-
Notifications
You must be signed in to change notification settings - Fork 110
/
thugfiles.py
75 lines (61 loc) · 2.1 KB
/
thugfiles.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
import os
import sys
import time
import datetime
import json
import logging
import hpfeeds
HOST = 'hpfeeds.honeycloud.net'
PORT = 10000
CHANNELS = ['thug.files',]
IDENT = ''
SECRET = ''
OUTFILE = './grab.log'
OUTDIR = './files/'
log = logging.getLogger("thug.files")
handler = logging.FileHandler(OUTFILE)
formatter = logging.Formatter('[%(asctime)s] [%(levelname)s] %(message)s')
handler.setFormatter(formatter)
log.addHandler(handler)
log.setLevel(logging.INFO)
class ThugFiles:
def __init__(self):
if not os.path.exists(OUTDIR):
os.mkdir(OUTDIR)
def run(self):
def on_message(identifier, channel, payload):
try:
decoded = json.loads(str(payload))
except:
decoded = {'raw': payload}
if not 'md5' in decoded or not 'data' in decoded:
log.info("Received message does not contain hash or data - Ignoring it")
return
csv = ', '.join(['{0} = {1}'.format(i, decoded[i]) for i in ['md5', 'sha1', 'type']])
outmsg = 'PUBLISH channel = %s, identifier = %s, %s' % (channel, identifier, csv)
log.info(outmsg)
filedata = decoded['data'].decode('base64')
fpath = os.path.join(OUTDIR, decoded['md5'])
with open(fpath, 'wb') as fd:
fd.write(filedata)
def on_error(payload):
log.critical("Error message from server: %s" % (payload, ))
self.hpc.stop()
while True:
try:
self.hpc = hpfeeds.new(HOST, PORT, IDENT, SECRET)
log.info("Connected to %s" % (self.hpc.brokername, ))
self.hpc.subscribe(CHANNELS)
except hpfeeds.FeedException:
break
try:
self.hpc.run(on_message, on_error)
except:
self.hpc.close()
time.sleep(20)
if __name__ == '__main__':
try:
f = ThugFiles()
f.run()
except KeyboardInterrupt:
sys.exit(0)