def yara():
tmp_folder = "/tmp/yara_working_dir"
subprocess.call(["mkdir", "-p", tmp_folder])
hashes = request.forms.dict.get("file_hash[]")
if hashes is not None:
if len(hashes) == 1:
random_id = hashes[0]
else:
random_id = id_generator()
else:
return jsonize({'message': 'Error. no file selected'})
folder_path = os.path.join(tmp_folder, random_id)
subprocess.call(["mkdir", "-p", folder_path])
yara_output_file = os.path.join(tmp_folder, random_id + ".txt")
for file_hash in hashes:
key = ''
if len(file_hash) == 40:
key = 'sha1'
else:
response.code = 400
return jsonize({'message': 'Invalid hash format (use sha1)'})
pc = PackageController()
res = pc.searchFile(file_hash)
if res == None:
response.code = 404
return jsonize({'message': 'File not found in the database'
}) #needs a better fix
res = pc.getFile(file_hash)
file_name = os.path.join(folder_path, str(file_hash) + ".codex")
if not os.path.isfile(file_name):
fd = open(file_name, "wb")
fd.write(res)
fd.close()
yara_cli_output = call_with_output([
"python", env['yara-script2'], "--opcodes", "--excludegood",
"--nosimple", "-z", "5", "-m", folder_path, "-o", yara_output_file
])
#yara_cli_output = call_with_output(["python",env['yara-script1'],"-f","exe","-a","Codex Gigas","-r",yara_output_file, folder_path+"/"])
# yara_output_file += ".yar" # because the script yara-script2 is ugly and saves the file to x.yar.yar
if os.path.isfile(yara_output_file) is False:
fp = open(yara_output_file, 'w+')
fp.write(yara_cli_output)
fp.close()
yara_output_fp = open(yara_output_file, 'r')
output_cleaned = yara_output_fp.read().replace(
"[!] Rule Name Can Not Contain Spaces or Begin With A Non Alpha Character",
"")
output_cleaned = re.sub(
r"\[\+\] Generating Yara Rule \/tmp\/yara_working_dir\/[A-Z0-9]+\.txt from files located in: /tmp/yara_working_dir/[A-Z0-9]+/",
"", output_cleaned)
output_cleaned = re.sub(r"rule /tmp/yara_working_dir/([a-zA-Z0-9]+).txt",
r"rule \1", output_cleaned)
# lines = [line for line in output_with_credits_removed if line.strip()]
return jsonize({"message": output_cleaned})
def yara():
tmp_folder = "/tmp/yara_working_dir"
subprocess.call(["mkdir", "-p", tmp_folder])
hashes = request.forms.dict.get("file_hash[]")
if hashes is not None:
if len(hashes) == 1:
random_id = hashes[0]
else:
random_id = id_generator()
else:
return jsonize({'message': 'Error. no file selected'})
folder_path = os.path.join(tmp_folder, random_id)
subprocess.call(["mkdir", "-p", folder_path])
yara_output_file = os.path.join(tmp_folder, random_id + ".txt")
for file_hash in hashes:
key = ''
if len(file_hash) == 40:
key = 'sha1'
else:
response.status = 400
return jsonize({'message': 'Invalid hash format (use sha1)'})
pc = PackageController()
res = pc.searchFile(file_hash)
if res is None:
response.status = 404
# needs a better fix
return jsonize({'message': 'File not found in the database'})
res = pc.getFile(file_hash)
file_name = os.path.join(folder_path, str(file_hash) + ".codex")
if not os.path.isfile(file_name):
fd = open(file_name, "wb")
fd.write(res)
fd.close()
yara_cli_output = call_with_output(["python", envget(
'yara-script2'), "--opcodes", "--excludegood", "--nosimple", "-z", "5", "-m", folder_path, "-o", yara_output_file])
# yara_cli_output = call_with_output(["python",envget('yara-script1'),"-f","exe","-a","Codex Gigas","-r",yara_output_file, folder_path+"/"])
# yara_output_file += ".yar" # because the script yara-script2 is ugly and
# saves the file to x.yar.yar
if os.path.isfile(yara_output_file) is False:
fp = open(yara_output_file, 'w+')
fp.write(yara_cli_output)
fp.close()
yara_output_fp = open(yara_output_file, 'r')
output_cleaned = yara_output_fp.read().replace(
"[!] Rule Name Can Not Contain Spaces or Begin With A Non Alpha Character", "")
output_cleaned = re.sub(
r"\[\+\] Generating Yara Rule \/tmp\/yara_working_dir\/[A-Z0-9]+\.txt from files located in: /tmp/yara_working_dir/[A-Z0-9]+/", "", output_cleaned)
output_cleaned = re.sub(
r"rule /tmp/yara_working_dir/([a-zA-Z0-9]+).txt", r"rule \1", output_cleaned)
# lines = [line for line in output_with_credits_removed if line.strip()]
return jsonize({"message": output_cleaned})
def export_metadata():
mdc = MetaController()
hashes = request.forms.dict.get("file_hash[]")
dump_to_save = ""
random_id = id_generator()
tmp_path = "/tmp/meta_export"
tmp_folder = os.path.join(tmp_path, random_id)
call_with_output(["mkdir", "-p", tmp_folder])
for hash in hashes:
hash = clean_hash(hash.replace('\r', ''))
res = mdc.read(hash)
dump = dumps(res, indent=4)
file_name = os.path.join(tmp_folder, str(hash) + '.txt')
fd = open(file_name, "w")
fd.write(dump)
fd.close()
zip_path = os.path.join(tmp_path, random_id + '.zip')
call_with_output(["zip", "-jr", zip_path, tmp_folder])
resp = static_file(str(random_id) + '.zip', root=tmp_path, download=True)
resp.set_cookie('fileDownload', 'true')
shutil.rmtree(tmp_folder)
os.remove(zip_path)
return resp
def export_metadata():
mdc = MetaController()
hashes = request.forms.dict.get("file_hash[]")
dump_to_save = ""
random_id = id_generator()
tmp_path = "/tmp/meta_export"
tmp_folder = os.path.join(tmp_path, random_id)
call_with_output(["mkdir", "-p", tmp_folder])
for hash in hashes:
hash = clean_hash(hash.replace('\r', ''))
res = mdc.read(hash)
dump = dumps(res, indent=4)
file_name = os.path.join(tmp_folder, str(hash) + '.txt')
fd = open(file_name, "w")
fd.write(dump)
fd.close()
zip_path = os.path.join(tmp_path, random_id + '.zip')
call_with_output(["zip", "-jr", zip_path, tmp_folder])
resp = static_file(str(random_id) + '.zip', root=tmp_path, download=True)
resp.set_cookie('fileDownload', 'true')
shutil.rmtree(tmp_folder)
os.remove(zip_path)
return resp