def __init__(self, path='../PCAPLog/'):
self.rules = list()
self._db = SQLiteTool()
self._db.creat_url_report()
self.tcp_paylpad_iter = PayloadIterator2(path, 'tcp')
self.udp_paylpad_iter = PayloadIterator2(path, 'udp')
self.vd = Validator()
self.vt = VirusTotal(APIKEY)
class RuleEngineBase(object):
def __init__(self, path='../PCAPLog/'):
self.rules = list()
self._db = SQLiteTool()
self._db.creat_url_report()
self.tcp_paylpad_iter = PayloadIterator2(path, 'tcp')
self.udp_paylpad_iter = PayloadIterator2(path, 'udp')
self.vd = Validator()
self.vt = VirusTotal(APIKEY)
def _make_rule(self, **kwargs):
rule = SnortRule()
rule.msg = '"Trojan.Gen"'
content = kwargs.get('content')
uricontent = kwargs.get('uricontent')
dst_port = kwargs.get('dst_port')
ref = kwargs.get('ref')
protocol = kwargs.get('protocol')
dst_port = kwargs.get('dst_port')
if protocol is not None:
rule.protocol = protocol
if dst_port is not None:
rule.dst_port = dst_port
if content is not None:
rule.content = content
if uricontent is not None and uricontent != '/':
rule.uricontent = uricontent
if ref is not None:
rule.ref = ref
# pattern['sid'] = sid
self.rules.append(rule)
self._log_rules(rule, ref[0].split(',')[-1])
def _get_url_positive(self, resource):
urlkey = hashlib.sha1(resource).hexdigest()
if self._db.is_key(urlkey):
# print "In Table!!"
return self._db.show_positive(urlkey)
def _log_rules(self, data, filename):
# print str(data)
if not os.path.exists('./rules'):
os.makedirs('./rules')
with open('./rules/{m}_rule.rules'.format(m=filename), 'a') as fp:
fp.write('{r}\n'.format(r=str(data)))
class RuleEngineBase(object):
def __init__(self, path='../PCAPLog/'):
self.rules = list()
self._db = SQLiteTool()
self._db.creat_url_report()
self.tcp_paylpad_iter = PayloadIterator2(path, 'tcp')
self.udp_paylpad_iter = PayloadIterator2(path, 'udp')
self.vd = Validator()
self.vt = VirusTotal(APIKEY)
def _make_rule(self, **kwargs):
rule = SnortRule()
rule.msg = '"Trojan.Gen"'
content = kwargs.get('content')
uricontent = kwargs.get('uricontent')
dst_port = kwargs.get('dst_port')
ref = kwargs.get('ref')
protocol = kwargs.get('protocol')
dst_port = kwargs.get('dst_port')
if protocol is not None:
rule.protocol = protocol
if dst_port is not None:
rule.dst_port = dst_port
if content is not None:
rule.content = content
if uricontent is not None and uricontent != '/':
rule.uricontent = uricontent
if ref is not None:
rule.ref = ref
# pattern['sid'] = sid
self.rules.append(rule)
self._log_rules(rule, ref[0].split(',')[-1])
def _get_url_positive(self, resource):
urlkey = hashlib.sha1(resource).hexdigest()
if self._db.is_key(urlkey):
# print "In Table!!"
return self._db.show_positive(urlkey)
def _log_rules(self, data, filename):
# print str(data)
if not os.path.exists('./rules'):
os.makedirs('./rules')
with open('./rules/{m}_rule.rules'.format(m=filename), 'a') as fp:
fp.write('{r}\n'.format(r=str(data)))
def __init__(self, path='../PCAPLog/'):
self.rules = list()
self._db = SQLiteTool()
self._db.creat_url_report()
self.tcp_paylpad_iter = PayloadIterator2(path, 'tcp')
self.udp_paylpad_iter = PayloadIterator2(path, 'udp')
self.vd = Validator()
self.vt = VirusTotal(APIKEY)
