def dotransform(request, response):
r = geoip(request.value)
if r is not None:
if 'error' in r:
response += UIMessage(r['error'])
return response
locname = ''
cityf = None
countryf = None
if 'city' in r:
locname += r['city']
cityf = r['city']
if 'countryName' in r:
locname += ', %s' % r['countryName']
countryf = r['countryName']
e = Location(locname)
if 'longitude' in r and 'latitude' in r:
e.longitude = r['longitude']
e.latitude = r['latitude']
link = maplink(r)
e += Label('Map It', A(link, link), type='text/html')
if 'region' in r:
e.area = r['region']
if cityf is not None:
e.city = cityf
if countryf is not None:
e.country = countryf
e.iconurl = flag(countryf)
if 'countryCode' in r:
e.countrycode = r['countryCode']
if e.iconurl is None:
e.iconurl = flag(r['countryCode'])
response += e
return response
def dotransform(request, response):
# Download GeoIP Database from MaxMinds
if not os.path.exists('/opt/geoipdb/geoipdb.dat'):
return response + UIMessage('Need local install of MaxMinds Geo IP database, use the download script in resource/external/geoipdownload.sh')
gi = pygeoip.GeoIP('/opt/geoipdb/geoipdb.dat')
pcap = request.value
pkts = rdpcap(pcap)
ip_raw = []
ip_geo = []
ip_exclusions = ['192.168.', '172.16.', '10.']
for x in pkts:
if x.haslayer(IP):
src = x.getlayer(IP).src
if src != '0.0.0.0':
if src not in ip_raw:
ip_raw.append(src)
for s in ip_raw:
if ip_exclusions[0] in s or ip_exclusions[1] in s or ip_exclusions[2] in s:
pass
else:
rec = gi.record_by_addr(s)
city = rec['city']
postcode = rec['postal_code']
country = rec['country_name']
lng = rec['longitude']
lat = rec['latitude']
ccode = rec['country_code']
google_map_url = 'https://maps.google.co.uk/maps?z=20&q=%s,%s' %(lat, lng)
geo_ip = s,city, postcode, country, ccode, str(lng), str(lat), google_map_url
if geo_ip not in ip_geo:
ip_geo.append(geo_ip)
for ip, city, postcode, country, ccode, lng, lat, gmap in ip_geo:
e = Location(country)
e.country = country
e.city = city
e.linkcolor = 0x2314CA
e.linklabel = ip
e.areacode = postcode
e.longitude = float(lng)
e.latitude = float(lat)
e.countrycode = ccode
e += Field('ipaddress', ip, displayname='IP Address')
e += Field('geomapurl', gmap, displayname='Google Map URL')
e += Field('pcapsrc', pcap, displayname='Original pcap File')
response += e
return response
def dotransform(request, response):
p = JSONDecoder().decode(
pipljsonsearch(first_name=request.entity.firstnames or '',
last_name=request.entity.lastname or ''))
if 'error' in p:
response += UIMessage(p['error'])
for r in p['results']['records']:
if 'addresses' in r:
for a in r['addresses']:
e = Location(a['display'])
e.countrycode = a['country']
e += Label('Source',
'<a href="%s">%s</a>' %
(r['source']['url'], r['source']['@ds_name']),
type='text/html')
response += e
return response
def dotransform(request, response):
p = JSONDecoder().decode(
pipljsonsearch(
first_name=request.fields['firstname'],
last_name=request.fields['lastname']
)
)
if 'error' in p:
response += UIMessage(p['error'])
for r in p['results']['records']:
if 'addresses' in r:
for a in r['addresses']:
e = Location(a['display'])
e.countrycode = a['country']
e += Label(
'Source', '<a href="%s">%s</a>' % (r['source']['url'], r['source']['@ds_name']), type='text/html'
)
response += e
return response
