mirror of https://github.com/CIRCL/AIL-framework
83 lines
2.4 KiB
Python
Executable File
83 lines
2.4 KiB
Python
Executable File
#!/usr/bin/env python2
|
|
# -*-coding:UTF-8 -*
|
|
|
|
"""
|
|
The Keys Module
|
|
======================
|
|
|
|
This module is consuming the Redis-list created by the Global module.
|
|
|
|
It is looking for PGP, private and encrypted private,
|
|
RSA private key, certificate messages
|
|
|
|
"""
|
|
|
|
import time
|
|
from pubsublogger import publisher
|
|
|
|
from Helper import Process
|
|
from packages import Paste
|
|
|
|
|
|
def search_key(message):
|
|
paste = Paste.Paste(message)
|
|
content = paste.get_p_content()
|
|
find = False
|
|
if '-----BEGIN PGP MESSAGE-----' in content:
|
|
publisher.warning('{} has a PGP enc message'.format(paste.p_name))
|
|
find = True
|
|
|
|
if '-----BEGIN CERTIFICATE-----' in content:
|
|
publisher.warning('{} has a certificate message'.format(paste.p_name))
|
|
find = True
|
|
|
|
if '-----BEGIN RSA PRIVATE KEY-----' in content:
|
|
publisher.warning('{} has a RSA key message'.format(paste.p_name))
|
|
find = True
|
|
|
|
if '-----BEGIN PRIVATE KEY-----' in content:
|
|
publisher.warning('{} has a private message'.format(paste.p_name))
|
|
find = True
|
|
|
|
if '-----BEGIN ENCRYPTED PRIVATE KEY-----' in content:
|
|
publisher.warning('{} has an encrypted private message'.format(paste.p_name))
|
|
find = True
|
|
|
|
if find :
|
|
|
|
#Send to duplicate
|
|
p.populate_set_out(message, 'Duplicate')
|
|
#send to Browse_warning_paste
|
|
p.populate_set_out('keys;{}'.format(message), 'alertHandler')
|
|
|
|
|
|
if __name__ == '__main__':
|
|
# If you wish to use an other port of channel, do not forget to run a subscriber accordingly (see launch_logs.sh)
|
|
# Port of the redis instance used by pubsublogger
|
|
publisher.port = 6380
|
|
# Script is the default channel used for the modules.
|
|
publisher.channel = 'Script'
|
|
|
|
# Section name in bin/packages/modules.cfg
|
|
config_section = 'Keys'
|
|
|
|
# Setup the I/O queues
|
|
p = Process(config_section)
|
|
|
|
# Sent to the logging a description of the module
|
|
publisher.info("Run Keys module ")
|
|
|
|
# Endless loop getting messages from the input queue
|
|
while True:
|
|
# Get one message from the input queue
|
|
message = p.get_from_set()
|
|
if message is None:
|
|
publisher.debug("{} queue is empty, waiting".format(config_section))
|
|
time.sleep(1)
|
|
continue
|
|
|
|
# Do something with the message from the queue
|
|
search_key(message)
|
|
|
|
# (Optional) Send that thing to the next queue
|