dorothy2 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +15 -0
- data/CHANGELOG +14 -0
- data/README.md +10 -6
- data/TODO +1 -1
- data/UPDATE +7 -9
- data/bin/dorothy_start +3 -3
- data/bin/dparser_start +14 -11
- data/bin/dparser_stop +3 -0
- data/dorothy2.gemspec +2 -1
- data/etc/ddl/dorothive.ddl +38 -32
- data/etc/extensions.yml +7 -0
- data/lib/doroParser.rb +8 -15
- data/lib/dorothy2.rb +10 -9
- data/lib/dorothy2/BFM.rb +1 -1
- data/lib/dorothy2/DEM.rb +371 -448
- data/lib/dorothy2/NAM.rb +3 -3
- data/lib/dorothy2/do-init.rb +7 -0
- data/lib/dorothy2/do-utils.rb +10 -7
- data/lib/dorothy2/version.rb +1 -1
- data/lib/mu/xtractr.rb +1 -1
- data/lib/mu/xtractr/host.rb +6 -3
- metadata +184 -230
- data/lib/dorothy2/environment.rb +0 -25
data/lib/dorothy2/NAM.rb
CHANGED
|
@@ -19,12 +19,12 @@ module Dorothy
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def start_sniffer(vmaddress, interface, name, pcaphome)
|
|
22
|
-
Net::SSH.start(@server, @user, :password => @pass, :port =>@port) do
|
|
22
|
+
Net::SSH.start(@server, @user, :password => @pass, :port =>@port) do |ssh|
|
|
23
23
|
MANUAL ? not_rdp = "and not port 3389" : not_rdp = ""
|
|
24
|
-
|
|
24
|
+
ssh.exec "nohup sudo tcpdump -i #{interface} -s 1514 -w #{pcaphome}/#{name}.pcap host #{vmaddress} #{not_rdp} 2> log.tmp & "
|
|
25
25
|
|
|
26
26
|
begin
|
|
27
|
-
t =
|
|
27
|
+
t = ssh.exec!"ps aux |grep #{name}|grep -v grep|grep -v bash"
|
|
28
28
|
pid = t.split(" ")[1]
|
|
29
29
|
rescue
|
|
30
30
|
r = 0
|
data/lib/dorothy2/do-init.rb
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
#!/bin/env ruby
|
|
2
|
+
# encoding: utf-8
|
|
3
|
+
|
|
1
4
|
# Copyright (C) 2010-2013 marco riccardi.
|
|
2
5
|
# This file is part of Dorothy - http://www.honeynet.it/
|
|
3
6
|
# See the file 'LICENSE' for copying permission.
|
|
@@ -66,6 +69,7 @@ module Dorothy
|
|
|
66
69
|
conf["env"]["analysis_dir"] = "#{home}/opt/analyzed"
|
|
67
70
|
conf["env"]["geoip"] = "#{home}/etc/geo/GeoLiteCity.dat"
|
|
68
71
|
conf["env"]["geoasn"] = "#{home}/etc/geo/GeoIPASNum.dat"
|
|
72
|
+
conf["env"]["geoisp"] = "#{home}/etc/geo/GeoIPISP.dat"
|
|
69
73
|
|
|
70
74
|
conf["env"]["dtimeout"] = 3600
|
|
71
75
|
|
|
@@ -130,6 +134,9 @@ module Dorothy
|
|
|
130
134
|
puts "After how many seconds do you want to take the first screenshot? [1]"
|
|
131
135
|
conf["sandbox"]["screen1time"] = (t = gets.chop).empty? ? 1 : t
|
|
132
136
|
|
|
137
|
+
puts "Which is the sandox's network? [10.10.10.0/0]"
|
|
138
|
+
conf["sandbox"]["network"] = (t = gets.chop).empty? ? "10.10.10.0/0" : t
|
|
139
|
+
|
|
133
140
|
######################################################
|
|
134
141
|
###NAM
|
|
135
142
|
######################################################
|
data/lib/dorothy2/do-utils.rb
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
#!/bin/env ruby
|
|
2
|
+
# encoding: utf-8
|
|
3
|
+
|
|
1
4
|
# Copyright (C) 2010-2013 marco riccardi.
|
|
2
5
|
# This file is part of Dorothy - http://www.honeynet.it/
|
|
3
6
|
# See the file 'LICENSE' for copying permission.
|
|
@@ -16,14 +19,14 @@ module Dorothy
|
|
|
16
19
|
end
|
|
17
20
|
|
|
18
21
|
def init_db(ddl=DoroSettings.dorothive[:ddl], force=false)
|
|
19
|
-
LOGGER.warn "DB", "The database is going to be initialized with the file #{ddl}. If the Dorothive is already present, " + "all
|
|
22
|
+
LOGGER.warn "DB", "The database is going to be initialized with the file #{ddl}. If the Dorothive is already present, " + "all its data will be lost".red + ". Continue?(write yes)"
|
|
20
23
|
answ = "yes"
|
|
21
24
|
answ = gets.chop unless force
|
|
22
25
|
|
|
23
26
|
if answ == "yes"
|
|
24
27
|
begin
|
|
25
28
|
#ugly, I know, but couldn't find a better and easier way..
|
|
26
|
-
raise 'An error occurred' unless system "psql -h #{DoroSettings.dorothive[:dbhost]} -U #{DoroSettings.dorothive[:dbuser]} -f #{ddl} 1> /dev/null"
|
|
29
|
+
raise 'An error occurred' unless system "sh -c 'psql -h #{DoroSettings.dorothive[:dbhost]} -U #{DoroSettings.dorothive[:dbuser]} -f #{ddl} 1> /dev/null'"
|
|
27
30
|
LOGGER.info "DB", "Database correctly initialized. Now you can restart Dorothy!"
|
|
28
31
|
rescue => e
|
|
29
32
|
LOGGER.error "DB", $!
|
|
@@ -150,12 +153,12 @@ module Dorothy
|
|
|
150
153
|
@db.exec("SELECT CASE WHEN EXISTS (SELECT * FROM dorothy.#{table} LIMIT 1) THEN FALSE ELSE TRUE END").first["case"] == "t" ? true : false
|
|
151
154
|
end
|
|
152
155
|
|
|
153
|
-
def
|
|
154
|
-
@db.exec("UPDATE dorothy.
|
|
156
|
+
def update_sample_path(sample, path)
|
|
157
|
+
@db.exec("UPDATE dorothy.samples set path = '#{path}' where sha256 = #{sample}")
|
|
155
158
|
end
|
|
156
159
|
|
|
157
160
|
def set_analyzed(hash)
|
|
158
|
-
@db.exec("UPDATE dorothy.traffic_dumps set parsed = true where
|
|
161
|
+
@db.exec("UPDATE dorothy.traffic_dumps set parsed = true where sha256 = '#{hash}'")
|
|
159
162
|
end
|
|
160
163
|
|
|
161
164
|
def find_seq(seq)
|
|
@@ -168,7 +171,7 @@ module Dorothy
|
|
|
168
171
|
|
|
169
172
|
def malware_list
|
|
170
173
|
malwares = []
|
|
171
|
-
@db.exec("SELECT samples.
|
|
174
|
+
@db.exec("SELECT samples.sha256 FROM dorothy.samples").each do |q|
|
|
172
175
|
malwares.push q
|
|
173
176
|
end
|
|
174
177
|
return malwares
|
|
@@ -177,7 +180,7 @@ module Dorothy
|
|
|
177
180
|
def find_pcap
|
|
178
181
|
@pcaps = []
|
|
179
182
|
begin
|
|
180
|
-
@db.exec("SELECT traffic_dumps.
|
|
183
|
+
@db.exec("SELECT traffic_dumps.sha256, traffic_dumps.pcapr_id, traffic_dumps.size, traffic_dumps.binary, traffic_dumps.parsed, samples.md5 as \"sample\", analyses.date as \"date\", analyses.id as \"anal_id\" FROM dorothy.traffic_dumps, dorothy.samples, dorothy.analyses WHERE analyses.traffic_dump = traffic_dumps.sha256 AND analyses.sample = samples.sha256 AND traffic_dumps.parsed = false").each do |q|
|
|
181
184
|
@pcaps.push q
|
|
182
185
|
end
|
|
183
186
|
rescue
|
data/lib/dorothy2/version.rb
CHANGED
data/lib/mu/xtractr.rb
CHANGED
|
@@ -17,7 +17,7 @@ require 'mu/xtractr/content'
|
|
|
17
17
|
require 'mu/xtractr/field'
|
|
18
18
|
require 'mu/xtractr/flow'
|
|
19
19
|
require 'mu/xtractr/flows'
|
|
20
|
-
require '
|
|
20
|
+
require File.dirname(__FILE__) + '/xtractr/host' #overrides the gem one with the local (fixed for 1.9.3)
|
|
21
21
|
require 'mu/xtractr/packet'
|
|
22
22
|
require 'mu/xtractr/packets'
|
|
23
23
|
require 'mu/xtractr/service'
|
data/lib/mu/xtractr/host.rb
CHANGED
|
@@ -74,9 +74,12 @@ class Host
|
|
|
74
74
|
private
|
|
75
75
|
def role2q role, forp, q=nil # :nodoc:
|
|
76
76
|
_q = case role
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
77
|
+
when :any
|
|
78
|
+
"#{forp}.src|#{forp}.dst:\"#{address}\""
|
|
79
|
+
when :client
|
|
80
|
+
"#{forp}.src:\"#{address}\""
|
|
81
|
+
when :server
|
|
82
|
+
"#{forp}.dst:\"#{address}\""
|
|
80
83
|
else raise ArgumentError, "Unknown role #{role}"
|
|
81
84
|
end
|
|
82
85
|
_q << " #{q}" if q
|
metadata
CHANGED
|
@@ -1,262 +1,225 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dorothy2
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
5
|
-
prerelease:
|
|
6
|
-
segments:
|
|
7
|
-
- 1
|
|
8
|
-
- 1
|
|
9
|
-
- 0
|
|
10
|
-
version: 1.1.0
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.2.0
|
|
11
5
|
platform: ruby
|
|
12
|
-
authors:
|
|
6
|
+
authors:
|
|
13
7
|
- marco riccardi
|
|
14
8
|
autorequire:
|
|
15
9
|
bindir: bin
|
|
16
10
|
cert_chain: []
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
- !ruby/object:Gem::Dependency
|
|
11
|
+
date: 2013-12-01 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
21
14
|
name: net-scp
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
- - ">="
|
|
27
|
-
- !ruby/object:Gem::Version
|
|
28
|
-
hash: 31
|
|
29
|
-
segments:
|
|
30
|
-
- 1
|
|
31
|
-
- 0
|
|
32
|
-
- 4
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ! '>='
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
33
19
|
version: 1.0.4
|
|
34
20
|
type: :runtime
|
|
35
|
-
version_requirements: *id001
|
|
36
|
-
- !ruby/object:Gem::Dependency
|
|
37
|
-
name: net-ssh
|
|
38
21
|
prerelease: false
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ! '>='
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 1.0.4
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: net-ssh
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ! '>='
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
49
33
|
version: 2.2.1
|
|
50
34
|
type: :runtime
|
|
51
|
-
version_requirements: *id002
|
|
52
|
-
- !ruby/object:Gem::Dependency
|
|
53
|
-
name: trollop
|
|
54
35
|
prerelease: false
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - ! '>='
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 2.2.1
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: trollop
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ! '>='
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
65
47
|
version: 1.16.2
|
|
66
48
|
type: :runtime
|
|
67
|
-
version_requirements: *id003
|
|
68
|
-
- !ruby/object:Gem::Dependency
|
|
69
|
-
name: rest-client
|
|
70
49
|
prerelease: false
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ! '>='
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 1.16.2
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: rest-client
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ! '>='
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
81
61
|
version: 1.6.1
|
|
82
62
|
type: :runtime
|
|
83
|
-
version_requirements: *id004
|
|
84
|
-
- !ruby/object:Gem::Dependency
|
|
85
|
-
name: mime-types
|
|
86
63
|
prerelease: false
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - ! '>='
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: 1.6.1
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: mime-types
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ! '>='
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '1.16'
|
|
97
76
|
type: :runtime
|
|
98
|
-
version_requirements: *id005
|
|
99
|
-
- !ruby/object:Gem::Dependency
|
|
100
|
-
name: colored
|
|
101
77
|
prerelease: false
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ! '>='
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '1.16'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: colored
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ! '>='
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '1.2'
|
|
112
90
|
type: :runtime
|
|
113
|
-
version_requirements: *id006
|
|
114
|
-
- !ruby/object:Gem::Dependency
|
|
115
|
-
name: ruby-pg
|
|
116
91
|
prerelease: false
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
- 1
|
|
129
|
-
- 28
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - ! '>='
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '1.2'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: ruby-pg
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - ! '>='
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
130
103
|
version: 0.7.9.2008.01.28
|
|
131
104
|
type: :runtime
|
|
132
|
-
version_requirements: *id007
|
|
133
|
-
- !ruby/object:Gem::Dependency
|
|
134
|
-
name: virustotal
|
|
135
105
|
prerelease: false
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - ! '>='
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: 0.7.9.2008.01.28
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: virustotal
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - ! '>='
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
146
117
|
version: 2.0.0
|
|
147
118
|
type: :runtime
|
|
148
|
-
version_requirements: *id008
|
|
149
|
-
- !ruby/object:Gem::Dependency
|
|
150
|
-
name: nokogiri
|
|
151
119
|
prerelease: false
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - ! '>='
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: 2.0.0
|
|
125
|
+
- !ruby/object:Gem::Dependency
|
|
126
|
+
name: nokogiri
|
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
|
128
|
+
requirements:
|
|
155
129
|
- - ~>
|
|
156
|
-
- !ruby/object:Gem::Version
|
|
157
|
-
hash: 23
|
|
158
|
-
segments:
|
|
159
|
-
- 1
|
|
160
|
-
- 5
|
|
161
|
-
- 10
|
|
130
|
+
- !ruby/object:Gem::Version
|
|
162
131
|
version: 1.5.10
|
|
163
132
|
type: :runtime
|
|
164
|
-
version_requirements: *id009
|
|
165
|
-
- !ruby/object:Gem::Dependency
|
|
166
|
-
name: rbvmomi
|
|
167
133
|
prerelease: false
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
135
|
+
requirements:
|
|
136
|
+
- - ~>
|
|
137
|
+
- !ruby/object:Gem::Version
|
|
138
|
+
version: 1.5.10
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: rbvmomi
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - ! '>='
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
178
145
|
version: 1.3.0
|
|
179
146
|
type: :runtime
|
|
180
|
-
version_requirements: *id010
|
|
181
|
-
- !ruby/object:Gem::Dependency
|
|
182
|
-
name: ruby-filemagic
|
|
183
147
|
prerelease: false
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - ! '>='
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: 1.3.0
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: ruby-filemagic
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - ! '>='
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
194
159
|
version: 0.4.2
|
|
195
160
|
type: :runtime
|
|
196
|
-
version_requirements: *id011
|
|
197
|
-
- !ruby/object:Gem::Dependency
|
|
198
|
-
name: net-dns
|
|
199
161
|
prerelease: false
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - ! '>='
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: 0.4.2
|
|
167
|
+
- !ruby/object:Gem::Dependency
|
|
168
|
+
name: net-dns
|
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
|
170
|
+
requirements:
|
|
171
|
+
- - ! '>='
|
|
172
|
+
- !ruby/object:Gem::Version
|
|
210
173
|
version: 0.8.0
|
|
211
174
|
type: :runtime
|
|
212
|
-
version_requirements: *id012
|
|
213
|
-
- !ruby/object:Gem::Dependency
|
|
214
|
-
name: geoip
|
|
215
175
|
prerelease: false
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
+
requirements:
|
|
178
|
+
- - ! '>='
|
|
179
|
+
- !ruby/object:Gem::Version
|
|
180
|
+
version: 0.8.0
|
|
181
|
+
- !ruby/object:Gem::Dependency
|
|
182
|
+
name: geoip
|
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
|
184
|
+
requirements:
|
|
185
|
+
- - ! '>='
|
|
186
|
+
- !ruby/object:Gem::Version
|
|
226
187
|
version: 1.2.1
|
|
227
188
|
type: :runtime
|
|
228
|
-
version_requirements: *id013
|
|
229
|
-
- !ruby/object:Gem::Dependency
|
|
230
|
-
name: tmail
|
|
231
189
|
prerelease: false
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
191
|
+
requirements:
|
|
192
|
+
- - ! '>='
|
|
193
|
+
- !ruby/object:Gem::Version
|
|
194
|
+
version: 1.2.1
|
|
195
|
+
- !ruby/object:Gem::Dependency
|
|
196
|
+
name: tmail
|
|
197
|
+
requirement: !ruby/object:Gem::Requirement
|
|
198
|
+
requirements:
|
|
199
|
+
- - ! '>='
|
|
200
|
+
- !ruby/object:Gem::Version
|
|
243
201
|
version: 1.2.7.1
|
|
244
202
|
type: :runtime
|
|
245
|
-
|
|
203
|
+
prerelease: false
|
|
204
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
205
|
+
requirements:
|
|
206
|
+
- - ! '>='
|
|
207
|
+
- !ruby/object:Gem::Version
|
|
208
|
+
version: 1.2.7.1
|
|
246
209
|
description: A malware/botnet analysis framework written in Ruby.
|
|
247
|
-
email:
|
|
210
|
+
email:
|
|
248
211
|
- marco.riccardi@honeynet.it
|
|
249
|
-
executables:
|
|
212
|
+
executables:
|
|
250
213
|
- dorothy_start
|
|
251
214
|
- dorothy_stop
|
|
252
215
|
- dparser_start
|
|
253
216
|
- dparser_stop
|
|
254
217
|
extensions: []
|
|
255
|
-
|
|
256
|
-
extra_rdoc_files:
|
|
218
|
+
extra_rdoc_files:
|
|
257
219
|
- README.md
|
|
258
|
-
files:
|
|
220
|
+
files:
|
|
259
221
|
- .gitignore
|
|
222
|
+
- CHANGELOG
|
|
260
223
|
- Gemfile
|
|
261
224
|
- LICENSE
|
|
262
225
|
- README.md
|
|
@@ -284,7 +247,6 @@ files:
|
|
|
284
247
|
- lib/dorothy2/do-init.rb
|
|
285
248
|
- lib/dorothy2/do-logger.rb
|
|
286
249
|
- lib/dorothy2/do-utils.rb
|
|
287
|
-
- lib/dorothy2/environment.rb
|
|
288
250
|
- lib/dorothy2/version.rb
|
|
289
251
|
- lib/dorothy2/vtotal.rb
|
|
290
252
|
- lib/mu/xtractr.rb
|
|
@@ -322,36 +284,28 @@ files:
|
|
|
322
284
|
- var/log/parser.log
|
|
323
285
|
homepage: https://github.com/m4rco-/dorothy2
|
|
324
286
|
licenses: []
|
|
325
|
-
|
|
326
|
-
post_install_message: If you are upgrating from a previous version,
|
|
287
|
+
metadata: {}
|
|
288
|
+
post_install_message: ! '\n WARING: If you are upgrating from a previous version,
|
|
289
|
+
read the UPDATE file!\n'
|
|
327
290
|
rdoc_options: []
|
|
328
|
-
|
|
329
|
-
require_paths:
|
|
291
|
+
require_paths:
|
|
330
292
|
- lib
|
|
331
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
none: false
|
|
342
|
-
requirements:
|
|
343
|
-
- - ">="
|
|
344
|
-
- !ruby/object:Gem::Version
|
|
345
|
-
hash: 3
|
|
346
|
-
segments:
|
|
347
|
-
- 0
|
|
348
|
-
version: "0"
|
|
293
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
294
|
+
requirements:
|
|
295
|
+
- - ! '>='
|
|
296
|
+
- !ruby/object:Gem::Version
|
|
297
|
+
version: 1.9.3
|
|
298
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
299
|
+
requirements:
|
|
300
|
+
- - ! '>='
|
|
301
|
+
- !ruby/object:Gem::Version
|
|
302
|
+
version: '0'
|
|
349
303
|
requirements: []
|
|
350
|
-
|
|
351
304
|
rubyforge_project:
|
|
352
|
-
rubygems_version: 1.
|
|
305
|
+
rubygems_version: 2.1.10
|
|
353
306
|
signing_key:
|
|
354
|
-
specification_version:
|
|
307
|
+
specification_version: 4
|
|
355
308
|
summary: More info at http://www.honeynet.it
|
|
356
|
-
test_files:
|
|
309
|
+
test_files:
|
|
357
310
|
- test/tc_dorothy_full.rb
|
|
311
|
+
has_rdoc:
|