forked from armbues/ioc_parser
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoutput.py
106 lines (81 loc) · 2.92 KB
/
output.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import os
import sys
import csv
import json
OUTPUT_FORMATS = ('csv', 'json', 'yara', 'netflow', )
def getHandler(output_format):
output_format = output_format.lower()
if output_format not in OUTPUT_FORMATS:
print("[WARNING] Invalid output format specified.. using CSV")
output_format = 'csv'
handler_format = "OutputHandler_" + output_format
handler_class = getattr(sys.modules[__name__], handler_format)
return handler_class()
class OutputHandler(object):
def print_match(self, fpath, page, name, match):
pass
def print_header(self, fpath):
pass
def print_footer(self, fpath):
pass
def print_error(self, fpath, exception):
print("[ERROR] %s" % (exception))
class OutputHandler_csv(OutputHandler):
def __init__(self):
self.csv_writer = csv.writer(sys.stdout, delimiter = '\t')
def print_match(self, fpath, page, name, match):
self.csv_writer.writerow((fpath, page, name, match))
def print_error(self, fpath, exception):
self.csv_writer.writerow((fpath, '0', 'error', exception))
class OutputHandler_json(OutputHandler):
def print_match(self, fpath, page, name, match):
data = {
'path' : fpath,
'file' : os.path.basename(fpath),
'page' : page,
'type' : name,
'match': match
}
print(json.dumps(data))
def print_error(self, fpath, exception):
data = {
'path' : fpath,
'file' : os.path.basename(fpath),
'type' : 'error',
'exception' : exception
}
print(json.dumps(data))
class OutputHandler_yara(OutputHandler):
def __init__(self):
self.rule_enc = ''.join(chr(c) if chr(c).isupper() or chr(c).islower() or chr(c).isdigit() else '_' for c in range(256))
def print_match(self, fpath, page, name, match):
if name in self.cnt:
self.cnt[name] += 1
else:
self.cnt[name] = 1
string_id = "$%s%d" % (name, self.cnt[name])
self.sids.append(string_id)
string_value = match.replace('\\', '\\\\')
print("\t\t%s = \"%s\"" % (string_id, string_value))
def print_header(self, fpath):
rule_name = os.path.splitext(os.path.basename(fpath))[0].translate(self.rule_enc)
print("rule %s" % (rule_name))
print("{")
print("\tstrings:")
self.cnt = {}
self.sids = []
def print_footer(self, fpath):
cond = ' or '.join(self.sids)
print("\tcondition:")
print("\t\t" + cond)
print("}")
class OutputHandler_netflow(OutputHandler):
def __init__(self):
print "host 255.255.255.255"
def print_match(self, fpath, page, name, match):
data = {
'type' : name,
'match': match
}
if data["type"] == "IP":
print " or host %s " % data["match"]