threatinator-amqp-rcvr 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.travis.yml +13 -0
- data/CODE_OF_CONDUCT.md +49 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +50 -0
- data/Rakefile +7 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/exe/threatinator-ampq-rcvr +12 -0
- data/lib/threatinator/amqp/rcvr/backends/sqlite.rb +74 -0
- data/lib/threatinator/amqp/rcvr/cli.rb +123 -0
- data/lib/threatinator/amqp/rcvr/main.rb +8 -0
- data/lib/threatinator/amqp/rcvr/settings.rb +89 -0
- data/lib/threatinator/amqp/rcvr/table.rb +89 -0
- data/lib/threatinator/amqp/rcvr/version.rb +7 -0
- data/lib/threatinator/amqp/rcvr.rb +20 -0
- data/threatinator-amqp-rcvr.gemspec +32 -0
- metadata +190 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 1c680b398a4d33a337914262efaaf392a6785bae
|
4
|
+
data.tar.gz: 585e4ca2e2354054e6f83ca7058e92c7a0869f65
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 56e820806d18c904131bbd713cac8a9e29fa67ac47b0cb565dc7b2117aee6b89c8278d884c74a70111c475fc47614389a257d108dfeec6480fbbaa3b597cf630
|
7
|
+
data.tar.gz: 48f4443d03ad10a106c3aaf41c67fc52e54c5bc53dd3d70fa79dd7f9ce85460953ed271c9cf367503a4a84fc012411a0958e6b8953e386f6c672ef7b44968df7
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# Contributor Code of Conduct
|
2
|
+
|
3
|
+
As contributors and maintainers of this project, and in the interest of
|
4
|
+
fostering an open and welcoming community, we pledge to respect all people who
|
5
|
+
contribute through reporting issues, posting feature requests, updating
|
6
|
+
documentation, submitting pull requests or patches, and other activities.
|
7
|
+
|
8
|
+
We are committed to making participation in this project a harassment-free
|
9
|
+
experience for everyone, regardless of level of experience, gender, gender
|
10
|
+
identity and expression, sexual orientation, disability, personal appearance,
|
11
|
+
body size, race, ethnicity, age, religion, or nationality.
|
12
|
+
|
13
|
+
Examples of unacceptable behavior by participants include:
|
14
|
+
|
15
|
+
* The use of sexualized language or imagery
|
16
|
+
* Personal attacks
|
17
|
+
* Trolling or insulting/derogatory comments
|
18
|
+
* Public or private harassment
|
19
|
+
* Publishing other's private information, such as physical or electronic
|
20
|
+
addresses, without explicit permission
|
21
|
+
* Other unethical or unprofessional conduct
|
22
|
+
|
23
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
24
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
25
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
26
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
27
|
+
threatening, offensive, or harmful.
|
28
|
+
|
29
|
+
By adopting this Code of Conduct, project maintainers commit themselves to
|
30
|
+
fairly and consistently applying these principles to every aspect of managing
|
31
|
+
this project. Project maintainers who do not follow or enforce the Code of
|
32
|
+
Conduct may be permanently removed from the project team.
|
33
|
+
|
34
|
+
This code of conduct applies both within project spaces and in public spaces
|
35
|
+
when an individual is representing the project or its community.
|
36
|
+
|
37
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
38
|
+
reported by contacting a project maintainer at shadowbq@gmail.com. All
|
39
|
+
complaints will be reviewed and investigated and will result in a response that
|
40
|
+
is deemed necessary and appropriate to the circumstances. Maintainers are
|
41
|
+
obligated to maintain confidentiality with regard to the reporter of an
|
42
|
+
incident.
|
43
|
+
|
44
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
45
|
+
version 1.3.0, available at
|
46
|
+
[http://contributor-covenant.org/version/1/3/0/][version]
|
47
|
+
|
48
|
+
[homepage]: http://contributor-covenant.org
|
49
|
+
[version]: http://contributor-covenant.org/version/1/3/0/
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 shadowbq
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
# Threatinator::Amqp::Rcvr
|
2
|
+
|
3
|
+
PRERELEASE: Not published into gemspace
|
4
|
+
|
5
|
+
This is an AMQP Client (reciever) for the Threatinator raw AMQP data feeds. It is basically a AMQP -> SQL driver.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
$ gem install threatinator-amqp-rcvr
|
10
|
+
|
11
|
+
## Usage
|
12
|
+
|
13
|
+
```
|
14
|
+
$ ./exe/threatinator-ampq-rcvr -h
|
15
|
+
Usage: threatinator-ampq-rcvr
|
16
|
+
|
17
|
+
-f, --fqdns Store FQDNS
|
18
|
+
-i, --ips Store IPv4
|
19
|
+
|
20
|
+
AMQP
|
21
|
+
|
22
|
+
-H, --amqp-host= AMQP Hostname
|
23
|
+
Default: 127.0.0.1
|
24
|
+
-T, --amqp-topic= AMQP Binding Topic
|
25
|
+
Default: threats
|
26
|
+
-R, --amqp-routekey= AMQP Routekey
|
27
|
+
Default: #
|
28
|
+
Backend
|
29
|
+
|
30
|
+
-s, --sqlite= Sqlite3 backend file location
|
31
|
+
Default: /tmp/threat.db
|
32
|
+
Options::
|
33
|
+
-v, --verbose Run verbosely
|
34
|
+
-h, --help Display this screen
|
35
|
+
```
|
36
|
+
|
37
|
+
## Development
|
38
|
+
|
39
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
40
|
+
|
41
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
42
|
+
|
43
|
+
## Contributing
|
44
|
+
|
45
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/shadowbq/threatinator-amqp-rcvr. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
46
|
+
|
47
|
+
|
48
|
+
## License
|
49
|
+
|
50
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "threatinator/amqp/rcvr"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
data/bin/setup
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
begin
|
3
|
+
require 'rubygems'
|
4
|
+
require 'bundler'
|
5
|
+
Bundler.setup(:default)
|
6
|
+
rescue ::Exception => e
|
7
|
+
end
|
8
|
+
|
9
|
+
# Executable with absolute path to lib for hacking and development
|
10
|
+
require File.join(File.dirname(__FILE__), '..', 'lib', 'threatinator', 'amqp', 'rcvr', 'cli')
|
11
|
+
|
12
|
+
Threatinator::Amqp::Rcvr::CLI.invoke
|
@@ -0,0 +1,74 @@
|
|
1
|
+
module Threatinator
|
2
|
+
module Amqp
|
3
|
+
module Rcvr
|
4
|
+
module Backends
|
5
|
+
|
6
|
+
class SQLite
|
7
|
+
|
8
|
+
def initialize()
|
9
|
+
@connection=_connect(Threatinator::Amqp::Rcvr::Settings.sql_file_location)
|
10
|
+
@connection.results_as_hash = true
|
11
|
+
@connection
|
12
|
+
end
|
13
|
+
|
14
|
+
def prep
|
15
|
+
@stmt = @connection.prepare(<<-EOS)
|
16
|
+
INSERT INTO #{Threatinator::Amqp::Rcvr::Settings.sql_table_name}(import_time, name, feed_provider, feed_name) VALUES(:import_time, :name, :feed_provider, :feed_name)
|
17
|
+
EOS
|
18
|
+
@connection
|
19
|
+
end
|
20
|
+
|
21
|
+
def validate!
|
22
|
+
@connection.execute("PRAGMA table_info(#{Threatinator::Amqp::Rcvr::Settings.sql_table_name});") do |row|
|
23
|
+
raise UnknownDBSchemaError, "Unknown Schema" unless ["id","feed_provider","feed_name", "import_time","name"].include? row["name"]
|
24
|
+
end
|
25
|
+
puts "#[threatinator-ampq-rcvr] schema validated" if Threatinator::Amqp::Rcvr::Settings.verbose
|
26
|
+
end
|
27
|
+
|
28
|
+
def insert(import_time, host, feed_provider, feed_name)
|
29
|
+
@stmt.execute(:import_time => import_time, :name => host, :feed_provider => feed_provider, :feed_name => feed_name)
|
30
|
+
end
|
31
|
+
|
32
|
+
def close
|
33
|
+
@stmt.close
|
34
|
+
@connection.close
|
35
|
+
end
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
def _create!
|
40
|
+
@connection.execute(<<-EOS)
|
41
|
+
CREATE TABLE IF NOT EXISTS #{Threatinator::Amqp::Rcvr::Settings.sql_table_name} (
|
42
|
+
id INTEGER PRIMARY KEY,
|
43
|
+
feed_provider varchar(255),
|
44
|
+
feed_name varchar(255),
|
45
|
+
import_time timestamp default (strftime('%s', 'now')),
|
46
|
+
name varchar(255),
|
47
|
+
CONSTRAINT name_unique UNIQUE (import_time, name)
|
48
|
+
)
|
49
|
+
EOS
|
50
|
+
end
|
51
|
+
|
52
|
+
def _connect(file)
|
53
|
+
begin
|
54
|
+
@connection = SQLite3::Database.new(file)
|
55
|
+
_create!
|
56
|
+
return @connection
|
57
|
+
rescue SQLite3::Exception => e
|
58
|
+
begin
|
59
|
+
@connection = SQLite3::Database.open(file)
|
60
|
+
return @connection
|
61
|
+
rescue ::SQLite3::Exception => e
|
62
|
+
puts "Exception occurred"
|
63
|
+
puts e
|
64
|
+
@connection.close if @connection
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
end
|
69
|
+
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,123 @@
|
|
1
|
+
require 'optparse'
|
2
|
+
require 'threatinator/amqp/rcvr'
|
3
|
+
|
4
|
+
module Threatinator
|
5
|
+
module Amqp
|
6
|
+
module Rcvr
|
7
|
+
|
8
|
+
class CLI
|
9
|
+
|
10
|
+
def self.invoke
|
11
|
+
puts "ARGV #{ARGV.size}"
|
12
|
+
puts ARGV.to_s
|
13
|
+
self.new
|
14
|
+
end
|
15
|
+
|
16
|
+
def initialize
|
17
|
+
options = {}
|
18
|
+
|
19
|
+
options[:fqdns] = false
|
20
|
+
options[:ips] = false
|
21
|
+
|
22
|
+
options[:sqlite] = false
|
23
|
+
options[:sqlite_location] = Threatinator::Amqp::Rcvr::Settings.sql_file_location
|
24
|
+
|
25
|
+
opt_parser = OptionParser.new do |opt|
|
26
|
+
opt.banner = "Usage: threatinator-ampq-rcvr"
|
27
|
+
opt.separator ""
|
28
|
+
|
29
|
+
opt.on("-f", "--fqdns", "Store FQDNS") do
|
30
|
+
options[:fqdns] = true
|
31
|
+
Threatinator::Amqp::Rcvr::Settings.sql_table_name = "fqdns"
|
32
|
+
end
|
33
|
+
|
34
|
+
opt.on("-i", "--ips", "Store IPv4") do
|
35
|
+
options[:ips] = true
|
36
|
+
Threatinator::Amqp::Rcvr::Settings.sql_table_name = "ipv4"
|
37
|
+
end
|
38
|
+
|
39
|
+
opt.separator ""
|
40
|
+
|
41
|
+
opt.separator "AMQP"
|
42
|
+
opt.separator ""
|
43
|
+
|
44
|
+
opt.on("-H", "--amqp-host=", "AMQP Hostname"," Default: #{Threatinator::Amqp::Rcvr::Settings.amqp_hostname}") do |value|
|
45
|
+
Threatinator::Amqp::Rcvr::Settings.amqp_hostname = value
|
46
|
+
end
|
47
|
+
|
48
|
+
opt.on("-T", "--amqp-topic=", "AMQP Binding Topic"," Default: #{Threatinator::Amqp::Rcvr::Settings.amqp_binding_topic}") do |value|
|
49
|
+
Threatinator::Amqp::Rcvr::Settings.amqp_binding_topic = value
|
50
|
+
end
|
51
|
+
|
52
|
+
opt.on("-R", "--amqp-routekey=", "AMQP Routekey"," Default: #{Threatinator::Amqp::Rcvr::Settings.amqp_routing_key}") do |value|
|
53
|
+
Threatinator::Amqp::Rcvr::Settings.amqp_routing_key = value
|
54
|
+
end
|
55
|
+
|
56
|
+
opt.separator "Backend"
|
57
|
+
opt.separator ""
|
58
|
+
|
59
|
+
opt.on("-s", "--sqlite=", "Sqlite3 backend file location"," Default: #{options[:sqlite_location]}") do |value|
|
60
|
+
options[:sqlite] = true
|
61
|
+
options[:sqlite_location] = value
|
62
|
+
end
|
63
|
+
|
64
|
+
opt.separator "Options::"
|
65
|
+
|
66
|
+
opt.on("-v", "--verbose", "Run verbosely") do
|
67
|
+
options[:verbose] = true
|
68
|
+
end
|
69
|
+
|
70
|
+
opt.on_tail("-h","--help","Display this screen") do
|
71
|
+
puts opt_parser
|
72
|
+
exit 0
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
76
|
+
|
77
|
+
#Verify the options
|
78
|
+
begin
|
79
|
+
raise unless ARGV.size > 0
|
80
|
+
opt_parser.parse!
|
81
|
+
|
82
|
+
#If options fail display help
|
83
|
+
#rescue Exception => e
|
84
|
+
# puts e.message
|
85
|
+
# puts e.backtrace.inspect
|
86
|
+
rescue
|
87
|
+
puts opt_parser
|
88
|
+
exit
|
89
|
+
end
|
90
|
+
|
91
|
+
# Boolean switch
|
92
|
+
Threatinator::Amqp::Rcvr::Settings.verbose = options[:verbose]
|
93
|
+
Threatinator::Amqp::Rcvr::Settings.sql_file_location = options[:sqlite_location]
|
94
|
+
|
95
|
+
if Threatinator::Amqp::Rcvr::Settings.verbose
|
96
|
+
puts "++++++++++++++++++++++++++++++++++++++++++++++"
|
97
|
+
puts "threatinator-ampq-rcvr!"
|
98
|
+
Threatinator::Amqp::Rcvr::Settings.print
|
99
|
+
puts "++++++++++++++++++++++++++++++++++++++++++++++\n"
|
100
|
+
end
|
101
|
+
|
102
|
+
if options[:fqdns]
|
103
|
+
stream = FQDNTable.new(['sqlite3'])
|
104
|
+
end
|
105
|
+
|
106
|
+
if options[:ips]
|
107
|
+
stream = IPTable.new(['sqlite3'])
|
108
|
+
end
|
109
|
+
|
110
|
+
puts " [*] Waiting for events. To exit press CTRL+C"
|
111
|
+
begin
|
112
|
+
stream.subscribe
|
113
|
+
rescue Interrupt => _
|
114
|
+
stream.close
|
115
|
+
end
|
116
|
+
|
117
|
+
end
|
118
|
+
|
119
|
+
end #Class
|
120
|
+
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end #module
|
@@ -0,0 +1,89 @@
|
|
1
|
+
module Threatinator
|
2
|
+
module Amqp
|
3
|
+
module Rcvr
|
4
|
+
module Settings
|
5
|
+
extend self
|
6
|
+
|
7
|
+
@@registered_settings = []
|
8
|
+
|
9
|
+
# SaganCrafter provides a basic single-method DSL with .parameter method
|
10
|
+
# being used to define a set of available settings.
|
11
|
+
# This method takes one or more symbols, with each one being
|
12
|
+
# a name of the configuration option.
|
13
|
+
def parameter(*names)
|
14
|
+
names.each do |name|
|
15
|
+
attr_accessor name
|
16
|
+
|
17
|
+
@@registered_settings.push(name)
|
18
|
+
|
19
|
+
# For each given symbol we generate accessor method that sets option's
|
20
|
+
# value being called with an argument, or returns option's current value
|
21
|
+
# when called without arguments
|
22
|
+
undef_method name if method_defined? name
|
23
|
+
|
24
|
+
define_method name do |*values|
|
25
|
+
value = values.first
|
26
|
+
if value
|
27
|
+
send("#{name}=", value)
|
28
|
+
else
|
29
|
+
instance_variable_defined?("@#{name}") ? instance_variable_get("@#{name}") : nil
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# And we define a wrapper for the configuration block, that we'll use to set up
|
36
|
+
# our set of options
|
37
|
+
def config &block
|
38
|
+
instance_eval(&block)
|
39
|
+
end
|
40
|
+
|
41
|
+
# list available settings
|
42
|
+
def self.list
|
43
|
+
@@registered_settings
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.reset!
|
47
|
+
self.config do
|
48
|
+
verbose false
|
49
|
+
amqp_hostname "127.0.0.1"
|
50
|
+
amqp_binding_topic "threats"
|
51
|
+
amqp_routing_key "#"
|
52
|
+
sql_table_name "fqdns"
|
53
|
+
sql_file_location "/tmp/threat.db"
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def self.to_h
|
58
|
+
c = {}
|
59
|
+
Threatinator::Amqp::Rcvr::Settings.list.each do |toggle|
|
60
|
+
c[toggle.to_sym] = Threatinator::Amqp::Rcvr::Settings.send(toggle)
|
61
|
+
end
|
62
|
+
return c
|
63
|
+
end
|
64
|
+
|
65
|
+
def self.print
|
66
|
+
Threatinator::Amqp::Rcvr::Settings.list.each do |toggle|
|
67
|
+
puts "#{toggle} => #{Threatinator::Amqp::Rcvr::Settings.send(toggle)}"
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
end # Settings
|
72
|
+
|
73
|
+
# [1] pry(#<SaganCrafter::CLI>)> Settings.list
|
74
|
+
# => [:verbose]
|
75
|
+
|
76
|
+
Settings.config do
|
77
|
+
parameter :verbose
|
78
|
+
parameter :amqp_hostname
|
79
|
+
parameter :amqp_binding_topic
|
80
|
+
parameter :amqp_routing_key
|
81
|
+
parameter :sql_table_name
|
82
|
+
parameter :sql_file_location
|
83
|
+
end
|
84
|
+
|
85
|
+
Settings.reset!
|
86
|
+
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
@@ -0,0 +1,89 @@
|
|
1
|
+
module Threatinator
|
2
|
+
module Amqp
|
3
|
+
module Rcvr
|
4
|
+
|
5
|
+
class Table
|
6
|
+
|
7
|
+
def initialize(backends='sqlite3')
|
8
|
+
puts "#[threatinator-ampq-rcvr] backend - #{backends}" if Threatinator::Amqp::Rcvr::Settings.verbose
|
9
|
+
@db = Threatinator::Amqp::Rcvr::Backends::SQLite.new
|
10
|
+
@db.validate!
|
11
|
+
@db.prep
|
12
|
+
|
13
|
+
@conn = Bunny.new(:hostname => Threatinator::Amqp::Rcvr::Settings.amqp_hostname, :automatically_recover => false)
|
14
|
+
@conn.start
|
15
|
+
@ch = @conn.create_channel
|
16
|
+
@x = @ch.topic(Threatinator::Amqp::Rcvr::Settings.amqp_binding_topic)
|
17
|
+
@q = @ch.queue("", :exclusive => true)
|
18
|
+
@q.bind(@x, :routing_key => Threatinator::Amqp::Rcvr::Settings.amqp_routing_key)
|
19
|
+
end
|
20
|
+
|
21
|
+
def close
|
22
|
+
@ch.close
|
23
|
+
@conn.close
|
24
|
+
@db.close
|
25
|
+
puts "#[threatinator-ampq-rcvr] All connections closed" if Threatinator::Amqp::Rcvr::Settings.verbose
|
26
|
+
exit 0
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
|
31
|
+
class FQDNTable < Table
|
32
|
+
|
33
|
+
def subscribe
|
34
|
+
dnslist = []
|
35
|
+
|
36
|
+
puts "#[threatinator-ampq-rcvr] #{self.class } - amqp subscribing" if Threatinator::Amqp::Rcvr::Settings.verbose
|
37
|
+
@q.subscribe(:block => true) do |delivery_info, properties, body|
|
38
|
+
# Extract FQDN
|
39
|
+
dataset = JSON.parse(body)
|
40
|
+
dataset["urls"].each do |v|
|
41
|
+
host = URI.parse(v).host
|
42
|
+
#puts host
|
43
|
+
if (/[A-Za-z]/.match(host) && !(/[ ]/.match(host)))
|
44
|
+
dnslist << host
|
45
|
+
begin
|
46
|
+
@db.insert(dataset["import_time"], host, dataset["feed_provider"], dataset["feed_name"] )
|
47
|
+
rescue SQLite3::ConstraintException
|
48
|
+
print "-" if Threatinator::Amqp::Rcvr::Settings.verbose
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
dataset["fqdns"].each do |v|
|
53
|
+
dnslist << v
|
54
|
+
begin
|
55
|
+
@db.insert(dataset["import_time"], v, dataset["feed_provider"], dataset["feed_name"])
|
56
|
+
rescue SQLite3::ConstraintException
|
57
|
+
print "-" if Threatinator::Amqp::Rcvr::Settings.verbose
|
58
|
+
end
|
59
|
+
end
|
60
|
+
print "." if Threatinator::Amqp::Rcvr::Settings.verbose
|
61
|
+
end
|
62
|
+
end #subscribe
|
63
|
+
|
64
|
+
end
|
65
|
+
|
66
|
+
class IPTable < Table
|
67
|
+
def subscribe
|
68
|
+
|
69
|
+
list = []
|
70
|
+
puts "#[threatinator-ampq-rcvr] #{self.class } - amqp subscribing" if Threatinator::Amqp::Rcvr::Settings.verbose
|
71
|
+
@q.subscribe(:block => true) do |delivery_info, properties, body|
|
72
|
+
dataset = JSON.parse(body)
|
73
|
+
dataset["ipv4s"].each do |v|
|
74
|
+
list << v
|
75
|
+
begin
|
76
|
+
@db.insert(dataset["import_time"], v, dataset["feed_provider"], dataset["feed_name"])
|
77
|
+
rescue SQLite3::ConstraintException
|
78
|
+
print "-" if Threatinator::Amqp::Rcvr::Settings.verbose
|
79
|
+
end
|
80
|
+
end
|
81
|
+
print "." if Threatinator::Amqp::Rcvr::Settings.verbose
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require "threatinator/amqp/rcvr/version"
|
2
|
+
require 'uri'
|
3
|
+
require "bunny"
|
4
|
+
require 'sqlite3'
|
5
|
+
require 'json'
|
6
|
+
# require 'pry'
|
7
|
+
|
8
|
+
|
9
|
+
module Threatinator
|
10
|
+
module Amqp
|
11
|
+
module Rcvr
|
12
|
+
$:.unshift(File.dirname(__FILE__))
|
13
|
+
require "rcvr/main"
|
14
|
+
require "rcvr/settings"
|
15
|
+
require "rcvr/version"
|
16
|
+
require "rcvr/table"
|
17
|
+
require "rcvr/backends/sqlite"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'threatinator/amqp/rcvr/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "threatinator-amqp-rcvr"
|
8
|
+
spec.version = Threatinator::Amqp::Rcvr::VERSION
|
9
|
+
spec.authors = ["shadowbq"]
|
10
|
+
spec.email = ["shadowbq@gmail.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{Ruby AMQP Threatinator receiver}
|
13
|
+
spec.description = %q{This is a amqp receiver that dumps the data into a sql dbs for shadowbq-threatintor.}
|
14
|
+
spec.homepage = "https://github.com/shadowbq/threatinator-amqp-rcvr"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
18
|
+
spec.bindir = "exe"
|
19
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
20
|
+
spec.require_paths = ["lib"]
|
21
|
+
|
22
|
+
spec.add_dependency "bunny", "~> 2.5"
|
23
|
+
spec.add_dependency 'sqlite3', "~> 1.3"
|
24
|
+
spec.add_dependency 'json', "~> 2.0"
|
25
|
+
spec.add_dependency "pry"
|
26
|
+
|
27
|
+
spec.add_development_dependency "bump", "~> 0.5"
|
28
|
+
spec.add_development_dependency "bundler", "~> 1.11"
|
29
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
30
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
31
|
+
spec.add_development_dependency 'rspec-its', '~> 1.0'
|
32
|
+
end
|
metadata
ADDED
@@ -0,0 +1,190 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: threatinator-amqp-rcvr
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- shadowbq
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-10-28 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bunny
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.5'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '2.5'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: sqlite3
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.3'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.3'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: json
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '2.0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '2.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: pry
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: bump
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0.5'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0.5'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: bundler
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '1.11'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '1.11'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rake
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '10.0'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '10.0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rspec
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '3.0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '3.0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rspec-its
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '1.0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '1.0'
|
139
|
+
description: This is a amqp receiver that dumps the data into a sql dbs for shadowbq-threatintor.
|
140
|
+
email:
|
141
|
+
- shadowbq@gmail.com
|
142
|
+
executables:
|
143
|
+
- threatinator-ampq-rcvr
|
144
|
+
extensions: []
|
145
|
+
extra_rdoc_files: []
|
146
|
+
files:
|
147
|
+
- ".gitignore"
|
148
|
+
- ".rspec"
|
149
|
+
- ".travis.yml"
|
150
|
+
- CODE_OF_CONDUCT.md
|
151
|
+
- Gemfile
|
152
|
+
- LICENSE.txt
|
153
|
+
- README.md
|
154
|
+
- Rakefile
|
155
|
+
- bin/console
|
156
|
+
- bin/setup
|
157
|
+
- exe/threatinator-ampq-rcvr
|
158
|
+
- lib/threatinator/amqp/rcvr.rb
|
159
|
+
- lib/threatinator/amqp/rcvr/backends/sqlite.rb
|
160
|
+
- lib/threatinator/amqp/rcvr/cli.rb
|
161
|
+
- lib/threatinator/amqp/rcvr/main.rb
|
162
|
+
- lib/threatinator/amqp/rcvr/settings.rb
|
163
|
+
- lib/threatinator/amqp/rcvr/table.rb
|
164
|
+
- lib/threatinator/amqp/rcvr/version.rb
|
165
|
+
- threatinator-amqp-rcvr.gemspec
|
166
|
+
homepage: https://github.com/shadowbq/threatinator-amqp-rcvr
|
167
|
+
licenses:
|
168
|
+
- MIT
|
169
|
+
metadata: {}
|
170
|
+
post_install_message:
|
171
|
+
rdoc_options: []
|
172
|
+
require_paths:
|
173
|
+
- lib
|
174
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
175
|
+
requirements:
|
176
|
+
- - ">="
|
177
|
+
- !ruby/object:Gem::Version
|
178
|
+
version: '0'
|
179
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
180
|
+
requirements:
|
181
|
+
- - ">="
|
182
|
+
- !ruby/object:Gem::Version
|
183
|
+
version: '0'
|
184
|
+
requirements: []
|
185
|
+
rubyforge_project:
|
186
|
+
rubygems_version: 2.5.1
|
187
|
+
signing_key:
|
188
|
+
specification_version: 4
|
189
|
+
summary: Ruby AMQP Threatinator receiver
|
190
|
+
test_files: []
|