def parse(self, pkt, payload): if not payload: print 'none' yield None else: match = self.CONNECT_RE.search(payload) if match: print match (nick, username, server, full_name) = match.groups() print match.groups() yield Identity(service=server, event='connect', type='handle', value=nick, certainty=0.7) yield Identity(service=server, event='connect', type='name', value=full_name, certainty=0.3) yield Identity(service=server, event='connect', type='username', value=username, certainty=0.25) match = self.TOPIC_RE.search(payload) if match: (server, nick, channel) = match.groups() yield Identity(service='%s: %s' % (server, channel), event='topic', type='handle', value=nick, certainty=1)
def parse(self, pkt, payload): if payload: match = self.MODEL_RE.search(payload) if match: yield Identity(service='Machine', event='broadcast', type='machine_type', value=match.group(1), certainty=0.7) match = self.NAME_RE.search(payload) if match: yield Identity(service='Machine', event='broadcast', type='hostname', value=match.group(1), certainty=0.7)
def parse(self, pkt, payload): match = self.DOMAIN_RE.search(payload) if match: yield Identity(service='Machine', event='broadcast', type='machine_name', value=match.group(1), certainty=1)
def parse(self, pkt, payload): if payload: match = self.SERVER_RE.search(payload) if match: yield Identity(service='Machine', event='broadcast', type='Operating System', value=match.group(1), certainty=0.8)
def test_channel_join(self): test_data = self._load_testdata('incoming_channel_join.pcap') responses = list(irc_outgoing.IrcOutgoing().parse(test_data[0])) expected_nick = Identity('zelazny.freenode.net: #hsbxl', 'topic', 'handle', 'helixblue', certainty=1) self.assertEquals(responses[0], expected_nick)
def parse(self, pkt, payload): if payload: match = self.PING_RE.search(payload) if match: yield Identity(service='Yahoo Instant Messenger', event='broadcast', type='login', value=match.group(1), certainty=1.0)
def test_connect(self): test_data = self._load_testdata('connect.pcap') responses = list(irc_outgoing.IrcOutgoingParser().parse(test_data[0])) expected_nick = Identity('irc.freenode.net', 'connect', 'handle', 'helixblue', certainty=0.7) self.assertEquals(responses[0], expected_nick) self.assertEquals(responses[1].value, 'thomas') self.assertEquals(responses[1].type, 'name') self.assertEquals(responses[2].value, 'tstromberg') self.assertEquals(responses[2].type, 'username')
def parse(self, pkt, payload): if not payload: yield None else: match = self.AGENT_RE.search(payload) if match: yield Identity(service='Browser', event='Request', type='browser_version', value=match.group(1), certainty=0.5) # Wordpress if 'POST /wp-admin/' in payload: match = re.search('Host: ([\w\.]+)', payload) if match: yield Identity(service='Wordpress', event='Admin', type='url', value=match.group(1), certainty=0.7) # Google Talk match = self.GMAIL_CHAT_RE.search(payload) if match: yield Identity(service='Google Talk', event='Update', type='login', value=match.group(1), certainty=0.8) yield Identity(service='Google Account', event='Update', type='login', value=match.group(1), certainty=0.5) # GMail elif 'GET /mail/' in payload: match = re.search('\&gausr=(%s)' % self.EMAIL_REGEXP, payload) if match: yield Identity(service='Google Account', event='Access', type='login', value=match.group(1), certainty=0.8) yield Identity(service='Gmail', event='Access', type='login', value=match.group(1), certainty=0.8) yield Identity(service='Gmail', event='Access', type='email', value=match.group(1), certainty=0.5) # Gravatar match = self.GRAVATAR_RE.search(payload) if match: yield Identity(service='Gravatar', event='Access', type='login', value=match.group(1), certainty=1) # brizzly.com if 'Brizzly%20%20%2F%20' in payload: match = re.search('Brizzly%20%20%2F%20(\w+)%0A', payload) if match: yield Identity(service='Brizzly', event='Access', type='login', value=match.group(1), certainty=1) # Generic e-mail elif '&email=' in payload: match = re.search('&email=(%s)' % self.EMAIL_REGEXP, payload) if match: yield Identity(service='E-Mail', event='POST', type='email', value=match.group(1), certainty=0.5)
def parse(self, pkt, payload): match = self.GOOGLE_USERMAIL_RE.search(payload) if match: yield Identity(service='Google Account', event='Access', type='login', value=match.group(1), certainty=0.8) yield Identity(service='Gmail', event='Access', type='login', value=match.group(1), certainty=0.8) yield Identity(service='Gmail', event='Access', type='email', value=match.group(1), certainty=0.5) # Used by Google match = self.GOOGLE_UJ_RE.search(payload) if match: yield Identity(service='Google Account', event='Access', type='login', value=match.group(1), certainty=0.8) # Used by Twitter match = self.TWITTER_RE.search(payload) if match: yield Identity(service='Twitter', event='Access', type='handle', value=match.group(1), certainty=0.8) match = self.FLICKR_RE.search(payload) if match: yield Identity(service='Flickr', event='Access', type='handle', value=match.group(1), certainty=0.7) match = self.PICASAWEB_ALBUM_RE.search(payload) if match: yield Identity(service='PicasaWeb', event='Access', type='handle', value=match.group(1), certainty=0.4) match = self.PICASAWEB_AUTH_USER_RE.search(payload) if match: yield Identity(service='PicasaWeb', event='Access', type='handle', value=match.group(1), certainty=0.4) match = self.YOUTUBE_TITLE_RE.search(payload) if match: yield Identity(service='YouTube', event='Access', type='login', value=match.group(1), certainty=0.4) match = self.YOUTUBE_UTIL_LINKS_RE.search(payload) if match: yield Identity(service='YouTube', event='Access', type='login', value=match.group(1), certainty=0.4) match = self.FACEBOOK_MENU_LINK_RE.search(payload) if match: yield Identity(service='Facebook', event='Access Main', type='name', value=match.group(1), certainty=1) match = self.FACEBOOK_PROFILE_TITLE_RE.search(payload) if match: yield Identity(service='Facebook', event='Profile', type='name', value=match.group(1), certainty=1) match = self.FACEBOOK_PROFILE_STATUS_RE.search(payload) if match: yield Identity(service='Facebook', event='Access', type='status', value=match.group(1), certainty=1) match = self.GOOGLE_GUSER_RE.search(payload) if match: yield Identity(service='Google Account', event='Access', type='login', value=match.group(1), certainty=0.5) match = self.GMAIL_CFS_RE.search(payload) if match: yield Identity(service='GMail', event='Access', type='name', value=match.group(1), certainty=0.9) yield Identity(service='Google Account', event='Access', type='login', value=match.group(2), certainty=0.7) yield Identity(service='GMail', event='Access', type='email', value=match.group(2), certainty=0.5) match = self.GMAIL_UGN_RE.search(payload) if match: yield Identity(service='GMail', event='Access', type='name', value=match.group(1), certainty=0.9) match = self.LINKEDIN_WELCOME.search(payload) if match: yield Identity(service='LinkedIn', event='Access Main', type='name', value=match.group(1), certainty=1)