def analyze(self, config, filename):
"""Analyze the file."""
# sanity check to make sure we can run
if self.is_activated == False:
return False
log = logging.getLogger('Mastiff.Plugins.' + self.name)
log.info('Starting execution.')
# get terms of service acceptance
tos = config.get_bvar(self.name, 'accept_terms_of_service')
if tos is None or tos is False:
log.info('Terms of service not accepted. Accept to enable MASTIFF Online submission.')
return self.page_data
myjson = None
submit = config.get_bvar(self.name, 'submit')
if submit is False:
log.info('Not configured to send to MASTIFF Online.')
return self.page_data
# send data to MASTIFF Online server
host = 'mastiff-online.korelogic.com'
method = 'https'
selector="/cgi/dispatcher.cgi/UploadMOSample"
fields = [('accept_terms_of_service', 'true')]
file_to_send = open(filename, "rb").read()
files = [("upload", os.path.basename(filename), file_to_send)]
log.debug('Sending sample to MASTIFF Online.')
response = plugins.post_multipart(host, method, selector, fields, files)
# what gets returned isn't technically JSON, so we have to manipulate it a little bit
try:
myjson = json.loads(response[60:-14].replace('\'','\"'))
except json.scanner.JSONDecodeError, err:
log.error('Error processing response: {}'.format(err))
if config.get_bvar(self.name, 'submit') == False:
log.info('Submission disabled. Not sending file.')
vt_file.write('File not submitted because submission disabled.\n')
vt_file.close()
return False
log.info('Sending file to VirusTotal')
# send file to VT
host = "www.virustotal.com"
selector = "https://www.virustotal.com/vtapi/v2/file/scan"
fields = [("apikey", config.get_var(self.name, 'api_key'))]
file_to_send = open(filename, "rb").read()
files = [("file", os.path.basename(filename), file_to_send)]
try:
json = simplejson.loads(plugins.post_multipart(host, selector,
fields, files))
except socket.error, err:
log.error('Unable to send file: %s' % err)
return False
# check for success
if json['response_code'] != 1:
# error
log.error('Could not submit to VT:\n%s', json['verbose_msg'])
return False
# write to file
vt_file.write(json['verbose_msg'] + '\n')
vt_file.write('Link:\n' + json['permalink'] + '\n')
vt_file.close()
vt_file.write('Submission is disabled, not sending file.\n')
vt_file.close()
return False
log.info('Sending file to VirusTotal')
# send file to VT
host = "www.virustotal.com"
method = 'https'
selector = "/vtapi/v2/file/scan"
fields = [("apikey", config.get_var(self.name, 'api_key'))]
file_to_send = open(filename, "rb").read()
files = [("file", os.path.basename(filename), file_to_send)]
try:
json = simplejson.loads(
plugins.post_multipart(host, method, selector, fields, files))
except socket.error, err:
log.error('Unable to send file: %s' % err)
return False
# check for success
if json['response_code'] != 1:
# error
log.error('Could not submit to VT:\n%s', json['verbose_msg'])
return False
# write to file
vt_file.write(json['verbose_msg'] + '\n')
vt_file.write('Link:\n' + json['permalink'] + '\n')
vt_file.close()