def __init__(self, analytics_instance):
		super(AnalyticsMessenger, self).__init__()
		self.name = 'analytics'
		self.analytics_instance = analytics_instance
		self.subscribe_channel('analytics', self.message_handler)
		#self.status_update()
		debug_output("[+] Analytics Messenger started")

    def analyze(self, line):

        line = line.strip()
        sline = line.split()
        try:
            if line[0] != "#" and len(sline) > 2:  # ignore comments and entries with no clear reference
                if sline[0].isdigit():
                    del sline[0]  # remove the useless first field

                _hostname = Hostname(hostname=sline[0])

                evil = {}
                evil["source"] = self.name
                evil["id"] = md5.new(sline[0] + sline[1]).hexdigest()
                evil["description"] = sline[1]  # malware, EK, etc
                evil["reference"] = sline[2]  # GG safe browsing, blog, other blacklist, etc...

                if sline[3]:  # add the last date of inclusion in the feed
                    if sline[3] == "relisted" and sline[4]:
                        evil["date_added"] = datetime.datetime.strptime(sline[4], "%Y%m%d")
                    else:
                        evil["date_added"] = datetime.datetime.strptime(sline[3], "%Y%m%d")

                _hostname.add_evil(evil)
                _hostname.seen(first=evil["date_added"])
                self.commit_to_db(_hostname)
        except Exception, e:
            toolbox.debug_output(str(e), type="error")

	def analytics(self):

		debug_output( "(host analytics for %s)" % self.value)

		new = []

		# only resolve A and CNAME records for subdomains
		if toolbox.is_subdomain(self.value):
			dns_info = toolbox.dns_get_records(self.value, ['A', 'CNAME'])
		else:
			dns_info = toolbox.dns_get_records(self.value)

		for rtype in dns_info:
				for entry in dns_info[rtype]:
					art = toolbox.find_artifacts(entry)
					for t in art:
						for findings in art[t]:
							if t == 'hostnames':
								new.append((rtype, Hostname(findings)))
							if t == 'urls':
								new.append((rtype, Url(findings)))
							if t == 'ips':
								new.append((rtype, Ip(findings)))


		# is _hostname a subdomain ?
		if len(self.value.split(".")) > 2:
			domain = toolbox.is_subdomain(self.value)
			if domain:
				new.append(('domain', Hostname(domain)))

		self['last_analysis'] = datetime.datetime.utcnow()
		self['next_analysis'] = self['last_analysis'] + datetime.timedelta(seconds=self['refresh_period'])

		return new

	def send_nodes(self, elts=[], edges=[]):
		
		for e in elts:
			e['fields'] = e.display_fields

		data = { 'querya': {}, 'nodes':elts, 'edges': edges, 'type': 'nodeupdate'}
		try:
			if (len(elts) > 0 or len(edges) > 0) and self.ws:
				self.ws.send(dumps(data))
		except Exception, e:
			debug_output("Could not send nodes: %s" % e)

	def analytics(self):
		debug_output("(url analytics for %s)" % self['value'])

		new = []
		#link with hostname
		# host = toolbox.url_get_host(self['value'])
		# if host == None:
		# 	self['hostname'] = "No hostname"
		# else:
		# 	self['hostname'] = host

		# find path
		path, scheme, hostname = toolbox.split_url(self['value'])
		self['path'] = path
		self['scheme'] = scheme
		self['hostname'] = hostname

		if toolbox.is_ip(self['hostname']):
			new.append(('host', Ip(toolbox.is_ip(self['hostname']))))
		elif toolbox.is_hostname(self['hostname']):
			new.append(('host', Hostname(toolbox.is_hostname(self['hostname']))))
		else:
			debug_output("No hostname found for %s" % self['value'], type='error')
			return

		self['last_analysis'] = datetime.datetime.utcnow()
		
		
		return new

	def generate_pcap(self):
		if len (self.pkts) > 0:
			debug_output("Generating PCAP for %s (length: %s)" % (self.name, len(self.pkts)))
			filename = Malcom.config['SNIFFER_DIR'] + "/" + self.pcap_filename
			wrpcap(filename, self.pkts)
			debug_output("Saving session to DB")
			self.analytics.data.save_sniffer_session(self)

    def __init__(self, feedengine_instance):
        super(FeedsMessenger, self).__init__()
        self.name = "feeds"
        self.feedengine_instance = feedengine_instance

        debug_output("[+] Feed messenger started")
        self.subscribe_channel('feeds', self.message_handler)

 def send_nodes(self, elts=[], edges=[]):
     data = {"querya": {}, "nodes": elts, "edges": edges, "type": "nodeupdate"}
     try:
         if (len(elts) > 0 or len(edges) > 0) and self.ws:
             self.ws.send(dumps(data))
     except Exception, e:
         debug_output("Could not send nodes: %s" % e)

 def get_pcap(self):
     debug_output("Generating PCAP (length: %s)" % len(self.pkts))
     if len(self.pkts) == 0:
         return ""
     wrpcap("/tmp/temp.cap", self.pkts)
     pcap = open("/tmp/temp.cap").read()
     return pcap

	def __init__(self):
		super(SnifferMessenger, self).__init__()
		self.name = 'sniffer'
		self.snifferengine = None
		self.subscribe_channel('sniffer-commands', self.command_handler)
		self.command_lock = threading.Lock()
		debug_output("[+] Sniffer Messenger started")

	def load_yara_rules(self, path):
		debug_output("Compiling YARA rules from %s" % path)
		if path[-1] != '/':	path += '/' # add trailing slash if not present
		filepaths = {}
		for file in os.listdir(path):
			filepaths[file] = path + file
		debug_output("Loaded %s YARA rule files in %s" % (len(filepaths), path))
		return yara.compile(filepaths=filepaths)

	def run_scheduled_feeds(self):
		for feed_name in [f for f in self.feeds if (self.feeds[f].next_run < datetime.utcnow() and self.feeds[f].enabled)]:	
			debug_output('Starting thread for feed %s...' % feed_name)
			self.run_feed(feed_name)

		for t in self.threads:
			if self.threads[t].is_alive():
				self.threads[t].join()

    def run_all_feeds(self):
        debug_output("Running all feeds")
        for feed_name in [f for f in self.feeds if self.feeds[f].enabled]:
            debug_output("Starting thread for feed %s..." % feed_name)
            self.run_feed(feed_name)

        for t in self.threads:
            if self.threads[t].is_alive():
                self.threads[t].join()

	def broadcast(self, msg, channel, type="bcast"):
		queryid = str(random.random())

		message = json.dumps({'msg': msg, 'queryid': queryid, 'src': self.name, 'type':type})
		try:
			# print "broadcast [%s] : %s" % (channel, type)
			self.r.publish(channel, message)
		except Exception, e:
			debug_output("Could not broadcast: %s" % (e), 'error')

	def load_pcap(self):

		filename = self.pcap_filename
		debug_output("Loading PCAP from %s " % filename)
		self.pkts += self.sniff(stopper=self.stop_sniffing, filter=self.filter, prn=self.handlePacket, stopperTimeout=1, offline=Malcom.config['SNIFFER_DIR']+"/"+filename)	
		
		debug_output("Loaded %s packets from file." % len(self.pkts))

		return True

	def send_flow_statistics(self, flow):
		data = {}
		data['flow'] = flow.get_statistics()
		data['type'] = 'flow_statistics_update'
		if self.ws:
			try:
				self.ws.send(dumps(data))
			except Exception, e:
				debug_output("Could not send flow statistics: %s" % e)

    def send_nodes(self, elts=[], edges=[]):
        for e in elts:
            e['fields'] = e.default_fields

        data = {'querya': {}, 'nodes': elts, 'edges': edges, 'type': 'nodeupdate', 'session_name': self.name}
        try:
            if (len(elts) > 0 or len(edges) > 0):
                self.engine.messenger.broadcast(bson_dumps(data), 'sniffer-data', 'nodeupdate')
        except Exception, e:
            debug_output("Could not send nodes: {}".format(e), 'error')

	def run(self):
		self.messenger = FeedsMessenger(self)
		self.shutdown = False
		while not self.shutdown:
			try:
				debug_output("FeedEngine heartbeat")
				if self.scheduler:
					self.run_scheduled_feeds()
				time.sleep(self.period) # run a new thread every period seconds
			except KeyboardInterrupt, e:
				self.shutdown = True

	def load_feeds(self, activated_feeds):

		globals_, locals_ = globals(), locals()

		feeds_dir = self.configuration['FEEDS_DIR']
		package_name = 'feeds'

		debug_output("Loading feeds in %s" % feeds_dir)

		for filename in os.listdir(feeds_dir):
			export_names = []
			export_classes = []

			modulename, ext = os.path.splitext(filename)
			if modulename[0] != "_" and ext in ['.py']:
				subpackage = 'Malcom.%s.%s' % (package_name, modulename)
				module = __import__(subpackage, globals_, locals_, [modulename])

				modict = module.__dict__

				names = [name for name in modict if name[0] != '_']
				for n in names:

					# print n, activated_feeds
					if n == 'Feed' or n.lower() not in activated_feeds:
						continue

					class_n = modict.get(n)

					if issubclass(class_n, Feed) and class_n not in globals_:
						new_feed = class_n(n) # create new feed object

						new_feed.model = self.model # attach model instance to feed
						new_feed.engine = self
						self.feeds[n] = new_feed

						self.feeds[n].enabled = True if n.lower() in activated_feeds else False

						# this may be for show for now
						export_names.append(n)
						export_classes.append(class_n)
						sys.stderr.write(" + Loaded %s...\n" % n)

		# now that feeds are loaded, check their state in the db
		feed_status = self.model.get_feed_progress([f for f in self.feeds])
		for status in feed_status:
			name = status['name']
			self.feeds[name].last_run = status['last_run']
			self.feeds[name].next_run = status['last_run'] + self.feeds[name].run_every


		globals_.update((export_names[i], c) for i, c in enumerate(export_classes))

		return export_names, export_classes

 def load_modules(self):
     modules_directory = self.engine.setup['MODULES_DIR']
     modules = []
     module_activated = self.engine.setup['ACTIVATED_MODULES']
     for modulename in os.listdir(modules_directory):
         if '.' not in modulename and modulename in module_activated:
             full_filename = "{}/{}/{}.py".format(modules_directory, modulename, modulename)
             debug_output("Loading sniffer module: {}".format(modulename))
             module = imp.load_source(modulename, full_filename)
             modules.append(module.__dict__.get(module.classname)(self))
     return modules