AIL-framework/bin/DomClassifier.py

95 lines
3.1 KiB
Python
Raw Normal View History

2018-05-04 13:53:29 +02:00
#!/usr/bin/env python3
# -*-coding:UTF-8 -*
"""
The DomClassifier Module
============================
2018-04-16 14:50:04 +02:00
The DomClassifier modules extract and classify Internet domains/hostnames/IP addresses from
the out output of the Global module.
"""
2021-04-28 15:24:33 +02:00
##################################
# Import External packages
##################################
import os
import sys
import time
import DomainClassifier.domainclassifier
2021-04-28 15:24:33 +02:00
##################################
# Import Project packages
##################################
from module.abstract_module import AbstractModule
from packages.Item import Item
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'lib'))
import d4
import item_basic
2021-04-28 15:24:33 +02:00
class DomClassifier(AbstractModule):
"""
DomClassifier module for AIL framework
"""
2021-04-28 15:24:33 +02:00
def __init__(self):
super(DomClassifier, self).__init__()
2021-04-28 15:24:33 +02:00
# Waiting time in secondes between to message proccessed
self.pending_seconds = 1
2021-04-28 15:24:33 +02:00
addr_dns = self.process.config.get("DomClassifier", "dns")
2021-04-28 15:24:33 +02:00
self.c = DomainClassifier.domainclassifier.Extract(rawtext="", nameservers=[addr_dns])
2021-04-28 15:24:33 +02:00
self.cc = self.process.config.get("DomClassifier", "cc")
self.cc_tld = self.process.config.get("DomClassifier", "cc_tld")
2021-04-28 15:24:33 +02:00
# Send module state to logs
self.redis_logger.info(f"Module: {self.module_name} Launched")
2018-04-20 10:42:19 +02:00
def compute(self, message, r_result=False):
item = Item(message)
2021-04-28 15:24:33 +02:00
item_content = item.get_content()
item_basename = item.get_basename()
item_date = item.get_date()
item_source = item.get_source()
2021-04-28 15:24:33 +02:00
try:
mimetype = item_basic.get_item_mimetype(item.get_id())
if mimetype.split('/')[0] == "text":
2021-04-28 15:24:33 +02:00
self.c.text(rawtext=item_content)
self.c.potentialdomain()
self.c.validdomain(passive_dns=True, extended=False)
#self.redis_logger.debug(self.c.vdomain)
2021-04-28 15:24:33 +02:00
if self.c.vdomain and d4.is_passive_dns_enabled():
for dns_record in self.c.vdomain:
self.send_message_to_queue(dns_record)
2021-04-28 15:24:33 +02:00
localizeddomains = self.c.include(expression=self.cc_tld)
if localizeddomains:
print(localizeddomains)
self.redis_logger.warning(f"DomainC;{item_source};{item_date};{item_basename};Checked {localizeddomains} located in {self.cc_tld};{item.get_id()}")
localizeddomains = self.c.localizedomain(cc=self.cc)
if localizeddomains:
print(localizeddomains)
self.redis_logger.warning(f"DomainC;{item_source};{item_date};{item_basename};Checked {localizeddomains} located in {self.cc};{item.get_id()}")
if r_result:
return self.c.vdomain
2021-04-28 15:24:33 +02:00
except IOError as err:
self.redis_logger.error(f"Duplicate;{item_source};{item_date};{item_basename};CRC Checksum Failed")
raise Exception(f"CRC Checksum Failed on: {item.get_id()}")
if __name__ == "__main__":
2021-04-28 15:24:33 +02:00
module = DomClassifier()
module.run()