def __init__(self, path): logger.debug("%s ready!" % (self.__class__.__name__)) ihandler.__init__(self, path) self.apikey = g_dionaea.config( )['modules']['python']['virustotal']['apikey'] self.cookies = {} self.loop = pyev.default_loop() self.backlog_timer = pyev.Timer(0, 20, self.loop, self.__handle_backlog_timeout) self.backlog_timer.start() p = g_dionaea.config()['modules']['python']['virustotal']['file'] self.dbh = sqlite3.connect(p) self.cursor = self.dbh.cursor() self.cursor.execute(""" CREATE TABLE IF NOT EXISTS backlogfiles ( backlogfile INTEGER PRIMARY KEY, status TEXT NOT NULL, -- new, submit, query, comment md5_hash TEXT NOT NULL, path TEXT NOT NULL, timestamp INTEGER NOT NULL, scan_id TEXT, lastcheck_time INTEGER, submit_time INTEGER );""")
def __init__(self, path, config=None): logger.debug('hpfeedhandler init') port = config.get("port") if port is None: port = self.default_port try: port = int(port) except (TypeError, ValueError): logger.warning("Unable to convert value '%s' for port to int" % port) port = self.default_port self.client = hpfeeds.client.new(config['server'], port, config['ident'], config['secret']) ihandler.__init__(self, path) self.tags = config['tags'] logger.debug('Set tags to: {}'.format(self.tags)) self.dynip_resolve = config.get('dynip_resolve', '') self.dynip_timer = None self.ownip = None if isinstance(self.dynip_resolve, str) and self.dynip_resolve.startswith("http"): if pyev is None: logger.debug( 'You are missing the python pyev binding in your dionaea installation.' ) else: logger.debug('hpfeedihandler will use dynamic IP resolving!') self.loop = pyev.default_loop() self.dynip_timer = pyev.Timer(2., 300, self.loop, self._dynip_resolve) self.dynip_timer.start()
def __init__(self, path, config=None): logger.debug("%s ready!" % (self.__class__.__name__)) ihandler.__init__(self, path) self.apikey = config.get("apikey") comment = config.get("comment") if comment is None: comment = "This sample was captured in the wild and uploaded by the dionaea honeypot.\n#honeypot #malware #networkworm" self.comment = comment self.cookies = {} self.loop = pyev.default_loop() self.backlog_timer = pyev.Timer(0, 20, self.loop, self.__handle_backlog_timeout) self.backlog_timer.start() p = config.get("file") self.dbh = sqlite3.connect(p) self.cursor = self.dbh.cursor() self.cursor.execute(""" CREATE TABLE IF NOT EXISTS backlogfiles ( backlogfile INTEGER PRIMARY KEY, status TEXT NOT NULL, -- new, submit, query, comment md5_hash TEXT NOT NULL, path TEXT NOT NULL, timestamp INTEGER NOT NULL, scan_id TEXT, lastcheck_time INTEGER, submit_time INTEGER );""")
def __init__(self, proto, call_id, session, invite_message): logger.debug("{!s} __init__".format(self)) logger.debug("SipCall {} session {} ".format(self, session)) connection.__init__(self, proto) # Store incoming information of the remote host self.__session = session self.__state = SipCall.SESSION_SETUP self.__msg = invite_message # list of messages self._msg_stack = [] self.__call_id = invite_message.headers.get(b"call-id").value self._call_id = call_id self._rtp_streams = {} self.local.host = self.__session.local.host self.local.port = self.__session.local.port self.remote.host = self.__session.remote.host self.remote.port = self.__session.remote.port user = self.__msg.headers.get(b"to").get_raw().uri.user self._user = g_sipconfig.get_user_by_username( self.__session.personality, user) # fake a connection entry i = incident("dionaea.connection.udp.connect") i.con = self i.report() global _SipCall_sustain_timeout # Global timers self._timers = { "idle": pyev.Timer(60.0, 60.0, g_default_loop, self.__handle_timeout_idle), "invite_handler": pyev.Timer(5.0, 0.0, g_default_loop, self.__handle_invite), } self._timers["idle"].start()
def start(cls, addr, iface=None, config=None): daemons = [] for proto in ("tcp", "tls", "udp"): ports = config.get("%s_ports" % proto) if ports is None: continue for port in ports: daemon = SipSession(proto=proto, config=config) daemon.bind(addr, port, iface=iface) daemon.listen() daemons.append(daemon) if len(daemons) > 0: global g_timer_cleanup if g_timer_cleanup is None: g_timer_cleanup = pyev.Timer(60.0, 60.0, g_default_loop, cleanup) g_timer_cleanup.start() else: logger.debug("Cleanup loop already started!") return daemons
def __init__(self, path, config=None): logger.debug('hpfeedhandler init') self.client = hpclient(config['server'], int(config['port']), config['ident'], config['secret']) ihandler.__init__(self, path) self.dynip_resolve = config.get('dynip_resolve', '') self.dynip_timer = None self.ownip = None if self.dynip_resolve and 'http' in self.dynip_resolve: if pyev is None: logger.debug( 'You are missing the python pyev binding in your dionaea installation.' ) else: logger.debug('hpfeedihandler will use dynamic IP resolving!') self.loop = pyev.default_loop() self.dynip_timer = pyev.Timer(2., 300, self.loop, self._dynip_resolve) self.dynip_timer.start()
def __init__(self, path): logger.debug("%s ready!" % (self.__class__.__name__)) ihandler.__init__(self, path) mwsconfig = g_dionaea.config()['modules']['python']['mwserv'] self.backendurl = mwsconfig['url'] self.maintainer = mwsconfig['maintainer'] self.guid = mwsconfig['guid'] self.secret = mwsconfig['secret'] self.cookies = {} # heartbeats dinfo = g_dionaea.version() self.software = 'dionaea {0} {1}/{2} - {3} {4}'.format( dinfo['dionaea']['version'], dinfo['compiler']['os'], dinfo['compiler']['arch'], dinfo['compiler']['date'], dinfo['compiler']['time'], ) self.loop = pyev.default_loop() self.heartbeat_timer = pyev.Timer(5., 120, self.loop, self._heartbeat) self.heartbeat_timer.start()
# Dictionary with SIP sessions (key is Call-ID) g_call_ids = {} def cleanup(watcher, events): logger.debug("Cleanup") # remove closed calls for key in list(g_call_ids.keys()): if g_call_ids[key] is None: del g_call_ids[key] g_timer_cleanup = pyev.Timer(60.0, 60.0, g_default_loop, cleanup) g_timer_cleanup.start() ######### # Classes ######### class SIPService(ServiceLoader): name = "sip" @classmethod def start(cls, addr, iface=None): daemons = [] for proto in ("tcp", "tls", "udp"): if proto not in g_dionaea.config()['modules']['python']['sip']: