def create_maec(inputfile, outpath, verbose_error_mode):
if os.path.isfile(inputfile):
#Create the main parser object
parser = gparser.parser()
try:
open_file = parser.open_file(inputfile)
if not open_file:
print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema.')
return
#Parse the file to get the actions and processes
parser.parse_document()
#Create the MAEC package
package = Package()
#Add the analysis
package.add_malware_subject(parser.malware_subject)
#Finally, Export the results
package.to_xml_file(outpath, {"https://github.com/MAECProject/gfi-sandbox-to-maec":"GFISandboxToMAEC"})
print "Wrote to " + outpath
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_error_mode:
traceback.print_exc()
def generate_package_from_report_filepath(input_path, options=None):
parser = gfiparser.parser()
if not parser.open_file(input_path):
print(
'\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema.'
)
return
return generate_package_from_parser(parser, options)
def generate_package_from_report_filepath(input_path, options=None):
parser = gfiparser.parser()
if not parser.open_file(input_path):
print(
"\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema."
)
return
return generate_package_from_parser(parser, options)
def generate_package_from_report_string(input_string, options=None):
parser = gfiparser.parser()
parser.use_input_string(input_string)
return generate_package_from_parser(parser, options)
def main():
verbose_error_mode = 0
stat_mode = 0
stat_actions = 0
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-v':
verbose_error_mode = 1
elif args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
elif args[i] == '-s':
stat_mode = 1
#Basic input file checking
if os.path.isfile(infilename):
#Create the main parser object
parser = gfi_parser.parser()
try:
open_file = parser.open_file(infilename)
if not open_file:
print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema.')
sys.exit(1)
#Parse the file to get the actions and processes
print '\nParsing input file and generating MAEC objects...\n'
parser.parse_document()
#Create the MAEC bundle
bundle = maec_helper.maec_bundle(parser.generator, 2.1)
#Add the analysis
bundle.add_analysis(parser.maec_analysis)
#Add all applicable actions to the bundle
for key, value in parser.actions.items():
for action in value:
bundle.add_action(action, key)
stat_actions += 1
#Add all applicable objects to the bundle
for key, value in parser.objects.items():
for object in value:
bundle.add_object(object, key)
bundle.build_maec_bundle()
##Finally, Export the results
bundle.export(outfilename)
if stat_mode:
print '\n---- Statistics ----'
print str(stat_actions) + ' actions converted'
#print str(converter.stat_behaviors) + ' behaviors extracted'
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_error_mode:
traceback.print_exc()
def generate_package_from_report_string(input_string, options=None):
parser = gfiparser.parser()
parser.use_input_string(input_string)
return generate_package_from_parser(parser, options)
def main():
verbose_error_mode = 0
stat_mode = 0
stat_actions = 0
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0, len(args)):
if args[i] == '-v':
verbose_error_mode = 1
elif args[i] == '-i':
infilename = args[i + 1]
elif args[i] == '-o':
outfilename = args[i + 1]
elif args[i] == '-s':
stat_mode = 1
#Basic input file checking
if os.path.isfile(infilename):
#Create the main parser object
parser = gfi_parser.parser()
try:
open_file = parser.open_file(infilename)
if not open_file:
print(
'\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema.'
)
sys.exit(1)
#Parse the file to get the actions and processes
print '\nParsing input file and generating MAEC objects...\n'
parser.parse_document()
#Create the MAEC bundle
bundle = maec_helper.maec_bundle(parser.generator, 2.1)
#Add the analysis
bundle.add_analysis(parser.maec_analysis)
#Add all applicable actions to the bundle
for key, value in parser.actions.items():
for action in value:
bundle.add_action(action, key)
stat_actions += 1
#Add all applicable objects to the bundle
for key, value in parser.objects.items():
for object in value:
bundle.add_object(object, key)
bundle.build_maec_bundle()
##Finally, Export the results
bundle.export(outfilename)
if stat_mode:
print '\n---- Statistics ----'
print str(stat_actions) + ' actions converted'
#print str(converter.stat_behaviors) + ' behaviors extracted'
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_error_mode:
traceback.print_exc()