def start(self):
ihandler.__init__(self, self.path)
self.submit_url = g_dionaea.config()['modules']['python']['jsonfeeds']['submit_url']
certificate = g_dionaea.config()['modules']['python']['jsonfeeds'].get('certificate', False)
if certificate:
self.cert = (certificate['cert'], certificate['key'])
else:
self.cert = False
self.sensor = g_dionaea.config()['modules']['python']['jsonfeeds'].get('sensor', {})
# delete malware file after download -> True
self.deleteFile = g_dionaea.config()['modules']['python']['jsonfeeds'].get('delete', False) == "True"
self.verify = g_dionaea.config()['modules']['python']['jsonfeeds'].get('verify', False) == "True"
self.externalIP = {
"disable": g_dionaea.config()['modules']['python']['jsonfeeds']['externalIP'].get('disable', False) == "True",
"cachetime": int(g_dionaea.config()['modules']['python']['jsonfeeds']['externalIP'].get('cachetime', 0)),
"lastcheck": 0,
"ip": g_dionaea.config()['modules']['python']['jsonfeeds']['externalIP'].get('ip', "")
}
# a cachetime of "0" implies to return self.externalIP["ip"] and to avoid updateExternalIP. So if the ip is set in the config we don't need to updateExternalIP
if self.externalIP["ip"] != "":
self.externalIP["cachetime"] = 0
#mapping socket -> attackid
self.attacks = {}
'''
def __init__(self):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, "*")
offers = g_dionaea.config()['modules']['python']['fail2ban']['offers']
downloads = g_dionaea.config()['modules']['python']['fail2ban']['downloads']
self.offers = open(offers, "a")
self.downloads = open(downloads, "a")
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.apikey = config.get("apikey")
comment = config.get("comment")
if comment is None:
comment = "This sample was captured in the wild and uploaded by the dionaea honeypot.\n#honeypot #malware #networkworm"
self.comment = comment
self.cookies = {}
self.loop = pyev.default_loop()
self.backlog_timer = pyev.Timer(0, 20, self.loop,
self.__handle_backlog_timeout)
self.backlog_timer.start()
p = config.get("file")
self.dbh = sqlite3.connect(p)
self.cursor = self.dbh.cursor()
self.cursor.execute("""
CREATE TABLE IF NOT EXISTS backlogfiles (
backlogfile INTEGER PRIMARY KEY,
status TEXT NOT NULL, -- new, submit, query, comment
md5_hash TEXT NOT NULL,
path TEXT NOT NULL,
timestamp INTEGER NOT NULL,
scan_id TEXT,
lastcheck_time INTEGER,
submit_time INTEGER
);""")
def __init__(self, path, config=None):
logger.debug('hpfeedhandler init')
port = config.get("port")
if port is None:
port = self.default_port
try:
port = int(port)
except (TypeError, ValueError):
logger.warning("Unable to convert value '%s' for port to int" %
port)
port = self.default_port
self.client = hpfeeds.client.new(config['server'], port,
config['ident'], config['secret'])
ihandler.__init__(self, path)
self.tags = config['tags']
logger.debug('Set tags to: {}'.format(self.tags))
self.dynip_resolve = config.get('dynip_resolve', '')
self.dynip_timer = None
self.ownip = None
if isinstance(self.dynip_resolve,
str) and self.dynip_resolve.startswith("http"):
if pyev is None:
logger.debug(
'You are missing the python pyev binding in your dionaea installation.'
)
else:
logger.debug('hpfeedihandler will use dynamic IP resolving!')
self.loop = pyev.default_loop()
self.dynip_timer = pyev.Timer(2., 300, self.loop,
self._dynip_resolve)
self.dynip_timer.start()
def __init__(self, path, config=None):
logger.debug("%s ready!", self.__class__.__name__)
ihandler.__init__(self, path)
self.path = path
self._config = config
self.db_session = None
self.attacks = {}
self.handlers = []
self.flat_data = config.get("flat_data", False)
handlers = config.get("handlers")
if not isinstance(handlers, list) or len(handlers) == 0:
logger.warning("No handlers specified")
# Set empty list on error
handlers = []
for handler in handlers:
url = urlparse(handler)
for h in (
FileHandler,
HTTPHandler,
):
if url.scheme in h.handle_schemes:
self.handlers.append(h(url=handler))
break
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.apikey = g_dionaea.config()['modules']['python'][
'virustotal']['apikey']
self.cookies = {}
self.loop = pyev.default_loop()
self.backlog_timer = pyev.Timer(
0, 20, self.loop, self.__handle_backlog_timeout)
self.backlog_timer.start()
p = g_dionaea.config()['modules']['python']['virustotal']['file']
self.dbh = sqlite3.connect(p)
self.cursor = self.dbh.cursor()
self.cursor.execute("""
CREATE TABLE IF NOT EXISTS backlogfiles (
backlogfile INTEGER PRIMARY KEY,
status TEXT NOT NULL, -- new, submit, query, comment
md5_hash TEXT NOT NULL,
path TEXT NOT NULL,
timestamp INTEGER NOT NULL,
scan_id TEXT,
lastcheck_time INTEGER,
submit_time INTEGER
);""")
def __init__(self, config=None):
logger.debug("nfqhandler")
ihandler.__init__(self, 'dionaea.connection.tcp.pending')
if config is None:
config = {}
config_throttle = config.get("throttle", {})
self.throttle_window = config_throttle.get("window", 30)
self.window = [[0, 0] for x in range(self.throttle_window)]
self.throttle_nfaction = config.get("nfaction", 0)
config_throttle_limits = config_throttle.get("limits", {})
self.throttle_total = config_throttle_limits.get("total", 30)
self.throttle_slot = config_throttle_limits.get("slot", 30)
config_timeouts = config.get("timeouts", {})
config_timeouts_client = config_timeouts.get("client", {})
self.mirror_client_timeout_idle = config_timeouts_client.get(
"idel", 10)
self.mirror_client_timeout_sustain = config_timeouts_client.get(
"sustain", 240)
config_timeouts_server = config_timeouts.get("server", {})
self.mirror_server_timeout_listen = config_timeouts_server.get(
"listen", 5)
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.apikey = g_dionaea.config(
)['modules']['python']['virustotal']['apikey']
self.cookies = {}
self.loop = pyev.default_loop()
self.backlog_timer = pyev.Timer(0, 20, self.loop,
self.__handle_backlog_timeout)
self.backlog_timer.start()
p = g_dionaea.config()['modules']['python']['virustotal']['file']
self.dbh = sqlite3.connect(p)
self.cursor = self.dbh.cursor()
self.cursor.execute("""
CREATE TABLE IF NOT EXISTS backlogfiles (
backlogfile INTEGER PRIMARY KEY,
status TEXT NOT NULL, -- new, submit, query, comment
md5_hash TEXT NOT NULL,
path TEXT NOT NULL,
timestamp INTEGER NOT NULL,
scan_id TEXT,
lastcheck_time INTEGER,
submit_time INTEGER
);""")
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
# mapping socket -> attackid
self.attacks = {}
self.dbh = None
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
# mapping socket -> attackid
self.attacks = {}
self.dbh = None
def __init__(self, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, "*")
if config is None:
config = {}
offers = config.get("offers", "var/dionaea/offers.f2b")
downloads = config.get("downloads", "var/dionaea/downloads.f2b")
self.offers = open(offers, "a")
self.downloads = open(downloads, "a")
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.backendurl = config.get("url")
self.email = config.get("email")
self.user = config.get("user", "")
self.passwd = config.get("pass", "")
self.cookies = {}
def start(self):
ihandler.__init__(self, self.path)
# mapping socket -> attackid
engine = create_engine(self._config.get("url"),
echo=False,
convert_unicode=True)
self.db_session = scoped_session(
sessionmaker(autocommit=False, autoflush=False, bind=engine))
model.Base.query = self.db_session.query_property()
model.Base.metadata.create_all(bind=engine)
def __init__(self, server, port, username, password, resource, muc, config):
self.muc = muc
self.config = config.copy()
for e in self.config:
self.config[e]['pcre'] = []
for p in self.config[e]['events']:
self.config[e]['pcre'].append(re.compile(p))
self.resource = resource
self.username = username.split('@')[0]
self.client = xmppclient(server=server, port=port, username=username, password=password, resource=resource, muc=muc, channels=list(self.config.keys()))
ihandler.__init__(self, '*')
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.bucket_name = config.get("bucket_name")
self.region_name = config.get("region_name")
self.access_key_id = config.get("access_key_id")
self.secret_access_key = config.get("secret_access_key")
self.endpoint_url = config.get("endpoint_url")
self.verify = config.get("verify")
self.s3_dest_folder = config.get("s3_dest_folder")
self.s3 = ''
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
dionaea_config = g_dionaea.config().get("dionaea")
self.download_dir = dionaea_config.get("download.dir")
if self.download_dir is None:
raise LoaderError("Setting download.dir not configured")
else:
if not os.path.isdir(self.download_dir):
raise LoaderError("'%s' is not a directory", self.download_dir)
if not os.access(self.download_dir, os.W_OK):
raise LoaderError("Not allowed to create files in the '%s' directory", self.download_dir)
def __init__(self, path, config=None):
logger.warning("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
dionaea_config = g_dionaea.config().get("dionaea")
self.download_dir = dionaea_config.get("download.dir")
if self.download_dir is None:
raise LoaderError("Setting download.dir not configured")
else:
if not os.path.isdir(self.download_dir):
raise LoaderError("'%s' is not a directory", self.download_dir)
if not os.access(self.download_dir, os.W_OK):
raise LoaderError("Not allowed to create files in the '%s' directory", self.download_dir)
def __init__(self, path):
logger.info("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.mwsconfig = g_dionaea.config()['mycert_sensor']['submit']
self.sensorid = self.mwsconfig['sensorid']
self.connection_url = self.mwsconfig['connection_url'].format(id=self.sensorid)
self.artifact_url = self.mwsconfig['artifact_url']
self.cookies = {}
self.attacker = {}
self.connection = {}
self.mysql = {}
self.mssql = {}
self.ftp = {}
def __init__(self):
ihandler.__init__(self, '*')
self.connections = {}
self.services = {}
self.packets = {}
self.logger = Logger()
self.api = API(self.logger)
self.scheduler = sched.scheduler(time.time, time.sleep)
self.scheduler.enter(15, 15, self.send_data)
threading.Thread(target=lambda: self.scheduler.run(),
daemon=True).start()
def start(self):
ihandler.__init__(self, self.path)
# mapping socket -> attackid
engine = create_engine(self._config.get("url"), echo=False, convert_unicode=True)
self.db_session = scoped_session(
sessionmaker(
autocommit=False,
autoflush=False,
bind=engine
)
)
model.Base.query = self.db_session.query_property()
model.Base.metadata.create_all(bind=engine)
def __init__(self, server, port, nick, password, ident, realname, channel, ssl, adminhost, adminpw):
logger.info("logirc started!")
self.server = server
self.port = port
self.realname = realname
self.ident = ident
self.nick = nick
self.password = password
self.channel = channel
self.state = "Offline"
self.ssl = ssl
self.adminhost = adminhost
self.adminpw = adminpw
# self.client = ircclient(server=server, port=port, realname=realname, ident=ident, nick=nick, password=password, channel=channel)
ihandler.__init__(self, "*")
def __init__(self, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, "*")
if config is None:
config = {}
offers = config.get("offers", "var/dionaea/offers.f2b")
downloads = config.get("downloads", "var/dionaea/downloads.f2b")
try:
self.offers = open(offers, "a")
except OSError as e:
raise LoaderError("Unable to open file %s Error message '%s'", offers, e.strerror)
try:
self.downloads = open(downloads, "a")
except OSError as e:
raise LoaderError("Unable to open file %s Error message '%s'", downloads, e.strerror)
def __init__(self, path, config=None):
logger.info("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.sensorid = config.get("sensorid")
self.connection_url = config.get("connection_url").format(
id=self.sensorid)
self.artifact_url = config.get("artifact_url")
self.file_fieldname = config.get("file_fieldname")
self.cookies = {}
self.attacker = {}
self.connection = {}
self.mysql = {}
self.mssql = {}
self.ftp = {}
def __init__(self, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, "*")
if config is None:
config = {}
offers = config.get("offers", "var/dionaea/offers.f2b")
downloads = config.get("downloads", "var/dionaea/downloads.f2b")
try:
self.offers = open(offers, "a")
except OSError as e:
raise LoaderError("Unable to open file %s Error message '%s'", offers, e.strerror)
try:
self.downloads = open(downloads, "a")
except OSError as e:
raise LoaderError("Unable to open file %s Error message '%s'", downloads, e.strerror)
def __init__(self, config):
logger.debug('hpfeedhandler init')
self.client = hpclient(config['server'], int(config['port']), config['ident'], config['secret'])
ihandler.__init__(self, '*')
self.dynip_resolve = config.get('dynip_resolve', '')
self.dynip_timer = None
self.ownip = None
if self.dynip_resolve and 'http' in self.dynip_resolve:
if pyev == None:
logger.debug('You are missing the python pyev binding in your dionaea installation.')
else:
logger.debug('hpfeedihandler will use dynamic IP resolving!')
self.loop = pyev.default_loop()
self.dynip_timer = pyev.Timer(2., 300, self.loop, self._dynip_resolve)
self.dynip_timer.start()
def __init__(self, config):
logger.debug('hpfeedhandler init')
self.client = hpclient(config['server'], int(config['port']), config['ident'], config['secret'])
ihandler.__init__(self, '*')
self.dynip_resolve = config.get('dynip_resolve', '')
self.dynip_timer = None
self.ownip = None
if self.dynip_resolve and 'http' in self.dynip_resolve:
if pyev == None:
logger.debug('You are missing the python pyev binding in your dionaea installation.')
else:
logger.debug('hpfeedihandler will use dynamic IP resolving!')
self.loop = pyev.default_loop()
self.dynip_timer = pyev.Timer(2., 300, self.loop, self._dynip_resolve)
self.dynip_timer.start()
def __init__(self, server, port, nick, password, ident, realname, channel,
ssl, adminhost, adminpw):
logger.info("logirc started!")
self.server = server
self.port = port
self.realname = realname
self.ident = ident
self.nick = nick
self.password = password
self.channel = channel
self.state = "Offline"
self.ssl = ssl
self.adminhost = adminhost
self.adminpw = adminpw
#self.client = ircclient(server=server, port=port, realname=realname, ident=ident, nick=nick, password=password, channel=channel)
ihandler.__init__(self, '*')
def __init__(self, server, port, username, password, resource, muc,
config):
self.muc = muc
self.config = config.copy()
for e in self.config:
self.config[e]['pcre'] = []
for p in self.config[e]['events']:
self.config[e]['pcre'].append(re.compile(p))
self.resource = resource
self.username = username.split('@')[0]
self.client = xmppclient(server=server,
port=port,
username=username,
password=password,
resource=resource,
muc=muc,
channels=list(self.config.keys()))
ihandler.__init__(self, '*')
def __init__(self, path):
self.disabled = False
self.attacks = {}
self.logger = logging.getLogger('honeysens')
self.logger.setLevel(logging.WARNING)
self.config = configparser.ConfigParser()
try:
with open(g_dionaea.config()['modules']['python']['honeysens']['config']) as f:
self.config.read_file(f)
self.server_name = self.config.get('server', 'name')
self.key = RSA.importKey(open(self.config.get('general', 'keyfile'), 'r').read())
self.servercertfile = self.config.get('server', 'certfile')
self.sensor_id = self.config.get('general', 'sensor_id')
self.logger.debug('HoneySens Configuration\n Server: {}\n Key file: {}\n Server certificate: {}\n Sensor ID: {}'.format(self.server_name, self.key, self.servercertfile, self.sensor_id))
ihandler.__init__(self, path)
except Exception:
self.logger.debug('Error: Invalid HoneySens configuration, module disabled')
self.disabled = True
def __init__(self, path, config=None):
logger.debug("%s ready!", self.__class__.__name__)
ihandler.__init__(self, path)
self.port_min = 62001
self.port_max = 63000
port_range = config.get("active_ports")
try:
(port_min, port_max) = port_range.split("-")
self.port_min = int(port_min)
self.port_max = int(port_max)
except Exception:
logger.warning("Unable to pars port range")
self.host = config.get("active_host")
dionaea_config = g_dionaea.config().get("dionaea")
self.download_dir = dionaea_config.get("download.dir")
self.download_suffix = dionaea_config.get("download.suffix")
def __init__(self):
logger.debug("nfqhandler")
ihandler.__init__(self, 'dionaea.connection.tcp.pending')
conf = g_dionaea.config()['modules']['python']['nfq']
self.throttle_window = int(conf['throttle']['window'])
self.window = [[0,0] for x in range(self.throttle_window)]
self.throttle_nfaction = int(conf['nfaction'])
self.throttle_total = int(conf['throttle']['limits']['total'])
self.throttle_slot = int(conf['throttle']['limits']['slot'])
self.mirror_server_timeout_listen = int(
conf['timeouts']['server']['listen'])
self.mirror_client_timeout_idle = int(
conf['timeouts']['client']['idle'])
self.mirror_client_timeout_sustain= int(
conf['timeouts']['client']['sustain'])
def __init__(self):
logger.debug("nfqhandler")
ihandler.__init__(self, 'dionaea.connection.tcp.pending')
conf = g_dionaea.config()['modules']['python']['nfq']
self.throttle_window = int(conf['throttle']['window'])
self.window = [[0, 0] for x in range(self.throttle_window)]
self.throttle_nfaction = int(conf['nfaction'])
self.throttle_total = int(conf['throttle']['limits']['total'])
self.throttle_slot = int(conf['throttle']['limits']['slot'])
self.mirror_server_timeout_listen = int(
conf['timeouts']['server']['listen'])
self.mirror_client_timeout_idle = int(
conf['timeouts']['client']['idle'])
self.mirror_client_timeout_sustain = int(
conf['timeouts']['client']['sustain'])
def __init__(self, path, config=None):
logger.debug('hpfeedhandler init')
reconnect_timeout = config.get("reconnect_timeout")
if reconnect_timeout is None:
reconnect_timeout = self.default_reconnect_timeout
try:
reconnect_timeout = float(reconnect_timeout)
except (TypeError, ValueError) as e:
logger.warn(
"Unable to convert value '%s' for reconnect timeout to float" %
reconnect_timeout)
reconnect_timeout = self.default_reconnect_timeout
port = config.get("port")
if port is None:
port = self.default_port
try:
port = int(port)
except (TypeError, ValueError) as e:
logger.warn("Unable to convert value '%s' for port to int" % port)
port = self.default_port
self.client = hpclient(config['server'],
port,
config['ident'],
config['secret'],
reconnect_timeout=reconnect_timeout)
ihandler.__init__(self, path)
self.dynip_resolve = config.get('dynip_resolve', '')
self.dynip_timer = None
self.ownip = None
if isinstance(self.dynip_resolve,
str) and self.dynip_resolve.startswith("http"):
logger.debug('hpfeedihandler will use dynamic IP resolving!')
self.dynip_timer = Timer(
300,
self._dynip_resolve,
delay=2,
repeat=True,
)
self.dynip_timer.start()
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
mwsconfig = g_dionaea.config()['modules']['python']['submit_http']
self.backendurl = mwsconfig['url']
self.email = 'email' in mwsconfig and mwsconfig['email'] or '*****@*****.**'
self.user = '******' in mwsconfig and mwsconfig['user'] or ''
self.passwd = 'pass' in mwsconfig and mwsconfig['pass'] or ''
self.cookies = {}
# heartbeats
dinfo = g_dionaea.version()
self.software = 'dionaea {0} {1}/{2} - {3} {4}'.format(
dinfo['dionaea']['version'],
dinfo['compiler']['os'],
dinfo['compiler']['arch'],
dinfo['compiler']['date'],
dinfo['compiler']['time'],
)
self.loop = pyev.default_loop()
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.backendurl = config.get("url")
self.email = config.get("email")
self.user = config.get("user", "")
self.passwd = config.get("pass", "")
self.cookies = {}
# heartbeats
#dinfo = g_dionaea.version()
#self.software = 'dionaea {0} {1}/{2} - {3} {4}'.format(
# dinfo['dionaea']['version'],
# dinfo['compiler']['os'],
# dinfo['compiler']['arch'],
# dinfo['compiler']['date'],
# dinfo['compiler']['time'],
#)
self.loop = pyev.default_loop()
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.backendurl = config.get("url")
self.email = config.get("email")
self.user = config.get("user", "")
self.passwd = config.get("pass", "")
self.cookies = {}
# heartbeats
#dinfo = g_dionaea.version()
#self.software = 'dionaea {0} {1}/{2} - {3} {4}'.format(
# dinfo['dionaea']['version'],
# dinfo['compiler']['os'],
# dinfo['compiler']['arch'],
# dinfo['compiler']['date'],
# dinfo['compiler']['time'],
#)
self.loop = pyev.default_loop()
def __init__(self, path, config=None):
logger.debug("%s ready!", self.__class__.__name__)
ihandler.__init__(self, path)
self.path = path
self._config = config
self._connection_ids = {}
self.handlers = []
handlers = config.get("handlers")
if not isinstance(handlers, list) or len(handlers) == 0:
logger.warning("No handlers specified")
# Set empty list on error
handlers = []
for handler in handlers:
url = urlparse(handler)
for h in (FileHandler, HTTPHandler,):
if url.scheme in h.handle_schemes:
self.handlers.append(h(url=handler))
break
def __init__(self, path, config=None):
logger.debug("%s ready!", self.__class__.__name__)
ihandler.__init__(self, path)
self.path = path
self._config = config
self.handlers = []
self.connection_url_levels = {}
self.max_subdownloads = 20
from .handler import PowerShell, RawURL, VBScript
tmp_handlers = {}
for h in (PowerShell, RawURL, VBScript):
tmp_handlers[h.name] = h
tmp = config.get("max_subdownloads")
if isinstance(tmp, int):
self.max_subdownloads = tmp
enabled_handlers = config.get("enabled_handlers")
if not isinstance(enabled_handlers,
list) or len(enabled_handlers) == 0:
logger.warning("No handlers specified")
# Set empty list on error
enabled_handlers = []
handler_configs = config.get("handler_configs")
if not isinstance(handler_configs, dict):
handler_configs = {}
for handler_name in enabled_handlers:
h = tmp_handlers.get(handler_name)
if h is None:
logger.warning("Unable to load handler '%s'", handler_name)
continue
handler_config = handler_configs.get(handler_name)
if not isinstance(handler_config, dict):
handler_config = {}
self.handlers.append(h(config=handler_config))
def __init__(self, path, config=None):
logger.debug("%s ready!", self.__class__.__name__)
ihandler.__init__(self, path)
self.path = path
self._config = config
self._connection_ids = {}
self._disabled = False
self._collector_host = None
self._collector_port = None
self._zmq_context = zmq.Context()
if 'COLLECTOR_HOST' not in os.environ or 'COLLECTOR_PORT' not in os.environ:
print(
'Error: No HoneySens collector specified, logging module disabled'
)
self._disabled = True
else:
self._collector_host = os.environ['COLLECTOR_HOST']
self._collector_port = os.environ['COLLECTOR_PORT']
print('HoneySens collector available at tcp://{}:{}'.format(
self._collector_host, self._collector_port))
def __init__(self, path, config=None):
logger.debug("%s ready!", self.__class__.__name__)
ihandler.__init__(self, path)
self.path = path
self._config = config
self.handlers = []
self.connection_url_levels = {}
self.max_subdownloads = 20
from .handler import PowerShell, RawURL, VBScript
tmp_handlers = {}
for h in (PowerShell, RawURL,VBScript):
tmp_handlers[h.name] = h
tmp = config.get("max_subdownloads")
if isinstance(tmp, int):
self.max_subdownloads = tmp
enabled_handlers = config.get("enabled_handlers")
if not isinstance(enabled_handlers, list) or len(enabled_handlers) == 0:
logger.warning("No handlers specified")
# Set empty list on error
enabled_handlers = []
handler_configs = config.get("handler_configs")
if not isinstance(handler_configs, dict):
handler_configs = {}
for handler_name in enabled_handlers:
h = tmp_handlers.get(handler_name)
if h is None:
logger.warning("Unable to load handler '%s'", handler_name)
continue
handler_config = handler_configs.get(handler_name)
if not isinstance(handler_config, dict):
handler_config = {}
self.handlers.append(h(config=handler_config))
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
mwsconfig = g_dionaea.config()['modules']['python']['mwserv']
self.backendurl = mwsconfig['url']
self.maintainer = mwsconfig['maintainer']
self.guid = mwsconfig['guid']
self.secret = mwsconfig['secret']
self.cookies = {}
# heartbeats
dinfo = g_dionaea.version()
self.software = 'dionaea {0} {1}/{2} - {3} {4}'.format(
dinfo['dionaea']['version'],
dinfo['compiler']['os'],
dinfo['compiler']['arch'],
dinfo['compiler']['date'],
dinfo['compiler']['time'],
)
self.loop = pyev.default_loop()
self.heartbeat_timer = pyev.Timer(5., 120, self.loop, self._heartbeat)
self.heartbeat_timer.start()
def __init__(self, config=None):
logger.debug("nfqhandler")
ihandler.__init__(self, 'dionaea.connection.tcp.pending')
if config is None:
config = {}
config_throttle = config.get("throttle", {})
self.throttle_window = config_throttle.get("window", 30)
self.window = [[0, 0] for x in range(self.throttle_window)]
self.throttle_nfaction = config.get("nfaction", 0)
config_throttle_limits = config_throttle.get("limits", {})
self.throttle_total = config_throttle_limits.get("total", 30)
self.throttle_slot = config_throttle_limits.get("slot", 30)
config_timeouts = config.get("timeouts", {})
config_timeouts_client = config_timeouts.get("client", {})
self.mirror_client_timeout_idle = config_timeouts_client.get("idel", 10)
self.mirror_client_timeout_sustain = config_timeouts_client.get("sustain", 240)
config_timeouts_server = config_timeouts.get("server", {})
self.mirror_server_timeout_listen = config_timeouts_server.get("listen", 5)
def __init__(self, p0fpath):
logger.debug("p0fHandler")
ihandler.__init__(self, 'dionaea.connection.*')
self.p0fpath = p0fpath
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
def __init__(self, ifaces=None):
ihandler.__init__(self, "dionaea.*.addr.*")
self.ifaces = ifaces
self.services = []
self.daemons = {}
def __init__(self, config=None):
logger.debug("p0fHandler")
ihandler.__init__(self, 'dionaea.connection.*')
self.p0fpath = config.get("path")
def __init__(self, config):
logger.debug('hpfeedhandler init')
self.client = hpclient(config['server'], int(config['port']), config['ident'], config['secret'])
ihandler.__init__(self, '*')
def __init__(self):
ihandler.__init__(self, "dionaea.*.addr.*")
self.services = []
self.daemons = {}
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
dionaea_config = g_dionaea.config().get("dionaea")
self.download_dir = dionaea_config.get("download.dir")
def start(self):
ihandler.__init__(self, self.path)
# mapping socket -> attackid
self.attacks = {}
self.pending = {}
# self.dbh = sqlite3.connect(user = g_dionaea.config()['modules']['python']['logsql']['file'])
file = g_dionaea.config()['modules']['python']['logsql']['sqlite']['file']
self.dbh = sqlite3.connect(file)
self.cursor = self.dbh.cursor()
update = False
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
connections (
connection INTEGER PRIMARY KEY,
connection_type TEXT,
connection_transport TEXT,
connection_protocol TEXT,
connection_timestamp INTEGER,
connection_root INTEGER,
connection_parent INTEGER,
local_host TEXT,
local_port INTEGER,
remote_host TEXT,
remote_hostname TEXT,
remote_port INTEGER
)""")
self.cursor.execute("""CREATE TRIGGER IF NOT EXISTS connections_INSERT_update_connection_root_trg
AFTER INSERT ON connections
FOR EACH ROW
WHEN
new.connection_root IS NULL
BEGIN
UPDATE connections SET connection_root = connection WHERE connection = new.connection AND new.connection_root IS NULL;
END""")
for idx in ["type","timestamp","root","parent"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS connections_%s_idx
ON connections (connection_%s)""" % (idx, idx))
for idx in ["local_host","local_port","remote_host"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS connections_%s_idx
ON connections (%s)""" % (idx, idx))
# self.cursor.execute("""CREATE TABLE IF NOT EXISTS
# bistreams (
# bistream INTEGER PRIMARY KEY,
# connection INTEGER,
# bistream_data TEXT
# )""")
#
# self.cursor.execute("""CREATE TABLE IF NOT EXISTS
# smbs (
# smb INTEGER PRIMARY KEY,
# connection INTEGER,
# smb_direction TEXT,
# smb_action TEXT,
# CONSTRAINT smb_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
# )""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
dcerpcbinds (
dcerpcbind INTEGER PRIMARY KEY,
connection INTEGER,
dcerpcbind_uuid TEXT,
dcerpcbind_transfersyntax TEXT
-- CONSTRAINT dcerpcs_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["uuid","transfersyntax"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS dcerpcbinds_%s_idx
ON dcerpcbinds (dcerpcbind_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
dcerpcrequests (
dcerpcrequest INTEGER PRIMARY KEY,
connection INTEGER,
dcerpcrequest_uuid TEXT,
dcerpcrequest_opnum INTEGER
-- CONSTRAINT dcerpcs_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["uuid","opnum"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS dcerpcrequests_%s_idx
ON dcerpcrequests (dcerpcrequest_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
dcerpcservices (
dcerpcservice INTEGER PRIMARY KEY,
dcerpcservice_uuid TEXT,
dcerpcservice_name TEXT,
CONSTRAINT dcerpcservice_uuid_uniq UNIQUE (dcerpcservice_uuid)
)""")
from uuid import UUID
from dionaea.smb import rpcservices
import inspect
services = inspect.getmembers(rpcservices, inspect.isclass)
for name, servicecls in services:
if not name == 'RPCService' and issubclass(servicecls, rpcservices.RPCService):
try:
self.cursor.execute("INSERT INTO dcerpcservices (dcerpcservice_name, dcerpcservice_uuid) VALUES (?,?)",
(name, str(UUID(hex=servicecls.uuid))) )
except Exception as e:
# print("dcerpcservice %s existed %s " % (servicecls.uuid, e) )
pass
logger.info("Getting RPC Services")
r = self.cursor.execute("SELECT * FROM dcerpcservices")
# print(r)
names = [r.description[x][0] for x in range(len(r.description))]
r = [ dict(zip(names, i)) for i in r]
# print(r)
r = dict([(UUID(i['dcerpcservice_uuid']).hex,i['dcerpcservice']) for i in r])
# print(r)
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
dcerpcserviceops (
dcerpcserviceop INTEGER PRIMARY KEY,
dcerpcservice INTEGER,
dcerpcserviceop_opnum INTEGER,
dcerpcserviceop_name TEXT,
dcerpcserviceop_vuln TEXT,
CONSTRAINT dcerpcop_service_opnum_uniq UNIQUE (dcerpcservice, dcerpcserviceop_opnum)
)""")
logger.info("Setting RPC ServiceOps")
for name, servicecls in services:
if not name == 'RPCService' and issubclass(servicecls, rpcservices.RPCService):
for opnum in servicecls.ops:
op = servicecls.ops[opnum]
uuid = servicecls.uuid
vuln = ''
dcerpcservice = r[uuid]
if opnum in servicecls.vulns:
vuln = servicecls.vulns[opnum]
try:
self.cursor.execute("INSERT INTO dcerpcserviceops (dcerpcservice, dcerpcserviceop_opnum, dcerpcserviceop_name, dcerpcserviceop_vuln) VALUES (?,?,?,?)",
(dcerpcservice, opnum, op, vuln))
except:
# print("%s %s %s %s %s existed" % (dcerpcservice, uuid, name, op, vuln))
pass
# NetPathCompare was called NetCompare in dcerpcserviceops
try:
logger.debug("Trying to update table: dcerpcserviceops")
x = self.cursor.execute("""SELECT * FROM dcerpcserviceops WHERE dcerpcserviceop_name = 'NetCompare'""").fetchall()
if len(x) > 0:
self.cursor.execute("""UPDATE dcerpcserviceops SET dcerpcserviceop_name = 'NetPathCompare' WHERE dcerpcserviceop_name = 'NetCompare'""")
logger.debug("... done")
else:
logger.info("... not required")
except Exception as e:
print(e)
logger.info("... not required")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
emu_profiles (
emu_profile INTEGER PRIMARY KEY,
connection INTEGER,
emu_profile_json TEXT
-- CONSTRAINT emu_profiles_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
# fix a typo on emu_services table definition
# emu_services.emu_serive is wrong, should be emu_services.emu_service
# 1) rename table, create the proper table
try:
logger.debug("Trying to update table: emu_services")
self.cursor.execute("""SELECT emu_serivce FROM emu_services LIMIT 1""")
self.cursor.execute("""ALTER TABLE emu_services RENAME TO emu_services_old""")
update = True
except Exception as e:
logger.debug("... not required")
update = False
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
emu_services (
emu_serivce INTEGER PRIMARY KEY,
connection INTEGER,
emu_service_url TEXT
-- CONSTRAINT emu_services_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
# 2) copy all values to proper table, drop old table
try:
if update == True:
self.cursor.execute("""
INSERT INTO
emu_services (emu_service, connection, emu_service_url)
SELECT
emu_serivce, connection, emu_service_url
FROM emu_services_old""")
self.cursor.execute("""DROP TABLE emu_services_old""")
logger.debug("... done")
except Exception as e:
logger.debug("Updating emu_services failed, copying old table failed (%s)" % e)
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
offers (
offer INTEGER PRIMARY KEY,
connection INTEGER,
offer_url TEXT
-- CONSTRAINT offers_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
self.cursor.execute("""CREATE INDEX IF NOT EXISTS offers_url_idx ON offers (offer_url)""")
# fix a type on downloads table definition
# downloads.downloads is wrong, should be downloads.download
# 1) rename table, create the proper table
try:
logger.debug("Trying to update table: downloads")
self.cursor.execute("""SELECT downloads FROM downloads LIMIT 1""")
self.cursor.execute("""ALTER TABLE downloads RENAME TO downloads_old""")
update = True
except Exception as e:
# print(e)
logger.debug("... not required")
update = False
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
downloads (
download INTEGER PRIMARY KEY,
connection INTEGER,
download_url TEXT,
download_md5_hash TEXT
-- CONSTRAINT downloads_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
# 2) copy all values to proper table, drop old table
try:
if update == True:
self.cursor.execute("""
INSERT INTO
downloads (download, connection, download_url, download_md5_hash)
SELECT
downloads, connection, download_url, download_md5_hash
FROM downloads_old""")
self.cursor.execute("""DROP TABLE downloads_old""")
logger.debug("... done")
except Exeption as e:
logger.debug("Updating downloads failed, copying old table failed (%s)" % e)
for idx in ["url", "md5_hash"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS downloads_%s_idx
ON downloads (download_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
resolves (
resolve INTEGER PRIMARY KEY,
connection INTEGER,
resolve_hostname TEXT,
resolve_type TEXT,
resolve_result TEXT
)""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
p0fs (
p0f INTEGER PRIMARY KEY,
connection INTEGER,
p0f_genre TEXT,
p0f_link TEXT,
p0f_detail TEXT,
p0f_uptime INTEGER,
p0f_tos TEXT,
p0f_dist INTEGER,
p0f_nat INTEGER,
p0f_fw INTEGER
-- CONSTRAINT p0fs_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["genre","detail","uptime"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS p0fs_%s_idx
ON p0fs (p0f_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
logins (
login INTEGER PRIMARY KEY,
connection INTEGER,
login_username TEXT,
login_password TEXT
-- CONSTRAINT logins_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["username","password"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS logins_%s_idx
ON logins (login_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
mssql_fingerprints (
mssql_fingerprint INTEGER PRIMARY KEY,
connection INTEGER,
mssql_fingerprint_hostname TEXT,
mssql_fingerprint_appname TEXT,
mssql_fingerprint_cltintname TEXT
-- CONSTRAINT mssql_fingerprints_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["hostname","appname","cltintname"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS mssql_fingerprints_%s_idx
ON mssql_fingerprints (mssql_fingerprint_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
mssql_commands (
mssql_command INTEGER PRIMARY KEY,
connection INTEGER,
mssql_command_status TEXT,
mssql_command_cmd TEXT
-- CONSTRAINT mssql_commands_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["status"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS mssql_commands_%s_idx
ON mssql_commands (mssql_command_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS virustotals (
virustotal INTEGER PRIMARY KEY,
virustotal_md5_hash TEXT NOT NULL,
virustotal_timestamp INTEGER NOT NULL,
virustotal_permalink TEXT NOT NULL
)""")
for idx in ["md5_hash"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS virustotals_%s_idx
ON virustotals (virustotal_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS virustotalscans (
virustotalscan INTEGER PRIMARY KEY,
virustotal INTEGER NOT NULL,
virustotalscan_scanner TEXT NOT NULL,
virustotalscan_result TEXT
)""")
for idx in ["scanner","result"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS virustotalscans_%s_idx
ON virustotalscans (virustotalscan_%s)""" % (idx, idx))
self.cursor.execute("""CREATE INDEX IF NOT EXISTS virustotalscans_virustotal_idx
ON virustotalscans (virustotal)""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
mysql_commands (
mysql_command INTEGER PRIMARY KEY,
connection INTEGER,
mysql_command_cmd NUMBER NOT NULL
-- CONSTRAINT mysql_commands_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
mysql_command_args (
mysql_command_arg INTEGER PRIMARY KEY,
mysql_command INTEGER,
mysql_command_arg_index NUMBER NOT NULL,
mysql_command_arg_data TEXT NOT NULL
-- CONSTRAINT mysql_commands_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["command"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS mysql_command_args_%s_idx
ON mysql_command_args (mysql_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
mysql_command_ops (
mysql_command_op INTEGER PRIMARY KEY,
mysql_command_cmd INTEGER NOT NULL,
mysql_command_op_name TEXT NOT NULL,
CONSTRAINT mysql_command_cmd_uniq UNIQUE (mysql_command_cmd)
)""")
from dionaea.mysql.include.packets import MySQL_Commands
logger.info("Setting MySQL Command Ops")
for num,name in MySQL_Commands.items():
try:
self.cursor.execute("INSERT INTO mysql_command_ops (mysql_command_cmd, mysql_command_op_name) VALUES (?,?)",
(num, name))
except:
pass
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
sip_commands (
sip_command INTEGER PRIMARY KEY,
connection INTEGER,
sip_command_method ,
sip_command_call_id ,
sip_command_user_agent ,
sip_command_allow INTEGER
-- CONSTRAINT sip_commands_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
sip_addrs (
sip_addr INTEGER PRIMARY KEY,
sip_command INTEGER,
sip_addr_type ,
sip_addr_display_name,
sip_addr_uri_scheme,
sip_addr_uri_user,
sip_addr_uri_password,
sip_addr_uri_host,
sip_addr_uri_port
-- CONSTRAINT sip_addrs_command_fkey FOREIGN KEY (sip_command) REFERENCES sip_commands (sip_command)
)""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
sip_vias (
sip_via INTEGER PRIMARY KEY,
sip_command INTEGER,
sip_via_protocol,
sip_via_address,
sip_via_port
-- CONSTRAINT sip_vias_command_fkey FOREIGN KEY (sip_command) REFERENCES sip_commands (sip_command)
)""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
sip_sdp_origins (
sip_sdp_origin INTEGER PRIMARY KEY,
sip_command INTEGER,
sip_sdp_origin_username,
sip_sdp_origin_sess_id,
sip_sdp_origin_sess_version,
sip_sdp_origin_nettype,
sip_sdp_origin_addrtype,
sip_sdp_origin_unicast_address
-- CONSTRAINT sip_sdp_origins_fkey FOREIGN KEY (sip_command) REFERENCES sip_commands (sip_command)
)""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
sip_sdp_connectiondatas (
sip_sdp_connectiondata INTEGER PRIMARY KEY,
sip_command INTEGER,
sip_sdp_connectiondata_nettype,
sip_sdp_connectiondata_addrtype,
sip_sdp_connectiondata_connection_address,
sip_sdp_connectiondata_ttl,
sip_sdp_connectiondata_number_of_addresses
-- CONSTRAINT sip_sdp_connectiondatas_fkey FOREIGN KEY (sip_command) REFERENCES sip_commands (sip_command)
)""")
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
sip_sdp_medias (
sip_sdp_media INTEGER PRIMARY KEY,
sip_command INTEGER,
sip_sdp_media_media,
sip_sdp_media_port,
sip_sdp_media_number_of_ports,
sip_sdp_media_proto
-- sip_sdp_media_fmt,
-- sip_sdp_media_attributes
-- CONSTRAINT sip_sdp_medias_fkey FOREIGN KEY (sip_command) REFERENCES sip_commands (sip_command)
)""")
# self.cursor.execute("""CREATE TABLE IF NOT EXISTS
# httpheaders (
# httpheader INTEGER PRIMARY KEY,
# connection INTEGER,
# http_headerkey TEXT,
# http_headervalue TEXT,
# -- CONSTRAINT httpheaders_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
# )""")
#
# for idx in ["headerkey","headervalue"]:
# self.cursor.execute("""CREATE INDEX IF NOT EXISTS httpheaders_%s_idx
# ON httpheaders (httpheader_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
mqtt_fingerprints (
mqtt_fingerprint INTEGER PRIMARY KEY,
connection INTEGER,
mqtt_fingerprint_clientid TEXT,
mqtt_fingerprint_willtopic TEXT,
mqtt_fingerprint_willmessage TEXT,
mqtt_fingerprint_username TEXT,
mqtt_fingerprint_password TEXT
-- CONSTRAINT mqtt_fingerprints_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["clientid","willtopic","willmessage", "username", "password"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS mqtt_fingerprints_%s_idx
ON mqtt_fingerprints (mqtt_fingerprint_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
mqtt_publish_commands (
mqtt_publish_command INTEGER PRIMARY KEY,
connection INTEGER,
mqtt_publish_command_topic TEXT,
mqtt_publish_command_message TEXT
-- CONSTRAINT mqtt_publish_commands_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["topic", "message"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS mqtt_publish_commands_%s_idx
ON mqtt_publish_commands (mqtt_publish_command_%s)""" % (idx, idx))
self.cursor.execute("""CREATE TABLE IF NOT EXISTS
mqtt_subscribe_commands (
mqtt_subscribe_command INTEGER PRIMARY KEY,
connection INTEGER,
mqtt_subscribe_command_messageid TEXT,
mqtt_subscribe_command_topic TEXT
-- CONSTRAINT mqtt_subscribe_commands_connection_fkey FOREIGN KEY (connection) REFERENCES connections (connection)
)""")
for idx in ["messageid", "topic"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS mqtt_subscribe_commands_%s_idx
ON mqtt_subscribe_commands (mqtt_subscribe_command_%s)""" % (idx, idx))
# connection index for all
for idx in ["dcerpcbinds", "dcerpcrequests", "emu_profiles", "emu_services", "offers", "downloads", "p0fs", "logins", "mssql_fingerprints", "mssql_commands","mysql_commands","sip_commands", "mqtt_fingerprints", "mqtt_publish_commands", "mqtt_subscribe_commands"]:
self.cursor.execute("""CREATE INDEX IF NOT EXISTS %s_connection_idx ON %s (connection)""" % (idx, idx))
self.dbh.commit()
# updates, database schema corrections for old versions
# svn rev 2143 removed the table dcerpcs
# and created the table dcerpcrequests
#
# copy the data to the new table dcerpcrequests
# drop the old table
try:
logger.debug("Updating Table dcerpcs")
self.cursor.execute("""INSERT INTO
dcerpcrequests (connection, dcerpcrequest_uuid, dcerpcrequest_opnum)
SELECT
connection, dcerpc_uuid, dcerpc_opnum
FROM
dcerpcs""")
self.cursor.execute("""DROP TABLE dcerpcs""")
logger.debug("... done")
except Exception as e:
# print(e)
logger.debug("... not required")
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.username = g_dionaea.config()["modules"]["python"]["malwarelu"]["username"]
self.password = g_dionaea.config()["modules"]["python"]["malwarelu"]["password"]
self.m = MalwareLu(self.username, self.password)
