def staticanalyzer_windows(request, api=False):
"""Analyse a windows app."""
try:
# Input validation
print "[INFO] Windows Static Analysis Started"
app_dic = {} # Dict to store the binary attributes
if api:
typ = request.POST['scan_type']
rescan = str(request.POST.get('re_scan', 0))
checksum = request.POST['hash']
filename = request.POST['file_name']
else:
typ = request.GET['type']
rescan = str(request.GET.get('rescan', 0))
checksum = request.GET['checksum']
filename = request.GET['name']
md5_regex = re.match('^[0-9a-f]{32}$', checksum)
if (md5_regex) and (typ in ['appx']):
app_dic['app_name'] = filename # APP ORGINAL NAME
app_dic['md5'] = checksum
app_dic['app_dir'] = os.path.join(
settings.UPLD_DIR, app_dic['md5'] + '/')
app_dic['tools_dir'] = os.path.join(
settings.BASE_DIR, 'StaticAnalyzer/tools/windows/')
if typ == 'appx':
# DB
db_entry = StaticAnalyzerWindows.objects.filter( # pylint: disable-msg=E1101
MD5=app_dic['md5']
)
if db_entry.exists() and rescan == '0':
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title': db_entry[0].TITLE,
'name': db_entry[0].APP_NAME,
'pub_name': db_entry[0].PUB_NAME,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'bin_name': db_entry[0].BINNAME,
'version': db_entry[0].VERSION,
'arch': db_entry[0].ARCH,
'compiler_version': db_entry[0].COMPILER_VERSION,
'visual_studio_version': db_entry[0].VISUAL_STUDIO_VERSION,
'visual_studio_edition': db_entry[0].VISUAL_STUDIO_EDITION,
'target_os': db_entry[0].TARGET_OS,
'appx_dll_version': db_entry[0].APPX_DLL_VERSION,
'proj_guid': db_entry[0].PROJ_GUID,
'opti_tool': db_entry[0].OPTI_TOOL,
'target_run': db_entry[0].TARGET_RUN,
'files': python_list(db_entry[0].FILES),
'strings': python_list(db_entry[0].STRINGS),
'bin_an_results': python_list(db_entry[0].BIN_AN_RESULTS),
'bin_an_warnings': python_list(db_entry[0].BIN_AN_WARNINGS)
}
else:
print "[INFO] Windows Binary Analysis Started"
app_dic['app_path'] = os.path.join(
app_dic['app_dir'], app_dic['md5'] + '.appx')
# ANALYSIS BEGINS
app_dic['size'] = str(file_size(app_dic['app_path'])) + 'MB'
# Generate hashes
app_dic['sha1'], app_dic[
'sha256'] = hash_gen(app_dic['app_path'])
# EXTRACT APPX
print "[INFO] Extracting APPX"
app_dic['files'] = unzip(
app_dic['app_path'], app_dic['app_dir'])
xml_dic = _parse_xml(app_dic['app_dir'])
bin_an_dic = _binary_analysis(app_dic)
# Saving to db
print "\n[INFO] Connecting to DB"
if rescan == '1':
print "\n[INFO] Updating Database..."
StaticAnalyzerWindows.objects.filter( # pylint: disable-msg=E1101
MD5=app_dic['md5']
).update(
TITLE='Static Analysis',
APP_NAME=app_dic['app_name'],
PUB_NAME=xml_dic['pub_name'],
SIZE=app_dic['size'],
MD5=app_dic['md5'],
SHA1=app_dic['sha1'],
SHA256=app_dic['sha256'],
BINNAME=bin_an_dic['bin_name'],
VERSION=xml_dic['version'],
ARCH=xml_dic['arch'],
COMPILER_VERSION=xml_dic['compiler_version'],
VISUAL_STUDIO_VERSION=xml_dic[
'visual_studio_version'],
VISUAL_STUDIO_EDITION=xml_dic[
'visual_studio_edition'],
TARGET_OS=xml_dic['target_os'],
APPX_DLL_VERSION=xml_dic['appx_dll_version'],
PROJ_GUID=xml_dic['proj_guid'],
OPTI_TOOL=xml_dic['opti_tool'],
TARGET_RUN=xml_dic['target_run'],
FILES=app_dic['files'],
STRINGS=bin_an_dic['strings'],
BIN_AN_RESULTS=bin_an_dic['results'],
BIN_AN_WARNINGS=bin_an_dic['warnings'],
)
elif rescan == '0':
print "\n[INFO] Saving to Database"
db_item = StaticAnalyzerWindows(
TITLE='Static Analysis',
APP_NAME=app_dic['app_name'],
PUB_NAME=xml_dic['pub_name'],
SIZE=app_dic['size'],
MD5=app_dic['md5'],
SHA1=app_dic['sha1'],
SHA256=app_dic['sha256'],
BINNAME=bin_an_dic['bin_name'],
VERSION=xml_dic['version'],
ARCH=xml_dic['arch'],
COMPILER_VERSION=xml_dic['compiler_version'],
VISUAL_STUDIO_VERSION=xml_dic[
'visual_studio_version'],
VISUAL_STUDIO_EDITION=xml_dic[
'visual_studio_edition'],
TARGET_OS=xml_dic['target_os'],
APPX_DLL_VERSION=xml_dic['appx_dll_version'],
PROJ_GUID=xml_dic['proj_guid'],
OPTI_TOOL=xml_dic['opti_tool'],
TARGET_RUN=xml_dic['target_run'],
FILES=app_dic['files'],
STRINGS=bin_an_dic['strings'],
BIN_AN_RESULTS=bin_an_dic['results'],
BIN_AN_WARNINGS=bin_an_dic['warnings'],
)
db_item.save()
context = {
'title': 'Static Analysis',
'name': app_dic['app_name'],
'pub_name': xml_dic['pub_name'],
'size': app_dic['size'],
'md5': app_dic['md5'],
'sha1': app_dic['sha1'],
'sha256': app_dic['sha256'],
'bin_name': bin_an_dic['bin_name'],
'version': xml_dic['version'],
'arch': xml_dic['arch'],
'compiler_version': xml_dic['compiler_version'],
'visual_studio_version': xml_dic['visual_studio_version'],
'visual_studio_edition': xml_dic['visual_studio_edition'],
'target_os': xml_dic['target_os'],
'appx_dll_version': xml_dic['appx_dll_version'],
'proj_guid': xml_dic['proj_guid'],
'opti_tool': xml_dic['opti_tool'],
'target_run': xml_dic['target_run'],
'files': app_dic['files'],
'strings': bin_an_dic['strings'],
'bin_an_results': bin_an_dic['results'],
'bin_an_warnings': bin_an_dic['warnings'],
}
template = "static_analysis/windows_binary_analysis.html"
if api:
return context
else:
return render(request, template, context)
else:
msg = "File type not supported"
if api:
return print_n_send_error_response(request, msg, True)
else:
return print_n_send_error_response(request, msg, False)
else:
msg = "Hash match failed or Invalid file extension"
if api:
return print_n_send_error_response(request, msg, True)
else:
return print_n_send_error_response(request, msg, False)
except Exception as exception:
msg = str(exception)
exp_doc = exception.__doc__
if api:
return print_n_send_error_response(request, msg, True, exp_doc)
else:
return print_n_send_error_response(request, msg, False, exp_doc)
def staticanalyzer_windows(request):
"""Analyse a windows app."""
try:
# Input validation
print "[INFO] Windows Static Analysis Started"
app_dic = {} # Dict to store the binary attributes
typ = request.GET['type']
rescan = str(request.GET.get('rescan', 0))
md5_regex = re.match('^[0-9a-f]{32}$', request.GET['checksum'])
if (md5_regex) and (typ in ['appx']):
app_dic['app_name'] = request.GET['name'] # APP ORGINAL NAME
app_dic['md5'] = request.GET['checksum']
app_dic['app_dir'] = os.path.join(settings.UPLD_DIR,
app_dic['md5'] + '/')
app_dic['tools_dir'] = os.path.join(
settings.BASE_DIR, 'StaticAnalyzer/tools/windows/')
if typ == 'appx':
# DB
db_entry = StaticAnalyzerWindows.objects.filter( # pylint: disable-msg=E1101
MD5=app_dic['md5'])
if db_entry.exists() and rescan == '0':
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title': db_entry[0].TITLE,
'name': db_entry[0].APP_NAME,
'pub_name': db_entry[0].PUB_NAME,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'bin_name': db_entry[0].BINNAME,
'version': db_entry[0].VERSION,
'arch': db_entry[0].ARCH,
'compiler_version': db_entry[0].COMPILER_VERSION,
'visual_studio_version':
db_entry[0].VISUAL_STUDIO_VERSION,
'visual_studio_edition':
db_entry[0].VISUAL_STUDIO_EDITION,
'target_os': db_entry[0].TARGET_OS,
'appx_dll_version': db_entry[0].APPX_DLL_VERSION,
'proj_guid': db_entry[0].PROJ_GUID,
'opti_tool': db_entry[0].OPTI_TOOL,
'target_run': db_entry[0].TARGET_RUN,
'files': python_list(db_entry[0].FILES),
'strings': python_list(db_entry[0].STRINGS),
'bin_an_results':
python_list(db_entry[0].BIN_AN_RESULTS),
'bin_an_warnings':
python_list(db_entry[0].BIN_AN_WARNINGS)
}
else:
print "[INFO] Windows Binary Analysis Started"
app_dic['app_path'] = os.path.join(
app_dic['app_dir'], app_dic['md5'] + '.appx')
# ANALYSIS BEGINS
app_dic['size'] = str(FileSize(app_dic['app_path'])) + 'MB'
# Generate hashes
app_dic['sha1'], app_dic['sha256'] = HashGen(
app_dic['app_path'])
# EXTRACT APPX
print "[INFO] Extracting APPX"
app_dic['files'] = Unzip(app_dic['app_path'],
app_dic['app_dir'])
xml_dic = _parse_xml(app_dic['app_dir'])
bin_an_dic = _binary_analysis(app_dic)
# Saving to db
print "\n[INFO] Connecting to DB"
if rescan == '1':
print "\n[INFO] Updating Database..."
StaticAnalyzerWindows.objects.filter( # pylint: disable-msg=E1101
MD5=app_dic['md5']).update(
TITLE='Static Analysis',
APP_NAME=app_dic['app_name'],
PUB_NAME=xml_dic['pub_name'],
SIZE=app_dic['size'],
MD5=app_dic['md5'],
SHA1=app_dic['sha1'],
SHA256=app_dic['sha256'],
BINNAME=bin_an_dic['bin_name'],
VERSION=xml_dic['version'],
ARCH=xml_dic['arch'],
COMPILER_VERSION=xml_dic['compiler_version'],
VISUAL_STUDIO_VERSION=xml_dic[
'visual_studio_version'],
VISUAL_STUDIO_EDITION=xml_dic[
'visual_studio_edition'],
TARGET_OS=xml_dic['target_os'],
APPX_DLL_VERSION=xml_dic['appx_dll_version'],
PROJ_GUID=xml_dic['proj_guid'],
OPTI_TOOL=xml_dic['opti_tool'],
TARGET_RUN=xml_dic['target_run'],
FILES=app_dic['files'],
STRINGS=bin_an_dic['strings'],
BIN_AN_RESULTS=bin_an_dic['results'],
BIN_AN_WARNINGS=bin_an_dic['warnings'],
)
elif rescan == '0':
print "\n[INFO] Saving to Database"
db_item = StaticAnalyzerWindows(
TITLE='Static Analysis',
APP_NAME=app_dic['app_name'],
PUB_NAME=xml_dic['pub_name'],
SIZE=app_dic['size'],
MD5=app_dic['md5'],
SHA1=app_dic['sha1'],
SHA256=app_dic['sha256'],
BINNAME=bin_an_dic['bin_name'],
VERSION=xml_dic['version'],
ARCH=xml_dic['arch'],
COMPILER_VERSION=xml_dic['compiler_version'],
VISUAL_STUDIO_VERSION=xml_dic[
'visual_studio_version'],
VISUAL_STUDIO_EDITION=xml_dic[
'visual_studio_edition'],
TARGET_OS=xml_dic['target_os'],
APPX_DLL_VERSION=xml_dic['appx_dll_version'],
PROJ_GUID=xml_dic['proj_guid'],
OPTI_TOOL=xml_dic['opti_tool'],
TARGET_RUN=xml_dic['target_run'],
FILES=app_dic['files'],
STRINGS=bin_an_dic['strings'],
BIN_AN_RESULTS=bin_an_dic['results'],
BIN_AN_WARNINGS=bin_an_dic['warnings'],
)
db_item.save()
context = {
'title': 'Static Analysis',
'name': app_dic['app_name'],
'pub_name': xml_dic['pub_name'],
'size': app_dic['size'],
'md5': app_dic['md5'],
'sha1': app_dic['sha1'],
'sha256': app_dic['sha256'],
'bin_name': bin_an_dic['bin_name'],
'version': xml_dic['version'],
'arch': xml_dic['arch'],
'compiler_version': xml_dic['compiler_version'],
'visual_studio_version':
xml_dic['visual_studio_version'],
'visual_studio_edition':
xml_dic['visual_studio_edition'],
'target_os': xml_dic['target_os'],
'appx_dll_version': xml_dic['appx_dll_version'],
'proj_guid': xml_dic['proj_guid'],
'opti_tool': xml_dic['opti_tool'],
'target_run': xml_dic['target_run'],
'files': app_dic['files'],
'strings': bin_an_dic['strings'],
'bin_an_results': bin_an_dic['results'],
'bin_an_warnings': bin_an_dic['warnings'],
}
template = "static_analysis/windows_binary_analysis.html"
return render(request, template, context)
else:
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
except Exception as exception:
PrintException("[ERROR] Static Analyzer Windows")
context = {
'title': 'Error',
'exp': exception.message,
'doc': exception.__doc__
}
template = "general/error.html"
return render(request, template, context)
def staticanalyzer_windows(request, api=False):
"""Analyse a windows app."""
try:
# Input validation
logger.info("Windows Static Analysis Started")
app_dic = {} # Dict to store the binary attributes
if api:
typ = request.POST['scan_type']
rescan = str(request.POST.get('re_scan', 0))
checksum = request.POST['hash']
filename = request.POST['file_name']
else:
typ = request.GET['type']
rescan = str(request.GET.get('rescan', 0))
checksum = request.GET['checksum']
filename = request.GET['name']
md5_regex = re.match('^[0-9a-f]{32}$', checksum)
if (md5_regex) and (typ in ['appx']):
app_dic['app_name'] = filename # APP ORGINAL NAME
app_dic['md5'] = checksum
app_dic['app_dir'] = os.path.join(settings.UPLD_DIR,
app_dic['md5'] + '/')
app_dic['tools_dir'] = os.path.join(
settings.BASE_DIR, 'StaticAnalyzer/tools/windows/')
if typ == 'appx':
# DB
db_entry = StaticAnalyzerWindows.objects.filter( # pylint: disable-msg=E1101
MD5=app_dic['md5'])
if db_entry.exists() and rescan == '0':
logger.info(
"Analysis is already Done. Fetching data from the DB..."
)
context = {
'title': db_entry[0].TITLE,
'name': db_entry[0].APP_NAME,
'pub_name': db_entry[0].PUB_NAME,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'bin_name': db_entry[0].BINNAME,
'version': db_entry[0].VERSION,
'arch': db_entry[0].ARCH,
'compiler_version': db_entry[0].COMPILER_VERSION,
'visual_studio_version':
db_entry[0].VISUAL_STUDIO_VERSION,
'visual_studio_edition':
db_entry[0].VISUAL_STUDIO_EDITION,
'target_os': db_entry[0].TARGET_OS,
'appx_dll_version': db_entry[0].APPX_DLL_VERSION,
'proj_guid': db_entry[0].PROJ_GUID,
'opti_tool': db_entry[0].OPTI_TOOL,
'target_run': db_entry[0].TARGET_RUN,
'files': python_list(db_entry[0].FILES),
'strings': python_list(db_entry[0].STRINGS),
'bin_an_results':
python_list(db_entry[0].BIN_AN_RESULTS),
'bin_an_warnings':
python_list(db_entry[0].BIN_AN_WARNINGS)
}
else:
logger.info("Windows Binary Analysis Started")
app_dic['app_path'] = os.path.join(
app_dic['app_dir'], app_dic['md5'] + '.appx')
# ANALYSIS BEGINS
app_dic['size'] = str(file_size(
app_dic['app_path'])) + 'MB'
# Generate hashes
app_dic['sha1'], app_dic['sha256'] = hash_gen(
app_dic['app_path'])
# EXTRACT APPX
logger.info("Extracting APPX")
app_dic['files'] = unzip(app_dic['app_path'],
app_dic['app_dir'])
xml_dic = _parse_xml(app_dic['app_dir'])
bin_an_dic = _binary_analysis(app_dic)
# Saving to db
logger.info("Connecting to DB")
if rescan == '1':
logger.info("Updating Database...")
StaticAnalyzerWindows.objects.filter( # pylint: disable-msg=E1101
MD5=app_dic['md5']).update(
TITLE='Static Analysis',
APP_NAME=app_dic['app_name'],
PUB_NAME=xml_dic['pub_name'],
SIZE=app_dic['size'],
MD5=app_dic['md5'],
SHA1=app_dic['sha1'],
SHA256=app_dic['sha256'],
BINNAME=bin_an_dic['bin_name'],
VERSION=xml_dic['version'],
ARCH=xml_dic['arch'],
COMPILER_VERSION=xml_dic['compiler_version'],
VISUAL_STUDIO_VERSION=xml_dic[
'visual_studio_version'],
VISUAL_STUDIO_EDITION=xml_dic[
'visual_studio_edition'],
TARGET_OS=xml_dic['target_os'],
APPX_DLL_VERSION=xml_dic['appx_dll_version'],
PROJ_GUID=xml_dic['proj_guid'],
OPTI_TOOL=xml_dic['opti_tool'],
TARGET_RUN=xml_dic['target_run'],
FILES=app_dic['files'],
STRINGS=bin_an_dic['strings'],
BIN_AN_RESULTS=bin_an_dic['results'],
BIN_AN_WARNINGS=bin_an_dic['warnings'],
)
update_scan_timestamp(app_dic['md5'])
elif rescan == '0':
logger.info("Saving to Database")
db_item = StaticAnalyzerWindows(
TITLE='Static Analysis',
APP_NAME=app_dic['app_name'],
PUB_NAME=xml_dic['pub_name'],
SIZE=app_dic['size'],
MD5=app_dic['md5'],
SHA1=app_dic['sha1'],
SHA256=app_dic['sha256'],
BINNAME=bin_an_dic['bin_name'],
VERSION=xml_dic['version'],
ARCH=xml_dic['arch'],
COMPILER_VERSION=xml_dic['compiler_version'],
VISUAL_STUDIO_VERSION=xml_dic[
'visual_studio_version'],
VISUAL_STUDIO_EDITION=xml_dic[
'visual_studio_edition'],
TARGET_OS=xml_dic['target_os'],
APPX_DLL_VERSION=xml_dic['appx_dll_version'],
PROJ_GUID=xml_dic['proj_guid'],
OPTI_TOOL=xml_dic['opti_tool'],
TARGET_RUN=xml_dic['target_run'],
FILES=app_dic['files'],
STRINGS=bin_an_dic['strings'],
BIN_AN_RESULTS=bin_an_dic['results'],
BIN_AN_WARNINGS=bin_an_dic['warnings'],
)
db_item.save()
context = {
'title': 'Static Analysis',
'name': app_dic['app_name'],
'pub_name': xml_dic['pub_name'],
'size': app_dic['size'],
'md5': app_dic['md5'],
'sha1': app_dic['sha1'],
'sha256': app_dic['sha256'],
'bin_name': bin_an_dic['bin_name'],
'version': xml_dic['version'],
'arch': xml_dic['arch'],
'compiler_version': xml_dic['compiler_version'],
'visual_studio_version':
xml_dic['visual_studio_version'],
'visual_studio_edition':
xml_dic['visual_studio_edition'],
'target_os': xml_dic['target_os'],
'appx_dll_version': xml_dic['appx_dll_version'],
'proj_guid': xml_dic['proj_guid'],
'opti_tool': xml_dic['opti_tool'],
'target_run': xml_dic['target_run'],
'files': app_dic['files'],
'strings': bin_an_dic['strings'],
'bin_an_results': bin_an_dic['results'],
'bin_an_warnings': bin_an_dic['warnings'],
}
template = "static_analysis/windows_binary_analysis.html"
if api:
return context
else:
return render(request, template, context)
else:
msg = "File type not supported"
if api:
return print_n_send_error_response(request, msg, True)
else:
return print_n_send_error_response(request, msg, False)
else:
msg = "Hash match failed or Invalid file extension"
if api:
return print_n_send_error_response(request, msg, True)
else:
return print_n_send_error_response(request, msg, False)
except Exception as exception:
msg = str(exception)
exp_doc = exception.__doc__
if api:
return print_n_send_error_response(request, msg, True, exp_doc)
else:
return print_n_send_error_response(request, msg, False, exp_doc)
