AIL/ail-framework
7
0
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2024-11-10 08:38:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Duplicate module takes its messages from other modules and no more from Global.

Browse source
This commit is contained in:
Mokaddem 2016-07-18 16:22:33 +02:00
parent 6805ed6488
commit 996c0e02de
7 changed files with 21 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bin/Credential.py
View file

@ -50,6 +50,8 @@ if __name__ == "__main__":
if len(creds) > critical: if len(creds) > critical:
print("========> Found more than 10 credentials in this file : {}".format(filepath)) print("========> Found more than 10 credentials in this file : {}".format(filepath))
publisher.warning(to_print) publisher.warning(to_print)
#Send to duplicate
p.populate_set_out(filepath)
if sites: if sites:
print("=======> Probably on : {}".format(', '.join(sites))) print("=======> Probably on : {}".format(', '.join(sites)))
else: else:

2
bin/CreditCard.py
View file

@ -65,6 +65,8 @@ if __name__ == "__main__":
if (len(creditcard_set) > 0): if (len(creditcard_set) > 0):
publisher.warning('{}Checked {} valid number(s)'.format( publisher.warning('{}Checked {} valid number(s)'.format(
to_print, len(creditcard_set))) to_print, len(creditcard_set)))
#Send to duplicate
p.populate_set_out(filename)
else: else:
publisher.info('{}CreditCard related'.format(to_print)) publisher.info('{}CreditCard related'.format(to_print))
else: else:

9
bin/Duplicate_ssdeep_v2.py
View file

@ -6,8 +6,10 @@ The Duplicate module
==================== ====================
This huge module is, in short term, checking duplicates. This huge module is, in short term, checking duplicates.
Its input comes from other modules, namely:
Credential, CreditCard, Keys, Mails and Phone
This one differ from v1 by only using redis and not json file on disk This one differ from v1 by only using redis and not json file stored on disk
Requirements: Requirements:
------------- -------------
@ -117,8 +119,7 @@ if __name__ == "__main__":
if paste_path != None: if paste_path != None:
hash_dico[dico_hash] = (paste_path, percent) hash_dico[dico_hash] = (paste_path, percent)
print 'comparing: ' + str(PST.p_path[44:]) + ' and ' + str(paste_path[44:]) + ' percentage: ' + str(percent) #print 'comparing: ' + str(PST.p_path[44:]) + ' and ' + str(paste_path[44:]) + ' percentage: ' + str(percent)
#print ' '+ PST.p_path[44:] +', '+ paste_path[44:] + ', ' + str(percent)
except: except:
# ssdeep hash not comparable # ssdeep hash not comparable
print 'ssdeep hash not comparable' print 'ssdeep hash not comparable'
@ -146,7 +147,7 @@ if __name__ == "__main__":
PST.__setattr__("p_duplicate", dupl) PST.__setattr__("p_duplicate", dupl)
PST.save_attribute_redis("p_duplicate", dupl) PST.save_attribute_redis("p_duplicate", dupl)
publisher.info('{}Detected {}'.format(to_print, len(dupl))) publisher.info('{}Detected {}'.format(to_print, len(dupl)))
#print '{}Detected {}'.format(to_print, len(dupl)) print '{}Detected {}'.format(to_print, len(dupl))
y = time.time() y = time.time()

2
bin/Keys.py
View file

@ -16,6 +16,8 @@ def search_gpg(message):
content = paste.get_p_content() content = paste.get_p_content()
if '-----BEGIN PGP MESSAGE-----' in content: if '-----BEGIN PGP MESSAGE-----' in content:
publisher.warning('{} has a PGP enc message'.format(paste.p_name)) publisher.warning('{} has a PGP enc message'.format(paste.p_name))
#Send to duplicate
p.populate_set_out(message)
if __name__ == '__main__': if __name__ == '__main__':

2
bin/Mail.py
View file

@ -60,6 +60,8 @@ if __name__ == "__main__":
MX_values[0]) MX_values[0])
if MX_values[0] > is_critical: if MX_values[0] > is_critical:
publisher.warning(to_print) publisher.warning(to_print)
#Send to duplicate
p.populate_set_out(filename)
else: else:
publisher.info(to_print) publisher.info(to_print)
prec_filename = filename prec_filename = filename

2
bin/Phone.py
View file

@ -23,6 +23,8 @@ def search_phone(message):
if len(results) > 4: if len(results) > 4:
print results print results
publisher.warning('{} contains PID (phone numbers)'.format(paste.p_name)) publisher.warning('{} contains PID (phone numbers)'.format(paste.p_name))
#Send to duplicate
p.populate_set_out(message)
if __name__ == '__main__': if __name__ == '__main__':
# If you wish to use an other port of channel, do not forget to run a subscriber accordingly (see launch_logs.sh) # If you wish to use an other port of channel, do not forget to run a subscriber accordingly (see launch_logs.sh)

7
bin/packages/modules.cfg
View file

@ -3,7 +3,7 @@ subscribe = ZMQ_Global
publish = Redis_Global publish = Redis_Global
[Duplicates] [Duplicates]
subscribe = Redis_Global subscribe = Redis_Duplicate
[Indexer] [Indexer]
subscribe = Redis_Global subscribe = Redis_Global
@ -31,9 +31,11 @@ publish = Redis_CreditCards,Redis_Mail,Redis_Onion,Redis_Web,Redis_Credential,Re
[CreditCards] [CreditCards]
subscribe = Redis_CreditCards subscribe = Redis_CreditCards
publish = Redis_Duplicate
[Mail] [Mail]
subscribe = Redis_Mail subscribe = Redis_Mail
publish = Redis_Duplicate
[Onion] [Onion]
subscribe = Redis_Onion subscribe = Redis_Onion
@ -55,15 +57,18 @@ subscribe = Redis_Global
[Credential] [Credential]
subscribe = Redis_Credential subscribe = Redis_Credential
publish = Redis_Duplicate
[Cve] [Cve]
subscribe = Redis_Cve subscribe = Redis_Cve
[Phone] [Phone]
subscribe = Redis_Global subscribe = Redis_Global
publish = Redis_Duplicate
[SourceCode] [SourceCode]
subscribe = Redis_SourceCode subscribe = Redis_SourceCode
[Keys] [Keys]
subscribe = Redis_Global subscribe = Redis_Global
publish = Redis_Duplicate