Tuesday, February 14, 2017

What the Fuzz

Talk on application security presented at the NY Perl Mongers:


Tuesday, April 22, 2014

Using File::Copy to Deploy Files to a Windows UNC Path



Below is script that illustrates the use of File::Copy to copy files to a UNC path on a Windows network.  The example code downloads a copy of the hosts file made available by the Malware Domain List and copies it to the appropriate directory on a Windows machine in order to prevent the machine from being able to successfully resolve those malicious sites.  

#!usr/bin/perl

use LWP;
use File::Copy;
use strict;
use warnings;

#URL of hosts file
my $URI = 'http://www.malwaredomainlist.com/hostslist/hosts.txt';

#downloads host file
my $ua = LWP::UserAgent->new();
my $request = HTTP::Request->new(GET => $URI);
my $response = $ua->request($request);
my $content = $response->content();
#print $content;

#writes downloaded hosts file to file
open(my $hosts2, ">", "hosts2.txt");
print $hosts2 "$content";
close $hosts2;

#opens file that stores list of PC names
open(my $computers, "<", "computers.txt")
   or die "cannot open < computers.txt: $!";

#copies file to proper location on each computer  
while(<$computers>){
   my $computer=$_;
   print $computer;
   my $path1='hosts2.txt';
   my $path2="\\\\$computer\\C\$\\WINDOWS\\system32\\drivers\\etc\\hosts";
   copy("$path1","$path2") or die "Copy failed: $!";
}

close $computers;

Sunday, January 26, 2014

Did I Visit a Malicious Site?



A Perl script that will download the Malware Domain List hosts file and compare the domains listed in the file to domains present in the Chrome History database (an SQLite DB).  It will print out a list of any domains in the History DB that are listed on the Malware Domain list.  Note: the script assumes that a copy of the History DB is in the same directory as the script. 

#!usr/bin/perl

use DBI;
use List::MoreUtils qw(uniq);
use List::Compare;
use LWP::Simple;
use strict;
use warnings;

my @MalDomains;
my @VisitedDomains;

#obtains a list of malicious domains from a the malware domain list hosts file
my $MalHosts = get 'http://www.malwaredomainlist.com/hostslist/hosts.txt';
open( my $hosts, '<', \$MalHosts );
while(<$hosts>){
   my $host=$_;     
   #remove loopback from each entry
   if($host=~s/127\.0\.0\.1  //){
      #remove newline
      $host =~ s/\r?\n$//;
      push(@MalDomains, $host);
   };
}
close $hosts;

#opens the History database and pulls out all visited domains
my $dbh = DBI->connect("dbi:SQLite:dbname=History","","");
my $sth=$dbh->selectall_arrayref( "SELECT url FROM urls" );
foreach my $data (@$sth) {
               (my $url)=@$data;
               #obtain domain from visited URL
               my $url2 = URI->new("$url");
    my $domain = $url2->host;
    push(@VisitedDomains, $domain);
}

#remove duplicate domains to speed processing
my @UVDomains = uniq(@VisitedDomains);

#finds the intersection of each array
my $lc = List::Compare->new(\@MalDomains, \@UVDomains);
my @intersection = $lc->get_intersection;

print "You browsed the following malicious domains: \n";
foreach(@intersection){
               print $_ . "\n";
}

Friday, January 24, 2014

Calling PowerShell from Within Perl



Recently, I’ve been doing a bit of scripting for use inside a Windows environment and as such became somewhat interested in some of the functionality that is offered up by PowerShell.  As a result I began experimenting with calling PowerShell commands from within a Perl script.  Below is a simple example, that when run with appropriate privileges can take a list of PC names and clear the security log on each PC.  

use strict;
use warnings;

open(my $hosts, "<", "hosts.txt")
   or die "cannot open < hosts.txt: $!";
  
while(<$hosts>){
   my $host=$_;
   system("powershell -Command \"& {Clear-EventLog -Logname Security -ComputerName $host;}\"");
}

close $hosts;

Tuesday, April 30, 2013

Perl and Open Government



For any interested in initiatives to make government data more accessible, I ran across an interesting API put out by Civic Impulse – the GovTrack API (http://www.govtrack.us/developers/api).  The API allows queries to be made regarding many of the bills being debated about in the US congress as well as the ability to programmatically look up information pertaining to members of Congress.  The available documentation for the API is located at the link already provided, but a small Perl script below will demonstrate the basics of accessing the API in Perl.



This script will query the API for bills regarding “fracking” in the “112” session of congress and will simply print out the retrieved results.

#!usr/bin/perl

use LWP;
use strict;
use warnings;

#sets query and congress session
my $query='fracking';
my $congress=112;

my $ua = LWP::UserAgent->new;

my $url="http://www.govtrack.us/api/v2/bill?q=$query&congress=$congress";

my $response=$ua->get($url);
my $result=$response->content;
print $result;


The results are returned in the JSON format be default, but the API does allow for parameters to be specified for XML or CSV based results as alternatives.  For the code above the returned JSON would look as follows:

 {
 "meta": {
  "limit": 100,
  "offset": 0,
  "total_count": 2
 },
 "objects": [
  {
   "bill_resolution_type": "bill",
   "bill_type": "senate_bill",
   "bill_type_label": "S.",
   "congress": 112,
   "current_status": "referred",
   "current_status_date": "2012-03-28",
   "current_status_description": "This bill was introduced on March 28, 2012, in a previous session of Congress, but was not enacted.",
   "current_status_label": "Referred to Committee",
   "display_number": "S. 2248",
   "docs_house_gov_postdate": null,
   "id": 251518,
   "introduced_date": "2012-03-28",
   "is_alive": false,
   "is_current": false,
   "link": "http://www.govtrack.us/congress/bills/112/s2248",
   "major_actions": [
    [
     "datetime.datetime(2012, 3, 28, 0, 0)",
     1,
     "Sponsor introductory remarks on measure. (CR S2166-2167)"
    ],
    [
     "datetime.datetime(2012, 3, 28, 0, 0)",
     2,
     "Read twice and referred to the Committee on Energy and Natural Resources."
    ]
   ],
   "noun": "bill",
   "number": 2248,
   "senate_floor_schedule_postdate": null,
   "sliplawnum": null,
   "sliplawpubpriv": null,
   "sponsor": {
    "bioguideid": "I000024",
    "birthday": "1934-11-17",
    "cspanid": 5619,
    "firstname": "James",
    "gender": "male",
    "gender_label": "Male",
    "id": 300055,
    "lastname": "Inhofe",
    "link": "http://www.govtrack.us/congress/members/james_inhofe/300055",
    "middlename": "M.",
    "name": "Sen. James “Jim” Inhofe [R-OK]",
    "namemod": "",
    "nickname": "Jim",
    "osid": "N00005582",
    "pvsid": "27027",
    "sortname": "Inhofe, James “Jim” (Sen.) [R-OK]",
    "twitterid": "InhofePress",
    "youtubeid": "jiminhofepressoffice"
   },
   "sponsor_role": {
    "congress_numbers": [
     111,
     112,
     113
    ],
    "current": true,
    "description": "Senator from Oklahoma",
    "district": null,
    "enddate": "2015-01-03",
    "id": 4082,
    "party": "Republican",
    "person": 300055,
    "role_type": "senator",
    "role_type_label": "Senator",
    "senator_class": "class2",
    "senator_class_label": "Class 2",
    "startdate": "2009-01-06",
    "state": "OK",
    "title": "Sen.",
    "title_long": "Senator",
    "website": "http://www.inhofe.senate.gov"
   },
   "thomas_link": "http://thomas.loc.gov/cgi-bin/bdquery/z?d112:s2248:",
   "title": "S. 2248 (112th): Fracturing Regulations are Effective in State Hands Act",
   "title_without_number": "Fracturing Regulations are Effective in State Hands Act",
   "titles": [
    [
     "short",
     "introduced",
     "Fracturing Regulations are Effective in State Hands Act"
    ],
    [
     "official",
     "introduced",
     "A bill to clarify that a State has the sole authority to regulate hydraulic fracturing on Federal land within the boundaries of the State."
    ]
   ]
  },
  {
   "bill_resolution_type": "bill",
   "bill_type": "house_bill",
   "bill_type_label": "H.R.",
   "congress": 112,
   "current_status": "referred",
   "current_status_date": "2012-03-29",
   "current_status_description": "This bill was introduced on March 29, 2012, in a previous session of Congress, but was not enacted.",
   "current_status_label": "Referred to Committee",
   "display_number": "H.R. 4322",
   "docs_house_gov_postdate": null,
   "id": 251585,
   "introduced_date": "2012-03-29",
   "is_alive": false,
   "is_current": false,
   "link": "http://www.govtrack.us/congress/bills/112/hr4322",
   "major_actions": [
    [
     "datetime.datetime(2012, 3, 29, 0, 0)",
     2,
     "Referred to the Committee on Natural Resources, and in addition to the Committees on Agriculture, Transportation and Infrastructure, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned."
    ]
   ],
   "noun": "bill",
   "number": 4322,
   "senate_floor_schedule_postdate": null,
   "sliplawnum": null,
   "sliplawpubpriv": null,
   "sponsor": {
    "bioguideid": "G000552",
    "birthday": "1953-08-18",
    "cspanid": 1011394,
    "firstname": "Louie",
    "gender": "male",
    "gender_label": "Male",
    "id": 400651,
    "lastname": "Gohmert",
    "link": "http://www.govtrack.us/congress/members/louie_gohmert/400651",
    "middlename": "B.",
    "name": "Rep. Louie Gohmert [R-TX1]",
    "namemod": "Jr.",
    "nickname": "",
    "osid": "N00026148",
    "pvsid": "50029",
    "sortname": "Gohmert, Louie (Rep.) [R-TX1]",
    "twitterid": "replouiegohmert",
    "youtubeid": "GohmertTX01"
   },
   "sponsor_role": {
    "congress_numbers": [
     112
    ],
    "current": false,
    "description": "Representative for Texas's 1st congressional district",
    "district": 1,
    "enddate": "2013-01-03",
    "id": 5197,
    "party": "Republican",
    "person": 400651,
    "role_type": "representative",
    "role_type_label": "Representative",
    "senator_class": null,
    "startdate": "2011-01-05",
    "state": "TX",
    "title": "Rep.",
    "title_long": "Representative",
    "website": "http://gohmert.house.gov"
   },
   "thomas_link": "http://thomas.loc.gov/cgi-bin/bdquery/z?d112:hr4322:",
   "title": "H.R. 4322 (112th): Fracturing Regulations are Effective in State Hands Act",
   "title_without_number": "Fracturing Regulations are Effective in State Hands Act",
   "titles": [
    [
     "short",
     "introduced",
     "Fracturing Regulations are Effective in State Hands Act"
    ],
    [
     "official",
     "introduced",
     "To clarify that a State has the sole authority to regulate hydraulic fracturing on Federal land within the boundaries of the State."
    ]
   ]
  }
 ]
}