def parse_message(self, message_folder):
db = Database()
email_header = os.path.join(message_folder, 'InternetHeaders.txt')
email_body = os.path.join(message_folder, 'Message.txt')
attachments = []
envelope = headers = email_text = ''
if os.path.exists(email_header):
envelope, headers = self.email_headers(email_header)
if os.path.exists(email_body):
email_text = open(email_body, 'rb').read()
tags = 'pst, {0}'.format(message_folder)
if os.path.exists(os.path.join(message_folder, 'Attachments')):
for filename in os.listdir(os.path.join(message_folder, 'Attachments')):
if os.path.isfile(os.path.join(message_folder, 'Attachments', filename)):
obj = File(os.path.join(message_folder, 'Attachments', filename))
sha256 = hashlib.sha256(open(os.path.join(message_folder, 'Attachments', filename), 'rb').read()).hexdigest()
new_path = store_sample(obj)
success = False
if new_path:
# Add file to the database.
success = db.add(obj=obj, tags=tags)
# Add Email Details as a Note
# To handle duplicates we use multiple notes
headers_body = 'Envelope: \n{0}\nHeaders: \n{1}\n'.format(envelope, headers)
db.add_note(sha256, 'Headers', headers_body)
# Add a note with email body
db.add_note(sha256, 'Email Body', string_clean(email_text))
def parse_message(self, message_folder):
db = Database()
email_header = os.path.join(message_folder, 'InternetHeaders.txt')
email_body = os.path.join(message_folder, 'Message.txt')
envelope = headers = email_text = ''
if os.path.exists(email_header):
envelope, headers = self.email_headers(email_header)
if os.path.exists(email_body):
email_text = open(email_body, 'rb').read()
tags = 'pst, {0}'.format(message_folder)
if os.path.exists(os.path.join(message_folder, 'Attachments')):
for filename in os.listdir(
os.path.join(message_folder, 'Attachments')):
if os.path.isfile(
os.path.join(message_folder, 'Attachments', filename)):
obj = File(
os.path.join(message_folder, 'Attachments', filename))
sha256 = hashlib.sha256(
open(
os.path.join(message_folder, 'Attachments',
filename), 'rb').read()).hexdigest()
new_path = store_sample(obj)
if new_path:
# Add file to the database.
db.add(obj=obj, tags=tags)
# Add Email Details as a Note
# To handle duplicates we use multiple notes
headers_body = 'Envelope: \n{0}\nHeaders: \n{1}\n'.format(
envelope, headers)
db.add_note(sha256, 'Headers', headers_body)
# Add a note with email body
db.add_note(sha256, 'Email Body', string_clean(email_text))
def file_notes():
db = Database()
update = request.forms.get('update')
new = request.forms.get('new')
delete = request.forms.get('delete')
note_title = request.forms.get('noteTitle')
note_body = request.forms.get('noteBody')
note_id = request.forms.get('id')
note_sha = request.forms.get('sha256')
project = request.forms.get('project')
# Delete Note
if delete and note_id:
db.delete_note(note_id)
# Update an existing note
if update and note_id:
db.edit_note(note_id, note_body)
if new and note_sha and note_title and note_body:
db.add_note(note_sha, note_title, note_body)
redirect('/file/{0}/{1}#notes'.format(project, note_sha))
def file_notes():
db = Database()
update = request.forms.get('update')
new = request.forms.get('new')
delete = request.forms.get('delete')
note_title = request.forms.get('noteTitle')
note_body = request.forms.get('noteBody')
note_id = request.forms.get('id')
note_sha = request.forms.get('sha256')
project = request.forms.get('project')
# Delete Note
if delete and note_id:
db.delete_note(note_id)
# Update an existing note
if update and note_id:
db.edit_note(note_id, note_body)
if new and note_sha and note_title and note_body:
db.add_note(note_sha, note_title, note_body)
redirect('/file/{0}/{1}#notes'.format(project, note_sha))
def file_notes():
db = Database()
update = request.forms.get("update")
new = request.forms.get("new")
delete = request.forms.get("delete")
note_title = request.forms.get("noteTitle")
note_body = request.forms.get("noteBody")
note_id = request.forms.get("id")
note_sha = request.forms.get("sha256")
project = request.forms.get("project")
# Delete Note
if delete and note_id:
db.delete_note(note_id)
# Update an existing note
if update and note_id:
db.edit_note(note_id, note_body)
if new and note_sha and note_title and note_body:
db.add_note(note_sha, note_title, note_body)
redirect("/file/{0}/{1}#notes".format(project, note_sha))
def run(self, *args):
try:
args = self.parser.parse_args(args)
except SystemExit:
return
if not __sessions__.is_set():
self.log(
'error',
"No open session. This command expects a file to be open.")
return
db = Database()
# check if the file is already stores, otherwise exit as no notes command will work if the file is not stored in the database
malware = db.find(key='sha256', value=__sessions__.current.file.sha256)
if not malware:
self.log(
'error',
"The opened file doesn't appear to be in the database, have you stored it yet?"
)
return
if args.list:
# Retrieve all notes for the currently opened file.
notes = malware[0].note
if not notes:
self.log('info', "No notes available for this file yet")
return
# Populate table rows.
rows = [[note.id, note.title] for note in notes]
# Display list of existing notes.
self.log('table', dict(header=['ID', 'Title'], rows=rows))
elif args.add:
title = input("Enter a title for the new note: ")
# Create a new temporary file.
with tempfile.NamedTemporaryFile(mode='w+') as tmp:
# Open the temporary file with the default editor, or with nano.
os.system('"${EDITOR:-nano}" ' + tmp.name)
# Once the user is done editing, we need to read the content and
# store it in the database.
body = tmp.read()
db.add_note(__sessions__.current.file.sha256, title, body)
self.log(
'info',
'New note with title "{0}" added to the current file'.format(
bold(title)))
elif args.view:
# Retrieve note wth the specified ID and print it.
note = db.get_note(args.view)
if note:
self.log('info', bold('Title: ') + note.title)
if isinstance(note.body, bytes):
# OLD: Old style, the content is stored as bytes
# This is fixed when the user edits the old note.
body = note.body.decode()
else:
body = note.body
self.log('info', '{}\n{}'.format(bold('Body:'), body))
else:
self.log('info',
"There is no note with ID {0}".format(args.view))
elif args.edit:
# Retrieve note with the specified ID.
note = db.get_note(args.edit)
if note:
# Create a new temporary file.
with tempfile.NamedTemporaryFile(mode='w+') as tmp:
# Write the old body to the temporary file.
if isinstance(note.body, bytes):
# OLD: Old style, the content is stored as bytes
body = note.body.decode()
else:
body = note.body
tmp.write(body)
tmp.flush()
tmp.seek(0)
# Open the old body with the text editor.
os.system('"${EDITOR:-nano}" ' + tmp.name)
# Read the new body from the temporary file.
body = tmp.read()
# Update the note entry with the new body.
db.edit_note(args.edit, body)
self.log('info', "Updated note with ID {0}".format(args.edit))
elif args.delete:
# Delete the note with the specified ID.
db.delete_note(args.delete)
else:
self.parser.print_usage()
def run(self, *args):
try:
args = self.parser.parse_args(args)
except SystemExit:
return
if not __sessions__.is_set():
self.log('error', "No open session. This command expects a file to be open.")
return
db = Database()
# check if the file is already stores, otherwise exit as no notes command will work if the file is not stored in the database
malware = db.find(key='sha256', value=__sessions__.current.file.sha256)
if not malware:
self.log('error', "The opened file doesn't appear to be in the database, have you stored it yet?")
return
if args.list:
# Retrieve all notes for the currently opened file.
notes = malware[0].note
if not notes:
self.log('info', "No notes available for this file yet")
return
# Populate table rows.
rows = [[note.id, note.title] for note in notes]
# Display list of existing notes.
self.log('table', dict(header=['ID', 'Title'], rows=rows))
elif args.add:
title = input("Enter a title for the new note: ")
# Create a new temporary file.
with tempfile.NamedTemporaryFile(mode='w+') as tmp:
# Open the temporary file with the default editor, or with nano.
os.system('"${EDITOR:-nano}" ' + tmp.name)
# Once the user is done editing, we need to read the content and
# store it in the database.
body = tmp.read()
db.add_note(__sessions__.current.file.sha256, title, body)
self.log('info', 'New note with title "{0}" added to the current file'.format(bold(title)))
elif args.view:
# Retrieve note wth the specified ID and print it.
note = db.get_note(args.view)
if note:
self.log('info', bold('Title: ') + note.title)
if isinstance(note.body, bytes):
# OLD: Old style, the content is stored as bytes
# This is fixed when the user edits the old note.
body = note.body.decode()
else:
body = note.body
self.log('info', '{}\n{}'.format(bold('Body:'), body))
else:
self.log('info', "There is no note with ID {0}".format(args.view))
elif args.edit:
# Retrieve note with the specified ID.
note = db.get_note(args.edit)
if note:
# Create a new temporary file.
with tempfile.NamedTemporaryFile(mode='w+') as tmp:
# Write the old body to the temporary file.
if isinstance(note.body, bytes):
# OLD: Old style, the content is stored as bytes
body = note.body.decode()
else:
body = note.body
tmp.write(body)
tmp.flush()
tmp.seek(0)
# Open the old body with the text editor.
os.system('"${EDITOR:-nano}" ' + tmp.name)
# Read the new body from the temporary file.
body = tmp.read()
# Update the note entry with the new body.
db.edit_note(args.edit, body)
self.log('info', "Updated note with ID {0}".format(args.edit))
elif args.delete:
# Delete the note with the specified ID.
db.delete_note(args.delete)
else:
self.parser.print_usage()
