def gather_exploits():
sec_tracker = 'http://securitytracker.com/archives/summary/9000.html'
try:
reactor.status('info', 'exploits', 'retrieving exploits from securitytracker.com')
req = reactor.http_request(sec_tracker)
if req is not None:
for line in req.split('\n'):
if '<a href="/id/' in line:
name = line.split('">')[1].split("</a>")[0]
names.append(name)
def gather_data(source):
try:
reactor.status('info', 'known bad', 'retrieving hosts from %s' % source)
raw = reactor.http_request(source)
if raw is not None:
data = re.findall(ip_regex, raw)
if data == "":
data = re.findall(dom_regex, raw)
return data, source
except:
reactor.satus('warn', 'known bad', 'failed to retrieve hosts from %s' % source)
def gather_archive():
try:
posts = reactor.http_request(archive)
posts = regex.findall(posts)
for p in posts:
post_id, post_title = p[0], p[1]
if post_id not in queue:
reactor.status('info', 'pastebin', 'post id %s added to queue' % post_id)
queue.append(post_id)
reactor.status('info', 'pastebin', 'total posts added to queue: %d' % len(queue))
except:
reactor.status('warn', 'pastebin', 'failed to fetch pastebin archive')
def gather_data(source):
try:
reactor.status('info', 'known bad',
'retrieving hosts from %s' % source)
raw = reactor.http_request(source)
if raw is not None:
data = re.findall(ip_regex, raw)
if data == "":
data = re.findall(dom_regex, raw)
return data, source
except:
reactor.satus('warn', 'known bad',
'failed to retrieve hosts from %s' % source)
def gather_content(post_id):
try:
raw = reactor.http_request('http://pastebin.com/raw.php?i=%s' % post_id)
queue.remove(post_id)
if not 'Unknown Paste ID!' in raw and raw is not None:
reactor.status('info', 'pastebin', 'searching post id %s' % post_id)
if '\r\n' in raw:
lines = raw.split('\r\n')
for line in lines:
search_raw(line, post_id)
else:
search_raw(raw, post_id)
except:
reactor.status('warn', 'pastebin', 'failed to fetch post id %s' % post_id)
def gather_archive():
try:
posts = reactor.http_request(archive)
posts = regex.findall(posts)
for p in posts:
post_id, post_title = p[0], p[1]
if post_id not in queue:
reactor.status('info', 'pastebin',
'post id %s added to queue' % post_id)
queue.append(post_id)
reactor.status('info', 'pastebin',
'total posts added to queue: %d' % len(queue))
except:
reactor.status('warn', 'pastebin', 'failed to fetch pastebin archive')
def gather_content(post_id):
try:
raw = reactor.http_request('http://pastebin.com/raw.php?i=%s' %
post_id)
queue.remove(post_id)
if not 'Unknown Paste ID!' in raw and raw is not None:
reactor.status('info', 'pastebin',
'searching post id %s' % post_id)
if '\r\n' in raw:
lines = raw.split('\r\n')
for line in lines:
search_raw(line, post_id)
else:
search_raw(raw, post_id)
except:
reactor.status('warn', 'pastebin',
'failed to fetch post id %s' % post_id)
def gather_data():
try:
data = reactor.http_request('http://reputation.alienvault.com/reputation.snort')
if data is not None:
reactor.status('info', 'OTX', 'attempting to parse reputation data')
for line in data.split('\n'):
if not line.startswith('#') or not len(line) == 0:
try:
d = line.split('#')
addr, info = d[0], d[1]
cef = 'CEF:0|OSINT|ArcReactor|1.0|100|%s|1|src=%s msg=%s' % (info, addr, 'http://reputation.alienvault.com/reputation.snort')
reactor.status('info', 'OTX', 'sending CEF syslog for %s - %s' % (info, addr))
reactor.send_syslog(cef)
count += 1
except IndexError:
continue
reactor.status('info', 'OTX', 'sent %d total events' % count)
return True
except:
reactor.status('warn', 'OTX', 'failed to retrieve OTX database')
return False
