Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Dionaea: Malwr Module
from dionaea.core import ihandler, incident, g_dionaea
import logging
import json
import uuid
import time
import sqlite3
logger = logging.getLogger('malwr')
logger.setLevel(logging.DEBUG)
class malwrreport:
def __init__(self, md5, path, timestamp):
self.md5 = md5
self.path = path
self.ts = timestamp
class handler(ihandler):
def __init__(self, path):
logger.info("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.vconfig = g_dionaea.config()['modules']['python']['malwr']
self.submit_url = self.vconfig['submit_url']
self.api_key = self.vconfig['apikey']
self.share = self.vconfig['shared']
self.cookies = {}
dbpath = self.vconfig['dbfile']
self.dbh = sqlite3.connect(dbpath)
self.cursor = self.dbh.cursor()
self.cursor.execute("""
CREATE TABLE IF NOT EXISTS submit (
id INTEGER PRIMARY KEY,
uuid TEXT NOT NULL,
path TEXT NOT NULL,
md5 TEXT NOT NULL,
sha256 TEXT NOT NULL,
submit_time TEXT NOT NULL
);""")
def handle_incident(self, icd):
pass
def handle_incident_dionaea_download_complete_unique(self, icd):
cookie = str(uuid.uuid4())
self.cookies[cookie] = malwrreport(icd.md5hash, icd.path, str(time.strftime("%Y-%m-%d :%H:%M:%S", time.localtime())))
i = incident('dionaea.upload.request')
i._url = self.submit_url
i.shared = self.share
i.api_key = self.api_key
i.set('file://file', icd.path)
i._callback = "dionaea.modules.python.malwr.file_submitted"
i._userdata = cookie
i.report()
def handle_incident_dionaea_modules_python_malwr_file_submitted(self, icd):
f = open(icd.path, mode='r')
j = json.load(f)
cookie = icd._userdata
mreport = self.cookies[cookie]
self.cursor.execute("""INSERT INTO submit (uuid, path, md5, sha256, submit_time) VALUES (?, ?, ?, ?, ?);""", (j['uuid'], mreport.path, mreport.md5, j['sha256'], mreport.ts))
self.dbh.commit()
i = incident("dionaea.modules.python.malwr.uuid")
i.md5hash = mreport.md5
i.uuid = j['uuid']
i.report()
del self.cookies[cookie]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment