Ejemplo n.º 1
0
def autorun_module(file_hash):
    if not file_hash:
        return
    # We need an open session
    if not __sessions__.is_set():
        # Open session
        __sessions__.new(get_sample_path(file_hash))
    for cmd_line in cfg.autorun.commands.split(','):
        split_commands = cmd_line.split(';')
        for split_command in split_commands:
            split_command = split_command.strip()
            if not split_command:
                continue
            root, args = parse(split_command)
            try:
                if root in __modules__:
                    module = __modules__[root]['obj']()
                    module.set_commandline(args)
                    module.run()
                    print_info("Running Command {0}".format(split_command))
                    if cfg.modules.store_output and __sessions__.is_set():
                        Database().add_analysis(file_hash, split_command, module.output)
                    if cfg.autorun.verbose:
                        print_output(module.output)
                    del(module.output[:])
                else:
                    print_error('{0} is not a valid command. Please check your viper.conf file.'.format(cmd_line))
            except:
                print_error('Viper was unable to complete the command {0}'.format(cmd_line))
    return 
Ejemplo n.º 2
0
def autorun_module(file_hash):
    if not file_hash:
        return
    # We need an open session
    if not __sessions__.is_set():
        # Open session
        __sessions__.new(get_sample_path(file_hash))
    for cmd_line in cfg.autorun.commands.split(','):
        split_commands = cmd_line.split(';')
        for split_command in split_commands:
            split_command = split_command.strip()
            if not split_command:
                continue
            root, args = parse(split_command)
            try:
                if root in __modules__:
                    module = __modules__[root]['obj']()
                    module.set_commandline(args)
                    module.run()
                    print_info("Running Command {0}".format(split_command))
                    if cfg.modules.store_output and __sessions__.is_set():
                        Database().add_analysis(file_hash, split_command,
                                                module.output)
                    if cfg.autorun.verbose:
                        print_output(module.output)
                    del (module.output[:])
                else:
                    print_error(
                        '{0} is not a valid command. Please check your viper.conf file.'
                        .format(cmd_line))
            except:
                print_error(
                    'Viper was unable to complete the command {0}'.format(
                        cmd_line))
    return
Ejemplo n.º 3
0
 def bupextract():
     # Check for valid OLE
     if not OleFileIO_PL.isOleFile(__sessions__.current.file.path):
         print_error("Not a valid BUP File")
         return
     ole = OleFileIO_PL.OleFileIO(__sessions__.current.file.path)
     # We know that BUPS are xor'd with 6A which is dec 106 for the decoder
     print_info("Switching Session to Embedded File")
     data = xordata(ole.openstream('File_0').read(), 106)
     # this is a lot of work jsut to get a filename.
     data2 = xordata(ole.openstream('Details').read(), 106)
     ole.close()
     lines = data2.split('\n')
     for line in lines:
         if line.startswith('OriginalName'):
             fullpath = line.split('=')[1]
             pathsplit = fullpath.split('\\')
             filename = str(pathsplit[-1][:-1])
     # now lets write the data out to a file and get a session on it
     if data:
         tempName = os.path.join('/tmp', filename)
         with open(tempName, 'w') as temp:
             temp.write(data)
         __sessions__.new(tempName)
         return
     else:
         print_error("Unble to Switch Session")
Ejemplo n.º 4
0
 def store(self):
     try:
         event_path = os.path.join(self.cur_path, 'misp_events')
         if not os.path.exists(event_path):
             os.mkdir(event_path)
         if self.args.list:
             header = ['Event ID', 'Title']
             rows = []
             for eid, path, title in self._get_local_events(event_path):
                 rows.append((eid, title))
             self.log('table', dict(header=header, rows=sorted(rows, key=lambda i: (int(i[0])))))
         elif self.args.update:
             for eid, path, title in self._get_local_events(event_path):
                 event = self.misp.get(eid)
                 with open(path, 'w') as f:
                     f.write(json.dumps(event))
                 self.log('success', '{} updated successfully.'.format(eid))
         elif self.args.delete:
             path = os.path.join(event_path, '{}.json'.format(self.args.delete))
             if os.path.exists(path):
                 os.remove(path)
                 self.log('success', '{} removed successfully.'.format(self.args.delete))
             else:
                 self.log('error', '{} does not exists.'.format(self.args.delete))
         elif self.args.open:
             path = os.path.join(event_path, '{}.json'.format(self.args.open))
             if os.path.exists(path):
                 e_json = json.loads(open(path, 'r').read())
                 __sessions__.new(misp_event=MispEvent(e_json))
             else:
                 self.log('error', '{} does not exists.'.format(self.args.open))
         elif __sessions__.is_attached_misp():
             self._dump(__sessions__.current.misp_event.event)
     except IOError as e:
         self.log('error', e.strerror)
Ejemplo n.º 5
0
def create_event(self):
    if self.args.threat is not None:
        # Dirty trick to keep consistency in the module: the threat level in the upload
        # API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
        # It will be fixed in a near future, in the meantime, we do that:
        self.args.threat += 1

    if not self.args.info:
        self.log('error', 'Info field is required for a new event')
    info = ' '.join(self.args.info)

    # Check if the following arguments have been set (and correctly set). If not, take the config values
    self.args.distrib = self.distribution if self.args.distrib is None else self.args.distrib
    self.args.sharing = self.sharinggroup if self.args.sharing is None else self.args.sharing

    if self.args.sharing and self.args.distrib != 4:
        self.args.sharing = None
        self.log('info', "Sharing group can only be set if distribution is 4. Clearing set value")

    misp_event = MISPEvent()
    misp_event.from_dict(info=info, distribution=self.args.distrib,
                         sharing_group_id=self.args.sharing, threat_level_id=self.args.threat,
                         analysis=self.args.analysis, date=self.args.date)
    self._search_local_hashes(misp_event)
    if self.offline_mode:
        # New event created locally, no ID
        __sessions__.current.misp_event.current_dump_file = self._dump()
        __sessions__.current.misp_event.offline()
    else:
        misp_event = self.misp.add_event(misp_event)
        if self._has_error_message(misp_event):
            return
        __sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
        self._dump()
Ejemplo n.º 6
0
 def bupextract():
     # Check for valid OLE
     if not OleFileIO_PL.isOleFile(__sessions__.current.file.path):
         print_error("Not a valid BUP File")
         return
     ole = OleFileIO_PL.OleFileIO(__sessions__.current.file.path)
     # We know that BUPS are xor'd with 6A which is dec 106 for the decoder
     print_info("Switching Session to Embedded File")
     data = xordata(ole.openstream('File_0').read(), 106)
     # this is a lot of work jsut to get a filename.
     data2 = xordata(ole.openstream('Details').read(), 106)
     ole.close()
     lines = data2.split('\n')
     for line in lines:
         if line.startswith('OriginalName'):
             fullpath = line.split('=')[1]
             pathsplit = fullpath.split('\\')
             filename = str(pathsplit[-1][:-1])
     # now lets write the data out to a file and get a session on it
     if data:
         tempName = os.path.join('/tmp', filename)
         with open(tempName, 'w') as temp:
             temp.write(data)
         __sessions__.new(tempName)
         return
     else:
         print_error("Unble to Switch Session")
Ejemplo n.º 7
0
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("-p",
                        "--project",
                        help="Specify a new or existing project name",
                        action="store",
                        required=False)
    parser.add_argument("-f",
                        "--file",
                        help="Specify a file to be opened directly",
                        action="store",
                        required=False)
    parser.add_argument("--version", action="version", version=__version__)

    args = parser.parse_args()

    if args.project:
        __project__.open(args.project)

    if args.file:
        if not os.path.exists(args.file):
            print("ERROR: The specified path does not exist")
            sys.exit(-1)

        __sessions__.new(args.file)

    c = console.Console()
    c.start()
Ejemplo n.º 8
0
        def att_session(att_id, msg, ole_flag):
            att_count = 0
            if ole_flag:
                ole = msg
                # Hard part now, each part of the attachment is in a seperate stream

                # need to get a unique stream id for each att
                # its in the streamname as an 8 digit number.
                for i in range(
                        20
                ):  # arbitrary count of emails. i dont expecet this many
                    stream_number = str(i).zfill(8)
                    stream_name = '__attach_version1.0_#' + stream_number
                    #Unicode
                    try:
                        att_filename = ole.openstream(
                            stream_name + '/__substg1.0_3704001F').read()
                        att_filename = att_filename.replace('\x00', '')
                        att_data = ole.openstream(
                            stream_name + '/__substg1.0_37010102').read()
                    except:
                        pass
                    # ASCII
                    try:
                        att_filename = ole.openstream(
                            stream_name + '/__substg1.0_3704001E').read()
                        att_data = ole.openstream(
                            stream_name + '/__substg1.0_37010102').read()
                    except:
                        pass
                    if i == att_id:
                        print_info(
                            "Switching session to {0}".format(att_filename))
                        tmp_path = os.path.join(tempfile.gettempdir(),
                                                att_filename)
                        with open(tmp_path, 'w') as tmp:
                            tmp.write(att_data)
                        __sessions__.new(tmp_path)
                        return

            else:
                for part in msg.walk():
                    if part.get_content_maintype(
                    ) == 'multipart' or not part.get('Content-Disposition'):
                        continue

                    att_count += 1
                    if att_count == att_id:
                        print_info("Switching session to {0}".format(
                            part.get_filename()))
                        data = part.get_payload(decode=True)

                        if data:
                            tmp_path = os.path.join(tempfile.gettempdir(),
                                                    part.get_filename())
                            with open(tmp_path, 'w') as tmp:
                                tmp.write(data)

                            __sessions__.new(tmp_path)
                            return
Ejemplo n.º 9
0
def module_cmdline(cmd_line, file_hash):
    html = ""
    cmd = Commands()
    split_commands = cmd_line.split(';')
    for split_command in split_commands:
        split_command = split_command.strip()
        if not split_command:
            continue
        root, args = parse(split_command)
        try:
            if root in cmd.commands:
                cmd.commands[root]['obj'](*args)
                html += print_output(cmd.output)
                del (cmd.output[:])
            elif root in __modules__:
                # if prev commands did not open a session open one on the current file
                if file_hash:
                    path = get_sample_path(file_hash)
                    __sessions__.new(path)
                module = __modules__[root]['obj']()
                module.set_commandline(args)
                module.run()

                html += print_output(module.output)
                if cfg.modules.store_output and __sessions__.is_set():
                    Database().add_analysis(file_hash, split_command, module.output)
                del (module.output[:])
            else:
                html += '<p class="text-danger">{0} is not a valid command</p>'.format(cmd_line)
        except Exception as e:
            html += '<p class="text-danger">We were unable to complete the command {0}</p>'.format(cmd_line)
    __sessions__.close()
    return html
Ejemplo n.º 10
0
    def run(self, *args):
        try:
            args = self.parser.parse_args(args)
        except SystemExit:
            return

        if __sessions__.is_set():
            if not __sessions__.current.file.id:
                self.log(
                    'error',
                    "The opened file does not have an ID, have you stored it yet?"
                )
                return

            self.log(
                'info', "Current name is: {}".format(
                    bold(__sessions__.current.file.name)))

            new_name = input("New name: ")
            if not new_name:
                self.log('error', "File name can't  be empty!")
                return

            Database().rename(__sessions__.current.file.id, new_name)

            self.log('info', "Refreshing session to update attributes...")
            __sessions__.new(__sessions__.current.file.path)
        else:
            self.log(
                'error',
                "No open session. This command expects a file to be open.")
Ejemplo n.º 11
0
 def publish(self):
     current_event = copy.deepcopy(__sessions__.current.misp_event.event)
     event = self.misp.publish(current_event)
     if not self._has_error_message(event):
         self.log('success',
                  'Event {} published.'.format(event['Event']['id']))
         __sessions__.new(misp_event=MispEvent(event))
Ejemplo n.º 12
0
def run_module():
    project = request.forms.get('project')
    if project:
        __project__.open(project)

    sha256 = request.forms.get('sha256')
    if sha256:
        file_path = get_sample_path(sha256)
        if file_path:
            __sessions__.new(file_path)

    module_name = request.forms.get('module')
    if module_name in __modules__:
        module = __modules__[module_name]['obj']()
        module.run()

        module_output = copy.deepcopy(module.output)
        del (module.output[:])

        if module_output:
            return jsonize(
                dict(project=project,
                     module=module_name,
                     sha256=sha256,
                     output=module_output))
Ejemplo n.º 13
0
    def test_create_event(self, capsys):
        instance = misp.MISP()
        instance.command_line = ['--url', url, '-k', apikey, '-v', 'create_event', '-i', 'Viper test event']

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Session opened on MISP event.*", out)
        event_id = re.findall(r".*Session opened on MISP event (.*)\..*", out)[0]

        instance.command_line = ['--url', url, '-k', apikey, '-v', 'add', 'ip-dst', '8.8.8.8']
        instance.run()
        out, err = capsys.readouterr()
        assert re.search(rf".*Session on MISP event {event_id} refreshed.*", out)

        instance.command_line = ['--url', url, '-k', apikey, '-v', 'show']
        instance.run()
        out, err = capsys.readouterr()
        assert re.search(r".*ip-dst | 8.8.8.8.*", out)

        __sessions__.new(os.path.join(FIXTURE_DIR, 'chromeinstall-8u31.exe'))

        instance.command_line = ['add_hashes']
        instance.run()
        instance.command_line = ['--url', url, '-k', apikey, '-v', 'show']
        instance.run()
        out, err = capsys.readouterr()
        assert re.search(rf".*Session on MISP event {event_id} refreshed.*", out)
Ejemplo n.º 14
0
    def create_event(self):
        if self.args.threat is not None:
            # Dirty trick to keep consistency in the module: the threat level in the upload
            # API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
            # It will be fixed in a near future, in the meantime, we do that:
            self.args.threat += 1

        if not self.args.info:
            self.log('error', 'Info field is required for a new event')
        info = ' '.join(self.args.info)

        misp_event = MISPEvent()
        misp_event.set_all_values(info=info, distribution=self.args.distrib,
                                  threat_level_id=self.args.threat, analysis=self.args.analysis,
                                  date=self.args.date)
        self._search_local_hashes(misp_event)
        if self.offline_mode:
            # New event created locally, no ID
            __sessions__.current.misp_event.current_dump_file = self._dump()
            __sessions__.current.misp_event.offline()
        else:
            misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
            if self._has_error_message(misp_event):
                return
            __sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
            self._dump()
Ejemplo n.º 15
0
def create_event(self):
    if self.args.threat is not None:
        # Dirty trick to keep consistency in the module: the threat level in the upload
        # API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
        # It will be fixed in a near future, in the meantime, we do that:
        self.args.threat += 1

    if not self.args.info:
        self.log('error', 'Info field is required for a new event')
    info = ' '.join(self.args.info)

    # Check if the following arguments have been set (and correctly set). If not, take the config values
    self.args.distrib = self.distribution if self.args.distrib is None else self.args.distrib
    self.args.sharing = self.sharinggroup if self.args.sharing is None else self.args.sharing

    if self.args.sharing and self.args.distrib != 4:
        self.args.sharing = None
        self.log('info', "Sharing group can only be set if distribution is 4. Clearing set value")

    misp_event = MISPEvent()
    misp_event.set_all_values(info=info, distribution=self.args.distrib,
                              sharing_group_id=self.args.sharing, threat_level_id=self.args.threat,
                              analysis=self.args.analysis, date=self.args.date)
    self._search_local_hashes(misp_event)
    if self.offline_mode:
        # New event created locally, no ID
        __sessions__.current.misp_event.current_dump_file = self._dump()
        __sessions__.current.misp_event.offline()
    else:
        misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
        if self._has_error_message(misp_event):
            return
        __sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
        self._dump()
Ejemplo n.º 16
0
    def post(self, request, *args, **kwargs):
        print("IN F*****G DELETE PARENT VIEW")
        child = request.POST.get('child').lower()
        parent = request.POST.get('parent').lower()
        project = request.POST.get('project', 'default')
        db = open_db(project)

        if not child:
            log.error("no sha256 hashed for child provided")
            raise Http404("no sha256 hashed for child provided")
        if not parent:
            log.error("no sha256 hashed for parent provided")
            raise Http404("no sha256 hashed for parent provided")

        # Open a session
        try:
            path = get_sample_path(child)
            if not path:
                raise Http404(
                    "could not retrieve file for sha256 hash: {}".format(
                        child))
            __sessions__.new(path)
        except Exception as err:
            log.error("Error: {}".format(err))
            return HttpResponse(
                '<span class="alert alert-danger">Invalid Submission</span>'.
                format())

        db.delete_parent(child)

        return redirect(
            reverse("file-view", kwargs={
                "project": project,
                "sha256": child
            }))
Ejemplo n.º 17
0
def module_cmdline(cmd_line, file_hash):
    html = ""
    cmd = Commands()
    split_commands = cmd_line.split(';')
    for split_command in split_commands:
        split_command = split_command.strip()
        if not split_command:
            continue
        root, args = parse(split_command)
        try:
            if root in cmd.commands:
                cmd.commands[root]['obj'](*args)
                html += print_output(cmd.output)
                del (cmd.output[:])
            elif root in __modules__:
                # if prev commands did not open a session open one on the current file
                if file_hash:
                    path = get_sample_path(file_hash)
                    __sessions__.new(path)
                module = __modules__[root]['obj']()
                module.set_commandline(args)
                module.run()

                html += print_output(module.output)
                del (module.output[:])
            else:
                html += '<p class="text-danger">{0} is not a valid command</p>'.format(
                    cmd_line)
        except:
            html += '<p class="text-danger">We were unable to complete the command {0}</p>'.format(
                cmd_line)
    __sessions__.close()
    return html
Ejemplo n.º 18
0
    def cmd_tags(self, *args):
        parser = argparse.ArgumentParser(
            prog='tags', description="Modify tags of the opened file")
        parser.add_argument(
            '-a',
            '--add',
            metavar='TAG',
            help="Add tags to the opened file (comma separated)")
        parser.add_argument('-d',
                            '--delete',
                            metavar='TAG',
                            help="Delete a tag from the opened file")
        try:
            args = parser.parse_args(args)
        except:
            return

        # This command requires a session to be opened.
        if not __sessions__.is_set():
            self.log('error', "No open session")
            parser.print_usage()
            return

        # If no arguments are specified, there's not much to do.
        # However, it could make sense to also retrieve a list of existing
        # tags from this command, and not just from the "find" command alone.
        if args.add is None and args.delete is None:
            parser.print_usage()
            return

        # TODO: handle situation where addition or deletion of a tag fail.

        db = Database()
        if not db.find(key='sha256', value=__sessions__.current.file.sha256):
            self.log(
                'error', "The opened file is not stored in the database. "
                "If you want to add it use the `store` command.")
            return

        if args.add:
            # Add specified tags to the database's entry belonging to
            # the opened file.
            db.add_tags(__sessions__.current.file.sha256, args.add)
            self.log('info', "Tags added to the currently opened file")

            # We refresh the opened session to update the attributes.
            # Namely, the list of tags returned by the 'info' command
            # needs to be re-generated, or it wouldn't show the new tags
            # until the existing session is closed a new one is opened.
            self.log('info', "Refreshing session to update attributes...")
            __sessions__.new(__sessions__.current.file.path)

        if args.delete:
            # Delete the tag from the database.
            db.delete_tag(args.delete, __sessions__.current.file.sha256)
            # Refresh the session so that the attributes of the file are
            # updated.
            self.log('info', "Refreshing session to update attributes...")
            __sessions__.new(__sessions__.current.file.path)
Ejemplo n.º 19
0
    def test_no_argument(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = Macho()

        instance.run()
        out, err = capsys.readouterr()

        lines = out.split("\n")
        assert re.search(r".*Session opened on.*", lines[0])
Ejemplo n.º 20
0
def file_view(request, sha256=False, project='default'):
    if not sha256:
        return render(request, '404.html')
    print sha256
    db = open_db(project)
    # Open a session
    try:
        path = get_sample_path(sha256)
        __sessions__.new(path)
    except:
        return render(request, '404.html')

    # Get the file info
    file_info = {
        'name': __sessions__.current.file.name,
        'tags': __sessions__.current.file.tags.split(','),
        'path': __sessions__.current.file.path,
        'size': __sessions__.current.file.size,
        'type': __sessions__.current.file.type,
        'mime': __sessions__.current.file.mime,
        'md5': __sessions__.current.file.md5,
        'sha1': __sessions__.current.file.sha1,
        'sha256': __sessions__.current.file.sha256,
        'sha512': __sessions__.current.file.sha512,
        'ssdeep': __sessions__.current.file.ssdeep,
        'crc32': __sessions__.current.file.crc32,
        'parent': __sessions__.current.file.parent,
        'children': __sessions__.current.file.children.split(',')
    }

    # Get Any Notes
    note_list = []
    module_history = []
    malware = db.find(key='sha256', value=sha256)
    if malware:
        notes = malware[0].note
        if notes:
            for note in notes:
                note_list.append({'title': note.title,
                                  'body': note.body,
                                  'id': note.id
                                  })
        analysis_list = malware[0].analysis
        if analysis_list:
            for ana in analysis_list:
                module_history.append({'id': ana.id,
                                       'cmd_line': ana.cmd_line
                                       })

    # Return the page
    return render(request, 'file.html', {'file_info': file_info,
                                         'note_list': note_list,
                                         'error_line': False,
                                         'project': project,
                                         'projects': project_list(),
                                         'module_history': module_history
                                         })
Ejemplo n.º 21
0
    def test_export(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = office()
        instance.command_line = ["-e", 'out_all']

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*out_all/ObjectPool-_1398590705-Contents*", out)
Ejemplo n.º 22
0
 def cmd_new(self, *args):
     title = input("Enter a title for the new file: ")
     # Create a new temporary file.
     tmp = tempfile.NamedTemporaryFile(delete=False)
     # Open the temporary file with the default editor, or with nano.
     os.system('"${EDITOR:-nano}" ' + tmp.name)
     __sessions__.new(tmp.name)
     __sessions__.current.file.name = title
     print_info('New file with title "{0}" added to the current session'.format(bold(title)))
Ejemplo n.º 23
0
    def test_oleid(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = office.Office()
        instance.command_line = ["-o"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Macros .*| True.*", out)
Ejemplo n.º 24
0
    def test_run_session(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = fuzzy.Fuzzy()
        instance.command_line = []

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*relevant matches found.*", out)
Ejemplo n.º 25
0
    def test_export(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = office.Office()
        instance.command_line = ["-e", 'out_all']

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*out_all/ObjectPool-_1398590705-Contents*", out)
Ejemplo n.º 26
0
    def test_oleid(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = office()
        instance.command_line = ["-o"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Macros .*| True.*", out)
Ejemplo n.º 27
0
    def test_info(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-i"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Package Name: de.rhab.helloworld*", out)
Ejemplo n.º 28
0
    def test_file(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-f"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*APK Contents.*", out)
Ejemplo n.º 29
0
    def test_dump_no_parameter(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-d"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*argument -d/--dump: expected one argument.*", out)
Ejemplo n.º 30
0
    def test_all(self, capsys, filename, pkg_name):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-a"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Package Name: {}.*".format(pkg_name), out)
Ejemplo n.º 31
0
    def test_code(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = office()
        instance.command_line = ["-c", 'out_macro']

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Writing VBA Code to out_macro.*", out)
Ejemplo n.º 32
0
    def test_meta(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = swf.SWF()
        instance.command_line = []

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*The opened file doesn't appear to be compressed.*", out)
Ejemplo n.º 33
0
    def test_code(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = office.Office()
        instance.command_line = ["-c", 'out_macro']

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Writing VBA Code to out_macro.*", out)
Ejemplo n.º 34
0
    def test_run_session(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = clamav.ClamAV()
        instance.command_line = []

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Clamav identify.*", out)
Ejemplo n.º 35
0
def _populate(self, event, original_attributes):
    if len(event.attributes) == original_attributes:
        self.log('info', "No new attributes to add.")
        return
    event.timestamp = int(time.time())
    result = self.misp.update(event._json())
    if not self._has_error_message(result):
        self.log('success', "All attributes updated successfully")
        __sessions__.new(misp_event=MispEvent(result, self.offline_mode))
Ejemplo n.º 36
0
    def test_run_session(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = fuzzy()
        instance.command_line = []

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*relevant matches found.*", out)
Ejemplo n.º 37
0
    def test_no_argument(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = macho()

        instance.run()
        out, err = capsys.readouterr()

        lines = out.split("\n")
        assert re.search(r".*Session opened on.*", lines[0])
Ejemplo n.º 38
0
    def test_streams(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = office.Office()
        instance.command_line = ["-s"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Macros/kfjtir .* 2017-04-09 19:03:45.905000 | 2017-04-09 19:03:45.920000.*", out)
Ejemplo n.º 39
0
    def test_perm(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk()
        instance.command_line = ["-p"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*APK Permissions.*", out)
Ejemplo n.º 40
0
 def publish(self):
     __sessions__.current.misp_event.event.publish()
     if self.offline_mode:
         self._dump()
     else:
         event = self.misp.update(__sessions__.current.misp_event.event)
         if not self._has_error_message(event):
             self.log('success', 'Event {} published.'.format(event['Event']['id']))
             __sessions__.new(misp_event=MispEvent(event, self.offline_mode))
Ejemplo n.º 41
0
    def test_streams(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = office.Office()
        instance.command_line = ["-s"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Macros/kfjtir .* 2017-04-09 19:03:45.905000 | 2017-04-09 19:03:45.920000.*", out)
Ejemplo n.º 42
0
    def test_resources(self, capsys, filename, expected):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = pe.PE()
        instance.command_line = ["resources"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(expected, expected)
Ejemplo n.º 43
0
    def test_security(self, capsys, filename, expected):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = pe.PE()
        instance.command_line = ["security"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*{}*".format(expected), out)
Ejemplo n.º 44
0
 def cmd_new(self, *args):
     title = raw_input("Enter a title for the new file: ")
     # Create a new temporary file.
     tmp = tempfile.NamedTemporaryFile(delete=False)
     # Open the temporary file with the default editor, or with nano.
     os.system('"${EDITOR:-nano}" ' + tmp.name)
     __sessions__.new(tmp.name)
     __sessions__.current.file.name = title
     print_info("New file with title \"{0}\" added to the current session".format(bold(title)))
Ejemplo n.º 45
0
    def test_resources(self, capsys, filename, expected):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = pe.PE()
        instance.command_line = ["resources"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(expected, expected)
Ejemplo n.º 46
0
    def test_security(self, capsys, filename, expected):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = pe.PE()
        instance.command_line = ["security"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*{}*".format(expected), out)
Ejemplo n.º 47
0
    def test_file(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-f"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*APK Contents.*", out)
Ejemplo n.º 48
0
    def test_info(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-i"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Package Name: de.rhab.helloworld*", out)
Ejemplo n.º 49
0
    def test_dump_no_parameter(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-d"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*argument -d/--dump: expected one argument.*", out)
Ejemplo n.º 50
0
    def test_all(self, capsys, filename, pkg_name):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-a"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*Package Name: {}.*".format(pkg_name), out)
Ejemplo n.º 51
0
    def test_language(self, capsys, filename, expected):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = pe.PE()
        instance.command_line = ["language"]

        instance.run()
        out, err = capsys.readouterr()
        lines = out.split("\n")

        assert re.search(expected, lines[1])
Ejemplo n.º 52
0
    def test_language(self, capsys, filename, expected):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = pe.PE()
        instance.command_line = ["language"]

        instance.run()
        out, err = capsys.readouterr()
        lines = out.split("\n")

        assert re.search(expected, lines[1])
Ejemplo n.º 53
0
    def test_all(self, capsys, filename, expected):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = emailparse.EmailParse()
        instance.command_line = ['-a']

        instance.run()
        out, err = capsys.readouterr()

        for e in expected:
            assert re.search(e, out)
Ejemplo n.º 54
0
    def test_url(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-u"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r".*http://schemas.android.com/apk/res/android.*", out)
        assert not re.search(r".*http://foo.example.bar.*", out)
Ejemplo n.º 55
0
    def test_cert(self, capsys, filename):
        __sessions__.new(os.path.join(FIXTURE_DIR, filename))
        instance = apk.AndroidPackage()
        instance.command_line = ["-c"]

        instance.run()
        out, err = capsys.readouterr()

        assert re.search(r"md5: 2487974b62a94eaa8254b95dd8ce8fc7", out)
        assert re.search(r"sha1: 652f6129c87d0540bf986fc00efd9ab8a78784de", out)
Ejemplo n.º 56
0
Archivo: add.py Proyecto: Rafiot/viper
def _check_add(self, new_event):
    old_related = self._find_related_id(__sessions__.current.misp_event.event)
    new_related = self._find_related_id(new_event)
    old_related_ids = [i[0] for i in old_related]
    for related, title in new_related:
        if related not in old_related_ids:
            self.log('success', 'New related event: {}/events/view/{} - {}'.format(self.url.rstrip('/'), related, title))
        else:
            self.log('info', 'Related event: {}/events/view/{} - {}'.format(self.url.rstrip('/'), related, title))
    __sessions__.new(misp_event=MispEvent(new_event, self.offline_mode))