def dotransform(request, response):
# Build the request
page = build(request.value)
# Search the page to extract all IP addresses present
try:
for element in page.findAll(text=re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")):
response += IPv4Address(element)
except:
pass
return response
def dotransform(request, response):
page = build(request.value)
try:
single = page.find(
text='The following Host Name was requested from a host database:'
).findNext()
except:
single = None
pass
try:
single = page.find(
text='The following Host Names were requested from a host database:'
).findNext()
except:
single = None
pass
try:
single2 = page.find(
text='The following Internet Connection was established:'
).findNext()
except:
single2 = None
pass
try:
multi = page.find(
text='The following Internet Connections were established:'
).findNext('table')
except:
multi = None
pass
if single is not None:
for dom in single.findAll("li"):
text = dom.text
response += Domain(text)
if single2 is not None:
dom = single2.findNext('tr').findNext('tr').findNext('td')
text = dom.text
response += Domain(text)
if multi is not None:
for entry in multi.findAll('tr')[1::]:
dom = entry.findNext('td')
text = dom.text
response += Domain(text)
return response
def dotransform(request, response):
# Build the request
page = build(request.value)
# Search the page to extract all IP addresses present
try:
for element in page.findAll(text=re.compile(
"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
)):
response += IPv4Address(element)
except:
pass
return response
def dotransform(request, response):
page = build(request.value)
try:
dfiles = page.find(text=' from the user:'******'table')
except:
pass
if dfiles is not None:
for file in dfiles.findAll("td", {"class" : "cell_1"}):
text = file.text.splitlines()
for entry in text:
response += MaliciousProcess(entry)
return response
def dotransform(request, response):
page = build(request.value)
try:
dfiles = page.find(text=' from the user:'******'table')
except:
dfiles = None
pass
if dfiles is not None:
for file in dfiles.findAll("td", {"class": "cell_1"}):
text = file.text.splitlines()
for entry in text:
response += MaliciousProcess(entry)
return response
def dotransform(request, response):
page = build(request.value)
try:
single = page.find(text='The following Host Name was requested from a host database:').findNext()
except:
single = None
pass
try:
single = page.find(text='The following Host Names were requested from a host database:').findNext()
except:
single = None
pass
try:
single2 = page.find(text='The following Internet Connection was established:').findNext()
except:
single2 = None
pass
try:
multi = page.find(text='The following Internet Connections were established:').findNext('table')
except:
multi = None
pass
if single is not None:
for dom in single.findAll("li"):
text = dom.text
response += Domain(text)
if single2 is not None:
dom = single2.findNext('tr').findNext('tr').findNext('td')
text = dom.text
response += Domain(text)
if multi is not None:
for entry in multi.findAll('tr')[1::]:
dom = entry.findNext('td')
text = dom.text
response += Domain(text)
return response
def dotransform(request, response):
#Build the request
page = build(request.value)
try:
try:
# Searching for the string that indicates a single mutex was created
single = page.find(
text=
'To mark the presence in the system, the following Mutex object was created:'
).findNext('ul').li.text
except:
single = None
try:
# Searching for the string that indicates multiple mutexes were created
multiple = page.find(
text=
'To mark the presence in the system, the following Mutex objects were created:'
).findNext('ul')
except:
multiple = None
# If a single mutex was found
if single is not None:
response += Phrase(single)
# Account for the instance in which a dropped file may have had additional mutexes
if multiple is not None:
for mutex in multiple.findAll('li'):
current = mutex.text
response += Phrase(current)
# If multiple mutexes were found
elif multiple is not None:
for mutex in multiple.findAll('li'):
current = mutex.text
response += Phrase(current)
return response
else:
pass
except:
pass
return response
def dotransform(request, response):
# Build the request
page = build(request.value)
try:
try:
# Searching for the string that indicates a single mutex was created
single = (
page.find(text="To mark the presence in the system, the following Mutex object was created:")
.findNext("ul")
.li.text
)
except:
single = None
try:
# Searching for the string that indicates multiple mutexes were created
multiple = page.find(
text="To mark the presence in the system, the following Mutex objects were created:"
).findNext("ul")
except:
multiple = None
# If a single mutex was found
if single is not None:
response += Phrase(single)
# Account for the instance in which a dropped file may have had additional mutexes
if multiple is not None:
for mutex in multiple.findAll("li"):
current = mutex.text
response += Phrase(current)
# If multiple mutexes were found
elif multiple is not None:
for mutex in multiple.findAll("li"):
current = mutex.text
response += Phrase(current)
return response
else:
pass
except:
pass
return response
def dotransform(request, response):
#Build the request
page = build(request.value)
#Locate the dropped files section of the report
dfiles = None
try:
dfiles = page.find(text='The following files were created in the system:').findNext('table')
except:
pass
if dfiles is not None:
#Find the appropriate cell and extract the MD5 hash
for file in dfiles.findAll("td", {"class" : "cell_1"}):
text = file.text.splitlines()
for entry in text:
if re.search('MD5:', entry):
response += Hash(entry[7:39])
else:
print "No Dropped Files"
return response
def dotransform(request, response):
#Build the request
page = build(request.value)
#Locate the dropped files section of the report
try:
dfiles = page.find(text='The following files were created in the system:').findNext('table')
except:
dfiles = None
pass
if dfiles is not None:
#Find the appropriate cell and extract the MD5 hash
for file in dfiles.findAll("td", {"class" : "cell_1"}):
text = file.text.splitlines()
for entry in text:
if re.search('MD5:', entry):
response += Hash(entry[7:39])
else:
return response
return response
def dotransform(request, response):
#Build the request
page = build(request.value)
#Locate the URL files section of the report
try:
urls = page.find(
text=
'The data identified by the following URLs was then requested from the remote web server:'
).findNext('ul')
except:
urls = None
pass
try:
url = page.find(
text=
'The data identified by the following URL was then requested from the remote web server:'
).findNext('ul')
except:
url = None
if urls is not None:
#Find the appropriate cell and extract the MD5 hash
for file in urls.findAll("li"):
text = file.text
e = URL(text)
e.url = text
response += e
elif url is not None:
for file in url.findAll("li"):
text = file.text
e = URL(text)
e.url = text
response += e
else:
return response
return response
def dotransform(request, response):
# Build the request
page = build(request.value)
# Locate the URL files section of the report
try:
urls = page.find(
text="The data identified by the following URLs was then requested from the remote web server:"
).findNext("ul")
except:
urls = None
pass
try:
url = page.find(
text="The data identified by the following URL was then requested from the remote web server:"
).findNext("ul")
except:
url = None
if urls is not None:
# Find the appropriate cell and extract the MD5 hash
for file in urls.findAll("li"):
text = file.text
e = URL(text)
e.url = text
response += e
elif url is not None:
for file in url.findAll("li"):
text = file.text
e = URL(text)
e.url = text
response += e
else:
return response
return response
