Example #1
0
    def analyze(self, config, filename):
        """Analyze the file."""

        # sanity check to make sure we can run
        if self.is_activated == False:
            return False
        log = logging.getLogger('Mastiff.Plugins.' + self.name)
        log.info('Starting execution.')
        
        # get terms of service acceptance
        tos = config.get_bvar(self.name,  'accept_terms_of_service')
        if tos is None or tos is False:
            log.info('Terms of service not accepted. Accept to enable MASTIFF Online submission.')
            return self.page_data
        
        myjson = None
        
        submit = config.get_bvar(self.name,  'submit')
        if submit is False:
            log.info('Not configured to send to MASTIFF Online.')
            return self.page_data
            
        # send data to MASTIFF Online server
        host = 'mastiff-online.korelogic.com'
        method = 'https'
        selector="/cgi/dispatcher.cgi/UploadMOSample"
        fields = [('accept_terms_of_service',  'true')]
        file_to_send = open(filename, "rb").read()        
        files = [("upload", os.path.basename(filename), file_to_send)]
        log.debug('Sending sample to MASTIFF Online.')
        response = plugins.post_multipart(host, method, selector, fields, files)

        # what gets returned isn't technically JSON, so we have to manipulate it a little bit
        try:
            myjson = json.loads(response[60:-14].replace('\'','\"'))
        except json.scanner.JSONDecodeError, err:
            log.error('Error processing response: {}'.format(err))
Example #2
0
        if config.get_bvar(self.name, 'submit') == False:
            log.info('Submission disabled. Not sending file.')
            vt_file.write('File not submitted because submission disabled.\n')
            vt_file.close()
            return False

        log.info('Sending file to VirusTotal')

        # send file to VT
        host = "www.virustotal.com"
        selector = "https://www.virustotal.com/vtapi/v2/file/scan"
        fields = [("apikey", config.get_var(self.name, 'api_key'))]
        file_to_send = open(filename, "rb").read()
        files = [("file", os.path.basename(filename), file_to_send)]
        try:
            json = simplejson.loads(plugins.post_multipart(host, selector,
                                                           fields, files))
        except socket.error, err:
            log.error('Unable to send file: %s' % err)
            return False

        # check for success
        if json['response_code'] != 1:
            # error
            log.error('Could not submit to VT:\n%s', json['verbose_msg'])
            return False

        # write to file
        vt_file.write(json['verbose_msg'] + '\n')
        vt_file.write('Link:\n' + json['permalink'] + '\n')
        vt_file.close()
Example #3
0
            vt_file.write('Submission is disabled, not sending file.\n')
            vt_file.close()
            return False

        log.info('Sending file to VirusTotal')

        # send file to VT
        host = "www.virustotal.com"
        method = 'https'
        selector = "/vtapi/v2/file/scan"
        fields = [("apikey", config.get_var(self.name, 'api_key'))]
        file_to_send = open(filename, "rb").read()
        files = [("file", os.path.basename(filename), file_to_send)]
        try:
            json = simplejson.loads(
                plugins.post_multipart(host, method, selector, fields, files))
        except socket.error, err:
            log.error('Unable to send file: %s' % err)
            return False

        # check for success
        if json['response_code'] != 1:
            # error
            log.error('Could not submit to VT:\n%s', json['verbose_msg'])
            return False

        # write to file
        vt_file.write(json['verbose_msg'] + '\n')
        vt_file.write('Link:\n' + json['permalink'] + '\n')
        vt_file.close()