def create_maec(inputfile, outpath, verbose_error_mode):

    if os.path.isfile(inputfile):    

        #Create the main parser object
        parser = gparser.parser()

        try:
            open_file = parser.open_file(inputfile)
            
            if not open_file:
                print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema.')
                return
            
            #Parse the file to get the actions and processes
            parser.parse_document()

            #Create the MAEC package
            package = Package()

            #Add the analysis
            package.add_malware_subject(parser.malware_subject)

            #Finally, Export the results
            package.to_xml_file(outpath, {"https://github.com/MAECProject/gfi-sandbox-to-maec":"GFISandboxToMAEC"})

            print "Wrote to " + outpath

        except Exception, err:
           print('\nError: %s\n' % str(err))
           if verbose_error_mode:
                traceback.print_exc()
Beispiel #2
0
def generate_package_from_report_filepath(input_path, options=None):
    parser = gfiparser.parser()

    if not parser.open_file(input_path):
        print(
            '\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema.'
        )
        return

    return generate_package_from_parser(parser, options)
def generate_package_from_report_filepath(input_path, options=None):
    parser = gfiparser.parser()

    if not parser.open_file(input_path):
        print(
            "\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema."
        )
        return

    return generate_package_from_parser(parser, options)
Beispiel #4
0
def generate_package_from_report_string(input_string, options=None):
    parser = gfiparser.parser()
    parser.use_input_string(input_string)

    return generate_package_from_parser(parser, options)
Beispiel #5
0
def main():
    verbose_error_mode = 0
    stat_mode = 0
    stat_actions = 0
    infilename = ''
    outfilename = ''
    
    #Get the command-line arguments
    args = sys.argv[1:]
    
    if len(args) < 4:
        usage()
        sys.exit(1)
        
    for i in range(0,len(args)):
        if args[i] == '-v':
            verbose_error_mode = 1
        elif args[i] == '-i':
            infilename = args[i+1]
        elif args[i] == '-o':
            outfilename = args[i+1]
        elif args[i] == '-s':
            stat_mode = 1
            
    #Basic input file checking
    if os.path.isfile(infilename):    
        #Create the main parser object
        parser = gfi_parser.parser()
        try:
            open_file = parser.open_file(infilename)
            
            if not open_file:
                print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema.')
                sys.exit(1)
            
            #Parse the file to get the actions and processes
            print '\nParsing input file and generating MAEC objects...\n'
            parser.parse_document()
    
            #Create the MAEC bundle
            bundle = maec_helper.maec_bundle(parser.generator, 2.1)
            
            #Add the analysis
            bundle.add_analysis(parser.maec_analysis)
            
            #Add all applicable actions to the bundle
            for key, value in parser.actions.items():
                for action in value:
                    bundle.add_action(action, key)
                    stat_actions += 1
            #Add all applicable objects to the bundle
            for key, value in parser.objects.items():
                for object in value:
                    bundle.add_object(object, key)
            bundle.build_maec_bundle()
            ##Finally, Export the results
            bundle.export(outfilename)
            
            if stat_mode:
                print '\n---- Statistics ----'
                print str(stat_actions) + ' actions converted'
                #print str(converter.stat_behaviors) + ' behaviors extracted'
        except Exception, err:
           print('\nError: %s\n' % str(err))
           if verbose_error_mode:
                traceback.print_exc()
def generate_package_from_report_string(input_string, options=None):
    parser = gfiparser.parser()
    parser.use_input_string(input_string)

    return generate_package_from_parser(parser, options)
Beispiel #7
0
def main():
    verbose_error_mode = 0
    stat_mode = 0
    stat_actions = 0
    infilename = ''
    outfilename = ''

    #Get the command-line arguments
    args = sys.argv[1:]

    if len(args) < 4:
        usage()
        sys.exit(1)

    for i in range(0, len(args)):
        if args[i] == '-v':
            verbose_error_mode = 1
        elif args[i] == '-i':
            infilename = args[i + 1]
        elif args[i] == '-o':
            outfilename = args[i + 1]
        elif args[i] == '-s':
            stat_mode = 1

    #Basic input file checking
    if os.path.isfile(infilename):
        #Create the main parser object
        parser = gfi_parser.parser()
        try:
            open_file = parser.open_file(infilename)

            if not open_file:
                print(
                    '\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the GFI Sandbox output schema.'
                )
                sys.exit(1)

            #Parse the file to get the actions and processes
            print '\nParsing input file and generating MAEC objects...\n'
            parser.parse_document()

            #Create the MAEC bundle
            bundle = maec_helper.maec_bundle(parser.generator, 2.1)

            #Add the analysis
            bundle.add_analysis(parser.maec_analysis)

            #Add all applicable actions to the bundle
            for key, value in parser.actions.items():
                for action in value:
                    bundle.add_action(action, key)
                    stat_actions += 1
            #Add all applicable objects to the bundle
            for key, value in parser.objects.items():
                for object in value:
                    bundle.add_object(object, key)
            bundle.build_maec_bundle()
            ##Finally, Export the results
            bundle.export(outfilename)

            if stat_mode:
                print '\n---- Statistics ----'
                print str(stat_actions) + ' actions converted'
                #print str(converter.stat_behaviors) + ' behaviors extracted'
        except Exception, err:
            print('\nError: %s\n' % str(err))
            if verbose_error_mode:
                traceback.print_exc()