forked from foospidy/HoneyPy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
honeypy_file.py
89 lines (76 loc) · 2.71 KB
/
honeypy_file.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# HoneyPy Copyright (C) 2013-2017 foospidy
# https://github.com/foospidy/HoneyPy
# See LICENSE for details
import sys
import hashlib
from datetime import datetime
from twisted.python import log
import json
import os
# prevent creation of compiled bytecode files
sys.dont_write_bytecode = True
file = None
def process(config, section, parts, time_parts):
# TCP
# parts[0]: date
# parts[1]: time_parts
# parts[2]: plugin
# parts[3]: session
# parts[4]: protocol
# parts[5]: event
# parts[6]: local_host
# parts[7]: local_port
# parts[8]: service
# parts[9]: remote_host
# parts[10]: remote_port
# parts[11]: data
# UDP
# parts[0]: date
# parts[1]: time_parts
# parts[2]: plugin string part
# parts[3]: plugin string part
# parts[4]: session
# parts[5]: protocol
# parts[6]: event
# parts[7]: local_host
# parts[8]: local_port
# parts[9]: service
# parts[10]: remote_host
# parts[11]: remote_port
# parts[12]: data
if parts[4] == 'TCP':
if len(parts) == 11:
parts.append('') # no data for CONNECT events
post(config, section, parts[0], time_parts[0], parts[0] + ' ' + time_parts[0], time_parts[1], parts[3], parts[4], parts[5], parts[6], parts[7], parts[8], parts[9], parts[10], parts[11])
else:
# UDP splits differently (see comment section above)
if len(parts) == 12:
parts.append('') # no data sent
post(config, section, parts[0], time_parts[0], parts[0] + ' ' + time_parts[0], time_parts[1], parts[4], parts[5], parts[6], parts[7], parts[8], parts[9], parts[10], parts[11], parts[12])
def post(config, section, date, time, date_time, millisecond, session, protocol, event, local_host, local_port, service, remote_host, remote_port, data):
global file
data = bytearray.fromhex(data).decode()
h = hashlib.md5()
h.update(data)
date_time = datetime.strptime(date_time, "%Y-%m-%d %H:%M:%S").isoformat()
# applying [:-3] to time to truncate millisecond
data = {
'date': date,
'time': time,
'date_time': date_time,
'millisecond': str(millisecond)[:-3],
'session': session,
'protocol': protocol,
'event': event,
'local_host': local_host,
'local_port': local_port,
'service': service,
'remote_host': remote_host,
'remote_port': remote_port,
'data': data,
'bytes': str(len(data)),
'data_hash': h.hexdigest()
}
if not file:
file = open(config.get(section, 'filename'), 'a+', 1)
file.write(json.dumps(data) + os.linesep)