예제 #1
0
def index():
    ''' If method == GET , returns HTML Page 
        If method == POST, returns data for protocl piechart
    '''
    if request.method != "POST":
        return render_template("index.html", status=Vault.get_saving())

    global COMMON_PROTOCOLS
    protocol_dict = {}

    for header in Vault.get_session_headers():
        if 'TCP' in header or 'UDP' in header:
            header_list = header[4:].replace('_', '-').split('-')
            if header_list[1] in COMMON_PROTOCOLS or header_list[
                    3] in COMMON_PROTOCOLS:
                try:
                    prot = COMMON_PROTOCOLS[header_list[1]]
                except Exception:
                    prot = COMMON_PROTOCOLS[header_list[3]]
                protocol_dict[prot] = protocol_dict[
                    prot] + 1 if prot in protocol_dict else 1
            else:
                protocol_dict["Other"] = protocol_dict[
                    "Other"] + 1 if "Other" in protocol_dict else 1

        else:
            protocol_dict["Other"] = protocol_dict[
                "Other"] + 1 if "Other" in protocol_dict else 1
    return jsonify(protocol_dict)
예제 #2
0
def view_arp():
    '''returns arp page'''
    arp_sessions = [
        session for session in Vault.get_session_headers() if 'ARP' in session
    ]
    return render_template("viewarp.html",
                           arp_sessions=arp_sessions,
                           status=Vault.get_saving())
예제 #3
0
def get_data():
    ''' repeatedly send updated packet count data to socket'''
    while not thread_stop_event.isSet():
        socketio.emit("data", {
            "total_packets": Vault.get_total_packet_count(),
            "total_streams": len(Vault.get_session_headers()),
            "total_flagged": len(Vault.get_flagged())
        },
                      namespace="/socket")
        socketio.sleep(0.01)
예제 #4
0
def get_formatted_header(prot_type):
    '''Receives either TCP or UDP to return actual header '''
    global COMMON_PROTOCOLS
    sessions = {}
    for session_header in Vault.get_session_headers():
        if prot_type in session_header:
            header_list = session_header[4:].replace('_', '-').split('-')
            for i in range(1, 4, 2):
                if header_list[i] in COMMON_PROTOCOLS:
                    formatted_header = COMMON_PROTOCOLS[header_list[i]] +\
                    " " + " ".join(header_list)
                    sessions[formatted_header] = session_header
                    break
                if i == 3:
                    sessions[session_header] = session_header
    return sessions
예제 #5
0
def bulk_manager(event):
    """
    Manages session_yara() and threat()
    """
    while not Thread.get_interrupt():
        temp_plist = Vault.get_threading_plist()
        logger.info(f"{len(temp_plist)} packets processed [{Thread.name()}]")

        stream_dict = find_streams(temp_plist)
        Vault.add_session(stream_dict)

        session_yara(stream_dict)
        threat(temp_plist)

        all_sessions = Vault.get_session_headers()
        logger.info(f"{len(all_sessions)} total sessions [{Thread.name()}]")

        event.wait(timeout=BULK_MANAGER_INTERVAL)
    logger.info(f"Terminated [{Thread.name()}]")