CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

add: show hash info

pull/237/head
Terrtia 2018-07-09 17:07:59 +02:00
parent c2a976e907
commit fd02085495
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
3 changed files with 237 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
var/www/modules/base64Decoded/Flask_base64Decoded.py
View File

@ -45,6 +45,31 @@ def substract_date(date_from, date_to):
l_date.append( date.strftime('%Y%m%d') ) l_date.append( date.strftime('%Y%m%d') )
return l_date return l_date
def list_sparkline_values(date_range_sparkline, hash):
sparklines_value = []
for date_day in date_range_sparkline:
nb_seen_this_day = r_serv_metadata.zscore('base64_date:'+date_day, hash)
if nb_seen_this_day is None:
nb_seen_this_day = 0
sparklines_value.append(int(nb_seen_this_day))
return sparklines_value
def get_file_icon(estimated_type):
file_type = estimated_type.split('/')[0]
# set file icon
if file_type == 'application':
file_icon = 'fa-file-o '
elif file_type == 'audio':
file_icon = 'fa-file-video-o '
elif file_type == 'image':
file_icon = 'fa-file-image-o'
elif file_type == 'text':
file_icon = 'fa-file-text-o'
else:
file_icon = 'fa-file'
return file_icon
def one(): def one():
return 1 return 1
@ -130,18 +155,7 @@ def base64Decoded_page():
nb_seen_in_paste is not None and \ nb_seen_in_paste is not None and \
size is not None: size is not None:
file_type = estimated_type.split('/')[0] file_icon = get_file_icon(estimated_type)
# set file icon
if file_type == 'application':
file_icon = 'fa-file-o '
elif file_type == 'audio':
file_icon = 'fa-file-video-o '
elif file_type == 'image':
file_icon = 'fa-file-image-o'
elif file_type == 'text':
file_icon = 'fa-file-text-o'
else:
file_icon = 'fa-file'
if r_serv_metadata.hexists('metadata_hash:'+hash, 'vt_link'): if r_serv_metadata.hexists('metadata_hash:'+hash, 'vt_link'):
b64_vt = True b64_vt = True
@ -150,12 +164,7 @@ def base64Decoded_page():
b64_vt = False b64_vt = False
b64_vt_link = '' b64_vt_link = ''
sparklines_value = [] sparklines_value = list_sparkline_values(date_range_sparkline, hash)
for date_day in date_range_sparkline:
nb_seen_this_day = r_serv_metadata.zscore('base64_date:'+date_day, hash)
if nb_seen_this_day is None:
nb_seen_this_day = 0
sparklines_value.append(int(nb_seen_this_day))
b64_metadata.append( (file_icon, estimated_type, hash, nb_seen_in_paste, size, first_seen, last_seen, b64_vt, b64_vt_link, sparklines_value) ) b64_metadata.append( (file_icon, estimated_type, hash, nb_seen_in_paste, size, first_seen, last_seen, b64_vt, b64_vt_link, sparklines_value) )
@ -170,6 +179,38 @@ def hash_by_type():
type = 'text/plain' type = 'text/plain'
return render_template('base64_type.html',type = type) return render_template('base64_type.html',type = type)
@base64Decoded.route('/base64Decoded/base64_hash')
def base64_hash():
hash = request.args.get('hash')
return render_template('base64_hash.html')
@base64Decoded.route('/base64Decoded/showHash')
def showHash():
hash = request.args.get('hash')
#hash = 'e02055d3efaad5d656345f6a8b1b6be4fe8cb5ea'
estimated_type = r_serv_metadata.hget('metadata_hash:'+hash, 'estimated_type')
# hash not found
if estimated_type is None:
base64Decoded_page()
else:
file_icon = get_file_icon(estimated_type)
size = r_serv_metadata.hget('metadata_hash:'+hash, 'size')
first_seen = r_serv_metadata.hget('metadata_hash:'+hash, 'first_seen')
last_seen = r_serv_metadata.hget('metadata_hash:'+hash, 'last_seen')
nb_seen_in_all_pastes = r_serv_metadata.hget('metadata_hash:'+hash, 'nb_seen_in_all_pastes')
num_day_type = 6
date_range_sparkline = get_date_range(num_day_type)
sparkline_values = list_sparkline_values(date_range_sparkline, hash)
print(sparkline_values)
return render_template('showHash.html', hash=hash, size=size, estimated_type=estimated_type, file_icon=file_icon,
first_seen=first_seen,
last_seen=last_seen, nb_seen_in_all_pastes=nb_seen_in_all_pastes, sparkline_values=sparkline_values)
@base64Decoded.route('/base64Decoded/hash_by_type_json') @base64Decoded.route('/base64Decoded/hash_by_type_json')
def hash_by_type_json(): def hash_by_type_json():
type = request.args.get('type') type = request.args.get('type')
@ -217,9 +258,6 @@ def range_type_json():
date_from = request.args.get('date_from') date_from = request.args.get('date_from')
date_to = request.args.get('date_to') date_to = request.args.get('date_to')
date_from = '20180601'
date_to = '20180709'
date_range = [] date_range = []
if date_from is not None and date_to is not None: if date_from is not None and date_to is not None:
#change format #change format

22
var/www/modules/base64Decoded/templates/base64Decoded.html
View File

@ -121,14 +121,14 @@
<th>nb paste</th> <th>nb paste</th>
<th>size</th> <th>size</th>
<th>Virus Total</th> <th>Virus Total</th>
<th>Test</th> <th>Sparkline</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{% for b64 in l_64 %} {% for b64 in l_64 %}
<tr> <tr>
<td><i class="fa {{ b64[0] }}"></i>&nbsp;&nbsp;{{ b64[1] }}</td> <td><i class="fa {{ b64[0] }}"></i>&nbsp;&nbsp;{{ b64[1] }}</td>
<td>{{ b64[2] }}</td> <td><a target="_blank" href="{{ url_for('base64Decoded.showHash') }}?hash={{ b64[2] }}">{{ b64[2] }}</a></td>
<td>{{ b64[5] }}</td> <td>{{ b64[5] }}</td>
<td>{{ b64[6] }}</td> <td>{{ b64[6] }}</td>
<td>{{ b64[3] }}</td> <td>{{ b64[3] }}</td>
@ -302,7 +302,7 @@ var svg = d3.select("#barchart_type").append("svg")
function barchart_type_stack(url, id) { function barchart_type_stack(url, id) {
d3.json("/base64Decoded/range_type_json") d3.json("/base64Decoded/range_type_json?date_from={{date_from}}&date_to={{date_to}}")
.then(function(data){ .then(function(data){
var labelVar = 'date'; //A var labelVar = 'date'; //A
@ -474,11 +474,7 @@ function barchart_type(url, id) {
d.value = +d.value; d.value = +d.value;
}); });
{% if daily_type_chart %}
x.domain(data.map(function(d) { return d.date; })); x.domain(data.map(function(d) { return d.date; }));
{% else %}
x.domain(data.map(function(d) { return d.date.substring(5); }));
{% endif %}
y.domain([0, d3.max(data, function(d) { return d.value; })]); y.domain([0, d3.max(data, function(d) { return d.value; })]);
var label = svg.append("g") var label = svg.append("g")
@ -492,7 +488,9 @@ function barchart_type(url, id) {
{% if daily_type_chart %} {% if daily_type_chart %}
.attr("transform", "rotate(-20)" ); .attr("transform", "rotate(-20)" );
{% else %} {% else %}
.attr("transform", "rotate(-70)" ); .attr("transform", "rotate(-70)" )
.attr("class", "bar")
.on("click", function (d) { window.location.href = "/base64Decoded/"+'?date_from='+d+'&date_to='+d });
{% endif %} {% endif %}
svg.append("g") svg.append("g")
@ -510,11 +508,7 @@ function barchart_type(url, id) {
.enter().append("rect") .enter().append("rect")
.attr("class", "bar") .attr("class", "bar")
//.style("fill", "steelblue") //.style("fill", "steelblue")
{% if daily_type_chart %}
.attr("x", function(d) { return x(d.date); }) .attr("x", function(d) { return x(d.date); })
{% else %}
.attr("x", function(d) { return x(d.date.substring(5)); })
{% endif %}
.attr("width", x.bandwidth()) .attr("width", x.bandwidth())
.attr("y", function(d) { return y(d.value); }) .attr("y", function(d) { return y(d.value); })
.attr("height", function(d) { return height - y(d.value); }) .attr("height", function(d) { return height - y(d.value); })
@ -534,11 +528,7 @@ function barchart_type(url, id) {
//.text(function(d) { return d.value; }); //.text(function(d) { return d.value; });
.text(d.value) .text(d.value)
.style("text-anchor", "middle") .style("text-anchor", "middle")
{% if daily_type_chart %}
.attr('x', x(d.date) + x.bandwidth()/2) .attr('x', x(d.date) + x.bandwidth()/2)
{% else %}
.attr('x', x(d.date.substring(5)) + x.bandwidth()/2)
{% endif %}
.attr('y', y(d.value)); .attr('y', y(d.value));
} }
}); });

172
var/www/modules/base64Decoded/templates/showHash.html Normal file
View File

@ -0,0 +1,172 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Analysis Information Leak framework Dashboard</title>
<!-- Core CSS -->
<link href="{{ url_for('static', filename='css/bootstrap.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='font-awesome/css/font-awesome.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/sb-admin-2.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/dataTables.bootstrap.css') }}" rel="stylesheet" type="text/css" />
<link href="{{ url_for('static', filename='css/daterangepicker.min.css') }}" rel="stylesheet" type="text/css" />
<!-- JS -->
<script language="javascript" src="{{ url_for('static', filename='js/jquery.js')}}"></script>
<script src="{{ url_for('static', filename='js/bootstrap.min.js') }}"></script>
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js') }}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.js') }}"></script>
<script src="{{ url_for('static', filename='js/jquery.flot.js') }}"></script>
<script src="{{ url_for('static', filename='js/jquery.flot.time.js') }}"></script>
<script src="{{ url_for('static', filename='js/jquery.flot.stack.js') }}"></script>
<script language="javascript" src="{{ url_for('static', filename='js/moment.min.js') }}"></script>
<script language="javascript" src="{{ url_for('static', filename='js/jquery.daterangepicker.min.js') }}"></script>
<script language="javascript" src="{{ url_for('static', filename='js/d3.min.js') }}"></script>
<style>
.red_table thead{
background: #d91f2d;
color: #fff;
}
.panelText {
color: black;
}
.line {
fill: none;
stroke: #000;
stroke-width: 2.0px;
}
.bar {
fill: steelblue;
}
.bar:hover{
fill: brown;
cursor: pointer;
}
.bar_stack:hover{
cursor: pointer;
}
.svgText {
pointer-events: none;
}
</style>
</head>
<body>
{% include 'navbar.html' %}
<div id="page-wrapper">
<div class="row">
</div>
<!-- /#page-wrapper -->
<div class="panel panel-info">
<div class="panel-heading panelText">
<h3>{{ hash }} :</h3>
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge pull-right">6 / 26</span>
<ul class="list-group"><li class="list-group-item">
<div class="row">
<div class="col-md-10">
<table class="table table-condensed">
<thead>
<tr>
<th>Estimated type</th>
<th>First_seen</th>
<th>Last_seen</th>
<th>Size (Kb)</th>
<th>nb_seen_in_all_pastes</th>
</tr>
</thead>
<tbody>
<tr>
<td class="panelText"><i class="fa {{ file_icon }}"></i>&nbsp;&nbsp;{{ estimated_type }}</td>
<td class="panelText">{{ first_seen }}</td>
<td class="panelText">{{ last_seen }}</td>
<td class="panelText">{{ size }}</td>
<td class="panelText">{{ nb_seen_in_all_pastes }}</td>
</tr>
</tbody>
</table>
</div>
<div class="col-md-1">
<div id="sparkline"></div>
</div>
</div>
</li></ul>
</div></div>
</div>
</div>
<!-- /.row -->
<script>
var chart = {};
$(document).ready(function(){
sparklines("sparkline", {{ sparkline_values }})
});
</script>
<script>
function updateVTReport(hash) {
//updateReport
$.getJSON('/base64Decoded/update_vt_result?hash='+hash,
function(data) {
content = '<span class="glyphicon glyphicon-refresh"></span> ' +data['report_vt']
$( "#report_vt_"+hash ).html(content);
});
}
</script>
<script>
//var data = [6,3,3,2,5,3,9];
// a sparklines plot
function sparklines(id, points) {
var width = 100, height = 60;
var data = []
for (i = 0; i < points.length; i++) {
data[i] = {
'x': i,
'y': +points[i]
}
}
var x = d3.scaleLinear()
.range([0, width - 10])
.domain([0,5]);
var y = d3.scaleLinear()
.range([height, 0])
.domain([0,10]);
var line = d3.line()
.x(function(d) {return x(d.x)})
.y(function(d) {return y(d.y)});
d3.select("#"+id).append('svg')
.attr('width', width)
.attr('height', height)
.append('path')
.attr('class','line')
.datum(data)
.attr('d', line);
}
</script>
<script>
</script>
</body>
</html>