def run_analysis(output_file, pretty, file):
"""Run full analysis."""
# copy file to tmp folder
data_dir = f'{lisa_path}/tmp/lala'
if not os.path.exists(data_dir):
os.makedirs(data_dir)
ret_val = os.system(f'cp {file} {data_dir}')
if ret_val:
log.critical('Error acessing folder.')
sys.exit(1)
# run top level and submodules
master = Master(file, data_dir)
master.load_analyzers()
master.run()
analysis_output = master.output
# output to proper directory
if not output_file:
output_file = os.path.dirname(file)
if not output_file.endswith('/'):
output_file += '/'
# construct output file name
file_name = analysis_output['file_name'] + '.'
file_name += analysis_output['analysis_start_time'] + '.json'
output_file += file_name
save_output(master.output, output_file, pretty)
def full_analysis(self, file_path, pretty=False, exec_time=20):
"""Full sandbox analysis task.
:param file_path: Path to file.
:param pretty: Output json indentation.
:param exec_time: Execution time.
"""
self.update_state(meta={'filename': os.path.basename(file_path)})
data_dir = f'{storage_path}/{self.request.id}'
# run top level and submodules
master = Master(file_path, data_dir, exec_time)
master.load_analyzers()
master.run()
output_file = f'{data_dir}/report.json'
save_output(master.output, output_file, pretty)
stix_file=transfer(f'{data_dir}/report.json',f'{data_dir}')
produce('lisa',os.path.join(f"/root/module/lisa_/lisaMine/data/storage/{self.request.id}",stix_file))
produce('lisatohdfs', os.path.join(f"/root/module/lisa_/lisaMine/data/storage/{self.request.id}", stix_file))
with open('/home/lisa/data/storage/log.txt','a') as logfile:
logfile.write(stix_file)
return 'binary'
def pcap_analysis_multi(pretty, folder_path):
"""Analyze whole folder of pcaps. Output json saved next to
original pcap."""
# get pcap paths
full_path = os.path.abspath(folder_path)
pcaps = glob.glob(f'{full_path}/**/*.pcap', recursive=True)
number_of_pcaps = len(pcaps)
log.info(f'Starting analysis of {number_of_pcaps} pcaps.')
# analyze pcaps
for i, pcap_path in enumerate(pcaps):
log.info(f'Starting analysis of {pcap_path}.')
log.debug('Creating analyzer.')
pcap = AnalyzedPcap(pcap_path)
analyzer = NetworkAnalyzer(None, pcap.path, None)
log.debug('Calling analyze_pcap().')
analyzer.analyze_pcap()
# set output path
dir_name = pcap.dir
if not dir_name.endswith('/'):
dir_name += '/'
file_name = f'network.{pcap.name}.json'
output_file = dir_name + file_name
output = pcap.output
output['network_analysis'] = analyzer.output
save_output(output, output_file, pretty)
log.info(f'Analyzed {i+1}/{number_of_pcaps} pcaps.')
def static_analysis(output_file, pretty, file):
"""Run static analysis module on ELF file."""
analyzed_file = AnalyzedFile(file)
analyzer = StaticAnalyzer(analyzed_file)
output = analyzer.run_analysis()
# output to proper directory
if not output_file:
output_file = os.path.dirname(file)
if not output_file.endswith('/'):
output_file += '/'
# construct output file name
file_name = f'static.{os.path.basename(file)}.json'
output_file += file_name
save_output(output, output_file, pretty)
def pcap_analysis(self, pcap_path, pretty=False):
"""Pcap analysis task.
:param pcap_path: Path to pcap.
:param pretty: Output json indentation.
"""
self.update_state(meta={'filename': os.path.basename(pcap_path)})
pcap = AnalyzedPcap(pcap_path)
analyzer = NetworkAnalyzer(None, pcap.path, None)
analyzer.analyze_pcap()
output_file = f'{storage_path}/{self.request.id}/report.json'
output = pcap.output
output['network_analysis'] = analyzer.output
save_output(output, output_file, pretty)
return 'pcap'
def full_analysis(self, file_path, pretty=False, exec_time=20):
"""Full sandbox analysis task.
:param file_path: Path to file.
:param pretty: Output json indentation.
:param exec_time: Execution time.
"""
self.update_state(meta={'filename': os.path.basename(file_path)})
data_dir = f'{storage_path}/{self.request.id}'
# run top level and submodules
master = Master(file_path, data_dir, exec_time)
master.load_analyzers()
master.run()
output_file = f'{data_dir}/report.json'
save_output(master.output, output_file, pretty)
return 'binary'
def pcap_analysis(output_file, pretty, ip_address, pcap_path):
"""Run pcap analysis from networking module."""
pcap = AnalyzedPcap(pcap_path)
analyzer = NetworkAnalyzer(None, pcap.path, ip_address)
analyzer.analyze_pcap()
# output to proper directory
if not output_file:
output_file = os.path.dirname(pcap_path)
if not output_file.endswith('/'):
output_file += '/'
# construct output file name
file_name = f'network.{pcap.name}.json'
output_file += file_name
output = pcap.output
output['network_analysis'] = analyzer.output
save_output(output, output_file, pretty)