def dotransform(request, response): # Build the request page = build(request.value) # Search the page to extract all IP addresses present try: for element in page.findAll(text=re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")): response += IPv4Address(element) except: pass return response
def dotransform(request, response): page = build(request.value) try: single = page.find( text='The following Host Name was requested from a host database:' ).findNext() except: single = None pass try: single = page.find( text='The following Host Names were requested from a host database:' ).findNext() except: single = None pass try: single2 = page.find( text='The following Internet Connection was established:' ).findNext() except: single2 = None pass try: multi = page.find( text='The following Internet Connections were established:' ).findNext('table') except: multi = None pass if single is not None: for dom in single.findAll("li"): text = dom.text response += Domain(text) if single2 is not None: dom = single2.findNext('tr').findNext('tr').findNext('td') text = dom.text response += Domain(text) if multi is not None: for entry in multi.findAll('tr')[1::]: dom = entry.findNext('td') text = dom.text response += Domain(text) return response
def dotransform(request, response): # Build the request page = build(request.value) # Search the page to extract all IP addresses present try: for element in page.findAll(text=re.compile( "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" )): response += IPv4Address(element) except: pass return response
def dotransform(request, response): page = build(request.value) try: dfiles = page.find(text=' from the user:'******'table') except: pass if dfiles is not None: for file in dfiles.findAll("td", {"class" : "cell_1"}): text = file.text.splitlines() for entry in text: response += MaliciousProcess(entry) return response
def dotransform(request, response): page = build(request.value) try: dfiles = page.find(text=' from the user:'******'table') except: dfiles = None pass if dfiles is not None: for file in dfiles.findAll("td", {"class": "cell_1"}): text = file.text.splitlines() for entry in text: response += MaliciousProcess(entry) return response
def dotransform(request, response): page = build(request.value) try: single = page.find(text='The following Host Name was requested from a host database:').findNext() except: single = None pass try: single = page.find(text='The following Host Names were requested from a host database:').findNext() except: single = None pass try: single2 = page.find(text='The following Internet Connection was established:').findNext() except: single2 = None pass try: multi = page.find(text='The following Internet Connections were established:').findNext('table') except: multi = None pass if single is not None: for dom in single.findAll("li"): text = dom.text response += Domain(text) if single2 is not None: dom = single2.findNext('tr').findNext('tr').findNext('td') text = dom.text response += Domain(text) if multi is not None: for entry in multi.findAll('tr')[1::]: dom = entry.findNext('td') text = dom.text response += Domain(text) return response
def dotransform(request, response): #Build the request page = build(request.value) try: try: # Searching for the string that indicates a single mutex was created single = page.find( text= 'To mark the presence in the system, the following Mutex object was created:' ).findNext('ul').li.text except: single = None try: # Searching for the string that indicates multiple mutexes were created multiple = page.find( text= 'To mark the presence in the system, the following Mutex objects were created:' ).findNext('ul') except: multiple = None # If a single mutex was found if single is not None: response += Phrase(single) # Account for the instance in which a dropped file may have had additional mutexes if multiple is not None: for mutex in multiple.findAll('li'): current = mutex.text response += Phrase(current) # If multiple mutexes were found elif multiple is not None: for mutex in multiple.findAll('li'): current = mutex.text response += Phrase(current) return response else: pass except: pass return response
def dotransform(request, response): # Build the request page = build(request.value) try: try: # Searching for the string that indicates a single mutex was created single = ( page.find(text="To mark the presence in the system, the following Mutex object was created:") .findNext("ul") .li.text ) except: single = None try: # Searching for the string that indicates multiple mutexes were created multiple = page.find( text="To mark the presence in the system, the following Mutex objects were created:" ).findNext("ul") except: multiple = None # If a single mutex was found if single is not None: response += Phrase(single) # Account for the instance in which a dropped file may have had additional mutexes if multiple is not None: for mutex in multiple.findAll("li"): current = mutex.text response += Phrase(current) # If multiple mutexes were found elif multiple is not None: for mutex in multiple.findAll("li"): current = mutex.text response += Phrase(current) return response else: pass except: pass return response
def dotransform(request, response): #Build the request page = build(request.value) #Locate the dropped files section of the report dfiles = None try: dfiles = page.find(text='The following files were created in the system:').findNext('table') except: pass if dfiles is not None: #Find the appropriate cell and extract the MD5 hash for file in dfiles.findAll("td", {"class" : "cell_1"}): text = file.text.splitlines() for entry in text: if re.search('MD5:', entry): response += Hash(entry[7:39]) else: print "No Dropped Files" return response
def dotransform(request, response): #Build the request page = build(request.value) #Locate the dropped files section of the report try: dfiles = page.find(text='The following files were created in the system:').findNext('table') except: dfiles = None pass if dfiles is not None: #Find the appropriate cell and extract the MD5 hash for file in dfiles.findAll("td", {"class" : "cell_1"}): text = file.text.splitlines() for entry in text: if re.search('MD5:', entry): response += Hash(entry[7:39]) else: return response return response
def dotransform(request, response): #Build the request page = build(request.value) #Locate the URL files section of the report try: urls = page.find( text= 'The data identified by the following URLs was then requested from the remote web server:' ).findNext('ul') except: urls = None pass try: url = page.find( text= 'The data identified by the following URL was then requested from the remote web server:' ).findNext('ul') except: url = None if urls is not None: #Find the appropriate cell and extract the MD5 hash for file in urls.findAll("li"): text = file.text e = URL(text) e.url = text response += e elif url is not None: for file in url.findAll("li"): text = file.text e = URL(text) e.url = text response += e else: return response return response
def dotransform(request, response): # Build the request page = build(request.value) # Locate the URL files section of the report try: urls = page.find( text="The data identified by the following URLs was then requested from the remote web server:" ).findNext("ul") except: urls = None pass try: url = page.find( text="The data identified by the following URL was then requested from the remote web server:" ).findNext("ul") except: url = None if urls is not None: # Find the appropriate cell and extract the MD5 hash for file in urls.findAll("li"): text = file.text e = URL(text) e.url = text response += e elif url is not None: for file in url.findAll("li"): text = file.text e = URL(text) e.url = text response += e else: return response return response