MalwareClassifier/bin/import.py

import argparse
import sys
import redis
import hashlib

argParser = argparse.ArgumentParser(description='Malware classifier')
argParser.add_argument('-f', action='append', help='Filename')
args = argParser.parse_args()

r = redis.StrictRedis(host='localhost', port=6379, db=0)

if args.f is not None:
    md5 = args.f[0].split(".")[0]
    r.sadd('processed', md5)
    lnumber = 0
    fields = None
    for line in sys.stdin:
        if lnumber == 0:
            fields = line.rstrip().split(",")
            for field in fields:
                r.sadd('type', field)
        else:
            elements = line.rstrip().split(",")
            i = 0
            for element in elements:
                try:
                    r.sadd('e:'+fields[i], element)
                    r.zincrby('t:'+fields[i], element)
                    #
                    ehash = hashlib.md5()
                    ehash.update(element.encode('utf-8'))
                    ehhex = ehash.hexdigest()
                    if element is not "":
                        r.sadd('v:'+ehhex, md5)
                except IndexError:
                    print("Empty fields")
                i = i+1

        lnumber = lnumber + 1
else:
    argParser.print_help()
Workshop - first step 2015-01-10 18:19:23 +00:00			`import argparse`
			`import sys`
Workshop - second step Processed files are now added in the Redis set 2015-01-10 18:20:31 +00:00			`import redis`
Workshop - 5th step added Mapping between malware MD5 and element MD5 added in Redis 2015-01-10 18:32:24 +00:00			`import hashlib`
Workshop - first step 2015-01-10 18:19:23 +00:00
			`argParser = argparse.ArgumentParser(description='Malware classifier')`
			`argParser.add_argument('-f', action='append', help='Filename')`
			`args = argParser.parse_args()`

Workshop - second step Processed files are now added in the Redis set 2015-01-10 18:20:31 +00:00			`r = redis.StrictRedis(host='localhost', port=6379, db=0)`

Workshop - first step 2015-01-10 18:19:23 +00:00			`if args.f is not None:`
Workshop - second step Processed files are now added in the Redis set 2015-01-10 18:20:31 +00:00			`md5 = args.f[0].split(".")[0]`
			`r.sadd('processed', md5)`
Workshop - third step Import tshark parsing headers in Redis 2015-01-10 18:25:07 +00:00			`lnumber = 0`
Workshop - fourth step Import element for each field seen in Redis 2015-01-10 18:30:18 +00:00			`fields = None`
Workshop - first step 2015-01-10 18:19:23 +00:00			`for line in sys.stdin:`
Workshop - third step Import tshark parsing headers in Redis 2015-01-10 18:25:07 +00:00			`if lnumber == 0:`
Workshop - fourth step Import element for each field seen in Redis 2015-01-10 18:30:18 +00:00			`fields = line.rstrip().split(",")`
			`for field in fields:`
Workshop - third step Import tshark parsing headers in Redis 2015-01-10 18:25:07 +00:00			`r.sadd('type', field)`
Workshop - fourth step Import element for each field seen in Redis 2015-01-10 18:30:18 +00:00			`else:`
			`elements = line.rstrip().split(",")`
			`i = 0`
			`for element in elements:`
			`try:`
			`r.sadd('e:'+fields[i], element)`
Add counter on fields 2016-01-23 11:13:54 +00:00			`r.zincrby('t:'+fields[i], element)`
Workshop - 5th step added Mapping between malware MD5 and element MD5 added in Redis 2015-01-10 18:32:24 +00:00			`#`
			`ehash = hashlib.md5()`
			`ehash.update(element.encode('utf-8'))`
			`ehhex = ehash.hexdigest()`
			`if element is not "":`
			`r.sadd('v:'+ehhex, md5)`
Workshop - fourth step Import element for each field seen in Redis 2015-01-10 18:30:18 +00:00			`except IndexError:`
			`print("Empty fields")`
			`i = i+1`

Workshop - third step Import tshark parsing headers in Redis 2015-01-10 18:25:07 +00:00			`lnumber = lnumber + 1`
Workshop - first step 2015-01-10 18:19:23 +00:00			`else:`
			`argParser.print_help()`