'-a',
metavar='action',
help='Action to take when triggered (accept/block/drop)')
parser.add_argument('-d',
metavar='database',
help='Database to be modified')
parser.add_argument('-I', action='store_true', help='Case Insensitive')
parser.add_argument('-B',
action='store_true',
help='Binary Blob (enter in hex)')
parser.add_argument('-N',
action='store_true',
help='Notify - Alert the user right away')
args = parser.parse_args()
db = args.d if args.d else conf.getDB()
if args.L:
for x in conf.getTables():
print("=" * 80 + "\n%s\n" % (x) + "=" * 80)
for y in selectAllFrom(db, x):
sys.stdout.write("| ")
for z in sorted(y.keys()):
sys.stdout.write("%s: %s | " % (z, y[z]))
print("")
elif args.A:
if args.t:
# if args.B (Binary), get the clean hex version
token = args.t if not args.B else is_hex(args.t)
action = args.a.lower() if args.a else conf.getDefaultAction()
alert = True if args.N else False
import os
import sys
runpath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runpath, '..'))
import binascii
import re
from netfilterqueue import NetfilterQueue
from DatabaseLayer import selectAllFrom
from lib.Configuration import Configuration as conf
HoneyTokens = []
db = conf.getDB()
def readData():
try:
global HoneyTokens
HoneyTokens = selectAllFrom(db, "HoneyTokens")
print("imported %s honeytokens" % len(HoneyTokens))
except Exception as e:
print("An error occured: %s" % e)
def checkTraffic(pkt):
try:
for x in HoneyTokens:
check = re.compile(
x["token"],
re.IGNORECASE) if x['caseinsensitive'] else re.compile(
x["token"])
import os
import sys
runpath=os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runpath, '..'))
import binascii
import re
from netfilterqueue import NetfilterQueue
from DatabaseLayer import selectAllFrom
from lib.Configuration import Configuration as conf
HoneyTokens=[]
db=conf.getDB()
def readData():
try:
global HoneyTokens
HoneyTokens=selectAllFrom(db, "HoneyTokens")
print("imported %s honeytokens"%len(HoneyTokens))
except Exception as e:
print("An error occured: %s"%e)
def checkTraffic(pkt):
try:
for x in HoneyTokens:
check = re.compile(x["token"], re.IGNORECASE) if x['caseinsensitive'] else re.compile(x["token"])
if(check.search(pkt.get_payload())):
if x["action"].lower() == "drop":
print("Packet dropped!")
pkt.drop()
return
if __name__=='__main__':
description='''Management script'''
parser = argparse.ArgumentParser(description=description)
parser.add_argument('-L', action='store_true', help='List')
parser.add_argument('-A', action='store_true', help='Add')
parser.add_argument('-t', metavar='token', help='Token to add or remove')
parser.add_argument('-a', metavar='action', help='Action to take when triggered (accept/block/drop)')
parser.add_argument('-d', metavar='database', help='Database to be modified')
parser.add_argument('-I', action='store_true', help='Case Insensitive')
parser.add_argument('-B', action='store_true', help='Binary Blob (enter in hex)')
parser.add_argument('-N', action='store_true', help='Notify - Alert the user right away')
args = parser.parse_args()
db=args.d if args.d else conf.getDB()
if args.L:
for x in conf.getTables():
print("="*80 + "\n%s\n"%(x) + "="*80)
for y in selectAllFrom(db, x):
sys.stdout.write("| ")
for z in sorted(y.keys()):
sys.stdout.write("%s: %s | "%(z, y[z]))
print("")
elif args.A:
if args.t:
# if args.B (Binary), get the clean hex version
token=args.t if not args.B else is_hex(args.t)
action=args.a.lower() if args.a else conf.getDefaultAction()
alert=True if args.N else False
