Skip to content

Instantly share code, notes, and snippets.

@kaellego

kaellego/vbscript_ksc_parse_telegram.vbs

Created December 24, 2023 02:10
Show Gist options
  • Save kaellego/5c21312d79232347c631f7ebd575f687 to your computer and use it in GitHub Desktop.
Save kaellego/5c21312d79232347c631f7ebd575f687 to your computer and use it in GitHub Desktop.
Download ZIP
vbscript ksc parse telegram send
Raw
vbscript_ksc_parse_telegram.vbs
' Definição das variáveis
Dim strSeverity, strComputer, strDomain, strEvent, strDescr, strRiseTime
Dim strKLCSAKEventTaskDisplayName, strKLProduct, strKLVersion, strHostIP, strHostConnIP
Dim strMessage, strTelegramBotToken, strTelegramChatID, objShell, strURL, strJSONMessage, strJSONMessage1
Dim fso, logFile, strLogFile
Class JSONStringEncoder
Private m_RegExp
Sub Class_Initialize()
Set m_RegExp = Nothing
End Sub
Function Encode(ByVal Str)
Dim Parts(): ReDim Parts(3)
Dim NextPartIndex: NextPartIndex = 0
Dim AnchorIndex: AnchorIndex = 1
Dim CharCode, Escaped
Dim Match, MatchIndex
Dim RegExp: Set RegExp = m_RegExp
If RegExp Is Nothing Then
Set RegExp = New RegExp
RegExp.Pattern = "[\\\""\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]"
RegExp.Global = True
Set m_RegExp = RegExp
End If
For Each Match In RegExp.Execute(Str)
MatchIndex = Match.FirstIndex + 1
If NextPartIndex > UBound(Parts) Then ReDim Preserve Parts(UBound(Parts) * 2)
Parts(NextPartIndex) = Mid(Str, AnchorIndex, MatchIndex - AnchorIndex): NextPartIndex = NextPartIndex + 1
CharCode = AscW(Mid(Str, MatchIndex, 1))
Select Case CharCode
Case 34 : Escaped = "\"""
Case 10 : Escaped = "\n"
Case 13 : Escaped = "\r"
Case 92 : Escaped = "\\"
Case 8 : Escaped = "\b"
Case Else:
If CharCode >= 55296 And CharCode <= 57343 Then
Dim HighSurrogate, LowSurrogate
HighSurrogate = CharCode
LowSurrogate = AscW(Mid(Str, MatchIndex + 1, 1))
Escaped = "\u" & Right("0000" & Hex(HighSurrogate), 4) & "\u" & Right("0000" & Hex(LowSurrogate), 4)
MatchIndex = MatchIndex + 1
Else
Escaped = "\u" & Right("0000" & Hex(CharCode), 4)
End If
End Select
If NextPartIndex > UBound(Parts) Then ReDim Preserve Parts(UBound(Parts) * 2)
Parts(NextPartIndex) = Escaped: NextPartIndex = NextPartIndex + 1
AnchorIndex = MatchIndex + 1
Next
If AnchorIndex = 1 Then Encode = """" & Str & """": Exit Function
If NextPartIndex > UBound(Parts) Then ReDim Preserve Parts(UBound(Parts) * 2)
Parts(NextPartIndex) = Mid(Str, AnchorIndex): NextPartIndex = NextPartIndex + 1
ReDim Preserve Parts(NextPartIndex - 1)
Encode = """" & Join(Parts, "") & "\"""
End Function
End Class
Dim TheJSONStringEncoder: Set TheJSONStringEncoder = New JSONStringEncoder
Function EncodeJSONString(ByVal Str)
EncodeJSONString = TheJSONStringEncoder.Encode(Str)
End Function
Function EncodeJSONMember(ByVal Key, Value)
EncodeJSONMember = EncodeJSONString(Key) & ":" & JSONStringify(Value)
End Function
Public Function JSONStringify(Thing)
Dim Key, Item, Index, NextIndex, Arr()
Dim VarKind: VarKind = VarType(Thing)
Select Case VarKind
Case vbNull, vbEmpty: JSONStringify = "null"
Case vbDate: JSONStringify = EncodeJSONString(FormatISODateTime(Thing))
Case vbString: JSONStringify = EncodeJSONString(Thing)
Case vbBoolean: If Thing Then JSONStringify = "true" Else JSONStringify = "false"
Case vbObject
If Thing Is Nothing Then
JSONStringify = "null"
Else
If TypeName(Thing) = "Dictionary" Then
If Thing.Count = 0 Then JSONStringify = "{}": Exit Function
ReDim Arr(Thing.Count - 1)
Index = 0
For Each Key In Thing.Keys
Arr(Index) = EncodeJSONMember(Key, Thing(Key))
Index = Index + 1
Next
JSONStringify = "{" & Join(Arr, ",") & "}"
Else
ReDim Arr(3)
NextIndex = 0
For Each Item In Thing
If NextIndex > UBound(Arr) Then ReDim Preserve Arr(UBound(Arr) * 2)
Arr(NextIndex) = JSONStringify(Item)
NextIndex = NextIndex + 1
Next
ReDim Preserve Arr(NextIndex - 1)
JSONStringify = "[" & Join(Arr, ",") & "]"
End If
End If
Case Else
If vbArray = (VarKind And vbArray) Then
For Index = LBound(Thing) To UBound(Thing)
If Len(JSONStringify) > 0 Then JSONStringify = JSONStringify & ","
JSONStringify = JSONStringify & JSONStringify(Thing(Index))
Next
JSONStringify = "[" & JSONStringify & "]"
ElseIf IsNumeric(Thing) Then
JSONStringify = CStr(Thing)
Else
JSONStringify = EncodeJSONString(CStr(Thing))
End If
End Select
End Function
Function RemoveAcentos(strText)
Dim Acentuados
Dim SemAcento
Dim i, c
' Caracteres acentuados
Acentuados = "áàãâäéèêëíìîïóòõôöúùûüçÁÀÃÂÄÉÈÊËÍÌÎÏÓÒÕÔÖÚÙÛÜÇ"
' Caracteres sem acento correspondentes
SemAcento = "aaaaaeeeeiiiiooooouuuucAAAAAEEEEIIIIOOOOOUUUUC"
' Substituição de caracteres
For i = 1 To Len(Acentuados)
c = Mid(Acentuados, i, 1)
' Verifica se o caractere não é um emoji (ou outro caractere especial fora do intervalo ASCII padrão)
If Asc(c) <= 255 Then
strText = Replace(strText, c, Mid(SemAcento, i, 1))
End If
Next
RemoveAcentos = strText
End Function
' Recebendo os valores das variáveis de ambiente
strSeverity = WScript.Arguments(0)
strComputer = WScript.Arguments(1)
strDomain = WScript.Arguments(2)
strEvent = WScript.Arguments(3)
strDescr = WScript.Arguments(4)
strRiseTime = WScript.Arguments(5)
strKLCSAKEventTaskDisplayName = WScript.Arguments(6)
strKLProduct = WScript.Arguments(7)
strKLVersion = WScript.Arguments(8)
strHostIP = WScript.Arguments(9)
strHostConnIP = WScript.Arguments(10)
' Token do bot do Telegram e ID do chat
strTelegramBotToken = "xxxxxxxxxxxx"
strTelegramChatID = "-xxxxxxxxxxxx"
' Formatação da mensagem
strMessage = "---" & vbCrLf
strMessage = strMessage & "🚨 Alerta do Kaspersky Security Center 🚨" & vbCrLf
strMessage = strMessage & "🔴 Gravidade: " & strSeverity & vbCrLf
strMessage = strMessage & "➡ Data: " & strRiseTime & vbCrLf
strMessage = strMessage & "➡ Computador: " & strComputer & " - IP: " & strHostIP & vbCrLf & vbCrLf
strMessage = strMessage & "➡ Dominio: " & strDomain & vbCrLf
strMessage = strMessage & "➡ Evento: " & strEvent & vbCrLf
strMessage = strMessage & "➡ Descrição: " & strDescr & vbCrLf
strMessage = strMessage & "➡ Nome da Tarefa KLCSAK: " & strKLCSAKEventTaskDisplayName & vbCrLf
strMessage = strMessage & "➡ Produto Kaspersky: " & strKLProduct & vbCrLf
strMessage = strMessage & "➡ Versao do Produto: " & strKLVersion & vbCrLf
strMessage = strMessage & "➡ IP do Host: " & strHostIP & vbCrLf
strMessage = strMessage & "➡ IP de Conexao do Host: " & strHostConnIP & vbCrLf
strMessage = strMessage & "---"
strJSONMessage1 = RemoveAcentos(strMessage)
WScript.Echo "Original: " & strJSONMessage1
' Usando JSONStringify para converter strMessage em JSON
strJSONMessage = JSONStringify(strJSONMessage1)
' Leave these alone
strMode = "html" ' html, MarkdownV2 ou markdown
strJson = "{\""chat_id\"": \""" & strTelegramChatID & "\"", \""text\"": \" & strJSONMessage & ", \""parse_mode\"": \""" & strMode & "\""}"""
' URL para enviar a mensagem via Telegram API
strURL = " https://api.telegram.org/bot" & strTelegramBotToken & "/sendMessage"
' Caminho do arquivo de log
strLogFile = "debug_vbs_log.txt"
' Criando/abrindo o arquivo de log
Set fso = CreateObject("Scripting.FileSystemObject")
Set logFile = fso.OpenTextFile(strLogFile, 8, True)
' Escrevendo as entradas no arquivo de log
logFile.WriteLine vbCrLf & "Data/Hora: " & Now
logFile.WriteLine "URL: " & strURL
logFile.WriteLine "Mensagem: " & strMessage
logFile.WriteLine "strJSONMessage: " & strJSONMessage1
'logFile.WriteLine vbCrLf & "C:\curl\bin\curl.exe -s -o /dev/null -X POST -H ""Content-Type: application/json"" -d """ & strJson & "" & strURL
logFile.WriteLine vbCrLf & "C:\curl\bin\curl.exe -o ""C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center\script\out.txt"" -X POST -H ""Content-Type: application/json"" -d """ & strJson & "" & strURL
logFile.WriteLine vbCrLf
' Enviando a mensagem
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run "cmd /c C:\curl\bin\curl.exe -s -o ""C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center\script\out.txt"" -X POST -H ""Content-Type: application/json"" -d """ & strJson & "" & strURL, 0, True
' Fechando o arquivo de log
logFile.Close
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment