honeycomb 0.0.1

data/lib/honeycomb/model/logins.rb

@@ -0,0 +1,45 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Login
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "logins"
+    end
+
+    property :login,         Serial
+
+    property :connection,    Integer
+
+    property :login_username,         Text
+
+    property :login_password,          Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/mssql_commands.rb

@@ -0,0 +1,45 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class MssqlCommand
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "mssql_commands"
+    end
+
+    property :mssql_command,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :mssql_command_status,         Text
+
+    property :mssql_command_cmd,          Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/mssql_fingerprints.rb

@@ -0,0 +1,47 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class MssqlFingerprint
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "mssql_fingerprints"
+    end
+
+    property :mssql_fingerprint,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :mssql_fingerprint_hostname,         Text
+
+    property :mssql_fingerprint_appname,          Text
+
+    property :mssql_fingerprint_cltintname,          Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/offers.rb

@@ -0,0 +1,43 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Offer
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "offers"
+    end
+
+    property :offer,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :offer_url,         Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/p0fs.rb

@@ -0,0 +1,57 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class P0f
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "p0fs"
+    end
+
+    property :p0f,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :p0f_genre,         Text
+
+    property :p0f_link,          Text
+
+    property :p0f_detail,       Text
+
+    property :p0f_uptime,       Integer
+
+    property :p0f_tos,        Text
+
+    property :p0f_dist,      Integer
+
+    property :p0f_nat,        Integer
+
+    property :p0f_fw,    Integer
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/resolves.rb

@@ -0,0 +1,47 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Resolf
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "resolves"
+    end
+
+    property :resolve,         Integer, :key => true
+
+    property :connection,    Integer
+
+    property :resolve_hostname,         Text
+
+    property :resolve_type,          Text
+
+    property :resolve_result,         Text
+
+    belongs_to :connections, :child_key => [:connection]
+  end
+end

data/lib/honeycomb/model/virustotals.rb

@@ -0,0 +1,46 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Virustotal
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "virustotals"
+    end
+
+    property :virustotal,         Integer, :key => true
+
+    property :virustotal_md5_hash,    Text
+
+    property :virustotal_timestamp,         Integer
+
+    property :virustotal_permalink,          Text
+
+    belongs_to :download, :child_key => [:virustotal_md5_hash]
+    has n, :virustotalscans, :child_key => [ :virustotal ] 
+  end
+end

data/lib/honeycomb/model/virustotalscans.rb

@@ -0,0 +1,45 @@
+#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
+#                Project
+#    Josh Grunzweig
+#    Copyright (C) 2011 Trustwave Holdings
+#
+#    This program is free software: you can redistribute it and/or modify it 
+#    under the terms of the GNU General Public License as published by the 
+#    Free Software Foundation, either version 3 of the License, or (at your
+#    option) any later version.
+#
+#    This program is distributed in the hope that it will be useful, but 
+#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+#    for more details.
+#
+#    You should have received a copy of the GNU General Public License along
+#    with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module Honeycomb
+  class Virustotalscan
+    include DataMapper::Resource
+    include Model::FixtureTable
+
+    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
+      ret = Dir.entries(dir)
+      ret.delete_if {|x| x =~ /^\./}
+      ret
+    end
+    
+    (0..self.all_databases.count).each do |num|
+      storage_names["#{num.to_s}".to_sym] = "virustotalscans"
+    end
+
+    property :virustotalscan,         Integer, :key => true
+
+    property :virustotal,    Integer
+
+    property :virustotalscan_scanner,         Text
+
+    property :virustotalscan_result,          Text
+
+    belongs_to :virustotal, :child_key => [:virustotal]
+  end
+end

data/spec/honeycomb_spec.rb

@@ -0,0 +1,7 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "Honeycomb" do
+  it "fails" do
+    fail "hey buddy, you should probably rename this file and start specing for real"
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,12 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rspec'
+require 'honeycomb'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  
+end

data/tasks/irb.rake

@@ -0,0 +1,8 @@
+
+desc "Open an irb session preloaded with Honeycomb"
+task :irb do
+  sh "irb -rubygems -I lib -I Honeycomb -r honeycomb/default_setup"
+end
+
+
+

metadata

@@ -0,0 +1,237 @@
+--- !ruby/object:Gem::Specification 
+name: honeycomb
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Josh Grunzweig
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-07-01 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 2.3.0
+  type: :development
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: jeweler
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.6.2
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rcov
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: net-ssh
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: net-scp
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: dm-core
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: dm-types
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency 
+  name: dm-transactions
+  requirement: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency 
+  name: dm-validations
+  requirement: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id010
+- !ruby/object:Gem::Dependency 
+  name: dm-serializer
+  requirement: &id011 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id011
+- !ruby/object:Gem::Dependency 
+  name: dm-timestamps
+  requirement: &id012 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id012
+- !ruby/object:Gem::Dependency 
+  name: dm-sqlite-adapter
+  requirement: &id013 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id013
+description: Tool to manage and analyze data from the Dionaea Honeypot Project
+email: jgrunzweig at trustwave dot com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.rdoc
+files: 
+- .document
+- .rspec
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- data/binaries/example_data
+- data/logsql/honeypot.sqlite
+- etc/config.yml.example
+- lib/honeycomb.rb
+- lib/honeycomb/default_setup.rb
+- lib/honeycomb/environment.rb
+- lib/honeycomb/interact.rb
+- lib/honeycomb/interact/interact.rb
+- lib/honeycomb/model.rb
+- lib/honeycomb/model/connections.rb
+- lib/honeycomb/model/dcerpcbinds.rb
+- lib/honeycomb/model/dcerpcrequests.rb
+- lib/honeycomb/model/dcerpcserviceops.rb
+- lib/honeycomb/model/dcerpcservices.rb
+- lib/honeycomb/model/downloads.rb
+- lib/honeycomb/model/emu_profiles.rb
+- lib/honeycomb/model/emu_services.rb
+- lib/honeycomb/model/logins.rb
+- lib/honeycomb/model/mssql_commands.rb
+- lib/honeycomb/model/mssql_fingerprints.rb
+- lib/honeycomb/model/offers.rb
+- lib/honeycomb/model/p0fs.rb
+- lib/honeycomb/model/resolves.rb
+- lib/honeycomb/model/virustotals.rb
+- lib/honeycomb/model/virustotalscans.rb
+- spec/honeycomb_spec.rb
+- spec/spec_helper.rb
+- tasks/irb.rake
+has_rdoc: true
+homepage: http://github.com/spiderlabs/honeycomb
+licenses: 
+- GNU v3
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3018595793207636104
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Tool to manage and analyze data from the Dionaea Honeypot Project
+test_files: []
+