def files_types(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
result = simple_group('file', 'content_guess', mongodb)
return jsonify(result, response)
def urls(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
if 'limit' in query_keys:
limit = int(request.query.limit)
else:
limit = 50
if 'url_regex' in query_keys:
query_dict['url'] = {'$regex': request.query.url_regex}
if 'hash' in query_keys:
hash_length = len(request.query['hash'])
if hash_length is 128:
query_dict['extractions.hashes.sha512'] = request.query['hash']
elif hash_length is 40:
query_dict['extractions.hashes.sha1'] = request.query['hash']
elif hash_length is 32:
query_dict['extractions.hashes.md5'] = request.query['hash']
else:
abort(
400,
'{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. '
)
result = list(mongodb['url'].find(query_dict, fields={
'_id': False
}).limit(limit))
return jsonify({'urls': result}, response)
def hpfeeds(mongodb):
try:
auth.require(role='access_all')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
mongo_keys = {'_id', 'id', 'channel'}
#intersection
common_keys = (set(query_keys) & mongo_keys)
try:
for item in common_keys:
if item.endswith('_id'):
query_dict[item] = ObjectId(request.query[item])
elif item == 'id':
query_dict['_' + item] = ObjectId(request.query[item])
else:
query_dict[item] = request.query[item]
except InvalidId:
abort(400, 'Not a valid ObjectId.')
if 'limit' in query_keys:
limit = int(request.query.limit)
else:
limit = 50
result = list(mongodb['hpfeed'].find(query_dict).sort('timestamp',
-1).limit(limit))
return jsonify({'hpfeeds': result}, response)
def hpfeeds(mongodb):
try:
auth.require(role="access_all")
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
mongo_keys = {"_id", "id", "channel"}
# intersection
common_keys = set(query_keys) & mongo_keys
try:
for item in common_keys:
if item.endswith("_id"):
query_dict[item] = ObjectId(request.query[item])
elif item == "id":
query_dict["_" + item] = ObjectId(request.query[item])
else:
query_dict[item] = request.query[item]
except InvalidId:
abort(400, "Not a valid ObjectId.")
if "limit" in query_keys:
limit = int(request.query.limit)
else:
limit = 50
result = list(mongodb["hpfeed"].find(query_dict).sort("timestamp", -1).limit(limit))
return jsonify({"hpfeeds": result}, response)
def urls(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
if 'limit' in query_keys:
limit = int(request.query.limit)
else:
limit = 50
if 'url_regex' in query_keys:
query_dict['url'] = {'$regex': request.query.url_regex}
if 'hash' in query_keys:
hash_length = len(request.query['hash'])
if hash_length is 128:
query_dict['extractions.hashes.sha512'] = request.query['hash']
elif hash_length is 40:
query_dict['extractions.hashes.sha1'] = request.query['hash']
elif hash_length is 32:
query_dict['extractions.hashes.md5'] = request.query['hash']
else:
abort(400, '{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. ')
result = list(mongodb['url'].find(query_dict, fields={'_id': False}).limit(limit))
return jsonify({'urls': result}, response)
def files_types(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
result = simple_group('file', 'content_guess', mongodb)
return jsonify(result, response)
def hpfeeds(mongodb):
try:
auth.require(role='access_all')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
mongo_keys = {'_id', 'id', 'channel'}
#intersection
common_keys = (set(query_keys) & mongo_keys)
try:
for item in common_keys:
if item.endswith('_id'):
query_dict[item] = ObjectId(request.query[item])
elif item == 'id':
query_dict['_' + item] = ObjectId(request.query[item])
else:
query_dict[item] = request.query[item]
except InvalidId:
abort(400, 'Not a valid ObjectId.')
if 'limit' in query_keys:
limit = int(request.query.limit)
else:
limit = 50
result = list(mongodb['hpfeed'].find(query_dict).sort('timestamp', -1).limit(limit))
return jsonify({'hpfeeds': result}, response)
def get_files(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
if 'limit' in query_keys:
limit = int(request.query.limit)
else:
limit = 50
if 'hash' in query_keys:
hash_length = len(request.query['hash'])
if hash_length is 128:
query_dict['hashes.sha512'] = request.query['hash']
elif hash_length is 40:
query_dict['hashes.sha1'] = request.query['hash']
elif hash_length is 32:
query_dict['hashes.md5'] = request.query['hash']
else:
abort(400, '{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. ')
else:
abort(400, 'Only supported query parameter is "hash"')
p_limit = {'_id': False}
if 'no_data' in query_keys:
p_limit['data'] = False
result = list(mongodb['file'].find(query_dict, fields=p_limit).limit(limit))
return jsonify({'files': result}, response)
def files_types(mongodb):
try:
auth.require(role="access_normalized")
except AAAException as e:
return HTTPError(401, e.message)
return HTTPError(410, "This part of the API has been temporarily disabled to due to performance issues.")
result = simple_group("file", "content_guess", mongodb)
return jsonify(result, response)
def files_types(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
return HTTPError(
410,
'This part of the API has been temporarily disabled to due to performance issues.'
)
result = simple_group('file', 'content_guess', mongodb)
return jsonify(result, response)
def session_protocols(mongodb):
"""
Returns a grouped list of all protocols intercepted.
Example:
{"protocols": [{"count": 680, "protocol": "http"},
{"count": 125, "protocol": "ssh},
{"count": 74, "protocol": "imap}]}
"""
auth.require(role='access_normalized')
result = simple_group('session', 'protocol', mongodb)
return jsonify(result, response)
def session_protocols(mongodb):
"""
Returns a grouped list of all protocols intercepted.
Example:
{"protocols": [{"count": 680, "protocol": "http"},
{"count": 125, "protocol": "ssh},
{"count": 74, "protocol": "imap}]}
"""
auth.require(role='access_normalized')
result = simple_group('session', 'protocol', mongodb)
return jsonify(result, response)
def session_protocols(mongodb):
"""
Returns a grouped list of all protocols intercepted.
Example:
{"protocols": [{"count": 680, "protocol": "http"},
{"count": 125, "protocol": "ssh},
{"count": 74, "protocol": "imap}]}
"""
return HTTPError(410, 'This part of the API has been temporarily disabled to due to performance issues.')
auth.require(role='access_normalized')
result = simple_group('session', 'protocol', mongodb)
return jsonify(result, response)
def hpfeeds(mongodb):
try:
auth.require(role='access_all')
except AAAException as e:
return HTTPError(401, e.message)
tmp_result = mongodb['daily_stats'].find_one({'_id': 'total'})
del tmp_result['_id']
result = []
for key, value in tmp_result.items():
result.append({'channel': key, 'count': value})
return jsonify({'stats': result}, response)
def hpfeeds(mongodb):
try:
auth.require(role='access_all')
except AAAException as e:
return HTTPError(401, e.message)
tmp_result = mongodb['daily_stats'].find_one({'_id': 'total'})
del tmp_result['_id']
result = []
for key, value in tmp_result.items():
result.append({'channel': key, 'count': value})
return jsonify({'stats': result}, response)
def hpfeeds(mongodb):
try:
auth.require(role="access_all")
except AAAException as e:
return HTTPError(401, e.message)
tmp_result = mongodb["daily_stats"].find_one({"_id": "total"})
del tmp_result["_id"]
result = []
for key, value in tmp_result.items():
result.append({"channel": key, "count": value})
return jsonify({"stats": result}, response)
def sessions_get_by_query(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
mongo_keys = {
'id', '_id', 'protocol', 'source_ip', 'source_port', 'destination_ip',
'destination_port', 'honeypot'
}
#intersection
common_keys = (set(query_keys) & mongo_keys)
for item in common_keys:
if item.endswith('_id'):
query_dict[item] = ObjectId(request.query[item])
elif item is 'id':
query_dict['_' + item] = ObjectId(request.query[item])
elif item.endswith('_port'):
query_dict[item] = int(request.query[item])
else:
query_dict[item] = request.query[item]
if 'limit' in query_keys:
limit = int(request.query.limit)
else:
limit = 50
#remove ip of honeypot if user is not authorized to see it
u = auth.current_user.role
lvl = auth._store.roles[u]
needed_lvl = auth._store.roles['access_normalized']
p_limit = {'_id': False}
if lvl < needed_lvl:
p_limit = {'destination_ip': False}
result = list(mongodb['session'].find(spec=query_dict,
fields=p_limit).limit(limit))
return jsonify({'sessions': result}, response)
def get_dorks(mongodb):
try:
auth.require(role='public')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
#set default parameters
sort_key = 'count'
sort_order = -1
limit = 200
if 'sort_by' in query_keys:
sort_key = request.query.sort_by
if 'sort_order' in query_keys:
try:
sort_order = int(request.query.sort_order)
except ValueError:
raise HTTPError(400, 'sort_order must be an integer.')
if 'regex' in query_keys:
query_dict['content'] = {'$regex': request.query.regex}
#inurl, intitle, etc.
if 'type' in query_keys:
query_dict['type'] = request.query.type
if 'limit' in query_keys:
limit = int(request.query.limit)
result = list(mongodb['dork'].find(query_dict).sort(
sort_key, sort_order).limit(limit))
#delete mongo _id - better way?
for entry in result:
entry['firsttime'] = entry['_id'].generation_time
del entry['_id']
return jsonify({'dorks': result}, response)
def get_dorks(mongodb):
try:
auth.require(role='public')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
#set default parameters
sort_key = 'count'
sort_order = -1
limit = 200
if 'sort_by' in query_keys:
sort_key = request.query.sort_by
if 'sort_order' in query_keys:
try:
sort_order = int (request.query.sort_order)
except ValueError:
raise HTTPError(400, 'sort_order must be an integer.')
if 'regex' in query_keys:
query_dict['content'] = {'$regex': request.query.regex}
#inurl, intitle, etc.
if 'type' in query_keys:
query_dict['type'] = request.query.type
if 'limit' in query_keys:
limit = int(request.query.limit)
result = list(mongodb['dork'].find(query_dict).sort(sort_key, sort_order).limit(limit))
#delete mongo _id - better way?
for entry in result:
entry['firsttime'] = entry['_id'].generation_time
del entry['_id']
return jsonify({'dorks': result}, response)
def hpfeeds(mongodb):
try:
auth.require(role='access_all')
except AAAException as e:
return HTTPError(401, e.message)
if 'date' in request.query and 'channel' in request.query:
query = {'date': request.query.date, 'channel': request.query.channel}
elif 'date' in request.query:
query = {'date': request.query.date}
elif 'channel' in request.query:
query = {'channel': request.query.channel}
else:
abort(404, 'Bad Request')
results = list(mongodb['daily_stats'].find(query))
for result in results:
del result['_id']
return jsonify({'stats': results}, response)
def hpfeeds(mongodb):
try:
auth.require(role='access_all')
except AAAException as e:
return HTTPError(401, e.message)
if 'date' in request.query and 'channel' in request.query:
query = {'date': request.query.date, 'channel': request.query.channel}
elif 'date' in request.query:
query = {'date': request.query.date}
elif 'channel' in request.query:
query = {'channel': request.query.channel}
else:
abort(404, 'muhaha')
results = list(mongodb['daily_stats'].find(query))
for result in results:
del result['_id']
return jsonify({'stats': results}, response)
def hpfeeds(mongodb):
try:
auth.require(role="access_all")
except AAAException as e:
return HTTPError(401, e.message)
if "date" in request.query and "channel" in request.query:
query = {"date": request.query.date, "channel": request.query.channel}
elif "date" in request.query:
query = {"date": request.query.date}
elif "channel" in request.query:
query = {"channel": request.query.channel}
else:
abort(404, "muhaha")
results = list(mongodb["daily_stats"].find(query))
for result in results:
del result["_id"]
return jsonify({"stats": results}, response)
def sessions_get_by_query(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
mongo_keys = {'id', '_id', 'protocol', 'source_ip', 'source_port', 'destination_ip', 'destination_port', 'honeypot'}
#intersection
common_keys = (set(query_keys) & mongo_keys)
for item in common_keys:
if item.endswith('_id'):
query_dict[item] = ObjectId(request.query[item])
elif item is 'id':
query_dict['_' + item] = ObjectId(request.query[item])
elif item.endswith('_port'):
query_dict[item] = int(request.query[item])
else:
query_dict[item] = request.query[item]
if 'limit' in query_keys:
limit = int(request.query.limit)
else:
limit = 50
#remove ip of honeypot if user is not authorized to see it
u = auth.current_user.role
lvl = auth._store.roles[u]
needed_lvl = auth._store.roles['access_normalized']
if lvl < needed_lvl:
p_limit = {'destination_ip': False}
else:
p_limit = None
result = list(mongodb['session'].find(spec=query_dict, fields=p_limit).limit(limit))
return jsonify({'sessions': result}, response)
def get_files(mongodb):
try:
auth.require(role='access_normalized')
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
if 'limit' in query_keys:
limit = int(request.query.limit)
else:
limit = 50
if 'hash' in query_keys:
hash_length = len(request.query['hash'])
if hash_length is 128:
query_dict['hashes.sha512'] = request.query['hash']
elif hash_length is 40:
query_dict['hashes.sha1'] = request.query['hash']
elif hash_length is 32:
query_dict['hashes.md5'] = request.query['hash']
else:
abort(
400,
'{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. '
)
else:
abort(400, 'Only supported query parameter is "hash"')
p_limit = {'_id': False}
if 'no_data' in query_keys:
p_limit['data'] = False
result = list(mongodb['file'].find(query_dict,
fields=p_limit).limit(limit))
return jsonify({'files': result}, response)
def get_files(mongodb):
try:
auth.require(role="access_normalized")
except AAAException as e:
return HTTPError(401, e.message)
query_keys = request.query.keys()
query_dict = {}
if "limit" in query_keys:
limit = int(request.query.limit)
else:
limit = 50
if "hash" in query_keys:
hash_length = len(request.query["hash"])
if hash_length is 128:
query_dict["hashes.sha512"] = request.query["hash"]
elif hash_length is 40:
query_dict["hashes.sha1"] = request.query["hash"]
elif hash_length is 32:
query_dict["hashes.md5"] = request.query["hash"]
else:
abort(
400,
"{0} could not be recognized as a supported hash. Currently supported hashes are: SHA1, SHA512 and MD5. ",
)
else:
abort(400, 'Only supported query parameter is "hash"')
p_limit = {"_id": False}
if "no_data" in query_keys:
p_limit["data"] = False
result = list(mongodb["file"].find(query_dict, fields=p_limit).limit(limit))
return jsonify({"files": result}, response)
