def main():
print '<?xml version="1.0" encoding="UTF-8"?>'
v = AnyURI("www.sample1.com/index.html")
v.condition = "Equals"
u = URI()
u.value = v
u.type_ = URI.TYPE_URL
o = Observables(u)
print o.to_xml()
def test_get_namespaces(self):
m = EmailMessage()
m.to = "*****@*****.**"
m.subject = "Here's a cool picture"
m.links = Links()
u = URI("http://example.com/cool.jpg", URI.TYPE_URL)
m.links.append(u.parent.id_)
o = Observables([u, m])
print o.to_xml()
actual_namespaces = o._get_namespaces()
print "\n".join([str(x) for x in actual_namespaces])
self.assertEqual(5, len(actual_namespaces))
def test_get_namespaces(self):
m = EmailMessage()
m.to = "*****@*****.**"
m.subject = "Here's a cool picture"
m.links = Links()
u = URI("http://example.com/cool.jpg", URI.TYPE_URL)
m.links.append(u.parent.id_)
o = Observables([u, m])
print o.to_xml()
actual_namespaces = o._get_namespaces()
print "\n".join([str(x) for x in actual_namespaces])
self.assertEqual(5, len(actual_namespaces))
def main():
'''Build a CybOX Observables document and write it to stdout'''
domain = helper.create_domain_name_observable('www.example.com')
url = helper.create_url_observable('http://www.example.com')
ipv4 = helper.create_ipv4_observable('127.0.0.1')
email = helper.create_email_address_observable('*****@*****.**')
file_ = helper.create_file_hash_observable('foo.bar',
'94f93e00fd122466d68a6ae3b8c7f908')
observables_doc = Observables([
domain,
ipv4,
url,
email,
file_,
])
print observables_doc.to_xml()
pprint(observables_doc.to_dict())
def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
#Basic argument checking
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0, len(args)):
if args[i] == '-i':
infilename = args[i + 1]
elif args[i] == '-o':
outfilename = args[i + 1]
#Basic input file checking
if os.path.isfile(infilename):
#Get the raw lines from the input file
raw_lines = get_input(infilename)
#Breakup each certificate into its corresponding lines
cert_strings = split_certs(raw_lines)
observables_list = []
#Process each certificate array into its CybOX representation
for cert_array in cert_strings:
#Get the Python dictionary corresponding to the certificate
cert_dict = tokenize_input(cert_array)
observables_list.append(cert_to_cybox(cert_dict))
observables = Observables(observables_list)
#Open the output file for writing and write out the generated Observables
out_file = open(outfilename, 'w')
out_file.write("<?xml version='1.0' encoding='UTF-8'?>\n")
out_file.write(
"<!-- Generated by X509 to CybOX Utility\nhttps://github.com/CybOXProject/Tools/-->\n"
)
out_file.write("<!DOCTYPE doc [<!ENTITY comma ','>]>\n")
out_file.write(
observables.to_xml(
namespace_dict={
'https://github.com/CybOXProject/Tools': 'x509_to_cybox'
}))
out_file.close()
else:
print('\nError: Input file not found or inaccessible.')
sys.exit(1)
def main():
'''Build a CybOX Observables document and write it to stdout'''
domain = helper.create_domain_name_observable('www.example.com')
url = helper.create_url_observable('http://www.example.com')
ipv4 = helper.create_ipv4_observable('127.0.0.1')
email = helper.create_email_address_observable('*****@*****.**')
file_ = helper.create_file_hash_observable('foo.bar',
'94f93e00fd122466d68a6ae3b8c7f908')
observables_doc = Observables([
domain,
ipv4,
url,
email,
file_,
])
print(observables_doc.to_xml(encoding=None))
pprint(observables_doc.to_dict())
def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
#Basic argument checking
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
#Basic input file checking
if os.path.isfile(infilename):
#Get the raw lines from the input file
raw_lines = get_input(infilename)
#Breakup each certificate into its corresponding lines
cert_strings = split_certs(raw_lines)
observables_list = []
#Process each certificate array into its CybOX representation
for cert_array in cert_strings:
#Get the Python dictionary corresponding to the certificate
cert_dict = tokenize_input(cert_array)
observables_list.append(cert_to_cybox(cert_dict))
observables = Observables(observables_list)
#Open the output file for writing and write out the generated Observables
out_file = open(outfilename, 'w')
out_file.write("<?xml version='1.0' encoding='UTF-8'?>\n")
out_file.write("<!-- Generated by X509 to CybOX Utility\nhttps://github.com/CybOXProject/Tools/-->\n")
out_file.write("<!DOCTYPE doc [<!ENTITY comma ','>]>\n")
out_file.write(observables.to_xml(namespace_dict={'https://github.com/CybOXProject/Tools': 'x509_to_cybox'}))
out_file.close()
else:
print('\nError: Input file not found or inaccessible.')
sys.exit(1)
def export_cybox():
"""
Export the tagged items in CybOX format.
This prompts the user to determine which file they want the CybOX saved
out too.
"""
filename = asksaveasfilename(title="Save As", filetypes=[("xml file",".xml"),("All files",".*")])
observables_doc = None
if filename:
observables = []
for t in tags:
indicators = []
myhighlights = text.tag_ranges(t)
mystart = 0
for h in myhighlights:
if mystart == 0:
mystart = h
else:
mystop = h
value = text.get(mystart,mystop).replace('[.]','.').replace('[@]','@')
if t == 'md5':
value = value.upper()
if value not in indicators:
observable = cybox_helper.create_file_hash_observable('', value)
observables.append(observable)
indicators.append(value)
elif t == 'ipv4':
if not value in indicators:
observable = cybox_helper.create_ipv4_observable(value)
observables.append(observable)
indicators.append(value)
elif t == 'domain':
if not value in indicators:
# CybOX 2.0 contains a schema bug that prevents the use of this function.
# The workaround is to not declare a @type attribute for the URI object
#observable = cybox_helper.create_domain_name_observable(value)
uri_obj = URI(value=value)
uri_obs = Observable(item=uri_obj)
observables.append(uri_obs)
indicators.append(value)
elif t == 'url':
if not value in indicators:
observable = cybox_helper.create_url_observable(value)
observables.append(observable)
indicators.append(value)
elif t == 'email':
if not value in indicators:
observable = cybox_helper.create_email_address_observable(value)
observables.append(observable)
indicators.append(value)
mystart = 0
# end if
# end for
# end for
if len(observables) > 0:
NS = cybox.utils.Namespace("http://example.com/", "example")
cybox.utils.set_id_namespace(NS)
observables_doc = Observables(observables=observables)
if not filename.endswith('.xml'):
filename = "%s.xml" % filename #add .xml extension if missing
# end if
with open(filename, "wb") as f:
cybox_xml = observables_doc.to_xml(namespace_dict={NS.name: NS.prefix})
f.write(cybox_xml)
def export_cybox():
"""
Export the tagged items in CybOX format.
This prompts the user to determine which file they want the CybOX saved
out too.
"""
filename = asksaveasfilename(title="Save As",
filetypes=[("xml file", ".xml"),
("All files", ".*")])
observables_doc = None
if filename:
observables = []
for t in tags:
indicators = []
myhighlights = text.tag_ranges(t)
mystart = 0
for h in myhighlights:
if mystart == 0:
mystart = h
else:
mystop = h
value = text.get(mystart,
mystop).replace('[.]',
'.').replace('[@]', '@')
if t == 'md5':
value = value.upper()
if value not in indicators:
observable = cybox_helper.create_file_hash_observable(
'', value)
observables.append(observable)
indicators.append(value)
elif t == 'ipv4':
if not value in indicators:
observable = cybox_helper.create_ipv4_observable(
value)
observables.append(observable)
indicators.append(value)
elif t == 'domain':
if not value in indicators:
observable = cybox_helper.create_domain_name_observable(
value)
observables.append(observable)
indicators.append(value)
elif t == 'url':
if not value in indicators:
observable = cybox_helper.create_url_observable(
value)
observables.append(observable)
indicators.append(value)
elif t == 'email':
if not value in indicators:
observable = cybox_helper.create_email_address_observable(
value)
observables.append(observable)
indicators.append(value)
mystart = 0
# end if
# end for
# end for
if len(observables) > 0:
NS = cybox.utils.Namespace("http://example.com/", "example")
cybox.utils.set_id_namespace(NS)
observables_doc = Observables(observables=observables)
if not filename.endswith('.xml'):
filename = "%s.xml" % filename #add .xml extension if missing
# end if
with open(filename, "wb") as f:
cybox_xml = observables_doc.to_xml()
f.write(cybox_xml)
return capob
def cap2cybox(capob):
NS = cybox.utils.Namespace("http://example.com/","lift_s")
cybox.utils.set_id_namespace(NS)
#ファイル情報
files = File()
root, ext = os.path.splitext(fpath)
path = FilePath(root)
files.file_name = os.path.basename(fpath)
files.file_path = path
files.file_extension = ext
capObser = Observable(files)
capObser.description = u'ファイル情報'
ls = [capObser]
for ob in ls:
capob.add(ob)
return capob
if __name__ == '__main__':
log = Observables()
mininginfo()
log = pc2cybox(log) #PC情報の追加
log = cap2cybox(log) #CAPLogger情報の追加
xml = open("lifts_pc.xml","w")
xml.write(log.to_xml())
xml.close()
print log.to_xml()
# to add logic: # normally you'd probably have logic for all items, but this is just a demo, not reality oproc_ref = Observable() oproc_ref.id_ = None oproc_ref.idref = obs1.id_ ofile_ref = Observable() ofile_ref.id_ = None ofile_ref.idref = obs2.id_ omutex_ref = Observable() omutex_ref.id_ = None omutex_ref.idref = obs3.id_ o_comp = Observable(ObservableComposition(operator = "OR")) o_comp.observable_composition.add(oproc_ref) o_comp.observable_composition.add(ofile_ref) o_comp2 = Observable(ObservableComposition(operator = "AND")) o_comp2.observable_composition.add(omutex_ref) o_comp.observable_composition.add(o_comp2) # add our composition to the observables: observables_doc.add(o_comp) # output to stdout or file or whatever: outfd.write(observables_doc.to_xml())
Obs.add(create_user_account_observable(count))
if d[count]['eventid'] == 'cowrie.session.closed':
Obs.add(create_network_connection_closed_observable(count))
if d[count]['eventid'] == 'cowrie.command.input':
Bol = True
Obs.add(create_command_observable(count, Bol))
if d[count]['eventid'] == 'cowrie.command.failed':
Bol = False
Obs.add(create_command_observable(count, Bol))
if d[count]['eventid'] == 'cowrie.log.open':
Bol = True
Obs.add(create_file_observable(count, Bol))
if d[count]['eventid'] == 'cowrie.log.closed':
Bol = False
Obs.add(create_file_observable(count, Bol))
if d[count]['eventid'] == 'cowrie.session.file_download' or d[count][
'eventid'] == 'cowrie.session.file_upload':
if d[count]['eventid'] == 'cowrie.session.file_upload':
Bol = False
Obs.add(create_download_upload_file_observable(count, hashes, Bol))
if d[count]['eventid'] == 'cowrie.session.file_download.failed':
Bol = False
Obs.add(create_download_upload_file_observable(count, hashes, Bol))
count = count + 1
#writing to files, outputfiles come here
f = open('C:\\Users\DELL\Desktop\cowrie_to_cybox.xml', 'wb')
#f.write('<?xml version="1."?>')
f.write(Obs.to_xml())
f.close()