def __init__(self, key=''):
     '''
     完成初始化工作,version可以任意,但是格式必须为*.*,api_version必须为3.1版本,key为google api key,需在网上申请
     '''
     self.key = key
     self.version = '1.0'
     self.api_version = '3.1'
     if self.key == '':
         raise ValueError("缺少Google API,请于 Google Developers Console中申请 API Key")
     self.url_google = 'https://sb-ssl.google.com/safebrowsing/api/lookup?client=%s&key=%s&appver=%s&pver=%s' % ('python', self.key, self.version, self.api_version)
     mysql = MysqlConnection()
     self.conn = mysql.return_conn()
예제 #2
0
def main():
    conn = MysqlConnection().return_conn()
    cursor = conn.cursor()
    cursor.execute('select ip from ip_location')
    IPL = IPLocator( )
    
    for ip in cursor.fetchall():
        address = IPL.getIpAddr( IPL.str2ip(str(ip[0])) )   #str2ip使查询ip的格式与数据库中的相同
        print ip[0],address
        
    IPL.getIndexCount()      #输出版本信息和记录总数
    cursor.close()
    conn.close()
예제 #3
0
def main():
    conn = MysqlConnection().return_conn()
    cursor = conn.cursor()
    cursor.execute('select ip from ip_location')
    IPL = IPLocator()

    for ip in cursor.fetchall():
        address = IPL.getIpAddr(IPL.str2ip(str(
            ip[0])))  #str2ip使查询ip的格式与数据库中的相同
        print ip[0], address

    IPL.getIndexCount()  #输出版本信息和记录总数
    cursor.close()
    conn.close()
 def __init__(self):
     '''
     初始化,key需要在phishtank网站申请,以及数据网址
     '''
     mysql = MysqlConnection()
     self.conn = mysql.return_conn()
     key =  self.phishtank_key_selection() #得到有效phitank开发者api
         
     if str(key) == "False": #没有可用key
         exit(0)
 
     self.key = key
     self.phishsite = "http://data.phishtank.com/data/"
     self.fileformat = '/online-valid.json'
     self.total = 0.0  #数据大小
def domain2ip_batch():
    """批量解析"""
    
    sql = 'select domain from url_detail_info limit 20'
    mysql = MysqlConnection()
    conn = mysql.return_conn()
    cursor = conn.cursor()
    cursor.execute(sql)
    ips = cursor.fetchall()
    
    for ip in ips:
        try:
            result = socket.getaddrinfo(ip[0], 'http')
            print ip[0],result
        except socket.error, err_msg:
            print err_msg #回显异常信息
            continue
예제 #6
0
def main():

    sql = 'SELECT url from url_detail_info limit 1000'
    conn = MysqlConnection().return_conn()
    cursor = conn.cursor()
    cursor.execute(sql)
    url_list = cursor.fetchall()
    rowcount = cursor.rowcount   #需要检测的url数量

    count = 0

    while count*THREAD_NUM < rowcount:
        input_urls = url_list[count * THREAD_NUM:(count+1) * THREAD_NUM]
        for url in input_urls:
            t = threading.Thread(target = online,args = (url[0],rowcount,))
            t.start()
        count += 1
        time.sleep(2)  #防止线程过多,造成丢包

    cursor.close()
    conn.close()
예제 #7
0
def main():

    #获取需要检测urls列表
	sql = 'select id,url from url_detail_info where virustotal_detail is NULL or virustotal_detail = "" limit 1'
	conn = MysqlConnection().return_conn()
	cursor = conn.cursor()
	cursor.execute(sql)
	urls = cursor.fetchall()
	cursor.close()
	conn.close()
    
	if len(urls) == 0:
		print 'There is not url needs to be scaned with virustotal'
		sys.exit(0)

	for url in urls:
        
		url_scan = VirusTotalUrls(url[1])
		content = url_scan.retrieving_url_report()
		if not content:
			print url[1] + " , Please check this url later"
			continue
		url_scan.analysis_report(url[0],content)
예제 #8
0
class File2Sql:
    
    def __init__(self,file_source = 'ip_block_source/anhui.txt'):
        '''初始化函数'''
        
        self.conn = MysqlConnection().return_conn()  #连接数据库
        self.file_source = file_source                                     #ip段txt文件路径和文件名
        
    def file2sql(self,num = 500):
        '''文件ip段导入到数据库中'''
                             
        sql = 'INSERT INTO ip_block (start_ip,end_ip,region_id,state) VALUES (%s,%s,"1","0")'
        cursor = self.conn.cursor()
        ip_block = file(self.file_source,mode = 'r')           #打开文件
        ip_block_lines = ip_block.readlines()                     #得到所有ip段
        linecount = len(ip_block_lines)                                #得到行数
        for line in range(linecount):
            list_ip = ip_block_lines[line].strip().split('\t')      #分隔为列表
            long_start_ip = ip2long(str(list_ip[0]))
            long_end_ip = ip2long(str(list_ip[1]))
            row_count = long_end_ip - long_start_ip+1
            counts = row_count/num
            for count in range(counts):
                change_ip = long_start_ip + num
                if change_ip<long_end_ip:
                    print long2ip(long_start_ip),long2ip(change_ip)
                    cursor.execute(sql,(long2ip(long_start_ip),long2ip(change_ip)))
                    long_start_ip = change_ip+1
                else:
                    print long2ip(long_start_ip),long2ip(long_end_ip)
                    cursor.execute(sql,(long2ip(long_start_ip),long2ip(change_ip)))
                    break
            self.conn.commit()
                                  
        ip_block.close()
        cursor.close()
        self.conn.close()
예제 #9
0
    def __init__(self,DHOST='114.114.114.114'):
        '''
        初始化类DomainToIp,连接数据库,DNS服务器ip地址可以更改
        '''
        
        self.DHOST = DHOST                     #DNS 服务器的地址
        self.DPORT = 53                        #默认端口是53
        self.tid = random.randint(0,65535)     #tid为随机数
        self.opcode = Opcode.QUERY             #标准查询

        self.qtype = Type.A                                 #查询类型为A
        self.qclass = Class.IN                              #查询类IN
        self.rd = 1                                                   #期望递归查询
        
        self.mysql = MysqlConnection()        #连接数据库
        self.conn = self.mysql.return_conn()
예제 #10
0
	def analysis_report(self,url_id,content):
		"""解析检测报告,并将结果返回,否则返回False"""
				
		conn = MysqlConnection().return_conn()
		cursor = conn.cursor()

		response_code = json.loads(content)['response_code']
		if response_code == 0:                 #不同的response_code,代表情况不同
			print self.url + ' ,This site is not present virustotal\'s  database'
		elif response_code == -2:
			print self.url + ' ,the requested item is still queued for analysis'
		elif response_code == 1:
			url = json.loads(content)['url']               #查询的url
			scan_date = json.loads(content)['scan_date']   #扫描时间
			positives = json.loads(content)['positives']   #是恶意网址的扫描引擎数量
			total = json.loads(content)['total']           #总共使用扫描引擎数量
			scans = json.loads(content)['scans']

			result_list=[]
			i = 0
			for key in scans.keys():
				if  scans[key]['detected'] == True:
					result_list.append({str(key):str(scans[key]['result'])})
					i = i + 1

			sql = 'INSERT INTO virustotal_details(id,url,subtime,total,positives' + createfield(i) + ')'
			num = ' "%s"' * i
			li  = num.split(' ')
			sql = sql + ' VALUES ("%s","%s","%s","%s","%s" ' + ','.join(li) + ')'


			value = (str(url_id),str(url),str(scan_date),str(total),str(positives))+tuple(result_list)
			sql = sql % value
			print sql
			
			cursor.execute(sql)
			conn.commit()
			cursor.close()
			conn.close()
#!/usr/bin/python
#encoding:utf-8

import sys
from mysql_connection import MysqlConnection
reload(sys)
sys.setdefaultencoding( "utf-8" )

if len(sys.argv) <3:
    print "wrong format,eg. python check_malicious_url.py  input.txt  output.txt"
    sys.exit(0)

fr_check_url = open(sys.argv[1],'r')
fw_result_url = open(sys.argv[2],'w')

mysql = MysqlConnection()
conn = mysql.return_conn()
cursor = conn.cursor() 
check_url_list = fr_check_url.readlines()
for url in check_url_list:

    sql = 'SELECT * FROM url_detail_info WHERE url LIKE ' +'\"' + str(url.strip())+'%'+'\"' 
    cursor.execute(sql)
    result = cursor.fetchall()
    if not result:
        fw_result_url.write(url.strip() + '\t' + 'No' +'\n')
    else:
        fw_result_url.write(url.strip() + '\t' + 'Yes' +'\n')

print 'Check end'
fr_check_url.close()
예제 #12
0
 def __init__(self,file_source = 'ip_block_source/anhui.txt'):
     '''初始化函数'''
     
     self.conn = MysqlConnection().return_conn()  #连接数据库
     self.file_source = file_source                                     #ip段txt文件路径和文件名
예제 #13
0
    dir_url = c.getinfo(c.EFFECTIVE_URL)  #得到重定向网址
    print checkurl + ' ' + str(http_code) +' ' + dir_url
    
    c.close()
    b.close()

    lock.acquire()  #线程锁

    result_urls.append({'url': checkurl,'http_code': http_code,'dir_url': dir_url})
    URL_COUNT += 1

    if URL_COUNT % RESULTS_NUM == 0 or URL_COUNT == rowcount:   #每隔RESULTS_NUM个url时候,将结果存入到数据库中
        print result_urls

        sql = 'UPDATE url_detail_info SET online = %s WHERE url = %s '
        conn = MysqlConnection().return_conn()
        cursor = conn.cursor()
        for url in result_urls:
            cursor.execute(sql,(url['http_code'],url['url']))

        conn.commit()   #更新
        cursor.close()  #关闭
        conn.close()
    
        del result_urls[:]      #清除已存入的url探测结果
        if URL_COUNT == rowcount:
            print 'end'
          
    lock.release() #解锁

예제 #14
0
 def  __init__(self):
     ''' 初始化,连接数据库'''
     
     self.mysql = MysqlConnection()
     self.conn = self.mysql.return_conn()
예제 #15
0
class PhishsiteData:
    '''
    phishwebsite类
    '''
    def  __init__(self):
        ''' 初始化,连接数据库'''
        
        self.mysql = MysqlConnection()
        self.conn = self.mysql.return_conn()
        
    def json2mysql(self):
        '''
        把json导入mysql数据库data表中
        '''
        
        filedata = open('data.json')
        jsdata = json.load(filedata)
        cursor = self.conn.cursor()

        cursor.execute('SELECT hash from url_detail_info')
        hash_list = cursor.fetchall()


        sql = "INSERT INTO  url_detail_info (url,domain,domain_type,domain_info,type,target,submission_time,verification_time,online,verified,url_source,hash,virustotal_detail) VALUES( %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)"
        update_num = 0      #统计本次更新url数量
        
        print 'Updating....'


        try:

            for item in jsdata:   #添加最新的url
    

                url_hash = hash(item['url'])
                if not (str(url_hash),) in hash_list: #使用hash值来去重

                    print 'Add url : ' + item.get('url','0')

                    url = item.get('url','0')  #得到url
                    domain = urlparse(item.get('url','0')).netloc #得到domain
                    if not item.get('details'): 
                        ip_address = '0'
                    else:
                        ip_address = item.get('details','0')[0].get('ip_address','0') #得到ip
                    target = item.get('target','0')                      #得到target
                    submission_time = item.get('submission_time','0')    #得到submission_time
                    verification_time = item.get('verification_time','0')#得到verification_time
                    online = item.get('online','0')                      #得到online
                    verified = item.get('verified','0')                  #得到verified
                    phish_id = item.get('phish_id','0')                  #得到phish_id

                    update_num = update_num + cursor.execute(sql,(url,domain,'1',ip_address,'phishing',target,submission_time,verification_time,online,verified,phish_id,url_hash,'1'))
                    cursor.execute('INSERT INTO virustotal_info (url,hash,source) VALUES(%s,%s,%s) ',(url,url_hash,'1'))
                    
                    if update_num % 800 == 0: #每800个result插入到数据库中
                        self.conn.commit()

            self.conn.commit()       #更新

            print 'Success update '+str(update_num)+' url(s)'

            filedata.close()
            cursor.close()
            self.conn.close()

        except MySQLdb.Error,e:  #异常处理
            print "Mysql Error %d: %s" % (e.args[0], e.args[1])
예제 #16
0
class DomainToIp:
    
    def __init__(self,DHOST='114.114.114.114'):
        '''
        初始化类DomainToIp,连接数据库,DNS服务器ip地址可以更改
        '''
        
        self.DHOST = DHOST                     #DNS 服务器的地址
        self.DPORT = 53                        #默认端口是53
        self.tid = random.randint(0,65535)     #tid为随机数
        self.opcode = Opcode.QUERY             #标准查询

        self.qtype = Type.A                                 #查询类型为A
        self.qclass = Class.IN                              #查询类IN
        self.rd = 1                                                   #期望递归查询
        
        self.mysql = MysqlConnection()        #连接数据库
        self.conn = self.mysql.return_conn()
        
    def send_domain_receive_ip(self):
        '''
        解析domain name对应的ip,并保存到数据库
        '''
      
        sql = 'SELECT domain from url_detail_info limit 20' #where domain_type is NULL OR domain_type = ""'
        cursor = self.conn.cursor()
        cursor.execute(sql)
        domains = cursor.fetchall()    #获取数据库中ip为空的数据
        
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)                               #建立一个UDP套接字(SOCK_DGRAM,代表UDP,AF_INET表示IPv4)
        except socket.error,msg:
            print "无法创建socket.Error code:" +str(msg[0])+',Error message:'+msg[1]    #error
            sys.exit(1)
        source_port = random.randint(1024, 65535)                                                                #随机port
        s.bind(('', source_port))                                                                                                         #绑定,检测所有接口
        
        
        domain_source = []      #发送的domain数量
        domain_result = []      #接收到的domain数量,这两个变量主要用来判断丢包情况
        result = []         #得到的结果
        '''循环发送需要解析的domain name''' 

        count = 0
        rowcount = len(domains)



        while count * UPDATE_RATE < rowcount:  #google每次最多查询500个
            inputs = domains[count * UPDATE_RATE : (count + 1) * UPDATE_RATE]

            for domain in inputs:
                
                domain_source.append(domain[0])
                
                m = Lib.Mpacker()
                m.addHeader(self.tid, 0, self.opcode, 0, 0, self.rd, 0, 0, 0, 1, 0, 0, 0)
                m.addQuestion(domain[0],self.qtype,self.qclass)
                request = m.getbuf()
                try:
                    s.sendto(request,(self.DHOST, self.DPORT))
                    print 'domain: ',domain[0]," send to Dns server:",self.DHOST
                except socket.error,reason:
                    print  reason
                    continue
                
            # result = []         #得到的结果
            
            '''循环接收收到的返回header'''   
            while 1:
                try:
                    r,w,e = select.select([s], [], [],3)
                    if not (r or w or e):
                        break
                    (data,addr) = s.recvfrom(65535)
                    u = Lib.Munpacker(data)
                    r = Lib.DnsResult(u,{})

                    
                    if r.header['status'] == 'NOERROR':
                        #print 'answers',len(r.answers),r.questions[0]['qname']

                        if len(r.answers) != 0:
                        
                            if r.answers[0]['typename'] == 'A':
                                result.append({'domain' : r.questions[0]['qname'],'domain_type': A_FLAG,'domain_info':r.answers[0]['data']})
                                domain_result.append(r.questions[0]['qname'])
                            elif r.answers[0]['typename'] == 'CNAME':
                                result.append({'domain' : r.questions[0]['qname'],'domain_type': CNAME_FLAG,'domain_info':[r.answers[1]['name'],r.answers[1]['data']]})
                                domain_result.append(r.questions[0]['qname'])
                            else:
                                print '没有这种类型,请修改程序'
                        else:
                            result.append({'domain' : r.questions[0]['qname'],'domain_type': ANSWER_EMPTY_FLAG,'domain_info': 'answerempty'}) 
                            domain_result.append(r.questions[0]['qname'])

                    elif r.header['status'] == 'NXDOMAIN':
                        result.append({'domain' : r.questions[0]['qname'],'domain_type': NXDOMAIN_FLAG,'domain_info':[r.authority[0]['name'],r.authority[0]['data'][0]]})
                        domain_result.append(r.questions[0]['qname'])
                    elif r.header['status'] == 'SERVFAIL':
                        result.append({'domain' : r.questions[0]['qname'],'domain_type': SERVFAIL_FLAG,'domain_info': 'servfail'})    #status ='SERVFAIL'情况的判断
                        domain_result.append(r.questions[0]['qname'])
                    else:
                        print 'No this type'
                except socket.error, reason:
                    print reason
                    continue