def reap(source, username, password):
print "Reaping " + username + " " + password
now = datetime.datetime.now()
date = now.strftime("%d-%m-%Y %H:%M")
# Publishing credentials to redis
print "Publishing credentials to redis"
c = {}
c['date'] = int(time.time()) * 1000
c['username'] = username
c['password'] = password
c['source'] = source
c['DestIP'] = ''
try:
c['DestIP'] = str(socket.gethostbyname(source))
except:
pass
try:
RedisClient.getInstance().publish("new:credentials", json.dumps(c))
except:
print "Publishing failed"
pass
logcred = credentials(source = source, username = username, password = password, date = date)
logcred.save()
def reap(source, username, password):
now = datetime.datetime.now()
date = now.strftime("%d-%m-%Y %H:%M")
logcred = credentials(source=source,
username=username,
password=password,
date=date)
logcred.save()
def getFtpCredentials(pkt):
global last_ftp_login, last_ftp_pw, log
src = pkt.sprintf("%IP.src%")
dst = pkt.sprintf("%IP.dst%")
sport = pkt.sprintf("%IP.sport%")
dport = pkt.sprintf("%IP.dport%")
raw = pkt.sprintf("%Raw.load%")
if dport == '21':
raw = raw[0:-5]
# From client
user = re.findall("(?i)USER (.*)", raw)
if user:
last_ftp_login = user[0]
pw = re.findall("(?i)PASS (.*)", raw)
if pw:
last_ftp_pw = pw[0]
if sport == '21':
raw = raw[1:-5]
# From server
reason = ''
if last_ftp_login and last_ftp_pw:
success = re.findall(r'^230', raw)
if success:
status = login_success
else:
failed = re.findall(r'^530 (.*)', raw)
if failed:
reason = ' (' + failed[0] + ')'
status = login_failed
if success:
msg = 'FTP: Login ' + dst + ' -> ' + src + ': ' + status + ': '
msg = msg + last_ftp_login + ': ' + last_ftp_pw + reason
log.info(msg)
now = datetime.datetime.now()
date = now.strftime("%d-%m-%Y %H:%M")
addsrc = "FTP: "
logcred = credentials(source=addsrc + src,
username=last_ftp_login,
password=last_ftp_pw,
date=date)
logcred.save()
last_ftp_login = ''
last_ftp_pw = ''
def getFtpCredentials(pkt):
global last_ftp_login, last_ftp_pw, log
src=pkt.sprintf("%IP.src%")
dst=pkt.sprintf("%IP.dst%")
sport=pkt.sprintf("%IP.sport%")
dport=pkt.sprintf("%IP.dport%")
raw=pkt.sprintf("%Raw.load%")
if dport=='21':
raw=raw[0:-5]
# From client
user=re.findall("(?i)USER (.*)",raw)
if user:
last_ftp_login=user[0]
pw=re.findall("(?i)PASS (.*)",raw)
if pw:
last_ftp_pw=pw[0]
if sport=='21':
raw=raw[1:-5]
# From server
reason=''
if last_ftp_login and last_ftp_pw:
success=re.findall(r'^230',raw)
if success:
status=login_success
else:
failed=re.findall(r'^530 (.*)',raw)
if failed:
reason=' ('+failed[0]+')'
status=login_failed
if success:
msg='FTP: Login '+dst+' -> '+src+': '+status+': '
msg=msg+last_ftp_login+': '+last_ftp_pw+reason
log.info(msg)
now = datetime.datetime.now()
date = now.strftime("%d-%m-%Y %H:%M")
addsrc = "FTP: "
logcred = credentials(source = addsrc + src, username = last_ftp_login, password = last_ftp_pw, date = date)
logcred.save()
last_ftp_login=''
last_ftp_pw=''
def reap(source, username, password):
now = datetime.datetime.now()
date = now.strftime("%d-%m-%Y %H:%M")
logcred = credentials(source = source, username = username, password = password, date = date)
logcred.save()