mirror of https://github.com/CIRCL/AIL-framework
chg: refractor base64 encoded to hash
parent
9a8e37fb0b
commit
bd5f83f0eb
|
@ -35,6 +35,8 @@ ARDB overview
|
|||
'vt_link' vt_link
|
||||
'vt_report' vt_report
|
||||
'nb_seen_in_all_pastes' nb_seen_in_all_pastes
|
||||
'base64_decoder' nb_encoded
|
||||
'binary_decoder' nb_encoded
|
||||
|
||||
SET - 'all_decoder' decoder*
|
||||
|
||||
|
|
|
@ -0,0 +1,133 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*-coding:UTF-8 -*
|
||||
"""
|
||||
DbDump
|
||||
|
||||
|
||||
"""
|
||||
|
||||
import time
|
||||
|
||||
from pubsublogger import publisher
|
||||
|
||||
from Helper import Process
|
||||
from packages import Paste
|
||||
|
||||
def get_lines(content):
|
||||
|
||||
is_db_leak = False
|
||||
|
||||
list_lines = content.splitlines()
|
||||
list_separators = []
|
||||
if len(list_lines) > 0:
|
||||
for line in list_lines:
|
||||
list_separators.append(search_separator(line))
|
||||
|
||||
threshold_num_separator_line = 0
|
||||
# Minimum number of separator per line
|
||||
threshold_min_separator_line = 7
|
||||
same_separator = 0
|
||||
num_separator = 0
|
||||
current_separator = ''
|
||||
|
||||
for separator in list_separators:
|
||||
if separator != '':
|
||||
#same separator on the next line
|
||||
if separator[0] == current_separator:
|
||||
if abs(separator[1] - num_separator) <= threshold_num_separator_line:
|
||||
if num_separator > threshold_min_separator_line:
|
||||
same_separator += 1
|
||||
else:
|
||||
num_separator = separator[1]
|
||||
same_separator = 0
|
||||
else:
|
||||
# FIXME: enhancement ?
|
||||
num_separator = separator[1]
|
||||
|
||||
if(same_separator >= 5):
|
||||
is_db_leak = True
|
||||
#different operator
|
||||
else:
|
||||
#change the current separator
|
||||
current_separator = separator[0]
|
||||
same_separator = 0
|
||||
num_separator = 0
|
||||
|
||||
return is_db_leak
|
||||
|
||||
|
||||
def search_separator(line):
|
||||
list_separator = []
|
||||
#count separators
|
||||
#list_separator.append( (';', line.count(';')) )
|
||||
#list_separator.append( (',', line.count(',')) )
|
||||
list_separator.append( (';', line.count(';')) )
|
||||
list_separator.append( ('|', line.count('|')) )
|
||||
#list_separator.append( (':', line.count(':')) )
|
||||
|
||||
separator = ''
|
||||
separator_number = 0
|
||||
|
||||
# line separator
|
||||
for potential_separator in list_separator:
|
||||
if potential_separator[1] > separator_number:
|
||||
separator = potential_separator[0]
|
||||
separator_number = potential_separator[1]
|
||||
|
||||
return (separator, separator_number)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
# If you wish to use an other port of channel, do not forget to run a subscriber accordingly (see launch_logs.sh)
|
||||
# Port of the redis instance used by pubsublogger
|
||||
publisher.port = 6380
|
||||
# Script is the default channel used for the modules.
|
||||
publisher.channel = 'Script'
|
||||
|
||||
# Section name in bin/packages/modules.cfg
|
||||
config_section = 'DbDump'
|
||||
|
||||
# Setup the I/O queues
|
||||
p = Process(config_section)
|
||||
|
||||
# Sent to the logging a description of the module
|
||||
publisher.info("DbDump started")
|
||||
|
||||
|
||||
|
||||
# Endless loop getting messages from the input queue
|
||||
while True:
|
||||
# Get one message from the input queue
|
||||
message = p.get_from_set()
|
||||
if message is None:
|
||||
|
||||
publisher.debug("{} queue is empty, waiting".format(config_section))
|
||||
time.sleep(1)
|
||||
continue
|
||||
|
||||
filename = message
|
||||
paste = Paste.Paste(filename)
|
||||
|
||||
# Do something with the message from the queue
|
||||
print(filename)
|
||||
content = paste.get_p_content()
|
||||
is_db_leak = get_lines(content)
|
||||
|
||||
if is_db_leak:
|
||||
|
||||
to_print = 'DbDump;{};{};{};'.format(
|
||||
paste.p_source, paste.p_date, paste.p_name)
|
||||
|
||||
print('found DbDump')
|
||||
print(to_print)
|
||||
publisher.warning('{}Checked found Database Dump;{}'.format(
|
||||
to_print, paste.p_path))
|
||||
|
||||
msg = 'dbdump;{}'.format(filename)
|
||||
p.populate_set_out(msg, 'alertHandler')
|
||||
|
||||
msg = 'dbdump;{}'.format(filename)
|
||||
p.populate_set_out(msg, 'Tags')
|
||||
|
||||
#Send to duplicate
|
||||
p.populate_set_out(filename, 'Duplicate')
|
|
@ -59,6 +59,7 @@ def decode_string(content, message, date, encoded_list, decoder_name, encoded_mi
|
|||
|
||||
# # TODO: FIXME check db
|
||||
def save_hash(decoder_name, message, date, decoded):
|
||||
print(decoder_name)
|
||||
type = magic.from_buffer(decoded, mime=True)
|
||||
print(type)
|
||||
hash = sha1(decoded).hexdigest()
|
||||
|
@ -88,6 +89,7 @@ def save_hash(decoder_name, message, date, decoded):
|
|||
if serv_metadata.zscore(decoder_name+'_hash:'+hash, message) is None:
|
||||
print('first '+decoder_name)
|
||||
serv_metadata.hincrby('metadata_hash:'+hash, 'nb_seen_in_all_pastes', 1)
|
||||
serv_metadata.hincrby('metadata_hash:'+hash, decoder_name+'_decoder', 1)
|
||||
|
||||
serv_metadata.sadd('hash_paste:'+message, hash) # paste - hash map
|
||||
serv_metadata.sadd(decoder_name+'_paste:'+message, hash) # paste - hash map
|
||||
|
@ -206,7 +208,6 @@ if __name__ == '__main__':
|
|||
date = str(paste._get_p_date())
|
||||
|
||||
for decoder in all_decoder: # add threshold and size limit
|
||||
print(decoder['name'])
|
||||
|
||||
# max execution time on regex
|
||||
signal.alarm(decoder['max_execution_time'])
|
||||
|
|
|
@ -0,0 +1,96 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*-coding:UTF-8 -*
|
||||
|
||||
"""
|
||||
The Dox Module
|
||||
======================
|
||||
|
||||
This module is consuming the Redis-list created by the Categ module.
|
||||
|
||||
"""
|
||||
|
||||
|
||||
import pprint
|
||||
import time
|
||||
from packages import Paste
|
||||
from packages import lib_refine
|
||||
from pubsublogger import publisher
|
||||
import re
|
||||
import sys
|
||||
|
||||
from Helper import Process
|
||||
|
||||
if __name__ == "__main__":
|
||||
publisher.port = 6380
|
||||
publisher.channel = "Script"
|
||||
|
||||
config_section = 'Dox'
|
||||
|
||||
p = Process(config_section)
|
||||
|
||||
# FUNCTIONS #
|
||||
publisher.info("Dox module")
|
||||
|
||||
channel = 'dox_categ'
|
||||
|
||||
regex = re.compile('name|age', re.IGNORECASE)
|
||||
|
||||
while True:
|
||||
message = p.get_from_set()
|
||||
|
||||
|
||||
if message is not None:
|
||||
filepath, count = message.split(' ')
|
||||
filename, score = message.split()
|
||||
paste = Paste.Paste(filename)
|
||||
content = paste.get_p_content()
|
||||
|
||||
count = 0
|
||||
|
||||
tmp = paste._get_word('name')
|
||||
if (len(tmp) > 0):
|
||||
print(tmp)
|
||||
count += tmp[1]
|
||||
tmp = paste._get_word('Name')
|
||||
if (len(tmp) > 0):
|
||||
print(tmp)
|
||||
count += tmp[1]
|
||||
tmp = paste._get_word('NAME')
|
||||
if (len(tmp) > 0):
|
||||
print(tmp)
|
||||
count += tmp[1]
|
||||
tmp = paste._get_word('age')
|
||||
if (len(tmp) > 0):
|
||||
count += tmp[1]
|
||||
tmp = paste._get_word('Age')
|
||||
if (len(tmp) > 0):
|
||||
count += tmp[1]
|
||||
tmp = paste._get_word('AGE')
|
||||
if (len(tmp) > 0):
|
||||
count += tmp[1]
|
||||
tmp = paste._get_word('address')
|
||||
if (len(tmp) > 0):
|
||||
count += tmp[1]
|
||||
tmp = paste._get_word('Address')
|
||||
if (len(tmp) > 0):
|
||||
count += tmp[1]
|
||||
tmp = paste._get_word('ADDRESS')
|
||||
if (len(tmp) > 0):
|
||||
count += tmp[1]
|
||||
|
||||
#dox_list = re.findall(regex, content)
|
||||
if(count > 0):
|
||||
|
||||
#Send to duplicate
|
||||
p.populate_set_out(filepath, 'Duplicate')
|
||||
#Send to alertHandler
|
||||
msg = 'dox;{}'.format(filepath)
|
||||
p.populate_set_out(msg, 'alertHandler')
|
||||
|
||||
print(filename)
|
||||
print(content)
|
||||
print('--------------------------------------------------------------------------------------')
|
||||
|
||||
else:
|
||||
publisher.debug("Script creditcard is idling 1m")
|
||||
time.sleep(10)
|
|
@ -142,10 +142,6 @@ function launching_scripts {
|
|||
sleep 0.1
|
||||
screen -S "Script_AIL" -X screen -t "Keys" bash -c './Keys.py; read x'
|
||||
sleep 0.1
|
||||
screen -S "Script_AIL" -X screen -t "Base64" bash -c './Base64.py; read x'
|
||||
sleep 0.1
|
||||
screen -S "Script_AIL" -X screen -t "Binary" bash -c './Binary.py; read x'
|
||||
sleep 0.1
|
||||
screen -S "Script_AIL" -X screen -t "Decoder" bash -c './Decoder.py; read x'
|
||||
sleep 0.1
|
||||
screen -S "Script_AIL" -X screen -t "Bitcoin" bash -c './Bitcoin.py; read x'
|
||||
|
|
|
@ -121,14 +121,6 @@ publish = Redis_Duplicate,Redis_alertHandler,Redis_Tags
|
|||
subscribe = Redis_Global
|
||||
publish = Redis_Duplicate,Redis_alertHandler,Redis_Tags
|
||||
|
||||
[Base64]
|
||||
subscribe = Redis_Global
|
||||
publish = Redis_Duplicate,Redis_alertHandler,Redis_Tags
|
||||
|
||||
[Binary]
|
||||
subscribe = Redis_Global
|
||||
publish = Redis_Duplicate,Redis_alertHandler,Redis_Tags
|
||||
|
||||
[Bitcoin]
|
||||
subscribe = Redis_Global
|
||||
publish = Redis_Duplicate,Redis_alertHandler,Redis_Tags
|
||||
|
|
|
@ -1,179 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>Analysis Information Leak framework Dashboard</title>
|
||||
|
||||
<!-- Core CSS -->
|
||||
<link href="{{ url_for('static', filename='css/bootstrap.min.css') }}" rel="stylesheet">
|
||||
<link href="{{ url_for('static', filename='font-awesome/css/font-awesome.css') }}" rel="stylesheet">
|
||||
<link href="{{ url_for('static', filename='css/sb-admin-2.css') }}" rel="stylesheet">
|
||||
<link href="{{ url_for('static', filename='css/dataTables.bootstrap.css') }}" rel="stylesheet" type="text/css" />
|
||||
<!-- JS -->
|
||||
<script language="javascript" src="{{ url_for('static', filename='js/jquery.js')}}"></script>
|
||||
<script src="{{ url_for('static', filename='js/bootstrap.min.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/jquery.flot.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/jquery.flot.time.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/jquery.flot.stack.js') }}"></script>
|
||||
<script language="javascript" src="{{ url_for('static', filename='js/d3.js') }}"></script>
|
||||
<style>
|
||||
.red_table thead{
|
||||
background: #d91f2d;
|
||||
color: #fff;
|
||||
}
|
||||
.bar {
|
||||
fill: steelblue;
|
||||
}
|
||||
.bar:hover{
|
||||
fill: brown;
|
||||
}
|
||||
|
||||
.bar span {
|
||||
position: relative;
|
||||
}
|
||||
|
||||
.bar span .tooltiptext {
|
||||
visibility: hidden;
|
||||
width: 120px;
|
||||
background-color: #555;
|
||||
color: #fff;
|
||||
text-align: center;
|
||||
border-radius: 6px;
|
||||
padding: 5px 0;
|
||||
position: absolute;
|
||||
z-index: 1;
|
||||
bottom: 125%;
|
||||
left: 50%;
|
||||
margin-left: -60px;
|
||||
opacity: 0;
|
||||
transition: opacity 0.3s;
|
||||
}
|
||||
|
||||
|
||||
.bar span:hover .tooltiptext {
|
||||
visibility: visible;
|
||||
opacity: 1;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
{% include 'navbar.html' %}
|
||||
|
||||
<div id="page-wrapper">
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<h1 class="page-header" data-page="page-termsfrequency" >Base64 Files</h1>
|
||||
</div>
|
||||
<!-- /.col-lg-12 -->
|
||||
|
||||
<div id="barchart_type">
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<!-- /.row -->
|
||||
|
||||
<script>
|
||||
$(document).ready(function(){
|
||||
activePage = "page-base64Decoded"
|
||||
$("#"+activePage).addClass("active");
|
||||
barchart_type('url', 'id')
|
||||
});
|
||||
</script>
|
||||
|
||||
<script>
|
||||
function barchart_type(url, id) {
|
||||
|
||||
|
||||
var margin = {top: 20, right: 20, bottom: 70, left: 40};
|
||||
|
||||
var width = 960 - margin.left - margin.right;
|
||||
var height = 500 - margin.top - margin.bottom;
|
||||
|
||||
var x = d3.scaleBand().rangeRound([0, width]).padding(0.1);
|
||||
var y = d3.scaleLinear().rangeRound([height, 0]);
|
||||
|
||||
var xAxis = d3.axisBottom(x)
|
||||
//.tickFormat(d3.time.format("%Y-%m"));
|
||||
|
||||
var yAxis = d3.axisLeft(y)
|
||||
.ticks(10);
|
||||
|
||||
var svg = d3.select("#barchart_type").append("svg")
|
||||
.attr("width", width + margin.left + margin.right)
|
||||
.attr("height", height + margin.top + margin.bottom)
|
||||
.append("g")
|
||||
.attr("transform",
|
||||
"translate(" + margin.left + "," + margin.top + ")");
|
||||
|
||||
|
||||
d3.json("/base64Decoded/hash_by_type_json?type={{type}}")
|
||||
.then(function(data){
|
||||
|
||||
data.forEach(function(d) {
|
||||
d.value = +d.value;
|
||||
});
|
||||
|
||||
x.domain(data.map(function(d) { return d.date.substring(5); }));
|
||||
y.domain([0, d3.max(data, function(d) { return d.value; })]);
|
||||
|
||||
var label = svg.append("g")
|
||||
.attr("class", "x axis")
|
||||
.attr("transform", "translate(0," + height + ")")
|
||||
.call(xAxis)
|
||||
.selectAll("text")
|
||||
.style("text-anchor", "end")
|
||||
.attr("dx", "-.8em")
|
||||
.attr("dy", "-.55em")
|
||||
.attr("transform", "rotate(-70)" );
|
||||
|
||||
svg.append("g")
|
||||
.attr("class", "y axis")
|
||||
.call(yAxis)
|
||||
.append("text")
|
||||
.attr("transform", "rotate(-90)")
|
||||
.attr("y", 6)
|
||||
.attr("dy", ".71em")
|
||||
.style("text-anchor", "end")
|
||||
.text("Value ($)");
|
||||
|
||||
var bar = svg.selectAll("bar")
|
||||
.data(data)
|
||||
.enter().append("rect")
|
||||
.attr("class", "bar")
|
||||
//.style("fill", "steelblue")
|
||||
.attr("x", function(d) { return x(d.date.substring(5)); })
|
||||
.attr("width", x.bandwidth())
|
||||
.attr("y", function(d) { return y(d.value); })
|
||||
.attr("height", function(d) { return height - y(d.value); })
|
||||
.on("click", function(d){ window.location.href = "/base64Decoded/" +'?type={{type}}&date_from='+ d.date +'&date_to='+ d.date; });
|
||||
|
||||
bar.append("span")
|
||||
.attr("class", "tooltiptext")
|
||||
.text('bonjour');
|
||||
|
||||
data.forEach(function(d) {
|
||||
if(d.value != 0){
|
||||
svg.append("text")
|
||||
.attr("class", "bar")
|
||||
.attr("dy", "-.35em")
|
||||
//.text(function(d) { return d.value; });
|
||||
.text(d.value)
|
||||
.attr('x', x(d.date.substring(5)) + x.bandwidth()/4)
|
||||
.attr('y', y(d.value));
|
||||
}
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
}
|
||||
</script>
|
||||
|
||||
</body>
|
||||
|
||||
</html>
|
|
@ -1,229 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<title>Analysis Information Leak framework Dashboard</title>
|
||||
|
||||
<!-- Core CSS -->
|
||||
<link href="{{ url_for('static', filename='css/bootstrap.min.css') }}" rel="stylesheet">
|
||||
<link href="{{ url_for('static', filename='font-awesome/css/font-awesome.css') }}" rel="stylesheet">
|
||||
<link href="{{ url_for('static', filename='css/sb-admin-2.css') }}" rel="stylesheet">
|
||||
<link href="{{ url_for('static', filename='css/dataTables.bootstrap.css') }}" rel="stylesheet" type="text/css" />
|
||||
<!-- JS -->
|
||||
<script language="javascript" src="{{ url_for('static', filename='js/jquery.js')}}"></script>
|
||||
<script src="{{ url_for('static', filename='js/bootstrap.min.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/jquery.flot.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/jquery.flot.time.js') }}"></script>
|
||||
<script src="{{ url_for('static', filename='js/jquery.flot.stack.js') }}"></script>
|
||||
<script language="javascript" src="{{ url_for('static', filename='js/d3.js') }}"></script>
|
||||
<style>
|
||||
.red_table thead{
|
||||
background: #d91f2d;
|
||||
color: #fff;
|
||||
}
|
||||
.bar_stack:hover{
|
||||
fill: brown;
|
||||
}
|
||||
|
||||
.bar_stack span {
|
||||
position: relative;
|
||||
}
|
||||
|
||||
.svgText {
|
||||
pointer-events: none;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div id="page-wrapper">
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<h1 class="page-header" data-page="page-termsfrequency" >Base64 Files</h1>
|
||||
</div>
|
||||
<!-- /.col-lg-12 -->
|
||||
|
||||
<div id="barchart_type">
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<!-- /.row -->
|
||||
|
||||
<script>
|
||||
var chart = {};
|
||||
$(document).ready(function(){
|
||||
activePage = "page-base64Decoded"
|
||||
$("#"+activePage).addClass("active");
|
||||
|
||||
chart.stackBarChart = barchart_type('url', 'id')
|
||||
chart.onResize();
|
||||
});
|
||||
$(window).on("resize", function() {
|
||||
chart.onResize();
|
||||
});
|
||||
</script>
|
||||
|
||||
<script>
|
||||
var margin = {top: 20, right: 55, bottom: 30, left: 40},
|
||||
width = 1000 - margin.left - margin.right,
|
||||
height = 500 - margin.top - margin.bottom;
|
||||
var x = d3.scaleBand().rangeRound([0, width]).padding(0.1);
|
||||
|
||||
var y = d3.scaleLinear().rangeRound([height, 0]);
|
||||
|
||||
var xAxis = d3.axisBottom(x);
|
||||
|
||||
var yAxis = d3.axisLeft(y);
|
||||
|
||||
var color = d3.scaleOrdinal(d3.schemeSet3);
|
||||
|
||||
var svg = d3.select("#barchart_type").append("svg")
|
||||
.attr("id", "thesvg")
|
||||
.attr("viewBox", "0 0 1000 500")
|
||||
.attr("width", width + margin.left + margin.right)
|
||||
.attr("height", height + margin.top + margin.bottom)
|
||||
.append("g")
|
||||
.attr("transform", "translate(" + margin.left + "," + margin.top + ")");
|
||||
|
||||
function barchart_type(url, id) {
|
||||
|
||||
d3.json("/base64Decoded/range_type_json")
|
||||
.then(function(data){
|
||||
|
||||
var labelVar = 'date'; //A
|
||||
var varNames = d3.keys(data[0])
|
||||
.filter(function (key) { return key !== labelVar;}); //B
|
||||
|
||||
data.forEach(function (d) { //D
|
||||
var y0 = 0;
|
||||
d.mapping = varNames.map(function (name) {
|
||||
return {
|
||||
name: name,
|
||||
label: d[labelVar],
|
||||
y0: y0,
|
||||
y1: y0 += +d[name]
|
||||
};
|
||||
});
|
||||
d.total = d.mapping[d.mapping.length - 1].y1;
|
||||
});
|
||||
|
||||
console.log(data)
|
||||
|
||||
x.domain(data.map(function (d) { return (d.date).substring(5); })); //E
|
||||
y.domain([0, d3.max(data, function (d) { return d.total; })]);
|
||||
|
||||
svg.append("g")
|
||||
.attr("class", "x axis")
|
||||
.attr("transform", "translate(0," + height + ")")
|
||||
.call(xAxis)
|
||||
.selectAll("text")
|
||||
.style("text-anchor", "end")
|
||||
.attr("transform", "rotate(-45)" );
|
||||
|
||||
svg.append("g")
|
||||
.attr("class", "y axis")
|
||||
.call(yAxis)
|
||||
.append("text")
|
||||
.attr("transform", "rotate(-90)")
|
||||
.attr("y", 6)
|
||||
.attr("dy", ".71em")
|
||||
.style("text-anchor", "end");
|
||||
|
||||
var selection = svg.selectAll(".series")
|
||||
.data(data)
|
||||
.enter().append("g")
|
||||
.attr("class", "series")
|
||||
.attr("transform", function (d) { return "translate(" + x((d.date).substring(5)) + ",0)"; });
|
||||
|
||||
selection.selectAll("rect")
|
||||
.data(function (d) { return d.mapping; })
|
||||
.enter().append("rect")
|
||||
.attr("class", "bar_stack")
|
||||
.attr("width", x.bandwidth())
|
||||
.attr("y", function (d) { return y(d.y1); })
|
||||
.attr("height", function (d) { return y(d.y0) - y(d.y1); })
|
||||
.style("fill", function (d) { return color(d.name); })
|
||||
.style("stroke", "grey")
|
||||
.on("mouseover", function (d) { showPopover.call(this, d); })
|
||||
.on("mouseout", function (d) { removePopovers(); })
|
||||
.on("click", function(d){ window.location.href = "/base64Decoded/" +'?type='+ d.name +'&date_from='+d.label+'&date_to='+d.label; });
|
||||
|
||||
data.forEach(function(d) {
|
||||
if(d.total != 0){
|
||||
svg.append("text")
|
||||
.attr("class", "bar")
|
||||
.attr("dy", "-.35em")
|
||||
.attr('x', x(d.date.substring(5)) + x.bandwidth()/2)
|
||||
.attr('y', y(d.total))
|
||||
.style("text-anchor", "middle")
|
||||
.text(d.total);
|
||||
}
|
||||
});
|
||||
|
||||
drawLegend(varNames);
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
function drawLegend (varNames) {
|
||||
var legend = svg.selectAll(".legend")
|
||||
.data(varNames.slice().reverse())
|
||||
.enter().append("g")
|
||||
.attr("class", "legend")
|
||||
.attr("transform", function (d, i) { return "translate(0," + i * 20 + ")"; });
|
||||
|
||||
legend.append("rect")
|
||||
.attr("x", 152)
|
||||
.attr("width", 10)
|
||||
.attr("height", 10)
|
||||
.style("fill", color)
|
||||
.style("stroke", "grey");
|
||||
|
||||
legend.append("text")
|
||||
.attr("class", "svgText")
|
||||
.attr("x", 150)
|
||||
.attr("y", 6)
|
||||
.attr("dy", ".35em")
|
||||
.style("text-anchor", "end")
|
||||
.text(function (d) { return d; });
|
||||
}
|
||||
|
||||
function removePopovers () {
|
||||
$('.popover').each(function() {
|
||||
$(this).remove();
|
||||
});
|
||||
}
|
||||
|
||||
function showPopover (d) {
|
||||
$(this).popover({
|
||||
title: d.name,
|
||||
placement: 'auto top',
|
||||
container: 'body',
|
||||
trigger: 'manual',
|
||||
html : true,
|
||||
content: function() {
|
||||
return "date: " + d.label +
|
||||
"<br/>num: " + d3.format(",")(d.value ? d.value: d.y1 - d.y0); }
|
||||
});
|
||||
$(this).popover('show')
|
||||
}
|
||||
|
||||
chart.onResize = function () {
|
||||
var aspect = 1000 / 500, chart = $("#thesvg");
|
||||
var targetWidth = chart.parent().width();
|
||||
chart.attr("width", targetWidth);
|
||||
chart.attr("height", targetWidth / aspect);
|
||||
}
|
||||
|
||||
window.chart = chart;
|
||||
|
||||
</script>
|
||||
|
||||
</body>
|
||||
|
||||
</html>
|
|
@ -1 +0,0 @@
|
|||
<li id='page-base64Decoded'><a href="{{ url_for('base64Decoded.base64Decoded_page') }}"><i class="fa fa-files-o"></i> base64Decoded </a></li>
|
|
@ -25,7 +25,7 @@ r_serv_metadata = Flask_config.r_serv_metadata
|
|||
vt_enabled = Flask_config.vt_enabled
|
||||
vt_auth = Flask_config.vt_auth
|
||||
|
||||
base64Decoded = Blueprint('base64Decoded', __name__, template_folder='templates')
|
||||
hashDecoded = Blueprint('hashDecoded', __name__, template_folder='templates')
|
||||
|
||||
# ============ FUNCTIONS ============
|
||||
|
||||
|
@ -52,7 +52,7 @@ def substract_date(date_from, date_to):
|
|||
def list_sparkline_values(date_range_sparkline, hash):
|
||||
sparklines_value = []
|
||||
for date_day in date_range_sparkline:
|
||||
nb_seen_this_day = r_serv_metadata.zscore('base64_date:'+date_day, hash)
|
||||
nb_seen_this_day = r_serv_metadata.zscore('hash_date:'+date_day, hash)
|
||||
if nb_seen_this_day is None:
|
||||
nb_seen_this_day = 0
|
||||
sparklines_value.append(int(nb_seen_this_day))
|
||||
|
@ -94,16 +94,16 @@ def one():
|
|||
return 1
|
||||
|
||||
# ============= ROUTES ==============
|
||||
@base64Decoded.route("/base64Decoded/all_base64_search", methods=['POST'])
|
||||
def all_base64_search():
|
||||
@hashDecoded.route("/hashDecoded/all_hash_search", methods=['POST'])
|
||||
def all_hash_search():
|
||||
date_from = request.form.get('date_from')
|
||||
date_to = request.form.get('date_to')
|
||||
type = request.form.get('type')
|
||||
print(type)
|
||||
return redirect(url_for('base64Decoded.base64Decoded_page', date_from=date_from, date_to=date_to, type=type))
|
||||
return redirect(url_for('hashDecoded.hashDecoded_page', date_from=date_from, date_to=date_to, type=type))
|
||||
|
||||
@base64Decoded.route("/base64Decoded/", methods=['GET'])
|
||||
def base64Decoded_page():
|
||||
@hashDecoded.route("/hashDecoded/", methods=['GET'])
|
||||
def hashDecoded_page():
|
||||
date_from = request.args.get('date_from')
|
||||
date_to = request.args.get('date_to')
|
||||
type = request.args.get('type')
|
||||
|
@ -150,7 +150,7 @@ def base64Decoded_page():
|
|||
|
||||
l_64 = set()
|
||||
for date in date_range:
|
||||
l_hash = r_serv_metadata.zrange('base64_date:' +date, 0, -1)
|
||||
l_hash = r_serv_metadata.zrange('hash_date:' +date, 0, -1)
|
||||
if l_hash:
|
||||
for hash in l_hash:
|
||||
l_64.add(hash)
|
||||
|
@ -198,34 +198,34 @@ def base64Decoded_page():
|
|||
|
||||
l_type = r_serv_metadata.smembers('hash_all_type')
|
||||
|
||||
return render_template("base64Decoded.html", l_64=b64_metadata, vt_enabled=vt_enabled, l_type=l_type, type=type, daily_type_chart=daily_type_chart, daily_date=daily_date,
|
||||
return render_template("hashDecoded.html", l_64=b64_metadata, vt_enabled=vt_enabled, l_type=l_type, type=type, daily_type_chart=daily_type_chart, daily_date=daily_date,
|
||||
date_from=date_from, date_to=date_to)
|
||||
|
||||
@base64Decoded.route('/base64Decoded/hash_by_type')
|
||||
@hashDecoded.route('/hashDecoded/hash_by_type')
|
||||
def hash_by_type():
|
||||
type = request.args.get('type')
|
||||
type = 'text/plain'
|
||||
return render_template('base64_type.html',type = type)
|
||||
return render_template('hash_type.html',type = type)
|
||||
|
||||
@base64Decoded.route('/base64Decoded/base64_hash')
|
||||
def base64_hash():
|
||||
@hashDecoded.route('/hashDecoded/hash_hash')
|
||||
def hash_hash():
|
||||
hash = request.args.get('hash')
|
||||
return render_template('base64_hash.html')
|
||||
return render_template('hash_hash.html')
|
||||
|
||||
@base64Decoded.route('/base64Decoded/showHash')
|
||||
@hashDecoded.route('/hashDecoded/showHash')
|
||||
def showHash():
|
||||
hash = request.args.get('hash')
|
||||
#hash = 'e02055d3efaad5d656345f6a8b1b6be4fe8cb5ea'
|
||||
|
||||
# TODO FIXME show error
|
||||
if hash is None:
|
||||
return base64Decoded_page()
|
||||
return hashDecoded_page()
|
||||
|
||||
estimated_type = r_serv_metadata.hget('metadata_hash:'+hash, 'estimated_type')
|
||||
# hash not found
|
||||
# TODO FIXME show error
|
||||
if estimated_type is None:
|
||||
return base64Decoded_page()
|
||||
return hashDecoded_page()
|
||||
|
||||
else:
|
||||
file_icon = get_file_icon(estimated_type)
|
||||
|
@ -256,7 +256,7 @@ def showHash():
|
|||
first_seen=first_seen,
|
||||
last_seen=last_seen, nb_seen_in_all_pastes=nb_seen_in_all_pastes, sparkline_values=sparkline_values)
|
||||
|
||||
@app.route('/base64Decoded/downloadHash')
|
||||
@app.route('/hashDecoded/downloadHash')
|
||||
def downloadHash():
|
||||
hash = request.args.get('hash')
|
||||
# sanitize hash
|
||||
|
@ -291,7 +291,7 @@ def downloadHash():
|
|||
else:
|
||||
return 'hash: ' + hash + " don't exist"
|
||||
|
||||
@base64Decoded.route('/base64Decoded/hash_by_type_json')
|
||||
@hashDecoded.route('/hashDecoded/hash_by_type_json')
|
||||
def hash_by_type_json():
|
||||
type = request.args.get('type')
|
||||
|
||||
|
@ -305,7 +305,7 @@ def hash_by_type_json():
|
|||
if type in r_serv_metadata.smembers('hash_all_type'):
|
||||
type_value = []
|
||||
for date in date_range_sparkline:
|
||||
num_day_type = r_serv_metadata.zscore('base64_type:'+type, date)
|
||||
num_day_type = r_serv_metadata.zscore('hash_type:'+type, date)
|
||||
if num_day_type is None:
|
||||
num_day_type = 0
|
||||
date = date[0:4] + '-' + date[4:6] + '-' + date[6:8]
|
||||
|
@ -315,12 +315,12 @@ def hash_by_type_json():
|
|||
else:
|
||||
return jsonify()
|
||||
|
||||
@base64Decoded.route('/base64Decoded/daily_type_json')
|
||||
@hashDecoded.route('/hashDecoded/daily_type_json')
|
||||
def daily_type_json():
|
||||
date = request.args.get('date')
|
||||
|
||||
daily_type = set()
|
||||
l_b64 = r_serv_metadata.zrange('base64_date:' +date, 0, -1)
|
||||
l_b64 = r_serv_metadata.zrange('hash_date:' +date, 0, -1)
|
||||
for hash in l_b64:
|
||||
estimated_type = r_serv_metadata.hget('metadata_hash:'+hash, 'estimated_type')
|
||||
if estimated_type is not None:
|
||||
|
@ -328,12 +328,12 @@ def daily_type_json():
|
|||
|
||||
type_value = []
|
||||
for day_type in daily_type:
|
||||
num_day_type = r_serv_metadata.zscore('base64_type:'+day_type, date)
|
||||
num_day_type = r_serv_metadata.zscore('hash_type:'+day_type, date)
|
||||
type_value.append({ 'date' : day_type, 'value' : int( num_day_type )})
|
||||
|
||||
return jsonify(type_value)
|
||||
|
||||
@base64Decoded.route('/base64Decoded/range_type_json')
|
||||
@hashDecoded.route('/hashDecoded/range_type_json')
|
||||
def range_type_json():
|
||||
date_from = request.args.get('date_from')
|
||||
date_to = request.args.get('date_to')
|
||||
|
@ -351,7 +351,7 @@ def range_type_json():
|
|||
|
||||
all_type = set()
|
||||
for date in date_range:
|
||||
l_hash = r_serv_metadata.zrange('base64_date:' +date, 0, -1)
|
||||
l_hash = r_serv_metadata.zrange('hash_date:' +date, 0, -1)
|
||||
if l_hash:
|
||||
for hash in l_hash:
|
||||
estimated_type = r_serv_metadata.hget('metadata_hash:'+hash, 'estimated_type')
|
||||
|
@ -362,7 +362,7 @@ def range_type_json():
|
|||
day_type = {}
|
||||
day_type['date']= date[0:4] + '-' + date[4:6] + '-' + date[6:8]
|
||||
for type in all_type:
|
||||
num_day_type = r_serv_metadata.zscore('base64_type:'+type, date)
|
||||
num_day_type = r_serv_metadata.zscore('hash_type:'+type, date)
|
||||
if num_day_type is None:
|
||||
num_day_type = 0
|
||||
day_type[type]= num_day_type
|
||||
|
@ -370,7 +370,7 @@ def range_type_json():
|
|||
|
||||
return jsonify(range_type)
|
||||
|
||||
@base64Decoded.route('/base64Decoded/hash_graph_line_json')
|
||||
@hashDecoded.route('/hashDecoded/hash_graph_line_json')
|
||||
def hash_graph_line_json():
|
||||
hash = request.args.get('hash')
|
||||
date_from = request.args.get('date_from')
|
||||
|
@ -390,7 +390,7 @@ def hash_graph_line_json():
|
|||
if r_serv_metadata.hget('metadata_hash:'+hash, 'estimated_type') is not None:
|
||||
json_seen_in_paste = []
|
||||
for date in date_range_seen_in_pastes:
|
||||
nb_seen_this_day = r_serv_metadata.zscore('base64_date:'+date, hash)
|
||||
nb_seen_this_day = r_serv_metadata.zscore('hash_date:'+date, hash)
|
||||
if nb_seen_this_day is None:
|
||||
nb_seen_this_day = 0
|
||||
date = date[0:4] + '-' + date[4:6] + '-' + date[6:8]
|
||||
|
@ -401,7 +401,7 @@ def hash_graph_line_json():
|
|||
return jsonify()
|
||||
|
||||
|
||||
@base64Decoded.route('/base64Decoded/hash_graph_node_json')
|
||||
@hashDecoded.route('/hashDecoded/hash_graph_node_json')
|
||||
def hash_graph_node_json():
|
||||
hash = request.args.get('hash')
|
||||
|
||||
|
@ -422,16 +422,16 @@ def hash_graph_node_json():
|
|||
nodes_set_hash.add((hash, 1, first_seen, last_seen, estimated_type, nb_seen_in_paste, size, url))
|
||||
|
||||
#get related paste
|
||||
l_pastes = r_serv_metadata.zrange('base64_hash:'+hash, 0, -1)
|
||||
l_pastes = r_serv_metadata.zrange('nb_seen_hash:'+hash, 0, -1)
|
||||
for paste in l_pastes:
|
||||
url = paste
|
||||
#nb_seen_in_this_paste = nb_in_file = int(r_serv_metadata.zscore('base64_hash:'+hash, paste))
|
||||
nb_base64_in_paste = r_serv_metadata.scard('base64_paste:'+paste)
|
||||
#nb_seen_in_this_paste = nb_in_file = int(r_serv_metadata.zscore('nb_seen_hash:'+hash, paste))
|
||||
nb_hash_in_paste = r_serv_metadata.scard('hash_paste:'+paste)
|
||||
|
||||
nodes_set_paste.add((paste, 2,nb_base64_in_paste,url))
|
||||
nodes_set_paste.add((paste, 2,nb_hash_in_paste,url))
|
||||
links_set.add((hash, paste))
|
||||
|
||||
l_hash = r_serv_metadata.smembers('base64_paste:'+paste)
|
||||
l_hash = r_serv_metadata.smembers('hash_paste:'+paste)
|
||||
for child_hash in l_hash:
|
||||
if child_hash != hash:
|
||||
url = child_hash
|
||||
|
@ -444,12 +444,12 @@ def hash_graph_node_json():
|
|||
nodes_set_hash.add((child_hash, 3, first_seen, last_seen, estimated_type, nb_seen_in_paste, size, url))
|
||||
links_set.add((child_hash, paste))
|
||||
|
||||
#l_pastes_child = r_serv_metadata.zrange('base64_hash:'+child_hash, 0, -1)
|
||||
#l_pastes_child = r_serv_metadata.zrange('nb_seen_hash:'+child_hash, 0, -1)
|
||||
#for child_paste in l_pastes_child:
|
||||
|
||||
nodes = []
|
||||
for node in nodes_set_hash:
|
||||
nodes.append({"id": node[0], "group": node[1], "first_seen": node[2], "last_seen": node[3], 'estimated_type': node[4], "nb_seen_in_paste": node[5], "size": node[6], 'icon': get_file_icon_text(node[4]),"url": url_for('base64Decoded.showHash', hash=node[7]), 'hash': True})
|
||||
nodes.append({"id": node[0], "group": node[1], "first_seen": node[2], "last_seen": node[3], 'estimated_type': node[4], "nb_seen_in_paste": node[5], "size": node[6], 'icon': get_file_icon_text(node[4]),"url": url_for('hashDecoded.showHash', hash=node[7]), 'hash': True})
|
||||
for node in nodes_set_paste:
|
||||
nodes.append({"id": node[0], "group": node[1], "nb_seen_in_paste": node[2],"url": url_for('showsavedpastes.showsavedpaste', paste=node[3]), 'hash': False})
|
||||
links = []
|
||||
|
@ -461,13 +461,13 @@ def hash_graph_node_json():
|
|||
else:
|
||||
return jsonify({})
|
||||
|
||||
@base64Decoded.route('/base64Decoded/base64_types')
|
||||
def base64_types():
|
||||
@hashDecoded.route('/hashDecoded/hash_types')
|
||||
def hash_types():
|
||||
date_from = 20180701
|
||||
date_to = 20180706
|
||||
return render_template('base64_types.html', date_from=date_from, date_to=date_to)
|
||||
return render_template('hash_types.html', date_from=date_from, date_to=date_to)
|
||||
|
||||
@base64Decoded.route('/base64Decoded/send_file_to_vt_js')
|
||||
@hashDecoded.route('/hashDecoded/send_file_to_vt_js')
|
||||
def send_file_to_vt_js():
|
||||
hash = request.args.get('hash')
|
||||
|
||||
|
@ -490,7 +490,7 @@ def send_file_to_vt_js():
|
|||
return jsonify({'vt_link': vt_link, 'vt_report': vt_report})
|
||||
|
||||
|
||||
@base64Decoded.route('/base64Decoded/update_vt_result')
|
||||
@hashDecoded.route('/hashDecoded/update_vt_result')
|
||||
def update_vt_result():
|
||||
hash = request.args.get('hash')
|
||||
|
||||
|
@ -525,4 +525,4 @@ def update_vt_result():
|
|||
return jsonify()
|
||||
|
||||
# ========= REGISTRATION =========
|
||||
app.register_blueprint(base64Decoded)
|
||||
app.register_blueprint(hashDecoded)
|
|
@ -59,7 +59,7 @@
|
|||
<div id="page-wrapper">
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<h1 class="page-header" data-page="page-termsfrequency" >Base64 Files</h1>
|
||||
<h1 class="page-header" data-page="page-termsfrequency" >Hash Files</h1>
|
||||
<div>
|
||||
|
||||
</div>
|
||||
|
@ -76,7 +76,7 @@
|
|||
<div class="panel panel-info" style="text-align:center;">
|
||||
<div class="panel-heading">
|
||||
Select a date range :
|
||||
<form action="/base64Decoded/all_base64_search" id="base64_selector_form" method='post'>
|
||||
<form action="/hashDecoded/all_hash_search" id="hash_selector_form" method='post'>
|
||||
<div class="input-group">
|
||||
<span class="input-group-addon"><i class="fa fa-calendar fa" aria-hidden="true"></i></span>
|
||||
<input class="form-control" id="date-range-from" placeholder="yyyy-mm-dd" value="{{ date_from }}" name="date_from">
|
||||
|
@ -110,9 +110,9 @@
|
|||
<!-- /#page-wrapper -->
|
||||
{% if l_64|length != 0 %}
|
||||
{% if date_from|string == date_to|string %}
|
||||
<h3> {{ date_from }} Base64 files: </h3>
|
||||
<h3> {{ date_from }} Hash files: </h3>
|
||||
{% else %}
|
||||
<h3> {{ date_from }} to {{ date_to }} Base64 files: </h3>
|
||||
<h3> {{ date_from }} to {{ date_to }} Hash files: </h3>
|
||||
{% endif %}
|
||||
<table id="tableb64" class="red_table table table-striped table-bordered">
|
||||
<thead>
|
||||
|
@ -131,7 +131,7 @@
|
|||
{% for b64 in l_64 %}
|
||||
<tr>
|
||||
<td><i class="fa {{ b64[0] }}"></i> {{ b64[1] }}</td>
|
||||
<td><a target="_blank" href="{{ url_for('base64Decoded.showHash') }}?hash={{ b64[2] }}">{{ b64[2] }}</a></td>
|
||||
<td><a target="_blank" href="{{ url_for('hashDecoded.showHash') }}?hash={{ b64[2] }}">{{ b64[2] }}</a></td>
|
||||
<td>{{ b64[5] }}</td>
|
||||
<td>{{ b64[6] }}</td>
|
||||
<td>{{ b64[3] }}</td>
|
||||
|
@ -163,9 +163,9 @@
|
|||
</table>
|
||||
{% else %}
|
||||
{% if date_from|string == date_to|string %}
|
||||
<h3> {{ date_from }}, No base64</h3>
|
||||
<h3> {{ date_from }}, No Hash</h3>
|
||||
{% else %}
|
||||
<h3> {{ date_from }} to {{ date_to }}, No base64</h3>
|
||||
<h3> {{ date_from }} to {{ date_to }}, No Hash</h3>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
</div>
|
||||
|
@ -176,7 +176,7 @@
|
|||
<script>
|
||||
var chart = {};
|
||||
$(document).ready(function(){
|
||||
activePage = "page-base64Decoded"
|
||||
activePage = "page-hashDecoded"
|
||||
$("#"+activePage).addClass("active");
|
||||
|
||||
$('#date-range-from').dateRangePicker({
|
||||
|
@ -217,9 +217,9 @@
|
|||
});
|
||||
|
||||
{% if type %}
|
||||
chart.stackBarChart =barchart_type('/base64Decoded/hash_by_type_json?type={{type}}', '#barchart_type');
|
||||
chart.stackBarChart =barchart_type('/hashDecoded/hash_by_type_json?type={{type}}', '#barchart_type');
|
||||
{% elif daily_type_chart %}
|
||||
chart.stackBarChart =barchart_type('/base64Decoded/daily_type_json?date={{daily_date}}', '#barchart_type');
|
||||
chart.stackBarChart =barchart_type('/hashDecoded/daily_type_json?date={{daily_date}}', '#barchart_type');
|
||||
{% else %}
|
||||
chart.stackBarChart = barchart_type_stack('url', 'id')
|
||||
{% endif %}
|
||||
|
@ -233,7 +233,7 @@
|
|||
<script>
|
||||
function updateVTReport(hash) {
|
||||
//updateReport
|
||||
$.getJSON('/base64Decoded/update_vt_result?hash='+hash,
|
||||
$.getJSON('/hashDecoded/update_vt_result?hash='+hash,
|
||||
function(data) {
|
||||
content = '<span class="glyphicon glyphicon-refresh"></span> ' +data['report_vt']
|
||||
$( "#report_vt_"+hash ).html(content);
|
||||
|
@ -242,7 +242,7 @@
|
|||
|
||||
function sendFileToVT(hash) {
|
||||
//send file to vt
|
||||
$.getJSON('/base64Decoded/send_file_to_vt_js?hash='+hash,
|
||||
$.getJSON('/hashDecoded/send_file_to_vt_js?hash='+hash,
|
||||
function(data) {
|
||||
var content = '<a id="submit_vt_'+hash+'" class="btn btn-primary" target="_blank" href="'+ data['vt_link'] +'"><i class="fa fa-link"> '+ ' VT Report' +'</i></a>';
|
||||
$('#submit_vt_'+hash).remove();
|
||||
|
@ -317,7 +317,7 @@ var svg = d3.select("#barchart_type").append("svg")
|
|||
|
||||
function barchart_type_stack(url, id) {
|
||||
|
||||
d3.json("/base64Decoded/range_type_json?date_from={{date_from}}&date_to={{date_to}}")
|
||||
d3.json("/hashDecoded/range_type_json?date_from={{date_from}}&date_to={{date_to}}")
|
||||
.then(function(data){
|
||||
|
||||
var labelVar = 'date'; //A
|
||||
|
@ -346,7 +346,7 @@ function barchart_type_stack(url, id) {
|
|||
.call(xAxis)
|
||||
.selectAll("text")
|
||||
.attr("class", "bar")
|
||||
.on("click", function (d) { window.location.href = "/base64Decoded/"+'?date_from='+d+'&date_to='+d })
|
||||
.on("click", function (d) { window.location.href = "/hashDecoded/"+'?date_from='+d+'&date_to='+d })
|
||||
.style("text-anchor", "end")
|
||||
.attr("transform", "rotate(-45)" );
|
||||
|
||||
|
@ -376,17 +376,17 @@ function barchart_type_stack(url, id) {
|
|||
.style("stroke", "grey")
|
||||
.on("mouseover", function (d) { showPopover.call(this, d); })
|
||||
.on("mouseout", function (d) { removePopovers(); })
|
||||
.on("click", function(d){ window.location.href = "/base64Decoded/" +'?type='+ d.name +'&date_from='+d.label+'&date_to='+d.label; });
|
||||
.on("click", function(d){ window.location.href = "/hashDecoded/" +'?type='+ d.name +'&date_from='+d.label+'&date_to='+d.label; });
|
||||
|
||||
data.forEach(function(d) {
|
||||
if(d.total != 0){
|
||||
svg.append("text")
|
||||
.attr("class", "bar")
|
||||
.attr("dy", "-.35em")
|
||||
//.on("click", (window.location.href = "/base64Decoded/"+'?date_from='+d.date) )
|
||||
//.on("click", (window.location.href = "/hashDecoded/"+'?date_from='+d.date) )
|
||||
.attr('x', x(d.date) + x.bandwidth()/2)
|
||||
.attr('y', y(d.total))
|
||||
.on("click", function () {window.location.href = "/base64Decoded/"+'?date_from='+d.date+'&date_to='+d.date })
|
||||
.on("click", function () {window.location.href = "/hashDecoded/"+'?date_from='+d.date+'&date_to='+d.date })
|
||||
.style("text-anchor", "middle")
|
||||
.text(d.total);
|
||||
}
|
||||
|
@ -505,7 +505,7 @@ function barchart_type(url, id) {
|
|||
{% else %}
|
||||
.attr("transform", "rotate(-70)" )
|
||||
.attr("class", "bar")
|
||||
.on("click", function (d) { window.location.href = "/base64Decoded/"+'?date_from='+d+'&date_to='+d });
|
||||
.on("click", function (d) { window.location.href = "/hashDecoded/"+'?date_from='+d+'&date_to='+d });
|
||||
{% endif %}
|
||||
|
||||
svg.append("g")
|
||||
|
@ -528,10 +528,10 @@ function barchart_type(url, id) {
|
|||
.attr("y", function(d) { return y(d.value); })
|
||||
.attr("height", function(d) { return height - y(d.value); })
|
||||
{% if type %}
|
||||
.on("click", function(d){ window.location.href = "/base64Decoded/" +'?type={{type}}&date_from='+ d.date +'&date_to='+ d.date; });
|
||||
.on("click", function(d){ window.location.href = "/hashDecoded/" +'?type={{type}}&date_from='+ d.date +'&date_to='+ d.date; });
|
||||
{% endif %}
|
||||
{% if daily_type_chart %}
|
||||
.on("click", function(d){ window.location.href = "/base64Decoded/" +'?type='+d.date+'&date_from={{ daily_date }}&date_to={{ daily_date }}'; });
|
||||
.on("click", function(d){ window.location.href = "/hashDecoded/" +'?type='+d.date+'&date_from={{ daily_date }}&date_to={{ daily_date }}'; });
|
||||
{% endif %}
|
||||
|
||||
|
|
@ -0,0 +1 @@
|
|||
<li id='page-hashDecoded'><a href="{{ url_for('hashDecoded.hashDecoded_page') }}"><i class="fa fa-files-o"></i> hashDecoded </a></li>
|
|
@ -151,7 +151,7 @@
|
|||
Virus Total submission is disabled
|
||||
{% endif %}
|
||||
|
||||
<a href="/base64Decoded/downloadHash?hash={{hash}}" target="blank">
|
||||
<a href="/hashDecoded/downloadHash?hash={{hash}}" target="blank">
|
||||
<button class='btn btn-info pull-right'><i id="flash-tld" class="glyphicon glyphicon-download-alt " flash-tld=""></i> Download Hash file
|
||||
</button>
|
||||
</a>
|
||||
|
@ -206,8 +206,8 @@
|
|||
$(document).ready(function(){
|
||||
sparklines("sparkline", {{ sparkline_values }})
|
||||
|
||||
all_graph.node_graph = create_graph('/base64Decoded/hash_graph_node_json?hash={{hash}}');
|
||||
all_graph.line_chart = create_line_chart('graph_line', '/base64Decoded/hash_graph_line_json?hash={{hash}}');
|
||||
all_graph.node_graph = create_graph('/hashDecoded/hash_graph_node_json?hash={{hash}}');
|
||||
all_graph.line_chart = create_line_chart('graph_line', '/hashDecoded/hash_graph_line_json?hash={{hash}}');
|
||||
all_graph.onResize();
|
||||
});
|
||||
|
||||
|
@ -218,7 +218,7 @@
|
|||
<script>
|
||||
function sendFileToVT(hash) {
|
||||
//send file to vt
|
||||
$.getJSON('/base64Decoded/send_file_to_vt_js?hash='+hash,
|
||||
$.getJSON('/hashDecoded/send_file_to_vt_js?hash='+hash,
|
||||
function(data) {
|
||||
var content = '<a id="submit_vt_b" class="btn btn-primary" target="_blank" href="'+ data['vt_link'] +'"><i class="fa fa-link"> '+ ' VT Report' +'</i></a>';
|
||||
$('#submit_vt_b').remove();
|
||||
|
@ -228,7 +228,7 @@
|
|||
|
||||
function updateVTReport(hash) {
|
||||
//updateReport
|
||||
$.getJSON('/base64Decoded/update_vt_result?hash='+hash,
|
||||
$.getJSON('/hashDecoded/update_vt_result?hash='+hash,
|
||||
function(data) {
|
||||
var content = '<span class="glyphicon glyphicon-refresh"></span> ' +data['report_vt'];
|
||||
$( "#report_vt_b" ).html(content);
|
|
@ -134,11 +134,11 @@ def showpaste(content_range, requested_path):
|
|||
list_tags.append( (tag, automatic, tag_status_tp, tag_status_fp) )
|
||||
|
||||
l_64 = []
|
||||
# load base64 files
|
||||
if r_serv_metadata.scard('base64_paste:'+requested_path) > 0:
|
||||
set_b64 = r_serv_metadata.smembers('base64_paste:'+requested_path)
|
||||
# load hash files
|
||||
if r_serv_metadata.scard('hash_paste:'+requested_path) > 0:
|
||||
set_b64 = r_serv_metadata.smembers('hash_paste:'+requested_path)
|
||||
for hash in set_b64:
|
||||
nb_in_file = int(r_serv_metadata.zscore('base64_hash:'+hash, requested_path))
|
||||
nb_in_file = int(r_serv_metadata.zscore('nb_seen_hash:'+hash, requested_path))
|
||||
estimated_type = r_serv_metadata.hget('metadata_hash:'+hash, 'estimated_type')
|
||||
file_type = estimated_type.split('/')[0]
|
||||
# set file icon
|
||||
|
|
|
@ -379,7 +379,7 @@
|
|||
{% endif %}
|
||||
|
||||
{% if l_64|length != 0 %}
|
||||
<h3> Base64 files: </h3>
|
||||
<h3> Hash files: </h3>
|
||||
<table id="tableb64" class="red_table table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
|
@ -393,7 +393,7 @@
|
|||
{% for b64 in l_64 %}
|
||||
<tr>
|
||||
<td><i class="fa {{ b64[0] }}"></i> {{ b64[1] }}</td>
|
||||
<td><a target="_blank" href="{{ url_for('base64Decoded.showHash') }}?hash={{ b64[2] }}">{{ b64[2] }}</a> ({{ b64[4] }})</td>
|
||||
<td><a target="_blank" href="{{ url_for('hashDecoded.showHash') }}?hash={{ b64[2] }}">{{ b64[2] }}</a> ({{ b64[4] }})</td>
|
||||
<td>{{ b64[3] }}</td>
|
||||
<td style="text-align:center;">
|
||||
{% if vt_enabled %}
|
||||
|
@ -464,7 +464,7 @@
|
|||
<script>
|
||||
function updateVTReport(hash) {
|
||||
//updateReport
|
||||
$.getJSON('/base64Decoded/update_vt_result?hash='+hash,
|
||||
$.getJSON('/hashDecoded/update_vt_result?hash='+hash,
|
||||
function(data) {
|
||||
content = '<span class="glyphicon glyphicon-refresh"></span> ' +data['report_vt']
|
||||
$( "#report_vt_"+hash ).html(content);
|
||||
|
@ -473,7 +473,7 @@
|
|||
|
||||
function sendFileToVT(hash) {
|
||||
//send file to vt
|
||||
$.getJSON('/base64Decoded/send_file_to_vt_js?hash='+hash,
|
||||
$.getJSON('/hashDecoded/send_file_to_vt_js?hash='+hash,
|
||||
function(data) {
|
||||
var content = '<a id="submit_vt_'+hash+'" class="btn btn-primary" target="_blank" href="'+ data['vt_link'] +'"><i class="fa fa-link"> '+ ' VT Report' +'</i></a>';
|
||||
$('#submit_vt_'+hash).remove();
|
||||
|
|
Loading…
Reference in New Issue