[edbb89]: phish / phish_fromStruct.py  Maximize  Restore  History

Download this file

112 lines (87 with data), 3.1 kB

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
#''' phish_fromStruct.py
#
# This file receives a filled-in phishStruct and generates an
# IODEF-compliant APWG PhraudReport document and sends it in.
#
# [1] - pcain@apwg.org - 8/2012
#
#'''
import uuid, sys, time, getopt
from datetime import datetime
import ConfigParser, StringIO
sys.path.append('../common')
sys.path.append('../')
import iodef
from send_to_apwg import send_to_apwg
#from askQuestions_phish import askQuestions
from buildIODEF import build_IODEF
from build_phish import build_eventData, build_phraudReport
CONFIG = "./iodef_phish_config.ini"
def readConfig( configFile ):
config = ConfigParser.SafeConfigParser()
config.read( configFile )
return config
#--------- MAIN -------------
def usage():
print "Call with a phishStruct filename."
def main(argv):
_language = "en-US"
_testing = False
_dump = False
configFile = "iodef_phish_config.ini"
msg=""
try:
opts, args = getopt.getopt(argv, "htdl:m:c:", ["help", "testing", "dump", "language=", "msg=", "config="])
except getopt.GetoptError:
usage()
sys.exit(2)
for opt, arg in opts:
if opt in ("-h", "--help"):
usage()
sys.exit()
elif opt == '-t':
_testing = True
from phishStruct_test import phishStruct
elif opt == '-l':
_language = arg
elif opt == '-d':
_dump = True
elif opt == '-m':
msg = open( arg, 'r')
elif opt =='-c':
configFile = arg
if not _testing:
phishStruct = {}
''' Step 1: Read static configs '''
config = readConfig( configFile )
''' Step 2: Get data about infected system '''
# Questions are too hard, use the struct or the web page.
# if not _testing:
# askQuestions(_language, phishStruct)
''' Step 3: Build phishDetails Element '''
phishz = build_phraudReport( config, phishStruct, phishStruct.get('message', msg))
eData = build_eventData( config, phishz,
impactStr = phishStruct.get('impact', config.get('iodef-Event','Impact')),
methodStr = phishStruct.get('method', config.get('iodef-Event','Method')),
descriptionStr = phishStruct.get('description', config.get('iodef-Event','Description')),
detectTimeStr = phishStruct.get( 'datetime', datetime.utcnow().replace(microsecond=0)) )
''' Step 4: Encase phishDetails into Incident '''
incident = build_IODEF(config, eData)
''' Step 5: Put the actual IODEF-Doc together. '''
doc = iodef.base.IODEF_Document.factory()
doc.add_Incident(incident)
doc.lang = config.get('iodef','Language')
''' Step 6: Send the completed doc to a repository. '''
docString = StringIO.StringIO()
doc.export(docString,0)
if _dump:
print docString.getvalue()
else:
errcode, docId, errmsg = send_to_apwg(config, docString.getvalue())
if errcode == 201:
print "ERROR! "
print "Error: %s - incidentId: %s - Msg: %s" % (errcode,docId,errmsg)
# Implied exit
if __name__ == '__main__':
import pdb; pdb.set_trace()
main(sys.argv[1:])

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks