aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2025-12-18 06:24:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add support for logging downloaded files via dblog

Browse Source 
New mysql table "downloads", see doc/sql/update7.sql



git-svn-id: https://kippo.googlecode.com/svn/trunk@224 951d7100-d841-11de-b865-b3884708a8e2
This commit is contained in:
desaster
2013-01-08 17:31:29 +00:00
parent 96265ebe03
commit 3a7bcc0ff5
5 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
doc/sql/mysql.sql
View File

@@ -49,3 +49,13 @@ CREATE TABLE `ttylog` (
`ttylog` mediumblob NOT NULL, `ttylog` mediumblob NOT NULL,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
) ; ) ;
CREATE TABLE `downloads` (
`id` int(11) NOT NULL auto_increment,
`session` CHAR( 32 ) NOT NULL,
`timestamp` datetime NOT NULL,
`url` text NOT NULL,
`outfile` text NOT NULL,
PRIMARY KEY (`id`),
KEY `session` (`session`,`timestamp`)
) ;

9
doc/sql/update7.sql Normal file
View File

@@ -0,0 +1,9 @@
CREATE TABLE IF NOT EXISTS `downloads` (
`id` int(11) NOT NULL auto_increment,
`session` CHAR( 32 ) NOT NULL,
`timestamp` datetime NOT NULL,
`url` text NOT NULL,
`outfile` text NOT NULL,
PRIMARY KEY (`id`),
KEY `session` (`session`,`timestamp`)
) ;

2
kippo/commands/wget.py
View File

@@ -65,6 +65,8 @@ class command_wget(HoneyPotCommand):
(self.honeypot.env.cfg.get('honeypot', 'download_path'), (self.honeypot.env.cfg.get('honeypot', 'download_path'),
time.strftime('%Y%m%d%H%M%S'), time.strftime('%Y%m%d%H%M%S'),
re.sub('[^A-Za-z0-9]', '_', url)) re.sub('[^A-Za-z0-9]', '_', url))
self.honeypot.logDispatch(
'Downloading URL (%s) to %s' % (url, self.safeoutfile))
self.deferred = self.download(url, outfile, self.deferred = self.download(url, outfile,
file(self.safeoutfile, 'wb')) file(self.safeoutfile, 'wb'))
if self.deferred: if self.deferred:

6
kippo/core/dblog.py
View File

@@ -29,6 +29,8 @@ class DBLogger(object):
self.handleCommand), self.handleCommand),
('^:dispatch: Command not found: (?P<input>.*)$', ('^:dispatch: Command not found: (?P<input>.*)$',
self.handleUnknownCommand), self.handleUnknownCommand),
('^:dispatch: Downloading URL \((?P<url>.*)\) to (?P<outfile>.*)$',
self.handleFileDownload),
('^INPUT \((?P<realm>[a-zA-Z0-9]+)\): (?P<input>.*)$', ('^INPUT \((?P<realm>[a-zA-Z0-9]+)\): (?P<input>.*)$',
self.handleInput), self.handleInput),
('^Terminal size: (?P<height>[0-9]+) (?P<width>[0-9]+)$', ('^Terminal size: (?P<height>[0-9]+) (?P<width>[0-9]+)$',
@@ -138,4 +140,8 @@ class DBLogger(object):
def handleClientVersion(self, session, args): def handleClientVersion(self, session, args):
pass pass
# args has: url, outfile
def handleFileDownload(self, session, args):
pass
# vim: set sw=4 et: # vim: set sw=4 et:

6
kippo/dblog/mysql.py
View File

@@ -135,4 +135,10 @@ class DBLogger(dblog.DBLogger):
'UPDATE `sessions` SET `client` = %s WHERE `id` = %s', 'UPDATE `sessions` SET `client` = %s WHERE `id` = %s',
(id, session)) (id, session))
def handleFileDownload(self, session, args):
self.simpleQuery('INSERT INTO `downloads`' + \
' (`session`, `timestamp`, `url`, `outfile`)' + \
' VALUES (%s, FROM_UNIXTIME(%s), %s, %s)',
(session, self.nowUnix(), args['url'], args['outfile']))
# vim: set sw=4 et: # vim: set sw=4 et: