         duplicate_botnet_id = botnet_db.select_by_features(
             botnet.irc_addr, channel)
         if not duplicate_botnet_id:
             botnet_db.insert(botnet)
         else:
             botnet_db.update_time(self.last_analysis_date,
                                   duplicate_botnet_id[0])
     botnet_db.close()
Beispiel #4
0
import modules.database as database
import analysis.msg as msg
import GeoIP
import os

blist = os.listdir("db/botnets/")
for item in blist:
    dbname = "db/botnets/" + item
    botnet_id = item.split("Botnet_")[1].split(".db")[0]

    msg_botnet = msg.BotnetAnalysis()
    msg_track = msg.BotTrackDB()
    bot_info_db = database.BotnetInfoDB()

    rowall = msg_botnet.db_select(dbname)
    gi = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE)
    for row in rowall:
        if not row[2] == "":
            timestamp = row[1]
            parsed_msg = msg_botnet.parse_msg(row[2].encode('utf-8'))
            if parsed_msg[1] == "004":
                itype = msg_botnet.Botnet_Server_Type(parsed_msg[2])
                bot_info_db.update_servertype(botnet_id, itype)
            if parsed_msg[1] == "PRIVMSG":
                dork_info = msg_botnet.PRIVMSG_dork(parsed_msg[2])
                if dork_info:
                    msg_track.insert_privmsg(timestamp, botnet_id,
                                             dork_info[0], dork_info[1],
                                             dork_info[2])
            if parsed_msg[1] == "311":
                geoip = gi.country_code_by_addr(parsed_msg[2][3])
Beispiel #5
0
 def populate_queue(self):
     self.botnet_queue = Queue.Queue()
     botnet_db = database.BotnetInfoDB()
     botnet_list = botnet_db.select_all()
     for botnet in botnet_list:
         self.botnet_queue.put(botnet)