Permalink
Browse files

Dorothy2 fully ported to Ruby 1.9.3 #50

Other fixes:
fix screentime

dorothy.yml
 added sandbox's network var (needed by DEM)
 added GeoIP.ISP var

fix dparser
 iconv deprecated
 added GeoIP.ISP
 removed lot of misused classes in DEM
  • Loading branch information...
1 parent 36de250 commit 8e6a5ee4ee313830cfa7c229e9a7be181568ed74 @m4rco- committed Oct 28, 2013
View
@@ -216,9 +216,9 @@ begin
rescue SignalException
Dorothy.stop_running_analyses
rescue => e
- puts "[" + "+".red + "] " + "[Dorothy]".yellow + " An error occurred: ".red + $!
- puts "[" + "+".red + "] " + "[Dorothy]".yellow + " For more information check the logfile" + $! if daemon
- LOGGER.error "Dorothy", "An error occurred: " + $!
+ puts "[" + "+".red + "] " + "[Dorothy]".yellow + " An error occurred: \n".red + e.inspect
+ puts "[" + "+".red + "] " + "[Dorothy]".yellow + " For more information check the logfile \n" + e.inspect if daemon
+ LOGGER.error "Dorothy", "An error occurred: \n" + e.inspect
LOGGER.debug "Dorothy", "#{e.inspect} --BACKTRACE: #{e.backtrace}"
LOGGER.info "Dorothy", "Dorothy has been stopped"
end
View
@@ -9,6 +9,7 @@ require 'trollop'
require 'dorothy2'
require 'doroParser'
+#load '../lib/dorothy2.rb'
#load '../lib/doroParser.rb'
include Dorothy
@@ -63,16 +64,18 @@ LOGGER_PARSER.sev_threshold = DoroSettings.env[:loglevel]
LOGGER = DoroLogger.new(logout, DoroSettings.env[:logage])
LOGGER.sev_threshold = DoroSettings.env[:loglevel]
-if system "sh -c 'type startpcapr > /dev/null 2>&1'"
- pcapr_conf = "#{File.expand_path("~")}/.pcapr_local/config"
- unless Util.exists?(pcapr_conf)
- puts "[WARNING]".red + " Pcapr conf not found at #{File.expand_path("~")}/.pcapr_local/config "
- puts "[WARNING]".red + " Although you have configured Dorothy in order to look for a *local* Pcapr instance,it seems that it is not configured yet,so please run \"startpcapr\" and configure it."
+if DoroSettings.pcapr[:local]=="true"
+ if system "sh -c 'type startpcapr > /dev/null 2>&1'"
+ pcapr_conf = "#{File.expand_path("~")}/.pcapr_local/config"
+ unless Util.exists?(pcapr_conf)
+ puts "[WARNING]".red + " Pcapr conf not found at #{File.expand_path("~")}/.pcapr_local/config "
+ puts "[WARNING]".red + " Although you have configured Dorothy in order to look for a *local* Pcapr instance,it seems that it is not configured yet,so please run \"startpcapr\" and configure it."
+ exit(1)
+ end
+ else
+ puts "[WARNING]".red + " Although you have configured Dorothy in order to look for a *local* Pcapr instance, it seems *NOT INSTALLED* in your system.\n\t Please install it by typing \"sudo gem install pcapr-local\. Then set Pcapr to scan #{DoroSettings.env[:analysis_dir]}"
exit(1)
end
-else
- puts "[WARNING]".red + "Although you have configured Dorothy in order to look for a *local* Pcapr instance, it seems *NOT INSTALLED* in your system.\n\t Please install it by typing \"sudo gem install pcapr-local\. Then set Pcapr to scan #{DoroSettings.env[:analysis_dir]}"
- exit(1)
end
View
@@ -11,6 +11,9 @@ require 'dorothy2'
require 'doroParser'
#load '../lib/doroParser.rb'
+#load '../lib/dorothy2.rb'
+
+
include Dorothy
include DoroParser
View
@@ -2,10 +2,8 @@
# This file is part of Dorothy - http://www.honeynet.it/
# See the file 'LICENSE' for copying permission.
-#!/usr/local/bin/ruby
#load 'lib/doroParser.rb'; include Dorothy; include DoroParser; LOGGER = DoroLogger.new(STDOUT, "weekly")
-
#Install mu/xtractr from svn checkout http://pcapr.googlecode.com/svn/trunk/ pcapr-read-only
@@ -17,24 +15,21 @@
require 'rubygems'
-require 'md5'
+require 'digest'
require 'rbvmomi'
require 'rest_client'
require 'net/dns'
require 'net/dns/packet'
require 'ipaddr'
require 'colored'
-require 'ftools'
-require 'filemagic' #require 'pcaplet'
+require 'filemagic'
require 'geoip'
require 'pg'
-require 'iconv'
require 'tmail'
require 'ipaddr'
require 'net/http'
require 'json'
-require File.dirname(__FILE__) + '/dorothy2/environment'
require File.dirname(__FILE__) + '/mu/xtractr'
require File.dirname(__FILE__) + '/dorothy2/DEM'
require File.dirname(__FILE__) + '/dorothy2/do-utils'
View
@@ -1,3 +1,6 @@
+#!/bin/env ruby
+# encoding: utf-8
+
# Copyright (C) 2010-2013 marco riccardi.
# This file is part of Dorothy - http://www.honeynet.it/
# See the file 'LICENSE' for copying permission.
@@ -19,14 +22,12 @@
require 'rbvmomi'
require 'timeout'
require 'virustotal'
-require 'ftools' #deprecated in ruby 1.9 !!!
require 'filemagic'
-require 'md5'
+require 'digest'
require File.dirname(__FILE__) + '/dorothy2/do-init'
require File.dirname(__FILE__) + '/dorothy2/Settings'
require File.dirname(__FILE__) + '/dorothy2/deep_symbolize'
-require File.dirname(__FILE__) + '/dorothy2/environment'
require File.dirname(__FILE__) + '/dorothy2/vtotal'
require File.dirname(__FILE__) + '/dorothy2/VSM'
require File.dirname(__FILE__) + '/dorothy2/NAM'
@@ -225,7 +226,7 @@ def analyze(bin, guestvm)
DoroSettings.sandbox[:num_screenshots].times do
@screenshots.push vsm.screenshot
- sleep DoroSettings.sandbox[:screen2time] % DoroSettings.sandbox[:sleeptime]
+ sleep DoroSettings.sandbox[:screen2time] % DoroSettings.sandbox[:sleeptime] if DoroSettings.sandbox[:screen2time]
end
sleep DoroSettings.sandbox[:sleeptime]
@@ -471,7 +472,10 @@ def scan(bin)
def self.start(source=nil, daemon=nil)
+ @vtotal_threads = []
+ @analysis_threads = []
@db = Insertdb.new
+
daemon ||= false
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " Process Started"
@@ -493,9 +497,7 @@ def self.start(source=nil, daemon=nil)
#Be sure that there are no open tcpdump instances opened
@nam.init_sniffer
- @vtotal_threads = []
- @vtotal_threads = []
- @analysis_threads = []
+
infinite = true
Oops, something went wrong.

0 comments on commit 8e6a5ee

Please sign in to comment.