Class: Dorothy::DorothyFetcher
- Inherits:
-
Object
- Object
- Dorothy::DorothyFetcher
- Defined in:
- lib/dorothy2/BFM.rb
Instance Attribute Summary collapse
-
#bins ⇒ Object
readonly
Returns the value of attribute bins.
Instance Method Summary collapse
-
#initialize(source) ⇒ DorothyFetcher
constructor
source struct: Hash, => “#{HOME/bins/honeypot”, :typeid=> 0 ..}.
Constructor Details
#initialize(source) ⇒ DorothyFetcher
source struct: Hash, => “#{HOME/bins/honeypot”, :typeid=> 0 ..}
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'lib/dorothy2/BFM.rb', line 18 def initialize(source) #source struct: Hash, {:dir => "#{HOME}/bins/honeypot", :typeid=> 0 ..} ndownloaded = 0 @bins = [] #case source.honeypot1[:type] case source["type"] when "ssh" then LOGGER.info "BFM", " Fetching trojan from > Honeypot" #file = "/opt/dionaea/var/dionaea/binaries/" #puts "Start to download malware" files = [] begin Net::SSH.start(source["ip"], source["user"], :password => source["pass"], :port => source["port"]) do |ssh| ssh.scp.download!(source["remotedir"],source["localdir"], :recursive => true) do |ch, name, sent, total| unless files.include? "#{source["localdir"]}/" + File.basename(name) ndownloaded += 1 files.push "#{source["localdir"]}/" + File.basename(name) # puts "" end # print "#{File.basename(name)}: #{sent}/#{total}\r" # $stdout.flush end LOGGER.info "BFM", "#{ndownloaded} files downloaded" end rescue => e LOGGER.error "BFM", "An error occurred while downloading malwares from honeypot sensor: " + $! LOGGER.error "BFM", "Error: #{$!}, #{e.inspect}, #{e.backtrace}" end #DIRTY WORKAROUND for scp-ing only files without directory FileUtils.mv(Dir.glob(source["localdir"] + "/binaries/*"), source["localdir"]) Dir.rmdir(source["localdir"] + "/binaries") begin unless DoroSettings.env[:testmode] Net::SSH.start(source["ip"], source["user"], :password => source["pass"], :port => source["port"]) do |ssh| ssh.exec "mv #{source["remotedir"]}/* #{source["remotedir"]}/../analyzed " end end rescue LOGGER.error "BFM", "An error occurred while erasing parsed malwares in the honeypot sensor: " + $! end files.each do |f| next unless load_malw(f, source[skey][:typeid]) end when "system" then LOGGER.info "BFM", "Fetching trojan from > filesystem: " + source["localdir"] empty = true Dir.foreach(source["localdir"]) do |file| bin = source["localdir"] + "/" + file next if File.directory?(bin) || !load_malw(bin,source["typeid"]) empty = false end LOGGER.warn "BFM", "There are no files to analyze in the selected source" if empty else LOGGER.fatal "BFM", "Source #{skey} is not yet configured" end end |
Instance Attribute Details
#bins ⇒ Object (readonly)
Returns the value of attribute bins.
15 16 17 |
# File 'lib/dorothy2/BFM.rb', line 15 def bins @bins end |