Merge pull request #8 from threatstream/hpfeeds

Hpfeeds support for Wordpot

.gitignore

@@ -2,3 +2,5 @@
 .*
 *.pyc
 !.gitignore
+/env
+

requirements.txt

@@ -0,0 +1,2 @@
+Flask==0.10.1
+-e git+https://github.com/threatstream/hpfeeds/#egg=hpfeeds-dev

wordpot.conf

@@ -30,3 +30,10 @@ AUTHORS     = ['admin']             # Authors list
 
 #PLUGINS     = []                    # Installed plugins list
 #THEMES      = []                    # Installed themes list
+
+HPFEEDS_ENABLED = False
+HPFEEDS_HOST = '127.0.0.1'
+HPFEEDS_PORT = 10000
+HPFEEDS_IDENT = 'wordpot'
+HPFEEDS_SECRET = 'wordpot-pass'
+HPFEEDS_TOPIC = 'wordpot.events'

wordpot/__init__.py

@@ -83,6 +83,19 @@ def check_options():
     LOGGER.error('Can\'t load conf file')
 check_options()
 
+if app.config['HPFEEDS_ENABLED']:
+    import hpfeeds
+    print 'Connecting to hpfeeds broker {}:{}'.format(app.config['HPFEEDS_HOST'], app.config['HPFEEDS_PORT'])
+    app.config['hpfeeds_client'] = hpfeeds.new(
+        app.config['HPFEEDS_HOST'], 
+        app.config['HPFEEDS_PORT'], 
+        app.config['HPFEEDS_IDENT'], 
+        app.config['HPFEEDS_SECRET']
+    )
+    app.config['hpfeeds_client'].s.settimeout(0.01)
+else:
+    LOGGER.warn('hpfeeds is disabled')
+
 # ----------------------------
 # Building the plugins manager
 # ----------------------------

wordpot/plugins/badlogin.py

@@ -16,6 +16,7 @@ def run(self):
             username = self.inputs['request'].form['log']
             password = self.inputs['request'].form['pwd']
             self.outputs['log'] = '%s tried to login with username %s and password %s' % (origin, username, password)
+            self.outputs['log_json'] = self.to_json_log(username=username, password=password, plugin='badlogin')
             self.outputs['template_vars']['BADLOGIN'] = True
             self.outputs['template'] = 'wp-login.html'
         else:

wordpot/plugins/commonfiles.py

@@ -19,6 +19,7 @@ def run(self):
 
             if filename in common:
                 self.outputs['log'] = '%s probed for: %s' % (origin, filename)
+                self.outputs['log_json'] = self.to_json_log(filename=filename, plugin='commonfiles')
                 self.outputs['template'] = common[filename]
 
         return

wordpot/plugins/timthumb.py

@@ -10,7 +10,7 @@ def run(self):
             # Message to log
             log = '%s probed for timthumb: %s' % (self.inputs['request'].remote_addr, self.inputs['subpath'])
             self.outputs['log'] = log
-
+            self.outputs['log_json'] = self.to_json_log(filename=self.inputs['subpath'], plugin='timthumb')
             # Template to render
             self.outputs['template'] = 'timthumb.html'
 

wordpot/plugins/userenumeration.py

@@ -14,6 +14,7 @@ def run(self):
             for k, a in enumerate(app.config['AUTHORS']):
                 if (k + 1) == int(req_args['author']):
                     self.outputs['log'] = '%s probed author page for user: %s' % (origin, a)
+                    self.outputs['log_json'] = self.to_json_log(author=a, plugin='userenumeration')
                     self.outputs['template_vars']['AUTHORPAGE'] = True
                     self.outputs['template_vars']['CURRENTAUTHOR'] = (k+1, a)
                     self.outputs['template'] = app.config['THEME'] + '.html'

wordpot/plugins_manager.py

@@ -89,3 +89,15 @@ def start(self, **kwargs):
 
     def run(self):
         return
+
+    def to_json_log(self, **kwargs):
+        import json
+        return json.dumps(dict(kwargs, 
+            source_ip=self.inputs['request'].remote_addr, 
+            source_port=self.inputs['request'].environ['REMOTE_PORT'],
+            dest_ip=self.inputs['request'].environ['SERVER_NAME'],
+            dest_port=self.inputs['request'].environ['SERVER_PORT'],
+            user_agent=self.inputs['request'].user_agent.string,
+            url=self.inputs['request'].url
+        ))
+

wordpot/views.py

@@ -16,6 +16,8 @@ def commons(filename=None, ext=None):
         p.start(filename=filename, ext=ext, request=request)
         if 'log' in p.outputs:
             LOGGER.info(p.outputs['log'])
+        if 'log_json' in p.outputs and app.config['HPFEEDS_ENABLED']:
+            app.config['hpfeeds_client'].publish(app.config['HPFEEDS_TOPIC'], p.outputs['log_json'])
         if 'template' in p.outputs:
             if 'template_vars' in p.outputs:
                 return render_template(p.outputs['template'], vars=p.outputs['template_vars'])
@@ -40,6 +42,8 @@ def admin(subpath='/'):
         p.start(subpath=subpath, request=request)
         if 'log' in p.outputs:
             LOGGER.info(p.outputs['log'])
+        if 'log_json' in p.outputs and app.config['HPFEEDS_ENABLED']:
+            app.config['hpfeeds_client'].publish(app.config['HPFEEDS_TOPIC'], p.outputs['log_json'])
         if 'template' in p.outputs:
             if 'template_vars' in p.outputs:
                 return render_template(p.outputs['template'], vars=p.outputs['template_vars'])
@@ -63,6 +67,8 @@ def plugin(plugin, subpath='/'):
         p.start(plugin=plugin, subpath=subpath, request=request)
         if 'log' in p.outputs:
             LOGGER.info(p.outputs['log'])
+        if 'log_json' in p.outputs and app.config['HPFEEDS_ENABLED']:
+            app.config['hpfeeds_client'].publish(app.config['HPFEEDS_TOPIC'], p.outputs['log_json'])
         if 'template' in p.outputs:
             if 'template_vars' in p.outputs:
                 return render_template(p.outputs['template'], vars=p.outputs['template_vars'])
@@ -86,6 +92,8 @@ def theme(theme, subpath='/'):
         p.start(theme=theme, subpath=subpath, request=request)
         if 'log' in p.outputs:
             LOGGER.info(p.outputs['log'])
+        if 'log_json' in p.outputs and app.config['HPFEEDS_ENABLED']:
+            app.config['hpfeeds_client'].publish(app.config['HPFEEDS_TOPIC'], p.outputs['log_json'])
         if 'template' in p.outputs:
             if 'template_vars' in p.outputs:
                 return render_template(p.outputs['template'], vars=p.outputs['template_vars'])