mirror of https://github.com/CIRCL/AIL-framework
chg: [PgpDump] fix graph + add new tags: pgp-signature pgp-public-key-block + avoid keys injection in pgp user_id
parent
7e8ba8cdaf
commit
9639a51abd
22
bin/Keys.py
22
bin/Keys.py
|
@ -25,13 +25,26 @@ from Helper import Process
|
||||||
def search_key(paste):
|
def search_key(paste):
|
||||||
content = paste.get_p_content()
|
content = paste.get_p_content()
|
||||||
find = False
|
find = False
|
||||||
|
get_pgp_content = False
|
||||||
if '-----BEGIN PGP MESSAGE-----' in content:
|
if '-----BEGIN PGP MESSAGE-----' in content:
|
||||||
publisher.warning('{} has a PGP enc message'.format(paste.p_name))
|
publisher.warning('{} has a PGP enc message'.format(paste.p_name))
|
||||||
|
|
||||||
msg = 'infoleak:automatic-detection="pgp-message";{}'.format(message)
|
msg = 'infoleak:automatic-detection="pgp-message";{}'.format(message)
|
||||||
p.populate_set_out(msg, 'Tags')
|
p.populate_set_out(msg, 'Tags')
|
||||||
|
get_pgp_content = True
|
||||||
find = True
|
find = True
|
||||||
|
|
||||||
|
if '-----BEGIN PGP PUBLIC KEY BLOCK-----' in content:
|
||||||
|
msg = 'infoleak:automatic-detection="pgp-public-key-block";{}'.format(message)
|
||||||
|
p.populate_set_out(msg, 'Tags')
|
||||||
|
get_pgp_content = True
|
||||||
|
|
||||||
|
if '-----BEGIN PGP SIGNATURE-----' in content:
|
||||||
|
msg = 'infoleak:automatic-detection="pgp-signature";{}'.format(message)
|
||||||
|
p.populate_set_out(msg, 'Tags')
|
||||||
|
get_pgp_content = True
|
||||||
|
|
||||||
|
|
||||||
if '-----BEGIN CERTIFICATE-----' in content:
|
if '-----BEGIN CERTIFICATE-----' in content:
|
||||||
publisher.warning('{} has a certificate message'.format(paste.p_name))
|
publisher.warning('{} has a certificate message'.format(paste.p_name))
|
||||||
|
|
||||||
|
@ -108,13 +121,8 @@ def search_key(paste):
|
||||||
p.populate_set_out(msg, 'Tags')
|
p.populate_set_out(msg, 'Tags')
|
||||||
find = True
|
find = True
|
||||||
|
|
||||||
if '-----BEGIN PGP PUBLIC KEY BLOCK-----' in content:
|
# pgp content
|
||||||
p.populate_set_out(message, 'PgpDump')
|
if get_pgp_content:
|
||||||
|
|
||||||
if '-----BEGIN PGP SIGNATURE-----' in content:
|
|
||||||
p.populate_set_out(message, 'PgpDump')
|
|
||||||
|
|
||||||
if '-----BEGIN PGP MESSAGE-----' in content:
|
|
||||||
p.populate_set_out(message, 'PgpDump')
|
p.populate_set_out(message, 'PgpDump')
|
||||||
|
|
||||||
if find :
|
if find :
|
||||||
|
|
|
@ -68,6 +68,9 @@ def get_pgp_packet(save_path):
|
||||||
def extract_id_from_output(pgp_dump_outpout):
|
def extract_id_from_output(pgp_dump_outpout):
|
||||||
all_user_id = set(re.findall(regex_user_id, pgp_dump_outpout))
|
all_user_id = set(re.findall(regex_user_id, pgp_dump_outpout))
|
||||||
for user_id in all_user_id:
|
for user_id in all_user_id:
|
||||||
|
# avoid key injection in user_id:
|
||||||
|
pgp_dump_outpout.replace(user_id, '', 1)
|
||||||
|
|
||||||
user_id = user_id.replace(user_id_str, '', 1)
|
user_id = user_id.replace(user_id_str, '', 1)
|
||||||
mail = None
|
mail = None
|
||||||
if ' <' in user_id:
|
if ' <' in user_id:
|
||||||
|
|
|
@ -1014,35 +1014,44 @@ def pgp_range_type_json():
|
||||||
|
|
||||||
return jsonify(range_type)
|
return jsonify(range_type)
|
||||||
|
|
||||||
@hashDecoded.route('/decoded/pgp_by_type_json') ####################################
|
@hashDecoded.route('/decoded/pgp_by_type_json') ## TODO: REFRACTOR
|
||||||
def pgp_by_type_json():
|
def pgp_by_type_json():
|
||||||
type_id = request.args.get('type_id')
|
type_id = request.args.get('type_id')
|
||||||
|
date_from = request.args.get('date_from')
|
||||||
|
|
||||||
|
if date_from is None:
|
||||||
|
date_from = datetime.date.today().strftime("%Y%m%d")
|
||||||
|
|
||||||
#retrieve + char
|
#retrieve + char
|
||||||
type_id = type_id.replace(' ', '+')
|
type_id = type_id.replace(' ', '+')
|
||||||
|
default = False
|
||||||
|
|
||||||
|
if type_id is None:
|
||||||
|
default = True
|
||||||
|
all_type = ['key', 'name', 'mail']
|
||||||
|
else:
|
||||||
|
all_type = [ type_id ]
|
||||||
|
|
||||||
num_day_type = 30
|
num_day_type = 30
|
||||||
date_range = get_date_range(num_day_type)
|
date_range = get_date_range(num_day_type)
|
||||||
|
|
||||||
#verify input
|
#verify input
|
||||||
if verify_pgp_type_id(type_id):
|
if verify_pgp_type_id(type_id) or default:
|
||||||
|
|
||||||
r_serv_metadata.smembers('hash_all_type'):
|
|
||||||
type_value = []
|
type_value = []
|
||||||
all_decoder = r_serv_metadata.smembers('all_decoder')
|
|
||||||
|
|
||||||
range_decoder = []
|
range_decoder = []
|
||||||
for date in date_range:
|
for date in date_range:
|
||||||
day_decoder = {}
|
day_type_id = {}
|
||||||
day_decoder['date']= date[0:4] + '-' + date[4:6] + '-' + date[6:8]
|
day_type_id['date']= date[0:4] + '-' + date[4:6] + '-' + date[6:8]
|
||||||
for decoder in all_decoder:
|
for type_pgp in all_type:
|
||||||
num_day_decoder = r_serv_metadata.zscore(decoder+'_type:'+type, date)
|
all_vals_key = r_serv_metadata.hvals('pgp:{}:date'.format(type_id, date))
|
||||||
if num_day_decoder is None:
|
num_day_type_id = 0
|
||||||
num_day_decoder = 0
|
if all_vals_key is not None:
|
||||||
day_decoder[decoder]= num_day_decoder
|
for val_key in all_vals_key:
|
||||||
range_decoder.append(day_decoder)
|
num_day_type_id += int(val_key)
|
||||||
|
day_type_id[type_pgp]= num_day_type_id
|
||||||
|
range_decoder.append(day_type_id)
|
||||||
|
|
||||||
return jsonify(range_decoder)
|
return jsonify(range_decoder)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -187,7 +187,7 @@
|
||||||
{
|
{
|
||||||
$('#date-range-from-input').val(s1);
|
$('#date-range-from-input').val(s1);
|
||||||
$('#date-range-to-input').val(s2);
|
$('#date-range-to-input').val(s2);
|
||||||
}
|
},
|
||||||
});
|
});
|
||||||
$('#date-range-to').dateRangePicker({
|
$('#date-range-to').dateRangePicker({
|
||||||
separator : ' to ',
|
separator : ' to ',
|
||||||
|
@ -202,18 +202,22 @@
|
||||||
{
|
{
|
||||||
$('#date-range-from-input').val(s1);
|
$('#date-range-from-input').val(s1);
|
||||||
$('#date-range-to-input').val(s2);
|
$('#date-range-to-input').val(s2);
|
||||||
}
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
|
$('#date-range-from').data('dateRangePicker').setDateRange('{{date_from}}','{{date_to}}');
|
||||||
|
$('#date-range-to').data('dateRangePicker').setDateRange('{{date_from}}','{{date_to}}');
|
||||||
|
|
||||||
$('#tableb64').DataTable({
|
$('#tableb64').DataTable({
|
||||||
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
|
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
|
||||||
"iDisplayLength": 10,
|
"iDisplayLength": 10,
|
||||||
"order": [[ 3, "desc" ]]
|
"order": [[ 3, "desc" ]]
|
||||||
});
|
});
|
||||||
|
|
||||||
{% if type %}
|
{% if type_id %}
|
||||||
//chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_by_type_json') }}?type_id={{type}}", 'id');
|
//chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_by_type_json') }}?date_from={{daily_date}}&type_id={{type_id}}", 'id');
|
||||||
{% elif daily_type_chart %}
|
chart.stackBarChart = barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{date_from}}&date_to={{date_to}}&type_id={{type_id}}", 'id');
|
||||||
|
{% elif type_id or daily_type_chart %}
|
||||||
chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{daily_date}}&date_to={{daily_date}}", 'id');
|
chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{daily_date}}&date_to={{daily_date}}", 'id');
|
||||||
{% else %}
|
{% else %}
|
||||||
chart.stackBarChart = barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{date_from}}&date_to={{date_to}}", 'id');
|
chart.stackBarChart = barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{date_from}}&date_to={{date_to}}", 'id');
|
||||||
|
@ -243,7 +247,6 @@ function toggle_sidebar(){
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
<script>
|
<script>
|
||||||
//var data = [6,3,3,2,5,3,9];
|
|
||||||
|
|
||||||
// a sparklines plot
|
// a sparklines plot
|
||||||
function sparklines(id, points) {
|
function sparklines(id, points) {
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
</h5>
|
</h5>
|
||||||
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
|
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
<a class="nav-link" href="{{url_for('hashDecoded.hashDecoded_page')}}" id="nav_dashboard_pgp">
|
<a class="nav-link" href="{{url_for('hashDecoded.pgpdump_page')}}" id="nav_dashboard_pgp">
|
||||||
<i class="fas fa-search"></i>
|
<i class="fas fa-search"></i>
|
||||||
<span>PGP Dumps</span>
|
<span>PGP Dumps</span>
|
||||||
</a>
|
</a>
|
||||||
|
|
Loading…
Reference in New Issue