def __init__(self, plugin_adminstrator, config=None, recursive=True):
self.config = config
# additional init stuff can go here
self.IPAndURIFinder = CommonAnalysisIPAndURIFinder()
super().__init__(plugin_adminstrator,
config=config,
recursive=recursive,
plugin_path=__file__)
def __init__(self, plugin_administrator, config=None, recursive=True):
self.config = config
self.ip_and_uri_finder = CommonAnalysisIPAndURIFinder()
self.reader = geoip2.database.Reader(str(GEOIP_DATABASE_PATH))
super().__init__(plugin_administrator,
config=config,
recursive=recursive,
plugin_path=__file__)
def __init__(self, plugin_administrator, config=None, recursive=True):
self.config = config
self.ip_and_uri_finder = CommonAnalysisIPAndURIFinder()
try:
self.reader = geoip2.database.Reader(str(GEOIP_DATABASE_PATH))
except FileNotFoundError:
logging.error('could not load GeoIP database')
self.reader = None
super().__init__(plugin_administrator, config=config, recursive=recursive, plugin_path=__file__)
class AnalysisPlugin(BasePlugin):
'''
This plug-in finds IPs and URIs
'''
NAME = 'ip_and_uri_finder'
DEPENDENCYS = []
VERSION = '0.3'
DESCRIPTION = 'search for IPs and URIs'
FILE = __file__
VERSION = ip_and_uri_finder_analysis.system_version
def __init__(self, plugin_adminstrator, config=None, recursive=True):
self.config = config
# additional init stuff can go here
self.IPAndURIFinder = CommonAnalysisIPAndURIFinder()
super().__init__(plugin_adminstrator,
config=config,
recursive=recursive,
plugin_path=__file__)
def process_object(self, file_object):
result = self.IPAndURIFinder.analyze_file(file_object.file_path,
separate_ipv6=True)
logging.debug(result)
for key in ['uris', 'ips_v4', 'ips_v6']:
result[key] = self._remove_duplicates(result[key])
file_object.processed_analysis[self.NAME] = result
file_object.processed_analysis[
self.NAME]['summary'] = self._get_summary(result)
return file_object
@staticmethod
def _get_summary(results):
summary = []
for key in ['uris', 'ips_v4', 'ips_v6']:
summary.extend(results[key])
return summary
@staticmethod
def _remove_duplicates(l):
return list(set(l))
class AnalysisPlugin(AnalysisBasePlugin):
'''
This plug-in finds IPs and URIs
'''
NAME = 'ip_and_uri_finder'
DEPENDENCIES = []
MIME_BLACKLIST = ['filesystem']
DESCRIPTION = 'search for IPs and URIs'
VERSION = '0.4.2'
def __init__(self, plugin_administrator, config=None, recursive=True):
self.config = config
self.ip_and_uri_finder = CommonAnalysisIPAndURIFinder()
self.reader = geoip2.database.Reader(str(GEOIP_DATABASE_PATH))
super().__init__(plugin_administrator,
config=config,
recursive=recursive,
plugin_path=__file__)
def process_object(self, file_object):
result = self.ip_and_uri_finder.analyze_file(file_object.file_path,
separate_ipv6=True)
for key in ['uris', 'ips_v4', 'ips_v6']:
result[key] = self._remove_duplicates(result[key])
result['ips_v4'] = self._remove_blacklisted(result['ips_v4'],
IP_V4_BLACKLIST)
result['ips_v6'] = self._remove_blacklisted(result['ips_v6'],
IP_V6_BLACKLIST)
file_object.processed_analysis[self.NAME] = self._get_augmented_result(
self.add_geo_uri_to_ip(result))
return file_object
def _get_augmented_result(self, result):
result['summary'] = self._get_summary(result)
result['system_version'] = ip_and_uri_finder_analysis.system_version
return result
def add_geo_uri_to_ip(self, result):
for key in ['ips_v4', 'ips_v6']:
result[key] = self.link_ips_with_geo_location(result[key])
return result
def find_geo_location(self, ip_address):
response = self.reader.city(ip_address)
return '{}, {}'.format(response.location.latitude,
response.location.longitude) # pylint: disable=no-member
def link_ips_with_geo_location(self, ip_adresses):
linked_ip_geo_list = []
for ip in ip_adresses:
try:
ip_tuple = ip, self.find_geo_location(ip)
except (AddressNotFoundError, FileNotFoundError, ValueError,
InvalidDatabaseError) as exception:
logging.debug('{} {}'.format(type(exception), str(exception)))
ip_tuple = ip, ''
linked_ip_geo_list.append(ip_tuple)
return linked_ip_geo_list
@staticmethod
def _get_summary(results):
summary = []
for key in ['uris']:
summary.extend(results[key])
for key in ['ips_v4', 'ips_v6']:
for i in results[key]:
summary.append(i[0])
return summary
@staticmethod
def _remove_duplicates(input_list):
return list(set(input_list))
@staticmethod
def _remove_blacklisted(ip_list, blacklist):
for ip, blacklist_entry in product(ip_list, blacklist):
if search(blacklist_entry, ip):
with suppress(ValueError):
ip_list.remove(ip)
return ip_list
class AnalysisPlugin(AnalysisBasePlugin):
'''
This plug-in finds IPs and URIs
'''
NAME = 'ip_and_uri_finder'
DEPENDENCIES = []
DESCRIPTION = 'search for IPs and URIs'
VERSION = ip_and_uri_finder_analysis.system_version
def __init__(self, plugin_administrator, config=None, recursive=True):
self.config = config
# additional init stuff can go here
self.IPAndURIFinder = CommonAnalysisIPAndURIFinder()
self.reader = geoip2.database.Reader(geoip_database_path)
super().__init__(plugin_administrator,
config=config,
recursive=recursive,
plugin_path=__file__)
def process_object(self, file_object):
result = self.IPAndURIFinder.analyze_file(file_object.file_path,
separate_ipv6=True)
logging.debug(result)
for key in ['uris', 'ips_v4', 'ips_v6']:
result[key] = self._remove_duplicates(result[key])
result = self.add_geo_uri_to_ip(result)
file_object.processed_analysis[self.NAME] = result
file_object.processed_analysis[
self.NAME]['summary'] = self._get_summary(result)
return file_object
def add_geo_uri_to_ip(self, result):
for key in ['ips_v4', 'ips_v6']:
result[key] = self.link_ips_with_geo_location(result[key])
return result
def find_geo_location(self, ip_address):
response = self.reader.city(ip_address)
return '{}, {}'.format(response.location.latitude,
response.location.longitude)
def link_ips_with_geo_location(self, ip_adresses):
linked_ip_geo_list = []
for ip in ip_adresses:
try:
ip_tuple = ip, self.find_geo_location(ip)
except (AddressNotFoundError, FileNotFoundError, ValueError,
InvalidDatabaseError) as exception:
logging.debug('{} {}'.format(type(exception), str(exception)))
ip_tuple = ip, ''
linked_ip_geo_list.append(ip_tuple)
return linked_ip_geo_list
@staticmethod
def _get_summary(results):
summary = []
for key in ['uris']:
summary.extend(results[key])
for key in ['ips_v4', 'ips_v6']:
for i in results[key]:
summary.append(i[0])
return summary
@staticmethod
def _remove_duplicates(l):
return list(set(l))