chg: [Hash] add reprocess regex order

This commit is contained in:
Terrtia 2018-07-25 10:47:36 +02:00
parent 8c97c70a3f
commit 03a37af5cf
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
3 changed files with 35 additions and 26 deletions

View file

@ -85,28 +85,32 @@ def save_hash(decoder_name, message, date, decoded):
else: else:
serv_metadata.hset('metadata_hash:'+hash, 'last_seen', date_paste) serv_metadata.hset('metadata_hash:'+hash, 'last_seen', date_paste)
# first time we see this file encoding on this paste # first time we see this hash (all encoding) on this paste
if serv_metadata.zscore(decoder_name+'_hash:'+hash, message) is None: if serv_metadata.zscore('nb_seen_hash:'+hash, message) is None:
print('first '+decoder_name)
serv_metadata.hincrby('metadata_hash:'+hash, 'nb_seen_in_all_pastes', 1) serv_metadata.hincrby('metadata_hash:'+hash, 'nb_seen_in_all_pastes', 1)
serv_metadata.hincrby('metadata_hash:'+hash, decoder_name+'_decoder', 1)
serv_metadata.sadd('hash_paste:'+message, hash) # paste - hash map serv_metadata.sadd('hash_paste:'+message, hash) # paste - hash map
serv_metadata.sadd(decoder_name+'_paste:'+message, hash) # paste - hash map
serv_metadata.zincrby('nb_seen_hash:'+hash, message, 1)# hash - paste map
serv_metadata.zincrby(decoder_name+'_hash:'+hash, message, 1)# hash - paste map
# create hash metadata # create hash metadata
serv_metadata.hset('metadata_hash:'+hash, 'estimated_type', type) serv_metadata.hset('metadata_hash:'+hash, 'estimated_type', type)
serv_metadata.sadd('hash_all_type', type) serv_metadata.sadd('hash_all_type', type)
# first time we see this hash encoding on this paste
if serv_metadata.zscore(decoder_name+'_hash:'+hash, message) is None:
print('first '+decoder_name)
serv_metadata.sadd(decoder_name+'_paste:'+message, hash) # paste - hash map
# create hash metadata
serv_metadata.sadd('hash_'+ decoder_name +'_all_type', type) serv_metadata.sadd('hash_'+ decoder_name +'_all_type', type)
serv_metadata.zincrby('hash_type:'+type, date_key, 1)
serv_metadata.zincrby(decoder_name+'_type:'+type, date_key, 1)
save_hash_on_disk(decoded, type, hash, json_data) save_hash_on_disk(decoded, type, hash, json_data)
print('found {} '.format(type)) print('found {} '.format(type))
# duplicate
else: serv_metadata.hincrby('metadata_hash:'+hash, decoder_name+'_decoder', 1)
serv_metadata.zincrby('hash_type:'+type, date_key, 1)
serv_metadata.zincrby(decoder_name+'_type:'+type, date_key, 1)
serv_metadata.zincrby('nb_seen_hash:'+hash, message, 1)# hash - paste map
serv_metadata.zincrby(decoder_name+'_hash:'+hash, message, 1) # number of b64 on this paste serv_metadata.zincrby(decoder_name+'_hash:'+hash, message, 1) # number of b64 on this paste
@ -182,12 +186,14 @@ if __name__ == '__main__':
binary_max_execution_time = p.config.getint("Binary", "max_execution_time") binary_max_execution_time = p.config.getint("Binary", "max_execution_time")
base64_max_execution_time = p.config.getint("Base64", "max_execution_time") base64_max_execution_time = p.config.getint("Base64", "max_execution_time")
# list all decoder yith regex, the order is use to search content by order # list all decoder yith regex,
all_decoder = [ {'name': 'binary', 'regex': regex_binary, 'encoded_min_size': 300, 'max_execution_time': binary_max_execution_time}, decoder_binary = {'name': 'binary', 'regex': regex_binary, 'encoded_min_size': 300, 'max_execution_time': binary_max_execution_time}
{'name': 'hexadecimal', 'regex': regex_hex, 'encoded_min_size': 300, 'max_execution_time': hex_max_execution_time}, decoder_hexadecimal = {'name': 'hexadecimal', 'regex': regex_hex, 'encoded_min_size': 300, 'max_execution_time': hex_max_execution_time}
{'name': 'base64', 'regex': regex_base64, 'encoded_min_size': 40, 'max_execution_time': base64_max_execution_time}] decoder_base64 = {'name': 'base64', 'regex': regex_base64, 'encoded_min_size': 40, 'max_execution_time': base64_max_execution_time}
for decoder in all_decoder: decoder_order = [ decoder_base64, decoder_binary, decoder_hexadecimal, decoder_base64]
for decoder in decoder_order:
serv_metadata.sadd('all_decoder', decoder['name']) serv_metadata.sadd('all_decoder', decoder['name'])
# Endless loop getting messages from the input queue # Endless loop getting messages from the input queue
@ -207,7 +213,7 @@ if __name__ == '__main__':
content = paste.get_p_content() content = paste.get_p_content()
date = str(paste._get_p_date()) date = str(paste._get_p_date())
for decoder in all_decoder: # add threshold and size limit for decoder in decoder_order: # add threshold and size limit
# max execution time on regex # max execution time on regex
signal.alarm(decoder['max_execution_time']) signal.alarm(decoder['max_execution_time'])

View file

@ -364,9 +364,7 @@ def decoder_type_json():
all_decoder = r_serv_metadata.smembers('all_decoder') all_decoder = r_serv_metadata.smembers('all_decoder')
# sort DESC decoder for color # sort DESC decoder for color
all_decoder = sorted(all_decoder, reverse=True) all_decoder = sorted(all_decoder)
print(all_decoder)
print(type(all_decoder))
date_range = [] date_range = []
if date_from is not None and date_to is not None: if date_from is not None and date_to is not None:

View file

@ -46,6 +46,9 @@
} }
.bar_stack:hover{ .bar_stack:hover{
cursor: pointer; cursor: pointer;
}
.pie_path:hover{
cursor: pointer;
} }
.svgText { .svgText {
pointer-events: none; pointer-events: none;
@ -318,7 +321,7 @@ function sparklines(id, points) {
</script> </script>
<script> <script>
var margin = {top: 20, right: 55, bottom: 55, left: 40}, var margin = {top: 20, right: 100, bottom: 55, left: 45},
width = 1000 - margin.left - margin.right, width = 1000 - margin.left - margin.right,
height = 500 - margin.top - margin.bottom; height = 500 - margin.top - margin.bottom;
var x = d3.scaleBand().rangeRound([0, width]).padding(0.1); var x = d3.scaleBand().rangeRound([0, width]).padding(0.1);
@ -449,7 +452,7 @@ function drawLegend (varNames) {
.attr("transform", function (d, i) { return "translate(0," + i * 20 + ")"; }); .attr("transform", function (d, i) { return "translate(0," + i * 20 + ")"; });
legend.append("rect") legend.append("rect")
.attr("x", 152) .attr("x", 943)
.attr("width", 10) .attr("width", 10)
.attr("height", 10) .attr("height", 10)
.style("fill", color) .style("fill", color)
@ -457,7 +460,7 @@ function drawLegend (varNames) {
legend.append("text") legend.append("text")
.attr("class", "svgText") .attr("class", "svgText")
.attr("x", 150) .attr("x", 941)
.attr("y", 6) .attr("y", 6)
.attr("dy", ".35em") .attr("dy", ".35em")
.style("text-anchor", "end") .style("text-anchor", "end")
@ -539,8 +542,10 @@ d3.json("/hashDecoded/decoder_type_json?date_from={{date_from}}&date_to={{date_t
.append('path') .append('path')
.attr('d', arc_pie) .attr('d', arc_pie)
.attr('fill', (d,i) => color_pie(i)) .attr('fill', (d,i) => color_pie(i))
.attr('class', 'pie_path')
.on("mouseover", mouseovered_pie) .on("mouseover", mouseovered_pie)
.on("mouseout", mouseouted_pie) .on("mouseout", mouseouted_pie)
.on("click", function (d) {window.location.href = '/hashDecoded/?date_from={{date_from}}&date_to={{date_to}}&type={{type}}&encoding='+d.data.name })
.style('opacity', opacity_pie) .style('opacity', opacity_pie)
.style('stroke', 'white'); .style('stroke', 'white');
}); });