Esempio n. 1
0
def only_possible_number(grid, i, j, m, n):
    """
    Loops through all squares and checks to see if only 1 number is allowed
    """
    must = []
    only_possible_number_placed = False
    for x in range(1, 10):
        if grid[i][j] == 0:
            allowed = check_rules(grid, x, i, j, m, n)
            if allowed == 1:
                must.append([x, [i, j]])
    if (len(must) == 1):
        row = must[0][1][0]
        col = must[0][1][1]
        grid[row][col] = must[0][0]
        print("{} placed in position {}, {}".format(must[0][0], row, col))
        only_possible_number_placed = True
    return grid, only_possible_number_placed
Esempio n. 2
0
def check_files(template, incoming_files):

    results = {}
    for pattern, filename in template.known_files.items():
        regex = re.compile(pattern)

        matched = filter(regex.search, incoming_files)
        if not matched:
            print("No files matched with the regex %s." % pattern)
            continue

        with xr.open_dataset(filename) as known_dataset:
            for f in matched:
                with xr.open_dataset(f) as spooky_dataset:

                    rules = apply_rules(template.rules, known_dataset,
                                        spooky_dataset)

                    results[f] = ([str(check_rules(rules))] + rules)

    return results
Esempio n. 3
0
def only_possible_squares(x, grid):
    """
    Picks a box, loops through all squares looking to see if a number has to go in that square
    Picks next box, repeats
    """
    only_possible_squares_placed = False
    for col_def in [(0, 1, 2), (3, 4, 5), (6, 7, 8)]:
        for row_def in [(0, 1, 2), (3, 4, 5), (6, 7, 8)]:
            poss_posn = 0
            for i in col_def:
                for j in row_def:
                    if (grid[i][j] == 0):
                        m, n = box_finder(i, j)
                        allowed = check_rules(grid, x, i, j, m, n)
                        if allowed == 1:
                            poss_posn += 1
                            row = i
                            col = j
            if poss_posn == 1:
                grid[row][col] = x
                print("{} placed in position {}, {}".format(x, row, col))
                only_possible_squares_placed = True
            return grid, only_possible_squares_placed
Esempio n. 4
0
def http_start():
	_thread.start_new_thread(getPacketDetails,())
	GETS=[]
	#print("AM AJUNS AICI")
	configDetails = readConfig()
	ip=get_ip_address(configDetails['interface'])
	#ip='kali'
	start_http=1
	signatures=read_file('signatures')
	URLS=[]
	URL=''
	Cookie=''
	GET=[]
	db=MySQLdb.connect(host="localhost",user="******",passwd="FlagFlag123.",db="licenta" )
	cursor = db.cursor()
	last_res=''
	global continutPachetAPI
	global continutHexAPI
	global destinationAPI
	global sourceAPI
	global cookieAPI
	global agentAPI
	while(start_http!=0):
		#print ("------------------DADADADADADADA")
		added=0
		added_GET=0
		cmd="sudo tcpdump -i "+configDetails['interface']+" -xxv -A -s 0 'tcp dst port http and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -c 1 2>/dev/null"
		print ("HTTP REQUEST SENT")
		agent_found = 0
		cookie_found = 0
		host_found = 0
		get_found = 0
		founda = 0

		cmdout = subprocess.check_output(cmd, shell=True).decode('utf-8')
		if "192.168.1.5" not in cmdout:
			HOST, continutHexAPI = rules.check_rules('HTTP',cmdout)
			sourceAPI = HOST
			if check_whitelist(HOST,"./modules/Filters/whitelist_sources.txt") == 0:
				result=cmdout.split("\n\t\n\t")[0].split('\n')
				continutPachetAPI = cmdout.split("\n\t\n\t")[0]
				for i in range(len(result)):
					result[i]=result[i].split(': ')
					if 'Agent' in result[i][0]:
						agentAPI=result[i][1]
						if agent_found == 0:
							if check_whitelist_user_agent(result[i][1]) == 0:
								agent_found = 1
								cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'User-Agent!','MEDIUM','"+HOST+"','-','"+result[i][1]+"','"+str(datetime.now())+"')")
								#cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'User-Agent!','MEDIUM'"+HOST+"','-','"+"CIOCI"+"','"+str(datetime.now())+"')")
								db.commit()
					if cookie_found == 0:
						if 'Cookie' in result[i][0]:
							Cookie=result[i][1]
							cookieAPI = Cookie
							cookie_found = 1
					if host_found == 0:
						if 'Host' in result[i][0]:
							host_found = 1
							URL=result[i][1]
							destinationAPI = URL
					if get_found == 0:
						if 'GET' in result[i][0]:
							GET=result[i][0]
							try:
								GET=GET.split('?')[1].split(' ')[0].split('&')
								for i in range(len(GET)):
									GET[i]=GET[i].split("=")
									get_found = 1
							except:
								GET=GET.split(' ')
								path=[]
								path2=[]
								for counter in range(len(GET)):
									if "HTTP" in GET[counter]:
										path.append(GET[counter-1])
										path2.append(GET[counter])
								if "GET" in str(path):
									GET=path2
									get_found = 1
								else:
									GET=path
									get_found = 1
				stop=0
				banana=0
				try:
					for i in range(len(GETS)):
						try:
							if GETS[i] == GET[0][1:]:
								stop = 1
						except:
							banana = 0
				except:
					banana = 1
					pass
				if banana == 0:
					try:
						GETS.append(GET[0][1:])
					except:
						pass
					auxiliar_URL=URL.split('.')
					new_URL=[]
					for i in range(len(auxiliar_URL)-1):
						if auxiliar_URL[i]!='www':
							new_URL.append(auxiliar_URL[i])
					x=check_whitelist('.'.join(new_URL),"./modules/Filters/whitelist.txt")
					if x == 0:
						ok_http = 0
						if URL != '':
							try:
								if len(GET[0][1:]) > 0:
									try:
										if verify_encoding(GET[0][1:]) <= 10:
											if stop == 0:
												if ok_http == 0:
													ok_http = 1
													print ("ALERT HTTP! UNKNOWN BASE FOUND!!! --> "+ str(GET[0][1:]))
													#cursor.execute("INSERT INTO http (ID_event,Name,Alert_Type,Domain,Payload) VALUES('2', 'HTTP', 'UNKNOWN BASE FOUND!!!','"+URL+"','"+GET[0][1:]+"' )")
													cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'UNKNOWN BASE FOUND!','MEDIUM','"+HOST+"','"+URL+"','"+GET[0][1:]+"','"+str(datetime.now())+"')")
													db.commit()
													#print ("AM AJUNS AICI!!!")
									except:
										pass
							except:
								print ("UITE AICI E O EROARE SI NU STIU DE CE",str(GET))
								pass
							if len(URLS) == 0:
								x=WEB()
								try:
									x.add(URL,Cookie,GET,str(int(time.time())))
								except:
									x.add(URL,Cookie,[],str(int(time.time())))
								for count2 in range(len(signatures)):
									try:
										if founda==0:
											if long_to_bytes(signatures[count2]) == base64.b64decode(GET[0]):
												if stop == 0:
													#print ("ALERT! GET FILE SIGNATURE FOUND AS BASE64! :"+GET[0])
													#cursor.execute("INSERT INTO http (ID_event,Name,Alert_Type,Domain,Payload) VALUES('2', 'HTTP', 'GET FILE SIGNATURE FOUND AS BASE64!','"+URL+"','"+GET[0]+"' )")
													cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'GET FILE SIGNATURE FOUND AS BASE64!','HIGH','"+HOST+"','"+URL+"','"+GET[0]+"','"+str(datetime.now())+"')")

													db.commit()
													founda=1
									except:
										pass
									try:
										if founda==0:
											if signatures[count2] in GET[0]:
												if stop == 0:
													#print ("ALERT! GET FILE SIGNATURE FOUND AS HEX! :"+GET[0])
													#cursor.execute("INSERT INTO http (ID_event,Name,Alert_Type,Domain,Payload) VALUES('2', 'HTTP', 'GET FILE SIGNATURE FOUND AS HEX!','"+URL+"','"+GET[0]+"' )")
													cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'GET FILE SIGNATURE FOUND AS HEX!','HIGH','"+HOST+"','"+URL+"','"+GET[0]+"','"+str(datetime.now())+"')")
													
													db.commit()
													founda=1
									except:
										pass
								URLS.append(x)
							else:
								ok=0
								for i in range(len(URLS)):
										if URL==URLS[i].URL:
											for ii in range(len(URLS[i].GET)):
												ok3=0
												if URLS[i].GET[ii] == GET:
													ok3=1
											if ok3== 0:
												URLS[i].GET.append(GET)
												URLS[i].GET_time.append(str(int(time.time())))
												for count in range(len(GET)):
													if len(GET[count])>15:
														if stop == 0:
															#print ("ALERT! GET LEN: "+GET[count])
															#cursor.execute("INSERT INTO http (ID_event,Name,Alert_Type,Domain,Payload) VALUES('2', 'HTTP', 'GET LENGTH!','"+URL+"','"+GET[count]+"' )")
															cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'GET LENGTH > 15','MEDIUM','"+HOST+"','"+URL+"','"+GET[count]+"','"+str(datetime.now())+"')")
															
															db.commit()
															break
													for count2 in range(len(signatures)):
														try:
															if founda==0:
																if long_to_bytes(signatures[count2] == base64.b64decode(GET[count])):
																	if stop == 0:
																		#print ("ALERT! GET FILE SIGNATURE FOUND AS BASE64! :"+GET[count])
																		#cursor.execute("INSERT INTO http (ID_event,Name,Alert_Type,Domain,Payload) VALUES('2', 'HTTP', 'GET FILE SIGNATURE FOUND AS BASE64!','"+URL+"','"+GET[count]+"' )")
																		cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'GET FILE SIGNATURE FOUND AS BASE64!','HIGH','"+HOST+"','"+URL+"','"+GET[count]+"','"+str(datetime.now())+"')")
																		db.commit()
																		founda=1
														except:
															pass
														if founda==0:
															if signatures[count2] == GET[count]:
																if stop == 0:
																	#print ("ALERT! GET FILE SIGNATURE FOUND AS HEX! :"+GET[count])
																	#cursor.execute("INSERT INTO http (ID_event,Name,Alert_Type,Domain,Payload) VALUES('2', 'HTTP', 'GET FILE SIGNATURE FOUND AS HEX!','"+URL+"','"+GET[count]+"' )")
																	cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'GET FILE SIGNATURE FOUND AS HEX!','HIGH','"+HOST+"','"+URL+"','"+GET[count]+"','"+str(datetime.now())+"')")											
																	db.commit()
																	founda=1
											#print ("AM AJUNS LA COOKIES")
											#print (URLS[i].adds)
											for ii in range(len(URLS[i].Cookies)):
												ok2=0
												if URLS[i].Cookies[ii] == Cookie:
													ok2=1
											if ok2 == 0:
												URLS[i].Cookies.append(Cookie)
												URLS[i].adds+=1
												if URLS[i].adds>2:
													#print ("ALERT! MULTIPLE COOKIES SENT TO "+ URLS[i].URL)
													#cursor.execute("INSERT INTO http (ID_event,Name,Alert_Type,Domain,Payload) VALUES('2', 'HTTP', 'MULTIPLE COOKIES SENT','"+URL+"','"+URLS[i].URL+"' )")
													cursor.execute("INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTP', 'MULTIPLE COOKIES SENT','HIGH','"+HOST+"','"+URLS[i].URL+"','"+Cookie+"','"+str(datetime.now())+"')")											
													db.commit()
													print ("COOKIE COMMITED")
											ok=1

								if ok==0:
									x=WEB()
									try:	
										x.add(URL,Cookie,GET,str(int(time.time())))
									except:
										x.add(URL,Cookie,[],str(int(time.time())))
									URLS.append(x)

						for i in range(len(URLS)):
							pass
Esempio n. 5
0
def test_all_rights_without_set_card_strictly_false():
    user = User(all_rights_without_set_card)
    assert check_rules(rules_array, user, strictly=False) == True
Esempio n. 6
0
def test_all_rights_strictly_false():
    user = User(all_rights)
    assert check_rules(rules_array, user, strictly=False) == True
Esempio n. 7
0
def test_root_rights_only_strictly_false():
    user = User(root_rights_only)
    assert check_rules(rules_array, user, strictly=False) == True
Esempio n. 8
0
def test_root_rights_only():
    user = User(root_rights_only)
    assert check_rules(rules_array, user) == False
Esempio n. 9
0
def test_all_rights():
    user = User(all_rights)
    assert check_rules(rules_array, user) == True
Esempio n. 10
0
def test_one_not_valid_rights():
    user = User(one_not_valid_rights)
    assert check_rules(rules_array, user) == False
Esempio n. 11
0
def dns_start():
    _thread.start_new_thread(getPacketDetails, ())
    dns_time = []
    times = []
    SUBD = []
    puncte = 0
    db = MySQLdb.connect(host="localhost",
                         user="******",
                         passwd="FlagFlag123.",
                         db="licenta")
    cursor = db.cursor()
    configDetails = readConfig()
    ip = get_ip_address(configDetails['interface'])
    tld = read_file('TLD')
    signatures = read_file('signatures')
    database = []
    global start_dns
    start_dns = 1
    global continutPachetAPI
    global continutHexAPI
    global destinationAPI
    global sourceAPI
    global subdomainAPI
    while (start_dns != 0):
        #try:
        #cmd="-xxv -i "+configDetails['interface']+" -c1 -l -v -n -t port 53 2>/dev/null"
        ok_txt = 0
        puncte = 0
        #result = subprocess.check_output(cmd, shell=True).decode('utf-8')
        result = []
        nr_magic = 0
        last = 'a'
        last_last = ''
        last_ML = 'a'
        last_last_ML = ''
        p = subprocess.Popen(
            ('sudo', 'tcpdump', '-l', '-xxv', 'port 53', '-n', '-v', '-t'),
            stdout=subprocess.PIPE,
            stderr=subprocess.DEVNULL)
        for row in iter(p.stdout.readline, b''):
            if len(result) > 0:
                if row.strip().decode()[0] == 'I' and row.strip().decode(
                )[1] == 'P':
                    result = '\n'.join(result)
                    for_check = result
                    print("AICI E FORCHECK", for_check)
                    HOST, continutHexAPI = rules.check_rules('DNS', for_check)
                    continutPachetAPI = result.split('\n\t')[0]
                    if check_whitelist(
                            HOST,
                            "./modules/Filters/whitelist_sources.txt") == 0:
                        sourceAPI = HOST
                        result = result.split('\n\t')[0].replace('\t', '')
                        #try:
                        result = result.split('\n')
                        flag = result[0].split('[')[1].split(']')[0]
                        for i in range(len(result)):
                            res = result[i].split(' ')
                            for j in range(len(res)):
                                if res[j].replace('?', '') == 'TXT':
                                    ok_txt = 1
                                if res[j].count('.') > 2:
                                    url = res[j].split('.')
                                if res[j].count('.') == 2:
                                    puncte = 1
                        #print ("FLAG:",flag)
                        passed = 0
                        if flag == 'none':
                            try:
                                for i in range(len(result)):
                                    scan_url = result[i].replace('\t',
                                                                 '').split(' ')
                                    for j in range(len(scan_url) - 1):
                                        if scan_url[j] == '>':
                                            url = scan_url[j + 1]
                                payload = result[1].split('?')[1].split(' ')[1]
                                if 'addr' not in payload:
                                    if len(url[len(url) - 2]) > 0:

                                        if payload.count('.') < 2:
                                            if len(payload) > 0:
                                                raspuns_ML = predict.check_model_3(
                                                    payload)
                                                if (raspuns_ML == 1):
                                                    print(
                                                        "SUBDOMENIU OK",
                                                        payload)
                                                else:
                                                    print(
                                                        "SUBDOMENIU MALITIOS",
                                                        payload)
                                                    if payload != last_ML:
                                                        cursor.execute(
                                                            "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('Machine Learning', 'DNS - DIG EXFILTRATION','HIGH','"
                                                            + HOST + "','" +
                                                            url[:-4] + "','" +
                                                            payload + "','" +
                                                            str(datetime.now())
                                                            + "')")
                                                        db.commit()
                                                        last_last_ML = last_ML
                                                        last_ML = payload
                                                subdomainAPI = payload
                                                cursor.execute(
                                                    "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'DIG EXFILTRATION','HIGH','"
                                                    + HOST + "','" + url[:-4] +
                                                    "','" + payload + "','" +
                                                    str(datetime.now()) + "')")
                                                db.commit()
                                                passed = 1
                                        else:
                                            url = payload.split('.')

                            except:
                                pass
                        try:
                            url.remove("www")
                        except:
                            pass
                        if passed == 0:
                            nope = 0
                            if puncte == 0:
                                if len(url) > 4:
                                    nope = 1
                            else:
                                nope = 1

                            for i in range(len(url)):
                                if url[i] == None:
                                    del url[i]
                            bd = url
                            destinationAPI = '.'.join(url)
                            exfil_check = 0
                            exfil_check = check_TLD_exfil(bd, tld, HOST)
                            if exfil_check == 0:
                                domain = []
                                for i in range(len(tld)):
                                    tld[i] = tld[i].lower()
                                for i in range(len(url)):
                                    for j in range(len(tld)):
                                        try:
                                            if url[i] == tld[j]:
                                                domain.append(url[i])
                                                del url[i]
                                            if url[i] == "www":
                                                del url[i]
                                                del bd[i]
                                        except:
                                            pass
                                if ok_txt == 1:
                                    cursor.execute(
                                        "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'TXT RECORDS','MEDIUM','"
                                        + HOST + "','" + bd[len(bd) - 2] +
                                        "','-','" + str(datetime.now()) + "')")
                                    db.commit()
                                if nope == 0:
                                    z = DNS_time(bd[len(bd) - 2], HOST)
                                    dns_ok = 0
                                    if len(dns_time) > 0:
                                        for k in range(len(dns_time)):
                                            if dns_time[k].domain == bd[len(bd)
                                                                        - 2]:
                                                dns_ok = 1
                                                dns_time[k].add()
                                        if dns_ok == 0:
                                            dns_time.append(z)
                                    else:
                                        dns_time.append(z)

                                    var = check_whitelist(
                                        bd[len(bd) - 2],
                                        "./modules/Filters/whitelist.txt")
                                    DNS_domain = "http://" + bd[
                                        len(bd) - 2] + "." + '.'.join(domain)

                                    cursor3 = db.cursor()
                                    cursor3.execute("SELECT * FROM domains")
                                    data3 = (cursor3.fetchall())
                                    DNS_ok = 0
                                    for i in data3:
                                        if i[1] == DNS_domain:
                                            DNS_ok = 1
                                            break
                                    if DNS_ok == 0:
                                        sql = "INSERT INTO domains (Domains) VALUES('" + DNS_domain + "')"
                                        cursor.execute(sql)
                                        db.commit()
                                    print("AICI E DNSOK", DNS_ok)
                                    if var == 0:
                                        if DNS_ok == 0:
                                            #try:
                                            vt = search_url("http://" +
                                                            bd[len(bd) - 2] +
                                                            "." +
                                                            '.'.join(domain))
                                            for i in vt:
                                                cursor.execute(
                                                    "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('VirusTotal', '"
                                                    + i[0] + "','HIGH','" +
                                                    HOST + "','" +
                                                    bd[len(bd) - 2] + "." +
                                                    '.'.join(domain) + "','" +
                                                    i[2] + "','" +
                                                    str(datetime.now()) + "')")
                                                db.commit()
                                        #except:
                                        #print ("PASS BOSS")
                                        #pass
                                        stop = 0
                                        for i in range(len(SUBD)):
                                            if SUBD[i] == bd[0]:
                                                stop = 1
                                        if stop == 0:
                                            SUBD.append(bd[0])
                                            ok = 0
                                            if len(bd) > 2:
                                                for i in range(len(database)):
                                                    if (database[i].check(
                                                            bd[len(bd) -
                                                               2]) == 1):
                                                        for j in range(
                                                                len(bd) - 2):
                                                            subdomainAPI = bd[
                                                                j]
                                                            if len(bd[j]) > 0:
                                                                raspuns_ML = predict.check_model_3(
                                                                    bd[j])
                                                                if (raspuns_ML
                                                                        == 1):
                                                                    print(
                                                                        "SUBDOMENIU OK",
                                                                        bd[j])
                                                                else:
                                                                    if bd[j] != last_ML:
                                                                        print(
                                                                            "SUBDOMENIU MALITIOS",
                                                                            bd[j]
                                                                        )
                                                                        cursor.execute(
                                                                            "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('Machine Learning', 'DNS EXFILTRATION','UNKNOWN','"
                                                                            +
                                                                            HOST
                                                                            +
                                                                            "','"
                                                                            +
                                                                            bd[len(
                                                                                bd
                                                                            ) -
                                                                               2]
                                                                            +
                                                                            "','"
                                                                            +
                                                                            bd[j]
                                                                            +
                                                                            "','"
                                                                            +
                                                                            str(
                                                                                datetime
                                                                                .
                                                                                now(
                                                                                )
                                                                            ) +
                                                                            "')"
                                                                        )
                                                                        db.commit(
                                                                        )
                                                                        last_last_ML = last_ML
                                                                        last_ML = bd[
                                                                            j]

                                                            if len(str(bd[j])
                                                                   ) > 10:
                                                                #cursor.execute("INSERT INTO dns (ID_event,Name,Alert_Type,Domain,Subdomain) VALUES('1', 'DNS', 'DNS EXFILTRATION LENGTH','"+bd[len(bd)-2]+"','"+bd[j]+"' )")
                                                                if bd[j] != last:
                                                                    cursor.execute(
                                                                        "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'DNS EXFILTRATION LENGTH','HIGH','"
                                                                        +
                                                                        HOST +
                                                                        "','" +
                                                                        bd[len(
                                                                            bd)
                                                                           -
                                                                           2] +
                                                                        "','" +
                                                                        bd[j] +
                                                                        "','" +
                                                                        str(datetime
                                                                            .
                                                                            now(
                                                                            ))
                                                                        + "')")
                                                                    db.commit()
                                                                    print(
                                                                        "ALERT! DNS EXFILTRATION LEN - "
                                                                        + str(
                                                                            len(
                                                                                str(bd[
                                                                                    j]
                                                                                    )
                                                                            ))
                                                                        + " " +
                                                                        bd[j])
                                                                    last_last = last
                                                                    last = bd[
                                                                        j]

                                                            if check_chars(
                                                                    bd[j]
                                                            ) == 1:
                                                                print(
                                                                    "ALERT! DNS EXFILTRATION NONASCII CHARS - "
                                                                    + bd[j])
                                                                #cursor.execute("INSERT INTO dns (ID_event,Name,Alert_Type,Domain,Subdomain) VALUES('1', 'DNS', 'DNS EXFILTRATION NONASCII CHARS','"+bd[len(bd)-2]+"','"+bd[j]+"' )")
                                                                if bd[j] != last:
                                                                    cursor.execute(
                                                                        "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'DNS EXFILTRATION NONASCII CHARS','HIGH','"
                                                                        +
                                                                        HOST +
                                                                        "','" +
                                                                        bd[len(
                                                                            bd)
                                                                           -
                                                                           2] +
                                                                        "','" +
                                                                        bd[j] +
                                                                        "','" +
                                                                        str(datetime
                                                                            .
                                                                            now(
                                                                            ))
                                                                        + "')")
                                                                    db.commit()
                                                                    last_last = last
                                                                    last = bd[
                                                                        j]
                                                            #print verify_encoding(bd[j])
                                                            if verify_encoding(
                                                                    bd[j]
                                                            ) <= 10:
                                                                print(
                                                                    "ALERT! UNKNOWN BASE FOUND!!! --> "
                                                                    + bd[j])
                                                                #cursor.execute("INSERT INTO dns (ID_event,Name,Alert_Type,Domain,Subdomain) VALUES('1', 'DNS', 'UNKNOWN BASE FOUND','"+bd[len(bd)-2]+"','"+bd[j]+"' )")
                                                                if bd[j] != last:
                                                                    cursor.execute(
                                                                        "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'UNKNOWN BASE FOUND','HIGH','"
                                                                        +
                                                                        HOST +
                                                                        "','" +
                                                                        bd[len(
                                                                            bd)
                                                                           -
                                                                           2] +
                                                                        "','" +
                                                                        bd[j] +
                                                                        "','" +
                                                                        str(datetime
                                                                            .
                                                                            now(
                                                                            ))
                                                                        + "')")
                                                                    db.commit()
                                                                    last_last = last
                                                                    last = bd[
                                                                        j]
                                                            kappa.add(
                                                                bd[j],
                                                                int(time.time(
                                                                )))
                                                        ok = 1

                                                if ok == 0:
                                                    #print ("Domain added! "+ bd[len(bd)-2])
                                                    kappa = DNS(bd[len(bd) -
                                                                   2])
                                                    for j in range(
                                                            len(bd) - 2):
                                                        subdomainAPI = bd[j]
                                                        kappa.add(
                                                            bd[j],
                                                            int(time.time()))
                                                        if len(bd[j]) > 0:
                                                            raspuns_ML = predict.check_model_3(
                                                                bd[j])
                                                            if (raspuns_ML == 1
                                                                ):
                                                                print(
                                                                    "SUBDOMENIU OK",
                                                                    bd[j])
                                                            else:
                                                                print(
                                                                    "SUBDOMENIU MALITIOS",
                                                                    bd[j])
                                                                if bd[j] != last_ML:
                                                                    cursor.execute(
                                                                        "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('Machine Learning', 'DNS EXFILTRATION','UNKNOWN','"
                                                                        +
                                                                        HOST +
                                                                        "','" +
                                                                        bd[len(
                                                                            bd)
                                                                           -
                                                                           2] +
                                                                        "','" +
                                                                        bd[j] +
                                                                        "','" +
                                                                        str(datetime
                                                                            .
                                                                            now(
                                                                            ))
                                                                        + "')")
                                                                    db.commit()
                                                                    last_last_ML = last_ML
                                                                    last_ML = bd[
                                                                        j]

                                                        if len(str(
                                                                bd[j])) > 10:
                                                            print(
                                                                "ALERT! DNS EXFILTRATION LEN - "
                                                                + str(
                                                                    len(
                                                                        str(bd[
                                                                            j])
                                                                    )))
                                                            if bd[j] != last:
                                                                cursor.execute(
                                                                    "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'DNS EXFILTRATION LENGTH','HIGH','"
                                                                    + HOST +
                                                                    "','" +
                                                                    bd[len(bd)
                                                                       - 2] +
                                                                    "','" +
                                                                    bd[j] +
                                                                    "','" +
                                                                    str(datetime
                                                                        .now())
                                                                    + "')")
                                                                #cursor.execute("INSERT INTO dns (ID_event,Name,Alert_Type,Domain,Subdomain) VALUES('1', 'DNS', 'DNS EXFILTRATION LENGTH','"+bd[len(bd)-2]+"','"+bd[j]+"' )")
                                                                db.commit()
                                                                last_last = last
                                                                last = bd[j]
                                                        if check_chars(
                                                                bd[j]) == 1:
                                                            print(
                                                                "ALERT! DNS EXFILTRATION NONASCII CHARS"
                                                                + bd[j])
                                                            #cursor.execute("INSERT INTO dns (ID_event,Name,Alert_Type,Domain,Subdomain) VALUES('1', 'DNS', 'DNS EXFILTRATION NONASCII CHARS','"+bd[len(bd)-2]+"','"+bd[j]+"' )")
                                                            if bd[j] != last:
                                                                cursor.execute(
                                                                    "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'DNS EXFILTRATION NONASCII CHARS','HIGH','"
                                                                    + HOST +
                                                                    "','" +
                                                                    bd[len(bd)
                                                                       - 2] +
                                                                    "','" +
                                                                    bd[j] +
                                                                    "','" +
                                                                    str(datetime
                                                                        .now())
                                                                    + "')")
                                                                db.commit()
                                                                last_last = last
                                                                last = bd[j]
                                                        print(
                                                            "AICI E ENCODING-ul:",
                                                            verify_encoding(
                                                                bd[j]))
                                                        if verify_encoding(
                                                                bd[j]) <= 10:
                                                            print(
                                                                "ALERT! UNKNOWN BASE FOUND!!! --> "
                                                                + bd[j])
                                                            #cursor.execute("INSERT INTO dns (ID_event,Name,Alert_Type,Domain,Subdomain) VALUES('1', 'DNS', 'UNKNOWN BASE FOUND','"+bd[len(bd)-2]+"','"+bd[j]+"' )")
                                                            if bd[j] != last:
                                                                cursor.execute(
                                                                    "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'UNKNOWN BASE FOUND','HIGH','"
                                                                    + HOST +
                                                                    "','" +
                                                                    bd[len(bd)
                                                                       - 2] +
                                                                    "','" +
                                                                    bd[j] +
                                                                    "','" +
                                                                    str(datetime
                                                                        .now())
                                                                    + "')")
                                                                db.commit()
                                                                last_last = last
                                                                last = bd[j]
                                                    database.append(kappa)
                                            ok_signature = 0
                                            print("AICI E OK_SIGNATURE:",
                                                  ok_signature)
                                            for i in range(len(database)):
                                                if ok_signature == 0:
                                                    #print (database[i].d,database[i].sd)
                                                    for j in range(
                                                            len(database[i].sd)
                                                    ):
                                                        try:
                                                            for k in signatures:
                                                                if ok_signature == 0:
                                                                    if k in database[
                                                                            i].sd[
                                                                                j]:
                                                                        if ok_signature == 0:
                                                                            print(
                                                                                "ALERT! DNS EXFILTRATION - "
                                                                                +
                                                                                str(
                                                                                    k
                                                                                )
                                                                            )
                                                                            if bd[j] != last:
                                                                                cursor.execute(
                                                                                    "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'SIGNATURE FOUND','HIGH','"
                                                                                    +
                                                                                    HOST
                                                                                    +
                                                                                    "','"
                                                                                    +
                                                                                    bd[len(
                                                                                        bd
                                                                                    ) -
                                                                                       2]
                                                                                    +
                                                                                    "','"
                                                                                    +
                                                                                    bd[j]
                                                                                    +
                                                                                    "','"
                                                                                    +
                                                                                    str(
                                                                                        datetime
                                                                                        .
                                                                                        now(
                                                                                        )
                                                                                    )
                                                                                    +
                                                                                    "')"
                                                                                )
                                                                                db.commit(
                                                                                )
                                                                                db.close(
                                                                                )
                                                                                last_last = last
                                                                                last = bd[
                                                                                    j]
                                                                            ok_signature = 1
                                                        except:
                                                            pass
                                else:
                                    match = re.findall(
                                        r'((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)',
                                        '.'.join(url))  #match url
                                    if len(match) == 0:
                                        if (check_whitelist(
                                                bd[len(bd) - 2],
                                                "./modules/Filters/whitelist.txt"
                                        ) == 0):
                                            raspuns_ML = predict.check_model_3(
                                                '.'.join(url[:-2]))
                                            if len('.'.join(url[:-2])) > 0:
                                                if (raspuns_ML == 1):
                                                    print(
                                                        "SUBDOMENIU OK",
                                                        '.'.join(url[:-2]))
                                                else:
                                                    print(
                                                        "SUBDOMENIU MALITIOS",
                                                        '.'.join(url[:-2]))
                                                    if '.'.join(url[:-2]
                                                                ) != last_ML:
                                                        cursor.execute(
                                                            "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('Machine Learning', 'DNS EXFILTRATION','UNKNOWN','"
                                                            + HOST + "','" +
                                                            ''.join(bd[len(bd)
                                                                       - 2]) +
                                                            "','" + '.'.join(
                                                                url[:-2]) +
                                                            "','" +
                                                            str(datetime.now())
                                                            + "')")
                                                        db.commit()
                                                        last_last_ML = last_ML
                                                        last_ML = '.'.join(
                                                            url[:-2])
                                                    ok_signature = 1

                                            z = DNS_time(bd[len(bd) - 2], HOST)
                                            dns_ok = 0
                                            if len(dns_time) > 0:
                                                for k in range(len(dns_time)):
                                                    if dns_time[
                                                            k].domain == bd[
                                                                len(bd) - 2]:
                                                        dns_ok = 1
                                                        dns_time[k].add()
                                                if dns_ok == 0:
                                                    dns_time.append(z)
                                            else:
                                                dns_time.append(z)

                                            for i in range(len(url)):
                                                tld_ver = 0
                                                if url[i] not in tld:
                                                    subdomainAPI = ''.join(
                                                        bd[len(bd) - 2])
                                                    if verify_encoding(
                                                            url[i]) != None:
                                                        if verify_encoding(
                                                                url[i]) <= 10:
                                                            if url[i] != last:
                                                                cursor.execute(
                                                                    "INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('DNS', 'UNKNOWN BASE FOUND','HIGH','"
                                                                    + HOST +
                                                                    "','" +
                                                                    ''.join(bd[
                                                                        len(bd)
                                                                        - 2]) +
                                                                    "','" +
                                                                    url[i] +
                                                                    "','" +
                                                                    str(datetime
                                                                        .now())
                                                                    + "')")
                                                                db.commit()
                                                                last_last = last
                                                                last = url[i]
                                                                ok_signature = 1
                    result = []
                    nr_magic = 0
                if nr_magic > 2:
                    nr_magic += 1
                    result.append('\t' + row.strip().decode())
                else:
                    nr_magic += 1
                    result.append('    ' + row.strip().decode())
            else:
                result.append(row.strip().decode())