def __init__(self, path='../PCAPLog/'): self.rules = list() self._db = SQLiteTool() self._db.creat_url_report() self.tcp_paylpad_iter = PayloadIterator2(path, 'tcp') self.udp_paylpad_iter = PayloadIterator2(path, 'udp') self.vd = Validator() self.vt = VirusTotal(APIKEY)
class RuleEngineBase(object): def __init__(self, path='../PCAPLog/'): self.rules = list() self._db = SQLiteTool() self._db.creat_url_report() self.tcp_paylpad_iter = PayloadIterator2(path, 'tcp') self.udp_paylpad_iter = PayloadIterator2(path, 'udp') self.vd = Validator() self.vt = VirusTotal(APIKEY) def _make_rule(self, **kwargs): rule = SnortRule() rule.msg = '"Trojan.Gen"' content = kwargs.get('content') uricontent = kwargs.get('uricontent') dst_port = kwargs.get('dst_port') ref = kwargs.get('ref') protocol = kwargs.get('protocol') dst_port = kwargs.get('dst_port') if protocol is not None: rule.protocol = protocol if dst_port is not None: rule.dst_port = dst_port if content is not None: rule.content = content if uricontent is not None and uricontent != '/': rule.uricontent = uricontent if ref is not None: rule.ref = ref # pattern['sid'] = sid self.rules.append(rule) self._log_rules(rule, ref[0].split(',')[-1]) def _get_url_positive(self, resource): urlkey = hashlib.sha1(resource).hexdigest() if self._db.is_key(urlkey): # print "In Table!!" return self._db.show_positive(urlkey) def _log_rules(self, data, filename): # print str(data) if not os.path.exists('./rules'): os.makedirs('./rules') with open('./rules/{m}_rule.rules'.format(m=filename), 'a') as fp: fp.write('{r}\n'.format(r=str(data)))