def insert_selected_modules_network_event(ip, port, module_name, machine_name): """ insert selected modules event to honeypot_events collection Args: ip: connected ip port: connected port module_name: module name ran on the port machine_name: real machine name Returns: ObjectId(inserted_id) """ global honeypot_events_queue honeypot_events_queue.append({ "ip": ip, "port": int(port), "module_name": module_name, "date": now(), "machine_name": machine_name, "event_type": "honeypot_event", "country": str(IP2Location.get_country_short(ip).decode()) }) return
def insert_other_network_event(ip, port, machine_name): """ insert other network events (port scan, etc..) to network_events collection Args: ip: connected ip port: connected port machine_name: real machine name Returns: ObjectId(inserted_id) """ global network_events_queue network_events_queue.append({ "ip": ip, "port": int(port), "date": now(), "machine_name": machine_name, "country": str(IP2Location.get_country_short(ip).decode()) }) return
def on_any_event(self, event): if not (event.event_type == 'modified' and event.is_directory) \ and not is_excluded(event.src_path, self.EXCLUDES): insert_to_file_change_events_collection( FileEventsData(file_path=byte_to_str(event.src_path), status=byte_to_str(event.event_type), module_name=self.module_name, date=now(), is_directory=event.is_directory))
def info(content, log_in_file=None, mode=None, event=None, language=None, thread_tmp_filename=None): """ build the info message, log the message in database if requested, rewrite the thread temporary file Args: content: content of the message log_in_file: log filename name mode: write mode, [w, w+, wb, a, ab, ...] event: standard event in JSON structure language: the language thread_tmp_filename: thread temporary filename Returns: None """ if is_not_run_from_api(): # prevent to stdout if run from API if version() == 2: sys.stdout.write( color.color_cmd("yellow") + "[+] [{0}] ".format(now()) + color.color_cmd("green") + content.encode("utf8") + color.color_cmd("reset") + "\n") else: sys.stdout.buffer.write( bytes( color.color_cmd("yellow") + "[+] [{0}] ".format(now()) + color.color_cmd("green") + content + color.color_cmd("reset") + "\n", "utf8")) sys.stdout.flush() # TODO: implement log functionality later # if event: # if an event is present log it # from core.log import __log_into_file # __log_into_file(log_in_file, mode, json.dumps(event), language) # # if thread temporary filename present, rewrite it # if thread_tmp_filename: # __log_into_file(thread_tmp_filename, "w", "0", language) return
def error(content): """ build the error message Args: content: content of the message Returns: the message in error structure - None """ if is_not_run_from_api(): if version() is 2: sys.stdout.write( color.color("red") + "[X] [{0}] ".format(now()) + color.color("yellow") + content.encode("utf8") + color.color("reset") + "\n") else: sys.stdout.buffer.write( (color.color("red") + "[X] [{0}] ".format(now()) + color.color("yellow") + content + color.color("reset") + "\n").encode("utf8")) sys.stdout.flush() return
def warn(content): """ build the warn message Args: content: content of the message Returns: the message in warn structure - None """ if is_not_run_from_api(): if version() == 2: sys.stdout.write( color.color_cmd("blue") + "[!] [{0}] ".format(now()) + color.color_cmd("yellow") + content.encode("utf8") + color.color_cmd("reset") + "\n") else: sys.stdout.buffer.write( bytes( color.color_cmd("blue") + "[!] [{0}] ".format(now()) + color.color_cmd("yellow") + content + color.color_cmd("reset") + "\n", "utf8")) sys.stdout.flush() return
def insert_selected_modules_network_event(ip_dest, port_dest, ip_src, port_src, module_name, machine_name): """ insert selected modules event to honeypot_events collection Args: ip_dest: dest ip (machine) port_dest: dest port (machine) ip_src: src ip port_src: src port module_name: module name ran on the port machine_name: real machine name Returns: ObjectId(inserted_id) """ if is_verbose_mode(): verbose_info( "Received honeypot event, ip_dest:{0}, port_dest:{1}, " "ip_src:{2}, port_src:{3}, module_name:{4}, machine_name:{5}". format(ip_dest, port_dest, ip_src, port_src, module_name, machine_name)) global honeypot_events_queue honeypot_events_queue.append({ "ip_dest": byte_to_str(ip_dest), "port_dest": int(port_dest), "ip_src": byte_to_str(ip_src), "port_src": int(port_src), "module_name": module_name, "date": now(), "machine_name": machine_name, "event_type": "honeypot_event", "country_ip_src": byte_to_str(IP2Location.get_country_short(byte_to_str(ip_src))), "country_ip_dest": byte_to_str(IP2Location.get_country_short(byte_to_str(ip_dest))) }) return
def error(content): """ build the error message Args: content: content of the message Returns: the message in error structure - None """ logger.error(content) sys.stdout.buffer.write( (color.color_cmd("red") + "[X] [{0}] ".format(now()) + color.color_cmd("yellow") + content + color.color_cmd("reset") + "\n").encode("utf8")) sys.stdout.flush() return
def info(content): """ build the info message, log the message in database if requested, rewrite the thread temporary file Args: content: content of the message Returns: None """ sys.stdout.buffer.write( bytes( color.color_cmd("yellow") + "[+] [{0}] ".format(now()) + color.color_cmd("green") + content + color.color_cmd("reset") + "\n", "utf8")) sys.stdout.flush() return
def warn(content): """ build the warn message Args: content: content of the message Returns: the message in warn structure - None """ logger.warning(content) sys.stdout.buffer.write( bytes( color.color_cmd("blue") + "[!] [{0}] ".format(now()) + color.color_cmd("yellow") + content + color.color_cmd("reset") + "\n", "utf8")) sys.stdout.flush() return
def verbose_info(content): """ build the info message, log the message in database if requested, rewrite the thread temporary file Args: content: content of the message Returns: None """ if is_verbose_mode(): logger.info(content) sys.stdout.buffer.write( bytes( color.color_cmd("cyan") + "[v] [{0}] ".format(now()) + color.color_cmd("grey") + content + color.color_cmd("reset") + "\n", "utf8")) sys.stdout.flush() return
def insert_other_network_event(ip_dest, port_dest, ip_src, port_src, machine_name): """ insert other network events (port scan, etc..) to network_events collection Args: ip_dest: dest ip (machine) port_dest: dest port (machine) ip_src: src ip port_src: src port machine_name: real machine name Returns: ObjectId(inserted_id) """ if is_verbose_mode(): verbose_info("Received network event, ip_dest:{0}, port_dest:{1}, " "ip_src:{2}, port_src:{3}, machine_name:{4}".format( ip_dest, port_dest, ip_src, port_src, machine_name)) global network_events_queue network_events_queue.append({ "ip_dest": byte_to_str(ip_dest), "port_dest": int(port_dest), "ip_src": byte_to_str(ip_src), "port_src": int(port_src), "date": now(), "machine_name": machine_name, "country_ip_src": byte_to_str(IP2Location.get_country_short(byte_to_str(ip_src))), "country_ip_dest": byte_to_str(IP2Location.get_country_short(byte_to_str(ip_dest))) }) return