Ejemplo n.º 1
0
def run_analysis(output_file, pretty, file):
    """Run full analysis."""
    # copy file to tmp folder
    data_dir = f'{lisa_path}/tmp/lala'

    if not os.path.exists(data_dir):
        os.makedirs(data_dir)

    ret_val = os.system(f'cp {file} {data_dir}')

    if ret_val:
        log.critical('Error acessing folder.')
        sys.exit(1)

    # run top level and submodules
    master = Master(file, data_dir)
    master.load_analyzers()
    master.run()

    analysis_output = master.output

    # output to proper directory
    if not output_file:
        output_file = os.path.dirname(file)

    if not output_file.endswith('/'):
        output_file += '/'

    # construct output file name
    file_name = analysis_output['file_name'] + '.'
    file_name += analysis_output['analysis_start_time'] + '.json'

    output_file += file_name

    save_output(master.output, output_file, pretty)
Ejemplo n.º 2
0
def full_analysis(self, file_path, pretty=False, exec_time=20):
    """Full sandbox analysis task.

    :param file_path: Path to file.
    :param pretty: Output json indentation.
    :param exec_time: Execution time.
    """
    self.update_state(meta={'filename': os.path.basename(file_path)})

    data_dir = f'{storage_path}/{self.request.id}'

    # run top level and submodules
    master = Master(file_path, data_dir, exec_time)
    master.load_analyzers()
    master.run()

    output_file = f'{data_dir}/report.json'

    save_output(master.output, output_file, pretty)
    stix_file=transfer(f'{data_dir}/report.json',f'{data_dir}')
    produce('lisa',os.path.join(f"/root/module/lisa_/lisaMine/data/storage/{self.request.id}",stix_file))
    produce('lisatohdfs', os.path.join(f"/root/module/lisa_/lisaMine/data/storage/{self.request.id}", stix_file))
    with open('/home/lisa/data/storage/log.txt','a') as logfile:	
        logfile.write(stix_file)
    return 'binary'
Ejemplo n.º 3
0
def pcap_analysis_multi(pretty, folder_path):
    """Analyze whole folder of pcaps. Output json saved next to
    original pcap."""

    # get pcap paths
    full_path = os.path.abspath(folder_path)
    pcaps = glob.glob(f'{full_path}/**/*.pcap', recursive=True)

    number_of_pcaps = len(pcaps)
    log.info(f'Starting analysis of {number_of_pcaps} pcaps.')

    # analyze pcaps
    for i, pcap_path in enumerate(pcaps):
        log.info(f'Starting analysis of {pcap_path}.')
        log.debug('Creating analyzer.')
        pcap = AnalyzedPcap(pcap_path)
        analyzer = NetworkAnalyzer(None, pcap.path, None)

        log.debug('Calling analyze_pcap().')
        analyzer.analyze_pcap()

        # set output path
        dir_name = pcap.dir
        if not dir_name.endswith('/'):
            dir_name += '/'

        file_name = f'network.{pcap.name}.json'
        output_file = dir_name + file_name

        output = pcap.output
        output['network_analysis'] = analyzer.output
        save_output(output, output_file, pretty)

        log.info(f'Analyzed {i+1}/{number_of_pcaps} pcaps.')
Ejemplo n.º 4
0
def static_analysis(output_file, pretty, file):
    """Run static analysis module on ELF file."""
    analyzed_file = AnalyzedFile(file)
    analyzer = StaticAnalyzer(analyzed_file)
    output = analyzer.run_analysis()

    # output to proper directory
    if not output_file:
        output_file = os.path.dirname(file)

    if not output_file.endswith('/'):
        output_file += '/'

    # construct output file name
    file_name = f'static.{os.path.basename(file)}.json'

    output_file += file_name

    save_output(output, output_file, pretty)
Ejemplo n.º 5
0
def pcap_analysis(self, pcap_path, pretty=False):
    """Pcap analysis task.

    :param pcap_path: Path to pcap.
    :param pretty: Output json indentation.
    """
    self.update_state(meta={'filename': os.path.basename(pcap_path)})

    pcap = AnalyzedPcap(pcap_path)
    analyzer = NetworkAnalyzer(None, pcap.path, None)
    analyzer.analyze_pcap()

    output_file = f'{storage_path}/{self.request.id}/report.json'

    output = pcap.output
    output['network_analysis'] = analyzer.output

    save_output(output, output_file, pretty)

    return 'pcap'
Ejemplo n.º 6
0
def full_analysis(self, file_path, pretty=False, exec_time=20):
    """Full sandbox analysis task.

    :param file_path: Path to file.
    :param pretty: Output json indentation.
    :param exec_time: Execution time.
    """
    self.update_state(meta={'filename': os.path.basename(file_path)})

    data_dir = f'{storage_path}/{self.request.id}'

    # run top level and submodules
    master = Master(file_path, data_dir, exec_time)
    master.load_analyzers()
    master.run()

    output_file = f'{data_dir}/report.json'

    save_output(master.output, output_file, pretty)

    return 'binary'
Ejemplo n.º 7
0
def pcap_analysis(output_file, pretty, ip_address, pcap_path):
    """Run pcap analysis from networking module."""
    pcap = AnalyzedPcap(pcap_path)
    analyzer = NetworkAnalyzer(None, pcap.path, ip_address)
    analyzer.analyze_pcap()

    # output to proper directory
    if not output_file:
        output_file = os.path.dirname(pcap_path)

    if not output_file.endswith('/'):
        output_file += '/'

    # construct output file name
    file_name = f'network.{pcap.name}.json'
    output_file += file_name

    output = pcap.output
    output['network_analysis'] = analyzer.output

    save_output(output, output_file, pretty)