action='store',
help='path to the cuckoo directory',
default="/opt/cuckoo",
required=False,
dest='cuckoo')
parser.add_argument('--timeout',
'-t',
action='store',
help='path to the cuckoo directory',
type=int,
default=900,
required=False,
dest='timeout')
return parser
def sanityChecks(self, cliargs):
passed = HSN2Service.sanityChecks(self, cliargs)
if not path.isdir(cliargs.cuckoo):
logging.error("'%s' is not a dir" % cliargs.cuckoo)
passed = False
else:
if not path.isfile(path.join(cliargs.cuckoo, "cuckoo.py")):
logging.error("'%s' is not a file" %
path.join(cliargs.cuckoo, "cuckoo.py"))
passed = False
return passed
if __name__ == '__main__':
startService(CuckooService, CuckooTaskProcessor)
from os import path
import logging
from hsn2_commons.hsn2service import HSN2Service
from hsn2_commons.hsn2service import startService
from hsn2_thug.hsn2thugtaskprocessor import ThugTaskProcessor
class ThugService(HSN2Service):
'''
This is the HSN2 service which utilizes the Thug Python low-interaction honeyclient.
'''
serviceName = "thug"
description = "HSN 2 Thug Service"
def extraOptions(self, parser):
'''Arguments specific to this service. Receives a parser with the standard options. Returns a modified parser.'''
parser.add_argument('--thug', '-t', action='store', help='path to the thug.py file', default="/opt/hsn2/thug/src/thug.py", required=False, dest='thug')
return parser
def sanityChecks(self, cliargs):
passed = HSN2Service.sanityChecks(self, cliargs)
if not path.isfile(cliargs.thug):
logging.error("'%s' is not a file" % cliargs.thug)
passed = False
return passed
if __name__ == '__main__':
startService(ThugService, ThugTaskProcessor)
from hsn2cuckootaskprocessor import CuckooTaskProcessor
class CuckooService(HSN2Service):
'''
This is the HSN2 service which utilizes the Cuckoo sandbox.
'''
serviceName = "cuckoo"
description = "HSN 2 Cuckoo Service"
def extraOptions(self, parser):
'''Arguments specific to this service. Receives a parser with the standard options. Returns a modified parser.'''
parser.add_argument('--cuckoo', '-C', action='store', help='path to the cuckoo directory', default="/opt/cuckoo", required=False, dest='cuckoo')
parser.add_argument('--timeout', '-t', action='store', help='path to the cuckoo directory', type=int, default=900, required=False, dest='timeout')
return parser
def sanityChecks(self, cliargs):
passed = HSN2Service.sanityChecks(self, cliargs)
if not path.isdir(cliargs.cuckoo):
logging.error("'%s' is not a dir" % cliargs.cuckoo)
passed = False
else:
if not path.isfile(path.join(cliargs.cuckoo, "cuckoo.py")):
logging.error("'%s' is not a file" % path.join(cliargs.cuckoo, "cuckoo.py"))
passed = False
return passed
if __name__ == '__main__':
startService(CuckooService, CuckooTaskProcessor)
for obj in objects:
passed = True
for attr in obj.getTypeStore().iteritems():
logging.info(attr)
if attr[1] == "BYTES":
logging.info("got %s" % attr[0])
key = getattr(obj,attr[0]).getKey()
if isinstance(key, str) or isinstance(key, unicode):
if os.path.exists(key):
obj.addBytes(attr[0],long(self.dsAdapter.putFile(key, self.currentTask.job)))
else:
logging.warn("File not found.")
passed = False
if passed:
objects2.append(obj)
else:
skipped += 1
newObjIds = self.osAdapter.objectsPut(jobId,taskId,objects2)
self.newObjects.extend(newObjIds)
except IOError as e:
raise ParamException("IOError - %s." % e)
#raise ParamException("File '%s' not found." % filepath)
except ValueError as e:
raise ParamException("Trouble processing file - '%s'" % e.message)
return ["Skipped %d objects" % skipped]
if __name__ == '__main__':
startService(HSN2Service,HSN2TestFeederProcessor)
"""
Reads original HSN2 Capture HPC logs and produces similar output for mock service.
"""
urls = {} # dictionary with process data for each URL
if path is None:
path = "/tmp/hpc/url.log"
log = open(path, "rU")
for line in log:
parselogline(line, urls)
log.close()
return urls
def parselogline(line, urls):
date, time, ip, processing, status, jobid, url = line.split()
# TODO: update, when #7092 is implemented to capture-hpc
date = datetime.datetime.strptime(date + " " + time, "%d.%m.%Y %H:%M:%S.%f")
duration = 0
if url not in urls:
urls[url] = {}
if jobid not in urls[url]:
urls[url][jobid] = []
else:
previous = len(urls[url][jobid]) - 1
urls[url][jobid][previous].duration = (date - urls[url][jobid][previous].date).total_seconds()
urls[url][jobid].append(LogEntry(duration, date, ip, processing, status, jobid))
if __name__ == "__main__":
startService(HSN2Service, HSN2CaptureHPCMockProcessor)
if self.objects[0].isSet("content"):
filepath = self.dsAdapter.saveTmp(
self.currentTask.job, self.objects[0].content.getKey())
else:
raise ParamException("Content attribute is not set.")
mtype = self.recognize(filepath)
mtype = self.mapping.get(mtype, "undefined")
self.objects[0].addString("type", mtype)
self.dsAdapter.removeTmp(filepath)
self.osAdapter.objectsUpdate(
self.currentTask.job, self.objects, overwrite=True)
return warnings
def recognize(self, filename):
'''
Calls the file command with appropriate options in order to recognize the files mimetype.
@param filename: The path to the file which is to be identified.
@return: The identified mime-type.
'''
proc = subprocess.Popen(["file", "--mime-type", filename],
stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
result = proc.communicate()
m = re.search('ERROR', result[0])
if m is not None or proc.returncode != 0:
raise ProcessingException("Mime recognizer failed")
return result[0].split(":")[1].strip()
if __name__ == '__main__':
HSN2Service.serviceName = "mime-recognizer"
startService(HSN2Service, HSN2MimeRecognizer)
if not access(cliargs.nugget, X_OK):
logging.error("'%s' isn't executable or does not exist!" %
cliargs.nugget)
passed = False
if not path.isabs(cliargs.inputmapping):
cliargs.inputmapping = self.mappings + cliargs.inputmapping
if path.isdir(cliargs.inputmapping):
logging.error("'%s' is a directory" % cliargs.inputmapping)
passed = False
elif not path.isfile(cliargs.inputmapping):
logging.error("'%s' does not exist!" % cliargs.inputmapping)
passed = False
if not path.isabs(cliargs.outputmapping):
cliargs.outputmapping = self.mappings + cliargs.outputmapping
if path.isdir(cliargs.outputmapping):
logging.error("'%s' is a directory" % cliargs.outputmapping)
passed = False
elif not path.isfile(cliargs.outputmapping):
logging.error("'%s' does not exist!" % cliargs.outputmapping)
passed = False
if passed is True:
cliargs.inputmapping = self.importMapping(cliargs.inputmapping)
cliargs.outputmapping = self.importMapping(cliargs.outputmapping)
if cliargs.inputmapping is None or cliargs.outputmapping is None:
passed = False
return passed
if __name__ == '__main__':
startService(NuggetService, NuggetTaskProcessor)
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from hsn2_commons.hsn2service import HSN2Service
from hsn2_yara.hsn2yarataskprocessor import YaraTaskProcessor
from hsn2_commons.hsn2service import startService
class YaraService(HSN2Service):
'''
This is the HSN2 service which utilizes the Yara Python low-interaction honeyclient.
'''
serviceName = "yara"
description = "HSN 2 Yara Service"
def extraOptions(self, parser):
'''Arguments specific to this service. Receives a parser with the standard options. Returns a modified parser.'''
return parser
def sanityChecks(self, cliargs):
passed = HSN2Service.sanityChecks(self, cliargs)
try:
import yara
except ImportError:
passed = False
return passed
if __name__ == '__main__':
startService(YaraService, YaraTaskProcessor)
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from hsn2_commons.hsn2service import HSN2Service
from hsn2_pcap_extract.hsn2pcapextracttaskprocessor import PcapExtractTaskProcessor
from hsn2_commons.hsn2service import startService
class PcapExtractService(HSN2Service):
serviceName = "pcap-extract"
description = "HSN 2 PCAP extract Service"
def extraOptions(self, parser):
'''Arguments specific to this service. Receives a parser with the standard options. Returns a modified parser.'''
return parser
def sanityChecks(self, cliargs):
return HSN2Service.sanityChecks(self, cliargs)
if __name__ == '__main__':
startService(PcapExtractService, PcapExtractTaskProcessor)
if attr[1] == "BYTES":
logging.info("got %s" % attr[0])
key = getattr(obj, attr[0]).getKey()
if isinstance(key, str) or isinstance(key, unicode):
if os.path.exists(key):
obj.addBytes(
attr[0],
long(
self.dsAdapter.putFile(
key, self.currentTask.job)))
else:
logging.warn("File not found.")
passed = False
if passed:
objects2.append(obj)
else:
skipped += 1
newObjIds = self.osAdapter.objectsPut(jobId, taskId, objects2)
self.newObjects.extend(newObjIds)
except IOError as e:
raise ParamException("IOError - %s." % e)
#raise ParamException("File '%s' not found." % filepath)
except ValueError as e:
raise ParamException("Trouble processing file - '%s'" % e.message)
return ["Skipped %d objects" % skipped]
if __name__ == '__main__':
startService(HSN2Service, HSN2TestFeederProcessor)
urls = {} # dictionary with process data for each URL
if path is None:
path = "/tmp/hpc/url.log"
log = open(path, "rU")
for line in log:
parselogline(line, urls)
log.close()
return urls
def parselogline(line, urls):
date, time, ip, processing, status, jobid, url = line.split()
# TODO: update, when #7092 is implemented to capture-hpc
date = datetime.datetime.strptime(date + " " + time,
"%d.%m.%Y %H:%M:%S.%f")
duration = 0
if url not in urls:
urls[url] = {}
if jobid not in urls[url]:
urls[url][jobid] = []
else:
previous = len(urls[url][jobid]) - 1
urls[url][jobid][previous].duration = (
date - urls[url][jobid][previous].date).total_seconds()
urls[url][jobid].append(
LogEntry(duration, date, ip, processing, status, jobid))
if __name__ == "__main__":
startService(HSN2Service, HSN2CaptureHPCMockProcessor)
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from hsn2_commons.hsn2service import HSN2Service
from hsn2_pcap_analyze.hsn2pcapanalyzetaskprocessor import PcapAnalyzeTaskProcessor
from hsn2_commons.hsn2service import startService
class PcapAnalyzeService(HSN2Service):
serviceName = "pcap-analyze"
description = "HSN 2 PCAP analyze Service"
def extraOptions(self, parser):
'''Arguments specific to this service. Receives a parser with the standard options. Returns a modified parser.'''
return parser
def sanityChecks(self, cliargs):
return HSN2Service.sanityChecks(self, cliargs)
if __name__ == '__main__':
startService(PcapAnalyzeService, PcapAnalyzeTaskProcessor)
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from hsn2_commons.hsn2service import HSN2Service
from hsn2_pcap_extract.hsn2pcapextracttaskprocessor import PcapExtractTaskProcessor
from hsn2_commons.hsn2service import startService
class PcapExtractService(HSN2Service):
serviceName = "pcap-extract"
description = "HSN 2 PCAP extract Service"
def extraOptions(self, parser):
'''Arguments specific to this service. Receives a parser with the standard options. Returns a modified parser.'''
return parser
def sanityChecks(self, cliargs):
return HSN2Service.sanityChecks(self, cliargs)
if __name__ == '__main__':
startService(PcapExtractService, PcapExtractTaskProcessor)
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from hsn2_commons.hsn2service import HSN2Service
from hsn2_commons.hsn2service import startService
from hsn2maliciousdomainstaskprocessor import MaliciousDomainsTaskProcessor
class MaliciousDomainsService(HSN2Service):
serviceName = "malicious-domains"
description = "HSN 2 Malicious Domains"
def extraOptions(self, parser):
'''Arguments specific to this service. Receives a parser with the standard options. Returns a modified parser.'''
return parser
def sanityChecks(self, cliargs):
return HSN2Service.sanityChecks(self, cliargs)
if __name__ == '__main__':
startService(MaliciousDomainsService, MaliciousDomainsTaskProcessor)
logging.error("'%s' is a directory" % cliargs.nugget)
passed = False
if not access(cliargs.nugget, X_OK):
logging.error("'%s' isn't executable or does not exist!" % cliargs.nugget)
passed = False
if not path.isabs(cliargs.inputmapping):
cliargs.inputmapping = self.mappings + cliargs.inputmapping
if path.isdir(cliargs.inputmapping):
logging.error("'%s' is a directory" % cliargs.inputmapping)
passed = False
elif not path.isfile(cliargs.inputmapping):
logging.error("'%s' does not exist!" % cliargs.inputmapping)
passed = False
if not path.isabs(cliargs.outputmapping):
cliargs.outputmapping = self.mappings + cliargs.outputmapping
if path.isdir(cliargs.outputmapping):
logging.error("'%s' is a directory" % cliargs.outputmapping)
passed = False
elif not path.isfile(cliargs.outputmapping):
logging.error("'%s' does not exist!" % cliargs.outputmapping)
passed = False
if passed is True:
cliargs.inputmapping = self.importMapping(cliargs.inputmapping)
cliargs.outputmapping = self.importMapping(cliargs.outputmapping)
if cliargs.inputmapping is None or cliargs.outputmapping is None:
passed = False
return passed
if __name__ == '__main__':
startService(NuggetService, NuggetTaskProcessor)
# This is a free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from hsn2_commons.hsn2service import HSN2Service
from hsn2_commons.hsn2service import startService
from hsn2_url_feeder.hsn2urlfeedertaskprocessor import UrlFeederTaskProcessor
class UrlFeederService(HSN2Service):
serviceName = "url-feeder"
description = "HSN 2 URL Feeder Service"
def extraOptions(self, parser):
return parser
def sanityChecks(self, cliargs):
return True
if __name__ == '__main__':
startService(UrlFeederService, UrlFeederTaskProcessor)