def index(): ''' If method == GET , returns HTML Page If method == POST, returns data for protocl piechart ''' if request.method != "POST": return render_template("index.html", status=Vault.get_saving()) global COMMON_PROTOCOLS protocol_dict = {} for header in Vault.get_session_headers(): if 'TCP' in header or 'UDP' in header: header_list = header[4:].replace('_', '-').split('-') if header_list[1] in COMMON_PROTOCOLS or header_list[ 3] in COMMON_PROTOCOLS: try: prot = COMMON_PROTOCOLS[header_list[1]] except Exception: prot = COMMON_PROTOCOLS[header_list[3]] protocol_dict[prot] = protocol_dict[ prot] + 1 if prot in protocol_dict else 1 else: protocol_dict["Other"] = protocol_dict[ "Other"] + 1 if "Other" in protocol_dict else 1 else: protocol_dict["Other"] = protocol_dict[ "Other"] + 1 if "Other" in protocol_dict else 1 return jsonify(protocol_dict)
def view_arp(): '''returns arp page''' arp_sessions = [ session for session in Vault.get_session_headers() if 'ARP' in session ] return render_template("viewarp.html", arp_sessions=arp_sessions, status=Vault.get_saving())
def get_data(): ''' repeatedly send updated packet count data to socket''' while not thread_stop_event.isSet(): socketio.emit("data", { "total_packets": Vault.get_total_packet_count(), "total_streams": len(Vault.get_session_headers()), "total_flagged": len(Vault.get_flagged()) }, namespace="/socket") socketio.sleep(0.01)
def get_formatted_header(prot_type): '''Receives either TCP or UDP to return actual header ''' global COMMON_PROTOCOLS sessions = {} for session_header in Vault.get_session_headers(): if prot_type in session_header: header_list = session_header[4:].replace('_', '-').split('-') for i in range(1, 4, 2): if header_list[i] in COMMON_PROTOCOLS: formatted_header = COMMON_PROTOCOLS[header_list[i]] +\ " " + " ".join(header_list) sessions[formatted_header] = session_header break if i == 3: sessions[session_header] = session_header return sessions
def bulk_manager(event): """ Manages session_yara() and threat() """ while not Thread.get_interrupt(): temp_plist = Vault.get_threading_plist() logger.info(f"{len(temp_plist)} packets processed [{Thread.name()}]") stream_dict = find_streams(temp_plist) Vault.add_session(stream_dict) session_yara(stream_dict) threat(temp_plist) all_sessions = Vault.get_session_headers() logger.info(f"{len(all_sessions)} total sessions [{Thread.name()}]") event.wait(timeout=BULK_MANAGER_INTERVAL) logger.info(f"Terminated [{Thread.name()}]")