diff --git a/bin/lib/Tracker.py b/bin/lib/Tracker.py index f06f9df5..fb5ab736 100755 --- a/bin/lib/Tracker.py +++ b/bin/lib/Tracker.py @@ -117,7 +117,7 @@ def get_tracker_mails(tracker_uuid): return list(r_serv_tracker.smembers('tracker:mail:{}'.format(tracker_uuid))) def get_tracker_webhook(tracker_uuid): - return r_serv_tracker.hget('tracker:{}'.format(tracker_uuid), 'webhook') + return r_serv_tracker.hget(f'tracker:{tracker_uuid}', 'webhook') def get_tracker_uuid_sources(tracker_uuid): return list(r_serv_tracker.smembers(f'tracker:sources:{tracker_uuid}')) @@ -223,14 +223,14 @@ def get_tracker_typosquatting_domains(tracker_uuid): return r_serv_tracker.smembers(f'tracker:typosquatting:{tracker_uuid}') def get_typosquatting_tracked_words_list(): - all_typo = dict() + typosquattings = {} typos_uuid = get_all_tracker_uuid_by_type("typosquatting") for typo_uuid in typos_uuid: tracker = get_tracker_by_uuid(typo_uuid) - all_typo[tracker] = get_tracker_typosquatting_domains(typo_uuid) + typosquattings[tracker] = get_tracker_typosquatting_domains(typo_uuid) - return all_typo + return typosquattings def add_tracked_item(tracker_uuid, item_id): @@ -301,7 +301,7 @@ def get_email_subject(tracker_uuid): return 'AIL framework: {}'.format(tracker_description) def get_tracker_last_updated_by_type(tracker_type): - epoch_update = r_serv_tracker.get('tracker:refresh:{}'.format(tracker_type)) + epoch_update = r_serv_tracker.get(f'tracker:refresh:{tracker_type}') if not epoch_update: epoch_update = 0 return float(epoch_update) @@ -434,7 +434,7 @@ def api_validate_tracker_to_add(tracker , tracker_type, nb_words=1): return {"status": "error", "reason": "Only one domain is accepted at a time"}, 400 if not "." in tracker: return {"status": "error", "reason": "Invalid domain name"}, 400 - + elif tracker_type=='yara_custom': if not is_valid_yara_rule(tracker): diff --git a/bin/trackers/Tracker_Typo_Squatting.py b/bin/trackers/Tracker_Typo_Squatting.py old mode 100644 new mode 100755 index bdbfaaf5..28c7e01f --- a/bin/trackers/Tracker_Typo_Squatting.py +++ b/bin/trackers/Tracker_Typo_Squatting.py @@ -1,5 +1,6 @@ #!/usr/bin/env python3 # -*-coding:UTF-8 -* + """ The Tracker_Typo_Squatting Module =================== @@ -22,7 +23,6 @@ sys.path.append(os.environ['AIL_BIN']) from modules.abstract_module import AbstractModule import NotificationHelper from packages.Item import Item -from packages import Term from lib import Tracker class Tracker_Typo_Squatting(AbstractModule): @@ -47,7 +47,7 @@ class Tracker_Typo_Squatting(AbstractModule): def compute(self, message): # refresh Tracked typo - if self.last_refresh_typosquat < Term.get_tracked_term_last_updated_by_type('typosquatting'): + if self.last_refresh_typosquat < Tracker.get_tracker_last_updated_by_type('typosquatting'): self.typosquat_tracked_words_list = Tracker.get_typosquatting_tracked_words_list() self.last_refresh_typosquat = time.time() self.redis_logger.debug('Tracked typosquatting refreshed') @@ -55,62 +55,65 @@ class Tracker_Typo_Squatting(AbstractModule): host, id = message.split() item = Item(id) - + # Cast message as Item - for key in self.typosquat_tracked_words_list.keys(): + for key in self.typosquat_tracked_words_list: #print(key) if host in self.typosquat_tracked_words_list[key]: - self.new_term_found(key, 'typosquatting', item) - - def new_term_found(self, term, term_type, item): - uuid_list = Term.get_term_uuid_list(term, term_type) + self.new_tracker_found(key, 'typosquatting', item) + def new_tracker_found(self, tracker, tracker_type, item): item_id = item.get_id() item_date = item.get_date() item_source = item.get_source() - self.redis_logger.info(f'new tracked typo found: {term} in {item_id}') - print(f'new tracked typo found: {term} in {item_id}') - for term_uuid in uuid_list: - tracker_sources = Tracker.get_tracker_uuid_sources(term_uuid) - if not tracker_sources or item_source in tracker_sources: - Tracker.add_tracked_item(term_uuid, item_id) + #self.redis_logger.info(f'new tracked typo found: {tracker} in {item_id}') + print(f'new tracked typosquatting found: {tracker} in {item_id}') - tags_to_add = Term.get_term_tags(term_uuid) - for tag in tags_to_add: - msg = '{};{}'.format(tag, item_id) - self.send_message_to_queue(msg, 'Tags') + print(Tracker.get_tracker_uuid_list(tracker, tracker_type)) + for tracker_uuid in Tracker.get_tracker_uuid_list(tracker, tracker_type): + # Source Filtering + tracker_sources = Tracker.get_tracker_uuid_sources(tracker) + if tracker_sources and item_source not in tracker_sources: + continue - mail_to_notify = Term.get_term_mails(term_uuid) - if mail_to_notify: - mail_subject = Tracker.get_email_subject(term_uuid) - mail_body = Tracker_Typo_Squatting.mail_body_template.format(term, item_id, self.full_item_url, item_id) - for mail in mail_to_notify: - self.redis_logger.debug(f'Send Mail {mail_subject}') - print(f'S print(item_content)end Mail {mail_subject}') - NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body) + Tracker.add_tracked_item(tracker_uuid, item_id) - # Webhook - webhook_to_post = Term.get_term_webhook(term_uuid) - if webhook_to_post: - json_request = {"trackerId": term_uuid, - "itemId": item_id, - "itemURL": self.full_item_url + item_id, - "term": term, - "itemSource": item_source, - "itemDate": item_date, - "tags": tags_to_add, - "emailNotification": f'{mail_to_notify}', - "trackerType": term_type - } - try: - response = requests.post(webhook_to_post, json=json_request) - if response.status_code >= 400: - self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}") - except: - self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: Something went wrong") + # Tags + tags_to_add = Tracker.get_tracker_tags(tracker_uuid) + for tag in tags_to_add: + msg = f'{tag};{item_id}' + self.send_message_to_queue(msg, 'Tags') + + mail_to_notify = Tracker.get_tracker_mails(tracker_uuid) + if mail_to_notify: + mail_subject = Tracker.get_email_subject(tracker_uuid) + mail_body = Tracker_Typo_Squatting.mail_body_template.format(tracker, item_id, self.full_item_url, item_id) + for mail in mail_to_notify: + NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body) + + # Webhook + webhook_to_post = Tracker.get_tracker_webhook(tracker_uuid) + if webhook_to_post: + json_request = {"trackerId": tracker_uuid, + "itemId": item_id, + "itemURL": self.full_item_url + item_id, + "tracker": tracker, + "itemSource": item_source, + "itemDate": item_date, + "tags": tags_to_add, + "emailNotification": f'{mail_to_notify}', + "trackerType": tracker_type + } + try: + response = requests.post(webhook_to_post, json=json_request) + if response.status_code >= 400: + self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}") + except: + self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: Something went wrong") if __name__ == '__main__': module = Tracker_Typo_Squatting() module.run() + #module.compute('g00gle.com tests/2020/01/01/test.gz')