Class: Dorothy::DorothyFetcher

Inherits:
Object
  • Object
show all
Defined in:
lib/dorothy2/BFM.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(source) ⇒ DorothyFetcher

source struct: Hash, => “#{HOME/bins/honeypot”, :typeid=> 0 ..}



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/dorothy2/BFM.rb', line 18

def initialize(source)  #source struct: Hash, {:dir => "#{HOME}/bins/honeypot", :typeid=> 0 ..}
  ndownloaded = 0

  @bins = []
  #case source.honeypot1[:type]

  case source["type"]

    when "ssh" then
      LOGGER.info "BFM", " Fetching trojan from > Honeypot"
      #file = "/opt/dionaea/var/dionaea/binaries/"

      #puts "Start to download malware"

      files = []

      begin
        Net::SSH.start(source["ip"], source["user"], :password => source["pass"], :port => source["port"]) do |ssh|
          ssh.scp.download!(source["remotedir"],source["localdir"], :recursive => true) do |ch, name, sent, total|
            unless files.include? "#{source["localdir"]}/" + File.basename(name)
              ndownloaded += 1
              files.push "#{source["localdir"]}/" + File.basename(name)
              #			puts ""
            end
            #		print "#{File.basename(name)}: #{sent}/#{total}\r"
            #		$stdout.flush
          end
          LOGGER.info "BFM", "#{ndownloaded} files downloaded"
        end


      rescue => e
        LOGGER.error "BFM", "An error occurred while downloading malwares from honeypot sensor: " + $!
        LOGGER.error "BFM", "Error: #{$!}, #{e.inspect}, #{e.backtrace}"
      end

      #DIRTY WORKAROUND for scp-ing only files without directory

      FileUtils.mv(Dir.glob(source["localdir"] + "/binaries/*"), source["localdir"])
      Dir.rmdir(source["localdir"] + "/binaries")


      begin

        unless DoroSettings.env[:testmode]
          Net::SSH.start(source["ip"], source["user"], :password => source["pass"], :port => source["port"]) do |ssh|
            ssh.exec "mv #{source["remotedir"]}/* #{source["remotedir"]}/../analyzed "
          end
        end

      rescue
        LOGGER.error "BFM", "An error occurred while erasing parsed malwares in the honeypot sensor: " + $!
      end

      files.each do |f|
        next unless load_malw(f, source[skey][:typeid])
      end

    when "system" then
      LOGGER.info "BFM", "Fetching trojan from > filesystem: " + source["localdir"]
      empty = true
      Dir.foreach(source["localdir"]) do |file|
        bin = source["localdir"] + "/" + file
        next if File.directory?(bin) || !load_malw(bin,source["typeid"])
        empty = false
      end
      LOGGER.warn "BFM", "There are no files to analyze in the selected source" if empty
    else
      LOGGER.fatal "BFM", "Source #{skey} is not yet configured"
  end
end

Instance Attribute Details

#binsObject (readonly)

Returns the value of attribute bins.



15
16
17
 
# File 'lib/dorothy2/BFM.rb', line 15

def bins
  @bins
end