Merge Online-Changes to Repo
This commit is contained in:
TKE
194
imapy.py
194
imapy.py
@@ -1,194 +0,0 @@
|
||||
import imaplib, email
|
||||
from pprint import pprint as pp
|
||||
from email.header import decode_header
|
||||
import re
|
||||
import os
|
||||
import time
|
||||
from configparser import ConfigParser
|
||||
from cursesmenu import *
|
||||
from cursesmenu.items import *
|
||||
import dialog
|
||||
config_file_path=os.path.join(os.path.expanduser('~'),".imap_virus_marvin.ini")
|
||||
dialog=dialog.Dialog()
|
||||
dialog.set_background_title("IMAP-Mail-Renamer")
|
||||
marvin_pattern=re.compile('MARVIN\d{14}_')
|
||||
marvin_candidates=re.compile('(?:[mM][aA][rR][vV][iI][nN].{0,3})?(\d{14})')
|
||||
|
||||
def edit(num):
|
||||
pass
|
||||
|
||||
def get_config():
|
||||
if not os.path.isfile(config_file_path):
|
||||
config_instance = ConfigParser()
|
||||
config_instance["CREDENTIALS"] = {
|
||||
"username": "virus-user",
|
||||
"password": "whambamBW"
|
||||
}
|
||||
|
||||
config_instance["SERVER"] = {
|
||||
"host": "mail.server.dom",
|
||||
"port": 993,
|
||||
"mailbox": "INBOX"
|
||||
}
|
||||
with open(config_file_path, 'w') as conf:
|
||||
config_instance.write(conf)
|
||||
print("No Config found!")
|
||||
print("Example Config written to {}".format(config_file_path))
|
||||
print("Please Edit and Repeat")
|
||||
exit(1)
|
||||
else:
|
||||
config_instance = ConfigParser()
|
||||
config_instance.read(config_file_path)
|
||||
if config_instance["CREDENTIALS"]["password"]=="whambamBW":
|
||||
print("Looks like you haven't changed the default config")
|
||||
print("Example Config written to {}".format(config_file_path))
|
||||
print("Please Edit and Repeat")
|
||||
exit(1)
|
||||
else:
|
||||
return config_instance
|
||||
|
||||
def get_header(eml, string):
|
||||
a=email.header.decode_header(eml[string])
|
||||
ergebnisse=[]
|
||||
for eintrag in a:
|
||||
ergebnisse.append(force_decode(eintrag[0]))
|
||||
return ergebnisse
|
||||
|
||||
|
||||
|
||||
def force_decode(string, codecs=['utf8', 'cp1252']):
|
||||
if isinstance(string, str):
|
||||
return string
|
||||
for i in codecs:
|
||||
try:
|
||||
return string.decode(i)
|
||||
except UnicodeDecodeError:
|
||||
pass
|
||||
raise Exception("Could not decode")
|
||||
|
||||
def decode(data):
|
||||
if isinstance(data,bytes):
|
||||
data=force_decode(data)
|
||||
tmp=decode_header(data)
|
||||
res=""
|
||||
for part in tmp:
|
||||
if part[1]==None:
|
||||
if isinstance(part[0],str):
|
||||
res+= part[0]
|
||||
else:
|
||||
try:
|
||||
res+= part[0].decode('ascii')
|
||||
except:
|
||||
print(part[0])
|
||||
else:
|
||||
res+= part[0].decode(part[1])
|
||||
return "".join(res.split())
|
||||
|
||||
def retrieve(num,field):
|
||||
global im
|
||||
res, data = im.fetch(num,"BODY.PEEK[HEADER.FIELDS ({})]".format(field))
|
||||
x,y = data[0]
|
||||
y=force_decode(y)
|
||||
y=y.split(":",1)
|
||||
y=y[1]
|
||||
return decode(y)
|
||||
|
||||
def get_subject(num):
|
||||
global im
|
||||
# res, data2 = im.fetch(num,'BODY.PEEK[HEADER.FIELDS (FROM)]')
|
||||
y=retrieve(num,"SUBJECT")
|
||||
z=retrieve(num,"FROM")
|
||||
return "{} von <{}>".format(y,z)
|
||||
|
||||
def get_mail(num):
|
||||
global im
|
||||
res, data = im.fetch(num,'(RFC822)')
|
||||
try:
|
||||
eml=email.message_from_bytes(data[0][1])
|
||||
return eml
|
||||
except:
|
||||
return None
|
||||
|
||||
def delete_mail(num):
|
||||
global im
|
||||
im.store(num, '+FLAGS', '\\Deleted')
|
||||
im.expunge()
|
||||
|
||||
def search_mails(key,value):
|
||||
global im
|
||||
_, nums = im.search(None,key,'"{}"'.format(value))
|
||||
return nums[0].split()
|
||||
|
||||
def print_mail(num):
|
||||
eml=get_mail(num)
|
||||
dialogit(str(eml))
|
||||
|
||||
def scan_for_marvins(eml):
|
||||
texttosearch="\n".join(get_header(eml,'Subject'))
|
||||
for part in eml.walk():
|
||||
if 'text/plain' == part.get_content_type():
|
||||
texttosearch+="\n"+force_decode(part.get_payload(decode=True))
|
||||
results=marvin_candidates.findall(texttosearch)
|
||||
ergebnisse=[]
|
||||
for x in results:
|
||||
if x not in ergebnisse:
|
||||
ergebnisse.append(x)
|
||||
return ergebnisse
|
||||
|
||||
def edit_mail(num):
|
||||
global im
|
||||
global config
|
||||
eml=get_mail(num)
|
||||
old_subject=get_header(eml,'Subject')[0]
|
||||
results=scan_for_marvins(eml)
|
||||
suggesttext="Found {} possible marvins".format(len(results))
|
||||
suggesttext+="\n"
|
||||
suggesttext+="\n".join(results)
|
||||
if len(results)>0:
|
||||
suggested_subject="MARVIN#{}_{}".format(results[0],old_subject)
|
||||
else:
|
||||
suggested_subject="MARVIN#2020xxxx75xxxx_{}".format(old_subject)
|
||||
action,new_subject=dialog.inputbox(suggesttext,init=suggested_subject,height=30,width=110)
|
||||
print(action)
|
||||
time.sleep(2)
|
||||
if action == "ok":
|
||||
eml.replace_header('Subject',new_subject)
|
||||
c,d = im.append('INBOX','', imaplib.Time2Internaldate(time.time()),str(eml).encode('utf-8'))
|
||||
if "OK" in c:
|
||||
delete_mail(num)
|
||||
|
||||
def quit():
|
||||
exit(0)
|
||||
|
||||
def dialogit(text):
|
||||
dialog.scrollbox(text,height=30,width=110)
|
||||
|
||||
def make_choice():
|
||||
global config
|
||||
global im
|
||||
config=get_config()
|
||||
im=imaplib.IMAP4_SSL(config["SERVER"]["host"],config["SERVER"]["port"])
|
||||
im.login(config["CREDENTIALS"]["username"],config["CREDENTIALS"]["password"])
|
||||
im.select(config["SERVER"]["mailbox"])
|
||||
|
||||
# Create the menu
|
||||
menu = CursesMenu("Mails - INBOX", "0 - 10")
|
||||
typ, nums = im.search(None, 'ALL')
|
||||
for n in nums[0].split():
|
||||
subject_line=get_subject(n)
|
||||
if not marvin_pattern.match(subject_line):
|
||||
function_item = FunctionItem(subject_line, edit_mail , [n] ,should_exit=True)
|
||||
menu.append_item(function_item)
|
||||
|
||||
menu.show()
|
||||
im.close()
|
||||
im.logout()
|
||||
|
||||
def main():
|
||||
make_choice()
|
||||
|
||||
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
@@ -15,13 +15,13 @@ def main():
|
||||
employees.append(0)
|
||||
|
||||
count = 0
|
||||
for i in xrange(1, 1000001):
|
||||
for i in range(1, 1000001):
|
||||
temp = employees[:]
|
||||
shuffle(temp)
|
||||
if Counter(temp[0:11])[1] == 4:
|
||||
count += 1
|
||||
|
||||
print count / 1000000.
|
||||
print(count / 1000000.)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
@@ -25,6 +25,6 @@ alias remnux_viper='docker run --rm -it --dns=192.168.130.1 -v ${workdir-`pwd`}:
|
||||
alias remnux_vol='docker run --rm -it -v ${workdir-`pwd`}:/home/nonroot/memdumps remnux/volatility bash'
|
||||
alias rot13='tr "abcdefghijklmnopqrstuvwxyz" "zyxwvutsrqponmlkjihgfedcba"'
|
||||
function bindiff() { cmp -l "${1}" "${2}" | gawk '{printf "%s,%02X,%02X\n",$1,strtonum(0$2),strtonum(0$3) }' ; }
|
||||
function avscan(){ av="${1:-kaspersky}" ; if [ "${av}" == "update" ] ; then ( docker pull tabledevil/kaspersky ; docker pull tabledevil/sep ; docker pull tabledevil/clamav) ; elif [[ $# -eq 2 ]] ; then dritpwro "tabledevil/${av}" "${2}" ; else dritpwro "tabledevil/${av}" scan ; fi ; }
|
||||
function avscan(){ av="${1:-kaspersky}" ; if [ "${av}" == "update" ] ; then ( docker pull tabledevil/kaspersky ; docker pull tabledevil/sep ; docker pull tabledevil/clamav) ; elif [[ $# -eq 2 ]] ; then dritpwro "tabledevil/${av}" "${2}" ; else dritpwro --network=none "tabledevil/${av}" scan ; fi ; }
|
||||
function dockerfa() { [[ $# -eq 0 ]] && wpd=$(readlink -f . ) || wpd=$(readlink -f "${1}"); docker run -it --rm -v "${wpd}":/data tabledevil/file-analysis;}
|
||||
function docker_killall() { docker rm $(docker stop $(docker ps -a -q --filter ancestor="${1}" --format="{{.ID}}")) ; }
|
||||
|
||||
61
visidatarc
Normal file
61
visidatarc
Normal file
@@ -0,0 +1,61 @@
|
||||
#copy or link this file to ~/.visidatarc
|
||||
|
||||
from datetime import datetime
|
||||
|
||||
#sym-ts = hexNcoded NT-Timestamp = Nanoseconds since 01.01.1601
|
||||
def sym_time(val):
|
||||
a=int(val,16) #decode hex
|
||||
b=(a / 10000000) - 11644473600 #convert to seconds and subtract offset to 01.01.1970
|
||||
return datetime.fromtimestamp(b)
|
||||
|
||||
def sym_id(val):
|
||||
event_ids={
|
||||
"2" : "Scan Stopped",
|
||||
"3" : "Scan Started",
|
||||
"4" : "Definition File Sent To Server",
|
||||
"5" : "Virus Found",
|
||||
"6" : "Scan Omission",
|
||||
"7" : "Definition File Loaded",
|
||||
"10" : "Checksum",
|
||||
"11" : "Auto-Protect",
|
||||
"12" : "Configuration Changed",
|
||||
"13" : "Symantec AntiVirus Shutdown",
|
||||
"14" : "Symantec AntiVirus Startup",
|
||||
"16" : "Definition File Download",
|
||||
"17" : "Scan Action Auto-Changed",
|
||||
"18" : "Sent To Quarantine Server",
|
||||
"19" : "Delivered To Symantec Security Response",
|
||||
"20" : "Backup Restore Error",
|
||||
"21" : "Scan Aborted",
|
||||
"22" : "Load Error",
|
||||
"23" : "Symantec AntiVirus Auto-Protect Loaded",
|
||||
"24" : "Symantec AntiVirus Auto-Protect Unloaded",
|
||||
"26" : "Scan Delayed",
|
||||
"27" : "Scan Re-started",
|
||||
"34" : "Log Forwarding Error",
|
||||
"39" : "Definitions Rollback",
|
||||
"40" : "Definitions Unprotected",
|
||||
"41" : "Auto-Protect Error",
|
||||
"42" : "Configuration Error",
|
||||
"45" : "SymProtect Action",
|
||||
"46" : "Detection Start",
|
||||
"47" : "Detection Action",
|
||||
"48" : "Pending Remediation Action",
|
||||
"49" : "Failed Remediation Action",
|
||||
"50" : "Successful Remediation Action",
|
||||
"51" : "Detection Finish",
|
||||
"65" : "Scan Stopped",
|
||||
"66" : "Scan Started",
|
||||
"71" : "Threat Now Whitelisted",
|
||||
"72" : "Interesting Process Found Start",
|
||||
"73" : "SONAR engine load error",
|
||||
"74" : "SONAR definitions load error",
|
||||
"75" : "Interesting Process Found Finish",
|
||||
"76" : "SONAR operating system not supported",
|
||||
"77" : "SONAR Detected Threat Now Known",
|
||||
"78" : "SONAR engine is disabled",
|
||||
"79" : "SONAR engine is enabled",
|
||||
"80" : "Definition load failed",
|
||||
"81" : "Cache server error",
|
||||
"82" : "Reputation check timed out"}
|
||||
return event_ids[val]
|
||||
Reference in New Issue
Block a user