def __init__(self, plugin_adminstrator, config=None, recursive=True): self.config = config # additional init stuff can go here self.IPAndURIFinder = CommonAnalysisIPAndURIFinder() super().__init__(plugin_adminstrator, config=config, recursive=recursive, plugin_path=__file__)
def __init__(self, plugin_administrator, config=None, recursive=True): self.config = config self.ip_and_uri_finder = CommonAnalysisIPAndURIFinder() self.reader = geoip2.database.Reader(str(GEOIP_DATABASE_PATH)) super().__init__(plugin_administrator, config=config, recursive=recursive, plugin_path=__file__)
def __init__(self, plugin_administrator, config=None, recursive=True): self.config = config self.ip_and_uri_finder = CommonAnalysisIPAndURIFinder() try: self.reader = geoip2.database.Reader(str(GEOIP_DATABASE_PATH)) except FileNotFoundError: logging.error('could not load GeoIP database') self.reader = None super().__init__(plugin_administrator, config=config, recursive=recursive, plugin_path=__file__)
class AnalysisPlugin(BasePlugin): ''' This plug-in finds IPs and URIs ''' NAME = 'ip_and_uri_finder' DEPENDENCYS = [] VERSION = '0.3' DESCRIPTION = 'search for IPs and URIs' FILE = __file__ VERSION = ip_and_uri_finder_analysis.system_version def __init__(self, plugin_adminstrator, config=None, recursive=True): self.config = config # additional init stuff can go here self.IPAndURIFinder = CommonAnalysisIPAndURIFinder() super().__init__(plugin_adminstrator, config=config, recursive=recursive, plugin_path=__file__) def process_object(self, file_object): result = self.IPAndURIFinder.analyze_file(file_object.file_path, separate_ipv6=True) logging.debug(result) for key in ['uris', 'ips_v4', 'ips_v6']: result[key] = self._remove_duplicates(result[key]) file_object.processed_analysis[self.NAME] = result file_object.processed_analysis[ self.NAME]['summary'] = self._get_summary(result) return file_object @staticmethod def _get_summary(results): summary = [] for key in ['uris', 'ips_v4', 'ips_v6']: summary.extend(results[key]) return summary @staticmethod def _remove_duplicates(l): return list(set(l))
class AnalysisPlugin(AnalysisBasePlugin): ''' This plug-in finds IPs and URIs ''' NAME = 'ip_and_uri_finder' DEPENDENCIES = [] MIME_BLACKLIST = ['filesystem'] DESCRIPTION = 'search for IPs and URIs' VERSION = '0.4.2' def __init__(self, plugin_administrator, config=None, recursive=True): self.config = config self.ip_and_uri_finder = CommonAnalysisIPAndURIFinder() self.reader = geoip2.database.Reader(str(GEOIP_DATABASE_PATH)) super().__init__(plugin_administrator, config=config, recursive=recursive, plugin_path=__file__) def process_object(self, file_object): result = self.ip_and_uri_finder.analyze_file(file_object.file_path, separate_ipv6=True) for key in ['uris', 'ips_v4', 'ips_v6']: result[key] = self._remove_duplicates(result[key]) result['ips_v4'] = self._remove_blacklisted(result['ips_v4'], IP_V4_BLACKLIST) result['ips_v6'] = self._remove_blacklisted(result['ips_v6'], IP_V6_BLACKLIST) file_object.processed_analysis[self.NAME] = self._get_augmented_result( self.add_geo_uri_to_ip(result)) return file_object def _get_augmented_result(self, result): result['summary'] = self._get_summary(result) result['system_version'] = ip_and_uri_finder_analysis.system_version return result def add_geo_uri_to_ip(self, result): for key in ['ips_v4', 'ips_v6']: result[key] = self.link_ips_with_geo_location(result[key]) return result def find_geo_location(self, ip_address): response = self.reader.city(ip_address) return '{}, {}'.format(response.location.latitude, response.location.longitude) # pylint: disable=no-member def link_ips_with_geo_location(self, ip_adresses): linked_ip_geo_list = [] for ip in ip_adresses: try: ip_tuple = ip, self.find_geo_location(ip) except (AddressNotFoundError, FileNotFoundError, ValueError, InvalidDatabaseError) as exception: logging.debug('{} {}'.format(type(exception), str(exception))) ip_tuple = ip, '' linked_ip_geo_list.append(ip_tuple) return linked_ip_geo_list @staticmethod def _get_summary(results): summary = [] for key in ['uris']: summary.extend(results[key]) for key in ['ips_v4', 'ips_v6']: for i in results[key]: summary.append(i[0]) return summary @staticmethod def _remove_duplicates(input_list): return list(set(input_list)) @staticmethod def _remove_blacklisted(ip_list, blacklist): for ip, blacklist_entry in product(ip_list, blacklist): if search(blacklist_entry, ip): with suppress(ValueError): ip_list.remove(ip) return ip_list
class AnalysisPlugin(AnalysisBasePlugin): ''' This plug-in finds IPs and URIs ''' NAME = 'ip_and_uri_finder' DEPENDENCIES = [] DESCRIPTION = 'search for IPs and URIs' VERSION = ip_and_uri_finder_analysis.system_version def __init__(self, plugin_administrator, config=None, recursive=True): self.config = config # additional init stuff can go here self.IPAndURIFinder = CommonAnalysisIPAndURIFinder() self.reader = geoip2.database.Reader(geoip_database_path) super().__init__(plugin_administrator, config=config, recursive=recursive, plugin_path=__file__) def process_object(self, file_object): result = self.IPAndURIFinder.analyze_file(file_object.file_path, separate_ipv6=True) logging.debug(result) for key in ['uris', 'ips_v4', 'ips_v6']: result[key] = self._remove_duplicates(result[key]) result = self.add_geo_uri_to_ip(result) file_object.processed_analysis[self.NAME] = result file_object.processed_analysis[ self.NAME]['summary'] = self._get_summary(result) return file_object def add_geo_uri_to_ip(self, result): for key in ['ips_v4', 'ips_v6']: result[key] = self.link_ips_with_geo_location(result[key]) return result def find_geo_location(self, ip_address): response = self.reader.city(ip_address) return '{}, {}'.format(response.location.latitude, response.location.longitude) def link_ips_with_geo_location(self, ip_adresses): linked_ip_geo_list = [] for ip in ip_adresses: try: ip_tuple = ip, self.find_geo_location(ip) except (AddressNotFoundError, FileNotFoundError, ValueError, InvalidDatabaseError) as exception: logging.debug('{} {}'.format(type(exception), str(exception))) ip_tuple = ip, '' linked_ip_geo_list.append(ip_tuple) return linked_ip_geo_list @staticmethod def _get_summary(results): summary = [] for key in ['uris']: summary.extend(results[key]) for key in ['ips_v4', 'ips_v6']: for i in results[key]: summary.append(i[0]) return summary @staticmethod def _remove_duplicates(l): return list(set(l))