From 7509506f0b8d771bf0fe4875356e9c23acda3e1a Mon Sep 17 00:00:00 2001 From: 尹姜谊 Date: Wed, 17 Jan 2024 14:49:14 +0800 Subject: Add:增加geckovpn_serverip插件 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- detection/__pycache__/vpn_detector.cpython-39.pyc | Bin 6259 -> 6718 bytes detection/vpn_detector.py | 12 ++++- detection/vpnservices/geckovpn_serverip.py | 57 ++++++++++++++++++++++ detection/vpnservices/hotspotvpn_serverip.py | 2 +- 4 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 detection/vpnservices/geckovpn_serverip.py diff --git a/detection/__pycache__/vpn_detector.cpython-39.pyc b/detection/__pycache__/vpn_detector.cpython-39.pyc index c491155..5f2736d 100644 Binary files a/detection/__pycache__/vpn_detector.cpython-39.pyc and b/detection/__pycache__/vpn_detector.cpython-39.pyc differ diff --git a/detection/vpn_detector.py b/detection/vpn_detector.py index 34cd307..6f76810 100644 --- a/detection/vpn_detector.py +++ b/detection/vpn_detector.py @@ -83,13 +83,14 @@ class VpnDetector: result_df['is_valid'] = 1 # result save - if len(result_df) > 1: + if len(result_df) > 0: self.logger.info('Start to update data to knowledgebase') result_path = os.path.join('data', plugin_name) if not os.path.exists(result_path): os.makedirs(result_path) result_file = os.path.join(result_path, output_filename) result_df.to_csv(result_file, index=False) + self.logger.info('Write {} {} {} to local file {} successfully.'.format(len(result_df), vpn_service_name, object_type, result_file)) # update to knowledgebase knowledge_api = KnowledgeApi(self.config) @@ -190,6 +191,15 @@ if __name__ == '__main__': elif plugin_name == 'ipvanishvpn_serverip': from vpnservices.ipvanishvpn_serverip import IpvanishvpnServerip detector = IpvanishvpnServerip(start_time, end_time) + elif plugin_name == 'cyberghostvpn_servername': + from vpnservices.cyberghostvpn_servername import CyberghostvpnServername + detector = CyberghostvpnServername(start_time, end_time) + elif plugin_name == 'cyberghostvpn_serverip': + from vpnservices.cyberghostvpn_serverip import CyberghostvpnServerip + detector = CyberghostvpnServerip(start_time, end_time) + elif plugin_name == 'geckovpn_serverip': + from vpnservices.geckovpn_serverip import GeckovpnServerip + detector = GeckovpnServerip(start_time, end_time) else: print('Please input correct plugin name') diff --git a/detection/vpnservices/geckovpn_serverip.py b/detection/vpnservices/geckovpn_serverip.py new file mode 100644 index 0000000..3a6abb5 --- /dev/null +++ b/detection/vpnservices/geckovpn_serverip.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# @Time : 2024/1/17 14:20 +# @author : yinjinagyi +# @File : geckovpn_serverip.py +# @Function: + +import pandas as pd +from vpn_detector import VpnDetector + +class GeckovpnServerip(VpnDetector): + """ + This class is used to detect geckovpn server ip + """ + + def __init__(self, start_time, end_time): + super().__init__(start_time, end_time) + self.plugin_config = self.load_config()['geckovpn_serverip'] + self.plugin_id = self.plugin_config['plugin_id'] + self.plugin_name = self.plugin_config['plugin_name'] + self.object_type = self.plugin_config['object_type'] + self.vpn_service_name = self.plugin_config['vpn_service_name'] + self.confidence = self.plugin_config['confidence'] + self.output_file_name = self.plugin_name + '_' + str(self.start_time).replace(' ', '_').replace(':', '')[:13] + '.csv' + self.start_time = start_time + self.end_time = end_time + + self.sql = self.plugin_config['sql'] + + def find_server(self): + """ + Get geckovpn server ip from clickhouse database + :return: geckovpn server ip list + """ + self.logger.info('Start to query geckovpn server ip from session record') + + # construct query sql + TIME_FILTER_PATTERN = self.config['common']['time_filter_pattern'].replace('recv_time_columnname', self.config['common']['recv_time_columnname']) + time_filter = TIME_FILTER_PATTERN.replace("{$start_time}", str(self.start_time)).replace("{$end_time}", str( + self.end_time)).replace("{$time_zone}", self.time_zone) + self.sql = self.sql.replace("{$db_name}", self.dbname).replace("{$table_name}", self.table_name) + self.sql = self.sql.replace("{$time_filter}", time_filter) + self.logger.info("Sql for {}: {}".format(self.plugin_name, self.sql)) + + # query data from clickhouse database + try: + geckovpn_serverip_df = pd.DataFrame(self.client.execute(self.sql)) + finally: + self.client.disconnect() + + if geckovpn_serverip_df.empty: + self.logger.info('No geckovpn server ip found from clickhouse database') + return [] + geckovpn_serverip_list = geckovpn_serverip_df[0].drop_duplicates().tolist() + self.logger.info('Query geckovpn server ip from clickhouse database successfully. {} items found' + .format(len(geckovpn_serverip_list))) + return geckovpn_serverip_list diff --git a/detection/vpnservices/hotspotvpn_serverip.py b/detection/vpnservices/hotspotvpn_serverip.py index e75cff3..bf6ec8e 100644 --- a/detection/vpnservices/hotspotvpn_serverip.py +++ b/detection/vpnservices/hotspotvpn_serverip.py @@ -45,7 +45,7 @@ class HotspotvpnServerip(VpnDetector): self.sql = self.sql.replace("{$time_filter}", time_filter) self.sql = self.sql.replace("{$domain_list}", ','.join(self.masquerede_domains)) - # self.logger.info("Sql for {}: {}".format(self.plugin_name, self.sql)) + self.logger.info("Sql for {}: {}".format(self.plugin_name, self.sql)) # query data from clickhouse database try: -- cgit v1.2.3