Created
July 22, 2011 16:55
-
-
Save 9b/1099850 to your computer and use it in GitHub Desktop.
UMA Bot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from jabberbot import JabberBot, botcmd | |
import datetime | |
import base64 | |
import pymongo | |
import traceback | |
import simplejson as json | |
import os, sys, csv, zipfile, getopt, traceback, socket, urlparse, time, urllib2, string | |
import StringIO | |
import logging | |
class SystemInfoJabberBot(JabberBot): | |
def __init__( self, jid, password, res = None): | |
super( SystemInfoJabberBot, self).__init__( jid, password, res) | |
# create console handler | |
chandler = logging.StreamHandler() | |
# create formatter | |
formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s") | |
# add formatter to handler | |
chandler.setFormatter(formatter) | |
# add handler to logger | |
self.log.addHandler(chandler) | |
# set level to INFO | |
self.log.setLevel(logging.INFO) | |
self.users = [] | |
self.message_queue = [] | |
self.thread_killed = False | |
@botcmd | |
def scan( self, mess, args): | |
"""Scan text for matching IP addresses from the MDL""" | |
text = mess.getBody() | |
list = self.get_list(mess,"http://www.malwaredomainlist.com/mdlcsv.php") | |
parsed = self.parse_list(mess,list) | |
check = self.check_blob(mess,text, parsed) | |
if len(check) == 0: | |
return "No attackers found" | |
else: | |
return "Following found on the MDL:\n" + ",".join(check) | |
def get_list(self,mess,url): | |
reply = "== Downloading MDL ==" | |
self.send_simple_reply(mess, reply) | |
f = urllib2.urlopen(url) | |
data = f.read() | |
f.close() | |
data_stream = StringIO.StringIO(data) | |
reader = csv.reader(data_stream, delimiter=',', quoting=csv.QUOTE_MINIMAL) | |
reply = "== Downloaded List ==" | |
self.send_simple_reply(mess, reply) | |
return reader | |
def parse_list(self,mess,list): | |
reply = "== Parsing List ==" | |
self.send_simple_reply(mess, reply) | |
ips = [] | |
for row in list: | |
try: | |
ip = string.strip(row[2]) | |
ips.append(ip) | |
except: | |
continue | |
reply = "== List Parsed ==" | |
self.send_simple_reply(mess, reply) | |
return self.f7(ips) | |
def check_blob(self,mess,data, ips): | |
reply = "== Checking Blob ==" | |
self.send_simple_reply(mess, reply) | |
check = [] | |
for ip in ips: | |
if(len(ip) > 4): | |
result = data.find(str(ip.strip())) | |
if(result >= 0): | |
check.append(ip.strip()) | |
check = self.f7(check) | |
return check | |
def f7(self,seq): | |
seen = set() | |
seen_add = seen.add | |
return [ x for x in seq if x not in seen and not seen_add(x)] | |
username = 'uma@castiron' | |
password = 'password' | |
bot = SystemInfoJabberBot(username,password) | |
bot.serve_forever() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment