Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
65 lines (56 sloc) 1.53 KB
#!/usr/bin/env python
#
# Scans all SNORT rule files to enumerate defined "classtype" values
# 2017 @imifos
"""
Snort v2.9
snortrules-snapshot-29110.tar.gz
classtype:misc-activity
classtype:policy-violation
classtype:web-application-attack
classtype:trojan-activity
classtype:attempted-admin
classtype:protocol-command-decode
classtype:bad-unknown
classtype:attempted-recon
classtype:web-application-activity
classtype:successful-recon-limited
classtype:network-scan
classtype:attempted-user
classtype:attempted-dos
classtype:misc-attack
classtype:denial-of-service
classtype:shellcode-detect
classtype:unsuccessful-user
classtype:unknown
classtype:non-standard-protocol
classtype:rpc-portmap-decode
classtype:suspicious-filename-detect
classtype:unusual-client-port-connection
classtype:not-suspicious
classtype:successful-user
classtype:string-detect
classtype:successful-admin
classtype:system-call-detect
classtype:suspicious-login
classtype:default-login-attempt
"""
from os import listdir
classtypes = []
rulesfiles = [f for f in listdir(".") if f.endswith('.rules')]
print "Scan SNORT rules files for 'classtypes'..."
print ""
print "Found these rules files:"
for f in rulesfiles:
print f
for rulefile in rulesfiles:
with open(rulefile, 'rt') as f:
for line in f:
p1 = line.find("classtype")
if p1 != -1:
p2 = line.find(";", p1)
if line[p1:p2] not in classtypes:
classtypes.append(line[p1:p2])
print "Found these classtypes:"
for ct in classtypes:
print ct