def generate_message(self, zeroaccess_nodes, zeroaccess_file_list): ret = urllib2.urlopen('https://enabledns.com/ip') self.local_ip = ret.read() get_local_ip_info = 'Retrieve local ip : ' + self.local_ip logger.info(get_local_ip_info) #faked_ip = self.local_ip faked_ip = '96.8.117.251' self.getL_message = ZeroAccessUtil.buildZeroAccessGetLMessage() self.newL_message = ZeroAccessUtil.buildZeroAccessNewLMessage(faked_ip) faked_node_info = ZeroAccessNode() faked_node_info.set_ip( struct.unpack("I", socket.inet_aton(faked_ip))[0]) faked_node_info.set_time(time.time()) seed_node_size = 15 seed_node_list = random.sample(zeroaccess_nodes, seed_node_size) seed_node_list.append(faked_node_info) print 'bootstrap nodes len : ' + str(len(zeroaccess_nodes)) print 'bootstrap file len : ' + str(len(zeroaccess_file_list)) file_list = random.sample(zeroaccess_file_list, 5) self.retL_message = ZeroAccessUtil.buildZeroAccessretLMessage( seed_node_list, file_list) print 'retL message length ' + str(len(self.retL_message)) print 'retL message :\n' #print ''.join( [ "%02X" % x for x in self.retL_message]).strip() print self.retL_message.encode('hex')
def main(): query_message = ZeroAccessUtil.buildMessage() SEPARATOR = '/' if sys.platform == 'win32': SEPARATOR = "\\" message = ZeroAccessUtil.buildMessage() print message.encode("hex") nonQueryedNodes = mul.Queue(5000) zeroaccess_bootstrap_seeds_path = "Data"+SEPARATOR+"zeroaccess_node.dat" zeroaccess_nodes = ZeroAccessUtil.read_zeroaccess_data_from_file(zeroaccess_bootstrap_seeds_path) pile = eventlet.GreenPile() for x in zeroaccess_nodes[:10]: pile.spawn(query, x,message) # note that the pile acts as a collection of return values from the functions # if any exceptions are raised by the function they'll get raised here key = [ord('2'),ord('p'),ord('t'),ord('f')] for node, result in zip(zeroaccess_nodes[:10], pile): if(result == ''): print 'no response from '+ socket.inet_ntoa(struct.pack('I',node.get_ip())) continue print 'received' original_message = ZeroAccessUtil.xorMessage(result[0],key) crc32,retL_command,b_flag,ip_count = struct.unpack('IIII',original_message[:16]) print socket.inet_ntoa(struct.pack('I',node.get_ip()))+' --> ip count: '+str(ip_count)
def generate_message(self,zeroaccess_nodes,zeroaccess_file_list): ret = urllib2.urlopen('https://enabledns.com/ip') self.local_ip = ret.read() get_local_ip_info = 'Retrieve local ip : '+self.local_ip logger.info(get_local_ip_info) #faked_ip = self.local_ip faked_ip = '96.8.117.251' self.getL_message = ZeroAccessUtil.buildZeroAccessGetLMessage() self.newL_message = ZeroAccessUtil.buildZeroAccessNewLMessage(faked_ip) faked_node_info = ZeroAccessNode() faked_node_info.set_ip(struct.unpack("I",socket.inet_aton(faked_ip))[0]) faked_node_info.set_time(time.time()) seed_node_size = 15 seed_node_list = random.sample(zeroaccess_nodes,seed_node_size) seed_node_list.append(faked_node_info) print 'bootstrap nodes len : ' + str(len(zeroaccess_nodes)) print 'bootstrap file len : ' + str(len(zeroaccess_file_list)) file_list = random.sample(zeroaccess_file_list,5) self.retL_message = ZeroAccessUtil.buildZeroAccessretLMessage(seed_node_list,file_list) print 'retL message length ' + str(len(self.retL_message)) print 'retL message :\n' #print ''.join( [ "%02X" % x for x in self.retL_message]).strip() print self.retL_message.encode('hex')
def main(): query_message = ZeroAccessUtil.buildMessage() SEPARATOR = '/' if sys.platform == 'win32': SEPARATOR = "\\" message = ZeroAccessUtil.buildMessage() print message.encode("hex") nonQueryedNodes = mul.Queue(5000) zeroaccess_bootstrap_seeds_path = "Data" + SEPARATOR + "zeroaccess_node.dat" zeroaccess_nodes = ZeroAccessUtil.read_zeroaccess_data_from_file( zeroaccess_bootstrap_seeds_path) pile = eventlet.GreenPile() for x in zeroaccess_nodes[:10]: pile.spawn(query, x, message) # note that the pile acts as a collection of return values from the functions # if any exceptions are raised by the function they'll get raised here key = [ord('2'), ord('p'), ord('t'), ord('f')] for node, result in zip(zeroaccess_nodes[:10], pile): if (result == ''): print 'no response from ' + socket.inet_ntoa( struct.pack('I', node.get_ip())) continue print 'received' original_message = ZeroAccessUtil.xorMessage(result[0], key) crc32, retL_command, b_flag, ip_count = struct.unpack( 'IIII', original_message[:16]) print socket.inet_ntoa(struct.pack( 'I', node.get_ip())) + ' --> ip count: ' + str(ip_count)
def main(): #logging.Formatter.converter = time.gmtime #FORMAT = '%(levelname)s %(asctime)-15s %(message)s' #logging.basicConfig(filename = os.path.join(os.getcwd(),'crawl.log'), level = logger.INFO,format = FORMAT) SEPARATOR = '/' if sys.platform == 'win32': SEPARATOR = "\\" ZEROACCESS_UDP_PORT = 16471 silent = False zeroaccess_bootstrap_seeds_path = "Data"+SEPARATOR+"zeroaccess_node_"+str(ZEROACCESS_UDP_PORT)+".dat" zeroaccess_nodes = ZeroAccessUtil.read_zeroaccess_data_from_file(zeroaccess_bootstrap_seeds_path) zeroaccess_file_info_path = "Data"+SEPARATOR+"zeroaccess_file.bin" zeroaccess_file_list = ZeroAccessUtil.read_zeroaccess_file_data_from_bin(zeroaccess_file_info_path) zeroaccess_protocol = ZeroAccessProtocol() zeroaccess_protocol.generate_message(zeroaccess_nodes,zeroaccess_file_list) # get a sample list of zeroaccess nodes map #ip_list = random.sample(zeroaccess_nodes,16) #print ip_list zeroaccess_protocol.set_udp_port(ZEROACCESS_UDP_PORT) zeroaccess_protocol.set_bootstrap_node_list(zeroaccess_nodes) t = reactor.listenUDP(ZEROACCESS_UDP_PORT , zeroaccess_protocol) signal.signal(signal.SIGINT, SIGINT_exit) #if(crawl_only): # reactor.callLater(40,zeroaccess_protocol.RestartCrawl) # reactor.callLater(60,ShutdownGracefully,ZEROACCESS_UDP_PORT,zeroaccess_protocol.get_nodes_map(),zeroaccess_protocol.get_files_map()) newL_query_update_loop = task.LoopingCall(zeroaccess_protocol.RestartCrawl) newL_query_update_loop.start(2) # call every second try: reactor.run() #except KeyboardInterrupt: # print "Interrupted by keyboard. Exiting." # reactor.stop() except: print 'Exception caught while interuptting reactor' pass
def ShutdownGracefully(udp_port,nodes_map,files_map): reactor.stop() info = 'Crawling Eventloop Stopped with node count : ' + str(len(nodes_map)) print info logger.info(info) nodes_file_path_prefix = 'log/zeroaccess_nodes_' files_file_path_prefix = 'log/zeroaccess_nodes_file_' files_bin_path_prefix = 'log/zeroaccess_nodes_bin_' ZeroAccessUtil.save_zeroaccess_data_to_csv(nodes_map,nodes_file_path_prefix,udp_port) ZeroAccessUtil.save_zeroaccess_file_data_to_csv(files_map,files_file_path_prefix,udp_port) ZeroAccessUtil.save_zeroaccess_file_data_to_bin(files_map,files_bin_path_prefix,udp_port)
def datagramReceived(self, datagram, host): try: #print 'host in --> '+str(host[0]) #original_message = ZeroAccessUtil.xorMessage(datagram,self.key) original_message = ZeroAccessUtil.xorMessageFast(datagram,self.key_int) crc32,command,b_flag,ip_count = struct.unpack('IIII',original_message[:16]) if(command == self.getL_command_int): self.getL_process(original_message,host) elif command == self.retL_command_int: self.retL_process(original_message,host) elif command == self.newL_command_int: self.newL_process(original_message,host) else: print 'Unknown command : '+str(hex(command)) except Exception , e: logger.debug('error in parsing query from node '+str(host)) logger.debug(str(e)) traceback.print_exc() return
def main(): #logging.Formatter.converter = time.gmtime #FORMAT = '%(levelname)s %(asctime)-15s %(message)s' #logging.basicConfig(filename = os.path.join(os.getcwd(),'crawl.log'), level = logger.INFO,format = FORMAT) SEPARATOR = '/' if sys.platform == 'win32': SEPARATOR = "\\" ZEROACCESS_UDP_PORT = 16471 silent = False zeroaccess_nodes = [] zeroaccess_file_info_path = "Data" + SEPARATOR + "zeroaccess_file.bin" zeroaccess_file_list = ZeroAccessUtil.read_zeroaccess_file_data_from_bin( zeroaccess_file_info_path) zeroaccess_protocol = ZeroAccessProtocol() interactive = False crawl_only = False # 静默状态,监听 # -l # 使用 getL 查询爬取全网 # -s # 周期性大量发送 getL 查询,同时积极回应,使用newL推送 ip # -i # 做为客户端,发送查询 # -c try: opts, args = getopt.getopt(sys.argv[1:], "hp:lis") except getopt.GetoptError as err: print str(err) sys.exit(2) for o, a in opts: if o == '-h': print 'help' sys.exit() if o == '-i': interactive = True zeroaccess_protocol.set_interactive(interactive) if o == '-s': crawl_only = True if o == '-c': zeroaccess_nodes = [] ip_path = "Data" + SEPARATOR + "ip_list.txt" ip_file = open(ip_path) for ip_line in ip_file: print ip_line node = ZeroAccessNode() ip_int = struct.unpack("I", socket.inet_aton(ip_line))[0] node.set_ip(ip_int) zeroaccess_nodes.append(node) if o == '-l': silent = True zeroaccess_protocol.set_silent_state(True) if o == '-p': try: ZEROACCESS_UDP_PORT = int(a) except ValueError: print 'Invalid Value' if ZEROACCESS_UDP_PORT not in [16471, 16470, 16464, 16465]: port_error_info = 'Crawling Port Not Valid : ' + str( ZEROACCESS_UDP_PORT) logger.info(port_error_info) sys.exit() port_info = 'Crawling Port : ' + str(ZEROACCESS_UDP_PORT) logger.info(port_info) print port_info # get a sample list of zeroaccess nodes map #ip_list = random.sample(zeroaccess_nodes,16) #print ip_list zeroaccess_bootstrap_seeds_path = "Data" + SEPARATOR + "zeroaccess_node_" + str( ZEROACCESS_UDP_PORT) + ".dat" bootstrap_nodes = ZeroAccessUtil.read_zeroaccess_data_from_file( zeroaccess_bootstrap_seeds_path) zeroaccess_nodes = zeroaccess_nodes + bootstrap_nodes zeroaccess_protocol.set_udp_port(ZEROACCESS_UDP_PORT) zeroaccess_protocol.set_bootstrap_node_list(zeroaccess_nodes) zeroaccess_protocol.generate_message(zeroaccess_nodes, zeroaccess_file_list) t = reactor.listenUDP(ZEROACCESS_UDP_PORT, zeroaccess_protocol) signal.signal(signal.SIGINT, SIGINT_exit) if (crawl_only): reactor.callLater(40, zeroaccess_protocol.RestartCrawl) reactor.callLater(60, ShutdownGracefully, ZEROACCESS_UDP_PORT, zeroaccess_protocol.get_nodes_map(), zeroaccess_protocol.get_files_map()) if (interactive): newL_query_update_loop = task.LoopingCall( zeroaccess_protocol.RestartCrawl) newL_query_update_loop.start(120) # call every second try: reactor.run() #except KeyboardInterrupt: # print "Interrupted by keyboard. Exiting." # reactor.stop() except: print 'Exception caught while interuptting reactor' pass
def main(): #logging.Formatter.converter = time.gmtime #FORMAT = '%(levelname)s %(asctime)-15s %(message)s' #logging.basicConfig(filename = os.path.join(os.getcwd(),'crawl.log'), level = logger.INFO,format = FORMAT) SEPARATOR = '/' if sys.platform == 'win32': SEPARATOR = "\\" ZEROACCESS_UDP_PORT = 16471 silent = False zeroaccess_nodes = [] zeroaccess_file_info_path = "Data"+SEPARATOR+"zeroaccess_file.bin" zeroaccess_file_list = ZeroAccessUtil.read_zeroaccess_file_data_from_bin(zeroaccess_file_info_path) zeroaccess_protocol = ZeroAccessProtocol() interactive = False crawl_only = False # 静默状态,监听 # -l # 使用 getL 查询爬取全网 # -s # 周期性大量发送 getL 查询,同时积极回应,使用newL推送 ip # -i # 做为客户端,发送查询 # -c try: opts,args = getopt.getopt(sys.argv[1:],"hp:lis") except getopt.GetoptError as err: print str(err) sys.exit(2) for o,a in opts: if o=='-h': print 'help' sys.exit() if o=='-i': interactive = True zeroaccess_protocol.set_interactive(interactive) if o=='-s': crawl_only = True if o=='-c': zeroaccess_nodes = [] ip_path = "Data"+SEPARATOR+"ip_list.txt" ip_file = open(ip_path) for ip_line in ip_file: print ip_line node = ZeroAccessNode() ip_int = struct.unpack("I",socket.inet_aton(ip_line))[0] node.set_ip(ip_int) zeroaccess_nodes.append(node) if o=='-l': silent = True zeroaccess_protocol.set_silent_state(True) if o=='-p': try: ZEROACCESS_UDP_PORT = int(a) except ValueError: print 'Invalid Value' if ZEROACCESS_UDP_PORT not in [16471,16470,16464,16465]: port_error_info = 'Crawling Port Not Valid : ' + str(ZEROACCESS_UDP_PORT) logger.info(port_error_info) sys.exit() port_info = 'Crawling Port : ' + str(ZEROACCESS_UDP_PORT) logger.info(port_info) print port_info # get a sample list of zeroaccess nodes map #ip_list = random.sample(zeroaccess_nodes,16) #print ip_list zeroaccess_bootstrap_seeds_path = "Data"+SEPARATOR+"zeroaccess_node_"+str(ZEROACCESS_UDP_PORT)+".dat" bootstrap_nodes = ZeroAccessUtil.read_zeroaccess_data_from_file(zeroaccess_bootstrap_seeds_path) zeroaccess_nodes = zeroaccess_nodes + bootstrap_nodes zeroaccess_protocol.set_udp_port(ZEROACCESS_UDP_PORT) zeroaccess_protocol.set_bootstrap_node_list(zeroaccess_nodes) zeroaccess_protocol.generate_message(zeroaccess_nodes,zeroaccess_file_list) t = reactor.listenUDP(ZEROACCESS_UDP_PORT , zeroaccess_protocol) signal.signal(signal.SIGINT, SIGINT_exit) if(crawl_only): reactor.callLater(40,zeroaccess_protocol.RestartCrawl) reactor.callLater(60,ShutdownGracefully,ZEROACCESS_UDP_PORT,zeroaccess_protocol.get_nodes_map(),zeroaccess_protocol.get_files_map()) if(interactive): newL_query_update_loop = task.LoopingCall(zeroaccess_protocol.RestartCrawl) newL_query_update_loop.start(120) # call every second try: reactor.run() #except KeyboardInterrupt: # print "Interrupted by keyboard. Exiting." # reactor.stop() except: print 'Exception caught while interuptting reactor' pass