def get_raw_artifact_from_sample_hash(tag, hash):
import pan.wfapi
LOG.info("Retrieving sample for hash %s" % hash)
try:
wfapi = pan.wfapi.PanWFapi(tag=tag)
except pan.wfapi.PanWFapiError as msg:
LOG.error('pan.wfapi.PanWFapi: %s' % msg)
return None
try:
wfapi.sample(hash=hash)
except pan.wfapi.PanWFapiError as msg:
LOG.error('sample: %s' % msg)
return None
if (wfapi.attachment is None or 'content' not in wfapi.attachment):
LOG.error('no sample from wildfire')
return None
return get_raw_artifact_from_sample(wfapi.attachment['content'])
def get_raw_artifact_from_sample_hash(tag, hash):
import pan.wfapi
LOG.info("Retrieving sample for hash %s" % hash)
try:
wfapi = pan.wfapi.PanWFapi(tag=tag)
except pan.wfapi.PanWFapiError as msg:
LOG.error('pan.wfapi.PanWFapi: %s' % msg)
return None
try:
wfapi.sample(hash=hash)
except pan.wfapi.PanWFapiError as msg:
LOG.error('sample: %s' % msg)
return None
if (wfapi.attachment is None or 'content' not in wfapi.attachment):
LOG.error('no sample from wildfire')
return None
return get_raw_artifact_from_sample(wfapi.attachment['content'])
def main():
try:
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
except AttributeError:
# Windows
pass
# set_encoding()
options = parse_opts()
if options['debug']:
logger = logging.getLogger()
if options['debug'] == 3:
logger.setLevel(pan.wfapi.DEBUG3)
elif options['debug'] == 2:
logger.setLevel(pan.wfapi.DEBUG2)
elif options['debug'] == 1:
logger.setLevel(pan.wfapi.DEBUG1)
# log_format = '%(levelname)s %(name)s %(message)s'
log_format = '%(message)s'
handler = logging.StreamHandler()
formatter = logging.Formatter(log_format)
handler.setFormatter(formatter)
logger.addHandler(handler)
try:
wfapi = pan.wfapi.PanWFapi(tag=options['tag'],
api_key=options['api_key'],
hostname=options['hostname'],
timeout=options['timeout'],
http=options['http'],
cacloud=options['cacloud'],
cafile=options['cafile'],
capath=options['capath'])
except pan.wfapi.PanWFapiError as msg:
print('pan.wfapi.PanWFapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('wfapi.__str__()===>\n', wfapi, '\n<===',
sep='', file=sys.stderr)
try:
hashes = process_hashes(options['hash'])
if options['submit'] is not None:
action = 'submit'
kwargs = {}
if os.path.isfile(options['submit']):
kwargs['file'] = options['submit']
else:
o = urlparse(options['submit'])
if options['debug']:
print(o, file=sys.stderr)
if o.scheme == 'file':
if o.path and os.path.isfile(o.path):
kwargs['file'] = o.path
else:
print('Invalid URL: file not found:',
options['submit'], file=sys.stderr)
sys.exit(1)
else:
if o.scheme in ['http', 'https', 'ftp']:
kwargs['url'] = options['submit']
else:
print('Invalid file or URL:',
options['submit'], file=sys.stderr)
sys.exit(1)
wfapi.submit(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
if options['submit-link'] is not None:
action = 'submit'
kwargs = {}
kwargs['links'] = process_arg(options['submit-link'], list=True)
wfapi.submit(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
if options['change-request']:
action = 'change-request'
kwargs = {}
if len(hashes) > 1:
print('Only 1 hash allowed for %s' % action, file=sys.stderr)
sys.exit(1)
if len(hashes) == 1:
kwargs['hash'] = hashes[0]
if options['new-verdict'] is not None:
kwargs['verdict'] = process_verdict(options['new-verdict'])
if options['email'] is not None:
kwargs['email'] = options['email']
if options['comment'] is not None:
kwargs['comment'] = process_arg(options['comment'])
wfapi.change_request(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
if options['report']:
action = 'report'
kwargs = {}
if len(hashes) > 1:
print('Only 1 hash allowed for %s' % action, file=sys.stderr)
sys.exit(1)
if len(hashes) == 1:
kwargs['hash'] = hashes[0]
if options['format'] is not None:
kwargs['format'] = options['format']
wfapi.report(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['verdict']:
kwargs = {}
if len(hashes) == 1:
action = 'verdict'
kwargs['hash'] = hashes[0]
wfapi.verdict(**kwargs)
elif len(hashes) > 1:
action = 'verdicts'
kwargs['hashes'] = hashes
wfapi.verdicts(**kwargs)
else:
action = 'verdict'
wfapi.verdict(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['sample']:
action = 'sample'
kwargs = {}
if len(hashes) > 1:
print('Only 1 hash allowed for %s' % action, file=sys.stderr)
sys.exit(1)
if len(hashes) == 1:
kwargs['hash'] = hashes[0]
wfapi.sample(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['pcap']:
action = 'pcap'
kwargs = {}
if len(hashes) > 1:
print('Only 1 hash allowed for %s' % action, file=sys.stderr)
sys.exit(1)
if len(hashes) == 1:
kwargs['hash'] = hashes[0]
if options['platform'] is not None:
kwargs['platform'] = options['platform']
wfapi.pcap(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['changed']:
action = 'verdicts_changed'
kwargs = {}
if options['date'] is not None:
kwargs['date'] = options['date']
try:
x = int(options['date'])
except ValueError:
pass
else:
if x < 1:
d = date.today()
d = d - timedelta(-x)
kwargs['date'] = d.isoformat()
if options['debug']:
print('relative date(%d): %s' % (x, kwargs['date']),
file=sys.stderr)
wfapi.verdicts_changed(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['testfile']:
action = 'testfile'
wfapi.testfile()
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
except pan.wfapi.PanWFapiError as msg:
print_status(wfapi, action, msg)
print_response(wfapi, options)
sys.exit(1)
sys.exit(0)
def main():
try:
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
except AttributeError:
# Windows
pass
# set_encoding()
options = parse_opts()
if options['debug']:
logger = logging.getLogger()
if options['debug'] == 3:
logger.setLevel(pan.wfapi.DEBUG3)
elif options['debug'] == 2:
logger.setLevel(pan.wfapi.DEBUG2)
elif options['debug'] == 1:
logger.setLevel(pan.wfapi.DEBUG1)
# log_format = '%(levelname)s %(name)s %(message)s'
log_format = '%(message)s'
handler = logging.StreamHandler()
formatter = logging.Formatter(log_format)
handler.setFormatter(formatter)
logger.addHandler(handler)
if options['cafile'] or options['capath'] or options['ssl']:
ssl_context = create_ssl_context(options['cafile'],
options['capath'],
options['ssl'])
else:
ssl_context = None
try:
wfapi = pan.wfapi.PanWFapi(tag=options['tag'],
api_key=options['api_key'],
hostname=options['hostname'],
timeout=options['timeout'],
http=options['http'],
ssl_context=ssl_context)
except pan.wfapi.PanWFapiError as msg:
print('pan.wfapi.PanWFapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('wfapi.__str__()===>\n', wfapi, '\n<===',
sep='', file=sys.stderr)
try:
hashes = process_hashes(options['hash'])
if options['submit'] is not None:
action = 'submit'
kwargs = {}
if os.path.isfile(options['submit']):
kwargs['file'] = options['submit']
else:
o = urlparse(options['submit'])
if options['debug']:
print(o, file=sys.stderr)
if o.scheme == 'file':
if o.path and os.path.isfile(o.path):
kwargs['file'] = o.path
else:
print('Invalid URL: file not found:',
options['submit'], file=sys.stderr)
sys.exit(1)
else:
if o.scheme in ['http', 'https', 'ftp']:
kwargs['url'] = options['submit']
else:
print('Invalid file or URL:',
options['submit'], file=sys.stderr)
sys.exit(1)
wfapi.submit(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
if options['submit-link'] is not None:
action = 'submit'
kwargs = {}
kwargs['links'] = process_arg(options['submit-link'], list=True)
wfapi.submit(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
if options['change-request']:
action = 'change-request'
kwargs = {}
if len(hashes) > 1:
print('Only 1 hash allowed for %s' % action, file=sys.stderr)
sys.exit(1)
if len(hashes) == 1:
kwargs['hash'] = hashes[0]
if options['new-verdict'] is not None:
kwargs['verdict'] = process_verdict(options['new-verdict'])
if options['email'] is not None:
kwargs['email'] = options['email']
if options['comment'] is not None:
kwargs['comment'] = process_arg(options['comment'])
wfapi.change_request(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
if options['report']:
action = 'report'
kwargs = {}
if len(hashes) > 1:
print('Only 1 hash allowed for %s' % action, file=sys.stderr)
sys.exit(1)
if len(hashes) == 1:
kwargs['hash'] = hashes[0]
if options['format'] is not None:
kwargs['format'] = options['format']
wfapi.report(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['verdict']:
kwargs = {}
if len(hashes) == 1:
action = 'verdict'
kwargs['hash'] = hashes[0]
wfapi.verdict(**kwargs)
elif len(hashes) > 1:
action = 'verdicts'
kwargs['hashes'] = hashes
wfapi.verdicts(**kwargs)
else:
action = 'verdict'
wfapi.verdict(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['sample']:
action = 'sample'
kwargs = {}
if len(hashes) > 1:
print('Only 1 hash allowed for %s' % action, file=sys.stderr)
sys.exit(1)
if len(hashes) == 1:
kwargs['hash'] = hashes[0]
wfapi.sample(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['pcap']:
action = 'pcap'
kwargs = {}
if len(hashes) > 1:
print('Only 1 hash allowed for %s' % action, file=sys.stderr)
sys.exit(1)
if len(hashes) == 1:
kwargs['hash'] = hashes[0]
if options['platform'] is not None:
kwargs['platform'] = options['platform']
wfapi.pcap(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['changed']:
action = 'verdicts_changed'
kwargs = {}
if options['date'] is not None:
kwargs['date'] = options['date']
try:
x = int(options['date'])
except ValueError:
pass
else:
if x < 1:
d = date.today()
d = d - timedelta(-x)
kwargs['date'] = d.isoformat()
if options['debug']:
print('relative date(%d): %s' %
(x, kwargs['date']), file=sys.stderr)
wfapi.verdicts_changed(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['testfile']:
action = 'testfile'
wfapi.testfile(options['type'])
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
except pan.wfapi.PanWFapiError as msg:
print_status(wfapi, action, msg)
print_response(wfapi, options)
sys.exit(1)
sys.exit(0)
def main():
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
# set_encoding()
options = parse_opts()
try:
wfapi = pan.wfapi.PanWFapi(debug=options['debug'],
tag=options['tag'],
api_key=options['api_key'],
hostname=options['hostname'],
timeout=options['timeout'],
http=options['http'],
cacloud=options['cacloud'],
cafile=options['cafile'],
capath=options['capath'])
except pan.wfapi.PanWFapiError as msg:
print('pan.wfapi.PanWFapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('wfapi.__str__()===>\n', wfapi, '\n<===',
sep='', file=sys.stderr)
try:
if options['submit'] is not None:
action = 'submit'
kwargs = {}
if os.path.isfile(options['submit']):
kwargs['file'] = options['submit']
else:
o = urlparse(options['submit'])
if options['debug']:
print(o, file=sys.stderr)
if o.scheme == 'file':
if o.path and os.path.isfile(o.path):
kwargs['file'] = o.path
else:
print('Invalid URL: file not found:',
options['submit'], file=sys.stderr)
sys.exit(1)
else:
if o.scheme in ['http', 'https', 'ftp']:
kwargs['url'] = options['submit']
else:
print('Invalid file or URL:',
options['submit'], file=sys.stderr)
sys.exit(1)
wfapi.submit(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
if options['report']:
action = 'report'
kwargs = {}
if options['hash'] is not None:
validate_hash(options['hash'])
kwargs['hash'] = options['hash']
if options['format'] is not None:
kwargs['format'] = options['format']
wfapi.report(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['sample']:
action = 'sample'
kwargs = {}
if options['hash'] is not None:
validate_hash(options['hash'])
kwargs['hash'] = options['hash']
wfapi.sample(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['pcap']:
action = 'pcap'
kwargs = {}
if options['hash'] is not None:
validate_hash(options['hash'])
kwargs['hash'] = options['hash']
if options['platform'] is not None:
kwargs['platform'] = options['platform']
wfapi.pcap(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['testfile']:
action = 'testfile'
wfapi.testfile()
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
except pan.wfapi.PanWFapiError as msg:
print_status(wfapi, action, msg)
print_response(wfapi, options)
sys.exit(1)
sys.exit(0)
def main():
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
# set_encoding()
options = parse_opts()
try:
wfapi = pan.wfapi.PanWFapi(debug=options['debug'],
tag=options['tag'],
api_key=options['api_key'],
hostname=options['hostname'],
timeout=options['timeout'],
http=options['http'],
cacloud=options['cacloud'],
cafile=options['cafile'],
capath=options['capath'])
except pan.wfapi.PanWFapiError as msg:
print('pan.wfapi.PanWFapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('wfapi.__str__()===>\n',
wfapi,
'\n<===',
sep='',
file=sys.stderr)
try:
if options['submit'] is not None:
action = 'submit'
kwargs = {}
if os.path.isfile(options['submit']):
kwargs['file'] = options['submit']
else:
o = urlparse(options['submit'])
if options['debug']:
print(o, file=sys.stderr)
if o.scheme == 'file':
if o.path and os.path.isfile(o.path):
kwargs['file'] = o.path
else:
print('Invalid URL: file not found:',
options['submit'],
file=sys.stderr)
sys.exit(1)
else:
if o.scheme in ['http', 'https', 'ftp']:
kwargs['url'] = options['submit']
else:
print('Invalid file or URL:',
options['submit'],
file=sys.stderr)
sys.exit(1)
wfapi.submit(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
if options['report']:
action = 'report'
kwargs = {}
if options['hash'] is not None:
validate_hash(options['hash'])
kwargs['hash'] = options['hash']
if options['format'] is not None:
kwargs['format'] = options['format']
wfapi.report(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['sample']:
action = 'sample'
kwargs = {}
if options['hash'] is not None:
validate_hash(options['hash'])
kwargs['hash'] = options['hash']
wfapi.sample(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['pcap']:
action = 'pcap'
kwargs = {}
if options['hash'] is not None:
validate_hash(options['hash'])
kwargs['hash'] = options['hash']
if options['platform'] is not None:
kwargs['platform'] = options['platform']
wfapi.pcap(**kwargs)
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
if options['testfile']:
action = 'testfile'
wfapi.testfile()
print_status(wfapi, action)
print_response(wfapi, options)
save_file(wfapi, options)
except pan.wfapi.PanWFapiError as msg:
print_status(wfapi, action, msg)
print_response(wfapi, options)
sys.exit(1)
sys.exit(0)
