I tried to notify the honeypot report on LINE

Introduction

Last time I wrote an article that I tried to publish the honeypot and analyzed the honeypot, Did you actually analyze it every day after that? I haven't analyzed it. So I actually made a report tool, so I will publish it.

Created program

#About cowrie log analysis
import pandas as pd
import datetime
import gzip
import datetime
import requests
dt_now = datetime.datetime.now()
year=dt_now.year
mon=dt_now.month
day=dt_now.day
if day!=1:
    day1=day-1
elif day==1:
    if mon==1:
        mon=12
        day1=31
    elif mon==2:
        mon=mon-1
        day1=28
    elif mon==3 and mon==5 and mon==7 and mon==8 and mon==10:
        mon=mon-1
        day1=31
    else:
        mon=mon-1
        day1=30
print(mon)
print(day1)
if mon==12 and day1==31:
    year=year-1
if mon<=9:
    fname = 'cowrie.json.'+str(year)+'-0'+str(mon)+'-'+str(day1)
    if day1<=9:
        fname = 'cowrie.json.'+str(year)+'-0'+str(mon)+'-0'+str(day1)
    else:
        fname = 'cowrie.json.'+str(year)+'-0'+str(mon)+'-'+str(day1)
elif mon>=9:
    if day1<=9:
        fname = 'cowrie.json.'+str(year)+'-'+str(mon)+'-0'+str(day1)
    else:
        fname = 'cowrie.json.'+str(year)+'-'+str(mon)+'-'+str(day1)

print(fname)
access = pd.read_json(fname,lines=True)
df=pd.DataFrame(access)
df['timestamp']=pd.to_datetime(df['timestamp'])
#===========================================================#
#ID (user name) you tried to log in to
df1=df.query('eventid == "cowrie.login.failed"')
noid=df1['username'].value_counts()
noid1=df1['username'].value_counts(normalize=True)
print(noid)
print("Password frequency")
print(noid1)
#Log in successfully logged in
df2=df.query('eventid == "cowrie.login.success"')
print("Number of successful logins:"+str(len(df2)))
password=df2['password'].value_counts()
password1=df2['password'].value_counts(normalize=True)
print(password)
print("Password frequency")
print(password1)
#Login failed log
df2=df.query('eventid == "cowrie.login.failed"')
print("Number of login failures:"+str(len(df2)))
nopassword=df2['password'].value_counts()
nopassword1=df2['password'].value_counts(normalize=True)
print(nopassword)
print("Password frequency")
print(nopassword1)
#Command that was successfully executed
df3=df.query('eventid == "cowrie.command.input"')
print("Command that was successfully executed")
print(df3['input'])
#Command that failed to execute
df4=df.query('eventid == "cowrie.command.failed"')
print("Command that failed to execute")
print(df4['input'])
#Successful download
df5=df.query('eventid == "cowrie.session.file_download"')
print("Successful download")
print(df5['destfile'])
#Successful download
print("What failed to download")
df6=df.query('eventid == "cowrie.session.file_download.failed"')
print(df6['destfile'])
#===========================================================#
def message1():
    line_notify_token = ''
    line_notify_api = 'https://notify-api.line.me/api/notify'
    message = 'Send a message'
    payload = {'message': message}
    headers = {'Authorization': 'Bearer ' + line_notify_token}  
    line_notify = requests.post(line_notify_api, data=payload, headers=headers)
    print('Send message')
def message1():
    line_notify_token = ''
    line_notify_api = 'https://notify-api.line.me/api/notify'
    message = str(noid)
    payload = {'message': message}
    headers = {'Authorization': 'Bearer ' + line_notify_token}  
    line_notify = requests.post(line_notify_api, data=payload, headers=headers)
    print('ID you tried to log in to')
def message2():
    line_notify_token = ''
    line_notify_api = 'https://notify-api.line.me/api/notify'
    message = str(password)
    payload = {'message': message}
    headers = {'Authorization': 'Bearer ' + line_notify_token}  
    line_notify = requests.post(line_notify_api, data=payload, headers=headers)
    print('Log in successfully logged in')
def message3():
    line_notify_token = ''
    line_notify_api = 'https://notify-api.line.me/api/notify'
    message = str(nopassword)
    payload = {'message': message}
    headers = {'Authorization': 'Bearer ' + line_notify_token}  
    line_notify = requests.post(line_notify_api, data=payload, headers=headers)
    print('Login failed log')
def message4():
    line_notify_token = ''
    line_notify_api = 'https://notify-api.line.me/api/notify'
    message = str(df3['input'])
    payload = {'message': message}
    headers = {'Authorization': 'Bearer ' + line_notify_token}  
    line_notify = requests.post(line_notify_api, data=payload, headers=headers)
    print('Command that was successfully executed')
def message5():
    line_notify_token = ''
    line_notify_api = 'https://notify-api.line.me/api/notify'
    message = str(df4['input'])
    payload = {'message': message}
    headers = {'Authorization': 'Bearer ' + line_notify_token}  
    line_notify = requests.post(line_notify_api, data=payload, headers=headers)
    print('Command that was successfully executed')
def message6():
    line_notify_token = ''
    line_notify_api = 'https://notify-api.line.me/api/notify'
    message = str(df5['destfile'])
    payload = {'message': message}
    headers = {'Authorization': 'Bearer ' + line_notify_token}  
    line_notify = requests.post(line_notify_api, data=payload, headers=headers)
    print('Commands that were successfully downloaded')
message1()
message2()
message3()
message4()
message5()
message6()

Finally

This article is incomplete, but I will publish it as a memo for the time being. To notify LINE, change the LINE API part of line_notify_token ='LINE API' You can do it. The other thing you need is ubuntu to do the regular processing, but I will fill it out later.

Recommended Posts

I tried to notify the honeypot report on LINE
I tried to notify the train delay information with LINE Notify
I tried to move the ball
I tried to estimate the interval.
I tried changing the python script from 2.7.11 to 3.6.0 on windows10
I tried to launch ipython cluster to the minimum on AWS
I tried to summarize the umask command
I tried to recognize the wake word
I tried to summarize the graphical modeling.
I tried to digitize the stamp stamped on paper using OpenCV
I tried to register a station on the IoT platform "Rimotte"
I tried to get started with Bitcoin Systre on the weekend
I tried to estimate the pi stochastically
I tried to touch the COTOHA API
[Python] I tried to make a simple program that works on the command line using argparse.
[Python] I tried to visualize the night on the Galactic Railroad with WordCloud!
Matching karaoke keys ~ I tried to put it on Laravel ~ <on the way>
I tried with the top 100 PyPI packages> I tried to graph the packages installed on Python
I tried web scraping to analyze the lyrics.
I tried to notify slack of Redmine update
I tried to optimize while drying the laundry
I tried to save the data with discord
I tried to touch the API of ebay
I tried to correct the keystone of the image
Qiita Job I tried to analyze the job offer
I tried LINE Message API (line-bot-sdk-python) on GAE
LeetCode I tried to summarize the simple ones
I tried playing with the calculator on tkinter
I tried to predict the price of ETF
I tried to vectorize the lyrics of Hinatazaka46!
I tried to debug.
I tried to paste
I tried to notify the update of "Hamelin" using "Beautiful Soup" and "IFTTT"
I tried to use Resultoon on Mac + AVT-C875, but I was frustrated on the way.
[IBM Cloud] I tried to access the Db2 on Cloud table from Cloud Funtions (python)
I tried to display the infection condition of coronavirus on the heat map of seaborn
I tried to automatically send the literature of the new coronavirus to LINE with Python
I tried to learn the sin function with chainer
I tried to graph the packages installed in Python
I tried Python on Mac for the first time.
I tried to detect the iris from the camera image
I tried running the app on the IoT platform "Rimotte"
I tried to summarize the basic form of GPLVM
I tried to implement Minesweeper on terminal with python
I tried to touch the CSV file with Python
I tried to predict the J-League match (data analysis)
I tried to solve the soma cube with python
I tried python on heroku for the first time
I tried to put pytest into the actual battle
[Python] I tried to graph the top 10 eyeshadow rankings
I tried to erase the negative part of Meros
I tried to solve the problem with Python Vol.1
I tried to simulate the dollar cost averaging method
I tried to redo the non-negative matrix factorization (NMF)
I tried installing the Linux kernel on virtualbox + vagrant
I tried to identify the language using CNN + Melspectogram
I tried to install scrapy on Anaconda and couldn't
I tried to complement the knowledge graph using OpenKE
I tried to classify the voices of voice actors
I tried to compress the image using machine learning
I tried to summarize the string operations of Python