def __init__(self, botnet): self.botnet = botnet self.mal_formed = False self.botnet_db = database.BotnetInfoDB() try: if "udp://" in botnet.irc_addr: botnet.irc_addr = botnet.irc_addr.partition("udp://")[2] self.irc_host = botnet.irc_addr.split(':')[0] self.irc_port = int(botnet.irc_addr.split(':')[1]) except Exception as e: self.log("IRC server address mal-formed: '%s' error: %s" % (botnet.irc_addr, str(e))) self.mal_formed = True self.irc_server_pass = botnet.irc_server_pwd self.nick = botnet.irc_nick self.user = botnet.irc_user self.mode = botnet.irc_mode if isinstance(botnet.irc_channel, (str, unicode)): self.chan_list = botnet.irc_channel.split(', ') else: self.chan_list = botnet.irc_channel self.channel_names = [] self.log(" ".join([self.irc_host, str(self.irc_port), self.nick, self.user])) self.retried = False
def botnet_to_db(self, botnet): self.botnet_id = None botnet_db = database.BotnetInfoDB() if len(botnet.irc_channel) > 0: channel = ', '.join(botnet.irc_channel) else: channel = "" duplicate_botnet_id = botnet_db.select_by_features( botnet.irc_addr, channel) if not duplicate_botnet_id: botnet_db.connect() self.botnet_id = botnet_db.insert(botnet) botnet_db.close() else: botnet_db.update_time(botnet.last_analysis_date, duplicate_botnet_id[0])
def db_import(self): sandbox_db = database.SandboxDB() sandbox_list = sandbox_db.get_credentials() sandbox_db.close() botnet_db = database.BotnetInfoDB() botnet_db.connect() for botnet in sandbox_list: if not isinstance(botnet.irc_channel, (str, unicode)): channel = ', '.join(botnet.irc_channel) duplicate_botnet_id = botnet_db.select_by_features( botnet.irc_addr, channel) if not duplicate_botnet_id: botnet_db.insert(botnet) else: botnet_db.update_time(self.last_analysis_date, duplicate_botnet_id[0]) botnet_db.close()
import modules.database as database import analysis.msg as msg import GeoIP import os blist = os.listdir("db/botnets/") for item in blist: dbname = "db/botnets/" + item botnet_id = item.split("Botnet_")[1].split(".db")[0] msg_botnet = msg.BotnetAnalysis() msg_track = msg.BotTrackDB() bot_info_db = database.BotnetInfoDB() rowall = msg_botnet.db_select(dbname) gi = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE) for row in rowall: if not row[2] == "": timestamp = row[1] parsed_msg = msg_botnet.parse_msg(row[2].encode('utf-8')) if parsed_msg[1] == "004": itype = msg_botnet.Botnet_Server_Type(parsed_msg[2]) bot_info_db.update_servertype(botnet_id, itype) if parsed_msg[1] == "PRIVMSG": dork_info = msg_botnet.PRIVMSG_dork(parsed_msg[2]) if dork_info: msg_track.insert_privmsg(timestamp, botnet_id, dork_info[0], dork_info[1], dork_info[2]) if parsed_msg[1] == "311": geoip = gi.country_code_by_addr(parsed_msg[2][3])
def populate_queue(self): self.botnet_queue = Queue.Queue() botnet_db = database.BotnetInfoDB() botnet_list = botnet_db.select_all() for botnet in botnet_list: self.botnet_queue.put(botnet)