xbase-util 0.1.4__tar.gz → 0.1.5__tar.gz
Sign up to get free protection for your applications and to get access to all the features.
- {xbase_util-0.1.4 → xbase_util-0.1.5}/PKG-INFO +1 -1
- {xbase_util-0.1.4 → xbase_util-0.1.5}/setup.py +1 -1
- xbase_util-0.1.5/xbase_util/xbase_constant.py +206 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/xbase_util.py +14 -1
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util.egg-info/PKG-INFO +1 -1
- xbase_util-0.1.4/xbase_util/xbase_constant.py +0 -5
- {xbase_util-0.1.4 → xbase_util-0.1.5}/README.md +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/setup.cfg +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/__init__.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/esreq.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util/pcap_util.py +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util.egg-info/SOURCES.txt +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.1.4 → xbase_util-0.1.5}/xbase_util_assets/arkimeparse.js +0 -0
|
@@ -0,0 +1,206 @@
|
|
|
1
|
+
import os
|
|
2
|
+
|
|
3
|
+
current_dir = os.path.dirname(__file__)
|
|
4
|
+
parse_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'arkimeparse.js')
|
|
5
|
+
geo_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'GeoLite2-City.mmdb')
|
|
6
|
+
|
|
7
|
+
src_dst_header = ["src_host", "src_user_agent", "src_content_length", "src_connection", "src_content_type",
|
|
8
|
+
"src_x_forwarded_for", "src_accept", "src_accept_encoding", "src_accept_language", "src_referer",
|
|
9
|
+
"src_cookie", "src_origin", "src_x_requested_with", "src_sec_fetch_mode", "src_sec_fetch_site",
|
|
10
|
+
"src_sec_fetch_dest", "src_content_encoding", "src_sec_ch_ua", "src_sec_ch_ua_mobile",
|
|
11
|
+
"src_sec_ch_ua_platform", "src_cache_control", "src_upgrade_insecure_requests", "src_pragma",
|
|
12
|
+
"src_x_real_ip", "src_soapaction", "src_x_forwarded_proto", "src_x_forwarded_host",
|
|
13
|
+
"src_x_request_id",
|
|
14
|
+
"src_x_forwarded_port", "src_x_forwarded_scheme", "src_x_original_forwarded_for", "src_x_scheme",
|
|
15
|
+
"src_x_forwarded_scheme_diy", "src_authorization", "src_trace_id", "src_distinct_id", "src_url_path",
|
|
16
|
+
"src_if_modified_since", "src_ecid_context", "src_token", "src_access_control_request_method",
|
|
17
|
+
"src_access_token", "src_expect", "src_access_control_request_headers", "src_sec_fetch_user",
|
|
18
|
+
"src_snk_location", "src_accept_charset", "src_date", "src_usercode", "src_logincode", "src_range",
|
|
19
|
+
"src_checktime", "src_client_lang", "src_requestsource", "src_if_range", "src_if_none_match",
|
|
20
|
+
"src_sw8",
|
|
21
|
+
"src_sw8_correlation", "src_sw8_x", "src_x_sign", "src_x_timestamp", "src_charset",
|
|
22
|
+
"src_x_custom_header", "src_sec_websocket_key", "src_sec_websocket_version", "src_upgrade",
|
|
23
|
+
"src_sec_websocket_extensions", "src_xms_auth_token", "src_xms_cluster_id", "src_purpose",
|
|
24
|
+
"src_x_ti_app_id", "src_x_ti_secret_code", "src_x_prototype_version", "src_systemcode",
|
|
25
|
+
"src_access_control_request_private_network", "src_wxr", "src_client_version", "src_requestid",
|
|
26
|
+
"src_request_module", "src_x_mule_encoding", "src_x_mule_session", "src_elite_tag", "src_dnt",
|
|
27
|
+
"src_x_mule_endpoint", "src_x_mule_root_message_id", "src_x_mass_tappid",
|
|
28
|
+
"src_x_elastic_product_origin",
|
|
29
|
+
"src_priority", "src_server", "src_transfer_encoding", "src_xxl_job_access_token", "src_te",
|
|
30
|
+
"src_access_control_allow_origin", "src_eset_spread_control", "src_x_splunk_digest",
|
|
31
|
+
"src_x_splunk_lm_nonce", "src_x_splunk_lm_signature", "src_x_splunk_lm_timestamp", "src_avb_version",
|
|
32
|
+
"src_set_cookie", "src_x_oracle_dms_ecid", "src_x_oracle_dms_rid",
|
|
33
|
+
"src_x_prometheus_scrape_timeout_seconds", "src_client", "src_post", "src_ucosessionid", "src_user",
|
|
34
|
+
"src_winuser", "src_showloading", "src_digest", "src_ocrimageflag", "src_x_content_type_options",
|
|
35
|
+
"src_access_control_allow_methods", "src_access_control_allow_credentials", "src_expires",
|
|
36
|
+
"src_keep_alive", "src_url_token", "src_postman_token", "src_x_xss_protection", "src_vary",
|
|
37
|
+
"src_access_control_allow_headers", "src_signdata", "src_ua_cpu", "src_authorg", "src_yssip",
|
|
38
|
+
"src_yssmac", "src_location", "src_content_language", "src_git_protocol", "src_x_forwarded_prefix",
|
|
39
|
+
"src_invoke_type", "src_x_ua_compatible", "src_x_bd_traceid", "src_x_from_h3_trnet", "src_n",
|
|
40
|
+
"src_nx_anti_csrf_token", "src_proxy_connection", "src_via", "src_x_nexus_ui", "src_pragma_type",
|
|
41
|
+
"src_appkey", "src_area", "src_check", "src_clientname", "src_lang", "src_networktype", "src_nonce",
|
|
42
|
+
"src_osversion", "src_screen", "src_st", "src_timestamp", "src_userid", "src_x_frame_options",
|
|
43
|
+
"src_x_b3_parentspanid", "src_x_b3_sampled", "src_x_b3_spanid", "src_x_b3_traceid", "src_sec_purpose",
|
|
44
|
+
"src_kbn_version", "src_access_control_expose_headers", "src_iszip", "src_from", "src_state",
|
|
45
|
+
"src_access_control_max_age", "src_allow", "src_kbn_system_request", "src_tracelogcontext",
|
|
46
|
+
"src_etag",
|
|
47
|
+
"src_ms_cv", "src_x_application_context", "src_x_csrftoken", "src_tlogtraceid", "src_link_pwd_token",
|
|
48
|
+
"src_preip", "src_preivkapp", "src_preivkhost", "src_tlogspanid", "src_accesstoken",
|
|
49
|
+
"src_icy_metadata",
|
|
50
|
+
"src_vivo_browser_text_zoom", "src_contents_client_adapter_id", "src_last_modified",
|
|
51
|
+
"src_need_select_sub_url", "src_x_bd_quic", "src_x_bdboxapp_netengine", "src_x_playback_session_id",
|
|
52
|
+
"src_x_turbonet_info", "src_cas_tgc", "src_imgids", "src_jsessionid", "src_accept_ranges",
|
|
53
|
+
"src_am_traceid", "src_xms_backend_server", "src_ss_language", "src_sssessionid", "src_username",
|
|
54
|
+
"src_content_md5", "src_x_acs_security_token", "src_x_log_apiversion", "src_x_log_bodyrawsize",
|
|
55
|
+
"src_x_log_compresstype", "src_x_log_signaturemethod", "src_x_nod32_mode", "src_client_appname",
|
|
56
|
+
"src_client_requesttoken", "src_client_requestts", "src_exconfiginfo", "src_long_pulling_timeout",
|
|
57
|
+
"src_dispatch_header", "src_sign", "src_strict_transport_security", "src_ts", "src_bdpparallelload",
|
|
58
|
+
"src_referrer_policy", "src_x_amz_request_id", "src_x_cm_service", "src_x_miorigin",
|
|
59
|
+
"src_x_seafile_client_version", "src_amz_sdk_invocation_id", "src_amz_sdk_request",
|
|
60
|
+
"src_amz_sdk_retry",
|
|
61
|
+
"src_bussno", "src_busstype", "src_classcode", "src_comcode", "src_createtime", "src_createuser",
|
|
62
|
+
"src_imgfilepath", "src_imgid", "src_imgtype", "src_s_cnection", "src_storagecondition",
|
|
63
|
+
"src_x_eset_updateid", "src_x_powered_by", "src_allow_cross_domain_redirect",
|
|
64
|
+
"src_amp_cache_transform",
|
|
65
|
+
"src_x_csrf_token", "src_x_check_exist", "src_sec_gpc", "src_sf_ajax", "src_request_type",
|
|
66
|
+
"src_x_envoy_decorator_operation", "src_x_envoy_upstream_service_time", "src_x_from_cdn",
|
|
67
|
+
"src_x_download_options", "src_x_permitted_cross_domain_policies", "src_busscode", "src_companyno",
|
|
68
|
+
"src_fcpos", "src_forwarded", "src_prod_sw8", "src_prod_sw8_correlation", "src_prod_sw8_x",
|
|
69
|
+
"src_rewritepath", "src_x_elastic_product", "src_x_forwarded_server", "src_in_form_img", "src_x_pjax",
|
|
70
|
+
"src_age", "src_channel", "src_client_ip", "src_content_transfer_encoding", "src_guid",
|
|
71
|
+
"src_oldchannel",
|
|
72
|
+
"src_product", "src_remote_addr", "src_seafile_repo_token", "src_starttag", "src_starttype",
|
|
73
|
+
"src_traceid", "src_warded_for", "src_x_aspnet_version", "src_zcid", "src_agent_version",
|
|
74
|
+
"src_alt_svc",
|
|
75
|
+
"src_cf_ray", "src_chrome_proxy", "src_content_disposition", "src_content_range",
|
|
76
|
+
"src_content_security_policy", "src_d_for", "src_grpc_accept_encoding", "src_grpc_timeout",
|
|
77
|
+
"src_gslb_okhttp", "src_jenkins_crumb", "src_nel", "src_orderid", "src_p3p", "src_report_to",
|
|
78
|
+
"src_route_data", "src_service_worker", "src_tap_app_conf_ver", "src_tap_gslb", "src_tc_anp",
|
|
79
|
+
"src_tc_entsig", "src_tc_spanid", "src_tc_traceid", "src_www_authenticate", "src_x_aggregate_auth",
|
|
80
|
+
"src_x_amz_storage_class", "src_x_cache_status", "src_x_ccc", "src_x_cdn_request_id", "src_x_cid",
|
|
81
|
+
"src_x_clickhouse_format", "src_x_clickhouse_query_id", "src_x_clickhouse_server_display_name",
|
|
82
|
+
"src_x_clickhouse_summary", "src_x_clickhouse_timezone", "src_x_gitlab_feature_category",
|
|
83
|
+
"src_x_link_via", "src_x_ucbrowser_ua", "dst_date", "dst_content_type", "dst_content_length",
|
|
84
|
+
"dst_transfer_encoding", "dst_connection", "dst_set_cookie", "dst_x_oracle_dms_ecid",
|
|
85
|
+
"dst_x_oracle_dms_rid", "dst_content_language", "dst_cache_control", "dst_server", "dst_expires",
|
|
86
|
+
"dst_pragma", "dst_access_control_allow_origin", "dst_keep_alive", "dst_vary", "dst_last_modified",
|
|
87
|
+
"dst_access_control_allow_credentials", "dst_access_control_allow_methods", "dst_accept_ranges",
|
|
88
|
+
"dst_access_control_allow_headers", "dst_x_content_type_options", "dst_etag",
|
|
89
|
+
"dst_access_control_max_age", "dst_content_encoding", "dst_access_control_expose_headers",
|
|
90
|
+
"dst_x_xss_protection", "dst_access_control_request_headers", "dst_x_frame_options", "dst_location",
|
|
91
|
+
"dst_x_powered_by", "dst_x_application_context", "dst_p3p", "dst_x_ua_compatible",
|
|
92
|
+
"dst_x_mule_encoding",
|
|
93
|
+
"dst_x_mule_session", "dst_s_cnection", "dst_x_amz_request_id", "dst_content_disposition",
|
|
94
|
+
"dst_x_amz_storage_class", "dst_content_range", "dst_pragma_type", "dst_allow",
|
|
95
|
+
"dst_xms_backend_server",
|
|
96
|
+
"dst_x_clickhouse_server_display_name", "dst_x_clickhouse_summary", "dst_x_clickhouse_format",
|
|
97
|
+
"dst_x_clickhouse_query_id", "dst_x_clickhouse_timezone", "dst_referrer_policy",
|
|
98
|
+
"dst_content_security_policy", "dst_content_id", "dst_sec_websocket_accept", "dst_upgrade",
|
|
99
|
+
"dst_tlogtraceid", "dst_sec_websocket_extensions", "dst_x_elastic_product", "dst_via", "dst_x_cache",
|
|
100
|
+
"dst_x_amz_cf_id", "dst_x_amz_cf_pop", "dst_rgwx_embedded_metadata_len", "dst_rgwx_mtime",
|
|
101
|
+
"dst_rgwx_obj_pg_ver", "dst_rgwx_object_size", "dst_rgwx_source_zone_short_id",
|
|
102
|
+
"dst_x_amz_version_id",
|
|
103
|
+
"dst_x_request_id", "dst_x_envoy_decorator_operation", "dst_x_envoy_upstream_service_time", "dst_age",
|
|
104
|
+
"dst_www_authenticate", "dst_strict_transport_security", "dst_terminationurl", "dst_x_splunk_digest",
|
|
105
|
+
"dst_x_splunk_lm_nonce", "dst_x_splunk_lm_timestamp", "dst_x_download_options",
|
|
106
|
+
"dst_x_permitted_cross_domain_policies", "dst_pragrma", "dst_content_transfer_encoding",
|
|
107
|
+
"dst_x_runtime",
|
|
108
|
+
"dst_x_arequestid", "dst_x_ausername", "dst_x_asessionid", "dst_x_aspnet_version",
|
|
109
|
+
"dst_x_seraph_loginreason", "dst_accept_charset", "dst_n", "dst_error_code", "dst_error_msg",
|
|
110
|
+
"dst_x_w_no", "dst_kbn_license_sig", "dst_kbn_name", "dst_cross_origin_opener_policy",
|
|
111
|
+
"dst_xdomainrequestallowed", "dst_x_ratelimit_limit_vass_zuul_api_user_24",
|
|
112
|
+
"dst_x_ratelimit_remaining_vass_zuul_api_use", "dst_x_ratelimit_remaining_vass_zuul_wx_port",
|
|
113
|
+
"dst_x_ratelimit_reset_vass_zuul_api_user_24", "dst_audit_id", "dst_x_kubernetes_pf_flowschema_uid",
|
|
114
|
+
"dst_x_kubernetes_pf_prioritylevel_uid", "dst_alt_svc", "dst_cf_ray", "dst_nel", "dst_report_to",
|
|
115
|
+
"dst_x_ratelimit_remaining_vass_zuul_api_ord", "dst_x_protected_by", "dst_traceresponse",
|
|
116
|
+
"dst_x_br_response", "dst_x_cache_status", "dst_x_ratelimit_limit_vass_zuul_api_order_1",
|
|
117
|
+
"dst_x_ratelimit_reset_vass_zuul_api_order_1", "dst_grpc_metadata_accept_encoding",
|
|
118
|
+
"dst_grpc_metadata_content_type", "dst_grpc_metadata_grpc_accept_encoding",
|
|
119
|
+
"dst_x_ratelimit_limit_vass_zuul_wx_port_240", "dst_x_ratelimit_reset_vass_zuul_wx_port_240",
|
|
120
|
+
"dst_permissions_policy", "dst_ctl_cache_status", "dst_progma", "dst_request_id", "dst_x_csrf_token",
|
|
121
|
+
"dst_x_log_append_meta", "dst_x_log_requestid", "dst_x_log_time", "dst_hostname",
|
|
122
|
+
"dst_x_networkmanager_status", "dst_browseruid", "dst_k_cache_status", "dst_kcs_via", "dst_x_ccc",
|
|
123
|
+
"dst_x_cid", "dst_page_title", "dst_x_via", "dst_x_ws_request_id", "dst_enable_encrypted_library",
|
|
124
|
+
"dst_expire", "dst_x_ratelimit_limit_vass_zuul_wx_port_39.",
|
|
125
|
+
"dst_x_ratelimit_reset_vass_zuul_wx_port_39.", "dst_content_location", "dst_gsid", "dst_sc",
|
|
126
|
+
"dst_x_response_timestrap", "dst_link", "dst_x_ratelimit_limit_vass_zuul_api_order_2",
|
|
127
|
+
"dst_x_ratelimit_limit_vass_zuul_wx_port_10.", "dst_x_ratelimit_reset_vass_zuul_api_order_2",
|
|
128
|
+
"dst_x_ratelimit_reset_vass_zuul_wx_port_10.", "dst_x_reqid", "dst_login", "dst_x_cache_lookup",
|
|
129
|
+
"dst_x_cdn_request_id", "dst_x_link_via", "dst_x_nws_log_uuid",
|
|
130
|
+
"dst_x_ratelimit_limit_vass_zuul_wx_port_111", "dst_x_ratelimit_reset_vass_zuul_wx_port_111",
|
|
131
|
+
"dst_cache_contror", "dst_cdn_cache", "dst_cdn_cachedat", "dst_cdn_edgestorageid", "dst_cdn_proxyver",
|
|
132
|
+
"dst_cdn_pullzone", "dst_cdn_requestcountrycode", "dst_cdn_requestid", "dst_cdn_requestpullcode",
|
|
133
|
+
"dst_cdn_requestpullsuccess", "dst_cdn_status", "dst_cdn_uid", "dst_gitlab_ci_builds_polling",
|
|
134
|
+
"dst_new_jwt", "dst_ohc_cache_hit", "dst_ohc_file_size", "dst_ohc_global_saved_time", "dst_x_hudson",
|
|
135
|
+
"dst_x_instance_identity", "dst_x_jenkins", "dst_x_jenkins_session", "dst_dir_perm",
|
|
136
|
+
"dst_fndfs_error",
|
|
137
|
+
"dst_oid", "dst_x_errno", "dst_x_hudson_theme", "dst_x_oss_hash_crc64ecma", "dst_x_ser",
|
|
138
|
+
"dst_content_md5", "dst_exception", "dst_exceptiontype", "dst_praga", "dst_x_oss_object_type",
|
|
139
|
+
"dst_x_oss_request_id", "dst_x_oss_server_time", "dst_x_oss_storage_class",
|
|
140
|
+
"dst_x_ratelimit_limit_vass_zuul_api_order_3", "dst_x_ratelimit_reset_vass_zuul_api_order_3"]
|
|
141
|
+
dns_domain_list = ['ac.cnNEW', 'ah.cn', 'archiNEW', 'artHOT', 'asia', 'autoNEW', 'autosNEW', 'babyNEW', 'band',
|
|
142
|
+
'beautyNEW',
|
|
143
|
+
'beer', 'bioNEW', 'biz', 'bj.cn', 'blackNEW', 'blueNEW', 'bondNEW', 'cabNEW', 'cafeNEW', 'carNEW',
|
|
144
|
+
'carsNEW',
|
|
145
|
+
'cashNEW', 'cc', 'center', 'chat', 'cityNEW', 'clickNEW', 'cloud', 'clubHOT', 'cnHOT',
|
|
146
|
+
'collegeNEW',
|
|
147
|
+
'comHOT', 'com.cn', 'company', 'cool', 'cq.cn', 'cyouNEW', 'design', 'email', 'fanNEW', 'fans',
|
|
148
|
+
'fashionNEW',
|
|
149
|
+
'fit', 'fj.cn', 'fun', 'fund', 'fyiNEW', 'games', 'gd.cn', 'globalNEW', 'gold', 'gov.cn', 'greenNEW',
|
|
150
|
+
'group',
|
|
151
|
+
'gs.cn', 'guru', 'gx.cn', 'gz.cn', 'ha.cn', 'hairNEW', 'hb.cn', 'he.cn', 'hi.cn', 'hk.cn', 'hl.cn',
|
|
152
|
+
'hn.cn',
|
|
153
|
+
'homesNEW', 'host', 'icuHOT', 'info', 'ink', 'jl.cn', 'js.cn', 'jx.cn', 'kim', 'law', 'life', 'live',
|
|
154
|
+
'ln.cn',
|
|
155
|
+
'lottoNEW', 'love', 'ltdHOT', 'luxe', 'makeupNEW', 'market', 'mbaNEW', 'meNEW', 'mediaNEW', 'mo.cn',
|
|
156
|
+
'mobi',
|
|
157
|
+
'monsterNEW', 'motorcyclesNEW', 'net', 'net.cn', 'news', 'nm.cn', 'nx.cn', 'online', 'org.cn',
|
|
158
|
+
'organicNEW',
|
|
159
|
+
'pinkNEW', 'plus', 'pokerNEW', 'press', 'pro', 'promoNEW', 'protectionNEW', 'pub', 'pwNEW', 'qh.cn',
|
|
160
|
+
'questNEW', 'red', 'ren', 'rentNEW', 'run', 'sc.cn', 'schoolNEW', 'sd.cn', 'securityNEW', 'sh.cn',
|
|
161
|
+
'shopHOT',
|
|
162
|
+
'shoppingNEW', 'show', 'site', 'skiNEW', 'skinNEW', 'sn.cn', 'socialNEW', 'space', 'storageNEW',
|
|
163
|
+
'store',
|
|
164
|
+
'studio', 'sx.cn', 'taxNEW', 'team', 'tech', 'technologyNEW', 'theatreNEW', 'ticketsNEW', 'tj.cn',
|
|
165
|
+
'today',
|
|
166
|
+
'topHOT', 'tvNEW', 'tw.cn', 'unoNEW', 'video', 'vinNEW', 'vip', 'voteNEW', 'votoNEW', 'wang',
|
|
167
|
+
'website',
|
|
168
|
+
'wiki', 'work', 'world', 'xin', 'xj.cn', 'xyz', 'xz.cn', 'yachtsNEW', 'yn.cn', 'yoga', 'zj.cn',
|
|
169
|
+
'zone',
|
|
170
|
+
'餐厅', '佛山', '公司', '广东', '集团', '企业NEW', '商标', '商城', '商店', '网店', '网络', '网址NEW',
|
|
171
|
+
'我爱你', '游戏', '娱乐NEW', '在线', '招聘', '中国HOT', '中文网']
|
|
172
|
+
statisticHeader = ['packet_size_mean', 'same_src_dst_size_mean', 'same_src_dst_size_var', 'packet_size_variance',
|
|
173
|
+
'packet_len_total_count', 'packet_len_total_average',
|
|
174
|
+
'packet_len_total_min', 'packet_len_total_max', 'packet_len_total_rate', 'packet_len_total_percent',
|
|
175
|
+
'packet_len_0_19_count', 'packet_len_0_19_average', 'packet_len_0_19_min', 'packet_len_0_19_max',
|
|
176
|
+
'packet_len_0_19_rate', 'packet_len_0_19_percent', 'packet_len_20_39_count',
|
|
177
|
+
'packet_len_20_39_average', 'packet_len_20_39_min', 'packet_len_20_39_max', 'packet_len_20_39_rate',
|
|
178
|
+
'packet_len_20_39_percent', 'packet_len_40_79_count', 'packet_len_40_79_average',
|
|
179
|
+
'packet_len_40_79_min', 'packet_len_40_79_max', 'packet_len_40_79_rate', 'packet_len_40_79_percent',
|
|
180
|
+
'packet_len_80_159_count', 'packet_len_80_159_average', 'packet_len_80_159_min',
|
|
181
|
+
'packet_len_80_159_max', 'packet_len_80_159_rate', 'packet_len_80_159_percent',
|
|
182
|
+
'packet_len_160_319_count', 'packet_len_160_319_average', 'packet_len_160_319_min',
|
|
183
|
+
'packet_len_160_319_max', 'packet_len_160_319_rate', 'packet_len_160_319_percent',
|
|
184
|
+
'packet_len_320_639_count', 'packet_len_320_639_average', 'packet_len_320_639_min',
|
|
185
|
+
'packet_len_320_639_max', 'packet_len_320_639_rate', 'packet_len_320_639_percent',
|
|
186
|
+
'packet_len_640_1279_count', 'packet_len_640_1279_average', 'packet_len_640_1279_min',
|
|
187
|
+
'packet_len_640_1279_max', 'packet_len_640_1279_rate', 'packet_len_640_1279_percent',
|
|
188
|
+
'packet_len_1280_2559_count', 'packet_len_1280_2559_average', 'packet_len_1280_2559_min',
|
|
189
|
+
'packet_len_1280_2559_max', 'packet_len_1280_2559_rate', 'packet_len_1280_2559_percent',
|
|
190
|
+
'packet_len_2560_5119_count', 'packet_len_2560_5119_average', 'packet_len_2560_5119_min',
|
|
191
|
+
'packet_len_2560_5119_max', 'packet_len_2560_5119_rate', 'packet_len_2560_5119_percent',
|
|
192
|
+
'packet_len_more_than_5120_count', 'packet_len_more_than_5120_average',
|
|
193
|
+
'packet_len_more_than_5120_min', 'packet_len_more_than_5120_max', 'packet_len_more_than_5120_rate',
|
|
194
|
+
'packet_len_more_than_5120_percent', 'all_req_packet_size_mean', 'all_req_packet_size_var',
|
|
195
|
+
'all_res_packet_size_mean', 'all_res_packet_size_var', 'all_req_packet_time_period_mean',
|
|
196
|
+
'all_res_packet_time_period_mean', 'all_req_packet_time_period_var',
|
|
197
|
+
'all_res_packet_time_period_var', 'req_header_count_mean', 'req_header_count_var']
|
|
198
|
+
features_key = [
|
|
199
|
+
'URI_FEATURES_EXTRA_contains_sql', 'URI_FEATURES_EXTRA_contains_xss', 'URI_FEATURES_EXTRA_contains_cmd',
|
|
200
|
+
'URI_FEATURES_EXTRA_contains_path', 'URI_FEATURES_EXTRA_contains_redirect',
|
|
201
|
+
'URI_FEATURES_EXTRA_contains_danger', 'URI_FEATURES_EXTRA_contains_suspicious_ext',
|
|
202
|
+
'URI_FEATURES_EXTRA_param_count', 'URI_FEATURES_EXTRA_path_depth', 'URI_FEATURES_EXTRA_param_length_avg',
|
|
203
|
+
'URI_FEATURES_EXTRA_param_length_max', 'UserAgent_is_attack', 'UserAgent_is_enterprise', 'UserAgent_browser',
|
|
204
|
+
'UserAgent_browser_version', 'UserAgent_os', 'UserAgent_os_version', 'UserAgent_device_type',
|
|
205
|
+
'UserAgent_platform', 'UserAgent_is_bot', 'UserAgent_language', 'UserAgent_special_char_count',
|
|
206
|
+
'UserAgent_is_unknown']
|
|
@@ -4,9 +4,10 @@ from urllib.parse import urlparse, parse_qs
|
|
|
4
4
|
|
|
5
5
|
import execjs
|
|
6
6
|
import numpy as np
|
|
7
|
+
import tldextract
|
|
7
8
|
from scapy.layers.dns import DNS
|
|
8
9
|
|
|
9
|
-
from xbase_util.xbase_constant import parse_path
|
|
10
|
+
from xbase_util.xbase_constant import parse_path, dns_domain_list
|
|
10
11
|
|
|
11
12
|
|
|
12
13
|
def parse_expression(expression):
|
|
@@ -379,3 +380,15 @@ def get_uri_filename_length(uri):
|
|
|
379
380
|
extension = match.group(0)
|
|
380
381
|
return len(extension)
|
|
381
382
|
return 0
|
|
383
|
+
|
|
384
|
+
|
|
385
|
+
def get_dns_domain_suffix(domain, dns_lock):
|
|
386
|
+
with dns_lock:
|
|
387
|
+
try:
|
|
388
|
+
for tmp_suffix in dns_domain_list:
|
|
389
|
+
if tmp_suffix in domain:
|
|
390
|
+
return tmp_suffix
|
|
391
|
+
extracted = tldextract.extract(domain)
|
|
392
|
+
return extracted.suffix
|
|
393
|
+
except Exception as e:
|
|
394
|
+
return ""
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|