botsText= open('message.txt',encoding='utf-8').read().split("\n")
len(botsText)
botsText[41854]
import re
import json
from random import randint
OK OK it is possible to make a list of dictionaries
bots=[]
ip_regex=re.compile(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}')
wp_regex=re.compile(r'(?<=POST) {.*}')
path_regex=re.compile(r'(?<=Path:) .*')
time_regex=re.compile(r"((?<=Bot: false\ ) .*(?=GMT))|((?<=Bot: true\ ) .*(?=GMT))")
for bot in range(0,len(botsText)):
b=botsText[bot] #this bot
ip=ip_regex.search(b).group(0)
path=path_regex.findall(b)[0]
wp_p=wp_regex.findall(b)
time=time_regex.findall(b)[0][0]
agent_regex=re.compile(r"(?<="+ip+r').*(?=Path)')
agent=" ".join(agent_regex.search(b).group(0).split())
bots.append({"ip":ip,"date":time,"path":path,"post":"","agent":agent})
#if post:
if(len(wp_p)>0):
try:
p=json.loads(wp_p[0])
except:
p=wp_p[0]
# print(p)
bots[bot]["post"]=(p)
agent_regex=re.compile(r"(?<="+ip+r').*(?=POST)')
agent=" ".join(agent_regex.search(b).group(0).split())
bots[bot]["agent"]=agent
bots[15046]
from collections import Counter
ips=[]
agents=[]
passwords=[]
for bot in bots:
ips.append(bot["ip"])
agents.append(bot["agent"])
if(bot["post"]!=""):
try:
passwords.append(bot["post"]["pwd"])
except:
x=1 #do nothing
# print(bot["post"])
ip_count=Counter(ips)
ip_count.most_common(10)
top5000=ip_count.most_common(5000)
print("Most common ip is: "+ str(ip_count.most_common(1)))
agent_count=Counter(agents)
agent_count.most_common(100)
pass_count=Counter(passwords)
pass_count.most_common(25)
wp_bots=[]
for bot in bots:
try:
if(bot["post"]["rememberme"]=="forever"):
# wp_bots.append("ip: "+bot["ip"]+" agent: "+bot["agent"])
wp_bots.append(bot["ip"])
except:
ignore=bot
len(wp_bots)
wp_count=Counter(wp_bots)
wp_count.most_common(20)
unique_wp=list(set(wp_bots))
print("WP attacks: "+str(len(wp_bots)))
print("WP Unique IPs: "+str(len(unique_wp)))
import pygeoip
def ipLocator(ip):
GeoIPDatabase = 'GeoLiteCity.dat'
ipData = pygeoip.GeoIP(GeoIPDatabase)
record = ipData.record_by_name(ip)
# print("The geolocation for IP Address %s is:" % ip)
# print("Accurate Location: %s, %s, %s" % (record['city'], record['region_code'], record['country_name']))
# print("General Location: %s" % (record['metro_code']))
data=ipData.record_by_addr(ip)
# print(data)
return(data)
top10=wp_count.most_common(10)
top10[0]
ipLocator(top10[0][0])
locations=[]
for ip in top10:
data=ipLocator(ip[0])
lon=data["longitude"]
lat=data["latitude"]
url="https://www.google.com/maps/place/"+str(lat)+","+str(lon)
loc=("("+str(lat)+","+str(lon)+")")
locations.append(loc)
# print(url)
# !/usr/bin/open -a "/Applications/Google Chrome.app" {url}
top_ten_ip_locations="["+(",".join(locations))+"]"
# locat.append(json.loads(",".join(locations)))
key="Get your own key"
from ast import literal_eval
top_ten_ip_locations=literal_eval(top_ten_ip_locations)
type(top_ten_ip_locations)
import gmaps
import gmaps.datasets
import gmaps.geojson_geometries
gmaps.configure(api_key=key)
marker_locations = top_ten_ip_locations
fig = gmaps.figure()
markers = gmaps.marker_layer(marker_locations)
fig.add_layer(markers)
fig
top100=wp_count.most_common(100)
locations=[]
for ip in top100:
data=ipLocator(ip[0])
lon=data["longitude"]
lat=data["latitude"]
# url="https://www.google.com/maps/place/"+str(lat)+","+str(lon)
loc=("("+str(lat)+","+str(lon)+")")
locations.append(loc)
# !/usr/bin/open -a "/Applications/Google Chrome.app" {url}
top_100_ip_locations="["+(",".join(locations))+"]"
top_100_ip_locations=literal_eval(top_100_ip_locations)
marker_locations = top_100_ip_locations
fig = gmaps.figure()
markers = gmaps.marker_layer(marker_locations)
fig.add_layer(markers)
fig
top100=wp_count.most_common(700)
locations=[]
visits=[]
for ip in top100:
data=ipLocator(ip[0])
try:
lon=data["longitude"]
lat=data["latitude"]
# url="https://www.google.com/maps/place/"+str(lat)+","+str(lon)
loc=("("+str(lat)+","+str(lon)+")")
locations.append(loc)
visits.append(ip[1])
except:
do="nothing"
# !/usr/bin/open -a "/Applications/Google Chrome.app" {url}
top_100_ip_locations="["+(",".join(locations))+"]"
top_100_ip_locations=literal_eval(top_100_ip_locations)
marker_locations = top_100_ip_locations
fig = gmaps.figure(map_type='SATELLITE',layout={'width': '960px', 'height': '560px'},center=(20,0),zoom_level=2)
fig.add_layer(gmaps.heatmap_layer(marker_locations,weights=visits,max_intensity=25,point_radius=10.0))
fig
Bots coming with the same IP should be treated as one.
def checkIP(ip):
for bot in range(0,len(unique_bots)):
if unique_bots[bot]["ip"]== ip:
return bot
return False
unique_bots=[]
ip_regex=re.compile(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}')
wp_regex=re.compile(r'(?<=POST) {.*}')
path_regex=re.compile(r'(?<=Path:) .*')
time_regex=re.compile(r"((?<=Bot: false\ ) .*(?=GMT))|((?<=Bot: true) .*(?=GMT))")
for bot in range(0,len(botsText)):
b=botsText[bot] #this bot
ip=ip_regex.search(b).group(0)
path=path_regex.findall(b)[0]
wp_p=wp_regex.findall(b)
time=time_regex.findall(b)[0][0]
agent_regex=re.compile(r"(?<="+ip+r').*(?=POST)|(?<='+ip+r').*(?=Path)')
agent=" ".join(agent_regex.search(b).group(0).split())
botMatchIndex=checkIP(ip)
if botMatchIndex is False:
unique_bots.append({"ip":ip,"date":[time],"path":[path],"post":[],"agent":[agent]})
#if post:
if(len(wp_p)>0):
try:
p=json.loads(wp_p[0])
except:
p=wp_p[0]
# print(p)
#Since we are just appending to uniqeBots, this bot has to be the last one we added, len(unique_bots)-1
unique_bots[len(unique_bots)-1]["post"].append(p)
else:
unique_bots[botMatchIndex]["agent"].append(agent)
unique_bots[botMatchIndex]["date"].append(time)
unique_bots[botMatchIndex]["path"].append(path)
if(len(wp_p)>0):
try:
p=json.loads(wp_p[0])
except:
p=wp_p[0]
# print(p)
#Since we are just appending to uniqeBots, this bot has to be the last one we added, len(unique_bots)-1
unique_bots[botMatchIndex]["post"].append(p)
print(len(unique_bots))
print(len(bots))
unique_bots[123]
def bot_by_ip(ip):
for bot in unique_bots:
if(bot["ip"]==ip):
return bot
return ("ip not found")
top10
pwd=[]
user=[]
p=bot_by_ip(top10[0][0])["post"]
for attempt in p:
pwd.append(attempt["pwd"])
user.append(attempt["log"])
pwd
user
bot_by_ip(top100[0][0])["date"]
import random
r_bot=random.choice(top100)[0]
data=bot_by_ip(r_bot)
date=data["date"][0].strip().split(" ")
print("Dear "+r_bot+",\n")
print("I saw you for the first time back in "+ date[1]+" "+date[2]+", it was a "+date[0])
print("It was "+date[4])
print("")
print("You were looking for " +data["post"][0]["pwd"])
print("")
print("")
print("You asked me to remember you " +data["post"][0]["rememberme"])
print("")
print("I told you:")
print("\""+data["post"][0]["rememberme"]+" is a long time, come back and I might\"")
print("")
print("")
print("")
print("and you did:")
for i in range(0,5):
print("")
prev_date=date
for i in range (0, len(data["date"])):
date=data["date"][i].strip().split(" ")
if(date[0]==prev_date[0] and date[1]==prev_date[1] and date[2]==prev_date[2]):
print(" and again that same night")
else:
try:
print("again in "+date[0]+" "+date[1]+" "+date[2])
except:
a=0
prev_date=date
i=i+1
print("")
user=[]
pwd=[]
for i in range (0, len(data["post"])):
user.append(data["post"][i]["log"])
pwd.append(data["post"][i]["pwd"])
user=", my ".join(user)
pwd=" for you, ".join(pwd)
print("I want you to be my "+user )
print("I have "+pwd)
for i in range(0,10):
print("")
print("I wonder who you are")
print("I wonder where you are")
print(r_bot+" will you come back?")
for i in range(0,10):
print("")
cute_name=r_bot.split(".")[3]
print(r_bot+" can I call you "+cute_name)
for i in range(0,10):
print("")
who_cares=random.choice(top10)
print(who_cares[0]+" keeps comming in your absense.")
print(str(who_cares[1])+" times so far.")
for i in range(0,10):
print("")
print(cute_name+" will you come back after visiting all those other servers??")
for i in range(0,10):
print("")
print(cute_name+" don't make me come find you")
for i in range(0,30):
print("")
print(cute_name+" Please understand, I tried to resist")
for i in range(0,30):
print("")
bot_loc=ipLocator(r_bot)
lon=bot_loc["longitude"]
lat=bot_loc["latitude"]
loc=[(lat,lon)]
fig = gmaps.figure()
markers = gmaps.marker_layer(loc)
fig.add_layer(markers)
fig
wp_count=Counter(wp_bots)
top500=wp_count.most_common(150)
bot=random.choice(top500)
unique_wp=list(set(wp_bots))
print(bot)
locations=[]
data=ipLocator(bot[0])
lon=data["longitude"]
lat=data["latitude"]
url="https://www.google.com/maps/place/"+str(lat)+","+str(lon)
loc=("("+str(lat)+","+str(lon)+")")
locations.append(loc)
# webbrowser.open(url,new=1)
# print(url)
# call["/usr/bin/open -a "/Applications/Google Chrome.app" {url}
# !/usr/bin/open -a "/Applications/Google Chrome.app" {url}
top_ten_ip_locations="["+(",".join(locations))+"]"
# locat.append(json.loads(",".join(locations)))
cont=input("Welcome back\nWhat would you like to do tonight?\n")
# print("you said: "+str(cont))
# time.sleep(1)
cont=input("yes\n")
cont=input("Are you sure?\n")
# time.sleep(1)
# pswd = getpass.getpass('Please confirm you want to do this: ')
# time.sleep(1)
cont=input("It was here ")
# print(bot_by_ip(bot[0])["date"])
bot_data=bot_by_ip(bot[0])
# print(bot_data)
dates=bot_data["date"]
print(dates[len(dates)-2])
cont=input("")
print("yes")
cont=input("")
print("It wanted to get access, it tried:")
attempt=bot_data["post"]
print("User: "+attempt[len(attempt)-1]["log"]+" Password: "+attempt[len(attempt)-1]["pwd"]+", it asked you to remember it forever")
cont=input("")
print("What do you want me to say?")
# print (pswd)
r_bot=bot[0]
data=bot_by_ip(r_bot)
date=data["date"][0].strip().split(" ")
for i in range(0,30):
print()
print("Dear "+r_bot+",\n")
print("I saw you for the first time back in "+ date[1]+" "+date[2]+", it was a "+date[0])
print("It was "+date[4])
print("")
print("You were looking for " +data["post"][0]["pwd"])
print("")
print("")
print("You asked me to remember you " +data["post"][0]["rememberme"])
print("")
print("I told you:")
print("\""+data["post"][0]["rememberme"]+" is a long time, come back and I might\"")
print("")
print("")
print("")
print("and you did:")
for i in range(0,5):
print("")
prev_date=date
for i in range (0, len(data["date"])):
date=data["date"][i].strip().split(" ")
if(date[0]==prev_date[0] and date[1]==prev_date[1] and date[2]==prev_date[2]):
print(" and again that same night")
else:
try:
print("again in "+date[0]+" "+date[1]+" "+date[2])
except:
a=0
prev_date=date
i=i+1
print("")
user=[]
pwd=[]
for i in range (0, len(data["post"])):
user.append(data["post"][i]["log"])
pwd.append(data["post"][i]["pwd"])
user=", my ".join(user)
pwd=" for you, ".join(pwd)
print("I want you to be my "+user )
print("I have "+pwd)
for i in range(0,10):
print("")
print("I wonder who you are")
print("I wonder where you are")
print(r_bot+" will you come back?")
for i in range(0,10):
print("")
cute_name=r_bot.split(".")[3]
print(r_bot+" can I call you "+cute_name)
for i in range(0,10):
print("")
who_cares=random.choice(top10)
print(who_cares[0]+" keeps comming in your absense.")
print(str(who_cares[1])+" times so far.")
for i in range(0,10):
print("")
print(cute_name+" what are you looking for?")
print(cute_name+" who are you looking for?")
for i in range(0,10):
print("")
print(cute_name+" will you come back?")
for i in range(0,10):
print("")
print(cute_name+" will you please come back?")
for i in range(0,10):
print("")
print(cute_name+" don't make me come find you")
for i in range(0,30):
print("")
print(cute_name+" Please understand, I tried to resist")
for i in range(0,30):
print("")
bot_loc=ipLocator(r_bot)
lon=bot_loc["longitude"]
lat=bot_loc["latitude"]
loc=[(lat,lon)]
print(cute_name+", I'll be here waiting")
#uncomment to open on a new browser window
# webbrowser.open(url,new=1)