def get_alerts():
s = snortdb.sdb()
s.setwhere(range='day', span=7)
#s.where_args=[]
#s.where='1=1'
alerts = s.find(sig='WEB-PHP remote include path')
return alerts
def get_alerts():
s=snortdb.sdb()
s.setwhere(range='day',span=7)
#s.where_args=[]
#s.where='1=1'
alerts = s.find(sig='WEB-PHP remote include path')
return alerts
def get_records(self):
rules = self.read_rules()
snort=snortdb.sdb()
snort.setwhere(range='hour',span=1)
snort.limit=None
records = []
for rule in rules:
records.extend(self.get_records_for_rule(snort, rule))
return records
def get_records(self):
rules = self.read_rules()
snort = snortdb.sdb()
snort.setwhere(range='hour', span=1)
snort.limit = None
records = []
for rule in rules:
records.extend(self.get_records_for_rule(snort, rule))
return records
def findirc():
s=snortdb.sdb()
s.setwhere()#range='hour',span=24)
s.setlimit()
seen = {}
for x in s.find(data='JOIN #'):
try :
line = [l for l in x['data'].splitlines() if 'JOIN' in l and '#' in l][0]
except IndexError:
continue
if ':' in line and '!' in line and '@' in line:
continue
tup = ( x['ip_src'], x['ip_dst'], x['dport'], line )
if tup in seen:
continue
seen[tup] = 1
yield tup
#!/usr/bin/env python
import commands
from snort import snortdb
s = snortdb.sdb()
s.setwhere() #range='hour',span=24)
s.setlimit()
def getproxyips():
seen = {}
for x in s.find(sig='TUNNEL'):
ip = str(x['ip_dst'])
port = x['dport']
tup = (ip, port)
if tup in seen:
continue
seen[tup] = 1
yield tup
def findproxies():
seen = {}
for ip, port in getproxyips():
cmd = "timeout 10 pxytest %s %s" % (ip, port)
yield ip, commands.getoutput(cmd)
def show():
for ip, out in findproxies():
def setup(self):
from snort import snortdb
self.sdb = snortdb.sdb()
self.sdb.setlimit(100000)
def test_init(self):
self.s = snortdb.sdb()
#!/usr/bin/env python
import commands
from snort import snortdb
s=snortdb.sdb()
s.setwhere()#range='hour',span=24)
s.setlimit()
def getproxyips():
seen = {}
for x in s.find(sig='TUNNEL'):
ip = str(x['ip_dst'])
port = x['dport']
tup = (ip, port)
if tup in seen:
continue
seen[tup]=1
yield tup
def findproxies():
seen = {}
for ip, port in getproxyips():
cmd = "timeout 10 pxytest %s %s" % (ip, port)
yield ip, commands.getoutput(cmd)
def show():
for ip, out in findproxies():
print ip
print out
def test_init(self):
self.s = snortdb.sdb()
