def main():
"""main function for standalone usage"""
usage = "usage: %prog [options] dir"
parser = OptionParser(usage=usage)
parser.add_option("-g", "--games", dest="games", default="none",
help="Games to analyze (comma separated list of: none,dns,dns5)")
parser.add_option("-w", "--whitelist", dest="whitelist", default=False,
action='store_true', help="Use whitelist")
parser.add_option("-p", "--whitelistpath", default="gza/top1000.csv",
help="Whitelist Alexa CSV to use [default: %default]")
parser.add_option("-i", "--ipwhitelistpath", default="gza/generic-dnswl",
help="IP whitelist to use [default: %default]")
parser.add_option('-a', '--all-ips', dest='allips', default=False,
action='store_true',
help='Pull unused IPs from A records [default: %default]')
(options, args) = parser.parse_args()
if len(args) != 1:
parser.print_help()
return 2
options.dir = args[0]
if options.whitelist:
whitelist.makewhitelist(options.whitelistpath)
whitelist.makeipwhitelist(options.ipwhitelistpath)
# Print header
games = options.games.split(',')
headers = []
for g in games:
headers.append(g + 'ipcount')
headers.append(g + 'ips')
headers.append(g + 'domaincount')
headers.append(g + 'domains')
print('md5\t' + '\t'.join(headers))
try:
p = Pool(cpu_count())
pcaps = glob.glob(os.path.join(args[0], '*.pcap'))
# Only send the MD5s
r = re.compile('([0-9a-fA-F]{32})\.exe')
md5s = wu.unique([re.search(r, x).group(1) for x in pcaps])
res_it = p.imap_unordered(run, izip(md5s, repeat(options)), 100)
for res in res_it:
print(res)
except KeyboardInterrupt as e:
sys.stderr.write('User termination!\n')
p.terminate()
def components(c):
"""Get component characters of the 汉字 c. We ignore components that
don't have standalone definitions.
e.g.: 国 -> 囗玉"""
return [x[0] for x in unique(flatten(cl.getDecompositionEntries(c))) if type(x) == tuple]
def main():
"""main function for standalone usage"""
usage = "usage: %prog [options] exp.results"
parser = OptionParser(usage=usage)
parser.add_option('-g', '--games', default='none,dnsw,tcpw',
help='Games played in the results file [default: %default]')
parser.add_option('-p', '--parent-zone', default=False, action='store_true',
help='Look up parent zone, rather than fqdn (mail.google.com, lookup google.com).')
(options, args) = parser.parse_args()
if len(args) != 1:
parser.print_help()
return 2
try:
date = parse(os.path.basename(args[0])[:8])
except ValueError:
date = None # Change this to put today's date
# Open DB connection
conn = psycopg2.connect(host='tyr.gtisc.gatech.edu', database='pdmb', user='******')
alldnsresults = []
alltcpresults = []
# do stuff
with open(args[0]) as results:
header = results.readline().strip()
for exp in results:
desargs = exp.split('\t')
md5, noneipcount, noneips, nonedomaincount, nonedomains, dnswipcount, dnswips, dnswdomaincount, dnswdomains, tcpwipcount, tcpwips, tcpwdomaincount, tcpwdomains = deserialize(*desargs)
# tcpw won
if tcpwipcount > noneipcount:
alltcpresults.append(deltas(conn, tcpwips, noneips, date, options, ip=True))
# dnsw won
if dnswdomaincount > nonedomaincount:
alldnsresults.append(deltas(conn, dnswdomains, nonedomains, date, options))
dnsdaygains, dnsdecoms, dnsincampaign, dnsnevers = zip(*alldnsresults)
tcpdaygains, tcpdecoms, tcpincampaign, tcpnevers = zip(*alltcpresults)
# Deltas
domains1, dnsdaygains = parsedelta(dnsdaygains)
domains2, dnsdecoms = parsedelta(dnsdecoms)
domains3, dnsincampaign = parsedelta(dnsincampaign)
domains4, dnsnevers = parsedelta(dnsnevers)
ips1, tcpdaygains = parsedelta(tcpdaygains)
ips2, tcpdecoms = parsedelta(tcpdecoms)
ips3, tcpincampaign = parsedelta(tcpincampaign)
ips4, tcpnevers = parsedelta(tcpnevers)
# Unique domains
uniquedomains = list(unique(chain(domains1, domains2, domains3, domains4)))
uniqueips = list(unique(chain(ips1, ips2, ips3, ips4)))
conn.close()
print('DNS Blacklisted eventually: %d / %d, (Mean, Var): (%f, %f)' %
(len(dnsdaygains), len(uniquedomains), np.mean(dnsdaygains), np.var(dnsdaygains)))
print('DNS Decommissioned: %d / %d, (Mean, Var): (%f, %f)' %
(len(dnsdecoms), len(uniquedomains), np.mean(dnsdecoms), np.var(dnsdecoms)))
print('DNS In Campaign: %d / %d' %
(len(dnsincampaign), len(uniquedomains)))
print('DNS Never blacklisted: %d / %d' %
(len(dnsnevers), len(uniquedomains)))
print('IP Blacklisted eventually: %d / %d, (Mean, Var): (%f, %f)' %
(len(tcpdaygains), len(uniqueips), np.mean(tcpdaygains), np.var(tcpdaygains)))
print('IP Decommissioned: %d / %d, (Mean, Var): (%f, %f)' %
(len(tcpdecoms), len(uniqueips), np.mean(tcpdecoms), np.var(tcpdecoms)))
print('IP In Campaign: %d / %d' %
(len(tcpincampaign), len(uniqueips)))
print('IP Never blacklisted: %d / %d' %
(len(tcpnevers), len(uniqueips)))
def parsedelta(ipordns_gametype):
try:
x, y = zip(*[(x[0], x[1]) for x in unique(flatten(filter(None, ipordns_gametype)))])
return (x, y)
except ValueError: # Empty list
return ([], [])