Talk on application security presented at the NY Perl Mongers:
Perl Gems
Tuesday, February 14, 2017
Tuesday, April 22, 2014
Using File::Copy to Deploy Files to a Windows UNC Path
Below is script that illustrates the use of File::Copy to
copy files to a UNC path on a Windows network.
The example code downloads a copy of the hosts file made available by
the Malware Domain List and copies it to the appropriate directory on a Windows
machine in order to prevent the machine from being able to successfully resolve
those malicious sites.
#!usr/bin/perl
use LWP;
use File::Copy;
use strict;
use warnings;
#URL of hosts file
my $URI = 'http://www.malwaredomainlist.com/hostslist/hosts.txt';
#downloads host file
my $ua = LWP::UserAgent->new();
my $request = HTTP::Request->new(GET => $URI);
my $response = $ua->request($request);
my $content = $response->content();
#print $content;
#writes downloaded hosts file to file
open(my $hosts2, ">", "hosts2.txt");
print $hosts2 "$content";
close $hosts2;
#opens file that stores list of PC names
open(my $computers, "<", "computers.txt")
or die "cannot open < computers.txt: $!";
#copies file to proper location on each computer
while(<$computers>){
my $computer=$_;
print $computer;
my $path1='hosts2.txt';
my $path2="\\\\$computer\\C\$\\WINDOWS\\system32\\drivers\\etc\\hosts";
copy("$path1","$path2") or die "Copy failed: $!";
}
close $computers;
use LWP;
use File::Copy;
use strict;
use warnings;
#URL of hosts file
my $URI = 'http://www.malwaredomainlist.com/hostslist/hosts.txt';
#downloads host file
my $ua = LWP::UserAgent->new();
my $request = HTTP::Request->new(GET => $URI);
my $response = $ua->request($request);
my $content = $response->content();
#print $content;
#writes downloaded hosts file to file
open(my $hosts2, ">", "hosts2.txt");
print $hosts2 "$content";
close $hosts2;
#opens file that stores list of PC names
open(my $computers, "<", "computers.txt")
or die "cannot open < computers.txt: $!";
#copies file to proper location on each computer
while(<$computers>){
my $computer=$_;
print $computer;
my $path1='hosts2.txt';
my $path2="\\\\$computer\\C\$\\WINDOWS\\system32\\drivers\\etc\\hosts";
copy("$path1","$path2") or die "Copy failed: $!";
}
close $computers;
Sunday, January 26, 2014
Did I Visit a Malicious Site?
A Perl script that will download the Malware Domain List
hosts file and compare the domains listed in the file to domains present in the
Chrome History database (an SQLite DB). It
will print out a list of any domains in the History DB that are listed on
the Malware Domain list. Note: the
script assumes that a copy of the History DB is in the same directory as the
script.
#!usr/bin/perl
use
DBI;
use
List::MoreUtils qw(uniq);
use
List::Compare;
use
LWP::Simple;
use
strict;
use
warnings;
my
@MalDomains;
my
@VisitedDomains;
#obtains
a list of malicious domains from a the malware domain list hosts file
my
$MalHosts = get 'http://www.malwaredomainlist.com/hostslist/hosts.txt';
open(
my $hosts, '<', \$MalHosts );
while(<$hosts>){
my $host=$_;
#remove loopback from each entry
if($host=~s/127\.0\.0\.1 //){
#remove newline
$host =~ s/\r?\n$//;
push(@MalDomains, $host);
};
}
close
$hosts;
#opens
the History database and pulls out all visited domains
my
$dbh =
DBI->connect("dbi:SQLite:dbname=History","","");
my
$sth=$dbh->selectall_arrayref( "SELECT url FROM urls" );
foreach
my $data (@$sth) {
(my $url)=@$data;
#obtain domain from visited URL
my $url2 =
URI->new("$url");
my $domain = $url2->host;
push(@VisitedDomains, $domain);
}
#remove
duplicate domains to speed processing
my
@UVDomains = uniq(@VisitedDomains);
#finds
the intersection of each array
my
$lc = List::Compare->new(\@MalDomains, \@UVDomains);
my
@intersection = $lc->get_intersection;
print
"You browsed the following malicious domains: \n";
foreach(@intersection){
print $_ . "\n";
}
Friday, January 24, 2014
Calling PowerShell from Within Perl
Recently, I’ve been doing a bit of scripting for use inside
a Windows environment and as such became somewhat interested in some of the
functionality that is offered up by PowerShell.
As a result I began experimenting with calling PowerShell commands from
within a Perl script. Below is a simple
example, that when run with appropriate privileges can take a list of PC names
and clear the security log on each PC.
use strict;
use warnings;
open(my $hosts, "<", "hosts.txt")
or die "cannot open < hosts.txt: $!";
while(<$hosts>){
my $host=$_;
system("powershell -Command \"& {Clear-EventLog -Logname Security -ComputerName $host;}\"");
}
close $hosts;
use warnings;
open(my $hosts, "<", "hosts.txt")
or die "cannot open < hosts.txt: $!";
while(<$hosts>){
my $host=$_;
system("powershell -Command \"& {Clear-EventLog -Logname Security -ComputerName $host;}\"");
}
close $hosts;
Thursday, May 23, 2013
NY Perl Mongers Talk Slides
Information Retrieval and Extraction from cfrenz
Slides from a talk I recently gave at a NY Perl Mongers Meetup
Slides from a talk I recently gave at a NY Perl Mongers Meetup
Tuesday, April 30, 2013
Perl and Open Government
For any interested in initiatives to make government data
more accessible, I ran across an interesting API put out by Civic Impulse –
the GovTrack API (http://www.govtrack.us/developers/api). The API allows queries to be made regarding many
of the bills being debated about in the US congress as well as the ability to
programmatically look up information pertaining to members of Congress. The available documentation for the API is
located at the link already provided, but a small Perl script below will
demonstrate the basics of accessing the API in Perl.
This script will query the API for bills regarding “fracking”
in the “112” session of congress and will simply print out the retrieved
results.
#!usr/bin/perl
use LWP;
use strict;
use warnings;
#sets query and congress session
my $query='fracking';
my $congress=112;
my $ua = LWP::UserAgent->new;
my $url="http://www.govtrack.us/api/v2/bill?q=$query&congress=$congress";
my $response=$ua->get($url);
my $result=$response->content;
print $result;
use LWP;
use strict;
use warnings;
#sets query and congress session
my $query='fracking';
my $congress=112;
my $ua = LWP::UserAgent->new;
my $url="http://www.govtrack.us/api/v2/bill?q=$query&congress=$congress";
my $response=$ua->get($url);
my $result=$response->content;
print $result;
The
results are returned in the JSON format be default, but the API does allow for
parameters to be specified for XML or CSV based results as alternatives. For the code above the returned JSON would
look as follows:
{
"meta": {
"limit": 100,
"offset": 0,
"total_count": 2
},
"objects": [
{
"bill_resolution_type": "bill",
"bill_type": "senate_bill",
"bill_type_label": "S.",
"congress": 112,
"current_status": "referred",
"current_status_date": "2012-03-28",
"current_status_description": "This bill was introduced on March 28, 2012, in a previous session of Congress, but was not enacted.",
"current_status_label": "Referred to Committee",
"display_number": "S. 2248",
"docs_house_gov_postdate": null,
"id": 251518,
"introduced_date": "2012-03-28",
"is_alive": false,
"is_current": false,
"link": "http://www.govtrack.us/congress/bills/112/s2248",
"major_actions": [
[
"datetime.datetime(2012, 3, 28, 0, 0)",
1,
"Sponsor introductory remarks on measure. (CR S2166-2167)"
],
[
"datetime.datetime(2012, 3, 28, 0, 0)",
2,
"Read twice and referred to the Committee on Energy and Natural Resources."
]
],
"noun": "bill",
"number": 2248,
"senate_floor_schedule_postdate": null,
"sliplawnum": null,
"sliplawpubpriv": null,
"sponsor": {
"bioguideid": "I000024",
"birthday": "1934-11-17",
"cspanid": 5619,
"firstname": "James",
"gender": "male",
"gender_label": "Male",
"id": 300055,
"lastname": "Inhofe",
"link": "http://www.govtrack.us/congress/members/james_inhofe/300055",
"middlename": "M.",
"name": "Sen. James “Jim†Inhofe [R-OK]",
"namemod": "",
"nickname": "Jim",
"osid": "N00005582",
"pvsid": "27027",
"sortname": "Inhofe, James “Jim†(Sen.) [R-OK]",
"twitterid": "InhofePress",
"youtubeid": "jiminhofepressoffice"
},
"sponsor_role": {
"congress_numbers": [
111,
112,
113
],
"current": true,
"description": "Senator from Oklahoma",
"district": null,
"enddate": "2015-01-03",
"id": 4082,
"party": "Republican",
"person": 300055,
"role_type": "senator",
"role_type_label": "Senator",
"senator_class": "class2",
"senator_class_label": "Class 2",
"startdate": "2009-01-06",
"state": "OK",
"title": "Sen.",
"title_long": "Senator",
"website": "http://www.inhofe.senate.gov"
},
"thomas_link": "http://thomas.loc.gov/cgi-bin/bdquery/z?d112:s2248:",
"title": "S. 2248 (112th): Fracturing Regulations are Effective in State Hands Act",
"title_without_number": "Fracturing Regulations are Effective in State Hands Act",
"titles": [
[
"short",
"introduced",
"Fracturing Regulations are Effective in State Hands Act"
],
[
"official",
"introduced",
"A bill to clarify that a State has the sole authority to regulate hydraulic fracturing on Federal land within the boundaries of the State."
]
]
},
{
"bill_resolution_type": "bill",
"bill_type": "house_bill",
"bill_type_label": "H.R.",
"congress": 112,
"current_status": "referred",
"current_status_date": "2012-03-29",
"current_status_description": "This bill was introduced on March 29, 2012, in a previous session of Congress, but was not enacted.",
"current_status_label": "Referred to Committee",
"display_number": "H.R. 4322",
"docs_house_gov_postdate": null,
"id": 251585,
"introduced_date": "2012-03-29",
"is_alive": false,
"is_current": false,
"link": "http://www.govtrack.us/congress/bills/112/hr4322",
"major_actions": [
[
"datetime.datetime(2012, 3, 29, 0, 0)",
2,
"Referred to the Committee on Natural Resources, and in addition to the Committees on Agriculture, Transportation and Infrastructure, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned."
]
],
"noun": "bill",
"number": 4322,
"senate_floor_schedule_postdate": null,
"sliplawnum": null,
"sliplawpubpriv": null,
"sponsor": {
"bioguideid": "G000552",
"birthday": "1953-08-18",
"cspanid": 1011394,
"firstname": "Louie",
"gender": "male",
"gender_label": "Male",
"id": 400651,
"lastname": "Gohmert",
"link": "http://www.govtrack.us/congress/members/louie_gohmert/400651",
"middlename": "B.",
"name": "Rep. Louie Gohmert [R-TX1]",
"namemod": "Jr.",
"nickname": "",
"osid": "N00026148",
"pvsid": "50029",
"sortname": "Gohmert, Louie (Rep.) [R-TX1]",
"twitterid": "replouiegohmert",
"youtubeid": "GohmertTX01"
},
"sponsor_role": {
"congress_numbers": [
112
],
"current": false,
"description": "Representative for Texas's 1st congressional district",
"district": 1,
"enddate": "2013-01-03",
"id": 5197,
"party": "Republican",
"person": 400651,
"role_type": "representative",
"role_type_label": "Representative",
"senator_class": null,
"startdate": "2011-01-05",
"state": "TX",
"title": "Rep.",
"title_long": "Representative",
"website": "http://gohmert.house.gov"
},
"thomas_link": "http://thomas.loc.gov/cgi-bin/bdquery/z?d112:hr4322:",
"title": "H.R. 4322 (112th): Fracturing Regulations are Effective in State Hands Act",
"title_without_number": "Fracturing Regulations are Effective in State Hands Act",
"titles": [
[
"short",
"introduced",
"Fracturing Regulations are Effective in State Hands Act"
],
[
"official",
"introduced",
"To clarify that a State has the sole authority to regulate hydraulic fracturing on Federal land within the boundaries of the State."
]
]
}
]
}
"meta": {
"limit": 100,
"offset": 0,
"total_count": 2
},
"objects": [
{
"bill_resolution_type": "bill",
"bill_type": "senate_bill",
"bill_type_label": "S.",
"congress": 112,
"current_status": "referred",
"current_status_date": "2012-03-28",
"current_status_description": "This bill was introduced on March 28, 2012, in a previous session of Congress, but was not enacted.",
"current_status_label": "Referred to Committee",
"display_number": "S. 2248",
"docs_house_gov_postdate": null,
"id": 251518,
"introduced_date": "2012-03-28",
"is_alive": false,
"is_current": false,
"link": "http://www.govtrack.us/congress/bills/112/s2248",
"major_actions": [
[
"datetime.datetime(2012, 3, 28, 0, 0)",
1,
"Sponsor introductory remarks on measure. (CR S2166-2167)"
],
[
"datetime.datetime(2012, 3, 28, 0, 0)",
2,
"Read twice and referred to the Committee on Energy and Natural Resources."
]
],
"noun": "bill",
"number": 2248,
"senate_floor_schedule_postdate": null,
"sliplawnum": null,
"sliplawpubpriv": null,
"sponsor": {
"bioguideid": "I000024",
"birthday": "1934-11-17",
"cspanid": 5619,
"firstname": "James",
"gender": "male",
"gender_label": "Male",
"id": 300055,
"lastname": "Inhofe",
"link": "http://www.govtrack.us/congress/members/james_inhofe/300055",
"middlename": "M.",
"name": "Sen. James “Jim†Inhofe [R-OK]",
"namemod": "",
"nickname": "Jim",
"osid": "N00005582",
"pvsid": "27027",
"sortname": "Inhofe, James “Jim†(Sen.) [R-OK]",
"twitterid": "InhofePress",
"youtubeid": "jiminhofepressoffice"
},
"sponsor_role": {
"congress_numbers": [
111,
112,
113
],
"current": true,
"description": "Senator from Oklahoma",
"district": null,
"enddate": "2015-01-03",
"id": 4082,
"party": "Republican",
"person": 300055,
"role_type": "senator",
"role_type_label": "Senator",
"senator_class": "class2",
"senator_class_label": "Class 2",
"startdate": "2009-01-06",
"state": "OK",
"title": "Sen.",
"title_long": "Senator",
"website": "http://www.inhofe.senate.gov"
},
"thomas_link": "http://thomas.loc.gov/cgi-bin/bdquery/z?d112:s2248:",
"title": "S. 2248 (112th): Fracturing Regulations are Effective in State Hands Act",
"title_without_number": "Fracturing Regulations are Effective in State Hands Act",
"titles": [
[
"short",
"introduced",
"Fracturing Regulations are Effective in State Hands Act"
],
[
"official",
"introduced",
"A bill to clarify that a State has the sole authority to regulate hydraulic fracturing on Federal land within the boundaries of the State."
]
]
},
{
"bill_resolution_type": "bill",
"bill_type": "house_bill",
"bill_type_label": "H.R.",
"congress": 112,
"current_status": "referred",
"current_status_date": "2012-03-29",
"current_status_description": "This bill was introduced on March 29, 2012, in a previous session of Congress, but was not enacted.",
"current_status_label": "Referred to Committee",
"display_number": "H.R. 4322",
"docs_house_gov_postdate": null,
"id": 251585,
"introduced_date": "2012-03-29",
"is_alive": false,
"is_current": false,
"link": "http://www.govtrack.us/congress/bills/112/hr4322",
"major_actions": [
[
"datetime.datetime(2012, 3, 29, 0, 0)",
2,
"Referred to the Committee on Natural Resources, and in addition to the Committees on Agriculture, Transportation and Infrastructure, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned."
]
],
"noun": "bill",
"number": 4322,
"senate_floor_schedule_postdate": null,
"sliplawnum": null,
"sliplawpubpriv": null,
"sponsor": {
"bioguideid": "G000552",
"birthday": "1953-08-18",
"cspanid": 1011394,
"firstname": "Louie",
"gender": "male",
"gender_label": "Male",
"id": 400651,
"lastname": "Gohmert",
"link": "http://www.govtrack.us/congress/members/louie_gohmert/400651",
"middlename": "B.",
"name": "Rep. Louie Gohmert [R-TX1]",
"namemod": "Jr.",
"nickname": "",
"osid": "N00026148",
"pvsid": "50029",
"sortname": "Gohmert, Louie (Rep.) [R-TX1]",
"twitterid": "replouiegohmert",
"youtubeid": "GohmertTX01"
},
"sponsor_role": {
"congress_numbers": [
112
],
"current": false,
"description": "Representative for Texas's 1st congressional district",
"district": 1,
"enddate": "2013-01-03",
"id": 5197,
"party": "Republican",
"person": 400651,
"role_type": "representative",
"role_type_label": "Representative",
"senator_class": null,
"startdate": "2011-01-05",
"state": "TX",
"title": "Rep.",
"title_long": "Representative",
"website": "http://gohmert.house.gov"
},
"thomas_link": "http://thomas.loc.gov/cgi-bin/bdquery/z?d112:hr4322:",
"title": "H.R. 4322 (112th): Fracturing Regulations are Effective in State Hands Act",
"title_without_number": "Fracturing Regulations are Effective in State Hands Act",
"titles": [
[
"short",
"introduced",
"Fracturing Regulations are Effective in State Hands Act"
],
[
"official",
"introduced",
"To clarify that a State has the sole authority to regulate hydraulic fracturing on Federal land within the boundaries of the State."
]
]
}
]
}
Subscribe to:
Posts (Atom)