def main(): """main function for standalone usage""" usage = "usage: %prog [options] dir" parser = OptionParser(usage=usage) parser.add_option("-g", "--games", dest="games", default="none", help="Games to analyze (comma separated list of: none,dns,dns5)") parser.add_option("-w", "--whitelist", dest="whitelist", default=False, action='store_true', help="Use whitelist") parser.add_option("-p", "--whitelistpath", default="gza/top1000.csv", help="Whitelist Alexa CSV to use [default: %default]") parser.add_option("-i", "--ipwhitelistpath", default="gza/generic-dnswl", help="IP whitelist to use [default: %default]") parser.add_option('-a', '--all-ips', dest='allips', default=False, action='store_true', help='Pull unused IPs from A records [default: %default]') (options, args) = parser.parse_args() if len(args) != 1: parser.print_help() return 2 options.dir = args[0] if options.whitelist: whitelist.makewhitelist(options.whitelistpath) whitelist.makeipwhitelist(options.ipwhitelistpath) # Print header games = options.games.split(',') headers = [] for g in games: headers.append(g + 'ipcount') headers.append(g + 'ips') headers.append(g + 'domaincount') headers.append(g + 'domains') print('md5\t' + '\t'.join(headers)) try: p = Pool(cpu_count()) pcaps = glob.glob(os.path.join(args[0], '*.pcap')) # Only send the MD5s r = re.compile('([0-9a-fA-F]{32})\.exe') md5s = wu.unique([re.search(r, x).group(1) for x in pcaps]) res_it = p.imap_unordered(run, izip(md5s, repeat(options)), 100) for res in res_it: print(res) except KeyboardInterrupt as e: sys.stderr.write('User termination!\n') p.terminate()
def __init__(self, vmnum, opts): self.gamestate = defaultdict(int) self.vmnum = vmnum self.iface = 'tap%d' % vmnum self.opts = opts self.mac = 'ca:fe:de:ad:be:ef' signal.signal(signal.SIGUSR1, self.reset) # So we can reset gamestate if self.opts.whitelist: whitelist.makewhitelist(self.opts.whitelistpath) self.whitelisted = whitelist.whitelisted whitelist.makeipwhitelist(self.opts.ipwhitelistpath) self.whitelistedip = whitelist.whitelistedip # Set the game (only used in subclass games) if self.opts.taken > 0: self.game = 'taken' elif self.opts.dropn > 0: self.game = 'dropn' elif self.opts.dropall: self.game = 'dropall'