honeycomb 0.0.1

data/lib/honeycomb/model.rb

@@ -0,0 +1,78 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+require 'dm-core'
+require 'dm-types'
+require 'dm-transactions'
+require 'dm-validations'
+require 'dm-serializer'
+require 'dm-timestamps'
+
+require 'honeycomb/model'
+require 'honeycomb/environment'
+
+module Honeycomb
+
+  module Model
+    module FixtureTable
+      def fixture_table?
+        true
+      end
+    end
+
+    require 'honeycomb/model/connections'
+    require 'honeycomb/model/logins'
+    require 'honeycomb/model/dcerpcbinds'
+    require 'honeycomb/model/dcerpcrequests'
+    require 'honeycomb/model/dcerpcserviceops'
+    require 'honeycomb/model/dcerpcservices'
+    require 'honeycomb/model/downloads'
+    require 'honeycomb/model/emu_profiles'
+    require 'honeycomb/model/emu_services'
+    require 'honeycomb/model/mssql_commands'
+    require 'honeycomb/model/mssql_fingerprints'
+    require 'honeycomb/model/offers'
+    require 'honeycomb/model/p0fs'
+    require 'honeycomb/model/resolves'
+    require 'honeycomb/model/virustotals'
+    require 'honeycomb/model/virustotalscans'
+
+    # TODO: Comment
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+
+    # Sets up the model using with the currently configured db_conn 
+    # configuration.
+    def self.setup!(dir = Pathname.new(__FILE__).dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      num = 1
+      DataMapper.setup(:default, "sqlite:///#{dir}honeypot.sqlite")
+      self.all_databases.each do |database|
+        DataMapper.setup(num.to_s.to_sym, "sqlite:///#{dir}#{database}") 
+        num = num + 1
+      end  
+      DataMapper.finalize
+      @setup = true
+    end
+
+
+  end
+end

data/lib/honeycomb/model/connections.rb

@@ -0,0 +1,78 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+require 'honeycomb/model'
+
+module Honeycomb
+  class Connections
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "connections"
+    end
+
+
+    property :connection,         Integer, :key => true
+
+    property :connection_type,    Text
+
+    property :connection_transport,         Text
+
+    property :connection_protocol,          Text
+
+    property :connection_timestamp,         Integer
+
+    property :connection_root,       Integer
+
+    property :connection_parent,        Integer
+
+    property :local_host,      Text
+
+    property :local_port,        Integer
+
+    property :remote_host,    Text
+
+    property :remote_hostname,   Text 
+
+    property :remote_port,   Integer
+
+    has n, :logins, :child_key => [ :connection ] 
+    has n, :download,  :child_key => [ :connection ] 
+    has n, :offers, :child_key => [ :connection ] 
+    has n, :dcerpcbinds, :child_key => [ :connection ] 
+    has n, :dcerpcrequests, :child_key => [ :connection ] 
+    has n, :dcerpcserviceops, :child_key => [ :connection ] 
+    has n, :dcerpcservices, :child_key => [ :connection ] 
+    has n, :emu_profiles, :child_key => [ :connection ] 
+    has n, :emu_services, :child_key => [ :connection ] 
+    has n, :mssql_commands, :child_key => [ :connection ] 
+    has n, :mssql_fingerprints, :child_key => [ :connection ] 
+    has n, :p0fs, :child_key => [ :connection ] 
+    has n, :resolves, :child_key => [ :connection ] 
+    #has n, :virustotals, :child_key => [ :connection ] 
+    #has n, :virustotalscans, :child_key => [ :connection ] 
+  end
+end

data/lib/honeycomb/model/dcerpcbinds.rb

@@ -0,0 +1,46 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Dcerpcbind
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "dcerpcbinds"
+    end
+    
+
+    property :dcerpcbind,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :dcerpcbind_uuid,         Text
+
+    property :dcerpcbind_transfersyntax,          Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/dcerpcrequests.rb

@@ -0,0 +1,45 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Dcerpcrequest
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "dcerpcrequests"
+    end
+
+    property :dcerpcrequest,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :dcerpcrequest_uuid,         Text
+
+    property :dcerpcrequest_opnum,          Integer
+
+    belongs_to :connections, :child_key => [:connection] 
+  end
+end

data/lib/honeycomb/model/dcerpcserviceops.rb

@@ -0,0 +1,47 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Dcerpcserviceop
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "dcerpcserviceops"
+    end
+
+    property :dcerpcserviceop,         Integer, :key => true
+
+    property :dcerpcservice,    Integer
+
+    property :dcerpcserviceop_opnum,         Integer
+
+    property :dcerpcserviceop_name,          Text
+
+    property :dcerpcserviceop_vuln,          Text   
+    
+    belongs_to :connections, :child_key => [:connection]   
+  end
+end

data/lib/honeycomb/model/dcerpcservices.rb

@@ -0,0 +1,43 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Dcerpcservice
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "dcerpcservices"
+    end
+
+    property :dcerpcservice,         Integer, :key => true
+
+    property :dcerpcservice_uuid,         Text
+
+    property :dcerpcservice_name,          Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/downloads.rb

@@ -0,0 +1,46 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Download
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "downloads"
+    end
+
+    property :download,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :download_url,         Text
+
+    property :download_md5_hash,          Text
+
+    belongs_to :connections, :child_key => [:connection]
+    has n, :virustotals, :child_key => [ :download_md5_hash ] 
+  end
+end

data/lib/honeycomb/model/emu_profiles.rb

@@ -0,0 +1,43 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class EmuProfile
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "emu_profiles"
+    end
+
+    property :emu_profile,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :emu_profile_json,         Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/emu_services.rb

@@ -0,0 +1,43 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class EmuService
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "emu_services"
+    end
+
+    property :emu_service,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :emu_service_url,         Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end