cowrie/cowrie
1
0
Fork 0
mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Flags to toggle comment/upload

Browse Source
This commit is contained in:
Michel Oosterhof
2018-01-08 20:59:17 +04:00
parent 83674f723c
commit 27c0f3b235
2 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cowrie.cfg.dist
View File

@ -488,7 +488,9 @@ logfile = log/cowrie.json
# #
#[output_virustotal] #[output_virustotal]
#api_key = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef #api_key = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# #upload = True
#debug = False
# Cuckoo output module # Cuckoo output module
#[output_cuckoo] #[output_cuckoo]

17
cowrie/output/virustotal.py
View File

@ -63,6 +63,9 @@ class Output(cowrie.core.output.Output):
def __init__(self, cfg): def __init__(self, cfg):
self.apiKey = cfg.get('output_virustotal', 'api_key') self.apiKey = cfg.get('output_virustotal', 'api_key')
self.debug = cfg.getboolean('output_virustotal', 'debug', fallback=False) self.debug = cfg.getboolean('output_virustotal', 'debug', fallback=False)
self.upload = cfg.getboolean('output_virustotal', 'upload', fallback=True)
self.comment = cfg.getboolean('output_virustotal', 'comment', fallback=True)
self.commenttext = cfg.get('output_virustotal', 'commenttext', fallback=COMMENT)
cowrie.core.output.Output.__init__(self, cfg) cowrie.core.output.Output.__init__(self, cfg)
@ -153,7 +156,6 @@ class Output(cowrie.core.output.Output):
log.msg("VT: {}".format(j["verbose_msg"])) log.msg("VT: {}".format(j["verbose_msg"]))
if j["response_code"] == 0: if j["response_code"] == 0:
log.msg("VT: response=0: this is a new file") log.msg("VT: response=0: this is a new file")
#log.msg("Sending file to VT")
p = urlparse(entry["url"]).path p = urlparse(entry["url"]).path
if p == "": if p == "":
fileName = entry["shasum"] fileName = entry["shasum"]
@ -163,7 +165,10 @@ class Output(cowrie.core.output.Output):
fileName = entry["shasum"] fileName = entry["shasum"]
else: else:
fileName = b fileName = b
return self.postfile(entry["outfile"], fileName) if self.upload == True:
return self.postfile(entry["outfile"], fileName)
else:
return
elif j["response_code"] == 1: elif j["response_code"] == 1:
log.msg("VT: response=1: this has been scanned before") log.msg("VT: response=1: this has been scanned before")
log.msg("VT: {}/{} bad; permalink: {}".format(j["positives"], j["total"], ["permalink"])) log.msg("VT: {}/{} bad; permalink: {}".format(j["positives"], j["total"], ["permalink"]))
@ -236,8 +241,10 @@ class Output(cowrie.core.output.Output):
# This is always a new resource, since we did the scan before # This is always a new resource, since we did the scan before
# so always create the comment # so always create the comment
log.msg( "response=0: posting comment") log.msg( "response=0: posting comment")
d = self.postcomment(j["resource"]) if self.comment == True:
return d return self.postcomment(j["resource"])
else:
return
d.addCallback(cbResponse) d.addCallback(cbResponse)
d.addErrback(cbError) d.addErrback(cbError)
@ -318,7 +325,7 @@ class Output(cowrie.core.output.Output):
""" """
vtUrl = VTAPI_URL+b'comments/put' vtUrl = VTAPI_URL+b'comments/put'
parameters = { "resource": resource, parameters = { "resource": resource,
"comment": COMMENT, "comment": self.commenttext,
"apikey": self.apiKey} "apikey": self.apiKey}
headers = http_headers.Headers({'User-Agent': [COWRIE_USER_AGENT]}) headers = http_headers.Headers({'User-Agent': [COWRIE_USER_AGENT]})
body = StringProducer(urlencode(parameters).encode("utf-8")) body = StringProducer(urlencode(parameters).encode("utf-8"))