def runPdfChartsLogs(filename):
'''
Run function for the 'Logs' table on the default database
'''
settings.init()
sqlite.checkDb(db='output/LPD.db')
run('Logs', 'SrcIp', 'aux/images/pdfChartLogs1.png', 'Source Ips')
run('Logs', 'SrcCountry', 'aux/images/pdfChartLogs2.png',
'Source Ips Countries')
run('Logs', 'SrcCity', 'aux/images/pdfChartLogs3.png', 'Source Ips Cities')
run('Logs', 'SrcSpecific', 'aux/images/pdfChartLogs4.png',
'Source Ips Region')
run('Logs', 'DstIp', 'aux/images/pdfChartLogs5.png', 'Destination Ips')
run('Logs', 'DstCountry', 'aux/images/pdfChartLogs6.png',
'Destination Ips Countries')
run('Logs', 'DstCity', 'aux/images/pdfChartLogs7.png',
'Destination Ips Cities')
run('Logs', 'DstSpecific', 'aux/images/pdfChartLogs8.png',
'Destination Ips Region')
writePdf(0,
filename,
images=[
'aux/images/pdfChartLogs1.png',
'aux/images/pdfChartLogs2.png',
'aux/images/pdfChartLogs3.png',
'aux/images/pdfChartLogs4.png',
'aux/images/pdfChartLogs5.png',
'aux/images/pdfChartLogs6.png',
'aux/images/pdfChartLogs7.png',
'aux/images/pdfChartLogs8.png',
])
sqlite.closeDb()
def geoIp(ip, db, csv, pdf):
if db:
settings.init()
db = settings.getDatabaseStatus()
print os.getcwd()
reader = geoip2.database.Reader('aux/GeoIpDb.mmdb')
returndata = reader.city(ip)
country = returndata.country.iso_code
city = returndata.city.name
specific = returndata.subdivisions.most_specific.name
print "*** Using Geolite2 Database of Cities ***"
print " Country --> ",country
print " City --> ",city
print " Specific --> ",specific
#If db flag is active we put data in the database
if db or csv or pdf:
if db:
print "Inserting data gathered in the database"
sqlite.checkDb()
now = datetime.datetime.now()
now = str(now)
now = now[:-7]
if country is None:
country = 'None'
if city is None:
city = 'None'
if specific is None:
specific = 'None'
fields = ['Data', 'Script','Ip', 'Country', 'City', 'Specific']
values = [now,'GeoIp', ip, country, city,specific ]
if db:
print "Writing to ", db
sqlite.insertIntoTable('Script', fields, values)
sqlite.closeDb()
if csv:
print "Writing to ", csv
path = settings.getCsv()
csv = path + csv
if not os.path.exists(csv):
writeCsv(fields, filename=csv)
writeCsv( values, filename=csv)
if pdf:
print "Writing to ", pdf
path = settings.getPdf()
pdf = path + pdf
toPdf = [fields, values]
writePdf(toPdf, filename=pdf)
def runDbGeoMapS(filename):
'''
Run function for the 'Script' table on the default database
'''
sqlite.checkDb()
runDbGeoMap('Script', 'Country', 'output/images/' + filename)
sqlite.closeDb()
def runDbGeoMapL(filename):
'''
Run function for the 'Logs' table on the default database
'''
sqlite.checkDb()
runDbGeoMap('Logs', 'SrcCountry', 'output/images/Src' + filename)
runDbGeoMap('Logs', 'DstCountry', 'output/images/Dst' + filename)
sqlite.closeDb()
def exportDbPdf(table):
'''From the default database exports to pdf
table:
Table to export'''
settings.init()
sqlite.checkDb(db='output/LPD.db')
sql = ''' select * from {}'''.format(table)
data = sqlite.executeSQL(sql)
writePdf(data, 'output/pdf/' + table + '.pdf')
sqlite.closeDb()
def exportDbCsv(table):
'''From the default database exports to csv
table:
Table to export'''
settings.init()
sqlite.checkDb(db='output/LPD.db')
sql = ''' select * from {}'''.format(table)
data = sqlite.executeSQL(sql)
for i in range(len(data)):
writeCsv(data[i], 'output/csv/' + table + '.csv')
sqlite.closeDb()
def runPdfChartsScript(filename):
'''
Run function for the 'Script' table on the default database
'''
settings.init()
sqlite.checkDb(db='output/LPD.db')
run('Script', 'Ip', 'aux/images/pdfChartScript1.png', 'Ips')
run('Script', 'Country', 'aux/images/pdfChartScript2.png', 'Countries')
run('Script', 'City', 'aux/images/pdfChartScript3.png', 'Cities')
run('Script', 'Specific', 'aux/images/pdfChartScript4.png', 'Region')
run('Script', 'PortsOpen', 'aux/images/pdfChartScript5.png', 'Ports Open')
writePdf(0,
filename,
images=[
'aux/images/pdfChartScript1.png',
'aux/images/pdfChartScript2.png',
'aux/images/pdfChartScript3.png',
'aux/images/pdfChartScript4.png',
'aux/images/pdfChartScript5.png'
])
sqlite.closeDb()
def run():
if Geo_ip != 0:
geoip.geoIp(Geo_ip, WriteDb, WriteCsv, WritePdf)
if PortIp != 0:
portScan.portScan(PortIp, Ports, WriteDb, WriteCsv, WritePdf)
if UdpFloodIp != 0:
udpFlood.udpFlood(UdpFloodIp, Verbouse)
if EstablishedConnections:
#encrypt.EnDecript(False, 'scripts/establishedConnections.py'+'.crypt')
establishedConnections.establishedConn(WriteDb, WriteCsv, WritePdf)
#encrypt.EnDecript(True, 'scripts/establishedConnections.py')
#encrypt.EnDecript(True, 'scripts/establishedConnections.py')
#print "encripted"
if RSA_do == 1:
for y in range(len(RSA_files)):
RSA.runEncrypt(RSA_files[y], keyFile=settings.getKeyPublic())
if RSA_do == 2:
for y in range(len(RSA_files)):
RSA.runDecrypt(RSA_files[y], keyFile=settings.getKeyPrivate())
if RSA_do == 3:
keys_filename = raw_input("Enter the filename of the keys --> ")
RSA_create.run(keys_filename)
if AES_do == 1:
for y in range(len(AES_files)):
AES.encrypt_file(settings.getKey(),AES_files[y],(AES_files[y]+".crypt"))
Popen(['rm', AES_files[y]])
if AES_do == 2:
for y in range(len(AES_files)):
AES.decrypt_file(settings.getKey(),AES_files[y],AES_files[y][:-6])
Popen(['rm', AES_files[y]])
if ProcessLogs:
processLogs.run(ProcessLogs_File, ProcessLogs_Protocol, 'db')
if Database:
sqlite.checkDb()
if DatabaseAction==DatabaseParameters[0]:
sqlite.checkDb
elif DatabaseAction==DatabaseParameters[1]:
sqlite.userExecuteSql()
elif DatabaseAction==DatabaseParameters[2]:
sqlite.userCreateTable()
elif DatabaseAction==DatabaseParameters[3]:
sqlite.userDropTable()
elif DatabaseAction==DatabaseParameters[4]:
sqlite.userInsertTable()
elif DatabaseAction==DatabaseParameters[5]:
sqlite.userSelectTable()
elif DatabaseAction==DatabaseParameters[6]:
sqlite.userUpdateId()
elif DatabaseAction==DatabaseParameters[7]:
sqlite.userDeleteId()
sqlite.closeDb()
if analyzeLogs:
analyze.runPdfChartsLogs('output/pdf/'+ analyzeLogs)
if analyzeScripts:
analyze.runPdfChartsScript('output/pdf/'+analyzeScripts)
if geoMapS:
GeoMap.runDbGeoMapS(geoMapS)
if geoMapL:
GeoMap.runDbGeoMapL(geoMapL)
if dbPdf:
analyze.exportDbPdf(dbPdf)
if dbCsv:
analyze.exportDbCsv(dbCsv)
def run(filename, protocol, output):
if output == 'db':
settings.init()
sqlite.checkDb()
months = []
days = []
times = []
if protocol == 'http':
print "Inserting data gathered in the database"
info = getInfo(filename)
srcIps = getAllSrcIp(info)
dstIps = getAllDstIp(info)
dates = getAllDate(info)
for i in range(len(dates)):
months.append(dates[i][0])
days.append(dates[i][1])
times.append(dates[i][2])
locationsSrc = getLocation(srcIps)
locationsDst = getLocation(dstIps)
citySrc = getCity(srcIps)
cityDst = getCity(dstIps)
specificSrc = getSpecific(srcIps)
specificDst = getSpecific(dstIps)
for i in range(len(months)):
fields = [
'LogName', 'Protocol', 'Month', 'Day', 'Time', 'SrcIp',
'SrcCountry', 'SrcCity', 'SrcSpecific', 'DstIp', 'DstCountry',
'DstCity', 'DstSpecific'
]
values = [
filename, protocol, months[i], days[i], times[i], srcIps[i],
locationsSrc[i], citySrc[i], specificSrc[i], dstIps[i],
locationsDst[i], cityDst[i], specificDst[i]
]
if output == 'db':
sqlite.insertIntoTable('Logs', fields, values)
elif protocol == 'ssh':
print "Inserting data gathered in the database"
info = getInfo(filename)
#print info
dates = getAllDate(info)
ips = getIps(info)
notes = getNotes(info)
locationsSrc = getLocation(ips)
citySrc = getCity(ips)
specificSrc = getSpecific(ips)
for i in range(len(dates)):
months.append(dates[i][0])
days.append(dates[i][1])
times.append(dates[i][2])
for i in range(len(months)):
fields = [
'LogName', 'Protocol', 'Month', 'Day', 'Time', 'SrcIp',
'SrcCountry', 'Notes'
]
values = [
filename, protocol, months[i], days[i], times[i], ips[i],
locationsSrc[i], notes[i]
]
if output == 'db':
sqlite.insertIntoTable('Logs', fields, values)
if output == 'db':
sqlite.closeDb()