Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #8 from threatstream/hpfeeds

Hpfeeds support for Wordpot
  • Loading branch information...
commit e42eedab1f90cdda4cbe1c2a3dd67b202eefcc28 2 parents bbaf582 + 38c0eea
@gbrindisi authored
View
2  .gitignore
@@ -2,3 +2,5 @@
.*
*.pyc
!.gitignore
+/env
+
View
2  requirements.txt
@@ -0,0 +1,2 @@
+Flask==0.10.1
+-e git+https://github.com/threatstream/hpfeeds/#egg=hpfeeds-dev
View
7 wordpot.conf
@@ -30,3 +30,10 @@ AUTHORS = ['admin'] # Authors list
#PLUGINS = [] # Installed plugins list
#THEMES = [] # Installed themes list
+
+HPFEEDS_ENABLED = False
+HPFEEDS_HOST = '127.0.0.1'
+HPFEEDS_PORT = 10000
+HPFEEDS_IDENT = 'wordpot'
+HPFEEDS_SECRET = 'wordpot-pass'
+HPFEEDS_TOPIC = 'wordpot.events'
View
13 wordpot/__init__.py
@@ -83,6 +83,19 @@ def check_options():
LOGGER.error('Can\'t load conf file')
check_options()
+if app.config['HPFEEDS_ENABLED']:
+ import hpfeeds
+ print 'Connecting to hpfeeds broker {}:{}'.format(app.config['HPFEEDS_HOST'], app.config['HPFEEDS_PORT'])
+ app.config['hpfeeds_client'] = hpfeeds.new(
+ app.config['HPFEEDS_HOST'],
+ app.config['HPFEEDS_PORT'],
+ app.config['HPFEEDS_IDENT'],
+ app.config['HPFEEDS_SECRET']
+ )
+ app.config['hpfeeds_client'].s.settimeout(0.01)
+else:
+ LOGGER.warn('hpfeeds is disabled')
+
# ----------------------------
# Building the plugins manager
# ----------------------------
View
1  wordpot/plugins/badlogin.py
@@ -16,6 +16,7 @@ def run(self):
username = self.inputs['request'].form['log']
password = self.inputs['request'].form['pwd']
self.outputs['log'] = '%s tried to login with username %s and password %s' % (origin, username, password)
+ self.outputs['log_json'] = self.to_json_log(username=username, password=password, plugin='badlogin')
self.outputs['template_vars']['BADLOGIN'] = True
self.outputs['template'] = 'wp-login.html'
else:
View
1  wordpot/plugins/commonfiles.py
@@ -19,6 +19,7 @@ def run(self):
if filename in common:
self.outputs['log'] = '%s probed for: %s' % (origin, filename)
+ self.outputs['log_json'] = self.to_json_log(filename=filename, plugin='commonfiles')
self.outputs['template'] = common[filename]
return
View
2  wordpot/plugins/timthumb.py
@@ -10,7 +10,7 @@ def run(self):
# Message to log
log = '%s probed for timthumb: %s' % (self.inputs['request'].remote_addr, self.inputs['subpath'])
self.outputs['log'] = log
-
+ self.outputs['log_json'] = self.to_json_log(filename=self.inputs['subpath'], plugin='timthumb')
# Template to render
self.outputs['template'] = 'timthumb.html'
View
1  wordpot/plugins/userenumeration.py
@@ -14,6 +14,7 @@ def run(self):
for k, a in enumerate(app.config['AUTHORS']):
if (k + 1) == int(req_args['author']):
self.outputs['log'] = '%s probed author page for user: %s' % (origin, a)
+ self.outputs['log_json'] = self.to_json_log(author=a, plugin='userenumeration')
self.outputs['template_vars']['AUTHORPAGE'] = True
self.outputs['template_vars']['CURRENTAUTHOR'] = (k+1, a)
self.outputs['template'] = app.config['THEME'] + '.html'
View
12 wordpot/plugins_manager.py
@@ -89,3 +89,15 @@ def start(self, **kwargs):
def run(self):
return
+
+ def to_json_log(self, **kwargs):
+ import json
+ return json.dumps(dict(kwargs,
+ source_ip=self.inputs['request'].remote_addr,
+ source_port=self.inputs['request'].environ['REMOTE_PORT'],
+ dest_ip=self.inputs['request'].environ['SERVER_NAME'],
+ dest_port=self.inputs['request'].environ['SERVER_PORT'],
+ user_agent=self.inputs['request'].user_agent.string,
+ url=self.inputs['request'].url
+ ))
+
View
8 wordpot/views.py
@@ -16,6 +16,8 @@ def commons(filename=None, ext=None):
p.start(filename=filename, ext=ext, request=request)
if 'log' in p.outputs:
LOGGER.info(p.outputs['log'])
+ if 'log_json' in p.outputs and app.config['HPFEEDS_ENABLED']:
+ app.config['hpfeeds_client'].publish(app.config['HPFEEDS_TOPIC'], p.outputs['log_json'])
if 'template' in p.outputs:
if 'template_vars' in p.outputs:
return render_template(p.outputs['template'], vars=p.outputs['template_vars'])
@@ -40,6 +42,8 @@ def admin(subpath='/'):
p.start(subpath=subpath, request=request)
if 'log' in p.outputs:
LOGGER.info(p.outputs['log'])
+ if 'log_json' in p.outputs and app.config['HPFEEDS_ENABLED']:
+ app.config['hpfeeds_client'].publish(app.config['HPFEEDS_TOPIC'], p.outputs['log_json'])
if 'template' in p.outputs:
if 'template_vars' in p.outputs:
return render_template(p.outputs['template'], vars=p.outputs['template_vars'])
@@ -63,6 +67,8 @@ def plugin(plugin, subpath='/'):
p.start(plugin=plugin, subpath=subpath, request=request)
if 'log' in p.outputs:
LOGGER.info(p.outputs['log'])
+ if 'log_json' in p.outputs and app.config['HPFEEDS_ENABLED']:
+ app.config['hpfeeds_client'].publish(app.config['HPFEEDS_TOPIC'], p.outputs['log_json'])
if 'template' in p.outputs:
if 'template_vars' in p.outputs:
return render_template(p.outputs['template'], vars=p.outputs['template_vars'])
@@ -86,6 +92,8 @@ def theme(theme, subpath='/'):
p.start(theme=theme, subpath=subpath, request=request)
if 'log' in p.outputs:
LOGGER.info(p.outputs['log'])
+ if 'log_json' in p.outputs and app.config['HPFEEDS_ENABLED']:
+ app.config['hpfeeds_client'].publish(app.config['HPFEEDS_TOPIC'], p.outputs['log_json'])
if 'template' in p.outputs:
if 'template_vars' in p.outputs:
return render_template(p.outputs['template'], vars=p.outputs['template_vars'])
Please sign in to comment.
Something went wrong with that request. Please try again.