예제 #1
0
    def SvcDoRun(self):
        servicemanager.LogMsg(servicemanager.EVENTLOG_INFORMATION_TYPE,
                              servicemanager.PYS_SERVICE_STARTED,
                              (self._svc_name_, ' (%s)' % self._svc_name_))

        self.server.register_instance(NimbusService())

        while win32event.WaitForSingleObject(self.hWaitStop, 0) ==\
                win32event.WAIT_TIMEOUT:
            self.server.handle_request()

        win32evtlogutil.ReportEvent(self._svc_name_,
                                    servicemanager.PYS_SERVICE_STOPPED, 0,
                                    servicemanager.EVENTLOG_INFORMATION_TYPE,
                                    (self._svc_name_, ""))
예제 #2
0
    def Log_Write(self, string):

        applicationName = "My Application"
        eventID = 1
        category = 5  # Shell
        myType = win32evtlog.EVENTLOG_WARNING_TYPE
        l = string.split()
        descr = ["A warning, link", l[0], "changed its status into ", l[1]]
        data = "13453576".encode("ascii")

        win32evtlogutil.ReportEvent(applicationName,
                                    eventID,
                                    eventCategory=category,
                                    eventType=myType,
                                    strings=descr,
                                    data=data)
예제 #3
0
 def publishData(self, data, topic, sensorType, qosValue=1):
     try:
         self.initialize()
         self.connect()
         payload = self.__makePayload(data, sensorType)
         self.user.publish(topic, payload, qos=qosValue)
         self.user.loop()
         self.disconnect()
     except:
         print("failed to publish...")
         win32evtlogutil.ReportEvent(
             "MQQT_CLIENT",
             32017,
             eventCategory=32017,
             eventType=win32evtlog.EVENTLOG_ERROR_TYPE,
             strings=["Failed to publish..."],
             data=b"Failed to publish...")
예제 #4
0
    def initialize(self):
        self.__initializeDataFormat()
        try:
            user =mqtt.Client("PC1")
        except:
            print("failed to create client instance...")
            win32evtlogutil.ReportEvent(
            "MQQT_CLIENT", 32010, eventCategory=32010,
            eventType=win32evtlog.EVENTLOG_ERROR_TYPE, strings=["failed to create client instance..."],
            data=b"failed to create client instance...")
        
        try:
            user.username_pw_set(self.brokerParameter["user name"], self.brokerParameter["password"])
        except:
            print("failed to set user name or password...")

        self.user = user
예제 #5
0
    def write_event_log(self,
                        message,
                        eventID=10,
                        sid=None,
                        level=None,
                        source=None):
        if sid is None:
            sid = self.get_sid()
        if source is None:
            source = self.applicationName
        if level is None:
            level = win32evtlog.EVENTLOG_INFORMATION_TYPE

        win32evtlogutil.ReportEvent(source,
                                    eventID,
                                    eventType=level,
                                    strings=[message],
                                    sid=sid)
예제 #6
0
def logEvent(e=1):
    ph = win32api.GetCurrentProcess()
    th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
    my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]

    applicationName = 'iSpy Phone on Network Checker'
    eventID = e  # 0 - Away. 1 - Reachable.
    category = 7  # Network
    myType = win32evtlog.EVENTLOG_INFORMATION_TYPE
    descr = None  # ['A warning', 'An even more dire warning']
    data = None  # 'Application\0Data'.encode('ascii')

    win32evtlogutil.ReportEvent(applicationName,
                                eventID,
                                eventCategory=category,
                                eventType=myType,
                                strings=descr,
                                data=data,
                                sid=my_sid)
예제 #7
0
    def write_event(self, msg, ev_type, source_name='EVENTLOGTEST'):
        # Thanks to http://rosettacode.org/wiki/Write_to_Windows_event_log
        import win32api
        import win32con
        import win32security
        import win32evtlogutil

        ph = win32api.GetCurrentProcess()
        th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
        my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]

        applicationName = source_name
        eventID = 1
        category = 5
        myType = ev_type
        descr = [msg, msg]
        data = "Application\0Data".encode("ascii")

        win32evtlogutil.ReportEvent(applicationName, eventID, eventCategory=category,
                                    eventType=myType, strings=descr, data=data, sid=my_sid)
예제 #8
0
def eventLogger(info):
    import win32api
    import win32con
    import win32evtlog
    import win32security
    import win32evtlogutil
    
    ph = win32api.GetCurrentProcess()
    th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
    my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
    
    applicationName = "Superior parser for BashIm"
    eventID = 4624
    category = 5	# Shell
    myType = win32evtlog.EVENTLOG_INFORMATION_TYPE
    descr = [info]
    data = "Application\0Data".encode("ascii")
    
    win32evtlogutil.ReportEvent(applicationName, eventID, eventCategory=category, 
        eventType=myType, strings=descr, data=data, sid=my_sid)
예제 #9
0
def ArtilleryStartEvent():
    process = win32api.GetCurrentProcess()
    token = win32security.OpenProcessToken(process, win32con.TOKEN_READ)
    my_sid = win32security.GetTokenInformation(token,
                                               win32security.TokenUser)[0]
    AppName = "Artillery"
    eventID = 1
    category = 5
    myType = win32evtlog.EVENTLOG_INFORMATION_TYPE
    descr = [
        "Artillery has started and begun monitoring the selected ports ",
    ]
    data = "Application\0Data".encode("ascii")
    win32evtlogutil.ReportEvent(AppName,
                                eventID,
                                eventCategory=category,
                                eventType=myType,
                                strings=descr,
                                data=data,
                                sid=my_sid)
예제 #10
0
    def write_event_log(self, message, eventID=10, sid=None,
                        level=None, source=None):
        if sid is None:
            sid = self.get_sid()
        if source is None:
            source = self.applicationName
        if level is None:
            level = win32evtlog.EVENTLOG_INFORMATION_TYPE

        # Retry on exception for up to 10 sec.
        t = time.monotonic()
        while True:
            try:
                win32evtlogutil.ReportEvent(source, eventID,
                                            eventType=level, strings=[message], sid=sid)
                break
            except:
                if time.monotonic() - t < 10:
                    continue
                raise
예제 #11
0
    def write_result_eventlog_baseline(self, res):
        ph = win32api.GetCurrentProcess()
        th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
        my_sid = win32security.GetTokenInformation(\
                                                                                        th, win32security.TokenUser)[0]
        myType = win32evtlog.EVENTLOG_WARNING_TYPE
        applicationName = "SysmonCorrelator"
        data = "Not configured, use -l option"
        eventID = 1
        category = 2
        descr = ["Engine: Baseline", "Data: "]

        descr.append(res)

        win32evtlogutil.ReportEvent(applicationName,
                                    eventID,
                                    eventCategory=category,
                                    eventType=myType,
                                    strings=descr,
                                    data=data,
                                    sid=my_sid)
예제 #12
0
def ReportNewDevice(sMsg):

    if 'stdout' in gsUIChoice:

        print(time.strftime("%H:%M:%S")+': '+sMsg)

    if 'notification' in gsUIChoice:

        # https://plyer.readthedocs.io/en/latest/#
        # https://github.com/kivy/plyer
        # no way to have notification remain permanently

        if gbOSLinux:
            # notifications appear both on desktop (briefly) and in tray
            notification.notify(title='New device on LAN', message=sMsg, app_name='lanwatch', timeout=8*60*60)

        if gbOSWindows:
            notification.notify(title='New device on LAN', message=sMsg, app_name='lanwatch', timeout=8*60*60)

    if 'syslog' in gsUIChoice:

        if gbOSLinux:
            syslog.syslog(sMsg)
            # on Linux, to see output:
            #   sudo journalctl --pager-end
            # or
            #   sudo journalctl | grep lanwatch

        if gbOSWindows:
            # https://stackoverflow.com/questions/51385195/writing-to-windows-event-log-using-win32evtlog-from-pywin32-library
            # https://www.programcreek.com/python/example/96660/win32evtlogutil.ReportEvent
            # https://docs.microsoft.com/en-us/windows/win32/eventlog/event-logging-elements
            win32evtlogutil.ReportEvent(
                                        "lanwatch",
                                        #7040,       # event ID  # https://www.rapidtables.com/convert/number/decimal-to-binary.html
                                        1610612737,  # event ID  # https://www.rapidtables.com/convert/number/decimal-to-binary.html
                                        eventCategory=1,
                                        eventType=win32evtlog.EVENTLOG_INFORMATION_TYPE,
                                        strings=[sMsg],
                                        data=b"")
예제 #13
0
def HoneyPotEvent():
    #lets try and write an event log
    process = win32api.GetCurrentProcess()
    token = win32security.OpenProcessToken(process, win32con.TOKEN_READ)
    my_sid = win32security.GetTokenInformation(token,
                                               win32security.TokenUser)[0]
    AppName = "Artillery"
    eventID = 1
    category = 5
    myType = win32evtlog.EVENTLOG_WARNING_TYPE
    descr = [
        "Artillery Detected access to a honeypot port",
        "The offending ip has been blocked and added to the local routing table",
    ]
    data = "Application\0Data".encode("ascii")
    win32evtlogutil.ReportEvent(AppName,
                                eventID,
                                eventCategory=category,
                                eventType=myType,
                                strings=descr,
                                data=data,
                                sid=my_sid)
예제 #14
0
    def msg(self, event_id, event_type, strings, data=None):
        """
        write an event to windows events log

        :arg event_type: the event type

            it must one of the ``EVENTLOG_FOO_TYPE`` constants defined
            in ``win32evtlog``

        :arg list strings: a list of strings to write to the event

        :arg int event_id: the resource identifier for this event

        :arg bytes data: binary data to write to the event

        """
        win32evtlogutil.ReportEvent(self.app_name,
                                    event_id,
                                    eventType=event_type,
                                    strings=strings,
                                    data=data,
                                    sid=self.sid)
예제 #15
0
def logEvent(e, desc=''):
    ph = win32api.GetCurrentProcess()
    th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
    my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
    win32api.CloseHandle(th)

    applicationName = 'Automatic Security Tracker'
    eventID = e  # 0 - Stop. 1 - Start.
    category = 7  # Network
    myType = win32evtlog.EVENTLOG_INFORMATION_TYPE
    descr = [desc]  # ['A warning', 'An even more dire warning']
    data = None  # 'Application\0Data'.encode('ascii')

    win32evtlogutil.ReportEvent(applicationName,
                                eventID,
                                eventCategory=category,
                                eventType=myType,
                                strings=descr,
                                data=data,
                                sid=my_sid)

    v = 'START' if e else 'STOP'
    print('Logged event', v, e)
예제 #16
0
    def __makePayload(self, data, sensorType):
        id = 3
        payload = ""

        try:
            timeNow = self.__timestampFormatter(datetime.utcnow())
        except:
            print("failed to get time...")

        try:
            if (sensorType == 0):
                bprValue = data.split(",")
                payload = self.__bpr.pack(id, 0, int(timeNow),
                                          float(bprValue[0]) * 100,
                                          float(bprValue[1]) * 100)
            elif (sensorType == 1):
                acclAxisValue = data.split(",")
                payload = self.__aclo.pack(id, 1, int(timeNow),
                                           float(acclAxisValue[0]) * 100,
                                           float(acclAxisValue[1]) * 100,
                                           float(acclAxisValue[2]) * 100)
            elif (sensorType == 2):
                payload = struct.pack("i", id) + struct.pack(
                    "i", timeNow) + data.encode("utf-8")

        except:
            print("failed  create payload...")
            win32evtlogutil.ReportEvent(
                "MQQT_CLIENT",
                32016,
                eventCategory=32016,
                eventType=win32evtlog.EVENTLOG_ERROR_TYPE,
                strings=["Failed to create payload..."],
                data=b"Failed to create payload...")

        return payload
예제 #17
0
 def ErrLogger(self, msg, text):
     win32evtlogutil.ReportEvent(self._svc_display_name_,
                                 servicemanager.PYS_SERVICE_STOPPED, 0,
                                 servicemanager.EVENTLOG_ERROR_TYPE,
                                 (self._svc_name_, unicode(msg)),
                                 unicode(text))
예제 #18
0
 def Logger(self, state, msg):
     win32evtlogutil.ReportEvent(self._svc_display_name_, state, 0,
                                 servicemanager.EVENTLOG_INFORMATION_TYPE,
                                 (self._svc_name_, unicode(msg)))
예제 #19
0
def generate_event():
    """
    Function which generates win32 events.
    Randomly choosing event id, category application name and event description from pre-defined lists.
    """
    
    EVT_APP_NAME = random.choice(apps)
    EVT_ID = random.randint(1337, 99999)
    EVT_CATEG = random.randint(0, 25565)

    evntstrslist = [
        """
        █▀███▀▀███▀▀███▀▀███▀▀███▀█
        █▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█
        █▒▒█▒▒▒▒▒███▒▒█▒▒▒█▒█████▒█
        █▒▒█▒▒▒▒█▒▒▒█▒█▒▒▒█▒█▒▒▒▒▒█
        █▒▒█▒▒▒▒█▒▒▒█▒▒█▒█▒▒█████▒█
        █▒▒█▒▒▒▒█▒▒▒█▒▒█▒█▒▒█▒▒▒▒▒█
        █▒▒████▒▒███▒▒▒▒█▒▒▒█████▒█
        █▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█
        █▒▒▒▒▒▒▒▒██▒▒▒▒▒▒▒▒██▒▒▒▒▒█
        █▒▒▒▒▒▒▒█──█▒████▒█──█▒▒▒▒█
        █▒▒▒▒▒▒█──█─█────█─█──█▒▒▒█
        █▒▒▒▒▒▒█─██───────███─█▒▒▒█
        █▒▒▒▒▒▒█──────────────█▒▒▒█
        █▒▒▒▒▒▒▒█────────────█▒▒▒▒█
        █▒▒▒▒██▒▒█──██───██──█▒▒▒▒█
        █▒▒▒█──█▒█──██───██──█▒▒▒▒█
        █▒▒▒█──█▒█────███────█▒▒▒▒█
        █▒▒▒█──█▒█───█───█──█▒▒▒▒▒█
        █▒▒▒▒█──█─█───███──█▒▒▒▒▒▒█
        █▒▒▒▒▒█────██────██▒▒▒▒▒▒▒█
        █▒▒▒▒▒█──────████─██▒▒▒▒▒▒█
        █▒▒▒▒▒▒█───────────█▒▒▒▒▒▒█
        █▒▒▒▒▒▒▒███─────────█▒▒▒▒▒█
        █▒▒▒▒▒▒▒▒▒█──────█───█▒▒▒▒█
        █▒▒▒▒███▒▒█───────█───█▒▒▒█
        █▒▒▒█──████─────████───█▒▒█
        █▒▒▒█────█─────█────█─█▒▒▒█
        █▒▒▒█─────█────█────██▒▒▒▒█
        █▒▒▒█──────█───█──────█▒▒▒█
        █▒▒▒▒█─────██████─────█▒▒▒█
        █▒▒▒▒▒█──███▒▒▒▒█─────█▒▒▒█
        █▒▒▒▒▒▒██▒▒▒▒▒▒▒▒█───█▒▒▒▒█
        █▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒███▒▒▒▒▒█
        █▒▒▒▒█▒▒▒▒█▒▒███▒▒█▒▒▒█▒▒▒█
        █▒▒▒▒▒█▒▒█▒▒█▒▒▒█▒█▒▒▒█▒▒▒█
        █▒▒▒▒▒▒██▒▒▒█▒▒▒█▒█▒▒▒█▒▒▒█
        █▒▒▒▒▒▒█▒▒▒▒█▒▒▒█▒█▒▒▒█▒▒▒█
        █▒▒▒▒▒█▒▒▒▒▒▒███▒▒▒███▒▒▒▒█
        █▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█
        █▄▄█▄▄██▄▄█▄▄█▄▄█▄▄██▄▄█▄▄█

        """, 
        """
        _♥__♥_____♥__♥___ Put This
        _♥_____♥_♥_____♥__ Heart
        _♥______♥______♥__ On Your
        __♥_____/______♥__ Page If
        ___♥____\\_____♥___ You Had
        ____♥___/___♥_____ Your Heart
        ______♥_\\_♥_______ Broken
        ________♥_________…………….

        """,
        """
        ███████▓█████▓▓╬╬╬╬╬╬╬╬▓███▓╬╬╬╬╬╬╬▓╬╬▓█ 
        ████▓▓▓▓╬╬▓█████╬╬╬╬╬╬███▓╬╬╬╬╬╬╬╬╬╬╬╬╬█ 
        ███▓▓▓▓╬╬╬╬╬╬▓██╬╬╬╬╬╬▓▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█ 
        ████▓▓▓╬╬╬╬╬╬╬▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█ 
        ███▓█▓███████▓▓███▓╬╬╬╬╬╬▓███████▓╬╬╬╬▓█ 
        ████████████████▓█▓╬╬╬╬╬▓▓▓▓▓▓▓▓╬╬╬╬╬╬╬█ 
        ███▓▓▓▓▓▓▓╬╬▓▓▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█ 
        ████▓▓▓╬╬╬╬▓▓▓▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█ 
        ███▓█▓▓▓▓▓▓▓▓▓▓▓▓▓▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█ 
        █████▓▓▓▓▓▓▓▓█▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█ 
        █████▓▓▓▓▓▓▓██▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬██ 
        █████▓▓▓▓▓████▓▓▓█▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬██ 
        ████▓█▓▓▓▓██▓▓▓▓██╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬██ 
        ████▓▓███▓▓▓▓▓▓▓██▓╬╬╬╬╬╬╬╬╬╬╬╬█▓╬▓╬╬▓██ 
        █████▓███▓▓▓▓▓▓▓▓████▓▓╬╬╬╬╬╬╬█▓╬╬╬╬╬▓██ 
        █████▓▓█▓███▓▓▓████╬▓█▓▓╬╬╬▓▓█▓╬╬╬╬╬╬███ 
        ██████▓██▓███████▓╬╬╬▓▓╬▓▓██▓╬╬╬╬╬╬╬▓███ 
        ███████▓██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╬╬╬╬╬╬╬╬╬╬╬████ 
        ███████▓▓██▓▓▓▓▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓████ 
        ████████▓▓▓█████▓▓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬▓█████ 
        █████████▓▓▓█▓▓▓▓▓███▓╬╬╬╬╬╬╬╬╬╬╬▓██████ 
        ██████████▓▓▓█▓▓▓╬▓██╬╬╬╬╬╬╬╬╬╬╬▓███████ 
        ███████████▓▓█▓▓▓▓███▓╬╬╬╬╬╬╬╬╬▓████████ 
        ██████████████▓▓▓███▓▓╬╬╬╬╬╬╬╬██████████ 
        ███████████████▓▓▓██▓▓╬╬╬╬╬╬▓███████████

        """,
        """
        ________________________________BBBBBBBBBBBB
        _______________________________BBBBBBBBBBBBB0
        __BBBBBBBBB___________________BBBBBBBBBBBBBBB,
        _BBBBBBBBBBBB________________BBBBBBBBBBBBBBBB0,
        _BBBBBBBBBBBBB_______________BBBBBBBBBBBBBBBB0
        BBBBBBBBBBBBBBBB____________BBBBBBBBBBBBBBBBB,
        _BBBBBBBBBBBBBBBB___________BBBBBBBBBBBBBBBB0,
        __BBBBBBBBBBBBBBBB_________BBBBBBBBBBBBBBBBB,
        __BBBBBBBBBBBBBBBB_________BBBBBBBBBBBBBBBB,
        ___BBBBBBBBBBBBBBBB________BBBBBBBBBBBBBBB,
        ____BBBBBBBBBBBBBBB________BBBBBBBBBBBBBB0,
        _____BBBBBBBBBBBBBB_______BBBBBBBBBBBBBB0,
        ______BBBBBBBBBBBBB_______BBBBBBBBBBBBBB,
        _______BBBBBBBBBBBBB______BBBBBBBBBBBBB,
        ________BBBBBBBBBBBB______BBBBBBBBBB00,
        __________BBBBBBBBBB______BBBBBBBBBBB,
        ___________BBBBBBBBBB_____BBBBBBBBBB0
        ____________BBBBBBBBB_____BBBBBBBBBB
        ______________BBBBBBB_____BBBBBBBB0
        ______________BBBBBBB_____BBBBBBBB
        _______________BBBBBB_____BBBBBBB
        ________________BBBBBBBBBBBBBBBBB_
        ______________BBBBBBBBBBBBBBBBBBBBBB
        ____________BBBBBBBBBBBBBBBBBBBBBBBBBB_
        __________BBBBBBBBBBBBB_________BBBBBBBB
        _________BBBBB__BBBBB____________BBBBBBBBB
        ________BBB________B______________BBBBBBBBB
        _______BBB_________B______________BBBBBBBBBB,
        _______BBB______BB_B_BBB__________BBBBBBBBBB,
        _______BBB_____BBB_B_BBBB________BBBBBBBBBBB,
        _______BBB________000___________BBBBBBBBBBBB,
        _______BBBB______00000_________BBBBBBBBBBBBB,
        ____00000BBBBBBBBB000BBBBBBBBBBBBBBBBBBBBBB00000000,
        ___0BBBB00BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB00BBBBBB0B0,
        __0BBBBBB00BBBB00______B000000BBBBBBBBBB000B00BBBB0B0,
        _0BBBBBBBB_BBBB00___B__BBBB000BBBBBBBBB00B0___B00000,
        _00BBBBB____BBBB00BBBBBB000BBBBBBBBBBBB0,
        __0BB_________B0B00000000BBBBBBBBBB0BB
        ________________00BBBBBBBBBBBB000000
        _____________BBBBB0B00000000000BBBB_
        ___________BB0B00BBBBBB0__BBBBBBBBBBB,
        __________BB_______BBBBB_BB0B00BB____BB,
        __________0B________BBBB_BBB__________BB,
        __________0BBBBBBBBBBBB__BBBBB_________B,
        ____________________________BBBB0BBBBBBB

        """,
        """
        ┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼▒
        ┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼▒▒▒
        ┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼▒▒░▒
        ┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼▒▒░░▒
        ┼┼┼┼┼┼┼┼┼┼┼████▒▒▒░░▒
        ┼┼┼┼┼┼┼┼┼███████▒▒░░▒█
        ┼┼┼┼┼┼┼┼█████████▒▒████
        ┼┼┼┼┼┼┼████████▒█▒▒█████
        ┼┼┼┼┼┼┼████████▒▒▒▒██████
        ┼┼┼┼┼┼████████▒▒▒▒▒███████
        ┼┼┼┼┼┼██████▒█▒▒▒▒▒████████
        ┼┼┼┼┼████▒█▒▒▒▒▒▒▒██████████
        ┼┼┼┼┼┼░▒▒▒░▒▒▒▒▒▒▒███████████
        ┼┼┼┼┼░▒▒▒▒██░▒▒▒▒▒▒███████████
        ┼┼┼┼┼░▒▒▒▒██░▒▒▒▒▒▒███████████
        ┼┼┼┼░▒▒▒▒▒▒▒▒▒▒▒▒▒▒█▒█████████
        ┼┼┼┼░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒█████████
        ┼┼┼░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▒██████
        ┼┼░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▒██████
        ┼┼░▒█▒▒▒▒▒▒▒▒▒▒▒░┼░▒▒█▒▒██████
        ┼┼░▒██▒▒▒▒▒▒▒▒░░┼┼┼░▒▒▒▒██████
        ┼┼░▒▒▒▒▒▒█▒░░┼┼┼┼┼┼┼░▒▒▒██▒███
        ┼┼░▒▒▒▒▒█▒▒░┼┼┼┼┼┼┼┼░▒▒▒██▒███
        ┼┼┼░▒▒▒██▒░┼┼┼┼┼┼┼┼┼┼░▒▒██▒███
        ┼┼┼┼┼▒█▒░┼┼┼┼┼┼┼┼┼┼┼┼┼░▒▒█▒███
        ┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼░▒▒█▒███
        ┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼░▒▒▒███
        ┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼░▒░█░█

        """,
        """
        _____________________________¶¶___________________
        __________________________¶¶¶¶¶___________________
        _________________________¶¶¶¶¶¶¶__________________
        _______________________¶¶¶¶¶¶¶¶¶__________________
        _______________________¶¶¶¶¶¶¶¶¶¶_________________
        ________________________¶¶¶¶¶¶¶¶¶¶________________
        ________________________¶¶¶¶¶¶¶¶¶¶________________
        _____________________¶___¶¶¶¶¶¶¶¶¶¶_______________
        ___________________¶¶¶___¶¶¶¶¶¶¶¶¶¶_______________
        __________________¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶______________
        ________________¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶¶¶______________
        ______________¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶_____________
        ______________¶¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶____________
        _______________¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶____________
        ________________¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___________
        ____________¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___________
        ___________¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶__________
        _________¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶__________
        _______¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶_________
        ______¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶¶¶_________
        ______¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶________
        _______¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶¶¶¶¶_______
        __________________________________________________
        _________________¶¶_¶¶________¶¶__________________
        _________________¶¶_¶¶________¶¶__________________
        _________________¶¶___________¶¶__________________
        ___¶¶¶¶¶¶___¶¶¶¶¶¶¶_¶¶___¶¶¶¶¶¶¶___¶¶¶¶¶¶¶__¶¶¶¶__
        __¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶_¶¶__¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶_¶¶¶¶¶¶_
        _¶¶¶__¶¶¶__¶¶___¶¶¶_¶¶__¶¶___¶¶¶_¶¶¶__¶¶¶¶_¶¶___¶¶
        ¶¶¶____¶¶_¶¶_____¶¶_¶¶_¶¶_____¶¶_¶¶____¶¶¶_¶¶¶¶___
        ¶¶_____¶¶_¶¶_____¶¶_¶¶_¶¶_____¶¶_¶¶_____¶¶_¶¶¶¶¶¶_
        ¶¶¶____¶¶_¶¶_____¶¶_¶¶_¶¶_____¶¶_¶¶____¶¶¶____¶¶¶¶
        _¶¶¶__¶¶¶__¶¶___¶¶¶_¶¶__¶¶___¶¶¶_¶¶¶__¶¶¶¶_¶¶___¶¶
        _¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶_¶¶__¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶_¶¶¶¶¶¶¶
        __¶¶¶¶_¶¶____¶¶¶¶¶¶_¶¶___¶¶¶¶_¶¶___¶¶¶¶_¶¶__¶¶¶¶¶_

        """,
        """
        ________________________________________________¶¶_¶¶¶¶¶¶¶¶¶
        ______________________________________________¶¶¶¶________¶¶
        ____________________________________________¶¶_¶¶¶_______¶¶
        _____¶¶¶¶¶¶¶¶_____¶¶___¶¶¶¶_______________¶¶___¶¶______¶¶
        ___¶¶¶______¶¶¶__¶¶¶__¶¶________________¶¶____¶¶¶_____¶¶
        ____________¶¶¶__¶¶_¶¶¶_______________¶¶______¶¶_____¶¶
        ___¶¶¶¶¶¶¶¶¶¶¶__¶¶¶¶¶____¶¶¶¶¶¶¶¶¶__¶¶_______¶¶¶_____¶¶
        _¶¶¶¶______¶¶¶__¶¶_¶¶¶___¶¶¶¶¶¶¶¶¶__¶¶¶¶¶¶¶¶¶¶¶¶¶¶__¶¶
        ¶¶¶_______¶¶¶__¶¶¶__¶¶¶_____________________¶¶¶_____¶¶
        ¶¶¶¶____¶¶¶¶¶__¶¶____¶¶¶____________________¶¶_____¶¶
        _¶¶¶¶¶¶¶¶_¶¶¶__¶¶_____¶¶____________________¶¶_____¶¶
        ______________________________________________________¶¶__
        ________________________________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶
        _______________________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶__
        ________________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_____________
        __________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶________________
        _________________¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶______________________
        ¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_________________________
        ¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_¶_¶¶¶¶¶¶¶¶_________________________
        ¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶__¶¶¶¶¶___¶__¶¶¶¶¶¶________________________
        _¶¶¶¶¶¶¶¶¶¶¶¶____¶¶¶¶¶¶¶¶¶___¶¶¶¶¶¶_______________________
        __¶¶¶¶¶¶¶¶¶______¶¶¶¶¶_______¶¶¶¶¶¶¶______________________
        ___¶¶¶¶¶¶________¶¶¶¶¶_________¶¶¶¶¶¶¶____________________
        ____¶¶¶¶_________¶¶¶¶¶__________¶¶¶¶¶¶¶¶__________________

        """,
        """
        ───▒▓▒░
        ─█▒████████
        ▒█▒▓█▓█████
        ─▓▒▓█▓██▓██
        ──▒▓█▓██▓██
        ─░▒▓█▓██▓██░
        ─░▒▓█▓██▓██░
        ─░▒▓▓▓██▓██░
        ─░▒▓█▓██▓██░
        ─░▒▓▓▓██▓██░
        ─░▒██▓██▓██░
        ─▒▒▓██▓█▓██▒
        ─░▒▒█▓▓▓▓▓██
        ─▒▒▒█▓▓█▓▓██
        ─░▒▒█▓▓██▓██░
        ─▒▒▒█▓▓█▓▓██░
        ─▒▒▒█▓▓██▓██▒
        ─▒▒▒█▓▓██▓██▒
        ─░▒▒█▓▓▓█▓██▒
        ─▒▒▒█▓▓█▓▓██▒
        ─▒▒▒█▓▓▓█▓██▓
        ─▒▒▒█▓▓▓█▓▓██▓
        ─░▒▓█▓▓▓█▓▓███████▒
        ─▒▓▒▒█▓█▓▓▓██▓░──▒█▓
        ─▒▓──▒█▓█▓▓█▓──────█░
        ─▒▒──▒██▓▓▓█▒──────▓▒
        ─▒▓──▒███▓▓█▓──────▒▒
        ─▒▒──▒███▓▓█▓──────▓▒
        ─▒▒──░███▓▓██─────▓▓▒
        ─▓▒──▒███▓▓▓██▒▒▒▓░▒▒
        ─▒▓▒▓▓█▓█▓▓▓████▓░─▒▓
        ─▒▒▓██▓█▓▓▓▓██▒────▓▓
        ─▒▒▓▓▓▓▓███▓▓█────░█▒
        ─▒▒▓▓█▓▓▓██████▓▒▓██▒
        ─▒▒▓▓█▓▓▒▓████████▓██
        ─▒▒▓▓█▓▓▒▓▓▓██▓██▓▓▓██▒
        ─▒▒▓▓█▓▓▓▓▓▒██▓▒▓█▓█████▓
        ─▒▒▓▓█▓█▓▓▓▒██▓▒▒████████████▓
        ─▒▒▓█▓▓▓▓▓▓▒██▓▓▓██▓██████████████▓▒▒█▒
        ─▒▒▓█▓▓▓▓█▓▒██▓▓▒██▓▓▓▓▓▓█████████████▓
        ─▒▒▓█▓▓▓▓▓█▒██▓▓▓▓█▓▓▓▓▓▓▓▓▓█▓███▓████▓
        ─▒░▓█▓▓█▓▒█▓▓█▓▓▓▓██▓▓▓▓▓▓▓▓▓▓▓█▓██▓▓█▓
        ─▒▒▓█▓██▓▒▓█▓██▓▓▓▓█▓▓▓▓▓▓▓▓▓▓█▓▓▓█▓▓██
        ─█▓▒█▓▓██▓▓█▓██▓▓▓▓▓██▓▓▓▓▓▓▓▓▓█▓▓▓▓▓██
        ─█▓▒█▓▓▓█▓▓█▓▓██▓▓▓▓▓████▓▓▓▓▓▓▓▓▓█▓▓██
        ─░░▓█▓▓▓█▓▓██▓█████▓▓▓▓███▓▓▓▓▓▓▓▓▓▓▓██
        ─▒▒▓█▓▓▓▓▒▓███▓▒▒▒▓██▓▓▓▓▓▓██▓▓▓▓▓█▓▓██
        ──▒█▓████████▒──────▓██▓▓▓▓▓▓█▓████▓▓██
        ──░█████▓▒██▒─────────▒████▓▓▓▓▓█████▓
        ───▒█▓────▓█────────────░▓███████▓▓██▓
        ───▒█─────▒▓───────────────░▒▓███████▓
        ───▓█───────────────────────────▒▓▓██▒
        """,
        """
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XX                                                                          XX
        XX   MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM   XX
        XX   MMMMMMMMMMMMMMMMMMMMMssssssssssssssssssssssssssMMMMMMMMMMMMMMMMMMMMM   XX
        XX   MMMMMMMMMMMMMMMMss'''                          '''ssMMMMMMMMMMMMMMMM   XX
        XX   MMMMMMMMMMMMyy''                                    ''yyMMMMMMMMMMMM   XX
        XX   MMMMMMMMyy''                                            ''yyMMMMMMMM   XX
        XX   MMMMMy''                                                    ''yMMMMM   XX
        XX   MMMy'                                                          'yMMM   XX
        XX   Mh'                                                              'hM   XX
        XX   -                                                                  -   XX
        XX                                                                          XX
        XX   ::                                                                ::   XX
        XX   MMhh.        ..hhhhhh..                      ..hhhhhh..        .hhMM   XX
        XX   MMMMMh   ..hhMMMMMMMMMMhh.                .hhMMMMMMMMMMhh..   hMMMMM   XX
        XX   ---MMM .hMMMMdd:::dMMMMMMMhh..        ..hhMMMMMMMd:::ddMMMMh. MMM---   XX
        XX   MMMMMM MMmm''      'mmMMMMMMMMyy.  .yyMMMMMMMMmm'      ''mmMM MMMMMM   XX
        XX   ---mMM ''             'mmMMMMMMMM  MMMMMMMMmm'             '' MMm---   XX
        XX   yyyym'    .              'mMMMMm'  'mMMMMm'              .    'myyyy   XX
        XX   mm''    .y'     ..yyyyy..  ''''      ''''  ..yyyyy..     'y.    ''mm   XX
        XX           MN    .sMMMMMMMMMss.   .    .   .ssMMMMMMMMMs.    NM           XX
        XX           N`    MMMMMMMMMMMMMN   M    M   NMMMMMMMMMMMMM    `N           XX
        XX            +  .sMNNNNNMMMMMN+   `N    N`   +NMMMMMNNNNNMs.  +            XX
        XX              o+++     ++++Mo    M      M    oM++++     +++o              XX
        XX                                oo      oo                                XX
        XX           oM                 oo          oo                 Mo           XX
        XX         oMMo                M              M                oMMo         XX
        XX       +MMMM                 s              s                 MMMM+       XX
        XX      +MMMMM+            +++NNNN+        +NNNN+++            +MMMMM+      XX
        XX     +MMMMMMM+       ++NNMMMMMMMMN+    +NMMMMMMMMNN++       +MMMMMMM+     XX
        XX     MMMMMMMMMNN+++NNMMMMMMMMMMMMMMNNNNMMMMMMMMMMMMMMNN+++NNMMMMMMMMM     XX
        XX     yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy     XX
        XX   m  yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy  m   XX
        XX   MMm yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy mMM   XX
        XX   MMMm .yyMMMMMMMMMMMMMMMM     MMMMMMMMMM     MMMMMMMMMMMMMMMMyy. mMMM   XX
        XX   MMMMd   ''''hhhhh       odddo          obbbo        hhhh''''   dMMMM   XX
        XX   MMMMMd             'hMMMMMMMMMMddddddMMMMMMMMMMh'             dMMMMM   XX
        XX   MMMMMMd              'hMMMMMMMMMMMMMMMMMMMMMMh'              dMMMMMM   XX
        XX   MMMMMMM-               ''ddMMMMMMMMMMMMMMdd''               -MMMMMMM   XX
        XX   MMMMMMMM                   '::dddddddd::'                   MMMMMMMM   XX
        XX   MMMMMMMM-                                                  -MMMMMMMM   XX
        XX   MMMMMMMMM                                                  MMMMMMMMM   XX
        XX   MMMMMMMMMy                                                yMMMMMMMMM   XX
        XX   MMMMMMMMMMy.                                            .yMMMMMMMMMM   XX
        XX   MMMMMMMMMMMMy.                                        .yMMMMMMMMMMMM   XX
        XX   MMMMMMMMMMMMMMy.                                    .yMMMMMMMMMMMMMM   XX
        XX   MMMMMMMMMMMMMMMMs.                                .sMMMMMMMMMMMMMMMM   XX
        XX   MMMMMMMMMMMMMMMMMMss.           ....           .ssMMMMMMMMMMMMMMMMMM   XX
        XX   MMMMMMMMMMMMMMMMMMMMNo         oNNNNo         oNMMMMMMMMMMMMMMMMMMMM   XX
        XX                                                                          XX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

            .o88o.                               o8o                .
            888 `"                               `"'              .o8
        o888oo   .oooo.o  .ooooo.   .ooooo.  oooo   .ooooo.  .o888oo oooo    ooo
            888    d88(  "8 d88' `88b d88' `"Y8 `888  d88' `88b   888    `88.  .8'
            888    `"Y88b.  888   888 888        888  888ooo888   888     `88..8'
            888    o.  )88b 888   888 888   .o8  888  888    .o   888 .    `888'
        o888o   8""888P' `Y8bod8P' `Y8bod8P' o888o `Y8bod8P'   "888"      d8'
                                                                        .o...P'
                                                                        `XER0'

        """,
        """

          :================:
         /||# nmap -A _   ||
        / ||              ||
       |  ||              ||
        \\ ||              ||
          ==================
   ........... /      \\.............
   :\\        ############            \\
   : ---------------------------------
   : |  *   |__________|| ::::::::::  |
   \\ |      |          ||   .......   |
     --------------------------------- 8

        """,
        """
                                            ....::::....                              
                              ::::::::::::::::::::::::..                      
                          ;;;;,,::::,,,,,,,,,,,,::::,,,,;;                    
                      ,,ii,,,,iijjjjjjLLKKEEffjjjjjjii,,,,ii,,                
                  ..iiii,,;;LLffjj,,jjiiLLLL,,ii,,jjffLL,,,,;;ii              
                ..ii,,,,jjjjLLjjjj;;jjLL##WWffjj;;jjjjLLjjtt,,,,ii..          
              ::ii,,,,tt;;,,ffjjjj;;jjKKKKKKKKjj;;ffjjff,,;;tt,,,,ii,,        
            ..ii,,iijj,,::::jj,,ff;;jjEE####EEjj;;ff,,jj::::,,jjii,,ii..      
            ..iiiijjff;;::::jj::jj;;iijjEEEEjjii;;jj,,jj::::;;ffjjiiii..      
              ..,,iiiiiiiiiiff::,,jj,,iiffff;;,,jj,,,,ffiiiiiiiiii,,..        
                      ::iijj;;ii,,;;ii;;jjjj;;iiii,,iiiijjii::                
                          ,,ii,,,,,,,,iijjjjii,,,,,,,,ii,,                    
      ..,,..      ..,,..      ..,,,,,,,,,,,,,,,,,,,,..                        
      iijjjj      iijjjj..        ..::::::::::::..                            
      iittjj::    ,,iitt..                                                    
      ,,iiiitt..  ,,;;ii..                                                    
      ,,iijjjjii  ,,;;ii....ii;;                                              
      ,,iijjjjjj::,,iitt..,,jjjjjjtt;;;;,,..    ::iittii;;    ..jjffttii,,    
      ,,;;jjiiiitt,,;;ii..,,jjffttjjjjjjjjjj,,  ,,jjjjjjjjii..::;;jjjjiijjii..
      ,,;;jj,,;;ttii;;ii..,,iijj,,iijjffiijjjj..    ,,ttttjjii::iiffff;;iijjii
      ,,iijj..;;ttjjiitt..,,iitt..iijjjj,,iijj;;..iijjjjttjjjj::;;jjii..iiiiii
      ,,iijj  ::;;iijjjj..,,iijj..iijjjj,,iijj;;,,jjLLiiiijjjj,,iiffff;;iijjii
      ,,iijj    ,,;;;;tt..,,iitt..iijjjj,,iijj;;iijjjj  iijjjj,,;;jjjjiijjii..
      ,,;;jj    ..;;;;ii..,,iijj..;;jjjj,,iijj;;iijjffiiiijjjj,,;;jjtt;;..    
      iiiijj      iittjj..;;jjjj..iijjff,,iijj;;..iijjjjjjjjjj,,;;jjii        
      ..;;::      ..;;,,  ..;;,,  ..,,..  ,,;;    ..,,ii;;ii,,  ,,;;..            

        """,
        """
        ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░░░░░░░▓████████████████████████▒░░░░░░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░░░░▓█████▓▒░░░░░░░░░░░░░░░▒██████▒░░░░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░░████▒░░░░░░░░░░░░░░░░░░░░░░░░░▓███▒░░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░███░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░███░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░▒██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒██░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░▒██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░░░░░░░░░░░░
        ░░░░░░░░░░░░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░░░░░░░░░░░
        ░░░░░░░░░░░░██▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒░░██░░░░░░░░░░░░
        ░░░░░░░░░░░░██░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░██░░░░░░░░░░░
        ░░░░░░░░░░░░██░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░██░░░░░░░░░░░
        ░░░░░░░░░░░░██░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░██░░░░░░░░░░░
        ░░░░░░░░░░░░██▒░██▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██▓░▒██░░░░░░░░░░░
        ░░░░░░░░░░░░░██░░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░██░░░░░░░░░░░░
        ░░░░░░░░░░░░░██▒░██░░░░░▒▒▓███▒░░░░░░░▒███▓▒▒░░░░░██░▓██░░░░░░░░░░░░
        ░░░░░░░░░░░░░░██░██░░██████████▒░░░░░▓██████████░░██▒██░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░████░████████████░░░░░████████████░████░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░███░▒██████████░░░░░░░██████████▒░██▒░░░░░░░░░▒░░░░░
        ░░░░▒████░░░░░░░▓█▒░░█████████░░░░░░░░░█████████░░▒█▓░░░░░░▓████░░░░
        ░░░░██░▒██▒░░░░░██░░░░██████▓░░░░█░█░░░░███████░░░░██░░░░░███░░██░░░
        ░░░░██░░░██▓░░░░██░░░░░░▒▓▓░░░░▒██░██░░░░░▓▓▒░░░░░▒██░░░░███░░░██░░░
        ░░▓██▒░░░░████▓░░██░░░░░░░░░░░░███░███░░░░░░░░░░░░██░░█████░░░░▓██▒░
        ░██▓░░░░░░░░▒████████▓░░░░░░░░████░███▓░░░░░░░▒▓████████░░░░░░░░░███
        ░██▓▒▓███▓░░░░░░▓████████▓░░░░████░███▓░░░░▓████████▓░░░░░░████▓▓███
        ░░███████████▒░░░░░░███████░░░░██░░░██░░░░██████▓░░░░░░▓███████████░
        ░░░░░░░░░░░▓█████░░░░██▓▓░██░░░░░░░░░░░░░██░█▒██░░░▒█████▓░░░░░░░░░░
        ░░░░░░░░░░░░░░▒█████▒▒█▓█░███▓▓▒▒▒▓▒▒▓▓▓███▒███░▓█████░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░░░▒████▒▓█▒▒█░█▒█░█░█▓█▒█▓░█░█████▒░░░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░░░░░░██░░██▓█▓█▓█▒█▒█▓█▓████░▓█▓░░░░░░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░░░▓████▓░▓█▓█░█▒█░█░█▒█▒███▒░██████░░░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░▓█████░░██░░░▒█████▓█▓█████▒░░░██░▒█████▓░░░░░░░░░░░░░
        ░░░░░▒██████████▓░░░░░███░░░░░░░░░░░░░░░░░░░██▒░░░░░▓██████████▒░░░░
        ░░░░░██░░░▓▓▓░░░░░░▒██████▓░░░░░░░░░░░░░░░███████▒░░░░░░▓▓▒░░▒██░░░░
        ░░░░░▓██░░░░░░░░▓████▓░░░█████▒░░░░░░▒▓█████░░░▓████▓░░░░░░░▒██▓░░░░
        ░░░░░░░███░░░░████▒░░░░░░░░▓█████████████▒░░░░░░░░▒████░░░░███░░░░░░
        ░░░░░░░░██░░░██▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▓██░░░██░░░░░░░
        ░░░░░░░░██▒▓██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒██▒▓██░░░░░░░
        ░░░░░░░░░████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░████░░░░░░░░
        ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

        """,
        """
        ███████████▓▓▓▓▓▓▓▓▒░░░░░▒▒░░░░░░░▓█████
        ██████████▓▓▓▓▓▓▓▓▒░░░░░▒▒▒░░░░░░░░▓████
        █████████▓▓▓▓▓▓▓▓▒░░░░░░▒▒▒░░░░░░░░░▓███
        ████████▓▓▓▓▓▓▓▓▒░░░░░░░▒▒▒░░░░░░░░░░███
        ███████▓▓▓▓▓▓▓▓▒░░▒▓░░░░░░░░░░░░░░░░░███
        ██████▓▓▓▓▓▓▓▓▒░▓████░░░░░▒▓░░░░░░░░░███
        █████▓▒▓▓▓▓▓▒░▒█████▓░░░░▓██▓░░░░░░░▒███
        ████▓▒▓▒▒▒░░▒███████░░░░▒████░░░░░░░░███
        ███▓▒▒▒░░▒▓████████▒░░░░▓████▒░░░░░░▒███
        ██▓▒▒░░▒██████████▓░░░░░▓█████░░░░░░░███
        ██▓▒░░███████████▓░░░░░░▒█████▓░░░░░░███
        ██▓▒░▒██████████▓▒▒▒░░░░░██████▒░░░░░▓██
        ██▓▒░░▒███████▓▒▒▒▒▒░░░░░▓██████▓░░░░▒██
        ███▒░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░███████▓░░░▓██
        ███▓░░░░░▒▒▒▓▓▒▒▒▒░░░░░░░░░██████▓░░░███
        ████▓▒▒▒▒▓▓▓▓▓▓▒▒▓██▒░░░░░░░▓███▓░░░░███
        ██████████▓▓▓▓▒▒█████▓░░░░░░░░░░░░░░████
        █████████▓▓▓▓▒▒░▓█▓▓██░░░░░░░░░░░░░█████
        ███████▓▓▓▓▓▒▒▒░░░░░░▒░░░░░░░░░░░░██████
        ██████▓▓▓▓▓▓▒▒░░░░░░░░░░░░░░░░▒▓████████
        ██████▓▓▓▓▓▒▒▒░░░░░░░░░░░░░░░▓██████████
        ██████▓▓▓▓▒▒██████▒░░░░░░░░░▓███████████
        ██████▓▓▓▒▒█████████▒░░░░░░▓████████████
        ██████▓▓▒▒███████████░░░░░▒█████████████
        ██████▓▓░████████████░░░░▒██████████████
        ██████▓░░████████████░░░░███████████████
        ██████▓░▓███████████▒░░░████████████████
        ██████▓░███████████▓░░░█████████████████
        ██████▓░███████████░░░██████████████████
        ██████▓▒██████████░░░███████████████████
        ██████▒▒█████████▒░▓████████████████████
        ██████░▒████████▓░██████████████████████
        ██████░▓████████░███████████████████████
        ██████░████████░▒███████████████████████
        █████▓░███████▒░████████████████████████
        █████▒░███████░▓████████████████████████
        █████░▒██████░░█████████████████████████
        █████░▒█████▓░██████████████████████████
        █████░▓█████░▒██████████████████████████
        █████░▓████▒░███████████████████████████
        █████░▓███▓░▓███████████████████████████
        ██████░▓▓▒░▓████████████████████████████
        ███████▒░▒██████████████████████████████
        ████████████████████████████████████████
        ████████████████████████████████████████

        """

    ]
    EVT_STRS = random.choice(evntstrslist)
    EVT_DATA = random.choice(evntstrslist).decode()

    win32evtlogutil.ReportEvent(EVT_APP_NAME, EVT_ID, EVT_CATEG, eventType=win32evtlog.EVENTLOG_WARNING_TYPE, strings = EVT_STRS, data = EVT_DATA)
예제 #20
0
    def write_result_eventlog_hierarchy(self, res):
        ph = win32api.GetCurrentProcess()
        th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
        my_sid = win32security.GetTokenInformation(\
                                                                                        th, win32security.TokenUser)[0]
        myType = win32evtlog.EVENTLOG_WARNING_TYPE
        applicationName = "SysmonCorrelator"
        tab = '--'
        data = "Not configured, use -l option"

        for anomaly in res:
            eventID = anomaly['RuleID']
            category = 1

            descr = [
                "RuleName: " + anomaly['Rulename'],
                "RuleID: " + str(anomaly['RuleID']),
                "Computer: " + anomaly['Computer'],
                "Data: ",
            ]

            alert = ""
            alert += "\n"
            alert += "\tPHE ALERT [%s]: %s\n" % (anomaly['RuleID'],
                                                 anomaly['Rulename'])
            tab = '--'
            ntabs = 0

            for process in reversed(anomaly['ProcessChain']):
                ntabs += 1

                if process.acciones['1'][0]['Alert']:
                    alert += "\t!%s> %s (%s) [%s] %s\n" % (
                        tab * ntabs, get_action_from_id(1), process.pid,
                        process.acciones['1'][0]['ProcessTTL'], process.cmd)
                    #process.acciones['1'][0]['Alert'] = False
                else:
                    alert += "\t%s> %s (%s) [%s] %s\n" % (
                        tab * ntabs, get_action_from_id(1), process.pid,
                        process.acciones['1'][0]['ProcessTTL'], process.cmd)

                for action_type in process.acciones:
                    for action in process.acciones[action_type]:
                        param = get_default_parameter_from_id(\
                                                                                int(action_type))
                        if int(action_type) != 1:

                            if action['Alert']:
                                alert += "\t!%s> %s %s\n" %\
                                        (tab*(ntabs+2), \
                                        get_action_from_id(int(action_type)),
                                                        action[param])

                        # Special case for Real Parent
                        elif action['CreationType'] == 'InjectedThread':
                            alert += "\t!%s> [I] REAL PARENT %s\n" % \
                                                    (tab*(ntabs+2),
                                                    action['RealParent'])

            descr.append(alert)

            self.log.debug("Writing to eventlog: %s" % anomaly)
            win32evtlogutil.ReportEvent(applicationName,
                                        eventID,
                                        eventCategory=category,
                                        eventType=myType,
                                        strings=descr,
                                        data=data,
                                        sid=my_sid)
예제 #21
0
# Writing to the windows logs in Python
import win32evtlogutil
win32evtlogutil.ReportEvent(ApplicationName, EventID, EventCategory, EventType,
                            Inserts, Data, SID)
예제 #22
0
def log_msg(prog, event_id, msg_type, message):
    win32evtlogutil.ReportEvent(prog,
                                event_id,
                                eventType=msg_type,
                                strings=[message])
예제 #23
0
def test():
    # check if running on Windows NT, if not, display notice and terminate
    if win32api.GetVersion() & 0x80000000:
        print("This sample only runs on NT")
        return

    import sys, getopt
    opts, args = getopt.getopt(sys.argv[1:], "rwh?c:t:v")
    computer = None
    do_read = do_write = 1

    logType = "Application"
    verbose = 0

    if len(args) > 0:
        print("Invalid args")
        usage()
        return 1
    for opt, val in opts:
        if opt == '-t':
            logType = val
        if opt == '-c':
            computer = val
        if opt in ['-h', '-?']:
            usage()
            return
        if opt == '-r':
            do_read = 0
        if opt == '-w':
            do_write = 0
        if opt == '-v':
            verbose = verbose + 1
    if do_write:
        ph = win32api.GetCurrentProcess()
        th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
        my_sid = win32security.GetTokenInformation(th,
                                                   win32security.TokenUser)[0]

        win32evtlogutil.ReportEvent(
            logType,
            2,
            strings=["The message text for event 2", "Another insert"],
            data="Raw\0Data".encode("ascii"),
            sid=my_sid)
        win32evtlogutil.ReportEvent(
            logType,
            1,
            eventType=win32evtlog.EVENTLOG_WARNING_TYPE,
            strings=["A warning", "An even more dire warning"],
            data="Raw\0Data".encode("ascii"),
            sid=my_sid)
        win32evtlogutil.ReportEvent(
            logType,
            1,
            eventType=win32evtlog.EVENTLOG_INFORMATION_TYPE,
            strings=["An info", "Too much info"],
            data="Raw\0Data".encode("ascii"),
            sid=my_sid)
        print("Successfully wrote 3 records to the log")

    if do_read:
        ReadLog(computer, logType, verbose > 0)
예제 #24
0

class SyslogUDPHandler(SocketServer.BaseRequestHandler):
    def handle(self):
        data = bytes.decode(self.request[0].strip())
        socket = self.request[1]
        print()
        win32evtlogutil.ReportEvent(
            logger_name,  # Application name
            1001,  # Event ID
            0,  # Event category
            win32evtlog.EVENTLOG_INFORMATION_TYPE,
            (self.client_address[0], str(data)))


if __name__ == "__main__":
    try:
        win32evtlogutil.AddSourceToRegistry(logger_name)
        win32evtlogutil.ReportEvent(
            logger_name,  # Application name
            1001,  # Event ID
            0,  # Event category
            win32evtlog.EVENTLOG_INFORMATION_TYPE,
            (logger_name, "Started."))
        server = SocketServer.UDPServer((HOST, PORT), SyslogUDPHandler)
        server.serve_forever(poll_interval=0.5)
    except (IOError, SystemExit):
        raise
    except KeyboardInterrupt:
        print("Crtl+C Pressed. Shutting down.")
예제 #25
0
    c, addr = s.accept()  # Establish connection with client.
    hostname = str(addr[0])
    print("Got connection from %s" % hostname)
    c.send(nasty_msg)
    print("Blocking the address: %s" % hostname)

    # If there is a full connection, create a firewall rule
    # Run the command associated with the platform being run:

    if platform == "Windows":
        print("Sending alert to EVENT LOG")
        win32evtlogutil.ReportEvent(
            "HoneyPortAlert",
            4242,
            eventType=win32evtlog.EVENTLOG_WARNING_TYPE,
            strings=[
                "Detected HoneyPort Hit",
                "HoneyPort hit from " + hostname + " on port " + str(port)
            ],
            data=(hostname + "\0" + str(port)).encode("ascii"))
        print("Creating a Windows Firewall Rule\n")
        fw_result = call(
            'netsh advfirewall firewall add rule name="honeyports" dir=in remoteip= '
            + hostname + ' localport=any protocol=TCP action=block > NUL',
            shell=True)
        flush = 'netsh', 'advfirewall reset'
        fwlist = "netsh", """ advfirewall firewall show rule name=honeyports | find "RemoteIP" """

    elif platform == "Linux":
        print("Creating a Linux Firewall Rule\n")
        fw_result = os.popen('/sbin/iptables -A INPUT -s ' + hostname +
import win32api
import win32con
import win32evtlog
import win32security
import win32evtlogutil

ph = win32api.GetCurrentProcess()
th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]

applicationName = "My Application"
eventID = 1
category = 5  # Shell
myType = win32evtlog.EVENTLOG_WARNING_TYPE
descr = ["A warning", "An even more dire warning"]
data = "Application\0Data".encode("ascii")

win32evtlogutil.ReportEvent(applicationName,
                            eventID,
                            eventCategory=category,
                            eventType=myType,
                            strings=descr,
                            data=data,
                            sid=my_sid)
예제 #27
0
    def SvcDoRun(self):
        # import servicemanager
        # Write a 'started' event to the event log... (not required)
        #
        win32evtlogutil.ReportEvent(self._svc_name_,
                                    servicemanager.PYS_SERVICE_STARTED, 0,
                                    servicemanager.EVENTLOG_INFORMATION_TYPE,
                                    (self._svc_name_, ''))
        # methode 1: wait for beeing stopped ...
        # win32event.WaitForSingleObject(self.hWaitStop, win32event.INFINITE)
        # methode 2: wait for beeing stopped ...
        self.timeout = 1000
        self.logger.info('service is begin...')

        cnt_end = 0  #结束文件时行数

        while self.isAlive:
            # wait for service stop signal, if timeout, loop again
            rc = win32event.WaitForSingleObject(self.hWaitStop, self.timeout)

            self.logger.info('service is running...')
            if self._CompareDateFile():  #当前时间和文件里时间一样
                cnt = self._getLineCnt()  #初始行数
                self.logger.info('开始行数cnt' + str(cnt))

                if self._getLineCnt() and (cnt_end != cnt):  #内容不为空
                    #---------------------
                    for line in linecache.getlines(self.case_log_file):
                        start = line.find('|')  #第一个|
                        end = line.find('|', line.find('|') + 1)  #第二个|
                        if line[start + 1:end] == '1014':  #发现错误
                            print(line[start - 19:start])
                            #os.system('mstsc')
                            self.logger.info('执行mstsc')  #重启pos机
                else:
                    self.logger.info('没新记录')

                cnt_end = self._getLineCnt()
                self.logger.info('最后行数cnt_end' + str(cnt_end))
                time.sleep(50)  #间隔一分钟
            else:  #当前时间和文件时间不一致,寻找当前时间的日志
                current_time = time.strftime('%Y%m%d',
                                             time.localtime(
                                                 time.time()))  #当前时间
                self.case_log_file = os.path.join(self.case_log_dir, 'CASE_' +
                                                  current_time + '.log')  #文件
                cnt = self._getLineCnt()  #初始行数
                cnt_end = 0  #结束时文件行数

                if self._getLineCnt():  #内容不为空
                    #---------------------
                    for line in linecache.getlines(self.case_log_file):
                        start = line.find('|')  #第一个|
                        end = line.find('|', line.find('|') + 1)  #第二个|
                        if line[start + 1:end] == '1014':  #发现错误
                            print(line[start - 19:start])
                            #os.system('mstsc')
                            self.logger.info('执行mstsc')  #重启pos机
                cnt_end = self._getLineCnt()  #是否有新增行
                time.sleep(50)

            # ---------------------
            # and write a 'stopped' event to the event log (not required)
            #
        win32evtlogutil.ReportEvent(self._svc_name_,
                                    servicemanager.PYS_SERVICE_STOPPED, 0,
                                    servicemanager.EVENTLOG_INFORMATION_TYPE,
                                    (self._svc_name_, ''))
        self.ReportServiceStatus(win32service.SERVICE_STOPPED)
        return
def log(eventID, category, logdesc, data):
    eventType = 4
    if category in eventCategories:
        eventType = eventCategories[category]
    win32evtlogutil.ReportEvent(applicationName, eventID, eventCategory=eventType, eventType=eventType, strings=logdesc, data=data.encode('ascii'), sid=token_sid)
예제 #29
0
파일: main.py 프로젝트: killvxk/winLog
 def _log_detail(self, descripton, type):
     win32evtlogutil.ReportEvent(self.appName, 1, eventType=type, strings=[descripton])