def exports_markdown(self, json):
output = md.table_header(['Export', 'Address'])
for e in json: # pylint: disable=invalid-name
output += md.table_row([e['name'], e['address']])
if not json:
output += md.table_row(('-', '-'))
return output
def peid_markdown(self, json):
output = md.table_header(['Signatures'])
for i in json:
output += md.table_row([i])
if not json:
output += md.table_row(('-'))
return output
def report_markdown(self, json):
output = md.h4('General')
output += md.paragraph(md.bold('Score: ') + str(json['score']))
output += md.cr()
output += md.paragraph(md.bold('Platform: ') + json['platform'])
output += md.h4('Analysis')
output += md.table_header(('Category', 'Started', 'Ended', 'Duration'))
output += md.table_row(
(json['analysis']['category'], str(json['analysis']['started']),
str(json['analysis']['ended']),
str(json['analysis']['duration'])))
output += md.h4('Machines')
output += md.table_header(('Name', 'Manager'))
output += md.table_row(
(json['machine']['name'], json['machine']['manager']))
output += md.h4('Signatures')
output += md.table_header(('Severity', 'Description'))
for s in json['signatures']:
if s['severity'] > 2:
output += md.table_row(
('%red ' + str(s['severity']) + ' %', s['description']))
elif s['severity'] > 1:
output += md.table_row(
('%orange ' + str(s['severity']) + ' %', s['description']))
else:
output += md.table_row(
('%blue ' + str(s['severity']) + ' %', s['description']))
return output
def info_markdown(self, json):
output = md.table_header(('Attribute', 'Value'))
output += md.table_row(('VT Link', json['vt_link']))
if int(json['score'].split('/')[0]) < 3:
output += md.table_row(('Score', json['score']))
else:
output += md.table_row(('Score', json['score']))
return output
def all_markdown(json):
output = md.table_header(('Hash Type', 'Hash'))
output += md.table_row(('MD5', json['md5_digest']))
output += md.table_row(('SHA1', json['sha1_digest']))
output += md.table_row(('SHA256', json['sha256_digest']))
output += md.table_row(('SHA512', json['sha512_digest']))
output += md.table_row(('SSDEEP', json['ssdeep']))
return output
def info_markdown(self, json):
output = md.table_header(['Attribute', 'Value'])
output += md.table_row(['Compile Time:', json['compile_time']])
output += md.table_row(['Language:', json['language']])
output += md.table_row(['Architecture:', json['architecture']])
output += md.table_row(['Certificate:', json['certificate']])
return output
def hash_search_markdown(self, json):
output = '**Hits: ' + str(len(json['hits'])) + '**\r\n\r\n'
output += md.table_header(('SHA1', 'MD5', 'File Name'))
for row in json['hits']:
output += md.table_row((row['sha1'], row['md5'], row['file']))
if not json:
output += md.table_row(('-', '-', '-'))
return output
def sections_markdown(self, json):
output = md.table_header(
('Name', 'Address', 'Size', 'Offset', 'Type', 'Flags'))
for s in json: # pylint: disable=invalid-name
output += md.table_row((s['name'], s['address'], s['size'],
s['offset'], s['type'], s['flags']))
if not json:
output += md.table_row(('-', '-', '-', '-', '-', '-'))
return output
def imports_markdown(self, json):
output = md.table_header(('DLL', 'Import', 'Address'))
for k, v in json.items():
i = 0
for imp in v:
output += md.table_row(
[k if i == 0 else '', imp['name'], imp['address']])
i += 1
if not json:
md.table_row(('-', '-', '-'))
return output
def olevba_keywords_markdown(self, json):
output = md.table_header(['Type', 'Keyword', 'Description'])
for k in json:
output += md.table_row([
k['type'],
md.code(md.sanitize(k['keyword']), inline=True),
k['description']
])
if not json:
output += md.table_row(('-', '-', '-'))
return output
def binary_carver_markdown(self, json):
output = md.table_header(('Name', 'SHA256 Digest', 'File Type'))
output += md.table_row(
(json['name'],
md.url(
json['sha256_digest'],
'/#/{}/{}'.format(json['file_type'],
json['sha256_digest'])), json['file_type']))
if not json.keys():
output += md.table_row(('-', '-', '-'))
return output
def oleid_markdown(self, json):
output = md.table_header(['Name', 'Value', 'Description'])
for i in json:
output += md.table_row([
i['name'],
i['value'],
i['description']
])
if not json:
output += md.table_row(('-', '-', '-'))
return output
def extract_markdown(self, json):
output = md.table_header(('Name', 'SHA256 Digest', 'File Type'))
for sample in json:
output += md.table_row(
(sample['name'],
md.url(
sample['sha256_digest'],
'/#/{}/{}'.format(sample['file_type'],
sample['sha256_digest'])),
sample['file_type']))
if not json:
output += md.table_row(('-', '-', '-'))
return output
def sections_markdown(self, json):
output = md.table_header([
'Name', 'RVA', 'Virtual Size', 'Physical Address', 'Physical Size',
'Entropy'
])
for s in json: # pylint: disable=invalid-name
output += md.table_row([
s['name'], s['virtual_address'], s['virtual_size'],
s['physical_address'], s['physical_size'], s['entropy']
])
if not json:
md.table_row(('-', '-', '-', '-', '-', '-'))
return output
def fuzzy_search_markdown(json):
output = md.table_header(('File Name', 'SHA256', 'Match (%)'))
count = 0
for j in json:
output += md.table_row(
(md.url(str(j[0]),
'samples/' + str(j[1])), str(j[1]), str(j[3])))
count += 1
if count:
output += md.paragraph(md.bold('Hits:') + str(count))
else:
output += md.table_row(('-', '-', '-'))
output += md.paragraph(md.bold('Hits:') + '0')
return output
def test_table_row():
"""
Test table_row function
"""
output = md.table_row(('a', 'b'))
assert output == '| a | b |\r\n'
def olevba_streams_markdown(self, json):
# NOTE: Linebreaks in markdown tables are pants and we don't allow raw
# html so, we will have to take the ugly approach
output = md.table_header(('Stream', 'Stream Path', 'VBA Filename', 'Code'))
for stream in json:
code = stream['code'].replace('\r\n\r\n', '\r\n').split('\r\n')
output += md.table_row((
stream['stream'],
stream['stream_path'],
stream['vba_filename'],
md.code(md.sanitize(code[0]), inline=True)
))
for extra in code[1:]:
output += md.table_row(('', '', '', md.code(md.sanitize(extra), inline=True)))
if not json:
output += md.table_row(('-', '-', '-', '-'))
return output
def parents_markdown(self, json):
output = '| Compressed Parents |\r\n'
output += '| :------ |\r\n'
for name in json:
output += '| [' + name + '](https://www.virustotal.com/#/file/' + name + '/analysis) |' + '\r\n'
if not json:
output += md.table_row(('-'))
return output
def info_markdown(self, json):
"""
Parse the JSON info block data to Markdown.
"""
output = md.table_header(('Attribute', 'Value'))
output += md.table_row(
('MB Link',
'https://bazaar.abuse.ch/sample/' + str(json['sha256_hash'])))
if str(json['reporter']) == "anonymous":
reporter = "*Anonymous*"
else:
reporter = "[@"
reporter += str(json['reporter'])
reporter += "](https://twitter.com/"
reporter += str(json['reporter'])
reporter += ")"
output += md.table_row(('Reporter', reporter))
comment = str(json['comment']).partition('\n')[0].rstrip(':\r')
output += md.table_row(('Comment', comment))
taglist = ''
if not json['tags']:
taglist = 'None '
else:
for tag in json['tags']:
taglist += tag + ','
output += md.table_row(('Tags', taglist[:-1]))
output += md.table_row(('ClamAV', str(json['intelligence']['clamav'])))
output += md.table_row(('First seen', str(json['first_seen'])))
output += md.table_row(('Last seen', str(json['last_seen'])))
return output
def scan_markdown(self, json):
output = md.table_header(
['File', 'Rule', 'String', 'Offset', 'Description', 'Author'])
for r in json: # pylint: disable=invalid-name
output += md.table_row([
md.sanitize(r['file']),
md.bold(md.sanitize(r['rule'])),
md.code(md.sanitize(r['hits'][0]['hit']), inline=True)
if r['hits'] else '',
md.code(md.sanitize(r['hits'][0]['offset']), inline=True)
if r['hits'] else '',
md.sanitize(r['description']),
md.sanitize(r['author'])
])
for hit in r['hits'][1:]:
output += md.table_row(
('', '', md.code(md.sanitize(hit['hit']), inline=True),
md.code(md.sanitize(hit['offset']), inline=True), '', ''))
if not json:
output += md.table_row(('-', '-', '-', '-', '-'))
return output
def functions_markdown(self, json):
output = md.h3('Exports')
output += md.table_header(('Virtual Address', 'Size', 'Type', 'Name'))
if not json['exports']:
output += md.table_row(('-', '-', '-', '-'))
else:
for row in json['exports']:
output += md.table_row(
('0x%08x' % row['vaddr'], '%u' % row['size'], row['type'],
md.bold(row['name'])))
output += md.newline()
output += md.h3('Functions')
output += md.table_header(('Address Range', 'Offset', 'Size', 'Name'))
if not json['functions']:
output += md.table_row(('-', '-', '-'))
else:
for row in json['functions']:
output += md.table_row(
(md.bold(row['address_range']), '0x%08x' % row['offset'],
'%u' % row['size'], row['name']))
return output
def info_markdown(self, json):
output = md.table_header(('Machine', 'Score'))
for j in json['info']:
score = j['score']
if score > 5:
s = "%red " + str(score) + " %"
elif score > 3:
s = "%yellow " + str(score) + " %"
else:
s = str(score)
output += md.table_row((j['name'], s))
return output
def info_markdown(self, json):
output = md.table_header(('Attribute', 'Value'))
output += md.table_row(('VT Link', json['vt_link']))
output += md.table_row(('First Seen', json['first_seen']))
output += md.table_row(('Last Seen', json['last_seen']))
if int(json['score'].split('/')[0]) < 3:
output += md.table_row(('Score', json['score']))
else:
output += md.table_row(('Score', json['score']))
output += md.table_row(('Times Submitted', str(json['times_submitted'])))
output += md.table_row(('Type', json['type']))
return output
def oledir_markdown(self, json):
output = md.table_header(['id', 'Status', 'Type', 'Name', 'Left', 'Right', 'Child', '1st Sec', 'Size'])
j = 0
if not json:
output += md.table_row(('-', '-', '-'))
for i in json:
while j < len(i):
if not 'obj_tree' in i[j]:
output += md.table_row([
str(i[j]['id']),
str(i[j]['Status']),
str(i[j]['Type']),
str(i[j]['Name']),
str(i[j]['Left']),
str(i[j]['Right']),
str(i[j]['Child']),
str(i[j]['1st_Sect']),
str(i[j]['Size']),
])
j = j + 1
j = 0
output += '\n'
output += md.table_header(['id', 'Obj_tree', 'Name', 'Size', 'CLSID'])
for i in json:
if 'obj_tree' in str(i[j]):
while j < len(i):
output += md.table_row([
str(i[j]['id2']),
str(i[j]['obj_tree']),
str(i[j]['Name']),
str(i[j]['Size']),
str(i[j]['CLSID']).replace('\n',' ')
])
j = j + 1
return output
def reports_markdown(self, json):
output = md.table_header(('ID', 'URL', 'Timestamp', 'Status'))
for r in json['reports']:
output += md.table_row(
(r['id'], r['url'], r['timestamp'], r['status']))
return output
def metadata_markdown(self, json):
output = md.table_header(('Attribute', 'Value'))
for k, v in json.items():
output += md.table_row((k, v))
return output
