NepenthesFE - Detail changes in structure of nepenthesfe, Honeynet Project, Indian Honeynet Project, NepenthesFE web front end tool, Emre´s Wiki, Emre Bastuz, Honeypot, Nepenthes,Honeypot and Malware Analysis

Details of modification done in the structure of NepenthesFE
I Upgrades
1. Visualization
Overview This feature gives the user detailed visual graph dynalically generated using Afterglow. The graphs generated are based on Country- IP-AttackVector and ASN-IP-AttackVector.
Functionality
The user initiates the call to the mkv function (The basic function for visual graphing). The request can be generated from: Listinstance function of index.php ASN module Then query to the data base is fired which generates a CSV file on the tmplocation specified in config.php Then the function generates the image file using the CSV file and stores in images visual folder. Using the Afterglow script.
DFD

Points of consideration
The tmplocation should be such that both groups mysql and www-data can write and delete files but not within the hosted enviroment. By default the location is set to the tmp folder for mysql i.e. :- /var/lib/mysql The folder of visual should have write permision for the web root to make files.
Code
Modifications in index.php The Modification in function listinstances.php `$t->setVariable("URL_VISUAL_COUNTRY", "index.php?func=mkv&base=" . $xml_data['geoip']['country_name']['value'] . "&tag=3&lang=$language");` Functions added /* Main Function to Make Maps Using Afterglow */ case "mkv": printheader(); $t = new HTML_Template_IT("./templates"); $t->loadTemplatefile("mkv.php", false, true); if($_GET['tag'] == 1) { } else if ($_GET['tag'] == 2) { $csvpath = $tmplocation.md5($auth->session['username']).'.csv'; $query = sprintf($queries['csv_make2'],$db->escape($_GET['base']),$csvpath); $res = $db->query($query); exec ('cat '.$csvpath.' \| perl '.$mainafterglowpath.' -c '.$mainvisualpath.'color.properties \| '.$gviz.' -Tjpg -o '.$mainvisualpath.md5($auth->session['username']).'2.jpg'); echo exec('rm -rf '.$csvpath); $t->setVariable("TEXT_IMAGE", gettext("Afterglow Mapping for ASN IP and Hash")); $t->setVariable("TEXT_IMAGE_PATH", $mainvisualpathsrv.md5($auth->session['username']).'2.jpg'); } else if ($_GET['tag'] == 3) { $csvpath = $tmplocation.md5($auth->session['username']).'.csv'; $query = sprintf($queries['csv_make1'],$db->escape($_GET['base']),$csvpath); $res = $db->query($query); exec ('cat '.$csvpath.' \| perl '.$mainafterglowpath.' -c '.$mainvisualpath.'color.properties \| '.$gviz.' -Tjpg -o '.$mainvisualpath.md5($auth->session['username']).'3.jpg'); echo exec('rm -rf '.$csvpath); $t->setVariable("TEXT_IMAGE", gettext("Afterglow Mapping for Country IP and Hash")); $t->setVariable("TEXT_IMAGE_PATH", $mainvisualpathsrv.md5($auth->session['username']).'3.jpg'); } Else { echo 'Dont mess with tag field'; } $t->setCurrentBlock(); $t->parseCurrentBlock(); $t->show(); printFooter(); break; Modifications in queries.php Added queries to generte the csv file $queries['csv_make1']= "SELECT CONVERT(ExtractValue(instance_info_details, '//country_name[1]') USING UTF8) as Country_name,inet_ntoa(instance.instance_source_host),instance.instance_filename FROM instance_info, instance WHERE instance_info_value='geoip' and ExtractValue(instance_info_details, '//country_name[1]') != '' and instance.instance_idx = instance_info.instance_idx and ExtractValue(instance_info_details, '//country_name[1]') = '%s' INTO OUTFILE '%s' FIELDS TERMINATED BY ',' ENCLOSED BY '\"' LINES TERMINATED BY '\n'"; $queries['csv_make2']= "SELECT CONVERT(ExtractValue(instance_info_details, '//as_number[1]') USING UTF8) as Country_name, inet_ntoa(instance.instance_source_host), instance.instance_filename FROM instance_info, instance WHERE instance_info_value='ASN' and ExtractValue(instance_info_details, '//as_number[1]') != '' and instance.instance_idx = instance_info.instance_idx and ExtractValue(instance_info_details, '//as_number[1]') = '%s' INTO OUTFILE '%s' FIELDS TERMINATED BY ',' ENCLOSED BY '\"' LINES TERMINATED BY '\n'"; Modifications in config.php `# Set path for afterglow perl script $mainafterglowpath ="{path to afterglow}/afterglow/src/perl/graph/afterglow.pl"; # Set path for images generated by afterglow $mainvisualpath ="{path to nepenthesfe}/visual/"; $mainvisualpathsrv="http://{path to nepenthesfe}/visual/"; $tmplocation="/var/lib/mysql/"; # Format of graph using graph viz $gviz ="neato";` Addition of tamplate mkv.php <table class="OuterBox" summary="Outer Box"> <tr class="OuterBox"> <td class="OuterBox" colspan="2"> <table class="NavBox" summary="Inner Box"> <tr class="NavBox"> <th class="NavBox"> Dynamic Graphing </th> </tr> </table> </td> </tr> <tr class="OuterBox"> <td class="OuterBox" colspan="2"> <table class="InnerBox" summary="Inner Box"> <tr class="InnerBox"> <th class="InnerBox" style="min-width: 32px">{TEXT_IMAGE}</th> </tr> <tr class="InnerBox" onmouseover="javascript:style.background='#e5e5e5'" onmouseout="javascript:style.background='white'"> <td class="InnerBox" style="min-width: 24px"> <a href={TEXT_IMAGE_PATH}><img src={TEXT_IMAGE_PATH} border="none" height="500" width="500"></a></td> </tr> <!-- END hashes --> </table> </td> </tr> </table> Modification in template listinstance.php Added before beginning of the hashes. `<th></th>` Toward the end of the hashes. `<td class="InnerBox" style="min-width: 24px"><a href="{URL_VISUAL_COUNTRY}">V</a></td>` Modification in asn.php `$t->setVariable("TEXT_VISUAL_ASN",gettext("Map of ASN")); $t->setVariable("URL_VISUAL_ASN", "index.php? func=mkv&base=" . $xml_data[$this->info_name]['as_number']['value'] . "&tag=2&lang=$language");`
2. Feature of google maps.
Click here to view more

Network Intelligence (India) Pvt. Ltd. | Copyright | Disclaimer