def identify_platform(self, filepath):
filemagic = Magic()
filetype = ""
try:
filetype = filemagic.id_filename(filepath)
except Exception as e:
# certain version of libmagic throws error while parsing file, the CPU information is however included in the error in somecases
filetype = str(e)
# filemagic.close()
if "ELF 32-bit" in filetype:
if "ARM" in filetype:
return "ELF", "arm"
if "80386" in filetype:
return "ELF", "x86"
if ("MIPS" in filetype) and ("MSB" in filetype):
return "ELF", "mips"
if "MIPS" in filetype:
return "ELF", "mipsel"
if "PowerPC" in filetype:
return "ELF", "powerpc"
if "ELF 64-bit" in filetype:
if "x86-64" in filetype:
return "ELF", "x86-64"
return filetype, self.default_cpu
def identify_platform(self, filepath):
filemagic = Magic()
filetype = ""
try:
filetype = filemagic.id_filename(filepath)
except Exception as e:
# certain version of libmagic throws error while parsing file, the CPU information is however included in the error in somecases
filetype = str(e)
# filemagic.close()
if "ELF 32-bit" in filetype:
if "ARM" in filetype:
return "ELF", "arm"
if "80386" in filetype:
return "ELF", "x86"
if ("MIPS" in filetype) and ("MSB" in filetype):
return "ELF", "mips"
if "MIPS" in filetype:
return "ELF", "mipsel"
if "PowerPC" in filetype:
return "ELF", "powerpc"
if "ELF 64-bit" in filetype:
if "x86-64" in filetype:
return "ELF", "x86-64"
return filetype, self.default_cpu
def do_fileprocess(self, filepath, admin_fields):
magic_file_check = Magic()
print "Type Validation plugin: checking %s", filepath
print "and is...", magic_file_check.id_filename(filepath)
return True # Accept
def get_report(self):
sample_file = open(self.sample_filepath, "rb")
sample_data = sample_file.read()
sample_file.close()
self.report['md5'] = md5(sample_data).hexdigest()
self.report['sha256'] = sha256(sample_data).hexdigest()
self.report['sha1'] = sha1(sample_data).hexdigest()
self.report['filesize'] = len(sample_data)
network_con2 = {}
ip = set()
port = set()
protocol = set()
dns = set()
try:
filemagic = Magic()
self.report['filetype'] = filemagic.id_filename(self.sample_filepath)
# filemagic.close()
except Exception as e:
self.report['filetype'] = "Unknown"
if self.error_in_exec == False and os.path.isfile(self.pcap_filepath):
self.report['cpu'] = self.cpu_arch
self.report['interpreter'] = self.interpreter
pparser = PacketParser(self.pcap_filepath)
self.report['dns_request'] = pparser.get_dns_requests()
self.report['url'] = pparser.get_urls()
network_con = pparser.get_network_connections()
for dns_q in self.report['dns_request']:
dns.add(dns_q['name'])
if dns_q['type'] == "A":
ip.add(dns_q['result'])
for key in network_con.keys():
protocol.add(key)
network_con[key] = list(network_con[key])
if key in ['TCP', 'UDP']:
network_con2[key] = []
for socks in network_con[key]:
socks = socks.split(" : ")
network_con2[key].append( {'ip': socks[0], 'port' : socks[1]} )
ip.add(socks[0])
port.add(socks[1])
else:
network_con2[key] = network_con[key]
for t_ip in network_con[key]:
ip.add(t_ip)
self.report['network'] = network_con2
self.report['dns'] = list(dns)
self.report['ip'] = list(ip)
self.report['port'] = list(port)
self.report['protocol'] = list(protocol)
self.report['static_analysis'] = self.static_analysis()
self.report['start_time'] = datetime.utcfromtimestamp(self.start_time).isoformat()
self.report['end_time'] = datetime.utcfromtimestamp(self.end_time).isoformat()
self.report['sample_filepath'] = self.sample_filepath
self.report['pcap_filepath'] = self.pcap_filepath
self.report['error'] = self.error_in_exec
return self.report
def get_report(self):
sample_file = open(self.sample_filepath, "rb")
sample_data = sample_file.read()
sample_file.close()
self.report['md5'] = md5(sample_data).hexdigest()
self.report['sha256'] = sha256(sample_data).hexdigest()
self.report['sha1'] = sha1(sample_data).hexdigest()
self.report['filesize'] = len(sample_data)
network_con2 = {}
ip = set()
port = set()
protocol = set()
dns = set()
try:
filemagic = Magic()
self.report['filetype'] = filemagic.id_filename(
self.sample_filepath)
# filemagic.close()
except Exception as e:
self.report['filetype'] = "Unknown"
if self.error_in_exec == False and os.path.isfile(self.pcap_filepath):
self.report['cpu'] = self.cpu_arch
self.report['interpreter'] = self.interpreter
pparser = PacketParser(self.pcap_filepath)
self.report['dns_request'] = pparser.get_dns_requests()
self.report['url'] = pparser.get_urls()
network_con = pparser.get_network_connections()
for dns_q in self.report['dns_request']:
dns.add(dns_q['name'])
if dns_q['type'] == "A":
ip.add(dns_q['result'])
for key in network_con.keys():
protocol.add(key)
network_con[key] = list(network_con[key])
if key in ['TCP', 'UDP']:
network_con2[key] = []
for socks in network_con[key]:
socks = socks.split(" : ")
network_con2[key].append({
'ip': socks[0],
'port': socks[1]
})
ip.add(socks[0])
port.add(socks[1])
else:
network_con2[key] = network_con[key]
for t_ip in network_con[key]:
ip.add(t_ip)
self.report['network'] = network_con2
self.report['dns'] = list(dns)
self.report['ip'] = list(ip)
self.report['port'] = list(port)
self.report['protocol'] = list(protocol)
self.report['static_analysis'] = self.static_analysis()
self.report['start_time'] = datetime.utcfromtimestamp(
self.start_time).isoformat()
self.report['end_time'] = datetime.utcfromtimestamp(
self.end_time).isoformat()
self.report['sample_filepath'] = self.sample_filepath
self.report['pcap_filepath'] = self.pcap_filepath
self.report['error'] = self.error_in_exec
return self.report
graph = pydot.Dot(graph_type='digraph')
magic = Magic()
found = set()
last_case = 0
last_crashes = 0
last_hangs = 0
with open(argv[1]) as f:
for line in f:
if line.startswith('#'):
continue
testcase = int(line.split(', ')[2])
newcase = int(line.split(', ')[3])
crashes = int(line.split(', ')[7])
hangs = int(line.split(', ')[8])
filetype = magic.id_filename('queue/id_%06d' % testcase)
graph.add_node(
pydot.Node(testcase, label='%d (%s)' % (testcase, filetype)))
if crashes > last_crashes:
graph.add_node(
pydot.Node("crash_%d" % crashes,
style="filled",
fillcolor='#ff0000'))
graph.add_edge(pydot.Edge(testcase, "crash_%d" % crashes))
if hangs > last_hangs:
graph.add_node(
pydot.Node("hang_%d" % hangs,
style="filled",
fillcolor='#777777'))
graph.add_edge(pydot.Edge(testcase, "hang_%d" % hangs))
if not last_case:
