def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.apikey = g_dionaea.config(
)['modules']['python']['virustotal']['apikey']
self.cookies = {}
self.loop = pyev.default_loop()
self.backlog_timer = pyev.Timer(0, 20, self.loop,
self.__handle_backlog_timeout)
self.backlog_timer.start()
p = g_dionaea.config()['modules']['python']['virustotal']['file']
self.dbh = sqlite3.connect(p)
self.cursor = self.dbh.cursor()
self.cursor.execute("""
CREATE TABLE IF NOT EXISTS backlogfiles (
backlogfile INTEGER PRIMARY KEY,
status TEXT NOT NULL, -- new, submit, query, comment
md5_hash TEXT NOT NULL,
path TEXT NOT NULL,
timestamp INTEGER NOT NULL,
scan_id TEXT,
lastcheck_time INTEGER,
submit_time INTEGER
);""")
def __init__(self, path, config=None):
logger.debug('hpfeedhandler init')
port = config.get("port")
if port is None:
port = self.default_port
try:
port = int(port)
except (TypeError, ValueError):
logger.warning("Unable to convert value '%s' for port to int" %
port)
port = self.default_port
self.client = hpfeeds.client.new(config['server'], port,
config['ident'], config['secret'])
ihandler.__init__(self, path)
self.tags = config['tags']
logger.debug('Set tags to: {}'.format(self.tags))
self.dynip_resolve = config.get('dynip_resolve', '')
self.dynip_timer = None
self.ownip = None
if isinstance(self.dynip_resolve,
str) and self.dynip_resolve.startswith("http"):
if pyev is None:
logger.debug(
'You are missing the python pyev binding in your dionaea installation.'
)
else:
logger.debug('hpfeedihandler will use dynamic IP resolving!')
self.loop = pyev.default_loop()
self.dynip_timer = pyev.Timer(2., 300, self.loop,
self._dynip_resolve)
self.dynip_timer.start()
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.apikey = config.get("apikey")
comment = config.get("comment")
if comment is None:
comment = "This sample was captured in the wild and uploaded by the dionaea honeypot.\n#honeypot #malware #networkworm"
self.comment = comment
self.cookies = {}
self.loop = pyev.default_loop()
self.backlog_timer = pyev.Timer(0, 20, self.loop,
self.__handle_backlog_timeout)
self.backlog_timer.start()
p = config.get("file")
self.dbh = sqlite3.connect(p)
self.cursor = self.dbh.cursor()
self.cursor.execute("""
CREATE TABLE IF NOT EXISTS backlogfiles (
backlogfile INTEGER PRIMARY KEY,
status TEXT NOT NULL, -- new, submit, query, comment
md5_hash TEXT NOT NULL,
path TEXT NOT NULL,
timestamp INTEGER NOT NULL,
scan_id TEXT,
lastcheck_time INTEGER,
submit_time INTEGER
);""")
def __init__(self, proto, call_id, session, invite_message):
logger.debug("{!s} __init__".format(self))
logger.debug("SipCall {} session {} ".format(self, session))
connection.__init__(self, proto)
# Store incoming information of the remote host
self.__session = session
self.__state = SipCall.SESSION_SETUP
self.__msg = invite_message
# list of messages
self._msg_stack = []
self.__call_id = invite_message.headers.get(b"call-id").value
self._call_id = call_id
self._rtp_streams = {}
self.local.host = self.__session.local.host
self.local.port = self.__session.local.port
self.remote.host = self.__session.remote.host
self.remote.port = self.__session.remote.port
user = self.__msg.headers.get(b"to").get_raw().uri.user
self._user = g_sipconfig.get_user_by_username(
self.__session.personality, user)
# fake a connection entry
i = incident("dionaea.connection.udp.connect")
i.con = self
i.report()
global _SipCall_sustain_timeout
# Global timers
self._timers = {
"idle":
pyev.Timer(60.0, 60.0, g_default_loop, self.__handle_timeout_idle),
"invite_handler":
pyev.Timer(5.0, 0.0, g_default_loop, self.__handle_invite),
}
self._timers["idle"].start()
def start(cls, addr, iface=None, config=None):
daemons = []
for proto in ("tcp", "tls", "udp"):
ports = config.get("%s_ports" % proto)
if ports is None:
continue
for port in ports:
daemon = SipSession(proto=proto, config=config)
daemon.bind(addr, port, iface=iface)
daemon.listen()
daemons.append(daemon)
if len(daemons) > 0:
global g_timer_cleanup
if g_timer_cleanup is None:
g_timer_cleanup = pyev.Timer(60.0, 60.0, g_default_loop, cleanup)
g_timer_cleanup.start()
else:
logger.debug("Cleanup loop already started!")
return daemons
def __init__(self, path, config=None):
logger.debug('hpfeedhandler init')
self.client = hpclient(config['server'], int(config['port']),
config['ident'], config['secret'])
ihandler.__init__(self, path)
self.dynip_resolve = config.get('dynip_resolve', '')
self.dynip_timer = None
self.ownip = None
if self.dynip_resolve and 'http' in self.dynip_resolve:
if pyev is None:
logger.debug(
'You are missing the python pyev binding in your dionaea installation.'
)
else:
logger.debug('hpfeedihandler will use dynamic IP resolving!')
self.loop = pyev.default_loop()
self.dynip_timer = pyev.Timer(2., 300, self.loop,
self._dynip_resolve)
self.dynip_timer.start()
def __init__(self, path):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
mwsconfig = g_dionaea.config()['modules']['python']['mwserv']
self.backendurl = mwsconfig['url']
self.maintainer = mwsconfig['maintainer']
self.guid = mwsconfig['guid']
self.secret = mwsconfig['secret']
self.cookies = {}
# heartbeats
dinfo = g_dionaea.version()
self.software = 'dionaea {0} {1}/{2} - {3} {4}'.format(
dinfo['dionaea']['version'],
dinfo['compiler']['os'],
dinfo['compiler']['arch'],
dinfo['compiler']['date'],
dinfo['compiler']['time'],
)
self.loop = pyev.default_loop()
self.heartbeat_timer = pyev.Timer(5., 120, self.loop, self._heartbeat)
self.heartbeat_timer.start()
# Dictionary with SIP sessions (key is Call-ID)
g_call_ids = {}
def cleanup(watcher, events):
logger.debug("Cleanup")
# remove closed calls
for key in list(g_call_ids.keys()):
if g_call_ids[key] is None:
del g_call_ids[key]
g_timer_cleanup = pyev.Timer(60.0, 60.0, g_default_loop, cleanup)
g_timer_cleanup.start()
#########
# Classes
#########
class SIPService(ServiceLoader):
name = "sip"
@classmethod
def start(cls, addr, iface=None):
daemons = []
for proto in ("tcp", "tls", "udp"):
if proto not in g_dionaea.config()['modules']['python']['sip']:
