#!/usr/bin/env python import signal import sys import subprocess import time import string def getmylocaltime(): year, mon, mday, hour, mmin, sec = map(str, time.localtime()[:6]) if len(str(mon)) == 1: mon2 = '0' + str(mon) else: mon2 = str(mon) if len(str(mday)) == 1: mday2 = '0' + str(mday) else: mday2 = str(mday) if len(str(hour)) == 1: hour2 = '0' + str(hour) else: hour2 = str(hour) if len(str(mmin)) == 1: mmin2 = '0' + str(mmin) else: mmin2 = str(mmin) if len(str(sec)) == 1: sec2 = '0' + str(sec) else: sec2 = str(sec) if mon2 == '01': mon2 = 'Gen' elif mon2 == '02': mon2 = 'Feb' elif mon2 == '03': mon2 = 'Mar' elif mon2 == '04': mon2 = 'Apr' elif mon2 == '05': mon2 = 'May' elif mon2 == '06': mon2 = 'Jun' elif mon2 == '07': mon2 = 'Jul' elif mon2 == '08': mon2 = 'Aug' elif mon2 == '09': mon2 = 'Sep' elif mon2 == '10': mon2 = 'Oct' elif mon2 == '11': mon2 = 'Nov' elif mon2 == '12': mon2 = 'Dec' return mon2 + ' ' + mday2 + ' ' + hour2 + ':' + mmin2 + ':' + sec2 def signal_handler(signum, frame): global interface print "[ infect][00000000] Signal caught." print "[ infect][00000000] Sniffing off" sys.exit() return def main(): signal.signal(signal.SIGINT, signal_handler) signal.signal(signal.SIGTERM, signal_handler) print "[ infect][00000000] Sniffing on" try: os.makedirs('/opt/td-config/run/') except: pass tail = subprocess.Popen('/usr/bin/tail -f /var/log/syslog', shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) while True: attack = tail.stdout.readline() index1 = string.find(attack, "=> [") atarget = attack[index1 + 4:] index2 = string.find(atarget, "] [") aurl = atarget[index2 + 3:] atarget = atarget[0:index2] index3 = string.find(aurl, "] ") aurl = aurl[0:index3] if string.find(attack, "Inject Exe attack successful") != -1: subprocess.call('echo "{} Inject Exe infection attack completed on this target: {} on this resource: {} on Network Injector..." >> /opt/td-config/run/logsystem'.format(getmylocaltime(), atarget, aurl), shell=True) elif string.find(attack, "Inject Html Java attack successful") != -1: subprocess.call('echo "{} Inject Html Java infection attack completed on this target: {} on this resource: {} on Network Injector..." >> /opt/td-config/run/logsystem'.format(getmylocaltime(), atarget, aurl), shell=True) elif string.find(attack, "Inject Html Flash attack successful") != -1: subprocess.call('echo "{} Inject Html Flash infection attack completed on this target: {} on this resource: {} on Network Injector..." >> /opt/td-config/run/logsystem'.format(getmylocaltime(), atarget, aurl), shell=True) elif string.find(attack, "Inject Html File attack successful") != -1: subprocess.call('echo "{} Inject Html File infection attack completed on this target: {} on this resource: {} on Network Injector..." >> /opt/td-config/run/logsystem'.format(getmylocaltime(), atarget, aurl), shell=True) elif string.find(attack, "Inject Upgrade attack successful") != -1: subprocess.call('echo "{} Inject Upgrade infection attack completed on this target: {} on this resource: {} on Network Injector..." >> /opt/td-config/run/logsystem'.format(getmylocaltime(), atarget, aurl), shell=True) elif string.find(attack, "Replace attack successful") != -1: subprocess.call('echo "{} Replace infection attack completed on this target: {} on this resource: {} on Network Injector..." >> /opt/td-config/run/logsystem'.format(getmylocaltime(), atarget, aurl), shell=True) return if __name__ == "__main__": main()