CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

new: Add checkmark for legitimate nodes.

pull/86/head
Raphaël Vinot 2020-08-28 19:11:19 +02:00
parent 99550f439e
commit a5c210a5de
2 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lookyloo/lookyloo.py
View File

@ -189,7 +189,7 @@ class Context():
p.sadd('bh|malicious', h) p.sadd('bh|malicious', h)
elif filename == 'legitimate': elif filename == 'legitimate':
for h, details in file_content.items(): for h, details in file_content.items():
if 'domain' in details: if 'domain' in details and details['domain']:
p.sadd(f'bh|{h}|legitimate', *details['domain']) p.sadd(f'bh|{h}|legitimate', *details['domain'])
elif 'description' in details: elif 'description' in details:
p.hset('known_content', h, details['description']) p.hset('known_content', h, details['description'])
@ -289,9 +289,20 @@ class Context():
if malicious is True: if malicious is True:
urlnode.add_feature('malicious', malicious) urlnode.add_feature('malicious', malicious)
hostnodes_with_malicious_content.add(urlnode.hostnode_uuid) hostnodes_with_malicious_content.add(urlnode.hostnode_uuid)
elif malicious is False:
# Marked as legitimate
urlnode.add_feature('legitimate', True)
for hostnode_with_malicious_content in hostnodes_with_malicious_content: for hostnode_with_malicious_content in hostnodes_with_malicious_content:
hostnode = tree.root_hartree.get_host_node_by_uuid(hostnode_with_malicious_content) hostnode = tree.root_hartree.get_host_node_by_uuid(hostnode_with_malicious_content)
hostnode.add_feature('malicious', malicious) hostnode.add_feature('malicious', malicious)
for hostnode in tree.root_hartree.hostname_tree.traverse():
if 'malicious' not in hostnode.features:
legit = [urlnode.legitimate for urlnode in hostnode.urls if hasattr(urlnode, 'legitimate')]
if legit and all(legit):
hostnode.add_feature('legitimate', True)
return tree return tree
def legitimate_body(self, body_hash: str, legitimate_hostname: str) -> None: def legitimate_body(self, body_hash: str, legitimate_hostname: str) -> None:

28
website/web/static/tree.js
View File

@ -479,7 +479,7 @@ function update(root, computed_node_width=0) {
}; };
const malicious_icon_size = 24; const malicious_icon_size = 24;
if (d.data.malicious) { if (d.data.malicious) {
// set lock insecure connection // set bomb
d3.select(this).append("svg").append('rect') d3.select(this).append("svg").append('rect')
.attr('x', selected_node_bbox.width - 22 - http_icon_size) .attr('x', selected_node_bbox.width - 22 - http_icon_size)
.attr('y', selected_node_bbox.height - 13) .attr('y', selected_node_bbox.height - 13)
@ -504,6 +504,32 @@ function update(root, computed_node_width=0) {
}) })
.on('mouseout', () => d3.select('#tooltip').style('opacity', 0)); .on('mouseout', () => d3.select('#tooltip').style('opacity', 0));
}; };
if (d.data.legitimate) {
// set checkmark
d3.select(this).append("svg").append('rect')
.attr('x', selected_node_bbox.width - 22 - http_icon_size)
.attr('y', selected_node_bbox.height - 13)
.attr('width', malicious_icon_size)
.attr('height', malicious_icon_size)
.attr('fill', 'white')
.attr('stroke', 'black');
d3.select(this).append('image')
.attr('x', selected_node_bbox.width - 22 - http_icon_size)
.attr('y', selected_node_bbox.height - 13)
.attr('id', 'insecure_image')
.attr("width", malicious_icon_size)
.attr("height", malicious_icon_size)
.attr("xlink:href", '/static/check.svg')
.on('mouseover', () => {
d3.select('#tooltip')
.style('opacity', 1)
.style('left', `${d3.event.pageX + 10}px`)
.style('top', `${d3.event.pageY + 10}px`)
.text('This node containts only legitimate content');
})
.on('mouseout', () => d3.select('#tooltip').style('opacity', 0));
}
}); });
return node_group; return node_group;