-
Notifications
You must be signed in to change notification settings - Fork 6
/
[+]_nsa_xkeyscore_source_code_[+].txt
144 lines (125 loc) · 6.42 KB
/
[+]_nsa_xkeyscore_source_code_[+].txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
=================================================================================================
We are...
_____ _________
/ _ \ ____ ____ ____ / _____/ ____ ____
/ /_\ \ / \ / _ \ / \ \_____ \_/ __ \_/ ___\
/ | \ | ( <_> ) | \/ \ ___/\ \___
\____|__ /___| /\____/|___| /_______ /\___ >\___ >
\/ \/ \/ \/ \/ \/
//Laughing at your security since 2012*
-------------------------------------------------------------------------------------------------
Official Members: Mrlele - AnonSec666 - 3r3b0s - 4prili666h05t - Hannaichi - ap3x h4x0r - d3f4ult
-------------------------------------------------------------------------------------------------
............................................,,................,,.......................
..............i.............................,,,,,_......_,,,,,,........................
.............am............................//^\\\\\..../////^\\........................
...........d3f4ult.........................''\\\\\V.___.V/////''.......................
............................................../| |\............................
...........Welc0me...........................<_\_ _/_>...........................
..............to..............................\ \' '/ /............................
..............mY...............................\ \ / /.............................
............P4rty!..............................\ \ / /...............................
.................................................\ \/ /................................
...................................................V...................................
.......................................................................................
...............................................................................~~(8:>
#############################################################################
// START_DEFINITION
/*
The fingerprint identifies sessions visiting the Tor Project website from
non-fvey countries.
*/
fingerprint('anonymizer/tor/torpoject_visit')=http_host('www.torproject.org')
and not(xff_cc('US' OR 'GB' OR 'CA' OR 'AU' OR 'NZ'));
// END_DEFINITION
// START_DEFINITION
/*
These variables define terms and websites relating to the TAILs (The Amnesic
Incognito Live System) software program, a comsec mechanism advocated by
extremists on extremist forums.
*/
$TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux'
or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor ');
$TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');
// END_DEFINITION
// START_DEFINITION
/*
This fingerprint identifies users searching for the TAILs (The Amnesic
Incognito Live System) software program, viewing documents relating to TAILs,
or viewing websites that detail TAILs.
*/
fingerprint('ct_mo/TAILS')=
fingerprint('documents/comsec/tails_doc') or web_search($TAILS_terms) or
url($TAILS_websites) or html_title($TAILS_websites);
// END_DEFINITION
// START_DEFINITION
requires grammar version 5
/**
* Aggregate Tor hidden service addresses seen in raw traffic.
*/
mapreduce::plugin('anonymizer/tor/plugin/onion') =
immediate_keyword(/(?:([a-z]+):\/\/){0,1}([a-z2-7]{16})\.onion(?::(\d+)){0,1}/c : c++
includes: {{
#include <boost/lexical_cast.hpp>
}}
proto: {{
message onion_t {
required string address = 1;
optional string scheme = 2;
optional string port = 3;
}
}}
mapper<onion_t>: {{
static const std::string prefix = "anonymizer/tor/hiddenservice/address/";
onion_t onion;
size_t matches = cur_args()->matches.size();
for (size_t pos=0; pos < matches; ++pos) {
const std::string &value = match(pos);
if (value.size() == 16)
onion.set_address(value);
else if(!onion.has_scheme())
onion.set_scheme(value);
else
onion.set_port(value);
}
if (!onion.has_address())
return false;
MAPPER.map(onion.address(), onion);
xks::fire_fingerprint(prefix + onion.address());
return true;
}}
reducer<onion_t>: {{
for (values_t::const_iterator iter = VALUES.begin();
iter != VALUES.end();
++iter) {
DB["tor_onion_survey"]["onion_address"] = iter->address() + ".onion";
if (iter->has_scheme())
DB["tor_onion_survey"]["onion_scheme"] = iter->scheme();
if (iter->has_port())
DB["tor_onion_survey"]["onion_port"] = iter->port();
DB["tor_onion_survey"]["onion_count"] = boost::lexical_cast<std::string>(TOTAL_VALUE_COUNT);
DB.apply();
DB.clear();
}
return true;
}});
/**
* Placeholder fingerprint for Tor hidden service addresses.
* Real fingerpritns will be fired by the plugins
* 'anonymizer/tor/plugin/onion/*'
*/
fingerprint('anonymizer/tor/hiddenservice/address') = nil;
// END_DEFINITION
// START_DEFINITION
appid('anonymizer/mailer/mixminion', 3.0, viewer=$ascii_viewer) =
http_host('mixminion') or
ip('128.31.0.34');
// END_DEFINITION
#############################################################################
___________ __ _______ _________ _____
\_ _____/ __ __ ____ | | __ \ \ / _____/ / _ \
| __) | | \_/ ___\ | |/ / / | \ \_____ \ / /_\ \
| \ | | /\ \___ | < / | \ / \/ | \
\___ / |____/ \___ >|__|_ \\____|__ //_______ /\____|__ /
\/ \/ \/ \/ \/ \/
=====================================================================================