Wiki
Clone wikiaiengine / MobileMalwarePython
Mobile Malware
Nowadays mobile malware is growing fast on the networks, by the following example we could attach the engine to a GN interface and take advantage of the functionalities that the engine provides. Lets see how works:
import pyaiengine
def callback(flow): d = flow.dns_info if (d): print("Malware on ip %s domain %s" % (flow.src_ip,d.domain_name))
def loadBadDomains(): dm = pyaiengine.DomainNameManager() # List from http://www.malwaredomainlist.com/hostslist/hosts.txt # https://zeustracker.abuse.ch/blocklist.php?download=baddomains for ZeusDomains # Parse the file and add the domains. f = open("hosts.txt","r") lines = f.readlines() i = 0 for line in lines: if( line[0] != "#"): domain = line.replace("\r\n","").split(" ") if(len(domain)> 2): name = "Bad domain %d" % i i = i +1 dom = pyaiengine.DomainName(name,domain[2]) dom.callback = callback dm.add_domain_name(dom) f.close() return dm
if __name__ == '__main__': st = pyaiengine.StackMobile()
st.udp_flows = 1638400
st.set_domain_name_manager(loadBadDomains(),"DNSProtocol")
with pyaiengine.PacketDispatcher("eth0") as pd: pd.stack = st pd.run()
Updated