mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-10 08:38:28 +00:00
Merge pull request #131 from mokaddem/credentialsTracker
Credentials seeker
This commit is contained in:
commit
c9f60a5a3d
8 changed files with 490 additions and 1 deletions
|
@ -9,6 +9,18 @@ This module is consuming the Redis-list created by the Categ module.
|
||||||
|
|
||||||
It apply credential regexes on paste content and warn if above a threshold.
|
It apply credential regexes on paste content and warn if above a threshold.
|
||||||
|
|
||||||
|
It also split the username and store it into redis for searching purposes.
|
||||||
|
|
||||||
|
Redis organization:
|
||||||
|
uniqNumForUsername: unique number attached to unique username
|
||||||
|
uniqNumForPath: unique number attached to unique path
|
||||||
|
-> uniqNum are used to avoid string duplication
|
||||||
|
AllCredentials: hashed set where keys are username and value are their uniq number
|
||||||
|
AllCredentialsRev: the opposite of AllCredentials, uniqNum -> username
|
||||||
|
AllPath: hashed set where keys are path and value are their uniq number
|
||||||
|
AllPathRev: the opposite of AllPath, uniqNum -> path
|
||||||
|
CredToPathMapping_uniqNumForUsername -> (set) -> uniqNumForPath
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import time
|
import time
|
||||||
|
@ -17,8 +29,20 @@ from packages import Paste
|
||||||
from pubsublogger import publisher
|
from pubsublogger import publisher
|
||||||
from Helper import Process
|
from Helper import Process
|
||||||
import re
|
import re
|
||||||
|
import redis
|
||||||
from pyfaup.faup import Faup
|
from pyfaup.faup import Faup
|
||||||
|
|
||||||
|
#split username with spec. char or with upper case, distinguish start with upper
|
||||||
|
REGEX_CRED = "[a-z]+|[A-Z]{3,}|[A-Z]{1,2}[a-z]+|[0-9]+"
|
||||||
|
REDIS_KEY_NUM_USERNAME = 'uniqNumForUsername'
|
||||||
|
REDIS_KEY_NUM_PATH = 'uniqNumForUsername'
|
||||||
|
REDIS_KEY_ALL_CRED_SET = 'AllCredentials'
|
||||||
|
REDIS_KEY_ALL_CRED_SET_REV = 'AllCredentialsRev'
|
||||||
|
REDIS_KEY_ALL_PATH_SET = 'AllPath'
|
||||||
|
REDIS_KEY_ALL_PATH_SET_REV = 'AllPathRev'
|
||||||
|
REDIS_KEY_MAP_CRED_TO_PATH = 'CredToPathMapping'
|
||||||
|
MINIMUMSIZETHRESHOLD = 3
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
publisher.port = 6380
|
publisher.port = 6380
|
||||||
publisher.channel = "Script"
|
publisher.channel = "Script"
|
||||||
|
@ -27,6 +51,10 @@ if __name__ == "__main__":
|
||||||
publisher.info("Find credentials")
|
publisher.info("Find credentials")
|
||||||
|
|
||||||
faup = Faup()
|
faup = Faup()
|
||||||
|
server_cred = redis.StrictRedis(
|
||||||
|
host=p.config.get("Redis_Level_DB_TermCred", "host"),
|
||||||
|
port=p.config.get("Redis_Level_DB_TermCred", "port"),
|
||||||
|
db=p.config.get("Redis_Level_DB_TermCred", "db"))
|
||||||
|
|
||||||
critical = 8
|
critical = 8
|
||||||
|
|
||||||
|
@ -37,6 +65,7 @@ if __name__ == "__main__":
|
||||||
message = p.get_from_set()
|
message = p.get_from_set()
|
||||||
if message is None:
|
if message is None:
|
||||||
publisher.debug("Script Credential is Idling 10s")
|
publisher.debug("Script Credential is Idling 10s")
|
||||||
|
print('sleeping 10s')
|
||||||
time.sleep(10)
|
time.sleep(10)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
@ -44,6 +73,7 @@ if __name__ == "__main__":
|
||||||
|
|
||||||
if count < 5:
|
if count < 5:
|
||||||
# Less than 5 matches from the top password list, false positive.
|
# Less than 5 matches from the top password list, false positive.
|
||||||
|
print("false positive:", count)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
paste = Paste.Paste(filepath)
|
paste = Paste.Paste(filepath)
|
||||||
|
@ -63,6 +93,7 @@ if __name__ == "__main__":
|
||||||
|
|
||||||
print('\n '.join(creds))
|
print('\n '.join(creds))
|
||||||
|
|
||||||
|
#num of creds above tresh, publish an alert
|
||||||
if len(creds) > critical:
|
if len(creds) > critical:
|
||||||
print("========> Found more than 10 credentials in this file : {}".format(filepath))
|
print("========> Found more than 10 credentials in this file : {}".format(filepath))
|
||||||
publisher.warning(to_print)
|
publisher.warning(to_print)
|
||||||
|
@ -97,3 +128,32 @@ if __name__ == "__main__":
|
||||||
print("=======> Probably on : {}".format(', '.join(sites_set)))
|
print("=======> Probably on : {}".format(', '.join(sites_set)))
|
||||||
else:
|
else:
|
||||||
publisher.info(to_print)
|
publisher.info(to_print)
|
||||||
|
print('found {} credentials'.format(len(creds)))
|
||||||
|
|
||||||
|
|
||||||
|
#for searching credential in termFreq
|
||||||
|
for cred in creds:
|
||||||
|
cred = cred.split('@')[0] #Split to ignore mail address
|
||||||
|
|
||||||
|
#unique number attached to unique path
|
||||||
|
uniq_num_path = server_cred.incr(REDIS_KEY_NUM_PATH)
|
||||||
|
server_cred.hmset(REDIS_KEY_ALL_PATH_SET, {filepath: uniq_num_path})
|
||||||
|
server_cred.hmset(REDIS_KEY_ALL_PATH_SET_REV, {uniq_num_path: filepath})
|
||||||
|
|
||||||
|
#unique number attached to unique username
|
||||||
|
uniq_num_cred = server_cred.hget(REDIS_KEY_ALL_CRED_SET, cred)
|
||||||
|
if uniq_num_cred is None: #cred do not exist, create new entries
|
||||||
|
uniq_num_cred = server_cred.incr(REDIS_KEY_NUM_USERNAME)
|
||||||
|
server_cred.hmset(REDIS_KEY_ALL_CRED_SET, {cred: uniq_num_cred})
|
||||||
|
server_cred.hmset(REDIS_KEY_ALL_CRED_SET_REV, {uniq_num_cred: cred})
|
||||||
|
|
||||||
|
#Add the mapping between the credential and the path
|
||||||
|
server_cred.sadd(REDIS_KEY_MAP_CRED_TO_PATH+'_'+str(uniq_num_cred), uniq_num_path)
|
||||||
|
|
||||||
|
#Split credentials on capital letters, numbers, dots and so on
|
||||||
|
#Add the split to redis, each split point towards its initial credential unique number
|
||||||
|
splitedCred = re.findall(REGEX_CRED, cred)
|
||||||
|
for partCred in splitedCred:
|
||||||
|
if len(partCred) > MINIMUMSIZETHRESHOLD:
|
||||||
|
server_cred.sadd(partCred, uniq_num_cred)
|
||||||
|
|
||||||
|
|
|
@ -97,6 +97,11 @@ host = localhost
|
||||||
port = 6382
|
port = 6382
|
||||||
db = 2
|
db = 2
|
||||||
|
|
||||||
|
[Redis_Level_DB_TermCred]
|
||||||
|
host = localhost
|
||||||
|
port = 6382
|
||||||
|
db = 5
|
||||||
|
|
||||||
[Redis_Level_DB]
|
[Redis_Level_DB]
|
||||||
host = localhost
|
host = localhost
|
||||||
port = 2016
|
port = 2016
|
||||||
|
|
|
@ -21,6 +21,7 @@ nltk
|
||||||
crcmod
|
crcmod
|
||||||
mmh3
|
mmh3
|
||||||
ssdeep
|
ssdeep
|
||||||
|
python-Levenshtein
|
||||||
|
|
||||||
#Others
|
#Others
|
||||||
python-magic
|
python-magic
|
||||||
|
|
|
@ -53,6 +53,11 @@ r_serv_term = redis.StrictRedis(
|
||||||
port=cfg.getint("Redis_Level_DB_TermFreq", "port"),
|
port=cfg.getint("Redis_Level_DB_TermFreq", "port"),
|
||||||
db=cfg.getint("Redis_Level_DB_TermFreq", "db"))
|
db=cfg.getint("Redis_Level_DB_TermFreq", "db"))
|
||||||
|
|
||||||
|
r_serv_cred = redis.StrictRedis(
|
||||||
|
host=cfg.get("Redis_Level_DB_TermCred", "host"),
|
||||||
|
port=cfg.getint("Redis_Level_DB_TermCred", "port"),
|
||||||
|
db=cfg.getint("Redis_Level_DB_TermCred", "db"))
|
||||||
|
|
||||||
r_serv_pasteName = redis.StrictRedis(
|
r_serv_pasteName = redis.StrictRedis(
|
||||||
host=cfg.get("Redis_Paste_Name", "host"),
|
host=cfg.get("Redis_Paste_Name", "host"),
|
||||||
port=cfg.getint("Redis_Paste_Name", "port"),
|
port=cfg.getint("Redis_Paste_Name", "port"),
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
|
|
||||||
'''
|
'''
|
||||||
Flask functions and routes for the trending modules page
|
Flask functions and routes for the trending modules page
|
||||||
|
|
||||||
|
note: The matching of credential against supplied credential is done using Levenshtein distance
|
||||||
'''
|
'''
|
||||||
import redis
|
import redis
|
||||||
import datetime
|
import datetime
|
||||||
|
@ -11,6 +13,8 @@ import flask
|
||||||
from flask import Flask, render_template, jsonify, request, Blueprint
|
from flask import Flask, render_template, jsonify, request, Blueprint
|
||||||
import re
|
import re
|
||||||
import Paste
|
import Paste
|
||||||
|
from pprint import pprint
|
||||||
|
import Levenshtein
|
||||||
|
|
||||||
# ============ VARIABLES ============
|
# ============ VARIABLES ============
|
||||||
import Flask_config
|
import Flask_config
|
||||||
|
@ -18,9 +22,11 @@ import Flask_config
|
||||||
app = Flask_config.app
|
app = Flask_config.app
|
||||||
cfg = Flask_config.cfg
|
cfg = Flask_config.cfg
|
||||||
r_serv_term = Flask_config.r_serv_term
|
r_serv_term = Flask_config.r_serv_term
|
||||||
|
r_serv_cred = Flask_config.r_serv_cred
|
||||||
|
|
||||||
terms = Blueprint('terms', __name__, template_folder='templates')
|
terms = Blueprint('terms', __name__, template_folder='templates')
|
||||||
|
|
||||||
|
'''TERM'''
|
||||||
DEFAULT_MATCH_PERCENT = 50
|
DEFAULT_MATCH_PERCENT = 50
|
||||||
|
|
||||||
#tracked
|
#tracked
|
||||||
|
@ -36,6 +42,19 @@ TrackedRegexDate_Name = "TrackedRegexDate"
|
||||||
TrackedSetSet_Name = "TrackedSetSet"
|
TrackedSetSet_Name = "TrackedSetSet"
|
||||||
TrackedSetDate_Name = "TrackedSetDate"
|
TrackedSetDate_Name = "TrackedSetDate"
|
||||||
|
|
||||||
|
|
||||||
|
'''CRED'''
|
||||||
|
REGEX_CRED = '[a-z]+|[A-Z]{3,}|[A-Z]{1,2}[a-z]+|[0-9]+'
|
||||||
|
REDIS_KEY_NUM_USERNAME = 'uniqNumForUsername'
|
||||||
|
REDIS_KEY_NUM_PATH = 'uniqNumForUsername'
|
||||||
|
REDIS_KEY_ALL_CRED_SET = 'AllCredentials'
|
||||||
|
REDIS_KEY_ALL_CRED_SET_REV = 'AllCredentialsRev'
|
||||||
|
REDIS_KEY_ALL_PATH_SET = 'AllPath'
|
||||||
|
REDIS_KEY_ALL_PATH_SET_REV = 'AllPathRev'
|
||||||
|
REDIS_KEY_MAP_CRED_TO_PATH = 'CredToPathMapping'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# ============ FUNCTIONS ============
|
# ============ FUNCTIONS ============
|
||||||
|
|
||||||
def Term_getValueOverRange(word, startDate, num_day, per_paste=""):
|
def Term_getValueOverRange(word, startDate, num_day, per_paste=""):
|
||||||
|
@ -52,6 +71,56 @@ def Term_getValueOverRange(word, startDate, num_day, per_paste=""):
|
||||||
passed_days += 1
|
passed_days += 1
|
||||||
return to_return
|
return to_return
|
||||||
|
|
||||||
|
#Mix suplied username, if extensive is set, slice username(s) with different windows
|
||||||
|
def mixUserName(supplied, extensive=False):
|
||||||
|
#e.g.: John Smith
|
||||||
|
terms = supplied.split()[:2]
|
||||||
|
usernames = []
|
||||||
|
if len(terms) == 1:
|
||||||
|
terms.append(' ')
|
||||||
|
|
||||||
|
#john, smith, John, Smith, JOHN, SMITH
|
||||||
|
usernames += [terms[0].lower()]
|
||||||
|
usernames += [terms[1].lower()]
|
||||||
|
usernames += [terms[0][0].upper() + terms[0][1:].lower()]
|
||||||
|
usernames += [terms[1][0].upper() + terms[1][1:].lower()]
|
||||||
|
usernames += [terms[0].upper()]
|
||||||
|
usernames += [terms[1].upper()]
|
||||||
|
|
||||||
|
#johnsmith, smithjohn, JOHNsmith, johnSMITH, SMITHjohn, smithJOHN
|
||||||
|
usernames += [(terms[0].lower() + terms[1].lower()).strip()]
|
||||||
|
usernames += [(terms[1].lower() + terms[0].lower()).strip()]
|
||||||
|
usernames += [(terms[0].upper() + terms[1].lower()).strip()]
|
||||||
|
usernames += [(terms[0].lower() + terms[1].upper()).strip()]
|
||||||
|
usernames += [(terms[1].upper() + terms[0].lower()).strip()]
|
||||||
|
usernames += [(terms[1].lower() + terms[0].upper()).strip()]
|
||||||
|
#Jsmith, JSmith, jsmith, jSmith, johnS, Js, JohnSmith, Johnsmith, johnSmith
|
||||||
|
usernames += [(terms[0][0].upper() + terms[1][0].lower() + terms[1][1:].lower()).strip()]
|
||||||
|
usernames += [(terms[0][0].upper() + terms[1][0].upper() + terms[1][1:].lower()).strip()]
|
||||||
|
usernames += [(terms[0][0].lower() + terms[1][0].lower() + terms[1][1:].lower()).strip()]
|
||||||
|
usernames += [(terms[0][0].lower() + terms[1][0].upper() + terms[1][1:].lower()).strip()]
|
||||||
|
usernames += [(terms[0].lower() + terms[1][0].upper()).strip()]
|
||||||
|
usernames += [(terms[0].upper() + terms[1][0].lower()).strip()]
|
||||||
|
usernames += [(terms[0][0].upper() + terms[0][1:].lower() + terms[1][0].upper() + terms[1][1:].lower()).strip()]
|
||||||
|
usernames += [(terms[0][0].upper() + terms[0][1:].lower() + terms[1][0].lower() + terms[1][1:].lower()).strip()]
|
||||||
|
usernames += [(terms[0][0].lower() + terms[0][1:].lower() + terms[1][0].upper() + terms[1][1:].lower()).strip()]
|
||||||
|
|
||||||
|
if not extensive:
|
||||||
|
return usernames
|
||||||
|
|
||||||
|
#Slice the supplied username(s)
|
||||||
|
mixedSupplied = supplied.replace(' ','')
|
||||||
|
minWindow = 3 if len(mixedSupplied)/2 < 4 else len(mixedSupplied)/2
|
||||||
|
for winSize in range(3,len(mixedSupplied)):
|
||||||
|
for startIndex in range(0, len(mixedSupplied)-winSize):
|
||||||
|
usernames += [mixedSupplied[startIndex:startIndex+winSize]]
|
||||||
|
|
||||||
|
filtered_usernames = []
|
||||||
|
for usr in usernames:
|
||||||
|
if len(usr) > 2:
|
||||||
|
filtered_usernames.append(usr)
|
||||||
|
return filtered_usernames
|
||||||
|
|
||||||
|
|
||||||
# ============ ROUTES ============
|
# ============ ROUTES ============
|
||||||
|
|
||||||
|
@ -282,9 +351,9 @@ def terms_plot_tool_data():
|
||||||
else:
|
else:
|
||||||
per_paste = ""
|
per_paste = ""
|
||||||
|
|
||||||
|
|
||||||
if term is None:
|
if term is None:
|
||||||
return "None"
|
return "None"
|
||||||
|
|
||||||
else:
|
else:
|
||||||
value_range = []
|
value_range = []
|
||||||
for timestamp in range(range_start, range_end+oneDay, oneDay):
|
for timestamp in range(range_start, range_end+oneDay, oneDay):
|
||||||
|
@ -348,5 +417,100 @@ def terms_plot_top_data():
|
||||||
return jsonify(to_return)
|
return jsonify(to_return)
|
||||||
|
|
||||||
|
|
||||||
|
@terms.route("/credentials_tracker/")
|
||||||
|
def credentials_tracker():
|
||||||
|
return render_template("credentials_tracker.html")
|
||||||
|
|
||||||
|
@terms.route("/credentials_management_query_paste/", methods=['GET', 'POST'])
|
||||||
|
def credentials_management_query_paste():
|
||||||
|
cred = request.args.get('cred')
|
||||||
|
allPath = request.json['allPath']
|
||||||
|
|
||||||
|
paste_info = []
|
||||||
|
for pathNum in allPath:
|
||||||
|
path = r_serv_cred.hget(REDIS_KEY_ALL_PATH_SET_REV, pathNum)
|
||||||
|
paste = Paste.Paste(path)
|
||||||
|
p_date = str(paste._get_p_date())
|
||||||
|
p_date = p_date[6:]+'/'+p_date[4:6]+'/'+p_date[0:4]
|
||||||
|
p_source = paste.p_source
|
||||||
|
p_encoding = paste._get_p_encoding()
|
||||||
|
p_size = paste.p_size
|
||||||
|
p_mime = paste.p_mime
|
||||||
|
p_lineinfo = paste.get_lines_info()
|
||||||
|
p_content = paste.get_p_content().decode('utf-8', 'ignore')
|
||||||
|
if p_content != 0:
|
||||||
|
p_content = p_content[0:400]
|
||||||
|
paste_info.append({"path": path, "date": p_date, "source": p_source, "encoding": p_encoding, "size": p_size, "mime": p_mime, "lineinfo": p_lineinfo, "content": p_content})
|
||||||
|
|
||||||
|
return jsonify(paste_info)
|
||||||
|
|
||||||
|
@terms.route("/credentials_management_action/", methods=['GET'])
|
||||||
|
def cred_management_action():
|
||||||
|
|
||||||
|
supplied = request.args.get('term').encode('utf-8')
|
||||||
|
action = request.args.get('action')
|
||||||
|
section = request.args.get('section')
|
||||||
|
extensive = request.args.get('extensive')
|
||||||
|
extensive = True if extensive == "true" else False
|
||||||
|
|
||||||
|
if extensive:
|
||||||
|
#collectDico
|
||||||
|
AllUsernameInRedis = r_serv_cred.hgetall(REDIS_KEY_ALL_CRED_SET).keys()
|
||||||
|
uniq_num_set = set()
|
||||||
|
if action == "seek":
|
||||||
|
possibilities = mixUserName(supplied, extensive)
|
||||||
|
for poss in possibilities:
|
||||||
|
num = r_serv_cred.hget(REDIS_KEY_ALL_CRED_SET, poss)
|
||||||
|
if num is not None:
|
||||||
|
uniq_num_set.add(num)
|
||||||
|
for num in r_serv_cred.smembers(poss):
|
||||||
|
uniq_num_set.add(num)
|
||||||
|
#Extensive /!\
|
||||||
|
if extensive:
|
||||||
|
iter_num = 0
|
||||||
|
tot_iter = len(AllUsernameInRedis)*len(possibilities)
|
||||||
|
for tempUsername in AllUsernameInRedis:
|
||||||
|
for poss in possibilities:
|
||||||
|
#FIXME print progress
|
||||||
|
if(iter_num % int(tot_iter/20) == 0):
|
||||||
|
#print("searching: {}% done".format(int(iter_num/tot_iter*100)), sep=' ', end='\r', flush=True)
|
||||||
|
print("searching: {}% done".format(float(iter_num)/float(tot_iter)*100))
|
||||||
|
iter_num += 1
|
||||||
|
|
||||||
|
if poss in tempUsername:
|
||||||
|
num = r_serv_cred.hget(REDIS_KEY_ALL_CRED_SET, tempUsername)
|
||||||
|
if num is not None:
|
||||||
|
uniq_num_set.add(num)
|
||||||
|
for num in r_serv_cred.smembers(tempUsername):
|
||||||
|
uniq_num_set.add(num)
|
||||||
|
|
||||||
|
data = {'usr': [], 'path': [], 'numPaste': [], 'simil': []}
|
||||||
|
for Unum in uniq_num_set:
|
||||||
|
levenRatio = 2.0
|
||||||
|
username = r_serv_cred.hget(REDIS_KEY_ALL_CRED_SET_REV, Unum)
|
||||||
|
|
||||||
|
# Calculate Levenshtein distance, ignore negative ratio
|
||||||
|
supp_splitted = supplied.split()
|
||||||
|
supp_mixed = supplied.replace(' ','')
|
||||||
|
supp_splitted.append(supp_mixed)
|
||||||
|
for indiv_supplied in supp_splitted:
|
||||||
|
levenRatio = float(Levenshtein.ratio(indiv_supplied, username))
|
||||||
|
levenRatioStr = "{:.1%}".format(levenRatio)
|
||||||
|
|
||||||
|
data['usr'].append(username)
|
||||||
|
allPathNum = list(r_serv_cred.smembers(REDIS_KEY_MAP_CRED_TO_PATH+'_'+Unum))
|
||||||
|
data['path'].append(allPathNum)
|
||||||
|
data['numPaste'].append(len(allPathNum))
|
||||||
|
data['simil'].append(levenRatioStr)
|
||||||
|
|
||||||
|
to_return = {}
|
||||||
|
to_return["section"] = section
|
||||||
|
to_return["action"] = action
|
||||||
|
to_return["term"] = supplied
|
||||||
|
to_return["data"] = data
|
||||||
|
|
||||||
|
return jsonify(to_return)
|
||||||
|
|
||||||
|
|
||||||
# ========= REGISTRATION =========
|
# ========= REGISTRATION =========
|
||||||
app.register_blueprint(terms)
|
app.register_blueprint(terms)
|
||||||
|
|
252
var/www/modules/terms/templates/credentials_tracker.html
Normal file
252
var/www/modules/terms/templates/credentials_tracker.html
Normal file
|
@ -0,0 +1,252 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
|
<title>Analysis Information Leak framework Dashboard</title>
|
||||||
|
|
||||||
|
<!-- Core CSS -->
|
||||||
|
<link href="{{ url_for('static', filename='css/bootstrap.min.css') }}" rel="stylesheet">
|
||||||
|
<link href="{{ url_for('static', filename='font-awesome/css/font-awesome.css') }}" rel="stylesheet">
|
||||||
|
<link href="{{ url_for('static', filename='css/sb-admin-2.css') }}" rel="stylesheet">
|
||||||
|
<link href="{{ url_for('static', filename='css/dygraph_gallery.css') }}" rel="stylesheet" type="text/css" />
|
||||||
|
<!-- JS -->
|
||||||
|
<script type="text/javascript" src="{{ url_for('static', filename='js/dygraph-combined.js') }}"></script>
|
||||||
|
<script language="javascript" src="{{ url_for('static', filename='js/jquery.js')}}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/jquery.flot.js') }}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/jquery.flot.pie.js') }}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/jquery.flot.time.js') }}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/bootstrap.min.js') }}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js') }}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.js') }}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/jquery.flot.js') }}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/jquery.flot.time.js') }}"></script>
|
||||||
|
<script src="{{ url_for('static', filename='js/jquery.flot.stack.js') }}"></script>
|
||||||
|
|
||||||
|
<style>
|
||||||
|
.btn-link {
|
||||||
|
color: #000000
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<!-- Modal -->
|
||||||
|
<div id="mymodal" class="modal fade" role="dialog">
|
||||||
|
<div class="modal-dialog modal-lg">
|
||||||
|
|
||||||
|
<!-- Modal content-->
|
||||||
|
<div id="mymodalcontent" class="modal-content">
|
||||||
|
<div id="mymodalbody" class="modal-body" max-width="8500px">
|
||||||
|
<p>Loading paste information...</p>
|
||||||
|
<img id="loading-gif-modal" src="{{url_for('static', filename='image/loading.gif') }}" height="26" width="26" style="margin: 4px;">
|
||||||
|
</div>
|
||||||
|
<div class="modal-footer">
|
||||||
|
<a id="button_show_plot" target="_blank" href=""><button type="button" class="btn btn-info">Plot term</button></a>
|
||||||
|
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{% include 'navbar.html' %}
|
||||||
|
|
||||||
|
<div id="page-wrapper">
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-lg-12">
|
||||||
|
<h1 class="page-header" data-page="page-termsfrequency" >Credential seeker</h1>
|
||||||
|
</div>
|
||||||
|
<!-- /.col-lg-12 -->
|
||||||
|
<!-- Panel OPTIONS -->
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-lg-12">
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-lg-12">
|
||||||
|
<div id="panel-today" class="panel panel-success">
|
||||||
|
<div class="panel-heading">
|
||||||
|
<strong>Credential seeker</strong>
|
||||||
|
</div>
|
||||||
|
<div class="panel-body">
|
||||||
|
|
||||||
|
<label><input type="checkbox" id="extensive" style="margin-bottom: 10px;"><strong>Extensive search (takes time)</strong></input></label>
|
||||||
|
<div class="form-group input-group" style="margin-bottom: 30px;">
|
||||||
|
<span class="input-group-addon"><span class="glyphicon glyphicon-screenshot"></span></span>
|
||||||
|
<input id="seekInput" class="form-control" placeholder="Credential to seek." type="text" style="max-width: 400px;">
|
||||||
|
<button id="followTermBtn" class="btn btn-success btn-interaction" style="margin-left: 10px;" data-section="seek" data-action="seek"> Seek</button>
|
||||||
|
<span id="nodata" class="alert alert-info" style="margin-left: 10px; display: none; padding: 6px;">No data</span>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<table class="table table-striped table-bordered table-hover" id="myTable">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th style="max-width: 800px;">Username</th>
|
||||||
|
<th>Similarity</th>
|
||||||
|
<th># concerned paste(s)</th>
|
||||||
|
<th>Action</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<!-- /.panel-body -->
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<!-- /.panel -->
|
||||||
|
</div>
|
||||||
|
<!-- /.panel -->
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<!-- /.row -->
|
||||||
|
</div>
|
||||||
|
<!-- /#page-wrapper -->
|
||||||
|
|
||||||
|
<script>
|
||||||
|
$(document).ready(function(){
|
||||||
|
activePage = $('h1.page-header').attr('data-page');
|
||||||
|
$("#"+activePage).addClass("active");
|
||||||
|
|
||||||
|
$('[data-toggle="tooltip"]').tooltip();
|
||||||
|
table_track = $('#myTable').DataTable({ "order": [[ 1, "dec" ]] });
|
||||||
|
|
||||||
|
table_track.on( 'draw.dt', function () {
|
||||||
|
perform_binding();
|
||||||
|
});
|
||||||
|
|
||||||
|
$("#seekInput").keyup(function(event){
|
||||||
|
if(event.keyCode == 13){
|
||||||
|
$("#followTermBtn").click();
|
||||||
|
$("#seekInput").val("");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
perform_binding();
|
||||||
|
|
||||||
|
$("#mymodal").on('hidden.bs.modal', function () {
|
||||||
|
$("#mymodalbody").html("<p>Loading paste information...</p>");
|
||||||
|
var loading_gif = "<img id='loading-gif-modal' class='img-center' src=\"{{url_for('static', filename='image/loading.gif') }}\" height='26' width='26' style='margin: 4px;'>";
|
||||||
|
$("#mymodalbody").append(loading_gif); // Show the loading GIF
|
||||||
|
});
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
function perform_binding() {
|
||||||
|
$(".btn-interaction").unbind("click.interaction");
|
||||||
|
$(".btn-interaction").bind("click.interaction", perform_operation);
|
||||||
|
}
|
||||||
|
|
||||||
|
function perform_modal_binding() {
|
||||||
|
// On click, get html content from url and update the corresponding modal
|
||||||
|
$("[data-toggle='modal']").on("click.openmodal", function (event) {
|
||||||
|
event.preventDefault();
|
||||||
|
var the_modal=$(this);
|
||||||
|
var url = "{{ url_for('terms.credentials_management_query_paste') }}?cred=" + encodeURIComponent($(this).attr('data-term'));
|
||||||
|
$.ajax({
|
||||||
|
type: 'POST',
|
||||||
|
url: url,
|
||||||
|
dataType: "json",
|
||||||
|
data: JSON.stringify({ 'allPath': JSON.parse($(this).attr('data-path')) }),
|
||||||
|
contentType : "application/json"
|
||||||
|
}).done(function (data) {
|
||||||
|
if (data.length != 0) {
|
||||||
|
var html_to_add = "";
|
||||||
|
html_to_add += "<table id=\"modal-table\" class=\"table table-striped\">";
|
||||||
|
html_to_add += "<thead>";
|
||||||
|
html_to_add += "<tr>";
|
||||||
|
html_to_add += "<th>Source</th>";
|
||||||
|
html_to_add += "<th>Date</th>";
|
||||||
|
html_to_add += "<th>Encoding</th>";
|
||||||
|
html_to_add += "<th>Size (Kb)</th>";
|
||||||
|
html_to_add += "<th># lines</th>";
|
||||||
|
html_to_add += "<th>Max length</th>";
|
||||||
|
html_to_add += "<th>Preview</th>";
|
||||||
|
html_to_add += "</tr>";
|
||||||
|
html_to_add += "</thead>";
|
||||||
|
html_to_add += "<tbody>";
|
||||||
|
for (i=0; i<data.length; i++) {
|
||||||
|
curr_data = data[i];
|
||||||
|
html_to_add += "<tr>";
|
||||||
|
html_to_add += "<td>"+curr_data.source+"</td>";
|
||||||
|
html_to_add += "<td>"+curr_data.date+"</td>";
|
||||||
|
html_to_add += "<td>"+curr_data.encoding+"</td>";
|
||||||
|
html_to_add += "<td>"+curr_data.size+"</td>";
|
||||||
|
html_to_add += "<td>"+curr_data.lineinfo[0]+"</td>";
|
||||||
|
html_to_add += "<td>"+curr_data.lineinfo[1]+"</td>";
|
||||||
|
html_to_add += "<td><div class=\"row\"><button class=\"btn btn-xs btn-default\" data-toggle=\"popover\" data-placement=\"left\" data-content=\""+curr_data.content.replace(/\"/g, "\'")+"\">Preview content</button><a target=\"_blank\" href=\"{{ url_for('showsavedpastes.showsavedpaste') }}?paste="+curr_data.path+"&num=0\"> <button type=\"button\" class=\"btn btn-xs btn-info\">Show Paste</button></a></div></td>";
|
||||||
|
|
||||||
|
html_to_add += "</tr>";
|
||||||
|
}
|
||||||
|
html_to_add += "</tbody>";
|
||||||
|
html_to_add += "</table>";
|
||||||
|
$("#mymodalbody").html(html_to_add);
|
||||||
|
$("[data-toggle=popover]").popover();
|
||||||
|
$('#modal-table').DataTable();
|
||||||
|
} else {
|
||||||
|
$("#mymodalbody").html("No paste containing this term has been received yet.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)});
|
||||||
|
}
|
||||||
|
|
||||||
|
function perform_operation(){
|
||||||
|
var curr_section = $(this).attr('data-section');
|
||||||
|
var curr_action = $(this).attr('data-action');
|
||||||
|
if (curr_action == "add") {
|
||||||
|
var curr_term = $('#'+curr_section+'Input').val();
|
||||||
|
} else if (curr_action == "seek") {
|
||||||
|
var curr_term = $('#'+curr_section+'Input').val();
|
||||||
|
} else {
|
||||||
|
var curr_term = $(this).attr('data-content');
|
||||||
|
}
|
||||||
|
var data_to_send = { section: curr_section, action:curr_action, term: curr_term, extensive: $("#extensive").is(":checked")};
|
||||||
|
|
||||||
|
if (curr_term != "") {
|
||||||
|
//console.log(data_to_send);
|
||||||
|
$.get("{{ url_for('terms.cred_management_action') }}", data_to_send, function(data, status){
|
||||||
|
if(status == "success") {
|
||||||
|
var json = data;
|
||||||
|
|
||||||
|
if(json.action == "add") {
|
||||||
|
//not used for the moment
|
||||||
|
|
||||||
|
} else if (json.action == "seek") {
|
||||||
|
table_track.clear().draw();
|
||||||
|
var rep = json.data;
|
||||||
|
//var action_button = "<button class=\"btn-link btn-interaction\" data-toggle=\"tooltip\" data-placement=\"left\" title=\"Track this term\" data-content=\"" + json.term + "\" data-section=\"followTerm\" data-action=\"add\">";
|
||||||
|
var action_button = "";
|
||||||
|
if (rep.usr.length == 0) {
|
||||||
|
$( "#nodata" ).removeClass('alert-info').addClass('alert-danger');
|
||||||
|
$( "#nodata" ).text("No data");
|
||||||
|
$( "#nodata" ).fadeIn( "fast", function() {
|
||||||
|
setTimeout(function() {
|
||||||
|
$( "#nodata" ).fadeOut("fast");
|
||||||
|
}, 2000);
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
for(i=0; i < rep.usr.length; i++) {
|
||||||
|
$( "#nodata" ).removeClass('alert-danger').addClass('alert-info');
|
||||||
|
$( "#nodata" ).text(curr_term);
|
||||||
|
$( "#nodata" ).fadeIn( "fast");
|
||||||
|
toAdd = "</button><span data-toggle=\"modal\" data-target=\"#mymodal\" data-term=\""+rep.usr[i]+"\" data-path=\"["+rep.path[i]+"]\" ><button class=\"btn-link\" data-toggle=\"tooltip\" data-placement=\"right\" title=\"Show concerned paste(s)\"><span class=\"glyphicon glyphicon-info-sign\"></span></button></span>";
|
||||||
|
table_track.row.add( [
|
||||||
|
rep.usr[i],
|
||||||
|
rep.simil[i],
|
||||||
|
rep.numPaste[i],
|
||||||
|
toAdd+action_button ] ).draw( false );
|
||||||
|
}
|
||||||
|
perform_binding();
|
||||||
|
perform_modal_binding();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
|
@ -2,6 +2,7 @@
|
||||||
<span class="caret"></span></a>
|
<span class="caret"></span></a>
|
||||||
<ul class="dropdown-menu">
|
<ul class="dropdown-menu">
|
||||||
<li><a href="{{ url_for('terms.terms_management') }}"><i class="fa fa-gear "> </i> Terms managements</a></li>
|
<li><a href="{{ url_for('terms.terms_management') }}"><i class="fa fa-gear "> </i> Terms managements</a></li>
|
||||||
|
<li><a href="{{ url_for('terms.credentials_tracker') }}"><i class="glyphicon glyphicon-screenshot"> </i> Credentials seeker</a></li>
|
||||||
<li><a href="{{ url_for('terms.terms_plot_top') }}"><i class="glyphicon glyphicon-fire"> </i> Terms plot top</a></li>
|
<li><a href="{{ url_for('terms.terms_plot_top') }}"><i class="glyphicon glyphicon-fire"> </i> Terms plot top</a></li>
|
||||||
<li><a href="{{ url_for('terms.terms_plot_tool') }}"><i class="fa fa-wrench"> </i> Terms plot tool</a></li>
|
<li><a href="{{ url_for('terms.terms_plot_tool') }}"><i class="fa fa-wrench"> </i> Terms plot tool</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
<span class="caret"></span></a>
|
<span class="caret"></span></a>
|
||||||
<ul class="dropdown-menu">
|
<ul class="dropdown-menu">
|
||||||
<li><a href="{{ url_for('terms.terms_management') }}"><i class="fa fa-gear "> </i> Terms managements</a></li>
|
<li><a href="{{ url_for('terms.terms_management') }}"><i class="fa fa-gear "> </i> Terms managements</a></li>
|
||||||
|
<li><a href="{{ url_for('terms.credentials_tracker') }}"><i class="glyphicon glyphicon-screenshot"> </i> Credentials seeker</a></li>
|
||||||
<li><a href="{{ url_for('terms.terms_plot_top') }}"><i class="glyphicon glyphicon-fire"> </i> Terms plot top</a></li>
|
<li><a href="{{ url_for('terms.terms_plot_top') }}"><i class="glyphicon glyphicon-fire"> </i> Terms plot top</a></li>
|
||||||
<li><a href="{{ url_for('terms.terms_plot_tool') }}"><i class="fa fa-wrench"> </i> Terms plot tool</a></li>
|
<li><a href="{{ url_for('terms.terms_plot_tool') }}"><i class="fa fa-wrench"> </i> Terms plot tool</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
Loading…
Reference in a new issue