updated setup.sh and logprocessor.py

LucasFaudman · Jan 25, 2024 · a2157d4 · a2157d4
1 parent d10ad9f
commit a2157d4
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 38 deletions.
diff --git a/loganalyzers/logprocessor.py b/loganalyzers/logprocessor.py
@@ -222,11 +222,10 @@ def process_source_ips_into_attacks(self):
         self.ips_with_flagged_http_requests = []
         self.benign_ips = []
 
-        # self.all_attack_ids_by_type = {"malware_hash": OrderedSet(()), "cmdlog_hash": OrderedSet(()), "httplog_hash": OrderedSet(())}
-        self.all_attack_ids_by_type = {"malware_hash": set(), "cmdlog_hash": set(), "httplog_hash": set()}
+        self.all_attack_ids_by_type = {"malware_hash": OrderedSet(()), "cmdlog_hash": OrderedSet(()), "httplog_hash": OrderedSet(())}
         for source_ip in sorted(self.source_ips.values(), key=lambda source_ip: source_ip.first_seen):
             ip = source_ip.ip
-            src_ip_attack_ids_by_type = defaultdict(set)
+            src_ip_attack_ids_by_type = defaultdict(OrderedSet)
 
             if source_ip.successful_logins >= self.min_successful_logins:
                 self.ips_with_successful_logins.append(ip)
@@ -267,7 +266,6 @@ def process_source_ips_into_attacks(self):
 
             # If no attacks found, add to benign_ips delete the SourceIP obj and continue
             if not any(src_ip_attack_ids_by_type.values()):
-            # if not src_ip_attack_ids_by_type:
                 self.benign_ips.append(ip)
                 del self.source_ips[ip]
                 print(f"Deleted benign ip {ip}", end='\r')
@@ -278,8 +276,7 @@ def process_source_ips_into_attacks(self):
                 for attack_id_type, attack_ids in src_ip_attack_ids_by_type.items()
             }
 
-            if not set(*shared_attack_ids.values()):
-            # if not any(shared_attack_ids.values()):
+            if not any(shared_attack_ids.values()):
                 attack_id_type, attack_ids = next(filter(lambda x: x[1], src_ip_attack_ids_by_type.items()))
                 attack_id = attack_ids[0]
                 self.attacks[attack_id] = Attack(attack_id, attack_id_type, source_ip)
@@ -289,7 +286,6 @@ def process_source_ips_into_attacks(self):
                 attack_id = attack_ids[0]
                 self.attacks[attack_id].add_source_ip(source_ip)    
 
-
         return self.attacks
 
 

diff --git a/main.py b/main.py
@@ -17,7 +17,7 @@
     "LOAD_ATTACKS_MAX_WORKERS": 2, # Maximum number of workers to use when loading attacks from the attacks directory
 
     # Log Types and Zeek Settings
-    "LOG_TYPES": ["cowrie", "firewall", "web", "zeek"], # Log types to process
+    "LOG_TYPES": ["cowrie", "zeek"], # Log types to process
     "ZEEK_LOG_TYPES": ["http"], # Zeek log types to process
     "ZEEK_LOG_EXT": ".log", # Zeek log file extension
     "ZEEK_KEEP_EMPTY_FIELDS": True, # Whether or not to keep empty fields in Zeek logs

diff --git a/openaianalyzers/completions.py b/openaianalyzers/completions.py
@@ -92,7 +92,6 @@ def make_few_shot_prompt(self, system_prompt, examples, user_input):
         return messages
 
 
-
     def explain_commands(self, commands=[], n=1, retries=0, **kwargs):
         system_prompt = [
         "Your role is to throughly explain a series commands that were executed by an attacker on a Linux honeypot system.",
@@ -139,8 +138,6 @@ def explain_commands(self, commands=[], n=1, retries=0, **kwargs):
         return self.zip_command_explanations(commands, result)
 
 
-
-
     def zip_command_explanations(self, commands, result):
         if isinstance(result, list):
             if len(result) == len(commands):
@@ -196,14 +193,10 @@ def explain_malware(self, malware_source_code, commands=[], n=1, retries=0, **kw
         ])
 
 
-
-
         example_malware1 = self.read_training_data("shared/example_malware1.py")
         example_commands1 = self.read_training_data("shared/example_commands1.sh", returnas=list)
         example_explanation1 = self.read_training_data("shared/example_explanation.txt")
 
-
-
         example_input1 = {"malware_source_code": example_malware1, "commands": self.index_content(example_commands1)}
         example_response1 = {"malware_explanation": example_explanation1, "malware_language": "python"}
 
@@ -219,7 +212,6 @@ def explain_malware(self, malware_source_code, commands=[], n=1, retries=0, **kw
         return result
 
 
-
     def comment_malware(self, malware_source_code, commands=[], n=1, retries=0, **kwargs):
         system_prompt = " ".join([
         "Your role is to add detailed comments to a file that was downloaded/uploaded by an attacker to a Linux honeypot system.",
@@ -242,10 +234,8 @@ def comment_malware(self, malware_source_code, commands=[], n=1, retries=0, **kw
         language, commented_malware = self.read_training_data("shared/commented_malware2.sh", returnas="split_firstline")
         language = language.split(":")[1].strip()
 
-        #example_input = {"malware_source_code": example_malware, "commands": self.index_content(example_commands)}
-        example_commands = ''
 
-        #example_response = commented_malware
+        example_commands = ''
         example_response = {}
         commented_malware_lines = commented_malware.split("\n")
         example_malware_lines = example_malware.split("\n")
@@ -255,8 +245,6 @@ def comment_malware(self, malware_source_code, commands=[], n=1, retries=0, **kw
                          "commands": self.index_content(example_commands)}
 
 
-
-
         comment = ""
         for line in commented_malware_lines:
             if line.strip().startswith("#"):
@@ -290,16 +278,9 @@ def insert_comments(self, source_code, comment_indexes):
                 line_index = int(line_index)
                 lines[line_index] = comment + "\n" + lines[line_index]
 
-            with (self.training_data_dir / "out.test").open("w+") as f:
-                f.write("\n".join(lines))
-
-
         return "\n".join(lines)
 
 
-
-
-
     def explain_and_comment_malware(self, malware_source_code, commands=[], n=1, retries=0, **kwargs):
         system_prompt = " ".join([
         "Your role is to throughly explain and comment a piece of malware that was executed by an attacker on a Linux honeypot system.",
@@ -317,9 +298,6 @@ def explain_and_comment_malware(self, malware_source_code, commands=[], n=1, ret
         ])
 
 
-
-
-
         example_commands1 = self.read_training_data("shared/example_commands1.sh", returnas=list)
         example_malware1 = self.read_training_data("shared/example_malware1.py")
         example_explanation1 = self.read_training_data("shared/example_explanation1.md")
@@ -343,9 +321,6 @@ def explain_and_comment_malware(self, malware_source_code, commands=[], n=1, ret
         return result
 
 
-
-
-
     def answer_attack_questions(self, questions: list, commands=[], malware_source_code=None, n=1, retries=0, **kwargs):
         #TODO an attack
         system_prompt = " ".join([
@@ -361,7 +336,6 @@ def answer_attack_questions(self, questions: list, commands=[], malware_source_c
         ])
 
 
-
         q1, a1 = self.read_training_data("answer_attack_questions/example_questions1.md", returnas="split_firstline")
 
         example_malware1 = self.read_training_data("shared/example_malware1.py")

diff --git a/setup.sh b/setup.sh
@@ -11,7 +11,6 @@ function review_file(){
 
 printf "\nBeginning honeypot-ai setup"
 # Get the directory of the script
-# HONEYPOT_AI_PATH="$(dirname $(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd))"
 HONEYPOT_AI_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 CURRENT_PATH="$(pwd)"
 printf "\nHoneypot AI Path: $HONEYPOT_AI_PATH\n"
@@ -118,7 +117,7 @@ sed -i"$SAFE_TO_DELETE_EXT" -e "s|<LOGS_PATH>|$LOGS_PATH|" "$HONEYPOT_AI_PATH/sy
 rm "$HONEYPOT_AI_PATH/"*"$SAFE_TO_DELETE_EXT"
 
 chmod +x "$HONEYPOT_AI_PATH/sync-logs.sh"
-printf "\nDone configuring "$HONEYPOT_AI_PATH/sync-logs.sh". You can now use this script to sync logs from your Honeypot to your local machine.\n"
+printf "\nDone configuring "$HONEYPOT_AI_PATH/sync-logs.sh". \nYou can now use this script to sync logs from your Honeypot to your local machine.\n"
 review_file "$HONEYPOT_AI_PATH/sync-logs.sh"
 
 printf "\nConfiguring $HONEYPOT_AI_PATH/setup/install-zeek-on-honeypot.sh.\n"
@@ -130,7 +129,7 @@ sed -i"$SAFE_TO_DELETE_EXT" -e "s|<KEYFILE>|$KEYFILE|" "$HONEYPOT_AI_PATH/instal
 rm "$HONEYPOT_AI_PATH/"*"$SAFE_TO_DELETE_EXT"
 
 chmod +x "$HONEYPOT_AI_PATH/install-zeek-on-honeypot.sh"
-printf "\nDone configuring setup/install-zeek-on-honeypot.sh. You can now use this script to install Zeek on your Honeypot.\n"
+printf "\nDone configuring setup/install-zeek-on-honeypot.sh. \nYou can now use this script to install Zeek on your Honeypot.\n"
 review_file "$HONEYPOT_AI_PATH/install-zeek-on-honeypot.sh"
 
 printf "\n"