mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-27 00:07:16 +00:00
fix: [tracker typo squatting]
This commit is contained in:
parent
a597eece83
commit
8eec6fc8ce
2 changed files with 54 additions and 51 deletions
|
@ -117,7 +117,7 @@ def get_tracker_mails(tracker_uuid):
|
||||||
return list(r_serv_tracker.smembers('tracker:mail:{}'.format(tracker_uuid)))
|
return list(r_serv_tracker.smembers('tracker:mail:{}'.format(tracker_uuid)))
|
||||||
|
|
||||||
def get_tracker_webhook(tracker_uuid):
|
def get_tracker_webhook(tracker_uuid):
|
||||||
return r_serv_tracker.hget('tracker:{}'.format(tracker_uuid), 'webhook')
|
return r_serv_tracker.hget(f'tracker:{tracker_uuid}', 'webhook')
|
||||||
|
|
||||||
def get_tracker_uuid_sources(tracker_uuid):
|
def get_tracker_uuid_sources(tracker_uuid):
|
||||||
return list(r_serv_tracker.smembers(f'tracker:sources:{tracker_uuid}'))
|
return list(r_serv_tracker.smembers(f'tracker:sources:{tracker_uuid}'))
|
||||||
|
@ -223,14 +223,14 @@ def get_tracker_typosquatting_domains(tracker_uuid):
|
||||||
return r_serv_tracker.smembers(f'tracker:typosquatting:{tracker_uuid}')
|
return r_serv_tracker.smembers(f'tracker:typosquatting:{tracker_uuid}')
|
||||||
|
|
||||||
def get_typosquatting_tracked_words_list():
|
def get_typosquatting_tracked_words_list():
|
||||||
all_typo = dict()
|
typosquattings = {}
|
||||||
typos_uuid = get_all_tracker_uuid_by_type("typosquatting")
|
typos_uuid = get_all_tracker_uuid_by_type("typosquatting")
|
||||||
|
|
||||||
for typo_uuid in typos_uuid:
|
for typo_uuid in typos_uuid:
|
||||||
tracker = get_tracker_by_uuid(typo_uuid)
|
tracker = get_tracker_by_uuid(typo_uuid)
|
||||||
all_typo[tracker] = get_tracker_typosquatting_domains(typo_uuid)
|
typosquattings[tracker] = get_tracker_typosquatting_domains(typo_uuid)
|
||||||
|
|
||||||
return all_typo
|
return typosquattings
|
||||||
|
|
||||||
|
|
||||||
def add_tracked_item(tracker_uuid, item_id):
|
def add_tracked_item(tracker_uuid, item_id):
|
||||||
|
@ -301,7 +301,7 @@ def get_email_subject(tracker_uuid):
|
||||||
return 'AIL framework: {}'.format(tracker_description)
|
return 'AIL framework: {}'.format(tracker_description)
|
||||||
|
|
||||||
def get_tracker_last_updated_by_type(tracker_type):
|
def get_tracker_last_updated_by_type(tracker_type):
|
||||||
epoch_update = r_serv_tracker.get('tracker:refresh:{}'.format(tracker_type))
|
epoch_update = r_serv_tracker.get(f'tracker:refresh:{tracker_type}')
|
||||||
if not epoch_update:
|
if not epoch_update:
|
||||||
epoch_update = 0
|
epoch_update = 0
|
||||||
return float(epoch_update)
|
return float(epoch_update)
|
||||||
|
@ -434,7 +434,7 @@ def api_validate_tracker_to_add(tracker , tracker_type, nb_words=1):
|
||||||
return {"status": "error", "reason": "Only one domain is accepted at a time"}, 400
|
return {"status": "error", "reason": "Only one domain is accepted at a time"}, 400
|
||||||
if not "." in tracker:
|
if not "." in tracker:
|
||||||
return {"status": "error", "reason": "Invalid domain name"}, 400
|
return {"status": "error", "reason": "Invalid domain name"}, 400
|
||||||
|
|
||||||
|
|
||||||
elif tracker_type=='yara_custom':
|
elif tracker_type=='yara_custom':
|
||||||
if not is_valid_yara_rule(tracker):
|
if not is_valid_yara_rule(tracker):
|
||||||
|
|
93
bin/trackers/Tracker_Typo_Squatting.py
Normal file → Executable file
93
bin/trackers/Tracker_Typo_Squatting.py
Normal file → Executable file
|
@ -1,5 +1,6 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
# -*-coding:UTF-8 -*
|
# -*-coding:UTF-8 -*
|
||||||
|
|
||||||
"""
|
"""
|
||||||
The Tracker_Typo_Squatting Module
|
The Tracker_Typo_Squatting Module
|
||||||
===================
|
===================
|
||||||
|
@ -22,7 +23,6 @@ sys.path.append(os.environ['AIL_BIN'])
|
||||||
from modules.abstract_module import AbstractModule
|
from modules.abstract_module import AbstractModule
|
||||||
import NotificationHelper
|
import NotificationHelper
|
||||||
from packages.Item import Item
|
from packages.Item import Item
|
||||||
from packages import Term
|
|
||||||
from lib import Tracker
|
from lib import Tracker
|
||||||
|
|
||||||
class Tracker_Typo_Squatting(AbstractModule):
|
class Tracker_Typo_Squatting(AbstractModule):
|
||||||
|
@ -47,7 +47,7 @@ class Tracker_Typo_Squatting(AbstractModule):
|
||||||
|
|
||||||
def compute(self, message):
|
def compute(self, message):
|
||||||
# refresh Tracked typo
|
# refresh Tracked typo
|
||||||
if self.last_refresh_typosquat < Term.get_tracked_term_last_updated_by_type('typosquatting'):
|
if self.last_refresh_typosquat < Tracker.get_tracker_last_updated_by_type('typosquatting'):
|
||||||
self.typosquat_tracked_words_list = Tracker.get_typosquatting_tracked_words_list()
|
self.typosquat_tracked_words_list = Tracker.get_typosquatting_tracked_words_list()
|
||||||
self.last_refresh_typosquat = time.time()
|
self.last_refresh_typosquat = time.time()
|
||||||
self.redis_logger.debug('Tracked typosquatting refreshed')
|
self.redis_logger.debug('Tracked typosquatting refreshed')
|
||||||
|
@ -55,62 +55,65 @@ class Tracker_Typo_Squatting(AbstractModule):
|
||||||
|
|
||||||
host, id = message.split()
|
host, id = message.split()
|
||||||
item = Item(id)
|
item = Item(id)
|
||||||
|
|
||||||
# Cast message as Item
|
# Cast message as Item
|
||||||
for key in self.typosquat_tracked_words_list.keys():
|
for key in self.typosquat_tracked_words_list:
|
||||||
#print(key)
|
#print(key)
|
||||||
if host in self.typosquat_tracked_words_list[key]:
|
if host in self.typosquat_tracked_words_list[key]:
|
||||||
self.new_term_found(key, 'typosquatting', item)
|
self.new_tracker_found(key, 'typosquatting', item)
|
||||||
|
|
||||||
def new_term_found(self, term, term_type, item):
|
|
||||||
uuid_list = Term.get_term_uuid_list(term, term_type)
|
|
||||||
|
|
||||||
|
def new_tracker_found(self, tracker, tracker_type, item):
|
||||||
item_id = item.get_id()
|
item_id = item.get_id()
|
||||||
item_date = item.get_date()
|
item_date = item.get_date()
|
||||||
item_source = item.get_source()
|
item_source = item.get_source()
|
||||||
self.redis_logger.info(f'new tracked typo found: {term} in {item_id}')
|
#self.redis_logger.info(f'new tracked typo found: {tracker} in {item_id}')
|
||||||
print(f'new tracked typo found: {term} in {item_id}')
|
print(f'new tracked typosquatting found: {tracker} in {item_id}')
|
||||||
for term_uuid in uuid_list:
|
|
||||||
tracker_sources = Tracker.get_tracker_uuid_sources(term_uuid)
|
|
||||||
if not tracker_sources or item_source in tracker_sources:
|
|
||||||
Tracker.add_tracked_item(term_uuid, item_id)
|
|
||||||
|
|
||||||
tags_to_add = Term.get_term_tags(term_uuid)
|
print(Tracker.get_tracker_uuid_list(tracker, tracker_type))
|
||||||
for tag in tags_to_add:
|
for tracker_uuid in Tracker.get_tracker_uuid_list(tracker, tracker_type):
|
||||||
msg = '{};{}'.format(tag, item_id)
|
# Source Filtering
|
||||||
self.send_message_to_queue(msg, 'Tags')
|
tracker_sources = Tracker.get_tracker_uuid_sources(tracker)
|
||||||
|
if tracker_sources and item_source not in tracker_sources:
|
||||||
|
continue
|
||||||
|
|
||||||
mail_to_notify = Term.get_term_mails(term_uuid)
|
Tracker.add_tracked_item(tracker_uuid, item_id)
|
||||||
if mail_to_notify:
|
|
||||||
mail_subject = Tracker.get_email_subject(term_uuid)
|
|
||||||
mail_body = Tracker_Typo_Squatting.mail_body_template.format(term, item_id, self.full_item_url, item_id)
|
|
||||||
for mail in mail_to_notify:
|
|
||||||
self.redis_logger.debug(f'Send Mail {mail_subject}')
|
|
||||||
print(f'S print(item_content)end Mail {mail_subject}')
|
|
||||||
NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)
|
|
||||||
|
|
||||||
# Webhook
|
# Tags
|
||||||
webhook_to_post = Term.get_term_webhook(term_uuid)
|
tags_to_add = Tracker.get_tracker_tags(tracker_uuid)
|
||||||
if webhook_to_post:
|
for tag in tags_to_add:
|
||||||
json_request = {"trackerId": term_uuid,
|
msg = f'{tag};{item_id}'
|
||||||
"itemId": item_id,
|
self.send_message_to_queue(msg, 'Tags')
|
||||||
"itemURL": self.full_item_url + item_id,
|
|
||||||
"term": term,
|
mail_to_notify = Tracker.get_tracker_mails(tracker_uuid)
|
||||||
"itemSource": item_source,
|
if mail_to_notify:
|
||||||
"itemDate": item_date,
|
mail_subject = Tracker.get_email_subject(tracker_uuid)
|
||||||
"tags": tags_to_add,
|
mail_body = Tracker_Typo_Squatting.mail_body_template.format(tracker, item_id, self.full_item_url, item_id)
|
||||||
"emailNotification": f'{mail_to_notify}',
|
for mail in mail_to_notify:
|
||||||
"trackerType": term_type
|
NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)
|
||||||
}
|
|
||||||
try:
|
# Webhook
|
||||||
response = requests.post(webhook_to_post, json=json_request)
|
webhook_to_post = Tracker.get_tracker_webhook(tracker_uuid)
|
||||||
if response.status_code >= 400:
|
if webhook_to_post:
|
||||||
self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
|
json_request = {"trackerId": tracker_uuid,
|
||||||
except:
|
"itemId": item_id,
|
||||||
self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: Something went wrong")
|
"itemURL": self.full_item_url + item_id,
|
||||||
|
"tracker": tracker,
|
||||||
|
"itemSource": item_source,
|
||||||
|
"itemDate": item_date,
|
||||||
|
"tags": tags_to_add,
|
||||||
|
"emailNotification": f'{mail_to_notify}',
|
||||||
|
"trackerType": tracker_type
|
||||||
|
}
|
||||||
|
try:
|
||||||
|
response = requests.post(webhook_to_post, json=json_request)
|
||||||
|
if response.status_code >= 400:
|
||||||
|
self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
|
||||||
|
except:
|
||||||
|
self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: Something went wrong")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
module = Tracker_Typo_Squatting()
|
module = Tracker_Typo_Squatting()
|
||||||
module.run()
|
module.run()
|
||||||
|
#module.compute('g00gle.com tests/2020/01/01/test.gz')
|
||||||
|
|
Loading…
Reference in a new issue