dorothy2 1.0.0 → 1.0.1

data/README.md

@@ -31,7 +31,7 @@ The framework is mainly composed by four big elements that can be even executed
 
  Our botnet infiltration module, refers to this [ppt](https://www.honeynet.it/wp-content/uploads/Presentations/JDrone.pptx) presentation for an overview.
 
-The first three modules are (or will be soon) publicly released under GPL 2/3 license as tribute to the the [Honeynet Project Alliance](http://www.honeynet.org).
+The first three modules are (or will be soon) publicly released under GPL 3 license as tribute to the the [Honeynet Project Alliance](http://www.honeynet.org).
 All the information generated by the framework - i.e. binary info, timestamps, dissected network analysis - are stored into a postgres DB (Dorothive) in order to be used for further analysis.
 A no-SQL database (CouchDB) is also used to mass store all the traffic dumps thanks to the [pcapr/xtractr](https://code.google.com/p/pcapr/wiki/Xtractr) technology.
 
@@ -180,8 +180,6 @@ or
         $ brew install libmagic
         $ brew link libmagic
 
-4. Install the xtractr gem, for a detailed howto, go [here](https://code.google.com/p/pcapr/wiki/Xtractr).
-
 ### 3. Install Dorothy gem
 
 *Install Dorothy gem

data/bin/dorothy_start

@@ -116,7 +116,7 @@ rescue => e
   if e.inspect =~ /exist/
     puts "WARNING".yellow + " The database doesn't exist yet. Press Enter to load the ddl into the DB"
     gets
-    Util.init_db(true)
+    Util.init_db(DoroSettings.dorothive[:ddl])
     exit(0)
   else
     puts "ERROR".red + " Can't connect to the database"

data/dorothy2.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency(%q<colored>, [">= 1.2"])
   gem.add_dependency(%q<ruby-pg>, [">= 0.7.9.2008.01.28"])
   gem.add_dependency(%q<virustotal>, [">= 2.0.0"])
+  gem.add_dependency(%q<nokogiri>, ["~> 1.5.10"])
   gem.add_dependency(%q<rbvmomi>, [">= 1.3.0"])
   gem.add_dependency(%q<ruby-filemagic>, [">= 0.4.2"])
   #for dparser

data/lib/dorothy2/do-init.rb

@@ -10,7 +10,7 @@ module Dorothy
 
     def init_home(home)
       puts "INIT".yellow + " Creating Directoy structure in #{home}"
-      Dir.mkdir(home)
+      Dir.mkdir(home) unless Util.exists?("#{home}")
       unless Util.exists?("#{home}/opt")
         Dir.mkdir("#{home}/opt")
         Dir.mkdir("#{home}/opt/bins")
@@ -45,6 +45,7 @@ module Dorothy
         conf["nam"] = Hash.new
         conf["virustotal"] = Hash.new
         conf["esx"] = Hash.new
+        conf["pcapr"] = Hash.new
 
 
         ################################################
@@ -58,10 +59,7 @@ module Dorothy
 
         home = conf["env"]["home"]
 
-        unless Util.exists?(home)
-          self.init_home(home)
-        end
-
+        self.init_home(home)
 
 
 
@@ -69,7 +67,7 @@ module Dorothy
 
         conf["env"]["pidfile"] = "#{home}/var/dorothy.pid"
         conf["env"]["pidfile_parser"] = "#{home}/var/doroParser.pid"
-        conf["env"]["analysis_dir"] = "#{home}/opt/analyzed"   # TODO if doesn't exist, create it. -> Dir.mkdir("mynewdir")
+        conf["env"]["analysis_dir"] = "#{home}/opt/analyzed"
         conf["env"]["geoip"] = "#{home}/etc/geo/GeoLiteCity.dat"
         conf["env"]["geoasn"] = "#{home}/etc/geo/GeoIPASNum.dat"
 
@@ -93,8 +91,8 @@ module Dorothy
         puts "DB Name [dorothive]:"
         conf["dorothive"]["dbname"] = (t = gets.chop).empty? ? "dorothive" : t
 
-        puts "DB Username [dorothy]:"
-        conf["dorothive"]["dbuser"] = (t = gets.chop).empty? ? "dorothy" : t
+        puts "DB Username [postgres]:"
+        conf["dorothive"]["dbuser"] = (t = gets.chop).empty? ? "postgres" : t
 
         puts "DB Password"
         conf["dorothive"]["dbpass"] = gets.chop
@@ -148,12 +146,12 @@ module Dorothy
         puts "Username [dorothy] :"
         conf["nam"]["user"] = (t = gets.chop).empty? ? "dorothy" : t
 
-        puts "SSH Port [22] :"
-        conf["nam"]["port"] = (t = gets.chop).empty? ? 22 : t
-
         puts "Password:"
         conf["nam"]["pass"] = gets.chop
 
+        puts "SSH Port [22] :"
+        conf["nam"]["port"] = (t = gets.chop).empty? ? 22 : t
+
         puts "Folder where to store PCAP files [~/pcaps]"
         conf["nam"]["pcaphome"] = (t = gets.chop).empty? ? "~/pcaps" : t
 

data/lib/dorothy2/version.rb

@@ -1,3 +1,3 @@
 module Dorothy2
-  VERSION = "1.0.0"
+  VERSION = "1.0.1"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: dorothy2
 version: !ruby/object:Gem::Version 
-  hash: 23
+  hash: 21
   prerelease: 
   segments: 
   - 1
   - 0
-  - 0
-  version: 1.0.0
+  - 1
+  version: 1.0.1
 platform: ruby
 authors: 
 - marco riccardi
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2013-06-07 00:00:00 Z
+date: 2013-07-01 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: net-scp
@@ -147,9 +147,25 @@ dependencies:
   type: :runtime
   version_requirements: *id008
 - !ruby/object:Gem::Dependency 
-  name: rbvmomi
+  name: nokogiri
   prerelease: false
   requirement: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 1
+        - 5
+        - 10
+        version: 1.5.10
+  type: :runtime
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency 
+  name: rbvmomi
+  prerelease: false
+  requirement: &id010 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -161,11 +177,11 @@ dependencies:
         - 0
         version: 1.3.0
   type: :runtime
-  version_requirements: *id009
+  version_requirements: *id010
 - !ruby/object:Gem::Dependency 
   name: ruby-filemagic
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  requirement: &id011 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -177,11 +193,11 @@ dependencies:
         - 2
         version: 0.4.2
   type: :runtime
-  version_requirements: *id010
+  version_requirements: *id011
 - !ruby/object:Gem::Dependency 
   name: net-dns
   prerelease: false
-  requirement: &id011 !ruby/object:Gem::Requirement 
+  requirement: &id012 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -193,11 +209,11 @@ dependencies:
         - 0
         version: 0.8.0
   type: :runtime
-  version_requirements: *id011
+  version_requirements: *id012
 - !ruby/object:Gem::Dependency 
   name: geoip
   prerelease: false
-  requirement: &id012 !ruby/object:Gem::Requirement 
+  requirement: &id013 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -209,11 +225,11 @@ dependencies:
         - 1
         version: 1.2.1
   type: :runtime
-  version_requirements: *id012
+  version_requirements: *id013
 - !ruby/object:Gem::Dependency 
   name: tmail
   prerelease: false
-  requirement: &id013 !ruby/object:Gem::Requirement 
+  requirement: &id014 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -226,7 +242,7 @@ dependencies:
         - 1
         version: 1.2.7.1
   type: :runtime
-  version_requirements: *id013
+  version_requirements: *id014
 description: A malware/botnet analysis framework written in Ruby.
 email: 
 - marco.riccardi@honeynet.it