Exemplo n.º 1
0
def main():
    """main function for standalone usage"""
    usage = "usage: %prog [options] dir"
    parser = OptionParser(usage=usage)
    parser.add_option("-g", "--games", dest="games", default="none",
            help="Games to analyze (comma separated list of: none,dns,dns5)")
    parser.add_option("-w", "--whitelist", dest="whitelist", default=False,
            action='store_true', help="Use whitelist")
    parser.add_option("-p", "--whitelistpath", default="gza/top1000.csv",
            help="Whitelist Alexa CSV to use [default: %default]")
    parser.add_option("-i", "--ipwhitelistpath", default="gza/generic-dnswl",
            help="IP whitelist to use [default: %default]")
    parser.add_option('-a', '--all-ips', dest='allips', default=False,
                      action='store_true',
                      help='Pull unused IPs from A records [default: %default]')

    (options, args) = parser.parse_args()

    if len(args) != 1:
        parser.print_help()
        return 2

    options.dir = args[0]
    if options.whitelist:
        whitelist.makewhitelist(options.whitelistpath)
        whitelist.makeipwhitelist(options.ipwhitelistpath)

    # Print header
    games = options.games.split(',')
    headers = []
    for g in games:
        headers.append(g + 'ipcount')
        headers.append(g + 'ips')
        headers.append(g + 'domaincount')
        headers.append(g + 'domains')

    print('md5\t' + '\t'.join(headers))

    try:
        p = Pool(cpu_count())
        pcaps = glob.glob(os.path.join(args[0], '*.pcap'))
        # Only send the MD5s
        r = re.compile('([0-9a-fA-F]{32})\.exe')
        md5s = wu.unique([re.search(r, x).group(1) for x in pcaps])
        res_it = p.imap_unordered(run, izip(md5s, repeat(options)), 100)
        for res in res_it:
            print(res)
    except KeyboardInterrupt as e:
        sys.stderr.write('User termination!\n')
        p.terminate()
Exemplo n.º 2
0
    def __init__(self, vmnum, opts):
        self.gamestate = defaultdict(int)
        self.vmnum = vmnum
        self.iface = 'tap%d' % vmnum
        self.opts = opts
        self.mac = 'ca:fe:de:ad:be:ef'
        signal.signal(signal.SIGUSR1, self.reset) # So we can reset gamestate
        if self.opts.whitelist:
            whitelist.makewhitelist(self.opts.whitelistpath)
            self.whitelisted = whitelist.whitelisted
            whitelist.makeipwhitelist(self.opts.ipwhitelistpath)
            self.whitelistedip = whitelist.whitelistedip

        # Set the game (only used in subclass games)
        if self.opts.taken > 0:
            self.game = 'taken'
        elif self.opts.dropn > 0:
            self.game = 'dropn'
        elif self.opts.dropall:
            self.game = 'dropall'