CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

chg: [PgpDump] fix graph + add new tags: pgp-signature pgp-public-key-block + avoid keys injection in pgp user_id

pull/422/head
Terrtia 2019-05-20 11:57:49 +02:00
parent 7e8ba8cdaf
commit 9639a51abd
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
5 changed files with 54 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
bin/Keys.py
View File

@ -25,13 +25,26 @@ from Helper import Process
def search_key(paste): def search_key(paste):
content = paste.get_p_content() content = paste.get_p_content()
find = False find = False
get_pgp_content = False
if '-----BEGIN PGP MESSAGE-----' in content: if '-----BEGIN PGP MESSAGE-----' in content:
publisher.warning('{} has a PGP enc message'.format(paste.p_name)) publisher.warning('{} has a PGP enc message'.format(paste.p_name))
msg = 'infoleak:automatic-detection="pgp-message";{}'.format(message) msg = 'infoleak:automatic-detection="pgp-message";{}'.format(message)
p.populate_set_out(msg, 'Tags') p.populate_set_out(msg, 'Tags')
get_pgp_content = True
find = True find = True
if '-----BEGIN PGP PUBLIC KEY BLOCK-----' in content:
msg = 'infoleak:automatic-detection="pgp-public-key-block";{}'.format(message)
p.populate_set_out(msg, 'Tags')
get_pgp_content = True
if '-----BEGIN PGP SIGNATURE-----' in content:
msg = 'infoleak:automatic-detection="pgp-signature";{}'.format(message)
p.populate_set_out(msg, 'Tags')
get_pgp_content = True
if '-----BEGIN CERTIFICATE-----' in content: if '-----BEGIN CERTIFICATE-----' in content:
publisher.warning('{} has a certificate message'.format(paste.p_name)) publisher.warning('{} has a certificate message'.format(paste.p_name))
@ -108,13 +121,8 @@ def search_key(paste):
p.populate_set_out(msg, 'Tags') p.populate_set_out(msg, 'Tags')
find = True find = True
if '-----BEGIN PGP PUBLIC KEY BLOCK-----' in content: # pgp content
p.populate_set_out(message, 'PgpDump') if get_pgp_content:
if '-----BEGIN PGP SIGNATURE-----' in content:
p.populate_set_out(message, 'PgpDump')
if '-----BEGIN PGP MESSAGE-----' in content:
p.populate_set_out(message, 'PgpDump') p.populate_set_out(message, 'PgpDump')
if find : if find :

3
bin/PgpDump.py
View File

@ -68,6 +68,9 @@ def get_pgp_packet(save_path):
def extract_id_from_output(pgp_dump_outpout): def extract_id_from_output(pgp_dump_outpout):
all_user_id = set(re.findall(regex_user_id, pgp_dump_outpout)) all_user_id = set(re.findall(regex_user_id, pgp_dump_outpout))
for user_id in all_user_id: for user_id in all_user_id:
# avoid key injection in user_id:
pgp_dump_outpout.replace(user_id, '', 1)
user_id = user_id.replace(user_id_str, '', 1) user_id = user_id.replace(user_id_str, '', 1)
mail = None mail = None
if ' <' in user_id: if ' <' in user_id:

43
var/www/modules/hashDecoded/Flask_hashDecoded.py
View File

@ -1014,35 +1014,44 @@ def pgp_range_type_json():
return jsonify(range_type) return jsonify(range_type)
@hashDecoded.route('/decoded/pgp_by_type_json') #################################### @hashDecoded.route('/decoded/pgp_by_type_json') ## TODO: REFRACTOR
def pgp_by_type_json(): def pgp_by_type_json():
type_id = request.args.get('type_id') type_id = request.args.get('type_id')
date_from = request.args.get('date_from')
if date_from is None:
date_from = datetime.date.today().strftime("%Y%m%d")
#retrieve + char #retrieve + char
type_id = type_id.replace(' ', '+') type_id = type_id.replace(' ', '+')
default = False
if type_id is None:
default = True
all_type = ['key', 'name', 'mail']
else:
all_type = [ type_id ]
num_day_type = 30 num_day_type = 30
date_range = get_date_range(num_day_type) date_range = get_date_range(num_day_type)
#verify input #verify input
if verify_pgp_type_id(type_id): if verify_pgp_type_id(type_id) or default:
r_serv_metadata.smembers('hash_all_type'):
type_value = []
all_decoder = r_serv_metadata.smembers('all_decoder')
range_decoder = []
for date in date_range:
day_decoder = {}
day_decoder['date']= date[0:4] + '-' + date[4:6] + '-' + date[6:8]
for decoder in all_decoder:
num_day_decoder = r_serv_metadata.zscore(decoder+'_type:'+type, date)
if num_day_decoder is None:
num_day_decoder = 0
day_decoder[decoder]= num_day_decoder
range_decoder.append(day_decoder)
type_value = []
range_decoder = []
for date in date_range:
day_type_id = {}
day_type_id['date']= date[0:4] + '-' + date[4:6] + '-' + date[6:8]
for type_pgp in all_type:
all_vals_key = r_serv_metadata.hvals('pgp:{}:date'.format(type_id, date))
num_day_type_id = 0
if all_vals_key is not None:
for val_key in all_vals_key:
num_day_type_id += int(val_key)
day_type_id[type_pgp]= num_day_type_id
range_decoder.append(day_type_id)
return jsonify(range_decoder) return jsonify(range_decoder)
else: else:

15
var/www/modules/hashDecoded/templates/PgpDecoded.html
View File

@ -187,7 +187,7 @@
{ {
$('#date-range-from-input').val(s1); $('#date-range-from-input').val(s1);
$('#date-range-to-input').val(s2); $('#date-range-to-input').val(s2);
} },
}); });
$('#date-range-to').dateRangePicker({ $('#date-range-to').dateRangePicker({
separator : ' to ', separator : ' to ',
@ -202,18 +202,22 @@
{ {
$('#date-range-from-input').val(s1); $('#date-range-from-input').val(s1);
$('#date-range-to-input').val(s2); $('#date-range-to-input').val(s2);
} },
}); });
$('#date-range-from').data('dateRangePicker').setDateRange('{{date_from}}','{{date_to}}');
$('#date-range-to').data('dateRangePicker').setDateRange('{{date_from}}','{{date_to}}');
$('#tableb64').DataTable({ $('#tableb64').DataTable({
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]], "aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
"iDisplayLength": 10, "iDisplayLength": 10,
"order": [[ 3, "desc" ]] "order": [[ 3, "desc" ]]
}); });
{% if type %} {% if type_id %}
//chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_by_type_json') }}?type_id={{type}}", 'id'); //chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_by_type_json') }}?date_from={{daily_date}}&type_id={{type_id}}", 'id');
{% elif daily_type_chart %} chart.stackBarChart = barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{date_from}}&date_to={{date_to}}&type_id={{type_id}}", 'id');
{% elif type_id or daily_type_chart %}
chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{daily_date}}&date_to={{daily_date}}", 'id'); chart.stackBarChart =barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{daily_date}}&date_to={{daily_date}}", 'id');
{% else %} {% else %}
chart.stackBarChart = barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{date_from}}&date_to={{date_to}}", 'id'); chart.stackBarChart = barchart_type_stack("{{ url_for('hashDecoded.pgp_range_type_json') }}?date_from={{date_from}}&date_to={{date_to}}", 'id');
@ -243,7 +247,6 @@ function toggle_sidebar(){
} }
</script> </script>
<script> <script>
//var data = [6,3,3,2,5,3,9];
// a sparklines plot // a sparklines plot
function sparklines(id, points) { function sparklines(id, points) {

2
var/www/templates/decoded/menu_sidebar.html
View File

@ -22,7 +22,7 @@
</h5> </h5>
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills--> <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="{{url_for('hashDecoded.hashDecoded_page')}}" id="nav_dashboard_pgp"> <a class="nav-link" href="{{url_for('hashDecoded.pgpdump_page')}}" id="nav_dashboard_pgp">
<i class="fas fa-search"></i> <i class="fas fa-search"></i>
<span>PGP Dumps</span> <span>PGP Dumps</span>
</a> </a>