def insert_to_credential_events_collection(credential_event: CredentialEvent):
"""
insert credentials from honeypot events which are obtained
from the module processor to credential_event collection
Args:
credential_event: Object of CredentialEvent Class with honeypot
event credentials
Returns:
inserted_id
"""
credential_event.country = byte_to_str(
IP2Location.get_country_short(
credential_event.ip
)
)
credential_event.machine_name = network_config["real_machine_identifier_name"]
if is_verbose_mode():
verbose_info(
"Received honeypot credential event, ip_dest:{0}, username:{1}, "
"password:{2}, module_name:{3}, machine_name:{4}".format(
credential_event.ip,
credential_event.username,
credential_event.password,
credential_event.module_name,
credential_event.machine_name
)
)
return credential_events.insert_one(credential_event.__dict__).inserted_id
def processor(self):
"""
processor function will be called as a new thread and will be
die when kill_flag is True
"""
while not self.kill_flag:
if os.path.exists(LOGFILE) and os.path.getsize(LOGFILE) > 0:
# os.rename(self.log_filename, self.log_filename_dump)
data_dump = open(LOGFILE).readlines()
open(LOGFILE, 'w').write('')
# data_dump = open(self.log_filename_dump).readlines()
for data in data_dump:
data_json = json.loads(data)
ip = data_json["ip"]
time_of_insertion = data_json["time"]
if data_json["authorization"] != "-":
authorization = \
data_json["authorization"].split(' ')[1]
# binascii is returning bytes
authorization = binascii.a2b_base64(authorization).decode('utf-8')
username = authorization.split(":")[0]
password = "******".join(authorization.split(":")[1:])
insert_to_credential_events_collection(
CredentialEvent(
ip_src=ip,
username=username,
password=password,
module_name="http/basic_auth_strong_password",
date=time_of_insertion
)
)
time.sleep(0.1)
def test_insert_to_credential_events(self):
"""
Test the data insertion to the credential_events collection
"""
credential_event = CredentialEvent(
ip="88.99.11.22",
username="******",
password="******",
module_name="http/basic_auth_weak_password",
date=datetime.now().strftime("%Y-%m-%d %H:%M:%S")
)
insert_to_credential_events_collection(credential_event)
# Find the record in the DB
credential_record = credential_events.find_one(
credential_event.__dict__
)
# Compare the record found in the DB with the one pushed
self.assertEqual(
credential_record["ip"],
credential_event.ip
)
self.assertEqual(
credential_record["username"],
credential_event.username
)
self.assertEqual(
credential_record["password"],
credential_event.password
)
def insert_to_credential_events_collection(credential_event: CredentialEvent):
"""
insert credentials from honeypot events which are obtained
from the module processor to credential_event collection
Args:
credential_event: Object of CredentialEvent Class with honeypot
event credentials
Returns:
inserted_id
"""
credential_event.country_ip_src = byte_to_str(
IP2Location.get_country_short(credential_event.ip_src))
credential_event.machine_name = network_config[
"real_machine_identifier_name"]
verbose_info(messages["received_honeypot_credential_event"].format(
credential_event.ip_src, credential_event.username,
credential_event.password, credential_event.module_name,
credential_event.machine_name))
return elasticsearch_events.index(index='credential_events',
body=credential_event.__dict__)
def test_insert_to_credential_events(self):
"""
Test the data insertion to the credential_events collection
"""
credential_event = CredentialEvent(
ip_src="88.99.11.22",
username="******",
password="******",
module_name="http/basic_auth_weak_password",
date=datetime.now().strftime("%Y-%m-%d %H:%M:%S")
)
insert_to_credential_events_collection(credential_event)
# wait for insert
time.sleep(1)
# Find the records in the DB
credential_events = connector.elasticsearch_events.search(
index='credential_events',
body=filter_by_fields('88.99.11.22', ['ip_src'])
)['hits']['hits']
credential_record = credential_events[0]['_source']
self.assertGreater(len(credential_events), 0)
# Compare the record found in the DB with the one pushed
self.assertEqual(
credential_record["ip_src"],
credential_event.ip_src
)
self.assertEqual(
credential_record["username"],
credential_event.username
)
self.assertEqual(
credential_record["password"],
credential_event.password
)
# Delete test events from the database
connector.elasticsearch_events.delete(
index='credential_events',
id=credential_events[0]["_id"]
)
def processor(self):
"""
processor function will be called as a new thread and will be
die when kill_flag is True
"""
if os.path.exists(LOGFILE):
os.remove(LOGFILE) # remove if exist from past
while not self.kill_flag:
if os.path.exists(LOGFILE):
os.rename(LOGFILE, LOGFILE_DUMP)
data_dump = open(LOGFILE_DUMP).readlines()
for data in data_dump:
data = json.loads(data)
insert_to_credential_events_collection(
CredentialEvent(ip_src=data['ip'],
username=data['username'],
password=data['password'],
module_name=data['module_name'],
date=data['date']))
os.remove(LOGFILE_DUMP)
time.sleep(0.1)