def SvcDoRun(self):
servicemanager.LogMsg(servicemanager.EVENTLOG_INFORMATION_TYPE,
servicemanager.PYS_SERVICE_STARTED,
(self._svc_name_, ' (%s)' % self._svc_name_))
self.server.register_instance(NimbusService())
while win32event.WaitForSingleObject(self.hWaitStop, 0) ==\
win32event.WAIT_TIMEOUT:
self.server.handle_request()
win32evtlogutil.ReportEvent(self._svc_name_,
servicemanager.PYS_SERVICE_STOPPED, 0,
servicemanager.EVENTLOG_INFORMATION_TYPE,
(self._svc_name_, ""))
def Log_Write(self, string):
applicationName = "My Application"
eventID = 1
category = 5 # Shell
myType = win32evtlog.EVENTLOG_WARNING_TYPE
l = string.split()
descr = ["A warning, link", l[0], "changed its status into ", l[1]]
data = "13453576".encode("ascii")
win32evtlogutil.ReportEvent(applicationName,
eventID,
eventCategory=category,
eventType=myType,
strings=descr,
data=data)
def publishData(self, data, topic, sensorType, qosValue=1):
try:
self.initialize()
self.connect()
payload = self.__makePayload(data, sensorType)
self.user.publish(topic, payload, qos=qosValue)
self.user.loop()
self.disconnect()
except:
print("failed to publish...")
win32evtlogutil.ReportEvent(
"MQQT_CLIENT",
32017,
eventCategory=32017,
eventType=win32evtlog.EVENTLOG_ERROR_TYPE,
strings=["Failed to publish..."],
data=b"Failed to publish...")
def initialize(self):
self.__initializeDataFormat()
try:
user =mqtt.Client("PC1")
except:
print("failed to create client instance...")
win32evtlogutil.ReportEvent(
"MQQT_CLIENT", 32010, eventCategory=32010,
eventType=win32evtlog.EVENTLOG_ERROR_TYPE, strings=["failed to create client instance..."],
data=b"failed to create client instance...")
try:
user.username_pw_set(self.brokerParameter["user name"], self.brokerParameter["password"])
except:
print("failed to set user name or password...")
self.user = user
def write_event_log(self,
message,
eventID=10,
sid=None,
level=None,
source=None):
if sid is None:
sid = self.get_sid()
if source is None:
source = self.applicationName
if level is None:
level = win32evtlog.EVENTLOG_INFORMATION_TYPE
win32evtlogutil.ReportEvent(source,
eventID,
eventType=level,
strings=[message],
sid=sid)
def logEvent(e=1):
ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
applicationName = 'iSpy Phone on Network Checker'
eventID = e # 0 - Away. 1 - Reachable.
category = 7 # Network
myType = win32evtlog.EVENTLOG_INFORMATION_TYPE
descr = None # ['A warning', 'An even more dire warning']
data = None # 'Application\0Data'.encode('ascii')
win32evtlogutil.ReportEvent(applicationName,
eventID,
eventCategory=category,
eventType=myType,
strings=descr,
data=data,
sid=my_sid)
def write_event(self, msg, ev_type, source_name='EVENTLOGTEST'):
# Thanks to http://rosettacode.org/wiki/Write_to_Windows_event_log
import win32api
import win32con
import win32security
import win32evtlogutil
ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
applicationName = source_name
eventID = 1
category = 5
myType = ev_type
descr = [msg, msg]
data = "Application\0Data".encode("ascii")
win32evtlogutil.ReportEvent(applicationName, eventID, eventCategory=category,
eventType=myType, strings=descr, data=data, sid=my_sid)
def eventLogger(info):
import win32api
import win32con
import win32evtlog
import win32security
import win32evtlogutil
ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
applicationName = "Superior parser for BashIm"
eventID = 4624
category = 5 # Shell
myType = win32evtlog.EVENTLOG_INFORMATION_TYPE
descr = [info]
data = "Application\0Data".encode("ascii")
win32evtlogutil.ReportEvent(applicationName, eventID, eventCategory=category,
eventType=myType, strings=descr, data=data, sid=my_sid)
def ArtilleryStartEvent():
process = win32api.GetCurrentProcess()
token = win32security.OpenProcessToken(process, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(token,
win32security.TokenUser)[0]
AppName = "Artillery"
eventID = 1
category = 5
myType = win32evtlog.EVENTLOG_INFORMATION_TYPE
descr = [
"Artillery has started and begun monitoring the selected ports ",
]
data = "Application\0Data".encode("ascii")
win32evtlogutil.ReportEvent(AppName,
eventID,
eventCategory=category,
eventType=myType,
strings=descr,
data=data,
sid=my_sid)
def write_event_log(self, message, eventID=10, sid=None,
level=None, source=None):
if sid is None:
sid = self.get_sid()
if source is None:
source = self.applicationName
if level is None:
level = win32evtlog.EVENTLOG_INFORMATION_TYPE
# Retry on exception for up to 10 sec.
t = time.monotonic()
while True:
try:
win32evtlogutil.ReportEvent(source, eventID,
eventType=level, strings=[message], sid=sid)
break
except:
if time.monotonic() - t < 10:
continue
raise
def write_result_eventlog_baseline(self, res):
ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(\
th, win32security.TokenUser)[0]
myType = win32evtlog.EVENTLOG_WARNING_TYPE
applicationName = "SysmonCorrelator"
data = "Not configured, use -l option"
eventID = 1
category = 2
descr = ["Engine: Baseline", "Data: "]
descr.append(res)
win32evtlogutil.ReportEvent(applicationName,
eventID,
eventCategory=category,
eventType=myType,
strings=descr,
data=data,
sid=my_sid)
def ReportNewDevice(sMsg):
if 'stdout' in gsUIChoice:
print(time.strftime("%H:%M:%S")+': '+sMsg)
if 'notification' in gsUIChoice:
# https://plyer.readthedocs.io/en/latest/#
# https://github.com/kivy/plyer
# no way to have notification remain permanently
if gbOSLinux:
# notifications appear both on desktop (briefly) and in tray
notification.notify(title='New device on LAN', message=sMsg, app_name='lanwatch', timeout=8*60*60)
if gbOSWindows:
notification.notify(title='New device on LAN', message=sMsg, app_name='lanwatch', timeout=8*60*60)
if 'syslog' in gsUIChoice:
if gbOSLinux:
syslog.syslog(sMsg)
# on Linux, to see output:
# sudo journalctl --pager-end
# or
# sudo journalctl | grep lanwatch
if gbOSWindows:
# https://stackoverflow.com/questions/51385195/writing-to-windows-event-log-using-win32evtlog-from-pywin32-library
# https://www.programcreek.com/python/example/96660/win32evtlogutil.ReportEvent
# https://docs.microsoft.com/en-us/windows/win32/eventlog/event-logging-elements
win32evtlogutil.ReportEvent(
"lanwatch",
#7040, # event ID # https://www.rapidtables.com/convert/number/decimal-to-binary.html
1610612737, # event ID # https://www.rapidtables.com/convert/number/decimal-to-binary.html
eventCategory=1,
eventType=win32evtlog.EVENTLOG_INFORMATION_TYPE,
strings=[sMsg],
data=b"")
def HoneyPotEvent():
#lets try and write an event log
process = win32api.GetCurrentProcess()
token = win32security.OpenProcessToken(process, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(token,
win32security.TokenUser)[0]
AppName = "Artillery"
eventID = 1
category = 5
myType = win32evtlog.EVENTLOG_WARNING_TYPE
descr = [
"Artillery Detected access to a honeypot port",
"The offending ip has been blocked and added to the local routing table",
]
data = "Application\0Data".encode("ascii")
win32evtlogutil.ReportEvent(AppName,
eventID,
eventCategory=category,
eventType=myType,
strings=descr,
data=data,
sid=my_sid)
def msg(self, event_id, event_type, strings, data=None):
"""
write an event to windows events log
:arg event_type: the event type
it must one of the ``EVENTLOG_FOO_TYPE`` constants defined
in ``win32evtlog``
:arg list strings: a list of strings to write to the event
:arg int event_id: the resource identifier for this event
:arg bytes data: binary data to write to the event
"""
win32evtlogutil.ReportEvent(self.app_name,
event_id,
eventType=event_type,
strings=strings,
data=data,
sid=self.sid)
def logEvent(e, desc=''):
ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
win32api.CloseHandle(th)
applicationName = 'Automatic Security Tracker'
eventID = e # 0 - Stop. 1 - Start.
category = 7 # Network
myType = win32evtlog.EVENTLOG_INFORMATION_TYPE
descr = [desc] # ['A warning', 'An even more dire warning']
data = None # 'Application\0Data'.encode('ascii')
win32evtlogutil.ReportEvent(applicationName,
eventID,
eventCategory=category,
eventType=myType,
strings=descr,
data=data,
sid=my_sid)
v = 'START' if e else 'STOP'
print('Logged event', v, e)
def __makePayload(self, data, sensorType):
id = 3
payload = ""
try:
timeNow = self.__timestampFormatter(datetime.utcnow())
except:
print("failed to get time...")
try:
if (sensorType == 0):
bprValue = data.split(",")
payload = self.__bpr.pack(id, 0, int(timeNow),
float(bprValue[0]) * 100,
float(bprValue[1]) * 100)
elif (sensorType == 1):
acclAxisValue = data.split(",")
payload = self.__aclo.pack(id, 1, int(timeNow),
float(acclAxisValue[0]) * 100,
float(acclAxisValue[1]) * 100,
float(acclAxisValue[2]) * 100)
elif (sensorType == 2):
payload = struct.pack("i", id) + struct.pack(
"i", timeNow) + data.encode("utf-8")
except:
print("failed create payload...")
win32evtlogutil.ReportEvent(
"MQQT_CLIENT",
32016,
eventCategory=32016,
eventType=win32evtlog.EVENTLOG_ERROR_TYPE,
strings=["Failed to create payload..."],
data=b"Failed to create payload...")
return payload
def ErrLogger(self, msg, text):
win32evtlogutil.ReportEvent(self._svc_display_name_,
servicemanager.PYS_SERVICE_STOPPED, 0,
servicemanager.EVENTLOG_ERROR_TYPE,
(self._svc_name_, unicode(msg)),
unicode(text))
def Logger(self, state, msg):
win32evtlogutil.ReportEvent(self._svc_display_name_, state, 0,
servicemanager.EVENTLOG_INFORMATION_TYPE,
(self._svc_name_, unicode(msg)))
def generate_event():
"""
Function which generates win32 events.
Randomly choosing event id, category application name and event description from pre-defined lists.
"""
EVT_APP_NAME = random.choice(apps)
EVT_ID = random.randint(1337, 99999)
EVT_CATEG = random.randint(0, 25565)
evntstrslist = [
"""
█▀███▀▀███▀▀███▀▀███▀▀███▀█
█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█
█▒▒█▒▒▒▒▒███▒▒█▒▒▒█▒█████▒█
█▒▒█▒▒▒▒█▒▒▒█▒█▒▒▒█▒█▒▒▒▒▒█
█▒▒█▒▒▒▒█▒▒▒█▒▒█▒█▒▒█████▒█
█▒▒█▒▒▒▒█▒▒▒█▒▒█▒█▒▒█▒▒▒▒▒█
█▒▒████▒▒███▒▒▒▒█▒▒▒█████▒█
█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█
█▒▒▒▒▒▒▒▒██▒▒▒▒▒▒▒▒██▒▒▒▒▒█
█▒▒▒▒▒▒▒█──█▒████▒█──█▒▒▒▒█
█▒▒▒▒▒▒█──█─█────█─█──█▒▒▒█
█▒▒▒▒▒▒█─██───────███─█▒▒▒█
█▒▒▒▒▒▒█──────────────█▒▒▒█
█▒▒▒▒▒▒▒█────────────█▒▒▒▒█
█▒▒▒▒██▒▒█──██───██──█▒▒▒▒█
█▒▒▒█──█▒█──██───██──█▒▒▒▒█
█▒▒▒█──█▒█────███────█▒▒▒▒█
█▒▒▒█──█▒█───█───█──█▒▒▒▒▒█
█▒▒▒▒█──█─█───███──█▒▒▒▒▒▒█
█▒▒▒▒▒█────██────██▒▒▒▒▒▒▒█
█▒▒▒▒▒█──────████─██▒▒▒▒▒▒█
█▒▒▒▒▒▒█───────────█▒▒▒▒▒▒█
█▒▒▒▒▒▒▒███─────────█▒▒▒▒▒█
█▒▒▒▒▒▒▒▒▒█──────█───█▒▒▒▒█
█▒▒▒▒███▒▒█───────█───█▒▒▒█
█▒▒▒█──████─────████───█▒▒█
█▒▒▒█────█─────█────█─█▒▒▒█
█▒▒▒█─────█────█────██▒▒▒▒█
█▒▒▒█──────█───█──────█▒▒▒█
█▒▒▒▒█─────██████─────█▒▒▒█
█▒▒▒▒▒█──███▒▒▒▒█─────█▒▒▒█
█▒▒▒▒▒▒██▒▒▒▒▒▒▒▒█───█▒▒▒▒█
█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒███▒▒▒▒▒█
█▒▒▒▒█▒▒▒▒█▒▒███▒▒█▒▒▒█▒▒▒█
█▒▒▒▒▒█▒▒█▒▒█▒▒▒█▒█▒▒▒█▒▒▒█
█▒▒▒▒▒▒██▒▒▒█▒▒▒█▒█▒▒▒█▒▒▒█
█▒▒▒▒▒▒█▒▒▒▒█▒▒▒█▒█▒▒▒█▒▒▒█
█▒▒▒▒▒█▒▒▒▒▒▒███▒▒▒███▒▒▒▒█
█▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█
█▄▄█▄▄██▄▄█▄▄█▄▄█▄▄██▄▄█▄▄█
""",
"""
_♥__♥_____♥__♥___ Put This
_♥_____♥_♥_____♥__ Heart
_♥______♥______♥__ On Your
__♥_____/______♥__ Page If
___♥____\\_____♥___ You Had
____♥___/___♥_____ Your Heart
______♥_\\_♥_______ Broken
________♥_________…………….
""",
"""
███████▓█████▓▓╬╬╬╬╬╬╬╬▓███▓╬╬╬╬╬╬╬▓╬╬▓█
████▓▓▓▓╬╬▓█████╬╬╬╬╬╬███▓╬╬╬╬╬╬╬╬╬╬╬╬╬█
███▓▓▓▓╬╬╬╬╬╬▓██╬╬╬╬╬╬▓▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█
████▓▓▓╬╬╬╬╬╬╬▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█
███▓█▓███████▓▓███▓╬╬╬╬╬╬▓███████▓╬╬╬╬▓█
████████████████▓█▓╬╬╬╬╬▓▓▓▓▓▓▓▓╬╬╬╬╬╬╬█
███▓▓▓▓▓▓▓╬╬▓▓▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█
████▓▓▓╬╬╬╬▓▓▓▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█
███▓█▓▓▓▓▓▓▓▓▓▓▓▓▓▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█
█████▓▓▓▓▓▓▓▓█▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█
█████▓▓▓▓▓▓▓██▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬██
█████▓▓▓▓▓████▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬██
████▓█▓▓▓▓██▓▓▓▓██╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬██
████▓▓███▓▓▓▓▓▓▓██▓╬╬╬╬╬╬╬╬╬╬╬╬█▓╬▓╬╬▓██
█████▓███▓▓▓▓▓▓▓▓████▓▓╬╬╬╬╬╬╬█▓╬╬╬╬╬▓██
█████▓▓█▓███▓▓▓████╬▓█▓▓╬╬╬▓▓█▓╬╬╬╬╬╬███
██████▓██▓███████▓╬╬╬▓▓╬▓▓██▓╬╬╬╬╬╬╬▓███
███████▓██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╬╬╬╬╬╬╬╬╬╬╬████
███████▓▓██▓▓▓▓▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓████
████████▓▓▓█████▓▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█████
█████████▓▓▓█▓▓▓▓▓███▓╬╬╬╬╬╬╬╬╬╬╬▓██████
██████████▓▓▓█▓▓▓╬▓██╬╬╬╬╬╬╬╬╬╬╬▓███████
███████████▓▓█▓▓▓▓███▓╬╬╬╬╬╬╬╬╬▓████████
██████████████▓▓▓███▓▓╬╬╬╬╬╬╬╬██████████
███████████████▓▓▓██▓▓╬╬╬╬╬╬▓███████████
""",
"""
________________________________BBBBBBBBBBBB
_______________________________BBBBBBBBBBBBB0
__BBBBBBBBB___________________BBBBBBBBBBBBBBB,
_BBBBBBBBBBBB________________BBBBBBBBBBBBBBBB0,
_BBBBBBBBBBBBB_______________BBBBBBBBBBBBBBBB0
BBBBBBBBBBBBBBBB____________BBBBBBBBBBBBBBBBB,
_BBBBBBBBBBBBBBBB___________BBBBBBBBBBBBBBBB0,
__BBBBBBBBBBBBBBBB_________BBBBBBBBBBBBBBBBB,
__BBBBBBBBBBBBBBBB_________BBBBBBBBBBBBBBBB,
___BBBBBBBBBBBBBBBB________BBBBBBBBBBBBBBB,
____BBBBBBBBBBBBBBB________BBBBBBBBBBBBBB0,
_____BBBBBBBBBBBBBB_______BBBBBBBBBBBBBB0,
______BBBBBBBBBBBBB_______BBBBBBBBBBBBBB,
_______BBBBBBBBBBBBB______BBBBBBBBBBBBB,
________BBBBBBBBBBBB______BBBBBBBBBB00,
__________BBBBBBBBBB______BBBBBBBBBBB,
___________BBBBBBBBBB_____BBBBBBBBBB0
____________BBBBBBBBB_____BBBBBBBBBB
______________BBBBBBB_____BBBBBBBB0
______________BBBBBBB_____BBBBBBBB
_______________BBBBBB_____BBBBBBB
________________BBBBBBBBBBBBBBBBB_
______________BBBBBBBBBBBBBBBBBBBBBB
____________BBBBBBBBBBBBBBBBBBBBBBBBBB_
__________BBBBBBBBBBBBB_________BBBBBBBB
_________BBBBB__BBBBB____________BBBBBBBBB
________BBB________B______________BBBBBBBBB
_______BBB_________B______________BBBBBBBBBB,
_______BBB______BB_B_BBB__________BBBBBBBBBB,
_______BBB_____BBB_B_BBBB________BBBBBBBBBBB,
_______BBB________000___________BBBBBBBBBBBB,
_______BBBB______00000_________BBBBBBBBBBBBB,
____00000BBBBBBBBB000BBBBBBBBBBBBBBBBBBBBBB00000000,
___0BBBB00BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB00BBBBBB0B0,
__0BBBBBB00BBBB00______B000000BBBBBBBBBB000B00BBBB0B0,
_0BBBBBBBB_BBBB00___B__BBBB000BBBBBBBBB00B0___B00000,
_00BBBBB____BBBB00BBBBBB000BBBBBBBBBBBB0,
__0BB_________B0B00000000BBBBBBBBBB0BB
________________00BBBBBBBBBBBB000000
_____________BBBBB0B00000000000BBBB_
___________BB0B00BBBBBB0__BBBBBBBBBBB,
__________BB_______BBBBB_BB0B00BB____BB,
__________0B________BBBB_BBB__________BB,
__________0BBBBBBBBBBBB__BBBBB_________B,
____________________________BBBB0BBBBBBB
""",
"""
┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼▒
┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼▒▒▒
┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼▒▒░▒
┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼▒▒░░▒
┼┼┼┼┼┼┼┼┼┼┼████▒▒▒░░▒
┼┼┼┼┼┼┼┼┼███████▒▒░░▒█
┼┼┼┼┼┼┼┼█████████▒▒████
┼┼┼┼┼┼┼████████▒█▒▒█████
┼┼┼┼┼┼┼████████▒▒▒▒██████
┼┼┼┼┼┼████████▒▒▒▒▒███████
┼┼┼┼┼┼██████▒█▒▒▒▒▒████████
┼┼┼┼┼████▒█▒▒▒▒▒▒▒██████████
┼┼┼┼┼┼░▒▒▒░▒▒▒▒▒▒▒███████████
┼┼┼┼┼░▒▒▒▒██░▒▒▒▒▒▒███████████
┼┼┼┼┼░▒▒▒▒██░▒▒▒▒▒▒███████████
┼┼┼┼░▒▒▒▒▒▒▒▒▒▒▒▒▒▒█▒█████████
┼┼┼┼░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█████████
┼┼┼░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▒██████
┼┼░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▒██████
┼┼░▒█▒▒▒▒▒▒▒▒▒▒▒░┼░▒▒█▒▒██████
┼┼░▒██▒▒▒▒▒▒▒▒░░┼┼┼░▒▒▒▒██████
┼┼░▒▒▒▒▒▒█▒░░┼┼┼┼┼┼┼░▒▒▒██▒███
┼┼░▒▒▒▒▒█▒▒░┼┼┼┼┼┼┼┼░▒▒▒██▒███
┼┼┼░▒▒▒██▒░┼┼┼┼┼┼┼┼┼┼░▒▒██▒███
┼┼┼┼┼▒█▒░┼┼┼┼┼┼┼┼┼┼┼┼┼░▒▒█▒███
┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼░▒▒█▒███
┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼░▒▒▒███
┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼░▒░█░█
""",
"""
_____________________________¶¶___________________
__________________________¶¶¶¶¶___________________
_________________________¶¶¶¶¶¶¶__________________
_______________________¶¶¶¶¶¶¶¶¶__________________
_______________________¶¶¶¶¶¶¶¶¶¶_________________
________________________¶¶¶¶¶¶¶¶¶¶________________
________________________¶¶¶¶¶¶¶¶¶¶________________
_____________________¶___¶¶¶¶¶¶¶¶¶¶_______________
___________________¶¶¶___¶¶¶¶¶¶¶¶¶¶_______________
__________________¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶______________
________________¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶¶¶______________
______________¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶_____________
______________¶¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶____________
_______________¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶____________
________________¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___________
____________¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___________
___________¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶__________
_________¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶__________
_______¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶_________
______¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶¶¶_________
______¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶________
_______¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶_______
__________________________________________________
_________________¶¶_¶¶________¶¶__________________
_________________¶¶_¶¶________¶¶__________________
_________________¶¶___________¶¶__________________
___¶¶¶¶¶¶___¶¶¶¶¶¶¶_¶¶___¶¶¶¶¶¶¶___¶¶¶¶¶¶¶__¶¶¶¶__
__¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶_¶¶__¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶_¶¶¶¶¶¶_
_¶¶¶__¶¶¶__¶¶___¶¶¶_¶¶__¶¶___¶¶¶_¶¶¶__¶¶¶¶_¶¶___¶¶
¶¶¶____¶¶_¶¶_____¶¶_¶¶_¶¶_____¶¶_¶¶____¶¶¶_¶¶¶¶___
¶¶_____¶¶_¶¶_____¶¶_¶¶_¶¶_____¶¶_¶¶_____¶¶_¶¶¶¶¶¶_
¶¶¶____¶¶_¶¶_____¶¶_¶¶_¶¶_____¶¶_¶¶____¶¶¶____¶¶¶¶
_¶¶¶__¶¶¶__¶¶___¶¶¶_¶¶__¶¶___¶¶¶_¶¶¶__¶¶¶¶_¶¶___¶¶
_¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶_¶¶__¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶_¶¶¶¶¶¶¶
__¶¶¶¶_¶¶____¶¶¶¶¶¶_¶¶___¶¶¶¶_¶¶___¶¶¶¶_¶¶__¶¶¶¶¶_
""",
"""
________________________________________________¶¶_¶¶¶¶¶¶¶¶¶
______________________________________________¶¶¶¶________¶¶
____________________________________________¶¶_¶¶¶_______¶¶
_____¶¶¶¶¶¶¶¶_____¶¶___¶¶¶¶_______________¶¶___¶¶______¶¶
___¶¶¶______¶¶¶__¶¶¶__¶¶________________¶¶____¶¶¶_____¶¶
____________¶¶¶__¶¶_¶¶¶_______________¶¶______¶¶_____¶¶
___¶¶¶¶¶¶¶¶¶¶¶__¶¶¶¶¶____¶¶¶¶¶¶¶¶¶__¶¶_______¶¶¶_____¶¶
_¶¶¶¶______¶¶¶__¶¶_¶¶¶___¶¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶¶¶¶¶¶¶__¶¶
¶¶¶_______¶¶¶__¶¶¶__¶¶¶_____________________¶¶¶_____¶¶
¶¶¶¶____¶¶¶¶¶__¶¶____¶¶¶____________________¶¶_____¶¶
_¶¶¶¶¶¶¶¶_¶¶¶__¶¶_____¶¶____________________¶¶_____¶¶
______________________________________________________¶¶__
________________________________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶
_______________________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶__
________________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_____________
__________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶________________
_________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶______________________
¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_________________________
¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_¶_¶¶¶¶¶¶¶¶_________________________
¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶__¶¶¶¶¶___¶__¶¶¶¶¶¶________________________
_¶¶¶¶¶¶¶¶¶¶¶¶____¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶_______________________
__¶¶¶¶¶¶¶¶¶______¶¶¶¶¶_______¶¶¶¶¶¶¶______________________
___¶¶¶¶¶¶________¶¶¶¶¶_________¶¶¶¶¶¶¶____________________
____¶¶¶¶_________¶¶¶¶¶__________¶¶¶¶¶¶¶¶__________________
""",
"""
───▒▓▒░
─█▒████████
▒█▒▓█▓█████
─▓▒▓█▓██▓██
──▒▓█▓██▓██
─░▒▓█▓██▓██░
─░▒▓█▓██▓██░
─░▒▓▓▓██▓██░
─░▒▓█▓██▓██░
─░▒▓▓▓██▓██░
─░▒██▓██▓██░
─▒▒▓██▓█▓██▒
─░▒▒█▓▓▓▓▓██
─▒▒▒█▓▓█▓▓██
─░▒▒█▓▓██▓██░
─▒▒▒█▓▓█▓▓██░
─▒▒▒█▓▓██▓██▒
─▒▒▒█▓▓██▓██▒
─░▒▒█▓▓▓█▓██▒
─▒▒▒█▓▓█▓▓██▒
─▒▒▒█▓▓▓█▓██▓
─▒▒▒█▓▓▓█▓▓██▓
─░▒▓█▓▓▓█▓▓███████▒
─▒▓▒▒█▓█▓▓▓██▓░──▒█▓
─▒▓──▒█▓█▓▓█▓──────█░
─▒▒──▒██▓▓▓█▒──────▓▒
─▒▓──▒███▓▓█▓──────▒▒
─▒▒──▒███▓▓█▓──────▓▒
─▒▒──░███▓▓██─────▓▓▒
─▓▒──▒███▓▓▓██▒▒▒▓░▒▒
─▒▓▒▓▓█▓█▓▓▓████▓░─▒▓
─▒▒▓██▓█▓▓▓▓██▒────▓▓
─▒▒▓▓▓▓▓███▓▓█────░█▒
─▒▒▓▓█▓▓▓██████▓▒▓██▒
─▒▒▓▓█▓▓▒▓████████▓██
─▒▒▓▓█▓▓▒▓▓▓██▓██▓▓▓██▒
─▒▒▓▓█▓▓▓▓▓▒██▓▒▓█▓█████▓
─▒▒▓▓█▓█▓▓▓▒██▓▒▒████████████▓
─▒▒▓█▓▓▓▓▓▓▒██▓▓▓██▓██████████████▓▒▒█▒
─▒▒▓█▓▓▓▓█▓▒██▓▓▒██▓▓▓▓▓▓█████████████▓
─▒▒▓█▓▓▓▓▓█▒██▓▓▓▓█▓▓▓▓▓▓▓▓▓█▓███▓████▓
─▒░▓█▓▓█▓▒█▓▓█▓▓▓▓██▓▓▓▓▓▓▓▓▓▓▓█▓██▓▓█▓
─▒▒▓█▓██▓▒▓█▓██▓▓▓▓█▓▓▓▓▓▓▓▓▓▓█▓▓▓█▓▓██
─█▓▒█▓▓██▓▓█▓██▓▓▓▓▓██▓▓▓▓▓▓▓▓▓█▓▓▓▓▓██
─█▓▒█▓▓▓█▓▓█▓▓██▓▓▓▓▓████▓▓▓▓▓▓▓▓▓█▓▓██
─░░▓█▓▓▓█▓▓██▓█████▓▓▓▓███▓▓▓▓▓▓▓▓▓▓▓██
─▒▒▓█▓▓▓▓▒▓███▓▒▒▒▓██▓▓▓▓▓▓██▓▓▓▓▓█▓▓██
──▒█▓████████▒──────▓██▓▓▓▓▓▓█▓████▓▓██
──░█████▓▒██▒─────────▒████▓▓▓▓▓█████▓
───▒█▓────▓█────────────░▓███████▓▓██▓
───▒█─────▒▓───────────────░▒▓███████▓
───▓█───────────────────────────▒▓▓██▒
""",
"""
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XX XX
XX MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMMMMssssssssssssssssssssssssssMMMMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMss''' '''ssMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMyy'' ''yyMMMMMMMMMMMM XX
XX MMMMMMMMyy'' ''yyMMMMMMMM XX
XX MMMMMy'' ''yMMMMM XX
XX MMMy' 'yMMM XX
XX Mh' 'hM XX
XX - - XX
XX XX
XX :: :: XX
XX MMhh. ..hhhhhh.. ..hhhhhh.. .hhMM XX
XX MMMMMh ..hhMMMMMMMMMMhh. .hhMMMMMMMMMMhh.. hMMMMM XX
XX ---MMM .hMMMMdd:::dMMMMMMMhh.. ..hhMMMMMMMd:::ddMMMMh. MMM--- XX
XX MMMMMM MMmm'' 'mmMMMMMMMMyy. .yyMMMMMMMMmm' ''mmMM MMMMMM XX
XX ---mMM '' 'mmMMMMMMMM MMMMMMMMmm' '' MMm--- XX
XX yyyym' . 'mMMMMm' 'mMMMMm' . 'myyyy XX
XX mm'' .y' ..yyyyy.. '''' '''' ..yyyyy.. 'y. ''mm XX
XX MN .sMMMMMMMMMss. . . .ssMMMMMMMMMs. NM XX
XX N` MMMMMMMMMMMMMN M M NMMMMMMMMMMMMM `N XX
XX + .sMNNNNNMMMMMN+ `N N` +NMMMMMNNNNNMs. + XX
XX o+++ ++++Mo M M oM++++ +++o XX
XX oo oo XX
XX oM oo oo Mo XX
XX oMMo M M oMMo XX
XX +MMMM s s MMMM+ XX
XX +MMMMM+ +++NNNN+ +NNNN+++ +MMMMM+ XX
XX +MMMMMMM+ ++NNMMMMMMMMN+ +NMMMMMMMMNN++ +MMMMMMM+ XX
XX MMMMMMMMMNN+++NNMMMMMMMMMMMMMMNNNNMMMMMMMMMMMMMMNN+++NNMMMMMMMMM XX
XX yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy XX
XX m yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy m XX
XX MMm yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy mMM XX
XX MMMm .yyMMMMMMMMMMMMMMMM MMMMMMMMMM MMMMMMMMMMMMMMMMyy. mMMM XX
XX MMMMd ''''hhhhh odddo obbbo hhhh'''' dMMMM XX
XX MMMMMd 'hMMMMMMMMMMddddddMMMMMMMMMMh' dMMMMM XX
XX MMMMMMd 'hMMMMMMMMMMMMMMMMMMMMMMh' dMMMMMM XX
XX MMMMMMM- ''ddMMMMMMMMMMMMMMdd'' -MMMMMMM XX
XX MMMMMMMM '::dddddddd::' MMMMMMMM XX
XX MMMMMMMM- -MMMMMMMM XX
XX MMMMMMMMM MMMMMMMMM XX
XX MMMMMMMMMy yMMMMMMMMM XX
XX MMMMMMMMMMy. .yMMMMMMMMMM XX
XX MMMMMMMMMMMMy. .yMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMy. .yMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMs. .sMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMss. .... .ssMMMMMMMMMMMMMMMMMM XX
XX MMMMMMMMMMMMMMMMMMMMNo oNNNNo oNMMMMMMMMMMMMMMMMMMMM XX
XX XX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
.o88o. o8o .
888 `" `"' .o8
o888oo .oooo.o .ooooo. .ooooo. oooo .ooooo. .o888oo oooo ooo
888 d88( "8 d88' `88b d88' `"Y8 `888 d88' `88b 888 `88. .8'
888 `"Y88b. 888 888 888 888 888ooo888 888 `88..8'
888 o. )88b 888 888 888 .o8 888 888 .o 888 . `888'
o888o 8""888P' `Y8bod8P' `Y8bod8P' o888o `Y8bod8P' "888" d8'
.o...P'
`XER0'
""",
"""
:================:
/||# nmap -A _ ||
/ || ||
| || ||
\\ || ||
==================
........... / \\.............
:\\ ############ \\
: ---------------------------------
: | * |__________|| :::::::::: |
\\ | | || ....... |
--------------------------------- 8
""",
"""
....::::....
::::::::::::::::::::::::..
;;;;,,::::,,,,,,,,,,,,::::,,,,;;
,,ii,,,,iijjjjjjLLKKEEffjjjjjjii,,,,ii,,
..iiii,,;;LLffjj,,jjiiLLLL,,ii,,jjffLL,,,,;;ii
..ii,,,,jjjjLLjjjj;;jjLL##WWffjj;;jjjjLLjjtt,,,,ii..
::ii,,,,tt;;,,ffjjjj;;jjKKKKKKKKjj;;ffjjff,,;;tt,,,,ii,,
..ii,,iijj,,::::jj,,ff;;jjEE####EEjj;;ff,,jj::::,,jjii,,ii..
..iiiijjff;;::::jj::jj;;iijjEEEEjjii;;jj,,jj::::;;ffjjiiii..
..,,iiiiiiiiiiff::,,jj,,iiffff;;,,jj,,,,ffiiiiiiiiii,,..
::iijj;;ii,,;;ii;;jjjj;;iiii,,iiiijjii::
,,ii,,,,,,,,iijjjjii,,,,,,,,ii,,
..,,.. ..,,.. ..,,,,,,,,,,,,,,,,,,,,..
iijjjj iijjjj.. ..::::::::::::..
iittjj:: ,,iitt..
,,iiiitt.. ,,;;ii..
,,iijjjjii ,,;;ii....ii;;
,,iijjjjjj::,,iitt..,,jjjjjjtt;;;;,,.. ::iittii;; ..jjffttii,,
,,;;jjiiiitt,,;;ii..,,jjffttjjjjjjjjjj,, ,,jjjjjjjjii..::;;jjjjiijjii..
,,;;jj,,;;ttii;;ii..,,iijj,,iijjffiijjjj.. ,,ttttjjii::iiffff;;iijjii
,,iijj..;;ttjjiitt..,,iitt..iijjjj,,iijj;;..iijjjjttjjjj::;;jjii..iiiiii
,,iijj ::;;iijjjj..,,iijj..iijjjj,,iijj;;,,jjLLiiiijjjj,,iiffff;;iijjii
,,iijj ,,;;;;tt..,,iitt..iijjjj,,iijj;;iijjjj iijjjj,,;;jjjjiijjii..
,,;;jj ..;;;;ii..,,iijj..;;jjjj,,iijj;;iijjffiiiijjjj,,;;jjtt;;..
iiiijj iittjj..;;jjjj..iijjff,,iijj;;..iijjjjjjjjjj,,;;jjii
..;;:: ..;;,, ..;;,, ..,,.. ,,;; ..,,ii;;ii,, ,,;;..
""",
"""
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░░▓████████████████████████▒░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░▓█████▓▒░░░░░░░░░░░░░░░▒██████▒░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░████▒░░░░░░░░░░░░░░░░░░░░░░░░░▓███▒░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░███░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░███░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░▒██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒██░░░░░░░░░░░░░░
░░░░░░░░░░░░░▒██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░░░░░░░░░░░░
░░░░░░░░░░░░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░░░░░░░░░░░
░░░░░░░░░░░░██▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░░██░░░░░░░░░░░░
░░░░░░░░░░░░██░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░██░░░░░░░░░░░
░░░░░░░░░░░░██░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░██░░░░░░░░░░░
░░░░░░░░░░░░██░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░██░░░░░░░░░░░
░░░░░░░░░░░░██▒░██▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██▓░▒██░░░░░░░░░░░
░░░░░░░░░░░░░██░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░██░░░░░░░░░░░░
░░░░░░░░░░░░░██▒░██░░░░░▒▒▓███▒░░░░░░░▒███▓▒▒░░░░░██░▓██░░░░░░░░░░░░
░░░░░░░░░░░░░░██░██░░██████████▒░░░░░▓██████████░░██▒██░░░░░░░░░░░░░
░░░░░░░░░░░░░░░████░████████████░░░░░████████████░████░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░███░▒██████████░░░░░░░██████████▒░██▒░░░░░░░░░▒░░░░░
░░░░▒████░░░░░░░▓█▒░░█████████░░░░░░░░░█████████░░▒█▓░░░░░░▓████░░░░
░░░░██░▒██▒░░░░░██░░░░██████▓░░░░█░█░░░░███████░░░░██░░░░░███░░██░░░
░░░░██░░░██▓░░░░██░░░░░░▒▓▓░░░░▒██░██░░░░░▓▓▒░░░░░▒██░░░░███░░░██░░░
░░▓██▒░░░░████▓░░██░░░░░░░░░░░░███░███░░░░░░░░░░░░██░░█████░░░░▓██▒░
░██▓░░░░░░░░▒████████▓░░░░░░░░████░███▓░░░░░░░▒▓████████░░░░░░░░░███
░██▓▒▓███▓░░░░░░▓████████▓░░░░████░███▓░░░░▓████████▓░░░░░░████▓▓███
░░███████████▒░░░░░░███████░░░░██░░░██░░░░██████▓░░░░░░▓███████████░
░░░░░░░░░░░▓█████░░░░██▓▓░██░░░░░░░░░░░░░██░█▒██░░░▒█████▓░░░░░░░░░░
░░░░░░░░░░░░░░▒█████▒▒█▓█░███▓▓▒▒▒▓▒▒▓▓▓███▒███░▓█████░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░▒████▒▓█▒▒█░█▒█░█░█▓█▒█▓░█░█████▒░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░██░░██▓█▓█▓█▒█▒█▓█▓████░▓█▓░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░▓████▓░▓█▓█░█▒█░█░█▒█▒███▒░██████░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░▓█████░░██░░░▒█████▓█▓█████▒░░░██░▒█████▓░░░░░░░░░░░░░
░░░░░▒██████████▓░░░░░███░░░░░░░░░░░░░░░░░░░██▒░░░░░▓██████████▒░░░░
░░░░░██░░░▓▓▓░░░░░░▒██████▓░░░░░░░░░░░░░░░███████▒░░░░░░▓▓▒░░▒██░░░░
░░░░░▓██░░░░░░░░▓████▓░░░█████▒░░░░░░▒▓█████░░░▓████▓░░░░░░░▒██▓░░░░
░░░░░░░███░░░░████▒░░░░░░░░▓█████████████▒░░░░░░░░▒████░░░░███░░░░░░
░░░░░░░░██░░░██▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▓██░░░██░░░░░░░
░░░░░░░░██▒▓██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒██▒▓██░░░░░░░
░░░░░░░░░████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░████░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
""",
"""
███████████▓▓▓▓▓▓▓▓▒░░░░░▒▒░░░░░░░▓█████
██████████▓▓▓▓▓▓▓▓▒░░░░░▒▒▒░░░░░░░░▓████
█████████▓▓▓▓▓▓▓▓▒░░░░░░▒▒▒░░░░░░░░░▓███
████████▓▓▓▓▓▓▓▓▒░░░░░░░▒▒▒░░░░░░░░░░███
███████▓▓▓▓▓▓▓▓▒░░▒▓░░░░░░░░░░░░░░░░░███
██████▓▓▓▓▓▓▓▓▒░▓████░░░░░▒▓░░░░░░░░░███
█████▓▒▓▓▓▓▓▒░▒█████▓░░░░▓██▓░░░░░░░▒███
████▓▒▓▒▒▒░░▒███████░░░░▒████░░░░░░░░███
███▓▒▒▒░░▒▓████████▒░░░░▓████▒░░░░░░▒███
██▓▒▒░░▒██████████▓░░░░░▓█████░░░░░░░███
██▓▒░░███████████▓░░░░░░▒█████▓░░░░░░███
██▓▒░▒██████████▓▒▒▒░░░░░██████▒░░░░░▓██
██▓▒░░▒███████▓▒▒▒▒▒░░░░░▓██████▓░░░░▒██
███▒░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░███████▓░░░▓██
███▓░░░░░▒▒▒▓▓▒▒▒▒░░░░░░░░░██████▓░░░███
████▓▒▒▒▒▓▓▓▓▓▓▒▒▓██▒░░░░░░░▓███▓░░░░███
██████████▓▓▓▓▒▒█████▓░░░░░░░░░░░░░░████
█████████▓▓▓▓▒▒░▓█▓▓██░░░░░░░░░░░░░█████
███████▓▓▓▓▓▒▒▒░░░░░░▒░░░░░░░░░░░░██████
██████▓▓▓▓▓▓▒▒░░░░░░░░░░░░░░░░▒▓████████
██████▓▓▓▓▓▒▒▒░░░░░░░░░░░░░░░▓██████████
██████▓▓▓▓▒▒██████▒░░░░░░░░░▓███████████
██████▓▓▓▒▒█████████▒░░░░░░▓████████████
██████▓▓▒▒███████████░░░░░▒█████████████
██████▓▓░████████████░░░░▒██████████████
██████▓░░████████████░░░░███████████████
██████▓░▓███████████▒░░░████████████████
██████▓░███████████▓░░░█████████████████
██████▓░███████████░░░██████████████████
██████▓▒██████████░░░███████████████████
██████▒▒█████████▒░▓████████████████████
██████░▒████████▓░██████████████████████
██████░▓████████░███████████████████████
██████░████████░▒███████████████████████
█████▓░███████▒░████████████████████████
█████▒░███████░▓████████████████████████
█████░▒██████░░█████████████████████████
█████░▒█████▓░██████████████████████████
█████░▓█████░▒██████████████████████████
█████░▓████▒░███████████████████████████
█████░▓███▓░▓███████████████████████████
██████░▓▓▒░▓████████████████████████████
███████▒░▒██████████████████████████████
████████████████████████████████████████
████████████████████████████████████████
"""
]
EVT_STRS = random.choice(evntstrslist)
EVT_DATA = random.choice(evntstrslist).decode()
win32evtlogutil.ReportEvent(EVT_APP_NAME, EVT_ID, EVT_CATEG, eventType=win32evtlog.EVENTLOG_WARNING_TYPE, strings = EVT_STRS, data = EVT_DATA)
def write_result_eventlog_hierarchy(self, res):
ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(\
th, win32security.TokenUser)[0]
myType = win32evtlog.EVENTLOG_WARNING_TYPE
applicationName = "SysmonCorrelator"
tab = '--'
data = "Not configured, use -l option"
for anomaly in res:
eventID = anomaly['RuleID']
category = 1
descr = [
"RuleName: " + anomaly['Rulename'],
"RuleID: " + str(anomaly['RuleID']),
"Computer: " + anomaly['Computer'],
"Data: ",
]
alert = ""
alert += "\n"
alert += "\tPHE ALERT [%s]: %s\n" % (anomaly['RuleID'],
anomaly['Rulename'])
tab = '--'
ntabs = 0
for process in reversed(anomaly['ProcessChain']):
ntabs += 1
if process.acciones['1'][0]['Alert']:
alert += "\t!%s> %s (%s) [%s] %s\n" % (
tab * ntabs, get_action_from_id(1), process.pid,
process.acciones['1'][0]['ProcessTTL'], process.cmd)
#process.acciones['1'][0]['Alert'] = False
else:
alert += "\t%s> %s (%s) [%s] %s\n" % (
tab * ntabs, get_action_from_id(1), process.pid,
process.acciones['1'][0]['ProcessTTL'], process.cmd)
for action_type in process.acciones:
for action in process.acciones[action_type]:
param = get_default_parameter_from_id(\
int(action_type))
if int(action_type) != 1:
if action['Alert']:
alert += "\t!%s> %s %s\n" %\
(tab*(ntabs+2), \
get_action_from_id(int(action_type)),
action[param])
# Special case for Real Parent
elif action['CreationType'] == 'InjectedThread':
alert += "\t!%s> [I] REAL PARENT %s\n" % \
(tab*(ntabs+2),
action['RealParent'])
descr.append(alert)
self.log.debug("Writing to eventlog: %s" % anomaly)
win32evtlogutil.ReportEvent(applicationName,
eventID,
eventCategory=category,
eventType=myType,
strings=descr,
data=data,
sid=my_sid)
# Writing to the windows logs in Python
import win32evtlogutil
win32evtlogutil.ReportEvent(ApplicationName, EventID, EventCategory, EventType,
Inserts, Data, SID)
def log_msg(prog, event_id, msg_type, message):
win32evtlogutil.ReportEvent(prog,
event_id,
eventType=msg_type,
strings=[message])
def test():
# check if running on Windows NT, if not, display notice and terminate
if win32api.GetVersion() & 0x80000000:
print("This sample only runs on NT")
return
import sys, getopt
opts, args = getopt.getopt(sys.argv[1:], "rwh?c:t:v")
computer = None
do_read = do_write = 1
logType = "Application"
verbose = 0
if len(args) > 0:
print("Invalid args")
usage()
return 1
for opt, val in opts:
if opt == '-t':
logType = val
if opt == '-c':
computer = val
if opt in ['-h', '-?']:
usage()
return
if opt == '-r':
do_read = 0
if opt == '-w':
do_write = 0
if opt == '-v':
verbose = verbose + 1
if do_write:
ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(th,
win32security.TokenUser)[0]
win32evtlogutil.ReportEvent(
logType,
2,
strings=["The message text for event 2", "Another insert"],
data="Raw\0Data".encode("ascii"),
sid=my_sid)
win32evtlogutil.ReportEvent(
logType,
1,
eventType=win32evtlog.EVENTLOG_WARNING_TYPE,
strings=["A warning", "An even more dire warning"],
data="Raw\0Data".encode("ascii"),
sid=my_sid)
win32evtlogutil.ReportEvent(
logType,
1,
eventType=win32evtlog.EVENTLOG_INFORMATION_TYPE,
strings=["An info", "Too much info"],
data="Raw\0Data".encode("ascii"),
sid=my_sid)
print("Successfully wrote 3 records to the log")
if do_read:
ReadLog(computer, logType, verbose > 0)
class SyslogUDPHandler(SocketServer.BaseRequestHandler):
def handle(self):
data = bytes.decode(self.request[0].strip())
socket = self.request[1]
print()
win32evtlogutil.ReportEvent(
logger_name, # Application name
1001, # Event ID
0, # Event category
win32evtlog.EVENTLOG_INFORMATION_TYPE,
(self.client_address[0], str(data)))
if __name__ == "__main__":
try:
win32evtlogutil.AddSourceToRegistry(logger_name)
win32evtlogutil.ReportEvent(
logger_name, # Application name
1001, # Event ID
0, # Event category
win32evtlog.EVENTLOG_INFORMATION_TYPE,
(logger_name, "Started."))
server = SocketServer.UDPServer((HOST, PORT), SyslogUDPHandler)
server.serve_forever(poll_interval=0.5)
except (IOError, SystemExit):
raise
except KeyboardInterrupt:
print("Crtl+C Pressed. Shutting down.")
c, addr = s.accept() # Establish connection with client.
hostname = str(addr[0])
print("Got connection from %s" % hostname)
c.send(nasty_msg)
print("Blocking the address: %s" % hostname)
# If there is a full connection, create a firewall rule
# Run the command associated with the platform being run:
if platform == "Windows":
print("Sending alert to EVENT LOG")
win32evtlogutil.ReportEvent(
"HoneyPortAlert",
4242,
eventType=win32evtlog.EVENTLOG_WARNING_TYPE,
strings=[
"Detected HoneyPort Hit",
"HoneyPort hit from " + hostname + " on port " + str(port)
],
data=(hostname + "\0" + str(port)).encode("ascii"))
print("Creating a Windows Firewall Rule\n")
fw_result = call(
'netsh advfirewall firewall add rule name="honeyports" dir=in remoteip= '
+ hostname + ' localport=any protocol=TCP action=block > NUL',
shell=True)
flush = 'netsh', 'advfirewall reset'
fwlist = "netsh", """ advfirewall firewall show rule name=honeyports | find "RemoteIP" """
elif platform == "Linux":
print("Creating a Linux Firewall Rule\n")
fw_result = os.popen('/sbin/iptables -A INPUT -s ' + hostname +
import win32api
import win32con
import win32evtlog
import win32security
import win32evtlogutil
ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
applicationName = "My Application"
eventID = 1
category = 5 # Shell
myType = win32evtlog.EVENTLOG_WARNING_TYPE
descr = ["A warning", "An even more dire warning"]
data = "Application\0Data".encode("ascii")
win32evtlogutil.ReportEvent(applicationName,
eventID,
eventCategory=category,
eventType=myType,
strings=descr,
data=data,
sid=my_sid)
def SvcDoRun(self):
# import servicemanager
# Write a 'started' event to the event log... (not required)
#
win32evtlogutil.ReportEvent(self._svc_name_,
servicemanager.PYS_SERVICE_STARTED, 0,
servicemanager.EVENTLOG_INFORMATION_TYPE,
(self._svc_name_, ''))
# methode 1: wait for beeing stopped ...
# win32event.WaitForSingleObject(self.hWaitStop, win32event.INFINITE)
# methode 2: wait for beeing stopped ...
self.timeout = 1000
self.logger.info('service is begin...')
cnt_end = 0 #结束文件时行数
while self.isAlive:
# wait for service stop signal, if timeout, loop again
rc = win32event.WaitForSingleObject(self.hWaitStop, self.timeout)
self.logger.info('service is running...')
if self._CompareDateFile(): #当前时间和文件里时间一样
cnt = self._getLineCnt() #初始行数
self.logger.info('开始行数cnt' + str(cnt))
if self._getLineCnt() and (cnt_end != cnt): #内容不为空
#---------------------
for line in linecache.getlines(self.case_log_file):
start = line.find('|') #第一个|
end = line.find('|', line.find('|') + 1) #第二个|
if line[start + 1:end] == '1014': #发现错误
print(line[start - 19:start])
#os.system('mstsc')
self.logger.info('执行mstsc') #重启pos机
else:
self.logger.info('没新记录')
cnt_end = self._getLineCnt()
self.logger.info('最后行数cnt_end' + str(cnt_end))
time.sleep(50) #间隔一分钟
else: #当前时间和文件时间不一致,寻找当前时间的日志
current_time = time.strftime('%Y%m%d',
time.localtime(
time.time())) #当前时间
self.case_log_file = os.path.join(self.case_log_dir, 'CASE_' +
current_time + '.log') #文件
cnt = self._getLineCnt() #初始行数
cnt_end = 0 #结束时文件行数
if self._getLineCnt(): #内容不为空
#---------------------
for line in linecache.getlines(self.case_log_file):
start = line.find('|') #第一个|
end = line.find('|', line.find('|') + 1) #第二个|
if line[start + 1:end] == '1014': #发现错误
print(line[start - 19:start])
#os.system('mstsc')
self.logger.info('执行mstsc') #重启pos机
cnt_end = self._getLineCnt() #是否有新增行
time.sleep(50)
# ---------------------
# and write a 'stopped' event to the event log (not required)
#
win32evtlogutil.ReportEvent(self._svc_name_,
servicemanager.PYS_SERVICE_STOPPED, 0,
servicemanager.EVENTLOG_INFORMATION_TYPE,
(self._svc_name_, ''))
self.ReportServiceStatus(win32service.SERVICE_STOPPED)
return
def log(eventID, category, logdesc, data):
eventType = 4
if category in eventCategories:
eventType = eventCategories[category]
win32evtlogutil.ReportEvent(applicationName, eventID, eventCategory=eventType, eventType=eventType, strings=logdesc, data=data.encode('ascii'), sid=token_sid)
def _log_detail(self, descripton, type):
win32evtlogutil.ReportEvent(self.appName, 1, eventType=type, strings=[descripton])