Exemple #1
0
def dotransform(request, response):
    #Build Request
    page = build(request.value)

    #Find the dropped files section, and parse MD5 hashes
    try:
        procs = page.find("div", {"id": "dropped_files"}).findAll('tr')
        for element in procs:
            if element.findNext('td').text == "MD5:":
                response += Hash(element.text[4::])
    except:
        return response

    return response
def dotransform(request, response):
	#Build Request
	page = build(request.value)

	#Find the dropped files section, and parse MD5 hashes
	try:
		procs = page.find("div", {"id" : "dropped_files"}).findAll('tr')
		for element in procs:
			if element.findNext('td').text == "MD5:":
				response += Hash(element.text[4::])
	except:
		return response
		
	return response
def dotransform(request, response):
    #Build Request
    page = build(request.value)

    #Finds the DNS section and extracts domains
    try:
        table = page.find("div", {"id" : "network_dns"}).findNext('table')
        elements = table.findAll("span", {"class" : "mono"})
        for element in elements:
            text = element.find(text=True)
            response += Domain(text)
    except:
        return response

    return response
def dotransform(request, response):
    #Build Request
    page = build(request.value)

    #Find the Process tree and extract processes
    try:
        procs = page.find("ul", {"id" : "tree"}).findNext('li')
        elements = procs.findAll("span", {"class" : "mono"})
        for element in elements:
            text = element.find(text=True)
            response += MaliciousProcess(text)
    except:
        return response

    return response
def dotransform(request, response):
    #Build request
    page = build(request.value)

    #Find the Hosts section and extract IPs
    try:
        table = page.find("div", {"id": "network_hosts"}).findNext('table')
        elements = table.findAll('td', {"class": "row"})
        for element in elements:
            text = element.find(text=True)
            response += IPv4Address(text)
    except:
        return response

    return response
Exemple #6
0
def dotransform(request, response):
    #Build Request
    page = build(request.value)

    #Find the Process tree and extract processes
    try:
        procs = page.find("ul", {"id": "tree"}).findNext('li')
        elements = procs.findAll("span", {"class": "mono"})
        for element in elements:
            text = element.find(text=True)
            response += MaliciousProcess(text)
    except:
        return response

    return response
Exemple #7
0
def dotransform(request, response):
    #Build request
    page = build(request.value)

    #Find the Hosts section and extract IPs
    try:
        table = page.find("div", {"id" : "network_http"}).findNext('table')
        elements = table.findAll("span", {"class" : "mono"})
        for element in elements:
            text = element.find(text=True)
            response += URL(text)
    except:
        return response

    return response
Exemple #8
0
def dotransform(request, response):
    # Build request
    page = build(request.value)

    # Find the Hosts section and extract IPs
    try:
        table = page.find("div", {"id": "network_hosts"}).findNext("table")
        elements = table.findAll("td", {"class": "row"})
        for element in elements:
            text = element.find(text=True)
            response += IPv4Address(text)
    except:
        return response

    return response
Exemple #9
0
def dotransform(request, response):
    #Build Request
    page = build(request.value)

    #Finds the DNS section and extracts domains
    try:
        table = page.find("div", {"id": "network_dns"}).findNext('table')
        elements = table.findAll("span", {"class": "mono"})
        for element in elements:
            text = element.find(text=True)
            response += Domain(text)
    except:
        return response

    return response
Exemple #10
0
def dotransform(request, response):
	#Build request
	page = build(request.value)
	
	try:
		table = page.find("div", {"id" : "network_http"}).findNext('table')
		elements = table.findAll("pre")
		for element in elements:
			text = element.text.splitlines()
			for entry in text:
				if re.search('User-Agent:', entry):
					response += UserAgent(entry[12::])
	except:
		return response
					
	return response