Skip to content

Commit

Permalink
remove feed.name again. Partially fixes #733
Browse files Browse the repository at this point in the history 
adapt tests

add intial test case for xdmcp. Still broken

add tests to xdmcp
  • Loading branch information
@aaronkaplan @sebix
aaronkaplan authored and sebix committed Oct 18, 2016
1 parent eac837b commit 56d18d3
Show file tree
Hide file tree
Showing 9 changed files with 274 additions and 137 deletions.
50 changes: 2 additions & 48 deletions intelmq/bots/parsers/shadowserver/config.py
View file
Expand Up @@ -166,8 +166,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'protocol.application': 'mdns',
'feed.code': 'shadowserver-openmdns',
'feed.name': 'shadowserver',
'classification.identifier': 'openmdns',
},
}
Expand Down Expand Up @@ -197,8 +195,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openchargen',
'feed.code': 'shadowserver-openchargen',
'feed.name': 'shadowserver',
'protocol.application': 'chargen',
},
}
Expand Down Expand Up @@ -231,8 +227,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'opentftp',
'feed.code': 'shadowserver-opentftp',
'feed.name': 'shadowserver',
'protocol.application': 'tftp',
},
}
Expand Down Expand Up @@ -274,8 +268,6 @@ def validate_ip(value):
'classification.type': 'botnet drone',
'classification.taxonomy': 'Malicious Code',
'classification.identifier': 'botnet',
'feed.code': 'shadowserver-sinkhole-http-drone',
'feed.name': 'shadowserver',
},
}

Expand Down Expand Up @@ -316,8 +308,6 @@ def validate_ip(value):
'protocol.application': 'http',
'classification.taxonomy': 'Malicious Code',
'classification.identifier': 'botnet',
'feed.code': 'shadowserver-microsoft-sinkhole',
'feed.name': 'shadowserver',
},
}

Expand Down Expand Up @@ -358,8 +348,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openredis',
'feed.code': 'shadowserver-openredis',
'feed.name': 'shadowserver',
'protocol.application': 'redis',
},
}
Expand Down Expand Up @@ -391,8 +379,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openportmapper',
'feed.code': 'shadowserver-openportmapper',
'feed.name': 'shadowserver',
'protocol.application': 'portmapper',
},
}
Expand Down Expand Up @@ -437,8 +423,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openipmi',
'feed.code': 'shadowserver-openipmi',
'feed.name': 'shadowserver',
'protocol.application': 'ipmi',
'protocol.transport': 'udp',
},
Expand Down Expand Up @@ -470,8 +454,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openqotd',
'feed.code': 'shadowserver-openqotd',
'feed.name': 'shadowserver',
'protocol.application': 'qotd',
},
}
Expand Down Expand Up @@ -511,8 +493,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openssdp',
'feed.code': 'shadowserver-openssdp',
'feed.name': 'shadowserver',
'protocol.application': 'ssdp',
},
}
Expand Down Expand Up @@ -544,8 +524,6 @@ def validate_ip(value):
'classification.taxonomy': 'Vulnerable',
'protocol.application': 'snmp',
'classification.identifier': 'opensnmp',
'feed.code': 'shadowserver-opensnmp',
'feed.name': 'shadowserver',
},
}

Expand Down Expand Up @@ -579,8 +557,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openmssql',
'feed.code': 'shadowserver-openmssql',
'feed.name': 'shadowserver',
'protocol.application': 'mssql',
},
}
Expand Down Expand Up @@ -619,8 +595,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openmongodb',
'feed.code': 'shadowserver-openmongodb',
'feed.name': 'shadowserver',
'protocol.application': 'mongodb',
},
}
Expand Down Expand Up @@ -650,8 +624,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'opennetbios',
'feed.code': 'shadowserver-opennetbios',
'feed.name': 'shadowserver',
'protocol.application': 'netbios',
},
}
Expand Down Expand Up @@ -690,8 +662,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openelasticsearch',
'feed.code': 'shadowserver-openelasticsearch',
'feed.name': 'shadowserver',
'protocol.application': 'elasticsearch',
},
}
Expand Down Expand Up @@ -720,8 +690,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'opendns',
'feed.code': 'shadowserver-opendns',
'feed.name': 'shadowserver',
'protocol.application': 'dns',
},
}
Expand All @@ -745,8 +713,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openntp',
'feed.code': 'shadowserver-openntp',
'feed.name': 'shadowserver',
'protocol.application': 'ntp',
},
}
Expand All @@ -769,8 +735,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'SSL-FREAK',
'feed.code': 'shadowserver-ssl-freak-scan',
'feed.name': 'shadowserver',
'protocol.application': 'https',
},
}
Expand All @@ -794,8 +758,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'SSL-Poodle',
'feed.code': 'shadowserver-ssl-scan',
'feed.name': 'shadowserver',
'protocol.application': 'https',
},
}
Expand All @@ -819,8 +781,6 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'classification.identifier': 'openmemcached',
'feed.code': 'shadowserver-openmemcached',
'feed.name': 'shadowserver',
'protocol.application': 'memcached',
},
}
Expand Down Expand Up @@ -859,8 +819,6 @@ def validate_ip(value):
'classification.type': 'botnet drone',
'classification.taxonomy': 'Malicious Code',
'classification.identifier': 'botnet',
'feed.code': 'shadowserver-botnet-drone-hadoop',
'feed.name': 'shadowserver',
},
}

Expand Down Expand Up @@ -889,9 +847,7 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'protocol.application': 'xdmcp',
'feed.code': 'shadowserver-openxdmcp',
'feed.name': 'shadowserver',
'feed.url': 'https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-XDMCP',
# 'feed.url': 'https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-XDMCP',
'classification.identifier': 'openxdmcp',
},
}
Expand Down Expand Up @@ -922,9 +878,7 @@ def validate_ip(value):
'classification.type': 'vulnerable service',
'classification.taxonomy': 'Vulnerable',
'protocol.application': 'nat-pmp',
'feed.code': 'shadowserver-opennatpmp',
'feed.name': 'shadowserver',
'feed.url': 'https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-NATPMP',
# 'feed.url': 'https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-NATPMP',
'classification.identifier': 'opennatpmp',
},
}
18 changes: 6 additions & 12 deletions intelmq/tests/bots/parsers/shadowserver/test_chargen.py
View file
Expand Up @@ -30,13 +30,12 @@
"time.observation": "2015-01-01T00:00:00+00:00",
}
EVENTS = [{'__type': 'Event',
'feed.name': 'ShadowServer Chargen',
'classification.type': 'vulnerable service',
'classification.identifier': 'openchargen',
'classification.taxonomy': 'Vulnerable',
'extra': '{"naics": 123456, "response_size": 116, "sic": 654321, '
'"tag": "chargen"}',
'feed.code': 'shadowserver-openchargen',
'feed.name': 'shadowserver',
'protocol.application': 'chargen',
'protocol.transport': 'udp',
'raw': utils.base64_encode('\n'.join([RECONSTRUCTED_LINES[0],
Expand All @@ -50,12 +49,11 @@
'time.observation': '2015-01-01T00:00:00+00:00',
'time.source': '2014-03-16T04:15:19+00:00'},
{'__type': 'Event',
'feed.name': 'ShadowServer Chargen',
'classification.type': 'vulnerable service',
'classification.identifier': 'openchargen',
'classification.taxonomy': 'Vulnerable',
'extra': '{"response_size": 116, "tag": "chargen"}',
'feed.code': 'shadowserver-openchargen',
'feed.name': 'shadowserver',
'protocol.application': 'chargen',
'protocol.transport': 'udp',
'raw': utils.base64_encode(
Expand All @@ -72,12 +70,11 @@
'time.observation': '2015-01-01T00:00:00+00:00',
'time.source': '2014-03-16T04:15:19+00:00'},
{'__type': 'Event',
'feed.name': 'ShadowServer Chargen',
'classification.type': 'vulnerable service',
'classification.identifier': 'openchargen',
'classification.taxonomy': 'Vulnerable',
'extra': '{"response_size": 116, "tag": "chargen"}',
'feed.code': 'shadowserver-openchargen',
'feed.name': 'shadowserver',
'protocol.application': 'chargen',
'protocol.transport': 'udp',
'raw': utils.base64_encode(
Expand All @@ -96,12 +93,11 @@
'time.observation': '2015-01-01T00:00:00+00:00',
'time.source': '2014-03-16T04:15:19+00:00'},
{'__type': 'Event',
'feed.name': 'ShadowServer Chargen',
'classification.type': 'vulnerable service',
'classification.identifier': 'openchargen',
'classification.taxonomy': 'Vulnerable',
'extra': '{"response_size": 116, "tag": "chargen"}',
'feed.code': 'shadowserver-openchargen',
'feed.name': 'shadowserver',
'protocol.application': 'chargen',
'protocol.transport': 'udp',
'raw': utils.base64_encode(
Expand All @@ -118,12 +114,11 @@
'time.observation': '2015-01-01T00:00:00+00:00',
'time.source': '2014-03-16T04:15:19+00:00'},
{'__type': 'Event',
'feed.name': 'ShadowServer Chargen',
'classification.type': 'vulnerable service',
'classification.identifier': 'openchargen',
'classification.taxonomy': 'Vulnerable',
'extra': '{"response_size": 116, "tag": "chargen"}',
'feed.code': 'shadowserver-openchargen',
'feed.name': 'shadowserver',
'protocol.application': 'chargen',
'protocol.transport': 'udp',
'raw': utils.base64_encode(
Expand All @@ -141,12 +136,11 @@
'time.observation': '2015-01-01T00:00:00+00:00',
'time.source': '2014-03-16T04:15:19+00:00'}]
EVENT_SHORT = {'__type': 'Event',
'feed.name': 'ShadowServer Chargen',
'classification.type': 'vulnerable service',
'classification.identifier': 'openchargen',
'classification.taxonomy': 'Vulnerable',
'extra': '{"tag": "chargen"}',
'feed.code': 'shadowserver-openchargen',
'feed.name': 'shadowserver',
'protocol.application': 'chargen',
'protocol.transport': 'udp',
'raw': utils.base64_encode('\n'.join([EXAMPLE_LINE_SHORT[0],
Expand Down

0 comments on commit 56d18d3

Please sign in to comment.