Beispiel #1
0
def upload_form(request):

    
    if request.method == 'POST':
        form = UploadUrlForm(request.POST)
        if form.is_valid():
        
            uri = request.POST['uri']
            newurl = URL(
                uri = uri,
                ticket = request.POST['ticket'],
                md5 = hashlib.md5(uri).hexdigest(),
                fuzzy = pydeep.hash_buf(uri),
                #html = handler.get_html(uri),
            )
            ua = request.POST['UserAgent']
            results = handler.get_thug(uri, ua, request.POST['ticket'])
            
            #newurl.ssdeep_compare = unicode(handler.ssdeep_compare(newurl.fuzzy, newurl.md5), 'utf-8', errors="replace")
            newurl.ssdeep_compare = handler.ssdeep_compare(newurl.fuzzy, newurl.md5)
            newurl.html = unicode(results['html'], 'utf-8', errors="replace")
            newurl.thug = unicode(results['thug_res'], 'utf-8', errors="replace")
            newurl.js = unicode(results['js'], 'utf-8', errors="replace")
            newurl.js_didier = unicode(results['js_didier'], 'utf-8', errors="replace")
            
            #newurl.js = handler.get_js(newurl.html)
        
            #If VirusTotal is activated, get vt results
            #URL['vt']=handler.get_vt(url)
            
            newurl.save()

            newpage = "/uanalysis/url/" + newurl.md5

            return HttpResponseRedirect(newpage)
        else:
            form = UploadUrlForm()
            url = URL.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
            return render(request, 'uanalysis/upload_form.html', {'form': form, 'url': url})

    else:
        form = UploadUrlForm()
        url = URL.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
        return render(request, 'uanalysis/upload_form.html', {'form': form, 'url': url})
Beispiel #2
0
def upload_form(request):

    if request.method == 'POST':
        form = UploadFileForm(request.POST, request.FILES)
        if form.is_valid():
#            handle_uploaded_file(request.FILES['file'])
#            newsample = Sample(sample = request.FILES['sample'])
            f = request.FILES['sample']

            
            newsample = Sample(
                sample = f,
                ticket = request.POST['ticket'],
                filename = f.name,
                size = f.size,
#                type = f.content_type,
                type = handler.get_filetype(f),
                md5 = handler.get_md5(f),
                sha1 = handler.get_sha1(f),
                sha256 = handler.get_sha256(f),
                fuzzy = handler.get_fuzzy(f),
            )
            #breakdebug
            newsample.save()

            #Do post-processing stuff here
            s = Sample.objects.filter().order_by('-id')[0]
            #s.exif = handler.get_exif(s.sample).encode('ascii', errors='replace')
            #s.exif = unicode(handler.get_exif(s.sample))
            s.exif = handler.get_exif(s.sample)
            
            s.strings = handler.get_strings(s.sample)
            s.balbuzard = handler.get_balbuzard(s.sample)
            s.trid = handler.get_trid(s.sample)

            #SSDEEP/Fuzzy hash comparison
            s.ssdeep_compare = handler.ssdeep_compare(s.fuzzy, s.md5)

            #VirusTotal Search
            vt_res, vt_short_res = handler.get_vt(s.md5)
            if vt_res:
                s.vt = vt_res
                s.vt_short = vt_short_res

            #If EXE file, run EXE-specific checks
            if "PE32" and "Windows" in s.type:
                s.peframe = handler.get_peframe(s.sample)
                s.pescanner = handler.get_pescanner(s.sample)

            #If PDF file, run PDF-specific checks
            if "PDF" in s.type:
                s.pdfid = handler.get_pdfid(s.sample)
                s.peepdf = handler.get_peepdf(s.sample)
                s.pdf_strings = handler.get_pdfstrings(s.sample)

            #If DOC file, run DOC-specific checks
            if "Document File V2" in s.type:
                s.oleid = handler.get_oleid(s.sample)
                #If valid OLE file, run OLEMETA
                olematch = re.compile(r'\|\s+OLE format\s+\|\s+True\s+\|')
                if olematch.search(s.oleid):
                    s.olemeta = handler.get_olemeta(s.sample)
                #If VBA code detected, run OLEVBA
                vbamatch = re.compile(r'\|\s+VBA Macros\s+\|\s+True\s+\|')
                if vbamatch.search(s.oleid):
                    s.olevba = handler.get_olevba(s.sample)

            #If RTF file, run RTFOBJ
            if "Rich Text Format" in s.type:
                rtfobj, rtflist = handler.get_rtfobj(s.sample)
                s.rtfobj = rtfobj

            #If Objects found, run strings/balbuzard against them
            #REMOVED - TOO RESOURCE-INTENSIVE
#            if rtflist:
#                s.rtfobj_str = handler.get_rtfobj_str(rtflist)
#                s.rtfobj_balbuz = handler.get_rtfobj_balbuz(rtflist)
            
            

            s.save()

            newpage = "/sanalysis/md5/" + s.md5 + "/?upload=True"

            return HttpResponseRedirect(newpage)
        else:
            form = UploadFileForm()
            sample = Sample.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
            return render(request, 'sanalysis/upload_form.html', {'form': form, 'sample': sample},
                            context_instance = RequestContext(request))

#            return HttpResponseRedirect('/sanalysis/')

#            return render(request, 'sanalysis/sample_page.html', {'sample': sample,
#                                                                  'savename': savename,
#                                                                  'ta_use': ta_use,
#                                                                  'ta_analyses': ta_analyses,
#                                                                  'ta_risks': ta_risks,
#                                                                  'ta_network': ta_network,
#                                                                  'ta_ips': ta_ips,
#                                                                  'ta_domains': ta_domains,
#                                                                  'ta_commands': ta_commands,
#                                                                  'ta_submit': ta_submit,
#                                                                  'crits_use': crits_use,
#                                                                  'crits': crits_dict,
#                                                                  'crits_submit': crits_submit, })


    else:
        form = UploadFileForm()
        sample = Sample.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
        return render(request, 'sanalysis/upload_form.html', {'form': form, 'sample': sample})