-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmiddleware.py
198 lines (162 loc) · 6.92 KB
/
middleware.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
import sqlite3, alert, os
from datetime import datetime
from flask import Flask
import requests
import json
import requests
import json
import requests
import time
app = Flask(__name__)
app.config['MAIL_SERVER'] = 'smtp.gmail.com'
app.config['MAIL_PORT'] = 465
app.config['MAIL_USERNAME'] = '[email protected]'
app.config['MAIL_PASSWORD'] = os.getenv('MAIL_PASSWORD')
app.config['MAIL_USE_TLS'] = False
app.config['MAIL_USE_SSL'] = True
print("Wow!")
def create_table():
conn = sqlite3.connect('aegis.db')
c = conn.cursor()
c.execute(f"CREATE TABLE IF NOT EXISTS Packet1(id int PRIMARY_KEY AUTO_INCREMENT, src_ip text, dest_ip text, src_port int, dest_port int, protocol int,size int);")
conn.commit()
# conn.close()
c.execute(f"CREATE TABLE IF NOT EXISTS Malicious_ip(ip text);")
conn.commit()
# conn.close()
c.execute(f"CREATE TABLE IF NOT EXISTS Alerts(datetime text, threat text, description text);")
conn.commit()
# conn.close()
c.execute(f"INSERT INTO Malicious_ip (ip) values ('1.1.1.1');")
conn.commit()
c.execute(f"CREATE TABLE Rules(function text);")
conn.commit()
conn.close()
def insert_into_packet_2(json):
conn = sqlite3.connect('aegis.db')
c = conn.cursor()
c.execute(f"INSERT INTO Packet1 (src_ip, dest_ip, src_port, dest_port, protocol, size, timestamp) VALUES (?,?,?,?,?,?,?);", (json["src_ip"], json["dest_ip"], json["src_port"], json["dest_port"], json["protocol"], json["size"], int(time.time())))
conn.commit()
conn.close()
def insert_into_malicious_ip(ip):
conn = sqlite3.connect('aegis.db')
c = conn.cursor()
c.execute(f"INSERT INTO Malicious_ip (ip) VALUES ('{ip}');")
conn.commit()
conn.close()
def insert_into_packet(json):
conn = sqlite3.connect('aegis.db')
c = conn.cursor()
c.execute(f"INSERT INTO Packet (id, process_id, inode, src_ip, dst_ip, protocol, packet_size) VALUES (?,?,?,?,?,?,?);", (json['id'],json['process_id'], json['inode'], json['src_ip'], json['dst_ip'], json['protocol'], json['packet_size']))
conn.commit()
conn.close()
def insert_into_alert(json):
conn = sqlite3.connect('aegis.db')
c = conn.cursor()
c.execute(f"INSERT INTO Alerts (datetime, threat, description) VALUES ('{datetime.now().strftime('%Y-%m-%d %H:%M:%S')}','Malicious IP detected','Your device has contacted a possibly malicious IP: {json['src_ip']}')")
conn.commit()
conn.close()
def processor(json):
malicious_ip_rule(json)
packet_length()
def get_all_alerts():
print("Hello")
conn = sqlite3.connect('aegis.db')
cur = conn.cursor()
query = "SELECT * FROM Alerts;"
cur.execute(query)
rows = cur.fetchall()
conn.close()
print(rows)
return rows
#rules
def malicious_ip_rule(json):
conn = sqlite3.connect('aegis.db')
c = conn.cursor()
c.execute(f"SELECT * FROM malicious_ip WHERE ip = '{json['src_ip']}'")
result = c.fetchone()
if result is not None or query_abuseipdb(json['src_ip'])["data"]["abuseConfidenceScore"] > 0:
c.execute(f"INSERT INTO Alerts (datetime, threat, description) values('{datetime.now().strftime('%Y-%m-%d %H:%M:%S')}', 'Malicious IP', 'A request has been sent to a malicious IP: {json['src_ip']}');")
conn.commit()
try:
alert.send_mail_alert_alternative(
subject="Possibly Malicious IP Hit Detected",
sender='[email protected]',
recipients=['[email protected]'],
body="We have detected a malicious IP hit on your device"
)
except Exception as e:
print("An error occurred:", e)
conn.commit()
conn.close()
def detect_dos_attack(json):
# establish a connection to your database
db = sqlite3.connect("aegis.db")
ip_address = json['src_ip']
# create a cursor object to execute SQL queries
cursor = db.cursor()
# execute the SQL query to count the number of requests from the given IP address in the last 5 minutes
query = "SELECT COUNT(*) AS num_requests FROM your_table_name WHERE IP_address = ? AND time BETWEEN strftime('%s', 'now', '-5 minutes') AND strftime('%s', 'now')"
cursor.execute(query, (ip_address,))
# fetch the query results
result = cursor.fetchone()
# close the database connection and cursor
cursor.close()
db.close()
# determine if the number of requests is above a certain threshold (e.g., 100)
if result[0] > 100:
try:
alert.send_mail_alert_alternative(
subject="Brute Force attack!!",
sender='[email protected]',
recipients=['[email protected]'],
body="Someone is trying to flood your server with multiple requests"
)
except Exception as e:
print("An error occurred:", e)
def detect_udp_flood(json):
# Connect to the database
conn = sqlite3.connect('aegis.db')
c = conn.cursor()
ip_address = json['src_ip']
# Query the database to get the number of UDP packets and the total packet size received from the IP address in the last 5 minutes
query = f"SELECT COUNT(*), SUM(packet_size) FROM Packet1 WHERE IP_address = '{ip_address}' AND protocol = 'UDP' AND time BETWEEN strftime('%s', 'now', '-5 minutes') AND strftime('%s', 'now')"
c.execute(query)
num_udp_packets, total_packet_size = c.fetchone()
# Close the database connection
conn.close()
# Check if the number of UDP packets received or the total packet size is above the threshold for a UDP flood attack
if num_udp_packets > 100 or total_packet_size > 1048576: # 1 MB in bytes
return True
else:
return False
def packet_length():
conn = sqlite3.connect('aegis.db')
c = conn.cursor()
query = f"SELECT SUM(size), src_ip from Packet1 group by dest_ip;"
c.execute(query)
res = c.fetchall()
print(res)
for i in res:
c.execute(f"select * from alerts where threat='Packet Length Exceeding';")
alerts = c.fetchall()
if i[0]>10000*1000:
for alert in alerts:
if i[1] not in alert:
print("ALERT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
c.execute(f"INSERT INTO Alerts (datetime, threat, description) values('{str(datetime.now())}', 'Packet Length Exceeding', 'Device is getting too many requests from a single IP {i[1]} for a long time');")
conn.commit()
conn.close()
def query_abuseipdb(ip):
url = 'https://api.abuseipdb.com/api/v2/check'
querystring = {
'ipAddress': ip,
'maxAgeInDays': '90'
}
headers = {
'Accept': 'application/json',
'Key': 'aa2e90299f95874a4325793eb2316b7c94f24044ff2dbc6edb75f14c26ebc4fbe8ed136750c3ca64'
}
response = requests.request(method='GET', url=url, headers=headers, params=querystring)
decodedResponse = json.loads(response.text)
return decodedResponse