Ejemplo n.º 1
0
def zip_do_zip(azip, afile):
    """ azip:ZipFile, afile:source archive(s) name """
    # test if encrypted
    try:
        azip.testzip()
    except RuntimeError as e:
        if 'encrypted' in str(e):
            log_encrypted(BF_ZIP, afile)
            return
        else:
            log_error(str(e), afile)

    # iterate directly over file names
    for member in azip.namelist():
        # sort directories out
        if member.endswith('/'):
            continue
        # check file name
        filename = os.path.basename(member).lower()
        res = RGX_INFILENAME.search(filename)
        if res:
            log_secret(res.group(), afile+':'+member)

        # check file content, calling other modules
        data = azip.read(member)
        (ftype, supported) = type_data(data, member)
        if supported:
            if ftype in ENCRYPTED:
                log_encrypted(ftype, member)
            else:
                do_data(ftype, data, afile+':'+member)
Ejemplo n.º 2
0
def text_do_text(text, afile):
    """text: lowercase test, afile: source file name """
    regex = '|'.join(INFILE)
    for match in re.finditer(regex, text):
        log_secret(match.group(), afile)
    if HASHES:
        search_hashes(text, afile)
Ejemplo n.º 3
0
def text_do_text(text, afile):
    """text: lowercase test, afile: source file name """
    regex = '|'.join(INFILE)
    for match in re.finditer(regex, text):
        log_secret(match.group(), afile)
    if HASHES:
        search_hashes(text, afile)
Ejemplo n.º 4
0
def zip_do_zip(azip, afile):
    """ azip:ZipFile, afile:source archive(s) name """
    # test if encrypted
    try:
        azip.testzip()
    except RuntimeError as e:
        if 'encrypted' in str(e):
            log_encrypted(BF_ZIP, afile)
            return
        else:
            log_error(str(e), afile)

    # iterate directly over file names
    for member in azip.namelist():
        # sort directories out
        if member.endswith('/'):
            continue
        # check file name
        filename = os.path.basename(member).lower()
        res = RGX_INFILENAME.search(filename)
        if res:
            log_secret(res.group(), afile + ':' + member)

        # check file content, calling other modules
        data = azip.read(member)
        (ftype, supported) = type_data(data, member)
        if supported:
            if ftype in ENCRYPTED:
                log_encrypted(ftype, member)
            else:
                do_data(ftype, data, afile + ':' + member)
Ejemplo n.º 5
0
def scan(path, count):
    """selects files to process, checks file names"""
    log_comment('scanning %s:' % path)
    scanned = 0
    bar_width = 32
    if count < bar_width:
        bar_width = count
    if count == 0:
        bar_width = 1
    sys.stdout.write('%s\n' % ("=" * bar_width))
    bar_blocksize = count / bar_width
    bar_left = bar_width
    bar_count = 0

    for root, dirs, files in os.walk(path):
        for skip in SKIP:
            if skip in dirs:
                dirs.remove(skip)
        for filename in files:
            abspath = os.path.abspath(os.path.join(root, filename))
            res = RGX_INFILENAME.search(filename.lower())
            if res:
                log_secret(res.group(), abspath)

            try:
                ftype, supported = type_file(abspath)
            except TypeError as e:
                log_error(str(e), abspath)
                continue

            if supported:
                if ftype in ENCRYPTED:
                    # report but do not process
                    log_encrypted(ftype, abspath)
                if ftype in EXE:
                    # report but do not process
                    if looks_uniform(filename=abspath):
                        log_packed(ftype, abspath)
                    else:
                        log_exe(ftype, abspath)
                else:
                    # process the file
                    do_file(ftype, abspath)
                    scanned += 1

            # update progress bar
            bar_count += 1
            if bar_count >= bar_blocksize and bar_left:
                sys.stdout.write("=")
                sys.stdout.flush()
                bar_count = 0
                bar_left -= 1

    sys.stdout.write("\n")
    log_comment('%d files supported were processed' % scanned)
    return scanned
Ejemplo n.º 6
0
def scan(path, count):
    """selects files to process, checks file names"""
    log_comment('scanning %s:' % path)
    scanned = 0
    bar_width = 32
    if count < bar_width:
        bar_width = count
    if count == 0:
        bar_width = 1
    sys.stdout.write('%s\n' % ("=" * bar_width))
    bar_blocksize = count / bar_width
    bar_left = bar_width
    bar_count = 0

    for root, dirs, files in os.walk(path):
        for skip in SKIP:
            if skip in dirs:
                dirs.remove(skip)
        for filename in files:
            abspath = os.path.abspath(os.path.join(root, filename))
            res = RGX_INFILENAME.search(filename.lower())
            if res:
                log_secret(res.group(), abspath)

            try:
                ftype, supported = type_file(abspath)
            except TypeError as e:
                log_error(str(e), abspath)
                continue

            if supported:
                if ftype in ENCRYPTED:  
                    # report but do not process
                    log_encrypted(ftype, abspath)
                if ftype in EXE:  
                    # report but do not process
                    if looks_uniform(filename=abspath):
                        log_packed(ftype, abspath)
                    else:
                        log_exe(ftype, abspath)
                else:
                    # process the file
                    do_file(ftype, abspath)
                    scanned += 1

            # update progress bar
            bar_count += 1
            if bar_count >= bar_blocksize and bar_left:
                sys.stdout.write("=")
                sys.stdout.flush()
                bar_count = 0
                bar_left -= 1

    sys.stdout.write("\n")
    log_comment('%d files supported were processed' % scanned)
    return scanned
Ejemplo n.º 7
0
def tar_do_tar(atar, afile):
    """ atar:TarFile, afile:source archive(s) name """
    # iterate over TarInfo's
    for member in atar.getmembers():
        # only process files
        if not member.isfile():
            continue
        # check file name
        filename = os.path.basename(member.name).lower()
        res = RGX_INFILENAME.search(filename)
        if res:
            log_secret(res.group(), afile + ':' + member.name)

        # check file content, calling other modules
        data = atar.extractfile(member).read()
        (ftype, supported) = type_data(data, member.name)
        if supported:
            if ftype in ENCRYPTED:
                log_encrypted(ftype, member.name)
            else:
                do_data(ftype, data, afile + ':' + member.name)
Ejemplo n.º 8
0
def text_do_text(text, afile):
    """text: lowercase test, afile: source file name """
    loggedFilename = False
    lines = text.splitlines()
    for lineno in range(len(lines)):
        line = lines[lineno]

        lineMatched = False
        wordsMatched = ""

        for match in re.finditer(RGX_INFILE, line):
            start = match.start()
            offset = start - text.rfind('\n', 0, start)
            lineMatched = True
            wordsMatched = " ".join(
                [wordsMatched,
                 "%s @ %d" % (match.group(0), offset)])

        if lineMatched:
            if not loggedFilename:
                log_secret("")
                log_secret("%s" % (afile))
                loggedFilename = True
            log_secret(",%s, Matches:%s" % (lineno, wordsMatched))

            if len(lines) > lineno - 2 and 0 <= lineno - 2:
                log_text_and_line_number((lineno - 2), lines[lineno - 2])
            if len(lines) > lineno - 1 and 0 <= lineno - 1:
                log_text_and_line_number((lineno - 1), lines[lineno - 1])

            log_text_and_line_number(lineno, lines[lineno])

            if len(lines) > lineno + 1:
                log_text_and_line_number((lineno + 1), lines[lineno + 1])
            if len(lines) > lineno + 2:
                log_text_and_line_number((lineno + 2), lines[lineno + 2])

    if HASHES:
        search_hashes(text, afile)
Ejemplo n.º 9
0
def log_text_and_line_number(lineno, text):
    output = io.BytesIO()
    writer = csv.writer(output)
    writer.writerow([text])
    log_secret(",,,%s,%s" % (lineno, output.getvalue().splitlines()[0]))
Ejemplo n.º 10
0
def search_hashes(text, afile):
    for match in re.finditer(HASH_REGEX, text):
        ahash = hash_string(match.group(0), HASH_KEY)
        if ahash in HASHES:
            log_secret('hash %s' % ahash, afile)
Ejemplo n.º 11
0
def search_hashes(text, afile):
    for match in re.finditer(HASH_REGEX, text):
        ahash = hash_string(match.group(0), HASH_KEY)
        if ahash in HASHES:
            log_secret('hash %s' % ahash, afile)