Add support for logging downloaded files via dblog

New mysql table "downloads", see doc/sql/update7.sql git-svn-id: https://kippo.googlecode.com/svn/trunk@224 951d7100-d841-11de-b865-b3884708a8e2
2013-01-08 17:31:29 +00:00 · 2013-01-08 17:31:29 +00:00 · 3a7bcc0ff5
parent 96265ebe03
commit 3a7bcc0ff5
5 changed files with 33 additions and 0 deletions
--- a/doc/sql/mysql.sql
+++ b/doc/sql/mysql.sql
@ -49,3 +49,13 @@ CREATE TABLE `ttylog` (
  `ttylog` mediumblob NOT NULL,
  PRIMARY KEY  (`id`)
 ) ;
+
+CREATE TABLE `downloads` (
+  `id` int(11) NOT NULL auto_increment,
+  `session` CHAR( 32 ) NOT NULL,
+  `timestamp` datetime NOT NULL,
+  `url` text NOT NULL,
+  `outfile` text NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `session` (`session`,`timestamp`)
+) ;
--- a/doc/sql/update7.sql
+++ b/doc/sql/update7.sql
@ -0,0 +1,9 @@
+CREATE TABLE IF NOT EXISTS `downloads` (
+  `id` int(11) NOT NULL auto_increment,
+  `session` CHAR( 32 ) NOT NULL,
+  `timestamp` datetime NOT NULL,
+  `url` text NOT NULL,
+  `outfile` text NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `session` (`session`,`timestamp`)
+) ;
--- a/kippo/commands/wget.py
+++ b/kippo/commands/wget.py
@ -65,6 +65,8 @@ class command_wget(HoneyPotCommand):
            (self.honeypot.env.cfg.get('honeypot', 'download_path'),
            time.strftime('%Y%m%d%H%M%S'),
            re.sub('[^A-Za-z0-9]', '_', url))
+        self.honeypot.logDispatch(
+            'Downloading URL (%s) to %s' % (url, self.safeoutfile))
        self.deferred = self.download(url, outfile,
            file(self.safeoutfile, 'wb'))
        if self.deferred:
--- a/kippo/core/dblog.py
+++ b/kippo/core/dblog.py
@ -29,6 +29,8 @@ class DBLogger(object):
                self.handleCommand),
            ('^:dispatch: Command not found: (?P<input>.*)$',
                self.handleUnknownCommand),
+            ('^:dispatch: Downloading URL \((?P<url>.*)\) to (?P<outfile>.*)$',
+                self.handleFileDownload),
            ('^INPUT \((?P<realm>[a-zA-Z0-9]+)\): (?P<input>.*)$',
                self.handleInput),
            ('^Terminal size: (?P<height>[0-9]+) (?P<width>[0-9]+)$',
@ -138,4 +140,8 @@ class DBLogger(object):
    def handleClientVersion(self, session, args):
        pass

+    # args has: url, outfile
+    def handleFileDownload(self, session, args):
+        pass
+
 # vim: set sw=4 et:
--- a/kippo/dblog/mysql.py
+++ b/kippo/dblog/mysql.py
@ -135,4 +135,10 @@ class DBLogger(dblog.DBLogger):
            'UPDATE `sessions` SET `client` = %s WHERE `id` = %s',
            (id, session))

+    def handleFileDownload(self, session, args):
+        self.simpleQuery('INSERT INTO `downloads`' + \
+            ' (`session`, `timestamp`, `url`, `outfile`)' + \
+            ' VALUES (%s, FROM_UNIXTIME(%s), %s, %s)',
+            (session, self.nowUnix(), args['url'], args['outfile']))
+
 # vim: set sw=4 et: