-
Notifications
You must be signed in to change notification settings - Fork 0
/
update_fingerprint.rb
45 lines (37 loc) · 1.26 KB
/
update_fingerprint.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/env ruby
# frozen_string_literal: true
require 'rubygems'
require 'bundler/setup'
require 'elasticsearch'
require_relative './src/fingerprint'
require_relative './localconfig'
client = Elasticsearch::Client.new log: false, user: @config[:elastic_username], password: @config[:elastic_password]
Fingerprint.check_new_file
fp_db = Fingerprint.get_fp_db
fp_db.each do |fp, fp_data|
puts "Update all fingerprints #{fp}"
%i[os os_version detail].each do |field|
puts " Updating Field #{field}"
loop do
data = client.search index: 'tlshandshakes', body: {
size: 150,
query: { bool: {
filter: [
{ match_phrase: { "tls.tlsclienthello.fingerprinting.v2.keyword": fp } }
],
must_not: {
match_phrase: { "tls.tlsclienthello.fingerprinting.osdetails.#{field}.keyword": fp_data[field] }
}
} }
}
length = data['hits']['hits'].length
break if length.zero?
puts " #{length}"
data['hits']['hits'].each do |hit|
body = hit['_source']
body['tls']['tlsclienthello']['fingerprinting']['osdetails'] = Fingerprint.to_h fp
client.index index: hit['_index'], type: hit['_type'], id: hit['_id'], body: body
end
end
end
end