Python DshieldSubmit.post 예제들

예제 #1

파일: spamparser.py 프로젝트: jdiazmx/dshield

#!/usr/bin/env python

import email
import json
from sys import stdin
from DShield import DshieldSubmit
import hashlib

Message = "".join(stdin.readlines())
msg = email.message_from_string(Message)
data = {'files': [], 
        'subject': msg['subject'], 
        'from': msg['from'], 
        'message-id': msg['message-id']}
if msg.is_multipart():
    for part in msg.get_payload():
        filename = part.get_filename()
        payload=part.get_payload(decode=True)
        shahash=hashlib.sha256(payload).hexdigest()
        filesize=len(payload)
        filetype=part.get_content_type()
        if filename:
            data['files'].append({'filename': filename, 
                                  'sha256hash': shahash, 
                                  'filesize': filesize,
                                  'filetype': filetype})
d = DshieldSubmit('')
data['type'] = 'email'
d.post(data)

예제 #2

import json
from sys import stdin
from DShield import DshieldSubmit
import hashlib

Message = "".join(stdin.readlines())
msg = email.message_from_string(Message)
data = {
    'files': [],
    'subject': msg['subject'],
    'from': msg['from'],
    'message-id': msg['message-id']
}
if msg.is_multipart():
    for part in msg.get_payload():
        filename = part.get_filename()
        payload = part.get_payload(decode=True)
        shahash = hashlib.sha256(payload).hexdigest()
        filesize = len(payload)
        filetype = part.get_content_type()
        if filename:
            data['files'].append({
                'filename': filename,
                'sha256hash': shahash,
                'filesize': filesize,
                'filetype': filetype
            })
d = DshieldSubmit('')
data['type'] = 'email'
d.post(data)

예제 #3

파일: fwlogparser.py 프로젝트: powerjc/dshield

    linere = re.compile(d.logtypesregex[logformat])
    while line and j < maxlines:
        i += 1
        data = (parse(line, logformat, linere))
        if data is not None:
            j += 1
            lastdate = data['time']
            if (j % skip) == 0:
                logs.append(data)
        line = f.readline()
    if debug > 1:
        d.log(json.dumps(logs))
d.log("processed %d lines total and %d new lines and ended at %s" %
      (i, j, data['time']))
f = open(lastcount, 'w')
f.write(str(lastdate))
f.close()
if (j == maxlines):
    d.log("incrementing skip value from %d" % (skip))
    skip = skip + 1
else:
    skip = 1
d.log("new skip value is %d" % (skip))
f = open(skipvalue, 'w')
f.write(str(skip))
f.close()
logobject = {'type': 'firewall', 'logs': logs}
if debug == 0:
    d.post(logobject)
os.remove(pidfile)

예제 #4

파일: ufwparser.py 프로젝트: vutral/dshield

    f = open(lastcount, 'r')
    startdate = float(f.readline())
    f.close()
logs = []
i = 0
j = 0
data = []
lastdate = ''
if startdate == '':
    startdate = 0
print "opening %s and starting with %d" % (logfile, startdate)
with open(logfile, 'r') as f:
    lines = f.readlines()
    for line in lines:
        i += 1
        data = (parse(line))
        if data is not None:
            j += 1
            lastdate = str(mktime(data['time'].timetuple()))
            data['time'] = data['time'].strftime('%Y-%m-%d %H:%M:%S')
            logs.append(data)
    print json.dumps(logs)
print "processed %d lines total and %d new lines and ended at %s" % (
    i, j, data['time'])
f = open(lastcount, 'w')
f.write(lastdate)
f.close()
l = {'type': 'firewall', 'logs': logs}
d.post(l)
os.remove(pidfile)

예제 #5

파일: weblogsubmit.py 프로젝트: jdiazmx/dshield

    logdata['dip']=r[6]
    logdata['method']=str(r[3])
    logdata['url']=str(r[4])
    logdata['useragent']=str(r[5])
    lasttime = int(float(r[0]))+1
    linecount = linecount+1
    logs.append(logdata)
if starttime == lasttime:
    conn.close()
    os.remove(pidfile)
    sys.exit(1)
try:
    c.execute("INSERT INTO submissions (timestamp,linessent) VALUES (?,?)",(lasttime,linecount))
    conn.commit()
    conn.close()
except sqlite3.Error, e:
    print "Error %s:" % e.args[0]
    os.remove(pidfile)
    sys.exit(1)

l = {'type': 'webhoneypot', 'logs': logs} # Changed type from 404report to reflect addition of new header data
d.post(l)
os.remove(pidfile)

try:
    os.popen("systemctl restart webpy")  # Web.py seems to hang periodically, so to bandaid this situation, we restart web.py twice an hour
except:
    pass

예제 #6

파일: fwlogparser.py 프로젝트: xme/dshield

logformat = ''
if startdate == '':
    startdate = 0
d.log("opening %s and starting with %d" % (logfile, startdate))
with open(logfile, 'r') as f:
    lines = f.readlines()
    logformat=d.identifylog(lines[0])
    if logformat == '':
        d.log("Can not identify log format")
        sys.exit('Unable to identify log format')
    if debug > 0:
        d.log("logformat  %s" % logformat)
    linere=re.compile(d.logtypesregex[logformat])
    for line in lines:
        i += 1
        data = (parse(line,logformat,linere))
        if data is not None:
            j += 1
            lastdate = data['time']
            logs.append(data)
    if debug > 1:
        d.log(json.dumps(logs))
d.log("processed %d lines total and %d new lines and ended at %s" % (i, j, data['time']))
f = open(lastcount, 'w')
f.write(str(lastdate))
f.close()
logobject = {'type': 'firewall', 'logs': logs}
if debug == 0:
    d.post(logobject)
os.remove(pidfile)