def close(self): cfg = config() if ( self.bytes_written > 0 ): self.server.fs.update_size(self.filename, self.bytes_written) if self.realfile is not None: try: shasum = hashlib.sha256(open(self.realfile, 'rb').read()).hexdigest() except Exception as e: print format(e) return self.server.fs.close(self.fd) msg = 'SHA sum %s of file %s' % (shasum, self.realfile) print msg hash_path = '%s/%s' % (cfg.get('honeypot', 'download_path'), shasum) if not os.path.exists(hash_path): print "moving " + self.realfile + " -> " + hash_path shutil.move(self.realfile, hash_path) if cfg.has_option('virustotal', 'apikey'): virustotal.get_report(shasum, self.filename, 'SFTP') else: print "deleting " + self.realfile + " with sha sum " + shasum os.remove(self.realfile) f = self.server.fs.getfile(self.filename) f[9] = hash_path if cfg.has_option('virustotal', 'apikey'): print "now checking Virustotal backlogs ssh" virustotal_backlogs.check() return self.server.fs.close(self.fd)
def success(self, data): if not os.path.isfile(self.safeoutfile): print "there's no " + self.safeoutfile self.exit() shasum = hashlib.sha256(open(self.safeoutfile, 'rb').read()).hexdigest() hash_path = '%s/%s' % (self.download_path, shasum) msg = '%s SHA sum %s of URL %s in file %s' % \ (self.protocol.realClientIP, shasum, self.url, self.fileName) print msg self.protocol.logDispatch(msg) cfg = self.protocol.env.cfg vt_check = 1 if re.search("\.sh$", self.url): m = magic.open(magic.MAGIC_NONE) m.load() filetype = m.file(self.safeoutfile) if re.search("ASCII", filetype): vt_check = 0 if not os.path.exists(hash_path): print "moving " + self.safeoutfile + " -> " + hash_path shutil.move(self.safeoutfile, hash_path) if cfg.has_option('virustotal', 'apikey') and vt_check: virustotal.get_report(shasum, self.fakeoutfile.split('/')[-1], self.url, self.protocol) else: print "deleting " + self.safeoutfile + " SHA sum: " + shasum os.remove(self.safeoutfile) self.safeoutfile = hash_path if cfg.has_option('virustotal', 'apikey'): print "now checking Virustotal backlogs wget" virustotal_backlogs.check() print "Updating realfile to " + hash_path f = self.fs.getfile(self.outfile) f[9] = hash_path self.exit()
def close(self): cfg = config() if (self.bytes_written > 0): self.server.fs.update_size(self.filename, self.bytes_written) if self.realfile is not None: try: shasum = hashlib.sha256(open(self.realfile, 'rb').read()).hexdigest() except Exception as e: print format(e) return self.server.fs.close(self.fd) msg = 'SHA sum %s of file %s' % (shasum, self.realfile) print msg hash_path = '%s/%s' % (cfg.get('honeypot', 'download_path'), shasum) if not os.path.exists(hash_path): print "moving " + self.realfile + " -> " + hash_path shutil.move(self.realfile, hash_path) if cfg.has_option('virustotal', 'apikey'): virustotal.get_report(shasum, self.filename, 'SFTP') else: print "deleting " + self.realfile + " with sha sum " + shasum os.remove(self.realfile) f = self.server.fs.getfile(self.filename) f[9] = hash_path if cfg.has_option('virustotal', 'apikey'): print "now checking Virustotal backlogs ssh" virustotal_backlogs.check() return self.server.fs.close(self.fd)