Exemplo n.º 1
0
    def __init__(self):
        self.ostrica = OSTrICa()
        self.visualization = OstriViz()
        self.domains = []
        self.ips = []
        self.asn = []
        self.sha256 = []
        self.md5 = []
        self.email = []

        self.nodes = {}
        self.edges = {}
        self.rnd_fn = None
        self.rnd_report_fn = None
        self.original_intel = []
Exemplo n.º 2
0
    def __init__(self):
        self.ostrica = OSTrICa()
        self.visualization = OstriViz()
        self.domains = []
        self.ips = []
        self.asn = []
        self.sha256 = []
        self.md5 = []
        self.email = []

        self.nodes = {}
        self.edges = {}
        self.rnd_fn = None
        self.rnd_report_fn = None
        self.original_intel = []
Exemplo n.º 3
0
class OstricaConsole:
    def __init__(self):
        self.ostrica = OSTrICa()
        self.visualization = OstriViz()
        self.domains = []
        self.ips = []
        self.asn = []
        self.sha256 = []
        self.md5 = []
        self.email = []

        self.nodes = {}
        self.edges = {}
        self.rnd_fn = None
        self.rnd_report_fn = None
        self.original_intel = []

    def generate_ostrica_graph(self, graph_typology=''):
        if self.rnd_fn is None:
            self.rnd_fn = '%s.html' % (str(uuid.uuid4()))

        self.visualization.generate_graph(self.rnd_fn, self.nodes, self.edges,
                                          self.original_intel, graph_typology)

    def help(self):
        print 'Following options are available\n'
        print '\tdomain - used to collect domains information'
        print '\tExample: domain=google.com or domain=google.com,yahoo.com'
        print '\tip - used to collect IP information'
        print '\tExample: ip=8.8.8.8 or ip=8.8.8.8,173.194.68.99'
        print '\tmd5 - used to collect MD5 information'
        print '\tsha256 - used to collect SHA256 information'
        print '\tasn - used to collect ASN information'
        print '\temail - used to collect email information'
        print '\tgraph - generate a graph based on all the information collected'
        print '\tcola_graph - generate a graph based on all the information collected where nodes do not overlap (it might take a while to generate the graph if there are lots of nodes)'
        print '\tgclean - clear graph information'
        print '\tshow - show all information that will be collected'
        print '\trun - extract intelligece information'
        print '\thelp - this help'
        print '\tplugins - show available plugins'

    def clean_ostrica_graph(self):
        self.edges = {}
        self.edges = {}
        self.rnd_fn = None
        self.rnd_report_fn = None

    def run_ostrica(self):
        if self.rnd_report_fn == None:
            self.rnd_report_fn = str(uuid.uuid4())
        filename = os.path.join(os.getcwd(), 'report', self.rnd_report_fn)
        fh = open(filename, 'a')
        self.ostrica.intelligence_gathering()
        for intel in self.ostrica.intelligence:
            self.nodes, self.edges = self.ostrica.plugin_data_visualization(
                self.nodes, self.edges, intel)
            fh.write(
                json.dumps(intel,
                           sort_keys=True,
                           indent=4,
                           separators=(',', ': ')))

        print 'Output created in %s' % (filename)
        fh.close()

    def plugins_info(self):
        self.ostrica.plugins_info()

    def clear_ostrica_queue(self):
        self.ostrica.clear_intelligence_queue()

    def show_ostrica_queue_elements(self):
        for ostrica_queue in self.ostrica.extract_intelligence_queue_items():
            print ostrica_queue

    def domain_intelligence(self, domains):
        for domain in domains:
            self.original_intel.append(domain)
            self.ostrica.update_intelligence_queue({
                'extraction_type':
                cfg.intelligence_type['domain'],
                'intelligence_information':
                domain
            })

    def ip_intelligence(self, ips):
        for ip in ips:
            self.original_intel.append(ip)
            self.ostrica.update_intelligence_queue({
                'extraction_type':
                cfg.intelligence_type['ip'],
                'intelligence_information':
                ip
            })

    def asn_intelligence(self, asns):
        for asn in asns:
            self.original_intel.append(asn)
            self.ostrica.update_intelligence_queue({
                'extraction_type':
                cfg.intelligence_type['asn'],
                'intelligence_information':
                asn
            })

    def email_intelligence(self, emails):
        for email in emails:
            self.original_intel.append(email)
            self.ostrica.update_intelligence_queue({
                'extraction_type':
                cfg.intelligence_type['email'],
                'intelligence_information':
                email
            })

    def md5_intelligence(self, md5s):
        for md5 in md5s:
            self.original_intel.append(md5)
            self.ostrica.update_intelligence_queue({
                'extraction_type':
                cfg.intelligence_type['md5'],
                'intelligence_information':
                md5
            })

    def sha256_intelligence(self, sha256s):
        for sha256 in sha256s:
            self.original_intel.append(sha256)
            self.ostrica.update_intelligence_queue({
                'extraction_type':
                cfg.intelligence_type['sha256'],
                'intelligence_information':
                sha256
            })

    def parse_intelligence_type(self, intelligence_type, intelligence_data):
        if intelligence_type.strip() == 'run':
            self.run_ostrica()
            self.clear_ostrica_queue()
        elif (intelligence_type.strip() == 'quit'
              or intelligence_type.strip() == 'exit'
              or intelligence_type.strip() == 'q'):
            sys.exit(0)
        elif intelligence_type.strip() == 'clear':
            self.clear_ostrica_queue()
        elif intelligence_type.strip() == 'show':
            self.show_ostrica_queue_elements()
        elif intelligence_type.strip() == 'graph':
            self.generate_ostrica_graph()
        elif intelligence_type.strip() == 'cola_graph':
            self.generate_ostrica_graph('cola')
        elif intelligence_type.strip() == 'gclean':
            self.clean_ostrica_graph()
        elif intelligence_type.strip() == 'domain':
            self.domain_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'ip':
            self.ip_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'asn':
            self.asn_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'md5':
            self.md5_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'sha256':
            self.sha256_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'email':
            self.email_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'help':
            self.help()
        elif intelligence_type.strip() == 'plugins':
            self.plugins_info()
        else:
            print 'Unknown command.'

    def console(self):
        while 1:
            data_input = raw_input("> ")
            intelligence = data_input.split('=')
            if len(intelligence) == 2:
                intelligence_type = intelligence[0].strip()
                intelligence_data = intelligence[1].split(',')
                self.parse_intelligence_type(intelligence_type,
                                             intelligence_data)
            else:
                intelligence_type = intelligence[0].strip()
                self.parse_intelligence_type(intelligence_type, '')
Exemplo n.º 4
0
class OstricaConsole:

    def __init__(self):
        self.ostrica = OSTrICa()
        self.visualization = OstriViz()
        self.domains = []
        self.ips = []
        self.asn = []
        self.sha256 = []
        self.md5 = []
        self.email = []

        self.nodes = {}
        self.edges = {}
        self.rnd_fn = None
        self.rnd_report_fn = None
        self.original_intel = []

    def generate_ostrica_graph(self, graph_typology=''):
        if self.rnd_fn is None:
            self.rnd_fn = '%s.html' % (str(uuid.uuid4()))

        self.visualization.generate_graph(self.rnd_fn, self.nodes, self.edges, self.original_intel, graph_typology)

    def help(self):
        print 'Following options are available\n'
        print '\tdomain - used to collect domains information'
        print '\tExample: domain=google.com or domain=google.com,yahoo.com'
        print '\tip - used to collect IP information'
        print '\tExample: ip=8.8.8.8 or ip=8.8.8.8,173.194.68.99'
        print '\tmd5 - used to collect MD5 information'
        print '\tsha256 - used to collect SHA256 information'
        print '\tasn - used to collect ASN information'
        print '\temail - used to collect email information'
        print '\tgraph - generate a graph based on all the information collected'
        print '\tcola_graph - generate a graph based on all the information collected where nodes do not overlap (it might take a while to generate the graph if there are lots of nodes)'
        print '\tgclean - clear graph information'
        print '\tshow - show all information that will be collected'
        print '\trun - extract intelligece information'
        print '\thelp - this help'
        print '\tplugins - show available plugins'

    def clean_ostrica_graph(self):
        self.edges = {}
        self.edges = {}
        self.rnd_fn = None
        self.rnd_report_fn = None

    def run_ostrica(self):
        if self.rnd_report_fn == None:
            self.rnd_report_fn = str(uuid.uuid4())
        filename = os.path.join(os.getcwd(), 'report', self.rnd_report_fn)
        fh = open(filename, 'a')
        self.ostrica.intelligence_gathering()
        for intel in self.ostrica.intelligence:
            self.nodes, self.edges = self.ostrica.plugin_data_visualization(self.nodes, self.edges, intel)
            fh.write( json.dumps(intel, sort_keys=True, indent=4, separators=(',', ': ')) )

        print 'Output created in %s' % (filename)
        fh.close()

    def plugins_info(self):
        self.ostrica.plugins_info()

    def clear_ostrica_queue(self):
        self.ostrica.clear_intelligence_queue()

    def show_ostrica_queue_elements(self):
        for ostrica_queue in self.ostrica.extract_intelligence_queue_items():
            print ostrica_queue

    def domain_intelligence(self, domains):
        for domain in domains:
            self.original_intel.append(domain)
            self.ostrica.update_intelligence_queue({'extraction_type': cfg.intelligence_type['domain'], 'intelligence_information': domain})

    def ip_intelligence(self, ips):
        for ip in ips:
            self.original_intel.append(ip)
            self.ostrica.update_intelligence_queue({'extraction_type': cfg.intelligence_type['ip'], 'intelligence_information': ip})

    def asn_intelligence(self, asns):
        for asn in asns:
            self.original_intel.append(asn)
            self.ostrica.update_intelligence_queue({'extraction_type': cfg.intelligence_type['asn'], 'intelligence_information': asn})

    def email_intelligence(self, emails):
        for email in emails:
            self.original_intel.append(email)
            self.ostrica.update_intelligence_queue({'extraction_type': cfg.intelligence_type['email'], 'intelligence_information': email})

    def md5_intelligence(self, md5s):
        for md5 in md5s:
            self.original_intel.append(md5)
            self.ostrica.update_intelligence_queue({'extraction_type': cfg.intelligence_type['md5'], 'intelligence_information': md5})

    def sha256_intelligence(self, sha256s):
        for sha256 in sha256s:
            self.original_intel.append(sha256)
            self.ostrica.update_intelligence_queue({'extraction_type': cfg.intelligence_type['sha256'], 'intelligence_information': sha256})

    def parse_intelligence_type(self, intelligence_type, intelligence_data):
        if intelligence_type.strip() == 'run':
            self.run_ostrica()
            self.clear_ostrica_queue()
        elif (intelligence_type.strip() == 'quit' or
              intelligence_type.strip() == 'exit' or
              intelligence_type.strip() == 'q'):
            sys.exit(0)
        elif intelligence_type.strip() == 'clear':
            self.clear_ostrica_queue()
        elif intelligence_type.strip() == 'show':
            self.show_ostrica_queue_elements()
        elif intelligence_type.strip() == 'graph':
            self.generate_ostrica_graph()
        elif intelligence_type.strip() == 'cola_graph':
            self.generate_ostrica_graph('cola')
        elif intelligence_type.strip() == 'gclean':
            self.clean_ostrica_graph()
        elif intelligence_type.strip() == 'domain':
            self.domain_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'ip':
            self.ip_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'asn':
            self.asn_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'md5':
            self.md5_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'sha256':
            self.sha256_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'email':
            self.email_intelligence(intelligence_data)
        elif intelligence_type.strip() == 'help':
            self.help()
        elif intelligence_type.strip() == 'plugins':
            self.plugins_info()
        else:
            print 'Unknown command.'

    def console(self):
        while 1:
            data_input = raw_input("> ")
            intelligence = data_input.split('=')
            if len(intelligence) == 2:
                intelligence_type = intelligence[0].strip()
                intelligence_data = intelligence[1].split(',')
                self.parse_intelligence_type(intelligence_type, intelligence_data)
            else:
                intelligence_type = intelligence[0].strip()
                self.parse_intelligence_type(intelligence_type, '')