dorothy2 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +1 -3
- data/bin/dorothy_start +1 -1
- data/dorothy2.gemspec +1 -0
- data/lib/dorothy2/do-init.rb +9 -11
- data/lib/dorothy2/version.rb +1 -1
- metadata +30 -14
data/README.md
CHANGED
@@ -31,7 +31,7 @@ The framework is mainly composed by four big elements that can be even executed
|
|
31
31
|
|
32
32
|
Our botnet infiltration module, refers to this [ppt](https://www.honeynet.it/wp-content/uploads/Presentations/JDrone.pptx) presentation for an overview.
|
33
33
|
|
34
|
-
The first three modules are (or will be soon) publicly released under GPL
|
34
|
+
The first three modules are (or will be soon) publicly released under GPL 3 license as tribute to the the [Honeynet Project Alliance](http://www.honeynet.org).
|
35
35
|
All the information generated by the framework - i.e. binary info, timestamps, dissected network analysis - are stored into a postgres DB (Dorothive) in order to be used for further analysis.
|
36
36
|
A no-SQL database (CouchDB) is also used to mass store all the traffic dumps thanks to the [pcapr/xtractr](https://code.google.com/p/pcapr/wiki/Xtractr) technology.
|
37
37
|
|
@@ -180,8 +180,6 @@ or
|
|
180
180
|
$ brew install libmagic
|
181
181
|
$ brew link libmagic
|
182
182
|
|
183
|
-
4. Install the xtractr gem, for a detailed howto, go [here](https://code.google.com/p/pcapr/wiki/Xtractr).
|
184
|
-
|
185
183
|
### 3. Install Dorothy gem
|
186
184
|
|
187
185
|
*Install Dorothy gem
|
data/bin/dorothy_start
CHANGED
@@ -116,7 +116,7 @@ rescue => e
|
|
116
116
|
if e.inspect =~ /exist/
|
117
117
|
puts "WARNING".yellow + " The database doesn't exist yet. Press Enter to load the ddl into the DB"
|
118
118
|
gets
|
119
|
-
Util.init_db(
|
119
|
+
Util.init_db(DoroSettings.dorothive[:ddl])
|
120
120
|
exit(0)
|
121
121
|
else
|
122
122
|
puts "ERROR".red + " Can't connect to the database"
|
data/dorothy2.gemspec
CHANGED
@@ -23,6 +23,7 @@ Gem::Specification.new do |gem|
|
|
23
23
|
gem.add_dependency(%q<colored>, [">= 1.2"])
|
24
24
|
gem.add_dependency(%q<ruby-pg>, [">= 0.7.9.2008.01.28"])
|
25
25
|
gem.add_dependency(%q<virustotal>, [">= 2.0.0"])
|
26
|
+
gem.add_dependency(%q<nokogiri>, ["~> 1.5.10"])
|
26
27
|
gem.add_dependency(%q<rbvmomi>, [">= 1.3.0"])
|
27
28
|
gem.add_dependency(%q<ruby-filemagic>, [">= 0.4.2"])
|
28
29
|
#for dparser
|
data/lib/dorothy2/do-init.rb
CHANGED
@@ -10,7 +10,7 @@ module Dorothy
|
|
10
10
|
|
11
11
|
def init_home(home)
|
12
12
|
puts "INIT".yellow + " Creating Directoy structure in #{home}"
|
13
|
-
Dir.mkdir(home)
|
13
|
+
Dir.mkdir(home) unless Util.exists?("#{home}")
|
14
14
|
unless Util.exists?("#{home}/opt")
|
15
15
|
Dir.mkdir("#{home}/opt")
|
16
16
|
Dir.mkdir("#{home}/opt/bins")
|
@@ -45,6 +45,7 @@ module Dorothy
|
|
45
45
|
conf["nam"] = Hash.new
|
46
46
|
conf["virustotal"] = Hash.new
|
47
47
|
conf["esx"] = Hash.new
|
48
|
+
conf["pcapr"] = Hash.new
|
48
49
|
|
49
50
|
|
50
51
|
################################################
|
@@ -58,10 +59,7 @@ module Dorothy
|
|
58
59
|
|
59
60
|
home = conf["env"]["home"]
|
60
61
|
|
61
|
-
|
62
|
-
self.init_home(home)
|
63
|
-
end
|
64
|
-
|
62
|
+
self.init_home(home)
|
65
63
|
|
66
64
|
|
67
65
|
|
@@ -69,7 +67,7 @@ module Dorothy
|
|
69
67
|
|
70
68
|
conf["env"]["pidfile"] = "#{home}/var/dorothy.pid"
|
71
69
|
conf["env"]["pidfile_parser"] = "#{home}/var/doroParser.pid"
|
72
|
-
conf["env"]["analysis_dir"] = "#{home}/opt/analyzed"
|
70
|
+
conf["env"]["analysis_dir"] = "#{home}/opt/analyzed"
|
73
71
|
conf["env"]["geoip"] = "#{home}/etc/geo/GeoLiteCity.dat"
|
74
72
|
conf["env"]["geoasn"] = "#{home}/etc/geo/GeoIPASNum.dat"
|
75
73
|
|
@@ -93,8 +91,8 @@ module Dorothy
|
|
93
91
|
puts "DB Name [dorothive]:"
|
94
92
|
conf["dorothive"]["dbname"] = (t = gets.chop).empty? ? "dorothive" : t
|
95
93
|
|
96
|
-
puts "DB Username [
|
97
|
-
conf["dorothive"]["dbuser"] = (t = gets.chop).empty? ? "
|
94
|
+
puts "DB Username [postgres]:"
|
95
|
+
conf["dorothive"]["dbuser"] = (t = gets.chop).empty? ? "postgres" : t
|
98
96
|
|
99
97
|
puts "DB Password"
|
100
98
|
conf["dorothive"]["dbpass"] = gets.chop
|
@@ -148,12 +146,12 @@ module Dorothy
|
|
148
146
|
puts "Username [dorothy] :"
|
149
147
|
conf["nam"]["user"] = (t = gets.chop).empty? ? "dorothy" : t
|
150
148
|
|
151
|
-
puts "SSH Port [22] :"
|
152
|
-
conf["nam"]["port"] = (t = gets.chop).empty? ? 22 : t
|
153
|
-
|
154
149
|
puts "Password:"
|
155
150
|
conf["nam"]["pass"] = gets.chop
|
156
151
|
|
152
|
+
puts "SSH Port [22] :"
|
153
|
+
conf["nam"]["port"] = (t = gets.chop).empty? ? 22 : t
|
154
|
+
|
157
155
|
puts "Folder where to store PCAP files [~/pcaps]"
|
158
156
|
conf["nam"]["pcaphome"] = (t = gets.chop).empty? ? "~/pcaps" : t
|
159
157
|
|
data/lib/dorothy2/version.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dorothy2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 21
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 1
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 1.0.
|
9
|
+
- 1
|
10
|
+
version: 1.0.1
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- marco riccardi
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2013-
|
18
|
+
date: 2013-07-01 00:00:00 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: net-scp
|
@@ -147,9 +147,25 @@ dependencies:
|
|
147
147
|
type: :runtime
|
148
148
|
version_requirements: *id008
|
149
149
|
- !ruby/object:Gem::Dependency
|
150
|
-
name:
|
150
|
+
name: nokogiri
|
151
151
|
prerelease: false
|
152
152
|
requirement: &id009 !ruby/object:Gem::Requirement
|
153
|
+
none: false
|
154
|
+
requirements:
|
155
|
+
- - ~>
|
156
|
+
- !ruby/object:Gem::Version
|
157
|
+
hash: 23
|
158
|
+
segments:
|
159
|
+
- 1
|
160
|
+
- 5
|
161
|
+
- 10
|
162
|
+
version: 1.5.10
|
163
|
+
type: :runtime
|
164
|
+
version_requirements: *id009
|
165
|
+
- !ruby/object:Gem::Dependency
|
166
|
+
name: rbvmomi
|
167
|
+
prerelease: false
|
168
|
+
requirement: &id010 !ruby/object:Gem::Requirement
|
153
169
|
none: false
|
154
170
|
requirements:
|
155
171
|
- - ">="
|
@@ -161,11 +177,11 @@ dependencies:
|
|
161
177
|
- 0
|
162
178
|
version: 1.3.0
|
163
179
|
type: :runtime
|
164
|
-
version_requirements: *
|
180
|
+
version_requirements: *id010
|
165
181
|
- !ruby/object:Gem::Dependency
|
166
182
|
name: ruby-filemagic
|
167
183
|
prerelease: false
|
168
|
-
requirement: &
|
184
|
+
requirement: &id011 !ruby/object:Gem::Requirement
|
169
185
|
none: false
|
170
186
|
requirements:
|
171
187
|
- - ">="
|
@@ -177,11 +193,11 @@ dependencies:
|
|
177
193
|
- 2
|
178
194
|
version: 0.4.2
|
179
195
|
type: :runtime
|
180
|
-
version_requirements: *
|
196
|
+
version_requirements: *id011
|
181
197
|
- !ruby/object:Gem::Dependency
|
182
198
|
name: net-dns
|
183
199
|
prerelease: false
|
184
|
-
requirement: &
|
200
|
+
requirement: &id012 !ruby/object:Gem::Requirement
|
185
201
|
none: false
|
186
202
|
requirements:
|
187
203
|
- - ">="
|
@@ -193,11 +209,11 @@ dependencies:
|
|
193
209
|
- 0
|
194
210
|
version: 0.8.0
|
195
211
|
type: :runtime
|
196
|
-
version_requirements: *
|
212
|
+
version_requirements: *id012
|
197
213
|
- !ruby/object:Gem::Dependency
|
198
214
|
name: geoip
|
199
215
|
prerelease: false
|
200
|
-
requirement: &
|
216
|
+
requirement: &id013 !ruby/object:Gem::Requirement
|
201
217
|
none: false
|
202
218
|
requirements:
|
203
219
|
- - ">="
|
@@ -209,11 +225,11 @@ dependencies:
|
|
209
225
|
- 1
|
210
226
|
version: 1.2.1
|
211
227
|
type: :runtime
|
212
|
-
version_requirements: *
|
228
|
+
version_requirements: *id013
|
213
229
|
- !ruby/object:Gem::Dependency
|
214
230
|
name: tmail
|
215
231
|
prerelease: false
|
216
|
-
requirement: &
|
232
|
+
requirement: &id014 !ruby/object:Gem::Requirement
|
217
233
|
none: false
|
218
234
|
requirements:
|
219
235
|
- - ">="
|
@@ -226,7 +242,7 @@ dependencies:
|
|
226
242
|
- 1
|
227
243
|
version: 1.2.7.1
|
228
244
|
type: :runtime
|
229
|
-
version_requirements: *
|
245
|
+
version_requirements: *id014
|
230
246
|
description: A malware/botnet analysis framework written in Ruby.
|
231
247
|
email:
|
232
248
|
- marco.riccardi@honeynet.it
|