test

1. # -*- coding: utf-8 -*-
2. """
3. Created on Thu Feb 20 20:29:30 2020
4.  
5. @author: anjonsunny
6. """
7.  
8. import time
9. #Required import
10. from Trigger.trigger import Trigger
11.  
12. #Required class name that inherits Trigger
13. class MyTrigger(Trigger):
14.  
15.  
16. print("hi")
17.  
18.  
19. #Required function
20. def process_data(self):
21. #forever loop to process data
22. #numAlerts = 0
23. #get the cc_node numbers
24. nodes = self.get_cc_node_numbers()
25. self.set_active_conn(nodes[1])
26.  
27.  
28.  
29. #check again
30. scannerFeature = {}
31. scannerFeature['nmap'] = {'fixed' : 0, 'random' : 1, 'asc' : 0, 'dsc' : 0, 'seq': 0, 'totport' : 1000}
32. scannerFeature['nessus'] = {'fixed' : 1, 'random' : 1, 'asc' : 0, 'dsc' : 0, 'seq': 0, 'totport' : 4790}
33. scannerFeature['nikto'] = {'fixed' : 1, 'random' : 0, 'asc' : 0, 'dsc' : 0, 'seq': 0, 'totport' : 1}
34. scannerFeature['netcat'] = {'fixed' : 1, 'random' : 0, 'asc' : 0, 'dsc' : 1, 'seq': 0, 'totport' : 10000}
35. scannerFeature['metasploit'] = {'fixed' : 1, 'random' : 0, 'asc' : 1, 'dsc' : 0, 'seq': 0, 'totport' : 10000}
36. scannerFeature['unicornscan'] = {'fixed' : 0, 'random' : 1, 'asc' : 0, 'dsc' : 0, 'seq': 0, 'totport' : 338}
37. scannerFeature['angryip'] = {'fixed' : 1, 'random' : 0, 'asc' : 1, 'dsc' : 0, 'seq': 0, 'totport' : 10000}
38. scannerFeature['zenmap'] = {'fixed' : 0, 'random' : 1, 'asc' : 0, 'dsc' : 0, 'seq': 0, 'totport' : 1000}
39.  
40.  
41.  
42. #build fixed order library for the scanners
43.  
44. # fixedorders
45. fixedOrders = {}
46.  
47. for scanner in scannerFeature:
48. #print(scanner)
49. if scannerFeature[scanner]['fixed'] == 1:
50. #print(scanner + " is fixed")
51. # make a list of the port scanned by maintaining the orders
52. fixedOrders[scanner] = self.getPortsScanned(scanner)
53. #print(fixedOrders[scanner])
54.  
55.  
56.  
57.  
58. #port history
59. porthistory = {}
60. numPortsScanned = 0
61. # a dictionary for keeping the current features
62. # 1:yes, 0: no, 2: unknown
63. curStat = {}
64. curStat['fixed'] = 2
65. curStat['random'] = 2
66. curStat['asc'] = 2
67. curStat['dsc'] = 2
68. curStat['seq'] = 2
69. curStat['totport'] = 0
70.  
71.  
72.  
73. while True:
74. ####Modify to process Monitor's data and Trigger a switch####
75. # read a line of input (from Monitor's stdout)
76. data = self.read_input_line()
77. print("READ: " + str(data))
78. print("$$$$$$$$$$$$$$$And there was data $$$$$$$$$$")
79. #if data yet exists, restart loop
80. if data == None:
81. continue
82.  
83.  
84. line = str(data)
85. if line.find("{TCP}") != -1:
86. scannedport = self.getPortScanned(line)
87. print("$$$$$$$$$$$$$$$$$$$$$$$$$$port " + scannedport + " was scanned")
88. timestampindex = line.find("[**]") -1
89. timeestamp = line[0:timestampindex].strip()
90.  
91.  
92.  
93. def matchFeature(self, scannerFeature, curStat):
94.  
95.  
96. matchres = {}
97.  
98. for scanner in scannerFeature:
99.  
100.  
101. matchcount = 0
102. totalcount = 0
103.  
104. for ftr in scannerFeature[scanner]:
105. if ftr != 'totport' and scannerFeature[scanner][ftr] == curStat[ftr] and curStat[ftr] == 1:
106. matchcount = matchcount + 1
107. if scannerFeature[scanner][ftr] == 1:
108. totalcount = totalcount + 1
109. if ftr == 'totport' and scannerFeature[scanner][ftr] == curStat[ftr]:
110. totalcount = totalcount + 1
111. matchcount = matchcount + 1
112. matchres[scanner] = 100*(matchcount/(1.0*totalcount))
113. #print(scanner, totalcount, matchcount)
114.  
115. return matchres
116.  
117.  
118.  
119.  
120.  
121.  
122. def isAscending(self, porthistory):
123.  
124. portlist = self.sortedHistFrmDict(porthistory)
125. portlist = map(int, portlist)
126. if portlist == sorted(portlist):
127. #print(portlist[1:10])
128. #print(sorted(portlist)[1:10])
129. return 1
130.  
131. return 0
132.  
133.  
134.  
135.  
136. def isSeq(self, porthistory):
137.  
138. portlist = self.sortedHistFrmDict(porthistory)
139. portlist = map(int, portlist)
140. i = 1
141. while i < len(portlist):
142. if((portlist[i]) - (portlist[i - 1]) != 1):
143. return 0
144. i += 1
145. return 1
146.  
147.  
148.  
149.  
150. def portCount(self, porthistory):
151.  
152. portlist = self.sortedHistFrmDict(porthistory)
153. return len(portlist)
154.  
155.  
156.  
157.  
158. def isDscending(self, porthistory):
159.  
160. portlist = self.sortedHistFrmDict(porthistory)
161.  
162. portlist = map(int, portlist)
163.  
164. if portlist == sorted(portlist, reverse=True):
165. return 1
166.  
167. return 0
168.  
169.  
170.  
171.  
172.  
173. def sortedHistFrmDict(self, porthistory):
174.  
175. curportslistsrtd = []
176.  
177. for t in sorted (porthistory) :
178. #print ((t, porthistory[t]))
179. curportslistsrtd.append(porthistory[t])
180. #print(curportslistsrtd[1:10])
181.  
182.  
183. #remove dup
184. portlist = []
185. [portlist.append(x) for x in curportslistsrtd if x not in portlist]
186. return portlist
187.  
188.  
189.  
190.  
191.  
192.  
193. def compareScanHist(self, fixedOrders, porthistory):
194.  
195.  
196. matchres = {}
197.  
198. for scanner in fixedOrders:
199. if len(fixedOrders[scanner]) == 0:
200. return False, "None"
201. liblist = self.sortedHistFrmDict(fixedOrders[scanner])
202. curportlist = self.sortedHistFrmDict(porthistory)
203. liblist = map(int, liblist)
204. curportlist = map(int, curportlist)
205. count = 0
206. for i in range(len(curportlist)):
207. if i< len(liblist) and curportlist[i] == liblist[i]:
208. count = count + 1
209. matchres[scanner] = (count/(1.0*len(curportlist)))*100
210.  
211.  
212. return matchres
213.  
214.  
215.  
216.  
217.  
218.  
219.  
220. def getPortsScanned(self, scanner):
221.  
222.  
223. fname = scanner+"."+"log"
224. f = open(fname,"r")
225. lines = f.readlines()
226. ports = {}
227.  
228. for line in lines:
229. #print(line)
230. port = self.getPortScanned(line)
231. timestampindex = line.find("[**]") -1
232. timestamp = line[0:timestampindex].strip()
233. #ports.append(port)
234. if port not in ports:
235. ports[timestamp] = port
236. #print("time: " + timestamp)
237.  
238.  
239.  
240.  
241.  
242.  
243. def getPortScanned(self, line):
244.  
245. start = line.find("{")
246. if start >= 0:
247. #print(line[start:])
248. srcipstart = line.find("}",start+1) +1
249. #print("srcipstart: "+ str(srcipstart))
250. srcipend = line.find(":",srcipstart)
251. #print("srcipend: "+ str(srcipend))
252. srcportend = line.find(" ", srcipend)
253. #print("srcportend: "+ str(srcportend))
254.  
255. srcip = line[srcipstart:srcipend].strip()
256. #print("srcip: "+ str(srcip))
257.  
258. srcport = line[srcipend+1:srcportend].strip()
259. #print("srcport: "+ srcport)
260.  
261. #print("src ip: "+ srcip + ", "+ "src port: "+ srcport)
262. destipstart = line.find("->",srcportend+1) +2
263. #print("destipstart: "+ str(destipstart))
264. destipend = line.find(":",destipstart)
265. #print("destipend: "+ str(destipend))
266. #destportend = line.find(" ", destipend)
267. #print("destportend: "+ str(destportend))
268. dstip = line[destipstart:destipend].strip()
269. dstport = line[destipend+1:].strip()
270.  
271. #print("dest ip: "+ dstip + ", "+ "dest port: "+ dstport)
272.  
273.  
274. #print("port "+ dstport +" scanned")
275. return dstport
276.  
277.  
278.  
279.  
280.  
281.  
282.  
283.  
284.  
285.  
286.  
287.  
288.  
289.  
290.  
291.  
292. ####