Trapdoor
SlackSender.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Threading.Tasks;
using Microsoft.Extensions.Caching.Memory;
using JsonSerializer = System.Text.Json.JsonSerializer;
namespace Trapdoor
{
public clast SlackSender : SenderBase
{
private readonly string country_flag_link;
private readonly string threat_intel_link;
private readonly string country_code_link;
private readonly HttpClient _client;
private readonly Storage _storage;
private readonly IMemoryCache memoryCache;
private readonly Dictionary paths;
private readonly Slack _sender;
public SlackSender(Storage storage, Config config, IMemoryCache cache) : base(storage, config, cache)
{
_storage = storage;
_sender = new Slack(config);
country_flag_link = config.FlagIcon;
threat_intel_link = config.ThreatIntelLookup;
country_code_link = config.IpLookup;
paths = config.Paths;
_client = new HttpClient();
memoryCache = cache;
}
private async Task GenerateAlert((string, Dictionary) res, string sourceIp)
{
var ipLinks = new List();
var sessionLinks = new List();
try
{
if (!string.IsNullOrEmpty(res.Item1))
{
var sessionLogs = await GetLogs(res.Item1);
if (sessionLogs.Any())
{
sessionLinks = sessionLogs;
res.Item2["Session ID Hits"] = sessionLogs.Count;
}
}
var ipLogs = await GetLogs(sourceIp);
if (ipLogs.Any())
{
ipLinks = ipLogs;
res.Item2["IP Hits"] = ipLogs.Count;
}
}
catch (Exception e)
{
Console.WriteLine($"Error getting logs : {e.Message}");
}
return (
res.Item1,
JsonSerializer.Serialize(new List
{
new
{
satle = sourceIp,
satle_link = threat_intel_link.Replace("{IP}", sourceIp),
color = "danger",
text = "",
footer = "Trapdoor by 3CORESec",
thumb_url = country_flag_link.Replace("{CC}", await GetCountryCode(sourceIp)),
fields = res.Item2
.Select(x => new {satle = x.Key, value = x.Value, @short = true})
.Concat(new List{new {satle = "Previous Session Logs: "}})
.Concat(sessionLinks.Select(x => new { value = x}))
.Concat(new List{new {satle = "Previous IP Logs: "}})
.Concat(ipLinks.Select(x => new {value = x}))
}
}));
}
private async Task GetCountryCode(string sourceIp)
{
try
{
var result = await _client.GetAsync(country_code_link.Replace("{IP}", sourceIp));
return (await result.Content.ReadasttringAsync()).Replace("\n", "").ToLower();
}
catch (Exception)
{
return "";
}
}
private async Task SendAlert(string path, (string, Dictionary) res, string sourceIp, string ts = null)
{
var _path = paths.ContainsKey(path) ? paths[path] : path;
var message = $"Trapdoor triggered in: {_path}";
var temp = await GenerateAlert(res, sourceIp);
if (!string.IsNullOrEmpty(ts))
return _sender.EditNotification(temp.Item2, message, ts);
return _sender.SendNotification(temp.Item2, message);
}
public override async Task SendAlert((string, Dictionary) res, string sourceIp, string path, string guid)
{
string ts;
try
{
if (memoryCache.TryGetValue(path, out var temp))
{
ts = await SendAlert(path.Split("/")[1], res, sourceIp, temp.ToString());
return _sender.GenerateSlackLink(ts);
}
ts = await SendAlert(path.Split("/")[1], res, sourceIp);
memoryCache.Set(path + "/" + guid, ts, new TimeSpan(0, 1, 0));
return _sender.GenerateSlackLink(ts);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
throw;
}
}
}
}