RubyGems - dorothy2 - Versions diffs - 1.2.0 → 2.0.0 - Mend

dorothy2 1.2.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

checksums.yaml +8 -8
data/CHANGELOG +39 -14
data/README.md +80 -62
data/UPDATE +6 -14
data/bin/dorothy2 +472 -0
data/dorothy2.gemspec +22 -16
data/etc/ddl/dorothive.ddl +619 -373
data/etc/sources.yml.example +27 -2
data/lib/doroGUI.rb +232 -0
data/lib/doroParser.rb +34 -78
data/lib/dorothy2.rb +288 -248
data/lib/dorothy2/BFM.rb +114 -61
data/lib/dorothy2/DEM.rb +3 -1
data/lib/dorothy2/NAM.rb +2 -2
data/lib/dorothy2/Settings.rb +2 -1
data/lib/dorothy2/VSM.rb +2 -1
data/lib/dorothy2/deep_symbolize.rb +2 -7
data/lib/dorothy2/do-init.rb +286 -19
data/lib/dorothy2/do-logger.rb +1 -1
data/lib/dorothy2/do-utils.rb +382 -33
data/lib/dorothy2/version.rb +1 -1
data/lib/dorothy2/vtotal.rb +30 -20
data/lib/mu/xtractr.rb +11 -11
data/lib/mu/xtractr/stream.rb +1 -1
data/lib/www/public/reset.css +153 -0
data/lib/www/public/style.css +65 -0
data/lib/www/views/analyses.erb +28 -0
data/lib/www/views/email.erb +63 -0
data/lib/www/views/flows.erb +30 -0
data/lib/www/views/layout.erb +27 -0
data/lib/www/views/profile.erb +49 -0
data/lib/www/views/queue.erb +28 -0
data/lib/www/views/resume.erb +135 -0
data/lib/www/views/resume.erb~ +88 -0
data/lib/www/views/samples.erb +20 -0
data/lib/www/views/upload.erb +154 -0
data/share/img/The_big_picture.pdf +0 -0
data/test/tc_dorothy_full.rb +3 -0
metadata +169 -70
data/TODO +0 -27
data/bin/dorothy_start +0 -225
data/bin/dorothy_stop +0 -28
data/bin/dparser_start +0 -94
data/bin/dparser_stop +0 -31
data/etc/dorothy copy.yml.example +0 -39
data/etc/extensions.yml +0 -41
data/share/update-dorothive.sql +0 -19

data/share/img/The_big_picture.pdf CHANGED

Binary file

data/test/tc_dorothy_full.rb CHANGED

@@ -4,6 +4,9 @@ require 'dorothy2'          #comment for testing/developmnet
 #load '../lib/dorothy2.rb'
+#Those tests have not been ported to the latest version of dorothy2. They wont work. #TODO: fix this
 include Dorothy
 LOGGER = DoroLogger.new(STDOUT, "weekly")

metadata CHANGED

@@ -1,85 +1,85 @@
 --- !ruby/object:Gem::Specification
 name: dorothy2
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 2.0.0
 platform: ruby
 authors:
 - marco riccardi
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-12-01 00:00:00.000000000 Z
+date: 2014-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-scp
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.0.4
+        version: 1.1.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.0.4
+        version: 1.1.2
 - !ruby/object:Gem::Dependency
   name: net-ssh
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 2.2.1
+        version: 2.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 2.2.1
+        version: 2.7.0
 - !ruby/object:Gem::Dependency
   name: trollop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.16.2
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.16.2
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rest-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: 1.6.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: 1.6.7
 - !ruby/object:Gem::Dependency
-  name: mime-types
+  name: mail
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.5.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.5.4
 - !ruby/object:Gem::Dependency
   name: colored
   requirement: !ruby/object:Gem::Requirement
@@ -95,125 +95,220 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
-  name: ruby-pg
+  name: pg
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.7.9.2008.01.28
+        version: 0.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.7.9.2008.01.28
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
-  name: virustotal
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 1.5.11
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 1.5.11
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: uirusu
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.5.10
+        version: 0.0.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.5.10
+        version: 0.0.6
 - !ruby/object:Gem::Dependency
   name: rbvmomi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+- !ruby/object:Gem::Dependency
+  name: ruby-filemagic
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.1.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.1.6
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.1.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.1.6
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.1.0.beta1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.1.0.beta1
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.4.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.4.4
+- !ruby/object:Gem::Dependency
+  name: sinatra-activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.3.0
 - !ruby/object:Gem::Dependency
-  name: ruby-filemagic
+  name: sinatra-contrib
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 0.4.2
+        version: 1.4.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.4.2
+- !ruby/object:Gem::Dependency
+  name: namespace
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 0.4.2
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: net-dns
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: geoip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.3.5
 - !ruby/object:Gem::Dependency
-  name: tmail
+  name: whois
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.2.7.1
+        version: 3.5.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.2.7.1
+        version: 3.5.3
 description: A malware/botnet analysis framework written in Ruby.
 email:
 - marco.riccardi@honeynet.it
 executables:
-- dorothy_start
-- dorothy_stop
-- dparser_start
-- dparser_stop
+- dorothy2
 extensions: []
 extra_rdoc_files:
 - README.md
@@ -224,18 +319,13 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- TODO
 - UPDATE
-- bin/dorothy_start
-- bin/dorothy_stop
-- bin/dparser_start
-- bin/dparser_stop
+- bin/dorothy2
 - dorothy2.gemspec
 - etc/ddl/dorothive.ddl
-- etc/dorothy copy.yml.example
-- etc/extensions.yml
 - etc/sandboxes.yml.example
 - etc/sources.yml.example
+- lib/doroGUI.rb
 - lib/doroParser.rb
 - lib/dorothy2.rb
 - lib/dorothy2/BFM.rb
@@ -276,23 +366,33 @@ files:
 - lib/mu/xtractr/test/tc_xtractr.rb
 - lib/mu/xtractr/test/test.rb
 - lib/mu/xtractr/views.rb
+- lib/www/public/reset.css
+- lib/www/public/style.css
+- lib/www/views/analyses.erb
+- lib/www/views/email.erb
+- lib/www/views/flows.erb
+- lib/www/views/layout.erb
+- lib/www/views/profile.erb
+- lib/www/views/queue.erb
+- lib/www/views/resume.erb
+- lib/www/views/resume.erb~
+- lib/www/views/samples.erb
+- lib/www/views/upload.erb
 - share/img/Dorothy-Basic.pdf
 - share/img/Setup-Advanced.pdf
 - share/img/The_big_picture.pdf
-- share/update-dorothive.sql
 - test/tc_dorothy_full.rb
-- var/log/parser.log
 homepage: https://github.com/m4rco-/dorothy2
 licenses: []
 metadata: {}
-post_install_message: ! '\n WARING: If you are upgrating from a previous version,
-  read the UPDATE file!\n'
+post_install_message: ! '\n\n\n \t\t WARING: If you are upgrating from a previous
+  version, read the UPDATE file! \t\t\n\n\n'
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ~>
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
@@ -302,10 +402,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.1.10
+rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
 summary: More info at http://www.honeynet.it
 test_files:
 - test/tc_dorothy_full.rb
-has_rdoc:

data/TODO DELETED

@@ -1,27 +0,0 @@
-##############
-#DOROTHY-TODO#
-##############
--PORT TO Ruby 2.0
--WGUI
-#IMPROVE INSTALLATION PROCESS
--Include pcapr-local installation 80%
--ADD args from command line for recreating the baseline
--BINARY STATIC ANALYSIS
--ANALYZE SYSTEM CHANGES 50%
-	-ListFileInGuest -> Create Files/Folder Baseline.
--MANAGE SIG-INT WHILE MULTITHREAD
--INTERACTIVE CONSOLE 90%
--ADD VNC CLIENT SPAWN IN MANUAL MODE
--REVIEW DOROTHIVE (binary fullpath?)
--ADD EMAIL AS SOURCETYPE (use ruby mail gem for retrieving the emails, and parse them)
--REPORT PLUGIN
- -REPORT - MAEC