def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
#logging.debug(MaltegoXML_in)
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
drone='%'
now=datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields :
start_time=m.AdditionalFields['start_time']
end_time=m.AdditionalFields['end_time']
else:
start_time=now+datetime.timedelta(seconds=-lookback)
end_time=now+datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now=now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time=start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time=end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location=m.AdditionalFields['location']
else:
location="%"
if 'properties.drone' in m.AdditionalFields:
drone=m.AdditionalFields['properties.drone']
cursor.execute("SELECT domain, COUNT(*) FROM (SELECT domain, client_ip FROM squid_logs GROUP BY domain, client_ip) AS x GROUP BY domain")
results=cursor.fetchall()
for row in results:
num=-1
domain="f**k unicode"
try:
domain=row[0].encode('utf8','xmlcharrefreplace')
num=row[1]
except Exception,e:
logging.debug(e)
NewEnt=TRX.addEntity("Domain", domain);
NewEnt.addAdditionalFields("num","Number","strict",num)
NewEnt.addAdditionalFields("domain","domain","strict",domain)
NewEnt.setWeight(num)
#NewEnt.addAdditionalFields("drone","drone","strict",drone)
#NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start)
#NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end)
#NewEnt.addAdditionalFields("location","location","strict",location)
#NewEnt.addAdditionalFields("run_id","run_id","strict",run_id)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
if 'mac' in m.AdditionalFields:
mac=m.AdditionalFields['mac']
logging.debug(mac)
cursor.execute("SELECT DISTINCT ua FROM squid_logs,dhcp_leases WHERE squid_logs.client_ip=dhcp_leases.ip AND dhcp_leases.mac=%s", (mac))
results=cursor.fetchall()
for row in results:
ua=row[0].encode('utf8','xmlcharrefreplace')
NewEnt=TRX.addEntity("snoopy.useragent", ua);
# NewEnt.addAdditionalFields("start_time","Start time", "strict", start_time)
# NewEnt.addAdditionalFields("end_time","End time", "strict", end_time)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
if 'mac' in m.AdditionalFields:
mac = m.AdditionalFields['mac']
logging.debug(mac)
cursor.execute(
"SELECT DISTINCT ua FROM squid_logs,dhcp_leases WHERE squid_logs.client_ip=dhcp_leases.ip AND dhcp_leases.mac=%s",
(mac))
results = cursor.fetchall()
for row in results:
ua = row[0].encode('utf8', 'xmlcharrefreplace')
NewEnt = TRX.addEntity("snoopy.useragent", ua)
# NewEnt.addAdditionalFields("start_time","Start time", "strict", start_time)
# NewEnt.addAdditionalFields("end_time","End time", "strict", end_time)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
#logging.debug(MaltegoXML_in)
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
drone = '%'
now = datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields:
start_time = m.AdditionalFields['start_time']
end_time = m.AdditionalFields['end_time']
else:
start_time = now + datetime.timedelta(seconds=-lookback)
end_time = now + datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now = now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time = start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time = end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location = m.AdditionalFields['location']
else:
location = "%"
if 'properties.drone' in m.AdditionalFields:
drone = m.AdditionalFields['properties.drone']
cursor.execute(
"SELECT country,count(*) FROM wigle GROUP BY country HAVING country != ''"
)
results = cursor.fetchall()
for row in results:
country = "f**k unicode"
num = -1
try:
#country=row[0].decode('raw_unicode_escape').encode('ascii','xmlcharrefreplace')
country = row[0].encode('utf8', 'xmlcharrefreplace')
num = row[1]
except Exception, e:
logging.debug(e)
NewEnt = TRX.addEntity("maltego.Location", country)
NewEnt.addAdditionalFields("num", "Number", "strict", num)
NewEnt.addAdditionalFields("country", "country", "strict", country)
NewEnt.setWeight(num)
#NewEnt.addAdditionalFields("drone","drone","strict",drone)
#NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start)
#NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end)
#NewEnt.addAdditionalFields("location","location","strict",location)
#NewEnt.addAdditionalFields("run_id","run_id","strict",run_id)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> "":
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
# logging.debug(m.AdditionalFields['end_time'])
# cursor.execute("SELECT DISTINCT device_mac,vendor_short FROM probes,mac_vendor WHERE SUBSTRING(device_mac,1,6) = mac AND timestamp > %s AND timestamp < %s LIMIT 100", (start_time,end_time))
cursor.execute(
"SELECT DISTINCT(t1.device_mac),t1.location,t1.monitor_id FROM probes t1 INNER JOIN probes t2 ON t1.device_mac = t2.device_mac WHERE t1.location LIKE 'vegas%' AND t2.location = '44con'"
)
results = cursor.fetchall()
logging.debug("Observed %d clients" % len(results))
try:
for row in results:
mac = row[0]
NewEnt = TRX.addEntity("snoopy.Client", mac)
NewEnt.addAdditionalFields("mac", "mac address", "strict", row[0])
# NewEnt.addAdditionalFields("start_time", "start_time", "strict",start_time)
# NewEnt.addAdditionalFields("end_time","end_time", "strict",end_time)
except Exception, e:
logging.debug("Exception from fetchClients.py:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
# logging.debug(m.AdditionalFields['end_time'])
#cursor.execute("SELECT DISTINCT device_mac,vendor_short FROM probes,mac_vendor WHERE SUBSTRING(device_mac,1,6) = mac AND timestamp > %s AND timestamp < %s LIMIT 100", (start_time,end_time))
cursor.execute(
"SELECT DISTINCT(t1.device_mac),t1.location,t1.monitor_id FROM probes t1 INNER JOIN probes t2 ON t1.device_mac = t2.device_mac WHERE t1.location LIKE 'vegas%' AND t2.location = '44con'"
)
results = cursor.fetchall()
logging.debug("Observed %d clients" % len(results))
try:
for row in results:
mac = row[0]
NewEnt = TRX.addEntity("snoopy.Client", mac)
NewEnt.addAdditionalFields("mac", "mac address", "strict",
row[0])
# NewEnt.addAdditionalFields("start_time", "start_time", "strict",start_time)
# NewEnt.addAdditionalFields("end_time","end_time", "strict",end_time)
except Exception, e:
logging.debug("Exception from fetchClients.py:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
#logging.debug(MaltegoXML_in)
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
drone = '%'
now = datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields:
start_time = m.AdditionalFields['start_time']
end_time = m.AdditionalFields['end_time']
else:
start_time = now + datetime.timedelta(seconds=-lookback)
end_time = now + datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now = now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time = start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time = end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location = m.AdditionalFields['location']
else:
location = "%"
if 'properties.drone' in m.AdditionalFields:
drone = m.AdditionalFields['properties.drone']
cursor.execute(
"SELECT ua, COUNT(*) FROM (SELECT ua, client_ip FROM squid_logs GROUP BY ua, client_ip) AS x GROUP BY ua"
)
results = cursor.fetchall()
for row in results:
num = -1
ua = "f**k unicode"
try:
ua = row[0].encode('utf8', 'xmlcharrefreplace')
num = row[1]
except Exception, e:
logging.debug(e)
NewEnt = TRX.addEntity("snoopy.useragent", ua)
NewEnt.addAdditionalFields("num", "Number", "strict", num)
NewEnt.addAdditionalFields("useragent", "useragent", "strict", ua)
NewEnt.setWeight(num)
#NewEnt.addAdditionalFields("drone","drone","strict",drone)
#NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start)
#NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end)
#NewEnt.addAdditionalFields("location","location","strict",location)
#NewEnt.addAdditionalFields("run_id","run_id","strict",run_id)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
#logging.debug(MaltegoXML_in)
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
drone='%'
now=datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields :
start_time=m.AdditionalFields['start_time']
end_time=m.AdditionalFields['end_time']
else:
start_time=now+datetime.timedelta(seconds=-lookback)
end_time=now+datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now=now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time=start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time=end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location=m.AdditionalFields['location']
else:
location="%"
if 'properties.drone' in m.AdditionalFields:
drone=m.AdditionalFields['properties.drone']
# logging.debug("SELECT DISTINCT location FROM probes WHERE timestamp > '%s' AND timestamp < '%s' AND monitor_id LIKE '%s'" %(start_time,end_time,drone))
# cursor.execute("SELECT DISTINCT location FROM probes WHERE timestamp > %s AND timestamp < %s AND monitor_id LIKE %s", (start_time,end_time,drone))
logging.debug("SELECT location,MIN(timestamp),MAX(timestamp),run_id FROM probes WHERE timestamp > '%s' AND timestamp < '%s' AND monitor_id LIKE '%s' GROUP BY location"% (start_time,end_time,drone))
cursor.execute("SELECT location,MIN(timestamp),MAX(timestamp),run_id FROM probes WHERE timestamp > %s AND timestamp < %s AND monitor_id LIKE %s GROUP BY location", (start_time,end_time,drone))
results=cursor.fetchall()
for row in results:
location,start,end,run_id=row[0],row[1].strftime("%Y-%m-%d %H:%M:%S.0"),row[2].strftime("%Y-%m-%d %H:%M:%S.0"),row[3]
logging.debug("SE / ET - %s / %s" %(start,end))
NewEnt=TRX.addEntity("snoopy.DroneLocation", location);
NewEnt.addAdditionalFields("drone","drone","strict",drone)
NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start)
NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end)
NewEnt.addAdditionalFields("location","location","strict",location)
NewEnt.addAdditionalFields("run_id","run_id","strict",run_id)
TRX.returnOutput()
def do_prox():
cursor = stawk_db.dbconnect()
cursor.execute(
"SELECT device_mac FROM probes WHERE 1 GROUP BY device_mac HAVING SUM(CASE WHEN proximity_session IS NULL AND timestamp IS NOT NULL THEN 1 ELSE 0 END)>0"
)
macs = cursor.fetchall()
if (len(macs) > 0):
logging.info(
"%d devices probing. Grouping into proximity sessions..." %
len(macs))
for row in macs:
curr_mac = row[0]
first_row = None
cursor.execute(
"SELECT DISTINCT unix_timestamp(timestamp),proximity_session FROM probes where device_mac=%s AND timestamp IS NOT NULL ORDER BY unix_timestamp(timestamp)",
curr_mac)
results = cursor.fetchall()
#Unusual case when only one result
if (len(results) == 1):
cursor.execute(
"UPDATE probes SET proximity_session=%s WHERE device_mac=%s",
(getGuid(), curr_mac))
else:
# Find first null prox session, and start from the entry before it.
start_from = 0
while (start_from < len(results) - 1
and results[start_from][1] != None):
start_from += 1
if (start_from > 0):
start_from -= 1
prev_prox = results[start_from][1]
else:
prev_prox = getGuid()
start_from += 1
prev_ts = results[start_from - 1][0]
for r in range(start_from, len(results)):
special_flag = True
timestamp = results[r][0]
if ((results[r - 1][0] + proximity_buffer) < timestamp):
cursor.execute(
"UPDATE probes SET proximity_session=%s WHERE device_mac=%s AND unix_timestamp(timestamp)>=%s AND unix_timestamp(timestamp) <%s",
(prev_prox, curr_mac, prev_ts, timestamp))
prev_prox = getGuid()
prev_ts = timestamp
special_flag = False
else:
pass
if (results[r][1] == None or special_flag):
cursor.execute(
"UPDATE probes SET proximity_session=%s WHERE device_mac=%s AND unix_timestamp(timestamp)>=%s AND unix_timestamp(timestamp) <=%s",
(prev_prox, curr_mac, prev_ts, timestamp))
def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
logging.debug("Here we go")
for item in m.TransformSettings.keys():
logging.debug("N:"+item+" V:"+m.TransformSettings[item])
# logging.debug(MaltegoXML_in)
radius="5" #miles
lat=m.AdditionalFields['lat']
lng=m.AdditionalFields['long']
if 'radius' in m.AdditionalFields:
radius=m.AdditionalFields
logging.debug("Tweep cords to search - %s,%s (%s miles)" %(lat,lng,radius))
r=requests.get("https://search.twitter.com/search.json?q=geocode:%s,%s,%smi"%(lat,lng,radius))
tw=json.loads(r.text)
logging.debug("Tweep results - %d"%len(tw['results']))
for tweep in tw['results']:
name=tweep['from_user_name'].encode('utf8','xmlcharrefreplace')
username=tweep['from_user'].encode('utf8','xmlcharrefreplace')
uid=tweep['from_user_id_str'].encode('utf8','xmlcharrefreplace')
recent_tweet=tweep['text'].encode('utf8','xmlcharrefreplace')
img=tweep['profile_image_url'].encode('utf8','xmlcharrefreplace')
profile_page="http://twitter.com/%s"%username
largephoto=re.sub('_normal','',img)
NewEnt=TRX.addEntity("maltego.affiliation.Twitter", name)
NewEnt.addAdditionalFields("uid","UID","strict",uid)
NewEnt.addAdditionalFields("affiliation.profile-url","Profile URL","strict",profile_page)
NewEnt.addAdditionalFields("twitter.screen-name","Screen Name","strict",username)
NewEnt.addAdditionalFields("person.fullname","Real Name","strict",name)
NewEnt.addAdditionalFields("photo","Photo","nostrict",largephoto)
NewEnt.addAdditionalFields("tweet","Recent Tweet","nostrict",recent_tweet)
NewEnt.setIconURL(img)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
fb_view_url = None
try:
p = os.path.dirname(os.path.realpath(__file__))
f = open("%s/../setup/webroot_guid.txt" % p, "r")
fb_view_url = f.readline().strip() + "/web_data/facebook/"
except:
logging.debug(
"Warning: Couldn't determind streetview webserver folder")
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
cursor.execute(
"SELECT id,name,gender,locale,network,link,degree FROM facebook where degree=0"
)
results = cursor.fetchall()
for row in results:
id, name, gender, locale, network, link, degree = row[0], row[
1], row[2], row[3], row[4], row[5], row[6]
NewEnt = TRX.addEntity("maltego.FacebookObject", name)
NewEnt.addAdditionalFields("id", "id", "nostrict", id)
NewEnt.addAdditionalFields("gender", "gender", "nostrict",
gender)
NewEnt.addAdditionalFields("locale", "locale", "nostrict",
locale)
NewEnt.addAdditionalFields("network", "network", "nostrict",
network)
NewEnt.addAdditionalFields("link", "link", "nostrict", link)
NewEnt.addAdditionalFields("degree", "degree", "nostrict",
degree)
logging.debug("Facebook profile photo - %s/%s/profile.jpg" %
(fb_view_url, id))
if (fb_view_url != None):
NewEnt.addAdditionalFields(
"facebook_profile_photo", "Profile", "strict",
"%s/%s/profile.jpg" % (fb_view_url, id))
NewEnt.setIconURL("%s/%s/profile.jpg" % (fb_view_url, id))
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main(searchdir):
global cursor
while True:
cursor = stawk_db.dbconnect()
try:
logging.info("Staring database population engine")
l = LogWatcher(searchdir, files, callback)
l.loop()
except Exception, e:
logging.error("Exception!")
logging.error(e)
time.sleep(5)
def main():
logging.info("Starting Wigle GeoLocator")
cursor = stawk_db.dbconnect()
while Flag:
cursor.execute("SELECT DISTINCT probe_ssid FROM probes WHERE probe_ssid != '' AND probe_ssid NOT LIKE '%\\\\\\%' AND probe_ssid NOT IN (SELECT DISTINCT ssid from wigle) ORDER BY PRIORITY")
result=cursor.fetchall()
if(len(result) > 0):
logging.info("Looking up address for %d SSIDs" %len(result))
for r in result:
if r[0] in bad_ssids and bad_ssids[r[0]] > 4:
logging.info("Ignoring bad SSID '%s' after %d failed lookups"%(r[0],bad_ssids[r[0]]))
cursor.execute("INSERT INTO wigle (ssid,overflow) VALUES (%s,-2)",(ssid))
else:
locations=fetchLocations(r[0])
if locations == None:
logging.info("Wigle account has been shunned, backing off for 20 minutes")
time.sleep(60*20)
elif 'error' in locations:
logging.info("An error occured, will retry in 60 seconds (%s)" %locations['error'])
if r[0] not in bad_ssids:
bad_ssids[r[0]]=0
bad_ssids[r[0]]+=1
#print bad_ssids
time.sleep(60)
else:
for l in locations:
country,code,address="","",""
if( 'country' in l['ga'] ):
country=l['ga']['country']
if( 'code' in l['ga'] ):
code=l['ga']['code']
if( 'address' in l['ga'] ):
address=l['ga']['address']
ssid=l['ssid']
g_long=l['long']
g_lat=l['lat']
mac=re.sub(':','',l['mac'])
last_seen=l['last_seen']
overflow=l['overflow']
# logging.info("INSERT INTO wigle (ssid,mac,gps_lat,gps_long,last_update,overflow, country,code,address) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')"%(ssid,mac,g_lat,g_long,last_seen,overflow,country,code,address))
cursor.execute("INSERT INTO wigle (ssid,mac,gps_lat,gps_long,last_update,overflow, country,code,address) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s)",(ssid,mac,g_lat,g_long,last_seen,overflow,country,code,address))
# print locations
time.sleep(5)
def main(searchdir):
global cursor
while True:
cursor=stawk_db.dbconnect()
try:
logging.info("Staring database population engine")
l = LogWatcher(searchdir,files, callback)
l.loop()
except Exception, e:
logging.error("Exception!")
logging.error(e)
time.sleep(5)
def main():
fb_view_url=None
try:
p=os.path.dirname(os.path.realpath(__file__))
f=open("%s/../setup/webroot_guid.txt"%p,"r")
fb_view_url=f.readline().strip() + "/web_data/facebook/"
except:
logging.debug("Warning: Couldn't determind streetview webserver folder")
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
cursor.execute("SELECT id,name,gender,locale,network,link,degree FROM facebook where degree=0")
results=cursor.fetchall()
for row in results:
id,name,gender,locale,network,link,degree=row[0],row[1],row[2],row[3],row[4],row[5],row[6]
NewEnt=TRX.addEntity("maltego.FacebookObject",name)
NewEnt.addAdditionalFields("id","id","nostrict",id)
NewEnt.addAdditionalFields("gender","gender","nostrict",gender)
NewEnt.addAdditionalFields("locale","locale","nostrict",locale)
NewEnt.addAdditionalFields("network","network","nostrict",network)
NewEnt.addAdditionalFields("link","link","nostrict",link)
NewEnt.addAdditionalFields("degree","degree","nostrict",degree)
logging.debug("Facebook profile photo - %s/%s/profile.jpg" % (fb_view_url,id))
if( fb_view_url != None):
NewEnt.addAdditionalFields("facebook_profile_photo","Profile","strict","%s/%s/profile.jpg"%(fb_view_url,id))
NewEnt.setIconURL("%s/%s/profile.jpg" % (fb_view_url,id))
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def do_prox():
cursor=stawk_db.dbconnect()
cursor.execute("SELECT device_mac FROM probes WHERE 1 GROUP BY device_mac HAVING SUM(CASE WHEN proximity_session IS NULL AND timestamp IS NOT NULL THEN 1 ELSE 0 END)>0")
macs=cursor.fetchall()
if( len(macs) > 0):
logging.info("%d devices probing. Grouping into proximity sessions..." %len(macs))
for row in macs:
curr_mac=row[0]
first_row=None
cursor.execute("SELECT DISTINCT unix_timestamp(timestamp),proximity_session FROM probes where device_mac=%s AND timestamp IS NOT NULL ORDER BY unix_timestamp(timestamp)",curr_mac)
results=cursor.fetchall()
#Unusual case when only one result
if(len(results) == 1):
cursor.execute("UPDATE probes SET proximity_session=%s WHERE device_mac=%s",(getGuid(),curr_mac))
else:
# Find first null prox session, and start from the entry before it.
start_from=0
while( start_from< len(results)-1 and results[start_from][1] != None):
start_from+=1
if( start_from>0):
start_from-=1
prev_prox = results[start_from][1]
else:
prev_prox = getGuid()
start_from+=1
prev_ts=results[start_from-1][0]
for r in range(start_from,len(results)):
special_flag=True
timestamp=results[r][0]
if( (results[r-1][0]+proximity_buffer) < timestamp):
cursor.execute("UPDATE probes SET proximity_session=%s WHERE device_mac=%s AND unix_timestamp(timestamp)>=%s AND unix_timestamp(timestamp) <%s", (prev_prox,curr_mac,prev_ts,timestamp))
prev_prox=getGuid()
prev_ts=timestamp
special_flag=False
else:
pass
if( results[r][1] == None or special_flag):
cursor.execute("UPDATE probes SET proximity_session=%s WHERE device_mac=%s AND unix_timestamp(timestamp)>=%s AND unix_timestamp(timestamp) <=%s", (prev_prox,curr_mac,prev_ts,timestamp))
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
#logging.debug(MaltegoXML_in)
try:
mac, drone = '%', '%'
if 'mac' in m.AdditionalFields:
mac = m.AdditionalFields['mac']
if 'drone' in m.AdditionalFields:
drone = m.AdditionalFields['drone']
logging.debug(mac)
logging.debug(drone)
# cursor.execute("SELECT DISTINCT probe_ssid FROM probes WHERE probe_ssid NOT LIKE '%\\\\\\%' AND device_mac=%s", (mac))
cursor.execute(
"SELECT DISTINCT probe_ssid FROM probes WHERE device_mac=%s",
(mac))
results = cursor.fetchall()
for row in results:
ssid = escape(row[0])
#ssid=(row[0]).encode('ascii','xmlcharrefreplace')
if ssid != '':
logging.debug(ssid)
NewEnt = TRX.addEntity("snoopy.SSID", ssid)
# NewEnt.addAdditionalFields("start_time","Start time", "strict", start_time)
# NewEnt.addAdditionalFields("end_time","End time", "strict", end_time)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> "":
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
# logging.debug(MaltegoXML_in)
try:
mac, drone = "%", "%"
if "mac" in m.AdditionalFields:
mac = m.AdditionalFields["mac"]
if "drone" in m.AdditionalFields:
drone = m.AdditionalFields["drone"]
logging.debug(mac)
logging.debug(drone)
# cursor.execute("SELECT DISTINCT probe_ssid FROM probes WHERE probe_ssid NOT LIKE '%\\\\\\%' AND device_mac=%s", (mac))
cursor.execute("SELECT DISTINCT probe_ssid FROM probes WHERE device_mac=%s", (mac))
results = cursor.fetchall()
for row in results:
ssid = escape(row[0])
# ssid=(row[0]).encode('ascii','xmlcharrefreplace')
if ssid != "":
logging.debug(ssid)
NewEnt = TRX.addEntity("snoopy.SSID", ssid)
# NewEnt.addAdditionalFields("start_time","Start time", "strict", start_time)
# NewEnt.addAdditionalFields("end_time","End time", "strict", end_time)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
#logging.debug(MaltegoXML_in)
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
drone = '%'
now = datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields:
start_time = m.AdditionalFields['start_time']
end_time = m.AdditionalFields['end_time']
else:
start_time = now + datetime.timedelta(seconds=-lookback)
end_time = now + datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now = now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time = start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time = end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location = m.AdditionalFields['location']
else:
location = "%"
if 'properties.drone' in m.AdditionalFields:
drone = m.AdditionalFields['properties.drone']
country = '%'
if 'country' in m.AdditionalFields:
country = m.AdditionalFields['country']
cursor.execute(
"SELECT DISTINCT device_mac,vendor_short,IF(hostname IS NULL, '', CONCAT('(',hostname,')')) AS hostname, IF(hostname IS NULL, 'False','True') AS from_web, 'True' AS from_probes FROM probes LEFT OUTER JOIN dhcp_leases ON probes.device_mac = dhcp_leases.mac JOIN wigle ON probes.probe_ssid=wigle.ssid JOIN mac_vendor ON probes.mac_prefix=mac_vendor.mac AND country=%s",
(country))
results = cursor.fetchall()
for row in results:
mac, vendor, hostname, from_web, from_probes = row[0], row[1], row[
2], row[3], row[4]
NewEnt = TRX.addEntity("snoopy.Client",
"%s %s" % (vendor, hostname))
NewEnt.addAdditionalFields("mac", "mac address", "strict", mac)
NewEnt.addAdditionalFields("vendor", "vendor", "strict", vendor)
NewEnt.addAdditionalFields("hostname", "hostname", "hostname",
hostname)
NewEnt.addAdditionalFields("from_web", "from_web", "nostrict",
from_web)
NewEnt.addAdditionalFields("from_probes", "from_probes",
"nostrict", from_probes)
#NewEnt.addAdditionalFields("drone","drone","strict",drone)
#NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start)
#NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end)
#NewEnt.addAdditionalFields("location","location","strict",location)
#NewEnt.addAdditionalFields("run_id","run_id","strict",run_id)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
#logging.debug(MaltegoXML_in)
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
drone='%'
now=datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields :
start_time=m.AdditionalFields['start_time']
end_time=m.AdditionalFields['end_time']
else:
start_time=now+datetime.timedelta(seconds=-lookback)
end_time=now+datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now=now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time=start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time=end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location=m.AdditionalFields['location']
else:
location="%"
if 'properties.drone' in m.AdditionalFields:
drone=m.AdditionalFields['properties.drone']
ua='None'
if 'useragent' in m.AdditionalFields:
ua=m.AdditionalFields['useragent']
cursor.execute("SELECT DISTINCT client_ip,hostname,dhcp_leases.mac,vendor_short,ua FROM dhcp_leases,squid_logs,mac_vendor WHERE squid_logs.client_ip=dhcp_leases.ip AND dhcp_leases.mac_prefix=mac_vendor.mac AND ua LIKE %s",(ua))
results=cursor.fetchall()
for row in results:
try:
client_ip=row[0]
hostname=row[1].encode('utf8','xmlcharrefreplace')
mac=row[2]
vendor=row[3].encode('utf8','xmlcharrefreplace')
ua=row[4].encode('utf8','xmlcharrefreplace')
except Exception,e:
logging.debug(e)
NewEnt=TRX.addEntity("snoopy.Client", "%s (%s)"%(vendor,hostname))
NewEnt.addAdditionalFields("hostname","hostname","strict",hostname)
NewEnt.addAdditionalFields("mac","mac","strict",mac)
NewEnt.addAdditionalFields("vendor","vendor","strict",vendor)
# NewEnt.addAdditionalFields("useragent","useragent","strict",ua)
NewEnt.addAdditionalFields("from_web","from_web","strict","True")
NewEnt.addAdditionalFields("from_probes","from_probes","strict","True")
#NewEnt.addAdditionalFields("drone","drone","strict",drone)
#NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start)
#NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end)
#NewEnt.addAdditionalFields("location","location","strict",location)
#NewEnt.addAdditionalFields("run_id","run_id","strict",run_id)
TRX.returnOutput()
import stawk_db
import datetime
cursor = stawk_db.dbconnect()
drones = []
day = '2012-08-24 '
st = day + '00:00:00'
fi = day + '23:59:59'
cursor.execute(
"SELECT monitor_id,min(timestamp),max(timestamp) FROM probes WHERE timestamp > %s AND timestamp <%s GROUP BY monitor_id",
(st, fi))
for r in cursor.fetchall():
drones.append((r[0], r[1], r[2]))
for d in drones:
drone_id = d[0]
print drone_id
fp, lp = d[1], d[2]
fp = fp - datetime.timedelta(minutes=fp.minute, seconds=fp.second)
lp = lp - datetime.timedelta(minutes=(lp.minute - 60), seconds=lp.second)
hours = (((lp - fp)).seconds) / 3600
for h in range(hours):
frm = fp + datetime.timedelta(hours=h)
to = fp + datetime.timedelta(hours=h + 1)
cursor.execute(
"SELECT COUNT( DISTINCT (device_mac)) FROM probes where timestamp > %s AND timestamp < %s AND monitor_id=%s",
# -Generic Linux (assuming driver support via airmon-ng)
import sys
import os
import ipaddr
import subprocess
import stawk_db
import shutil
import random
import hashlib
import traceback, os.path
import imp
import stat
import re
cursor=stawk_db.dbconnect()
# Load config file
snoopyBinPath=os.path.dirname(os.path.realpath(__file__))
os.chdir(snoopyBinPath)
try:
f = open('../setup/config')
data = imp.load_source('data', '', f)
f.close()
vpn_server=data.vpn_server
rsync_user=data.rsync_user
rsync_user_home=data.rsync_user_home
web_root=data.web_root
except Exception, e:
print "Unable to load config file!"
print e
sys.exit(-1)
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
# logging.debug(m.AdditionalFields['end_time'])
now = datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields:
start_time = m.AdditionalFields['start_time']
end_time = m.AdditionalFields['end_time']
else:
start_time = now - datetime.timedelta(0, lookback)
end_time = now + datetime.timedelta(1, 0)
logging.debug(start_time)
logging.debug(end_time)
if 'mac' in m.AdditionalFields:
mac = m.AdditionalFields['mac']
else:
mac = "0"
if 'drone' in m.AdditionalFields:
drone = m.AdditionalFields['drone']
else:
drone = "0"
logging.debug(mac)
logging.debug(drone)
cursor.execute(
"SELECT DISTINCT domain FROM snoopy_web_logs WHERE mac=%s",
(mac))
#cursor.execute("SELECT DISTINCT domain FROM snoopy_web_logs WHERE mac=%s AND timestamp > %s AND timestamp <%s", (mac,start_time,end_time))
results = cursor.fetchall()
for row in results:
domain = row[0]
if (domain == "facebook.com"):
NewEnt = TRX.addEntity("maltego.FacebookObject", domain)
else:
NewEnt = TRX.addEntity("Domain", domain)
NewEnt.addAdditionalFields("start_time", "start_time",
"nostrict", start_time)
NewEnt.addAdditionalFields("end_time", "end_time", "nostrict",
end_time)
NewEnt.addAdditionalFields("mac", "mac", "strict", mac)
NewEnt.addAdditionalFields("drone", "drone", "strict", drone)
# NewEnt.addAdditionalFields("drone","drone","strict",drone)
# NewEnt.addAdditionalFields("mac","mac","strict",mac)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
logging.debug(m)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
# logging.debug(m.AdditionalFields['end_time'])
logging.info("Fetching victims")
drone='%'
if 'properties.drone' in m.AdditionalFields:
drone=m.AdditionalFields['properties.drone']
if 'drone' in m.AdditionalFields:
drone=m.AdditionalFields['drone']
# drone=m.AdditionalFields['drone']
# If no start / end times are specified, we default to lookback
now=datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields :
start_time=m.AdditionalFields['start_time']
end_time=m.AdditionalFields['end_time']
else:
start_time=now+datetime.timedelta(seconds=-lookback)
end_time=now+datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now=now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time=start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time=end_time.strftime("%Y-%m-%d %H:%M:%S.0")
logging.debug("1. S,E - %s / %s"%(start_time,end_time))
if 'location' in m.AdditionalFields:
location=m.AdditionalFields['location']
# I'm a dirty hacker, short and stout.
logging.debug("SELECT MIN(timestamp),MAX(timestamp) FROM probes WHERE location LIKE %s AND monitor_id=%s AND timestamp >= %s AND timestamp <= %s"%(location,drone,start_time,end_time))
cursor.execute("SELECT MIN(timestamp),MAX(timestamp) FROM probes WHERE location LIKE %s AND monitor_id=%s AND timestamp >= %s AND timestamp <= %s",(location,drone,start_time,end_time))
result=cursor.fetchone()
start_time=result[0]
end_time=result[1]
else:
location="%"
logging.debug("2. S,E - %s / %s"%(start_time,end_time))
logging.debug(drone)
try:
logging.info("SELECT DISTINCT device_mac,vendor_short,monitor_id AS drone_id,'probes' AS source, IFNULL(hostname,'') AS hostname,location FROM proximity_sessions LEFT OUTER JOIN dhcp_leases ON proximity_sessions.device_mac = dhcp_leases.mac WHERE monitor_id='%s' AND location LIKE '%s' AND last_probe > '%s' AND last_probe < '%s' UNION SELECT DISTINCT dhcp_leases.mac,mac_vendor.vendor_short,drone_conf.id AS drone_id, 'web' AS source, dhcp_leases.hostname, '' AS location from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE drone_conf.id='%s' AND timestamp > '%s' AND timestamp < '%s'"%(drone,location,start_time,end_time,drone,start_time,end_time))
cursor.execute("SELECT DISTINCT device_mac,vendor_short,monitor_id AS drone_id,'probes' AS source, IFNULL(hostname,'') AS hostname,location FROM proximity_sessions LEFT OUTER JOIN dhcp_leases ON proximity_sessions.device_mac = dhcp_leases.mac WHERE monitor_id=%s AND location LIKE %s AND last_probe >= %s AND last_probe <= %s UNION SELECT DISTINCT dhcp_leases.mac,mac_vendor.vendor_short,drone_conf.id AS drone_id, 'web' AS source, dhcp_leases.hostname, '' AS location from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE drone_conf.id=%s AND timestamp >= %s AND timestamp <= %s",(drone,location,start_time,end_time,drone,start_time,end_time))
results=cursor.fetchall()
logging.debug( "Observed %d clients" %len(results))
dataz={}
for row in results:
logging.debug(row)
mac=row[0]
vendor=row[1]
drone=row[2]
source=row[3]
hostname=row[4]
obs_location=row[5]
tmp={'vendor':vendor,'hostname':hostname}
if source=='web':
tmp['from_web']="True"
elif source == 'probes':
tmp['from_probes']="True"
if mac not in dataz:
dataz[mac]=tmp
dataz[mac]['obs_location']=obs_location
else:
dataz[mac] = dict(dataz[mac].items() + tmp.items())
dataz[mac]['obs_location'] = dataz[mac]['obs_location'] + ", " + obs_location
for k,v in dataz.iteritems():
mac=k
vendor=v['vendor']
hostname=v['hostname']
obs_location=v['obs_location']
from_web,from_probes="False","False"
if 'from_web' in v:
from_web="True"
if 'from_probes' in v:
from_probes="True"
# if from_web == "False":
if len(hostname) < 1:
NewEnt=TRX.addEntity("snoopy.Client", "%s"%(vendor));
else:
NewEnt=TRX.addEntity("snoopy.Client", "%s (%s)"%(vendor,hostname))
NewEnt.addAdditionalFields("mac","mac address", "strict",mac)
NewEnt.addAdditionalFields("vendor","vendor","strict",vendor)
NewEnt.addAdditionalFields("hostname","hostname","hostname",hostname)
NewEnt.addAdditionalFields("from_web","from_web","nostrict",from_web)
NewEnt.addAdditionalFields("from_probes","from_probes","nostrict",from_probes)
NewEnt.addAdditionalFields("drone","drone","nostrict",drone)
NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start_time)
NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end_time)
NewEnt.addAdditionalFields("location","Location","nostrict",location)
NewEnt.addAdditionalFields("obs_location","Observed Locations","nostrict",obs_location)
#Add something to icon to distinguish probes and web?
except Exception, e:
logging.debug("Exception from fetchClients.py:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
# If no start / end times are specified, we default to lookback
now = datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields:
start_time = m.AdditionalFields['start_time']
end_time = m.AdditionalFields['end_time']
else:
start_time = now + datetime.timedelta(seconds=-lookback)
end_time = now + datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now = now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time = start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time = end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location = m.AdditionalFields['location']
else:
location = "%"
logging.debug("-----------------")
logging.debug("1. Currenttime -%s, Start time - %s, End time - %s" %
(now, start_time, end_time))
try:
logging.debug(
"select DISTINCT drone_conf.id from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE squid_logs.timestamp > %s AND squid_logs.timestamp < %s UNION SELECT DISTINCT monitor_id FROM probes WHERE timestamp > %s AND timestamp < %s AND location LIKE %s"
% (start_time, end_time, start_time, end_time, location))
cursor.execute(
"select DISTINCT drone_conf.id from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE squid_logs.timestamp > %s AND squid_logs.timestamp < %s UNION SELECT DISTINCT monitor_id FROM probes WHERE timestamp > %s AND timestamp < %s AND location LIKE %s",
(start_time, end_time, start_time, end_time, location))
# cursor.execute("select DISTINCT drone_conf.id from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE squid_logs.timestamp > %s AND squid_logs.timestamp < %s UNION SELECT DISTINCT monitor_id FROM proximity_sessions WHERE last_probe > %s AND last_probe < %s AND location LIKE %s", (start_time,end_time,start_time,end_time,location))
results = cursor.fetchall()
logging.debug("Observed drone count: %d" % len(results))
for row in results:
logging.debug(
"2. Currenttime -%s, Start time - %s, End time - %s" %
(now, start_time, end_time))
drone = row[0]
NewEnt = TRX.addEntity("snoopy.Drone", row[0])
NewEnt.addAdditionalFields("drone", "drone", "strict", row[0])
NewEnt.addAdditionalFields("start_time", "Start time",
"nostrict", start_time)
NewEnt.addAdditionalFields("end_time", "End time", "nostrict",
end_time)
# NewEnt.addAdditionalFields("location","location", "strict", location)
NewEnt.addAdditionalFields("start_time_txt", "Start time_txt",
"nostrict", start_time)
NewEnt.addAdditionalFields("end_time_txt", "End time_txt",
"nostrict", end_time)
NewEnt.addAdditionalFields("current_time", "current_time",
"nostrict", now)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def db(): global cursor cursor=stawk_db.dbconnect()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
#logging.debug(MaltegoXML_in)
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
drone = '%'
now = datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields:
start_time = m.AdditionalFields['start_time']
end_time = m.AdditionalFields['end_time']
else:
start_time = now + datetime.timedelta(seconds=-lookback)
end_time = now + datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now = now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time = start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time = end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location = m.AdditionalFields['location']
else:
location = "%"
if 'properties.drone' in m.AdditionalFields:
drone = m.AdditionalFields['properties.drone']
# logging.debug("SELECT DISTINCT location FROM probes WHERE timestamp > '%s' AND timestamp < '%s' AND monitor_id LIKE '%s'" %(start_time,end_time,drone))
# cursor.execute("SELECT DISTINCT location FROM probes WHERE timestamp > %s AND timestamp < %s AND monitor_id LIKE %s", (start_time,end_time,drone))
logging.debug(
"SELECT location,MIN(timestamp),MAX(timestamp),run_id FROM probes WHERE timestamp > '%s' AND timestamp < '%s' AND monitor_id LIKE '%s' GROUP BY location"
% (start_time, end_time, drone))
cursor.execute(
"SELECT location,MIN(timestamp),MAX(timestamp),run_id FROM probes WHERE timestamp > %s AND timestamp < %s AND monitor_id LIKE %s GROUP BY location",
(start_time, end_time, drone))
results = cursor.fetchall()
for row in results:
location, start, end, run_id = row[0], row[1].strftime(
"%Y-%m-%d %H:%M:%S.0"), row[2].strftime(
"%Y-%m-%d %H:%M:%S.0"), row[3]
logging.debug("SE / ET - %s / %s" % (start, end))
NewEnt = TRX.addEntity("snoopy.DroneLocation", location)
NewEnt.addAdditionalFields("drone", "drone", "strict", drone)
NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",
start)
NewEnt.addAdditionalFields("end_time", "end_time", "nostrict", end)
NewEnt.addAdditionalFields("location", "location", "strict",
location)
NewEnt.addAdditionalFields("run_id", "run_id", "strict", run_id)
TRX.returnOutput()
def main():
fb_view_url = None
try:
p = os.path.dirname(os.path.realpath(__file__))
f = open("%s/../setup/webroot_guid.txt" % p, "r")
fb_view_url = f.readline().strip() + "/web_data/facebook/"
except:
logging.debug(
"Warning: Couldn't determind streetview webserver folder")
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
mac, drone = 0, 0
if 'mac' in m.AdditionalFields:
mac = m.AdditionalFields['mac']
if 'drone' in m.AdditionalFields:
drone = m.AdditionalFields['drone']
id = m.AdditionalFields['id']
logging.debug(mac)
logging.debug(drone)
logging.debug(id)
logging.debug(
"SELECT facebook.id,name,gender,locale,network,link,degree FROM facebook_friends,facebook WHERE facebook_friends.id='%s' AND facebook_friends.friend_id=facebook.id"
% (id))
cursor.execute(
"SELECT facebook.id,name,gender,locale,network,link,degree FROM facebook_friends,facebook WHERE facebook_friends.id=%s AND facebook_friends.friend_id=facebook.id",
(id))
results = cursor.fetchall()
for row in results:
id, name, gender, locale, network, link, degree = row[0], row[
1], row[2], row[3], row[4], row[5], row[6]
if id != None:
id = id.encode('utf8', 'xmlcharrefreplace')
if name != None:
name = name.encode('utf8', 'xmlcharrefreplace')
if gender != None:
gender = gender.encode('utf8', 'xmlcharrefreplace')
if locale != None:
locale = locale.encode('utf8', 'xmlcharrefreplace')
if network != None:
network = network.encode('utf8', 'xmlcharrefreplace')
else:
network = "-"
if link != None:
link = link.encode('utf8', 'xmlcharrefreplace')
NewEnt = TRX.addEntity("maltego.FacebookObject", name)
NewEnt.addAdditionalFields("id", "id", "nostrict", id)
NewEnt.addAdditionalFields("gender", "gender", "nostrict",
gender)
NewEnt.addAdditionalFields("locale", "locale", "nostrict",
locale)
# NewEnt.addAdditionalFields("network","network","nostrict",network)
NewEnt.addAdditionalFields("link", "link", "nostrict", link)
NewEnt.addAdditionalFields("degree", "degree", "nostrict",
degree)
# NewEnt.addAdditionalFields("drone","drone","nostrict",drone)
# NewEnt.addAdditionalFields("mac","mac","nostrict",mac)
#logging.debug("Facebook profile photo - %s/%s/profile.jpg" % (fb_view_url,id))
if (fb_view_url != None):
NewEnt.addAdditionalFields(
"facebook_profile_photo", "Profile", "strict",
"%s/%s/profile.jpg" % (fb_view_url, id))
NewEnt.setIconURL("%s/%s/profile.jpg" % (fb_view_url, id))
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
logging.debug(m)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
# logging.debug(m.AdditionalFields['end_time'])
logging.info("Fetching victims")
drone = '%'
if 'properties.drone' in m.AdditionalFields:
drone = m.AdditionalFields['properties.drone']
if 'drone' in m.AdditionalFields:
drone = m.AdditionalFields['drone']
# drone=m.AdditionalFields['drone']
# If no start / end times are specified, we default to lookback
now = datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields:
start_time = m.AdditionalFields['start_time']
end_time = m.AdditionalFields['end_time']
else:
start_time = now + datetime.timedelta(seconds=-lookback)
end_time = now + datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now = now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time = start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time = end_time.strftime("%Y-%m-%d %H:%M:%S.0")
logging.debug("1. S,E - %s / %s" % (start_time, end_time))
if 'location' in m.AdditionalFields:
location = m.AdditionalFields['location']
# I'm a dirty hacker, short and stout.
logging.debug(
"SELECT MIN(timestamp),MAX(timestamp) FROM probes WHERE location LIKE %s AND monitor_id=%s AND timestamp >= %s AND timestamp <= %s"
% (location, drone, start_time, end_time))
cursor.execute(
"SELECT MIN(timestamp),MAX(timestamp) FROM probes WHERE location LIKE %s AND monitor_id=%s AND timestamp >= %s AND timestamp <= %s",
(location, drone, start_time, end_time))
result = cursor.fetchone()
start_time = result[0]
end_time = result[1]
else:
location = "%"
logging.debug("2. S,E - %s / %s" % (start_time, end_time))
logging.debug(drone)
try:
logging.info(
"SELECT DISTINCT device_mac,vendor_short,monitor_id AS drone_id,'probes' AS source, IFNULL(hostname,'') AS hostname,location FROM proximity_sessions LEFT OUTER JOIN dhcp_leases ON proximity_sessions.device_mac = dhcp_leases.mac WHERE monitor_id='%s' AND location LIKE '%s' AND last_probe > '%s' AND last_probe < '%s' UNION SELECT DISTINCT dhcp_leases.mac,mac_vendor.vendor_short,drone_conf.id AS drone_id, 'web' AS source, dhcp_leases.hostname, '' AS location from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE drone_conf.id='%s' AND timestamp > '%s' AND timestamp < '%s'"
% (drone, location, start_time, end_time, drone, start_time,
end_time))
cursor.execute(
"SELECT DISTINCT device_mac,vendor_short,monitor_id AS drone_id,'probes' AS source, IFNULL(hostname,'') AS hostname,location FROM proximity_sessions LEFT OUTER JOIN dhcp_leases ON proximity_sessions.device_mac = dhcp_leases.mac WHERE monitor_id=%s AND location LIKE %s AND last_probe >= %s AND last_probe <= %s UNION SELECT DISTINCT dhcp_leases.mac,mac_vendor.vendor_short,drone_conf.id AS drone_id, 'web' AS source, dhcp_leases.hostname, '' AS location from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE drone_conf.id=%s AND timestamp >= %s AND timestamp <= %s",
(drone, location, start_time, end_time, drone, start_time,
end_time))
results = cursor.fetchall()
logging.debug("Observed %d clients" % len(results))
dataz = {}
for row in results:
logging.debug(row)
mac = row[0]
vendor = row[1]
drone = row[2]
source = row[3]
hostname = row[4]
obs_location = row[5]
tmp = {'vendor': vendor, 'hostname': hostname}
if source == 'web':
tmp['from_web'] = "True"
elif source == 'probes':
tmp['from_probes'] = "True"
if mac not in dataz:
dataz[mac] = tmp
dataz[mac]['obs_location'] = obs_location
else:
dataz[mac] = dict(dataz[mac].items() + tmp.items())
dataz[mac]['obs_location'] = dataz[mac][
'obs_location'] + ", " + obs_location
for k, v in dataz.iteritems():
mac = k
vendor = v['vendor']
hostname = v['hostname']
obs_location = v['obs_location']
from_web, from_probes = "False", "False"
if 'from_web' in v:
from_web = "True"
if 'from_probes' in v:
from_probes = "True"
# if from_web == "False":
if len(hostname) < 1:
NewEnt = TRX.addEntity("snoopy.Client", "%s" % (vendor))
else:
NewEnt = TRX.addEntity("snoopy.Client",
"%s (%s)" % (vendor, hostname))
NewEnt.addAdditionalFields("mac", "mac address", "strict", mac)
NewEnt.addAdditionalFields("vendor", "vendor", "strict",
vendor)
NewEnt.addAdditionalFields("hostname", "hostname", "hostname",
hostname)
NewEnt.addAdditionalFields("from_web", "from_web", "nostrict",
from_web)
NewEnt.addAdditionalFields("from_probes", "from_probes",
"nostrict", from_probes)
NewEnt.addAdditionalFields("drone", "drone", "nostrict", drone)
NewEnt.addAdditionalFields("start_time", "start_time",
"nostrict", start_time)
NewEnt.addAdditionalFields("end_time", "end_time", "nostrict",
end_time)
NewEnt.addAdditionalFields("location", "Location", "nostrict",
location)
NewEnt.addAdditionalFields("obs_location",
"Observed Locations", "nostrict",
obs_location)
#Add something to icon to distinguish probes and web?
except Exception, e:
logging.debug("Exception from fetchClients.py:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
# If no start / end times are specified, we default to lookback
now=datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields :
start_time=m.AdditionalFields['start_time']
end_time=m.AdditionalFields['end_time']
else:
start_time=now+datetime.timedelta(seconds=-lookback)
end_time=now+datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now=now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time=start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time=end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location=m.AdditionalFields['location']
else:
location="%"
logging.debug("-----------------")
logging.debug("1. Currenttime -%s, Start time - %s, End time - %s" %(now,start_time,end_time))
try:
logging.debug("select DISTINCT drone_conf.id from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE squid_logs.timestamp > %s AND squid_logs.timestamp < %s UNION SELECT DISTINCT monitor_id FROM probes WHERE timestamp > %s AND timestamp < %s AND location LIKE %s" % (start_time,end_time,start_time,end_time,location))
cursor.execute("select DISTINCT drone_conf.id from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE squid_logs.timestamp > %s AND squid_logs.timestamp < %s UNION SELECT DISTINCT monitor_id FROM probes WHERE timestamp > %s AND timestamp < %s AND location LIKE %s", (start_time,end_time,start_time,end_time,location))
# cursor.execute("select DISTINCT drone_conf.id from dhcp_leases inner join mac_vendor on mac_prefix=mac_vendor.mac inner join squid_logs on client_ip=dhcp_leases.ip inner join drone_conf on drone_conf.ip_prefix=dhcp_leases.ip_prefix WHERE squid_logs.timestamp > %s AND squid_logs.timestamp < %s UNION SELECT DISTINCT monitor_id FROM proximity_sessions WHERE last_probe > %s AND last_probe < %s AND location LIKE %s", (start_time,end_time,start_time,end_time,location))
results=cursor.fetchall()
logging.debug("Observed drone count: %d" %len(results))
for row in results:
logging.debug("2. Currenttime -%s, Start time - %s, End time - %s" %(now,start_time,end_time))
drone=row[0]
NewEnt=TRX.addEntity("snoopy.Drone", row[0]);
NewEnt.addAdditionalFields("drone","drone", "strict", row[0])
NewEnt.addAdditionalFields("start_time","Start time", "nostrict", start_time)
NewEnt.addAdditionalFields("end_time","End time", "nostrict", end_time)
# NewEnt.addAdditionalFields("location","location", "strict", location)
NewEnt.addAdditionalFields("start_time_txt","Start time_txt", "nostrict", start_time)
NewEnt.addAdditionalFields("end_time_txt","End time_txt", "nostrict", end_time)
NewEnt.addAdditionalFields("current_time","current_time","nostrict",now)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
#logging.debug(MaltegoXML_in)
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
drone='%'
now=datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields :
start_time=m.AdditionalFields['start_time']
end_time=m.AdditionalFields['end_time']
else:
start_time=now+datetime.timedelta(seconds=-lookback)
end_time=now+datetime.timedelta(seconds=lookback)
# Maltego requires format e.g 2012-10-23 22:37:12.0
now=now.strftime("%Y-%m-%d %H:%M:%S.0")
start_time=start_time.strftime("%Y-%m-%d %H:%M:%S.0")
end_time=end_time.strftime("%Y-%m-%d %H:%M:%S.0")
if 'location' in m.AdditionalFields:
location=m.AdditionalFields['location']
else:
location="%"
if 'properties.drone' in m.AdditionalFields:
drone=m.AdditionalFields['properties.drone']
country='%'
if 'country' in m.AdditionalFields:
country=m.AdditionalFields['country']
cursor.execute("SELECT DISTINCT device_mac,vendor_short,IF(hostname IS NULL, '', CONCAT('(',hostname,')')) AS hostname, IF(hostname IS NULL, 'False','True') AS from_web, 'True' AS from_probes FROM probes LEFT OUTER JOIN dhcp_leases ON probes.device_mac = dhcp_leases.mac JOIN wigle ON probes.probe_ssid=wigle.ssid JOIN mac_vendor ON probes.mac_prefix=mac_vendor.mac AND country=%s",(country))
results=cursor.fetchall()
for row in results:
mac,vendor,hostname,from_web,from_probes=row[0],row[1],row[2],row[3],row[4]
NewEnt=TRX.addEntity("snoopy.Client", "%s %s"%(vendor,hostname))
NewEnt.addAdditionalFields("mac","mac address", "strict",mac)
NewEnt.addAdditionalFields("vendor","vendor","strict",vendor)
NewEnt.addAdditionalFields("hostname","hostname","hostname",hostname)
NewEnt.addAdditionalFields("from_web","from_web","nostrict",from_web)
NewEnt.addAdditionalFields("from_probes","from_probes","nostrict",from_probes)
#NewEnt.addAdditionalFields("drone","drone","strict",drone)
#NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start)
#NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end)
#NewEnt.addAdditionalFields("location","location","strict",location)
#NewEnt.addAdditionalFields("run_id","run_id","strict",run_id)
TRX.returnOutput()
def main():
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
# logging.debug(m.AdditionalFields['end_time'])
now=datetime.datetime.now()
if 'start_time' in m.AdditionalFields and 'end_time' in m.AdditionalFields :
start_time=m.AdditionalFields['start_time']
end_time=m.AdditionalFields['end_time']
else:
start_time=now-datetime.timedelta(0,lookback)
end_time=now+datetime.timedelta(1,0)
logging.debug(start_time)
logging.debug(end_time)
if 'mac' in m.AdditionalFields:
mac=m.AdditionalFields['mac']
else:
mac="0"
if 'drone' in m.AdditionalFields:
drone=m.AdditionalFields['drone']
else:
drone="0"
logging.debug(mac)
logging.debug(drone)
cursor.execute("SELECT DISTINCT domain FROM snoopy_web_logs WHERE mac=%s", (mac))
#cursor.execute("SELECT DISTINCT domain FROM snoopy_web_logs WHERE mac=%s AND timestamp > %s AND timestamp <%s", (mac,start_time,end_time))
results=cursor.fetchall()
for row in results:
domain=row[0]
if ( domain == "facebook.com" ):
NewEnt=TRX.addEntity("maltego.FacebookObject",domain)
else:
NewEnt=TRX.addEntity("Domain", domain)
NewEnt.addAdditionalFields("start_time", "start_time", "nostrict",start_time)
NewEnt.addAdditionalFields("end_time","end_time", "nostrict",end_time)
NewEnt.addAdditionalFields("mac","mac","strict",mac)
NewEnt.addAdditionalFields("drone","drone","strict",drone)
# NewEnt.addAdditionalFields("drone","drone","strict",drone)
# NewEnt.addAdditionalFields("mac","mac","strict",mac)
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
logging.info("Starting Wigle GeoLocator")
cursor = stawk_db.dbconnect()
while Flag:
cursor.execute(
"SELECT DISTINCT probe_ssid FROM probes WHERE probe_ssid != '' AND probe_ssid NOT LIKE '%\\\\\\%' AND probe_ssid NOT IN (SELECT DISTINCT ssid from wigle) ORDER BY PRIORITY"
)
result = cursor.fetchall()
if (len(result) > 0):
logging.info("Looking up address for %d SSIDs" % len(result))
for r in result:
if r[0] in bad_ssids and bad_ssids[r[0]] > 4:
logging.info("Ignoring bad SSID '%s' after %d failed lookups" %
(r[0], bad_ssids[r[0]]))
cursor.execute(
"INSERT INTO wigle (ssid,overflow) VALUES (%s,-2)", (ssid))
else:
locations = fetchLocations(r[0])
if locations == None:
logging.info(
"Wigle account has been shunned, backing off for 20 minutes"
)
time.sleep(60 * 20)
elif 'error' in locations:
logging.info(
"An error occured, will retry in 60 seconds (%s)" %
locations['error'])
if r[0] not in bad_ssids:
bad_ssids[r[0]] = 0
bad_ssids[r[0]] += 1
#print bad_ssids
time.sleep(60)
else:
for l in locations:
country, code, address = "", "", ""
if ('country' in l['ga']):
country = l['ga']['country']
if ('code' in l['ga']):
code = l['ga']['code']
if ('address' in l['ga']):
address = l['ga']['address']
ssid = l['ssid']
g_long = l['long']
g_lat = l['lat']
mac = re.sub(':', '', l['mac'])
last_seen = l['last_seen']
overflow = l['overflow']
# logging.info("INSERT INTO wigle (ssid,mac,gps_lat,gps_long,last_update,overflow, country,code,address) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')"%(ssid,mac,g_lat,g_long,last_seen,overflow,country,code,address))
cursor.execute(
"INSERT INTO wigle (ssid,mac,gps_lat,gps_long,last_update,overflow, country,code,address) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s)",
(ssid, mac, g_lat, g_long, last_seen, overflow,
country, code, address))
# print locations
time.sleep(5)
def main():
fb_view_url=None
try:
p=os.path.dirname(os.path.realpath(__file__))
f=open("%s/../setup/webroot_guid.txt"%p,"r")
fb_view_url=f.readline().strip() + "/web_data/facebook/"
except:
logging.debug("Warning: Couldn't determind streetview webserver folder")
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
try:
mac=m.AdditionalFields['mac']
drone=m.AdditionalFields['drone']
logging.debug(mac)
logging.debug(drone)
logging.debug("SELECT id,name,gender,locale,network,link,degree FROM facebook,dhcp_leases WHERE facebook.ip=dhcp_leases.ip AND mac=%s"%(mac))
cursor.execute("SELECT id,name,gender,locale,network,link,degree FROM facebook,dhcp_leases WHERE facebook.ip=dhcp_leases.ip AND mac=%s",(mac))
results=cursor.fetchall()
for row in results:
id,name,gender,locale,network,link,degree=row[0],row[1],row[2],row[3],row[4],row[5],row[6]
if id != None:
id=id.encode('utf8','xmlcharrefreplace')
if name != None:
name=name.encode('utf8','xmlcharrefreplace')
if gender != None:
gender=gender.encode('utf8','xmlcharrefreplace')
if locale != None:
locale=locale.encode('utf8','xmlcharrefreplace')
if network != None:
network=network.encode('utf8','xmlcharrefreplace')
else:
network="-"
if link != None:
link=link.encode('utf8','xmlcharrefreplace')
NewEnt=TRX.addEntity("maltego.FacebookObject",name)
NewEnt.addAdditionalFields("id","id","nostrict",id)
NewEnt.addAdditionalFields("gender","gender","nostrict",gender)
NewEnt.addAdditionalFields("locale","locale","nostrict",locale)
NewEnt.addAdditionalFields("network","network","nostrict",network)
NewEnt.addAdditionalFields("link","link","nostrict",link)
NewEnt.addAdditionalFields("degree","degree","nostrict",degree)
NewEnt.addAdditionalFields("drone","drone","nostrict",drone)
NewEnt.addAdditionalFields("mac","mac","nostrict",mac)
logging.debug("Facebook profile photo - %s/%s/profile.jpg" % (fb_view_url,id))
if( fb_view_url != None):
NewEnt.addAdditionalFields("facebook_profile_photo","Profile","strict","%s/%s/profile.jpg"%(fb_view_url,id))
NewEnt.setIconURL("%s/%s/profile.jpg" % (fb_view_url,id))
except Exception, e:
logging.debug("Exception:")
logging.debug(e)
TRX.returnOutput()
def main():
street_view_url=None
try:
p=os.path.dirname(os.path.realpath(__file__))
f=open("%s/../setup/webroot_guid.txt"%p,"r")
street_view_url=f.readline().strip() + "/web_data/street_views/"
except:
logging.debug("Warning: Couldn't determind streetview webserver folder")
print "Content-type: xml\n\n";
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
logging.debug(MaltegoXML_in)
cursor=stawk_db.dbconnect()
TRX = MaltegoTransform()
ssid=m.Value
try:
cursor.execute("SELECT gps_lat,gps_long,country,code,address FROM wigle WHERE overflow = 0 AND ssid=%s LIMIT 500",(ssid)) #Can be useful to LIMIT 5, or some such. Make sure to do the same in fetchClientsFromCountry.py
#cursor.execute("SELECT gps_lat,gps_long,country,code,address FROM wigle WHERE overflow = 0 AND ssid=%s",(ssid))
results=cursor.fetchall()
for row in results:
# How to Unicode, plox?
lat=row[0]
long=row[1]
# country=row[2].decode('raw_unicode_escape').encode('ascii','xmlcharrefreplace')
# code=row[3].decode('raw_unicode_escape').encode('ascii','xmlcharrefreplace')
# address=row[4].decode('utf-8').encode('ascii','xmlcharrefreplace')
country=row[2].encode('utf8','xmlcharrefreplace')
code=row[3].encode('utf8','xmlcharrefreplace')
address=row[4].encode('utf8','xmlcharrefreplace')
#NewEnt=TRX.addEntity("snoopy.ssidLocation",country)
NewEnt=TRX.addEntity("maltego.Location",country)
NewEnt.addAdditionalFields("latitude","latitude","strict",lat)
NewEnt.addAdditionalFields("longitude","longitude","strict",long)
NewEnt.addAdditionalFields("country", "Country", "strict", country)
NewEnt.addAdditionalFields("countrycode", "Country Code", "strict", code)
# NewEnt.addAdditionalFields("streetaddress", "Street Address", "strict", "<![CDATA[" + address + "]]>")
NewEnt.addAdditionalFields("streetaddress", "Street Address", "strict", address)
NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", escape("http://maps.google.com/maps?t=h&q=%s,%s"%(lat,long)))
logging.debug(street_view_url)
if( street_view_url != None):
NewEnt.addAdditionalFields("streetview","streetview","strict","%s/%s,%s.jpg"%(street_view_url,lat,long))
NewEnt.setIconURL("%s/%s,%s.jpg" % (street_view_url,lat,long))
except Exception,e:
logging.debug(e)
logging.debug(TRX)
TRX.returnOutput()
def main():
street_view_url = None
try:
p = os.path.dirname(os.path.realpath(__file__))
f = open("%s/../setup/webroot_guid.txt" % p, "r")
street_view_url = f.readline().strip() + "/web_data/street_views/"
except:
logging.debug(
"Warning: Couldn't determind streetview webserver folder")
print "Content-type: xml\n\n"
MaltegoXML_in = sys.stdin.read()
if MaltegoXML_in <> '':
m = MaltegoMsg(MaltegoXML_in)
logging.debug(MaltegoXML_in)
cursor = stawk_db.dbconnect()
TRX = MaltegoTransform()
ssid = m.Value
try:
cursor.execute(
"SELECT gps_lat,gps_long,country,code,address FROM wigle WHERE overflow = 0 AND ssid=%s LIMIT 500",
(ssid)
) #Can be useful to LIMIT 5, or some such. Make sure to do the same in fetchClientsFromCountry.py
#cursor.execute("SELECT gps_lat,gps_long,country,code,address FROM wigle WHERE overflow = 0 AND ssid=%s",(ssid))
results = cursor.fetchall()
for row in results:
# How to Unicode, plox?
lat = row[0]
long = row[1]
# country=row[2].decode('raw_unicode_escape').encode('ascii','xmlcharrefreplace')
# code=row[3].decode('raw_unicode_escape').encode('ascii','xmlcharrefreplace')
# address=row[4].decode('utf-8').encode('ascii','xmlcharrefreplace')
country = row[2].encode('utf8', 'xmlcharrefreplace')
code = row[3].encode('utf8', 'xmlcharrefreplace')
address = row[4].encode('utf8', 'xmlcharrefreplace')
#NewEnt=TRX.addEntity("snoopy.ssidLocation",country)
NewEnt = TRX.addEntity("maltego.Location", country)
NewEnt.addAdditionalFields("latitude", "latitude", "strict",
lat)
NewEnt.addAdditionalFields("longitude", "longitude", "strict",
long)
NewEnt.addAdditionalFields("country", "Country", "strict",
country)
NewEnt.addAdditionalFields("countrycode", "Country Code",
"strict", code)
# NewEnt.addAdditionalFields("streetaddress", "Street Address", "strict", "<![CDATA[" + address + "]]>")
NewEnt.addAdditionalFields("streetaddress", "Street Address",
"strict", address)
NewEnt.addAdditionalFields(
"googleMap", "Google map", "nostrict",
escape("http://maps.google.com/maps?t=h&q=%s,%s" %
(lat, long)))
logging.debug(street_view_url)
if (street_view_url != None):
NewEnt.addAdditionalFields(
"streetview", "streetview", "strict",
"%s/%s,%s.jpg" % (street_view_url, lat, long))
NewEnt.setIconURL("%s/%s,%s.jpg" %
(street_view_url, lat, long))
except Exception, e:
logging.debug(e)
logging.debug(TRX)
TRX.returnOutput()