CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #22 from YamatoSecurity/feature/omikuji

Browse Source 
おみくじ
This commit is contained in:
nishikawaakira
2020-10-27 04:19:34 +09:00
committed by GitHub
parent 3ee1d69b04 f874295a7a
commit 0a222e0efa
9 changed files with 266 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
art/omikuji/CHUKICHI.txt Normal file
View File

@@ -0,0 +1,38 @@
.gggggggggggggggggggggggggggggggggggggp
,#pbppppppbppppppbbbbpppppppbppbpppbpW#
.#pppppppppppppppppppppppppppppppppppW#
` ` ` ` ` ` ` ` ` ,#ppb` .... (bppW# ` ` ` ` ` ` ` `
,#ppb. 7WpbW, (ppbW#
.#ppp_ ,bbbW+wkkaJ. (pppW#
.#ppb_ .Xbn,...+XppppbbWY"pppn. (pppW# `
` .#ppp_ TbbpppbbbpbpW=` .ppbbR (bppW# `
` ` ` ` ` ` ` ` ,#ppp_ bpp=TTY4ppbW .XbpbbP (ppbW# ` ` ` ` ` `
,#ppb_ bpb} ,bppp .XppbW= (pppW# `
.#ppp_ bbp[ ,bbpbbbppbpp+ (pppW# `
` ` .#bbb_ 4pbbbbpbppbpbpbppbpbb (bbpW# ` `
.#ppp_ 7Wpppbppbpp>` _7"' (pppW#
.#bpb_ ,ppbp_ (bppW#
.#ppp_ ,ppbb: (bppW#
.#ppp` 7UY= (bppW#
.#ppb ... (ppbW#
.#ppp .Wbbpo (bppW#
.#pbp. ...bpbpbbbbbbka, (bppW#
.#ppb. dWbbbbbpppppbpbWUUUpbb] (ppbW#
.#ppb. ?TYYY""7pbpp_ ... (pppW#
.#ppp` ......(ubpppppbpppWa. (pppW#
.#ppb_ ?WbbpppbpbWUY""""TUY' (bppW#
.#ppp_ gbW= ..JdpppWa, (bbpW#
.#ppp_ JbpndppppKY!_4pph. (pppW#
.#ppb_ .bbp?TY"^ .pppp' (ppbW#
.#ppb_ Wpp; .....WpppY` (pppW#
.#ppp_ ,Wppppbbbpbpbbpb[ (ppbW#
.#ppb_ ?77!` _?` (pppW#
.#ppp-...........................JpbpW#
.#pppppppppppppbbbpbbppppppppppppppppW#
.NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN#

37
art/omikuji/DAIKICHI.txt Normal file
View File

@@ -0,0 +1,37 @@
.gggggggggggggggggggggggggggggggggggggp
,#pbppppppbppppppbbbbpppppppbppbpppbpW#
.#pppppppppppppppppppppppppppppppppppW#
` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` `
,#ppb. .&aJ, (ppbW#
.#ppp_ .4bppL (pppW#
.#ppb_ ,bppWdXkkAJ. (bppW# `
` .#ppp_ ` ..Jdbppbpbbbpbppbn (ppbW# `
` ` ` ` ` ` ` ` ,#ppp_ jbpppbbppbppppppWWbppb! (pppW# ` ` ` ` ` `
,#ppb_ (Wpppppbppbpbk. _! (bppW# `
.#ppp_ ?77Xbppbppbbn. (ppbW# `
` ` .#bbb_ JbpbpP7pppbbo. (pppW# ` `
.#ppp_ .XbppbK` (Wbppppa. (bbpW#
.#bpb_ .JbbppbK` 4pppbbbn (bppW#
.#ppp_ .Wbbbpbpf` ?Wpppppb (bppW#
.#ppp` ?WpbpW= Tpbpp% (ppbW#
.#ppb ?` ~ (pppW#
.#ppp .JJ., (pbpW#
.#pbp. .4pbbh...... (bppW#
.#ppb. ......JdXppbbbbbpbppWa. (pppW#
.#ppb. 4bpppbbbpbppWY""777TUY! (bppW#
.#ppp` _??!` ,pbpW..(J... (ppbW#
.#ppb_ J+J&dWpppbppbbpbppbh (bppW#
.#ppp_ (4WppbpUY""71--. ??! (bppW#
.#ppp_ .pbY .(dppbpppW+ (bppW#
.#ppb_ .bppbpppWY=` XpbW. (ppbW#
.#ppp_ ,ppR ~! .XppbY (pppW#
.#pbp_ .Wppo..JdkWbpppp+ (bppW#
.#ppp_ .4pppbWUUYYYTWpp} (pbpW#
.#ppb-...........................JpppW#
.#ppppppppppppppbbbbbppppppppppppppbpW#
.NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN#

38
art/omikuji/KICHI.txt Normal file
View File

@@ -0,0 +1,38 @@
.gggggggggggggggggggggggggggggggggggggp
,#pbppppppbppppppbbbbpppppppbppbpppbpW#
.#pppppppppppppppppppppppppppppppppppW#
` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` `
,#ppb. (ppbW#
.#ppp_ (pppW#
.#ppb_ (bppW# `
` .#ppp_ (ppbW# `
` ` ` ` ` ` ` ` ,#ppp_ ` ` ` ` ` ` ` (bppW# ` ` ` ` ` `
,#ppb_ (bppW# `
.#ppp_ ... (ppbW# `
` ` .#bpp_ ?bbbW, ` (bppW# ` `
.#ppb_ ` ...dppppbbbkkkk+, (pppW#
.#bpp_ .bbbbbbbbpppppbWUUUWbpW` (bppW#
.#ppb_ 7TTT""74pbbP .... (bppW#
.#pbp` .....(+XbppbbbbbbbW, (bppW#
.#ppb 4ppbpbppbWUY"""""TY= (ppbW#
.#ppb .Wpf' ..dppppk-. (bppW#
.#ppb. .ppWgWppppY=`(ppbl (pppW#
.#ppb. JppP7""7` .Jpppf (bppW#
.#ppb. ,bpW. ....(JbpbW^ (ppbW#
.#ppp` 7ppppppbbpbbpppW. (pppW#
.#ppb_ ??!` _! (bppW#
.#ppp_ (bbpW#
.#ppp_ (pppW#
.#ppb_ (ppbW#
.#ppp_ (pppW#
.#pbp_ (ppbW#
.#ppp_ (pppW#
.#ppb-...........................JpbpW#
.#pppppppppppppppbbbpbpppppppppppppppW#
.NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN#

39
art/omikuji/KYOU.txt Normal file
View File

@@ -0,0 +1,39 @@
.gggggggggggggggggggggggggggggggggggggp
,#pbppppppbppppppbbbbpppppppbppbpppbpW#
.#pppppppppppppppppppppppppppppppppppW#
` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` `
,#ppb. (ppbW#
.#ppp_ (pppW#
.#ppb_ (bppW# `
` .#ppp_ (ppbW# `
` ` ` ` ` ` ` ` ,#ppp_ ` ` ` ` ` ` ` (bppW# ` ` ` ` ` `
,#ppb_ (bppW# `
.#ppp_ (bn,.(.. (ppbW# `
` ` .#bpp_ 4kWa. dbpR4bbh (pppW# ` `
.#ppb_ .bbbn... `.dbpp%Jppb_ (bbpW#
.#bpp_ .pppUbbbbn..WpbpP Jbpp_ (bppW#
.#ppb_ .ppb} (4bbbpppp= Jppp_ (pppW#
.#pbp` .ppb) .ppppbp&. Jbpp_ (pbpW#
.#ppb .bpp) .Jppbpbppbp,Jppp~ (bppW#
.#ppb ,ppbndppbpW=,Wpppppbpp~ (pbpW#
.#ppb. ,bppWbppbY` 7WpbWpbp_ (pppW#
.#ppb. ,pbp) ?! ......dpbb: (bppW#
.#ppb. .ppbWAwWbbbppppppppppp! (ppbW#
.#ppp` .TWppWUUYY"""77777Wpf (pppW#
.#ppb_ (bppW#
.#ppp_ (bbpW#
.#ppp_ (pppW#
.#ppb_ (ppbW#
.#ppp_ (pppW#
.#pbp_ (ppbW#
.#ppp_ (pppW#
.#ppb-...........................JpbpW#
.#pppppppppppppppbbbpbpppppppppppppppW#
.NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN#
` `

38
art/omikuji/SHOUKICHI.txt Normal file
View File

@@ -0,0 +1,38 @@
.gggggggggggggggggggggggggggggggggggggp
,#pbppppppbppppppbbbbpppppppbppbpppbpW#
.#pppppppppppppppppppppppppppppppppppW#
` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` `
,#ppb. (AA&, (ppbW#
.#ppp_ ,Wppb[ ... (pppW#
.#ppb_ ... Xppb] 7bbpn (bppW# `
` .#ppp_ ,WpbW. Xbpp] WpbL (ppbW# `
` ` ` ` ` ` ` ` ,#ppp_ .pbb: Xbpp] XppW (pppW# ` ` ` ` ` `
,#ppb_ dppb Xbpb] Xpbb; (pppW# `
.#ppp_ bbpW Xbpb] Xbpp] (ppbW# `
` ` .#bpp_ .bppW Xbpp] Wbppb (bppW# ` `
.#ppb_ .ppbpbn..Xppb] bbpbR (pppW#
.#bpp_ .ppbW?Wpbbppb$ Wppbf (bppW#
.#ppb_ WppK 4ppbppb (bpp\ (bppW#
.#pbp` 7"^ ?ppbp% (ppbW#
.#ppb _?` (pppW#
.#ppb .ea+, (bppW#
.#ppb. 4ppph....... (ppbW#
.#ppb. .....JdXbpppppppppppbn. (pppW#
.#ppb. 4ppppbbpbbbpW""7?!?"T"` (pppW#
.#ppp` ``` ,bpbW(J&&+.. (ppbW#
.#ppb_ gAgwpbbppbpbpppppppW (bppW#
.#ppp_ .7UWpbWY""7i(... !` (bppW#
.#ppp_ .bp=..+ppppVWbba. (ppbW#
.#ppb_ .bppbbppKY^ XbbW. (pppW#
.#ppp_ ,bpR .bppp= (pppW#
.#pbp_ Wbpn.JdXbbbbpbp+ (ppbW#
.#ppp_ TpbbWUYY"""TTWW> (pppW#
.#ppb-...........................JpbpW#
.#ppppppppppppppbbbbbppppppppppppppppW#
.NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN#

38
art/omikuji/SUEKICHI.txt Normal file
View File

@@ -0,0 +1,38 @@
.gggggggggggggggggggggggggggggggggggggp
,#pbppppppbppppppbbbbpppppppbppbpppbpW#
.#pppppppppppppppppppppppppppppppppppW#
` ` ` ` ` ` ` ` ` ,#ppb` (bppW# ` ` ` ` ` ` ` `
,#ppb. .Wbbk. (ppbW#
.#ppp_ 7ppbbneAkAa+.. (pppW#
.#ppb_ .....+dbppppppbbbpbbbbk. (bppW# `
` .#ppp_ 4ppbbbppbbpbpY!``_?7""" (bppW# `
` ` ` ` ` ` ` ` ,#ppp_ ?777!` Xppb[..... (ppbW# ` ` ` ` ` `
,#ppb_ 4W+..Wppppppppbbn (pppW# `
.#ppp_ .WpppppbpbppWWppbWpW\ (pppW# `
` ` .#bbb_ .zppWY"Wbbp[ WppW, (bbpW# ` `
.#ppp_ .bpbP Xppb] ,bpbbl (pppW#
.#bpb_ .ppbb+..Xbppb zbpbb[ (bppW#
.#ppp_ Jbppp\.Tppbppp. .ppppR (bppW#
.#ppp` ?TY' 7Wbbf ,4UY! (bppW#
.#ppb (ppbW#
.#ppp dpka, (bppW#
.#pbp. .bbbba.JJJ(.. (pppW#
.#ppb. ...(+dXpbpppbbbpppppppo (ppbW#
.#ppb. .4pbpbppWbpppY?!` _?"' (bppW#
.#ppp` .pbppkdXWkAJ, (pppW#
.#ppb_ ,bpbbbbppbpbppppbbpb] (bbpW#
.#ppp_ _"4pbWY"?~..+&-, (bppW#
.#ppp_ .Wpf..dpppbUTWpW& (pppW#
.#ppb_ dppWpppUY! .pbbr (ppbW#
.#ppp_ Wpp) .XppbY` (pppW#
.#pbp_ ,bppAdXpbppbpbpk, (ppbW#
.#ppp_ .TWUUY"""7777TU= (pppW#
.#ppb-...........................JpppW#
.#pppppppppppppbbbbbbpppppppppppppbppW#
.NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN#

1
src/lib.rs
View File

@@ -1,3 +1,4 @@
pub mod detections;
pub mod models;
pub mod omikuji;
pub mod toml;

10
src/main.rs
View File

@@ -4,8 +4,9 @@ extern crate serde;
use clap::{App, AppSettings, Arg};
use evtx::EvtxParser;
use quick_xml::de::DeError;
use std::{path::PathBuf, process};
use std::{fs, path::PathBuf, process};
use yamato_event_analyzer::detections::detection;
use yamato_event_analyzer::omikuji::Omikuji;
use yamato_event_analyzer::toml;
fn build_app() -> clap::App<'static, 'static> {
@@ -32,6 +33,7 @@ fn build_app() -> clap::App<'static, 'static> {
.arg(Arg::from_usage("-d --directory 'event log files directory'"))
.arg(Arg::from_usage("-s --statistics 'event statistics'"))
.arg(Arg::from_usage("-u --update 'signature update'"))
.arg(Arg::from_usage("-o --omikuji 'output with omikuji'"))
.arg(Arg::from_usage("--credits 'Zachary Mathis, Akira Nishikawa'"))
}
@@ -59,3 +61,9 @@ fn parse_file(filepath: &str) {
let mut detection = detection::Detection::new();
&detection.start(parser);
}
fn output_with_omikuji(omikuji: Omikuji) {
let fp = &format!("art/omikuji/{}", omikuji);
let content = fs::read_to_string(fp).unwrap();
println!("{}", content);
}

28
src/omikuji.rs Normal file
View File

@@ -0,0 +1,28 @@
use std::fmt;
pub enum Omikuji {
DAIKICHI,
KICHI,
CHUKICHI,
SHOUKICHI,
SUEKICHI,
KYOU,
}
impl fmt::Display for Omikuji {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match *self {
Omikuji::DAIKICHI => write!(f, "DAIKICHI.txt"),
Omikuji::KICHI => write!(f, "KICHI.txt"),
Omikuji::CHUKICHI => write!(f, "CHUKICHI.txt"),
Omikuji::SHOUKICHI => write!(f, "SHOUKICHI.txt"),
Omikuji::SUEKICHI => write!(f, "SUEKICHI.txt"),
Omikuji::KYOU => write!(f, "KYOU.txt"),
}
}
}
#[test]
fn test_display() {
assert_eq!(Omikuji::DAIKICHI.to_string(), "DAIKICHI.txt",);
}