-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathunquote.py
83 lines (67 loc) · 2.42 KB
/
unquote.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
import honeypotconfig
import os
infected_files = dict()
def unquoteDirectory(path):
# currentdir = os.getcwd()[:-3]
script_path = os.path.dirname(os.path.abspath( __file__ ))
# Open the Clam-AV log
with open(script_path + "/scanlogs/Clam-report.log") as f:
for line in f:
if line.strip().endswith("FOUND"):
line = line.split(":")[0]
# Check if the the directory path(key) exists
# If key exists, append value "Clam-AV"
# If it doesn't, create the key
if line in infected_files:
# If Clam-AV already exists for that key, go to the next iteration of loop
if infected_files[line].endswith("Clam-AV"):
continue
infected_files[line] = infected_files[line] + ", Clam-AV"
else:
infected_files[line] = " Clam-AV"
# Open the YARA log
with open(script_path + "/scanlogs/Yara-report.log") as f:
start = False
for line in f:
# The start of yara rule
if "------------" in line:
start = True
continue
# The end of yara rule
elif line.startswith("yara -r"):
start = False
if start:
if line.strip():
line = line.split(" ")[1].strip()
# Check if the the directory path(key) exists
# If key exists, append value "YARA"
# If it doesn't, create the key
if line in infected_files:
# If YARA already exists for that key, go to the next iteration of loop
if infected_files[line].endswith("YARA"):
continue
infected_files[line] = infected_files[line] + ", YARA"
else:
infected_files[line] = " YARA"
infected_urls = dict()
for k, v in infected_files.iteritems():
# Check if "http" string not in folder name
# If "http" not in folder name, use parent directory as "website"
# Else use folder with first occurrence of "http"
if k.rfind("/") < k.find("http") or k.find("http") == -1:
website = k[:k.rfind("/")]
else:
website = k[k.find("http"):].split("/")[0]
# Place files(Value) under respective folder(Key)
# If folder(Key) exist, append
# Else create
if website in infected_urls:
infected_urls[website] = infected_urls[website] + "\n\t" + k + v
else:
infected_urls[website] = "\n\t" + k + v
# Write to file, replacing %3A%2F%2F with ://
with open(script_path + "/scanlogs/Malicious-Websites.log", "w") as f:
f.write("Infected directories: " + str(len(infected_urls)) + "\n")
for k, v in infected_urls.iteritems():
f.write("\n\n" + k.replace("%3A%2F%2F" , "://"))
f.write(v)