'-a', metavar='action', help='Action to take when triggered (accept/block/drop)') parser.add_argument('-d', metavar='database', help='Database to be modified') parser.add_argument('-I', action='store_true', help='Case Insensitive') parser.add_argument('-B', action='store_true', help='Binary Blob (enter in hex)') parser.add_argument('-N', action='store_true', help='Notify - Alert the user right away') args = parser.parse_args() db = args.d if args.d else conf.getDB() if args.L: for x in conf.getTables(): print("=" * 80 + "\n%s\n" % (x) + "=" * 80) for y in selectAllFrom(db, x): sys.stdout.write("| ") for z in sorted(y.keys()): sys.stdout.write("%s: %s | " % (z, y[z])) print("") elif args.A: if args.t: # if args.B (Binary), get the clean hex version token = args.t if not args.B else is_hex(args.t) action = args.a.lower() if args.a else conf.getDefaultAction() alert = True if args.N else False
import os import sys runpath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runpath, '..')) import binascii import re from netfilterqueue import NetfilterQueue from DatabaseLayer import selectAllFrom from lib.Configuration import Configuration as conf HoneyTokens = [] db = conf.getDB() def readData(): try: global HoneyTokens HoneyTokens = selectAllFrom(db, "HoneyTokens") print("imported %s honeytokens" % len(HoneyTokens)) except Exception as e: print("An error occured: %s" % e) def checkTraffic(pkt): try: for x in HoneyTokens: check = re.compile( x["token"], re.IGNORECASE) if x['caseinsensitive'] else re.compile( x["token"])
import os import sys runpath=os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runpath, '..')) import binascii import re from netfilterqueue import NetfilterQueue from DatabaseLayer import selectAllFrom from lib.Configuration import Configuration as conf HoneyTokens=[] db=conf.getDB() def readData(): try: global HoneyTokens HoneyTokens=selectAllFrom(db, "HoneyTokens") print("imported %s honeytokens"%len(HoneyTokens)) except Exception as e: print("An error occured: %s"%e) def checkTraffic(pkt): try: for x in HoneyTokens: check = re.compile(x["token"], re.IGNORECASE) if x['caseinsensitive'] else re.compile(x["token"]) if(check.search(pkt.get_payload())): if x["action"].lower() == "drop": print("Packet dropped!") pkt.drop() return
if __name__=='__main__': description='''Management script''' parser = argparse.ArgumentParser(description=description) parser.add_argument('-L', action='store_true', help='List') parser.add_argument('-A', action='store_true', help='Add') parser.add_argument('-t', metavar='token', help='Token to add or remove') parser.add_argument('-a', metavar='action', help='Action to take when triggered (accept/block/drop)') parser.add_argument('-d', metavar='database', help='Database to be modified') parser.add_argument('-I', action='store_true', help='Case Insensitive') parser.add_argument('-B', action='store_true', help='Binary Blob (enter in hex)') parser.add_argument('-N', action='store_true', help='Notify - Alert the user right away') args = parser.parse_args() db=args.d if args.d else conf.getDB() if args.L: for x in conf.getTables(): print("="*80 + "\n%s\n"%(x) + "="*80) for y in selectAllFrom(db, x): sys.stdout.write("| ") for z in sorted(y.keys()): sys.stdout.write("%s: %s | "%(z, y[z])) print("") elif args.A: if args.t: # if args.B (Binary), get the clean hex version token=args.t if not args.B else is_hex(args.t) action=args.a.lower() if args.a else conf.getDefaultAction() alert=True if args.N else False