def dotransform(request, response): #Build Request page = build(request.value) #Find the dropped files section, and parse MD5 hashes try: procs = page.find("div", {"id": "dropped_files"}).findAll('tr') for element in procs: if element.findNext('td').text == "MD5:": response += Hash(element.text[4::]) except: return response return response
def dotransform(request, response): #Build Request page = build(request.value) #Find the dropped files section, and parse MD5 hashes try: procs = page.find("div", {"id" : "dropped_files"}).findAll('tr') for element in procs: if element.findNext('td').text == "MD5:": response += Hash(element.text[4::]) except: return response return response
def dotransform(request, response): #Build Request page = build(request.value) #Finds the DNS section and extracts domains try: table = page.find("div", {"id" : "network_dns"}).findNext('table') elements = table.findAll("span", {"class" : "mono"}) for element in elements: text = element.find(text=True) response += Domain(text) except: return response return response
def dotransform(request, response): #Build Request page = build(request.value) #Find the Process tree and extract processes try: procs = page.find("ul", {"id" : "tree"}).findNext('li') elements = procs.findAll("span", {"class" : "mono"}) for element in elements: text = element.find(text=True) response += MaliciousProcess(text) except: return response return response
def dotransform(request, response): #Build request page = build(request.value) #Find the Hosts section and extract IPs try: table = page.find("div", {"id": "network_hosts"}).findNext('table') elements = table.findAll('td', {"class": "row"}) for element in elements: text = element.find(text=True) response += IPv4Address(text) except: return response return response
def dotransform(request, response): #Build Request page = build(request.value) #Find the Process tree and extract processes try: procs = page.find("ul", {"id": "tree"}).findNext('li') elements = procs.findAll("span", {"class": "mono"}) for element in elements: text = element.find(text=True) response += MaliciousProcess(text) except: return response return response
def dotransform(request, response): #Build request page = build(request.value) #Find the Hosts section and extract IPs try: table = page.find("div", {"id" : "network_http"}).findNext('table') elements = table.findAll("span", {"class" : "mono"}) for element in elements: text = element.find(text=True) response += URL(text) except: return response return response
def dotransform(request, response): # Build request page = build(request.value) # Find the Hosts section and extract IPs try: table = page.find("div", {"id": "network_hosts"}).findNext("table") elements = table.findAll("td", {"class": "row"}) for element in elements: text = element.find(text=True) response += IPv4Address(text) except: return response return response
def dotransform(request, response): #Build Request page = build(request.value) #Finds the DNS section and extracts domains try: table = page.find("div", {"id": "network_dns"}).findNext('table') elements = table.findAll("span", {"class": "mono"}) for element in elements: text = element.find(text=True) response += Domain(text) except: return response return response
def dotransform(request, response): #Build request page = build(request.value) try: table = page.find("div", {"id" : "network_http"}).findNext('table') elements = table.findAll("pre") for element in elements: text = element.text.splitlines() for entry in text: if re.search('User-Agent:', entry): response += UserAgent(entry[12::]) except: return response return response