|
""" |
|
client.py |
|
@brad_anton |
|
A simple client for ektracker. |
|
Example: |
|
from client import ektracker_client |
|
e = ektracker_client('api_key') |
|
print e.add_tag('rig', 'rig exploit kit', [ 'http://www.google.com/', 'http://www.test.com' ], ['.*', '[a-f]{1,}']) |
|
print e.add_entry('http://api_clienttest.com', tags=['rig', 'seamless']) |
|
print e.add_entry('http://api_clienttest.com', tags=['neutrino']) |
|
print e.add_entry('http://api_clienttest.com', tags=['spartan']) |
|
print e.add_entry('http://api_clienttest.com', tags=['rig', 'psuedoDarkleech']) |
|
print e.get_entries() |
|
""" |
|
import requests |
|
from datetime import datetime |
|
|
|
def to_obj(item, obj): |
|
result = [] |
|
if isinstance(item, list): |
|
for i in item: |
|
result.append(obj(i)) |
|
elif isinstance(item, str): |
|
result.append(obj(i)) |
|
elif type(item) == obj: |
|
result.append(item) |
|
|
|
return result if result else None |
|
|
|
def json_serial(obj): |
|
"""JSON serializer for objects not serializable by default json code""" |
|
# http://stackoverflow.com/questions/11875770/how-to-overcome-datetime-datetime-not-json-serializable-in-python |
|
if isinstance(obj, datetime): |
|
return (obj - datetime.fromtimestamp(0)).total_seconds() |
|
|
|
raise TypeError ("Type not serializable") |
|
|
|
class Entry(object): |
|
def __init__(self, url=None, timestamp=None, tags=None, references=None): |
|
self.url = url |
|
|
|
self.timestamp = timestamp |
|
if self.timestamp is None: |
|
self.timestamp = datetime.utcnow() |
|
|
|
self.tags = to_obj(tags, Tag) |
|
self.references = to_obj(references, Reference) |
|
|
|
def todict(self): |
|
return { 'url': self.url, 'timestamp': self.timestamp, |
|
'tags': self.tags if self.tags is None else [ t.name for t in self.tags ], |
|
'references': self.references if self.references is None else [ r.reference for r in self.references ] |
|
} |
|
|
|
class Tag(object): |
|
def __init__(self, name, description=None, references=None, signatures=None): |
|
self.name = name |
|
self.description = description |
|
|
|
self.references = to_obj(references, Reference) |
|
self.signatures = to_obj(signatures, Signature) |
|
|
|
def __repr__(self): |
|
return '{}'.format(self.__dict__) |
|
|
|
def todict(self): |
|
return { 'name': self.name, 'description': self.description, |
|
'references': self.references if self.references is None else [ r.reference for r in self.references ], |
|
'signatures': self.signatures if self.signatures is None else [ r.signature for r in self.signatures ] |
|
} |
|
|
|
class Reference(object): |
|
def __init__(self, reference): |
|
self.reference = reference |
|
|
|
class Signature(object): |
|
def __init__(self, signature): |
|
self.signature = signature |
|
|
|
class ektracker_client: |
|
def __init__(self, api_key, host='ektracker.com', port=80): |
|
self.server = 'http://{}:{}'.format(host, port) |
|
self.api_key = api_key |
|
self.entries = [] |
|
|
|
def _post(self, endpoint, params=None): |
|
"""Internal function to prep and make POST requests to the server. |
|
""" |
|
ep = '{}/{}'.format(self.server, endpoint) |
|
|
|
data = { 'api_key': self.api_key } |
|
if params: |
|
data.update(params) |
|
|
|
try: |
|
res = requests.post(ep, data=data) |
|
res.raise_for_status() |
|
except (requests.exceptions.Timeout, requests.exceptions.HTTPError) as e: |
|
print res.text |
|
raise Exception('[!] Unable to query ektracker: {}'.format(e)) |
|
|
|
return res.json() |
|
|
|
def _get(self, endpoint, params=None): |
|
ep = '{}/{}'.format(self.server, endpoint) |
|
|
|
try: |
|
res = requests.get(ep, params=params) |
|
res.raise_for_status() |
|
except (requests.exceptions.Timeout, requests.exceptions.HTTPError) as e: |
|
raise Exception('[!] Unable to query ektracker: {}'.format(e)) |
|
|
|
return res.json() |
|
|
|
def add_tag(self, name, description, references=None, signatures=None): |
|
t = Tag(name, description, references, signatures) |
|
|
|
print 'Uploading Tag: {}'.format(t.todict()) |
|
return self._post('api/add/tag/', params=t.todict()) |
|
|
|
def add_entry(self, url, timestamp=None, tags=None, references=None): |
|
e = Entry(url, timestamp, tags, references) |
|
|
|
print 'Uploading Entry: {}'.format(e.todict()) |
|
return self._post('api/add/entry/', params=e.todict()) |
|
|
|
def get_entries(self, start=None, end=None): |
|
return self._get('api/entries/') |
|
|
|
|
|
if __name__ == '__main__': |
|
with open('client_config.json') as f: |
|
from json import load |
|
config = load(f) |
|
|
|
e = ektracker_client(config['api_key']) |
|
|
|
print e.add_tag('rig', 'rig exploit kit', [ 'http://www.google.com/', 'http://www.test.com' ], ['.*', '[a-f]{1,}']) |
|
|
|
print e.add_entry('http://api_clienttest.com', tags=['rig', 'seamless']) |
|
print e.add_entry('http://api_clienttest.com', tags=['neutrino']) |
|
print e.add_entry('http://api_clienttest.com', tags=['spartan']) |
|
print e.add_entry('http://api_clienttest.com', tags=['rig', 'psuedoDarkleech']) |
|
|
|
print e.get_entries() |