def gather_exploits(): sec_tracker = 'http://securitytracker.com/archives/summary/9000.html' try: reactor.status('info', 'exploits', 'retrieving exploits from securitytracker.com') req = reactor.http_request(sec_tracker) if req is not None: for line in req.split('\n'): if '<a href="/id/' in line: name = line.split('">')[1].split("</a>")[0] names.append(name)
def gather_data(source): try: reactor.status('info', 'known bad', 'retrieving hosts from %s' % source) raw = reactor.http_request(source) if raw is not None: data = re.findall(ip_regex, raw) if data == "": data = re.findall(dom_regex, raw) return data, source except: reactor.satus('warn', 'known bad', 'failed to retrieve hosts from %s' % source)
def gather_archive(): try: posts = reactor.http_request(archive) posts = regex.findall(posts) for p in posts: post_id, post_title = p[0], p[1] if post_id not in queue: reactor.status('info', 'pastebin', 'post id %s added to queue' % post_id) queue.append(post_id) reactor.status('info', 'pastebin', 'total posts added to queue: %d' % len(queue)) except: reactor.status('warn', 'pastebin', 'failed to fetch pastebin archive')
def gather_content(post_id): try: raw = reactor.http_request('http://pastebin.com/raw.php?i=%s' % post_id) queue.remove(post_id) if not 'Unknown Paste ID!' in raw and raw is not None: reactor.status('info', 'pastebin', 'searching post id %s' % post_id) if '\r\n' in raw: lines = raw.split('\r\n') for line in lines: search_raw(line, post_id) else: search_raw(raw, post_id) except: reactor.status('warn', 'pastebin', 'failed to fetch post id %s' % post_id)
def gather_data(): try: data = reactor.http_request('http://reputation.alienvault.com/reputation.snort') if data is not None: reactor.status('info', 'OTX', 'attempting to parse reputation data') for line in data.split('\n'): if not line.startswith('#') or not len(line) == 0: try: d = line.split('#') addr, info = d[0], d[1] cef = 'CEF:0|OSINT|ArcReactor|1.0|100|%s|1|src=%s msg=%s' % (info, addr, 'http://reputation.alienvault.com/reputation.snort') reactor.status('info', 'OTX', 'sending CEF syslog for %s - %s' % (info, addr)) reactor.send_syslog(cef) count += 1 except IndexError: continue reactor.status('info', 'OTX', 'sent %d total events' % count) return True except: reactor.status('warn', 'OTX', 'failed to retrieve OTX database') return False