pyxarf - easy x-arf report generation
Project description
pyxarf - easy x-arf report generation
Introduction
pyxarf is a Python library for handling X-ARF Network Abuse Reporting.
- pyxarf: A module for creating, validating and serializing X-ARF objects.
- xarfmail: A module for sending X-ARF reports by E-Mail, with automatic Abuse Contact lookup provided by the free querycontacts library.
- xarfutil: A command line client for reporting in X-ARF directly from the Shell.
For more information on the reporting format X-ARF, check out it's offical website.
Getting Started
Installation
pip install pyxarf
Calling the Script
Report-Generation
In this first example, all required parameters for generating a X-ARF report are
specified directly at command line. Using the --output-yaml
parameter, the
validated report data is printed to stdout
in YAML format.
$ xarfutil.py --evidence 'sample evidence data' --greeting 'greeting text here' \
--schema-url 'http://xarf.org/schema/abuse_login-attack_0.1.2.json' \
--schema-cache '/tmp/' --reported-from 'xarf-reports@example.com' \
--category 'abuse' --report-type 'login-attack' --report-id '1234567' \
--date 'Feb 3 2014 02:13:35 +0100' --source '83.169.54.26' \
--source-type 'ip-address' --attachment 'text/plain' --service 'ssh' \
--port 22 --output-yaml
evidence: sample evidence data
machine_readable:
Attachment: text/plain
Category: abuse
Date: Feb 3 2014 02:13:35 +0100
Port: 22
Report-ID: '1234567'
Report-Type: login-attack
Reported-From: xarf-reports@example.com
Schema-URL: http://xarf.org/schema/abuse_login-attack_0.1.2.json
Service: ssh
Source: 83.169.54.26
Source-Type: ip-address
User-Agent: pyxarf 0.0.1
Sending Reports
You can send reports using the script by adding specific parameters.
$ xarfutil.py --evidence 'sample evidence data' \
--greeting 'greeting text here' \
--schema-url 'http://xarf.org/schema/abuse_login-attack_0.1.2.json' \
--schema-cache '/tmp/' --reported-from 'xarf@example.org' \
--category 'abuse' --report-type 'login-attack' --report-id '1234567' \
--date 'Feb 3 2014 02:13:35 +0100' --source '83.169.54.26' \
--source-type 'ip-address' --attachment 'text/plain' --service 'ssh' \
--port 22 --mail-server-host mx.example.org --mail-server-port 25 \
--mail-from 'xarf@example.org' --mail-subject 'x-arf sample report' \
--mail-to 'abuse@example.com' --send-email
Report sent.
You can also lookup the abuse contact for a given IP by adding the parameter --lookup-contact
.
Using the API
from __future__ import print_function
from pyxarf import Xarf
xarf = Xarf(
evidence='sample evidence data',
greeting='greeting text here',
schema_url='http://www.xarf.org/schema/abuse_login-attack_0.1.2.json',
schema_cache='/tmp/',
reported_from='xarf-reports@example.com',
category='abuse',
report_type='login-attack',
report_id='1234567',
date='Feb 3 2014 02:13:35 +0100',
source='83.169.54.26',
source_type='ip-address',
attachment='text/plain',
service='ssh',
port=22,
)
print(xarf.to_json()) # return json
print()
print(xarf.to_yaml()) # return yaml
print()
print(xarf.get_report_obj()) # return python object (dict)
Output:
$ python sample.py
{"machine_readable": {"Reported-From": "xarf-reports@example.com", "Report-ID": "1234567", "Category": "abuse", "Report-Type": "login-attack", "Service": "ssh", "Port": 22, "Date": "Feb 3 2014 02:13:35 +0100", "Source": "83.169.54.26", "Source-Type": "ip-address", "Attachment": "text/plain", "Schema-URL": "http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json", "User-Agent": "pyxarf 0.0.5"}, "evidence": "sample evidence data"}
evidence: sample evidence data
machine_readable:
Attachment: text/plain
Category: abuse
Date: Feb 3 2014 02:13:35 +0100
Port: 22
Report-ID: '1234567'
Report-Type: login-attack
Reported-From: xarf-reports@example.com
Schema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json
Service: ssh
Source: 83.169.54.26
Source-Type: ip-address
User-Agent: pyxarf 0.0.5
{'machine_readable': {'Reported-From': 'xarf-reports@example.com', 'Report-ID': '1234567', 'Category': 'abuse', 'Report-Type': 'login-attack', 'Service': 'ssh', 'Port': 22, 'Date': 'Feb 3 2014 02:13:35 +0100', 'Source': '83.169.54.26', 'Source-Type': 'ip-address', 'Attachment': 'text/plain', 'Schema-URL': 'http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json', 'User-Agent': 'pyxarf 0.0.5'}, 'evidence': 'sample evidence data'}
Detecting Errors
The following example contains a error on line 17, as the specified JSON schema
definies port
to be a integer.
from __future__ import print_function
from pyxarf import Xarf
xarf = Xarf(
evidence='sample evidence data',
greeting='greeting text here',
schema_url='http://www.xarf.org/schema/abuse_login-attack_0.1.2.json',
schema_cache='/tmp/',
reported_from='xarf-reports@example.com',
category='abuse',
report_type='login-attack',
report_id='1234567',
date='Feb 3 2014 02:13:35 +0100',
source='83.169.54.26',
source_type='ip-address',
attachment='text/plain',
service='ssh',
port='22',
)
print(xarf.to_json())
Output:
$ python sample.py
Traceback (most recent call last):
File "sample.py", line 22, in <module>
print(xarf.to_json())
File "/home/user/dev/python-xarf/pyxarf/xarf.py", line 362, in to_json
return json_dumps(self.get_report_obj(part))
File "/home/user/dev/python-xarf/pyxarf/xarf.py", line 395, in get_report_obj
'machine_readable': self._get_validated_machine_readable(),
File "/home/user/dev/python-xarf/pyxarf/xarf.py", line 338, in _get_validated_machine_readable
self.machine_readable
File "/home/user/dev/python-xarf/pyxarf/xarf.py", line 290, in _validate_schema
', '.join(errors)
pyxarf.exceptions.ValidationError: Port '22' is not of type 'integer'
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pyxarf-0.1.0.dev0.tar.gz
.
File metadata
- Download URL: pyxarf-0.1.0.dev0.tar.gz
- Upload date:
- Size: 14.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.33.0 CPython/3.6.8
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
82dabbd3a78eafb5a696bf2734feac183fe04786e8c51daac9d4bb77117f2d12
|
|
MD5 |
bf4684f5c3ae268371e7cd6142b00bb4
|
|
BLAKE2b-256 |
58a2f4c93bea4e724ff32e547955d4985fbec2d9f7eff49896162b5cf6f321fd
|
File details
Details for the file pyxarf-0.1.0.dev0-py2.py3-none-any.whl
.
File metadata
- Download URL: pyxarf-0.1.0.dev0-py2.py3-none-any.whl
- Upload date:
- Size: 13.5 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.33.0 CPython/3.6.8
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
cdd0ea69e9eb965c1555197a63050cce6f8b4c5a1cf66249138178f1c4fede82
|
|
MD5 |
8c61f901d0d80eca1ee47e187ecce395
|
|
BLAKE2b-256 |
d1e77df768be743b8e408a3b7cbb74f75cc3c1ee409def17376184e3d2e16edd
|