honeycomb 0.0.3 → 0.0.4

data/lib/honeycomb/interact.rb

@@ -1,20 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-require 'honeycomb/interact/interact'

data/lib/honeycomb/model.rb

@@ -1,82 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-require 'dm-core'
-require 'dm-types'
-require 'dm-transactions'
-require 'dm-validations'
-require 'dm-serializer'
-require 'dm-timestamps'
-
-require 'honeycomb/model'
-require 'honeycomb/environment'
-
-module Honeycomb
-
-  module Model
-    module FixtureTable
-      def fixture_table?
-        true
-      end
-    end
-
-    Honeycomb::Env.read_config
-
-    require 'honeycomb/model/connections'
-    require 'honeycomb/model/logins'
-    require 'honeycomb/model/dcerpcbinds'
-    require 'honeycomb/model/dcerpcrequests'
-    require 'honeycomb/model/dcerpcserviceops'
-    require 'honeycomb/model/dcerpcservices'
-    require 'honeycomb/model/downloads'
-    require 'honeycomb/model/emu_profiles'
-    require 'honeycomb/model/emu_services'
-    require 'honeycomb/model/mssql_commands'
-    require 'honeycomb/model/mssql_fingerprints'
-    require 'honeycomb/model/offers'
-    require 'honeycomb/model/p0fs'
-    require 'honeycomb/model/resolves'
-    require 'honeycomb/model/virustotals'
-    require 'honeycomb/model/virustotalscans'
-
-    # TODO: Comment
-    def self.all_databases(dir = Pathname.new(__FILE__).dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      ret = Dir.entries(dir)
-      ret.delete_if {|x| x =~ /^\./}
-      ret
-    end
-
-    # Sets up the model using with the currently configured db_conn 
-    # configuration.
-    def self.setup!(dir = Pathname.new(__FILE__).dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      num = 0
-      # Don't plan on ever using the default database, but DataMapper complains
-      # if you don't specify one. A necessary evil. 
-      DataMapper.setup(:default, "sqlite:///#{dir}honeypot.sqlite")
-      self.all_databases(dir).each do |database|
-        DataMapper.setup(num.to_s.to_sym, "sqlite:///#{dir}#{database}") 
-        num = num + 1
-      end  
-      DataMapper.finalize
-      @setup = true
-    end
-
-
-  end
-end

data/lib/honeycomb/model/connections.rb

@@ -1,77 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-module Honeycomb
-  class Connections
-    include DataMapper::Resource
-    include Model::FixtureTable
-
-    def self.all_databases(dir = Honeycomb::Env::CONFIG["honey_config"]["download_databases"] ||
-                            Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      ret = Dir.entries(dir)
-      ret.delete_if {|x| x =~ /^\./}
-      ret
-    end
-    
-    (0..self.all_databases.count).each do |num|
-      storage_names["#{num.to_s}".to_sym] = "connections"
-    end
-
-
-    property :connection,         Integer, :key => true
-
-    property :connection_type,    Text
-
-    property :connection_transport,         Text
-
-    property :connection_protocol,          Text
-
-    property :connection_timestamp,         Integer
-
-    property :connection_root,       Integer
-
-    property :connection_parent,        Integer
-
-    property :local_host,      Text
-
-    property :local_port,        Integer
-
-    property :remote_host,    Text
-
-    property :remote_hostname,   Text 
-
-    property :remote_port,   Integer
-
-    has n, :logins, :child_key => [ :connection ] 
-    has n, :download,  :child_key => [ :connection ] 
-    has n, :offers, :child_key => [ :connection ] 
-    has n, :dcerpcbinds, :child_key => [ :connection ] 
-    has n, :dcerpcrequests, :child_key => [ :connection ] 
-    has n, :dcerpcserviceops, :child_key => [ :connection ] 
-    has n, :dcerpcservices, :child_key => [ :connection ] 
-    has n, :emu_profiles, :child_key => [ :connection ] 
-    has n, :emu_services, :child_key => [ :connection ] 
-    has n, :mssql_commands, :child_key => [ :connection ] 
-    has n, :mssql_fingerprints, :child_key => [ :connection ] 
-    has n, :p0fs, :child_key => [ :connection ] 
-    has n, :resolves, :child_key => [ :connection ] 
-    #has n, :virustotals, :child_key => [ :connection ] 
-    #has n, :virustotalscans, :child_key => [ :connection ] 
-  end
-end

data/lib/honeycomb/model/dcerpcbinds.rb

@@ -1,47 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-module Honeycomb
-  class Dcerpcbind
-    include DataMapper::Resource
-    include Model::FixtureTable
-
-    def self.all_databases(dir = Honeycomb::Env::CONFIG["honey_config"]["download_databases"] ||
-                            Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      ret = Dir.entries(dir)
-      ret.delete_if {|x| x =~ /^\./}
-      ret
-    end
-    
-    (0..self.all_databases.count).each do |num|
-      storage_names["#{num.to_s}".to_sym] = "dcerpcbinds"
-    end
-    
-
-    property :dcerpcbind,         Integer, :key => true
-
-    property :connection,    Integer
-
-    property :dcerpcbind_uuid,         Text
-
-    property :dcerpcbind_transfersyntax,          Text
-
-    belongs_to :connections, :child_key => [:connection]
-  end
-end

data/lib/honeycomb/model/dcerpcrequests.rb

@@ -1,46 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-module Honeycomb
-  class Dcerpcrequest
-    include DataMapper::Resource
-    include Model::FixtureTable
-
-    def self.all_databases(dir = Honeycomb::Env::CONFIG["honey_config"]["download_databases"] ||
-                            Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      ret = Dir.entries(dir)
-      ret.delete_if {|x| x =~ /^\./}
-      ret
-    end
-    
-    (0..self.all_databases.count).each do |num|
-      storage_names["#{num.to_s}".to_sym] = "dcerpcrequests"
-    end
-
-    property :dcerpcrequest,         Integer, :key => true
-
-    property :connection,    Integer
-
-    property :dcerpcrequest_uuid,         Text
-
-    property :dcerpcrequest_opnum,          Integer
-
-    belongs_to :connections, :child_key => [:connection] 
-  end
-end

data/lib/honeycomb/model/dcerpcserviceops.rb

@@ -1,48 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-module Honeycomb
-  class Dcerpcserviceop
-    include DataMapper::Resource
-    include Model::FixtureTable
-
-    def self.all_databases(dir = Honeycomb::Env::CONFIG["honey_config"]["download_databases"] ||
-                            Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      ret = Dir.entries(dir)
-      ret.delete_if {|x| x =~ /^\./}
-      ret
-    end
-    
-    (0..self.all_databases.count).each do |num|
-      storage_names["#{num.to_s}".to_sym] = "dcerpcserviceops"
-    end
-
-    property :dcerpcserviceop,         Integer, :key => true
-
-    property :dcerpcservice,    Integer
-
-    property :dcerpcserviceop_opnum,         Integer
-
-    property :dcerpcserviceop_name,          Text
-
-    property :dcerpcserviceop_vuln,          Text   
-    
-    belongs_to :connections, :child_key => [:connection]   
-  end
-end

data/lib/honeycomb/model/dcerpcservices.rb

@@ -1,44 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-module Honeycomb
-  class Dcerpcservice
-    include DataMapper::Resource
-    include Model::FixtureTable
-
-    def self.all_databases(dir = Honeycomb::Env::CONFIG["honey_config"]["download_databases"] ||
-                            Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      ret = Dir.entries(dir)
-      ret.delete_if {|x| x =~ /^\./}
-      ret
-    end
-    
-    (0..self.all_databases.count).each do |num|
-      storage_names["#{num.to_s}".to_sym] = "dcerpcservices"
-    end
-
-    property :dcerpcservice,         Integer, :key => true
-
-    property :dcerpcservice_uuid,         Text
-
-    property :dcerpcservice_name,          Text
-
-    belongs_to :connections, :child_key => [:connection]
-  end
-end

data/lib/honeycomb/model/downloads.rb

@@ -1,47 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-module Honeycomb
-  class Download
-    include DataMapper::Resource
-    include Model::FixtureTable
-
-    def self.all_databases(dir = Honeycomb::Env::CONFIG["honey_config"]["download_databases"] ||
-                            Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      ret = Dir.entries(dir)
-      ret.delete_if {|x| x =~ /^\./}
-      ret
-    end
-    
-    (0..self.all_databases.count).each do |num|
-      storage_names["#{num.to_s}".to_sym] = "downloads"
-    end
-
-    property :download,         Integer, :key => true
-
-    property :connection,    Integer
-
-    property :download_url,         Text
-
-    property :download_md5_hash,          Text
-
-    belongs_to :connections, :child_key => [:connection]
-    has n, :virustotals, :child_key => [ :download_md5_hash ] 
-  end
-end

data/lib/honeycomb/model/emu_profiles.rb

@@ -1,44 +0,0 @@
-#    honeycomb - Tool to manage and analyze data from the Dionaea Honeypot 
-#                Project
-#    Josh Grunzweig
-#    Copyright (C) 2011 Trustwave Holdings
-#
-#    This program is free software: you can redistribute it and/or modify it 
-#    under the terms of the GNU General Public License as published by the 
-#    Free Software Foundation, either version 3 of the License, or (at your
-#    option) any later version.
-#
-#    This program is distributed in the hope that it will be useful, but 
-#    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-#    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-#    for more details.
-#
-#    You should have received a copy of the GNU General Public License along
-#    with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-module Honeycomb
-  class EmuProfile
-    include DataMapper::Resource
-    include Model::FixtureTable
-
-    def self.all_databases(dir = Honeycomb::Env::CONFIG["honey_config"]["download_databases"] ||
-                            Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s)
-      ret = Dir.entries(dir)
-      ret.delete_if {|x| x =~ /^\./}
-      ret
-    end
-    
-    (0..self.all_databases.count).each do |num|
-      storage_names["#{num.to_s}".to_sym] = "emu_profiles"
-    end
-
-    property :emu_profile,         Integer, :key => true
-
-    property :connection,    Integer
-
-    property :emu_profile_json,         Text
-
-    belongs_to :connections, :child_key => [:connection]
-  end
-end