data = dict(sha256=sha256, tags=tags)
h = httplib2.Http(".cache", disable_ssl_certificate_validation=True)
response, content = h.request(CODE_DB_URL_TAG % (config.get("host"),
config.get("port")), "POST", body=urlencode(data), headers=headers)
if not "'status': '200'" in str(response) :
log.error("%s --> %s = %s" % (sha256, tags, str(content)))
data = json.loads(content)
log.info("%s --> %s = %s" % (sha256, tags, data.get("Status")))
if __name__ == '__main__':
# Datenbank
database = Database()
# VxCage-Handler
vxCage = VxCageHandler()
vxcageEnabled = cfgReporting.getOption("vxcage", "enabled")
parser = argparse.ArgumentParser(description='Ragpicker Manager')
subparsers = parser.add_subparsers(title='subcommands', description='valid subcommands', help='additional help')
parser_stop = subparsers.add_parser('stop', help='Stops a running Ragpicker instance')
parser_stop.set_defaults(which='stop')
parser_export = subparsers.add_parser('export', help='Export Ragpicker-Data')
parser_export.set_defaults(which='export')
parser_export.add_argument('-d','--dirname', required=True, help='Export-Directory')
parser_export.add_argument('-f','--sha256_file', required=True, help='SHA256-File')
parser_export.add_argument('--json', default=False, help='File in json-format? Default=False')
parser_vxcage = subparsers.add_parser('vxcage', help='Exports only the malware files from the VxCage')
parser_vxcage.set_defaults(which='vxcage')
parser_vxcage.add_argument('-d','--dirname', required=True, help='Export-Directory')
parser_vxcage.add_argument('-f','--sha256_file', required=True, help='SHA256-File')
def run(self, results, objfile):
self.key = "VxCage"
vxcage = VxCageHandler()
if objfile.file.is_permittedType():
# Save file
if vxcage.isFileInCage(md5 = objfile.file.get_fileMd5()) == False:
fileName = objfile.file.get_fileMd5() + '.' + objfile.file.file_extension()
vxcage.upload(objfile.file.temp_file, fileName, self._getTags(results, objfile.file))
# Save unpacked file
if objfile.unpacked_file and \
vxcage.isFileInCage(md5 = objfile.unpacked_file.get_fileMd5()) == False:
fileName = objfile.unpacked_file.get_fileMd5() + '.' + objfile.unpacked_file.file_extension()
vxcage.upload(objfile.unpacked_file.temp_file, fileName, self._getTags(results, objfile.unpacked_file))
# Save included files
if len(objfile.included_files) > 0:
for incl_file in objfile.included_files:
if vxcage.isFileInCage(md5 = incl_file.get_fileMd5()) == False:
fileName = incl_file.get_fileMd5() + '.' + incl_file.file_extension()
vxcage.upload(incl_file.temp_file, fileName, self._getTags(results, incl_file))
if isJson:
data = json.load(file)
for sha256 in data.itervalues():
yield sha256.rstrip()
else:
for sha256 in file:
yield sha256.rstrip()
file.close()
if __name__ == '__main__':
# Datenbank
database = Database()
# VxCage-Handler
vxCage = VxCageHandler()
vxcageEnabled = cfgReporting.getOption("vxcage", "enabled")
parser = argparse.ArgumentParser(description='Ragpicker Manager')
subparsers = parser.add_subparsers(title='subcommands', description='valid subcommands', help='additional help')
parser_stop = subparsers.add_parser('stop', help='Stops a running Ragpicker instance')
parser_stop.set_defaults(which='stop')
parser_export = subparsers.add_parser('export', help='Export Ragpicker-Data')
parser_export.set_defaults(which='export')
parser_export.add_argument('-d','--dirname', required=True, help='Export-Directory')
parser_export.add_argument('-f','--sha256_file', required=True, help='SHA256-File')
parser_export.add_argument('--json', default=False, help='File in json-format? Default=False')
parser_vxcage = subparsers.add_parser('vxcage', help='Exports only the malware files from the VxCage')
parser_vxcage.set_defaults(which='vxcage')
parser_vxcage.add_argument('-d','--dirname', required=True, help='Export-Directory')
parser_vxcage.add_argument('-f','--sha256_file', required=True, help='SHA256-File')
