def run_module(): project = request.forms.get('project') if project: __project__.open(project) sha256 = request.forms.get('sha256') if sha256: file_path = get_sample_path(sha256) if file_path: __sessions__.new(file_path) module_name = request.forms.get('module') if module_name in __modules__: module = __modules__[module_name]['obj']() module.run() module_output = copy.deepcopy(module.output) del (module.output[:]) if module_output: return jsonize( dict(project=project, module=module_name, sha256=sha256, output=module_output))
def module_cmdline(project=None, cmd_line=None, file_hash=None): html = "" cmd = Commands() split_commands = cmd_line.split(';') for split_command in split_commands: split_command = split_command.strip() if not split_command: continue root, args = parse(split_command) try: if root in cmd.commands: cmd.commands[root]['obj'](*args) html += print_output(cmd.output) del (cmd.output[:]) elif root in __modules__: # if prev commands did not open a session open one on the current file if file_hash: __project__.open(project) path = get_sample_path(file_hash) __sessions__.new(path) module = __modules__[root]['obj']() module.set_commandline(args) module.run() html += print_output(module.output) if cfg.modules.store_output and __sessions__.is_set(): Database().add_analysis(file_hash, split_command, module.output) del (module.output[:]) else: html += '<p class="text-danger">{0} is not a valid command</p>'.format(cmd_line) except Exception: html += '<p class="text-danger">We were unable to complete the command {0}</p>'.format(cmd_line) __sessions__.close() return html
def create(self, request, project=None, db=None, *args, **kwargs): """Create a new Project""" # kwargs provided by URLs/Routers: - serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) if serializer.validated_data['name'] in get_project_list(): # exists already # return Response(data=serializer.validated_data, status=status.HTTP_200_OK) error = { "error": { "code": "ExistsAlready", "message": "Project exists already: {}".format( serializer.validated_data['name']) } } raise ValidationError(detail=error) new_project_new = serializer.validated_data['name'] __project__.open(new_project_new) serializer_new = self.get_serializer(new_project_new) headers = self.get_success_headers(serializer_new.data) return Response(data=serializer_new.data, status=status.HTTP_201_CREATED, headers=headers)
def main(): parser = argparse.ArgumentParser() parser.add_argument("-p", "--project", help="Specify a new or existing project name", action="store", required=False) parser.add_argument("-f", "--file", help="Specify a file to be opened directly", action="store", required=False) parser.add_argument("--version", action="version", version=__version__) args = parser.parse_args() if args.project: __project__.open(args.project) if args.file: if not os.path.exists(args.file): print("ERROR: The specified path does not exist") sys.exit(-1) __sessions__.new(args.file) c = console.Console() c.start()
def run(self): super(pstParse, self).run() pst_path = __sessions__.current.file.path pff_test = subprocess.call('pffexport -V', shell=True) if pff_test == 127: self.log('error', "pffexport not install. Try: 'sudo apt-get install pff-tools'") return new_proj = self.args.proj save_path = self.args.output if new_proj: self.log('info', "Creating New Project") project_name = str(datetime.date.today()) __project__.open('pst_{0}'.format(project_name)) if save_path: save_path = self.args.output else: save_path = tempfile.mkdtemp() self.log('info', "Temp Dir created at {0}".format(save_path)) self.log('info', "Processing Attachments, this might take a while...") counter = self.parse_pst(save_path, pst_path) self.log('success', "Stored {0} Email attachments".format(counter)) if not self.args.keep: try: shutil.rmtree('{0}.export'.format(save_path)) shutil.rmtree(save_path) self.log('info', "Removing Temp Dir") except OSError as e: self.log('error', "Unable to delete tmpdir: {0}".format(e))
def post(self, request, *args, **kwargs): # Get the project and hash of the file project = kwargs.get('project', 'default') file_hash = request.POST.get('file_hash') try: hex_offset = int(request.POST.get('hex_start')) except Exception: return '<p class="text-danger">Error Generating Request</p>' hex_length = 256 # get file path __project__.open(project) hex_path = get_sample_path(file_hash) # create the command string hex_cmd = 'hd -s {0} -n {1} {2}'.format(hex_offset, hex_length, hex_path) # get the output hex_string = getoutput(hex_cmd) # Format the data html_string = '' hex_rows = hex_string.split('\n') for row in hex_rows: if len(row) > 9: off_str = row[0:8] hex_str = row[9:58] asc_str = row[58:78] asc_str = asc_str.replace('"', '"') asc_str = asc_str.replace('<', '<') asc_str = asc_str.replace('>', '>') html_string += '<div class="row"><span class="text-primary mono">{0}</span> \ <span class="text-muted mono">{1}</span> <span class="text-success mono"> \ {2}</span></div>'.format(off_str, hex_str, asc_str) # return the data return HttpResponse(html_string)
def func_wrapper(viewset, *args, **kwargs): log.debug("running decorator: get_project_open_db - called by: {}". format(viewset)) project = viewset.kwargs.get(viewset.lookup_field_project, None) if project == 'default': __project__.open(project) db = Database() elif project in get_project_list(): log.debug("setting project to: {}".format(project)) __project__.open(project) db = Database() else: db = None if not db: error = { "error": { "code": "NotFound", "message": "Project not found: {}".format(project) } } log.error(error) raise NotFound(detail=error) return func(viewset, project=project, db=db, *args, **kwargs)
def post(self, request, *args, **kwargs): # Get the project and hash of the file project = kwargs.get('project', 'default') file_hash = request.POST.get('file_hash') try: hex_offset = int(request.POST.get('hex_start')) except: return '<p class="text-danger">Error Generating Request</p>' hex_length = 256 # get file path __project__.open(project) hex_path = get_sample_path(file_hash) # create the command string hex_cmd = 'hd -s {0} -n {1} {2}'.format(hex_offset, hex_length, hex_path) # get the output hex_string = getoutput(hex_cmd) # Format the data html_string = '' hex_rows = hex_string.split('\n') for row in hex_rows: if len(row) > 9: off_str = row[0:8] hex_str = row[9:58] asc_str = row[58:78] asc_str = asc_str.replace('"', '"') asc_str = asc_str.replace('<', '<') asc_str = asc_str.replace('>', '>') html_string += '<div class="row"><span class="text-primary mono">{0}</span> \ <span class="text-muted mono">{1}</span> <span class="text-success mono"> \ {2}</span></div>'.format(off_str, hex_str, asc_str) # return the data return HttpResponse(html_string)
def file_download(file_hash, project=False): if project in project_list(): __project__.open(project) else: __project__.open('../') project = 'Main' # Open the Database db = Database() # Open a session rows = db.find(key='sha256', value=file_hash) if not rows: return template( 'error.tpl', error="{0} Does not match any hash in the Database".format( file_hash)) path = get_sample_path(rows[0].sha256) if not path: return template('error.tpl', error="File not found on disk") response.content_length = os.path.getsize(path) response.content_type = 'application/octet-stream; charset=UTF-8' data = '' for chunk in File(path).get_chunks(): data += chunk return data
def post(self, request, *args, **kwargs): project_name = request.POST['project'].replace(' ', '_') if project_name not in get_project_list(): log.debug("creating new project: {}".format(project_name)) log.debug("redirecting to project: {}".format(project_name)) __project__.open(project_name) return redirect(reverse('main-page-project', kwargs={'project': project_name}))
def open_db(project): # Check for valid project project_list = __project__.list() if any(d.get('name', None) == project for d in project_list): # Open Project __project__.open(project) # Init DB return Database()
def cmd_projects(self, *args): parser = argparse.ArgumentParser( prog='projects', description="Open a file", epilog="List or switch existing projects") group = parser.add_mutually_exclusive_group() group.add_argument('-l', '--list', action='store_true', help="List all existing projects") group.add_argument('-s', '--switch', metavar='PROJECT NAME', help="Switch to the specified project") try: args = parser.parse_args(args) except: return projects_path = os.path.join(os.getcwd(), 'projects') if not os.path.exists(projects_path): self.log('info', "The projects directory does not exist yet") return if args.list: self.log('info', "Projects Available:") rows = [] for project in os.listdir(projects_path): project_path = os.path.join(projects_path, project) if os.path.isdir(project_path): current = '' if __project__.name and project == __project__.name: current = 'Yes' rows.append([ project, time.ctime(os.path.getctime(project_path)), current ]) self.log( 'table', dict(header=['Project Name', 'Creation Time', 'Current'], rows=rows)) elif args.switch: if __sessions__.is_set(): __sessions__.close() self.log('info', "Closed opened session") __project__.open(args.switch) self.log('info', "Switched to project {0}".format(bold(args.switch))) # Need to re-initialize the Database to open the new SQLite file. self.db = Database() else: self.log('info', parser.print_usage())
def open_db(project): # Check for valid project if project == 'default': __project__.open(project) return Database() else: try: __project__.open(project) return Database() except Exception: return False
def open_db(project): project_list = __project__.list() # Check for valid project if project == 'default': __project__.open(project) elif any(d.get('name', None) == project for d in project_list): # Open Project __project__.open(project) else: return False return Database()
def tags(tag_action=False): # Set DB db = Database() # Search or Delete if request.method == 'GET': action = request.query.action value = request.query.value.strip() if value: if action == 'search': # This will search all projects # Get project list projects = project_list() # Add Main db to list. projects.append('../') # Search All projects p_list = [] results = {} for project in projects: __project__.open(project) # Init DB db = Database() #get results proj_results = [] rows = db.find(key='tag', value=value) for row in rows: if project == '../': project = 'Main' proj_results.append([row.name, row.sha256]) results[project] = proj_results p_list.append(project) # Return the search template return template('search.tpl', projects=p_list, results=results) else: return template( 'error.tpl', error="'{0}' Is not a valid tag action".format(action)) # Add / Delete if request.method == 'POST': file_hash = request.forms.get('sha256') project = request.forms.get('project') tag_name = request.forms.get('tag') if tag_action == 'add': if file_hash and project: tags = request.forms.get('tags') db.add_tags(file_hash, tags) if tag_action == 'del': if file_hash and tag_name: db.delete_tag(tag_name, file_hash) redirect('/file/{0}/{1}'.format(project, file_hash))
def add_file(): tags = request.forms.get('tag_list') uploads = request.files.getlist('file') # Set Project project = request.forms.get('project') if project in project_list(): __project__.open(project) else: __project__.open('../') project = 'Main' db = Database() file_list = [] # Write temp file to disk with upload_temp() as temp_dir: for upload in uploads: file_path = os.path.join(temp_dir, upload.filename) with open(file_path, 'w') as tmp_file: tmp_file.write(upload.file.read()) # Zip Files if request.forms.get('unzip'): zip_pass = request.forms.get('zip_pass') try: with ZipFile(file_path) as zf: zf.extractall(temp_dir, pwd=zip_pass) for root, dirs, files in os.walk(temp_dir, topdown=False): for name in files: if not name == upload.filename: file_list.append(os.path.join(root, name)) except Exception as e: return template('error.tpl', error="Error with zipfile - {0}".format(e)) # Non zip files else: file_list.append(file_path) # Add each file for new_file in file_list: print new_file obj = File(new_file) new_path = store_sample(obj) success = True if new_path: # Add file to the database. success = db.add(obj=obj, tags=tags) if not success: return template( 'error.tpl', error="Unable to Store The File: {0}".format( upload.filename)) redirect("/project/{0}".format(project))
def tags(tag_action=False): # Set DB db = Database() # Search or Delete if request.method == 'GET': action = request.query.action value = request.query.value.strip() if value: if action == 'search': # This will search all projects # Get project list projects = project_list() # Add Main db to list. projects.append('../') # Search All projects p_list = [] results = {} for project in projects: __project__.open(project) # Init DB db = Database() #get results proj_results = [] rows = db.find(key='tag', value=value) for row in rows: if project == '../': project = 'Main' proj_results.append([row.name, row.sha256]) results[project] = proj_results p_list.append(project) # Return the search template return template('search.tpl', projects=p_list, results=results) else: return template('error.tpl', error="'{0}' Is not a valid tag action".format(action)) # Add / Delete if request.method == 'POST': file_hash = request.forms.get('sha256') project = request.forms.get('project') tag_name = request.forms.get('tag') if tag_action == 'add': if file_hash and project: tags = request.forms.get('tags') db.add_tags(file_hash, tags) if tag_action == 'del': if file_hash and tag_name: db.delete_tag(tag_name, file_hash) redirect('/file/{0}/{1}'.format(project, file_hash))
def tags(tag_action=False): # Set DB db = Database() # Search or Delete if request.method == "GET": action = request.query.action value = request.query.value.strip() if value: if action == "search": # This will search all projects # Get project list projects = project_list() # Add Main db to list. projects.append("../") # Search All projects p_list = [] results = {} for project in projects: __project__.open(project) # Init DB db = Database() # get results proj_results = [] rows = db.find(key="tag", value=value) for row in rows: if project == "../": project = "Main" proj_results.append([row.name, row.sha256]) results[project] = proj_results p_list.append(project) # Return the search template return template("search.tpl", projects=p_list, results=results) else: return template("error.tpl", error="'{0}' Is not a valid tag action".format(action)) # Add / Delete if request.method == "POST": file_hash = request.forms.get("sha256") project = request.forms.get("project") tag_name = request.forms.get("tag") if tag_action == "add": if file_hash and project: tags = request.forms.get("tags") db.add_tags(file_hash, tags) if tag_action == "del": if file_hash and tag_name: db.delete_tag(tag_name, file_hash) redirect("/file/{0}/{1}".format(project, file_hash))
def cuckoo_submit(): # Get Query Strings project = request.query.project file_hash = request.query.hash if project in project_list(): __project__.open(project) else: __project__.open("../") project = "Main" # Open the Database db = Database() # Open a session try: path = get_sample_path(file_hash) __sessions__.new(path) except: return '<span class="alert alert-danger">Invalid Submission</span>' try: # Return URI For Existing Entry check_uri = "{0}/files/view/sha256/{1}".format(cuckoo_api, file_hash) check_file = requests.get(check_uri) if check_file.status_code == 200: check_result = dict(check_file.json()) cuckoo_id = check_result["sample"]["id"] return '<a href="{0}/submit/status/{1}" target="_blank"> Link To Cukoo Report</a>'.format( cuckoo_web, str(cuckoo_id) ) except Exception as e: return '<span class="alert alert-danger">Error Connecting To Cuckoo</span>' # If it doesn't exist, submit it. # Get the file data from viper file_data = open(__sessions__.current.file.path, "rb").read() file_name = __sessions__.current.file.name if file_data: # Submit file data to cuckoo uri = "{0}{1}".format(cuckoo_api, "/tasks/create/file") options = {"file": (file_name, file_data)} cuckoo_response = requests.post(uri, files=options) if cuckoo_response.status_code == 200: cuckoo_id = dict(cuckoo_response.json())["task_id"] return '<a href="{0}/submit/status/{1}" target="_blank"> Link To Cukoo Report</a>'.format( cuckoo_web, str(cuckoo_id) ) else: return '<span class="alert alert-danger">Unable to Submit File</span>'
def cmd_projects(self, *args): parser = argparse.ArgumentParser(prog='projects', description="Open a file", epilog="List or switch existing projects") group = parser.add_mutually_exclusive_group() group.add_argument('-l', '--list', action='store_true', help="List all existing projects") group.add_argument('-s', '--switch', metavar='PROJECT NAME', help="Switch to the specified project") try: args = parser.parse_args(args) except: return cfg = Config() if cfg.paths.storage_path: base_path = cfg.paths.storage_path else: base_path = os.path.join(expanduser("~"), '.viper') projects_path = os.path.join(base_path, 'projects') if not os.path.exists(projects_path): self.log('info', "The projects directory does not exist yet") return if args.list: self.log('info', "Projects Available:") rows = [] for project in os.listdir(projects_path): project_path = os.path.join(projects_path, project) if os.path.isdir(project_path): current = '' if __project__.name and project == __project__.name: current = 'Yes' rows.append([project, time.ctime(os.path.getctime(project_path)), current]) self.log('table', dict(header=['Project Name', 'Creation Time', 'Current'], rows=rows)) elif args.switch: if __sessions__.is_set(): __sessions__.close() self.log('info', "Closed opened session") __project__.open(args.switch) self.log('info', "Switched to project {0}".format(bold(args.switch))) # Need to re-initialize the Database to open the new SQLite file. self.db = Database() else: self.log('info', parser.print_usage())
def file_info(file_hash, project=False): contents = {} if project in project_list(): __project__.open(project) contents['project'] = project else: __project__.open('../') contents['project'] = 'Main' # Open the Database db = Database() # Open a session try: path = get_sample_path(file_hash) __sessions__.new(path) except: return template('error.tpl', error="{0} Does not match any hash in the Database".format(file_hash)) # Get the file info contents['file_info'] = [ __sessions__.current.file.name, __sessions__.current.file.tags, __sessions__.current.file.path, __sessions__.current.file.size, __sessions__.current.file.type, __sessions__.current.file.mime, __sessions__.current.file.md5, __sessions__.current.file.sha1, __sessions__.current.file.sha256, __sessions__.current.file.sha512, __sessions__.current.file.ssdeep, __sessions__.current.file.crc32 ] # Get Any Notes note_list = [] malware = db.find(key='sha256', value=file_hash) if malware: notes = malware[0].note if notes: rows = [] for note in notes: note_list.append([note.title, note.body, note.id]) contents['notes'] = note_list # Close the session __sessions__.close() # Return the page return template('file.tpl', **contents)
def cuckoo_submit(): # Get Query Strings project = request.query.project file_hash = request.query.hash if project in project_list(): __project__.open(project) else: __project__.open('../') project = 'Main' # Open the Database db = Database() # Open a session try: path = get_sample_path(file_hash) __sessions__.new(path) except: return '<span class="alert alert-danger">Invalid Submission</span>' try: # Return URI For Existing Entry check_uri = '{0}/files/view/sha256/{1}'.format(cuckoo_api, file_hash) check_file = requests.get(check_uri) if check_file.status_code == 200: check_result = dict(check_file.json()) cuckoo_id = check_result['sample']['id'] return '<a href="{0}/analysis/{1}" target="_blank"> Link To Cukoo Report</a>'.format( cuckoo_web, str(cuckoo_id)) except Exception as e: return '<span class="alert alert-danger">Error Connecting To Cuckoo</span>' # If it doesn't exist, submit it. # Get the file data from viper file_data = open(__sessions__.current.file.path, 'rb').read() file_name = __sessions__.current.file.name if file_data: # Submit file data to cuckoo uri = '{0}{1}'.format(cuckoo_api, '/tasks/create/file') options = {'file': (file_name, file_data)} cuckoo_response = requests.post(uri, files=options) if cuckoo_response.status_code == 200: cuckoo_id = dict(cuckoo_response.json())['task_id'] return '<a href="{0}/analysis/{1}" target="_blank"> Link To Cukoo Report</a>'.format( cuckoo_web, str(cuckoo_id)) else: return '<span class="alert alert-danger">Unable to Submit File</span>'
def add_file(): tags = request.forms.get('tag_list') upload = request.files.get('file') # Set Project project = request.forms.get('project') if project in project_list(): __project__.open(project) else: __project__.open('../') project = 'Main' db = Database() # Write temp file to disk with upload_temp() as temp_dir: file_path = os.path.join(temp_dir, upload.filename) with open(file_path, 'w') as tmp_file: tmp_file.write(upload.file.read()) file_list = [] # Zip Files if request.forms.get('unzip'): zip_pass = request.forms.get('zip_pass') try: with ZipFile(file_path) as zf: zf.extractall(temp_dir, pwd=zip_pass) for root, dirs, files in os.walk(temp_dir, topdown=False): for name in files: if not name == upload.filename: file_list.append(os.path.join(root, name)) except Exception as e: return template('error.tpl', error="Error with zipfile - {0}".format(e)) # Non zip files else: file_list.append(file_path) # Add each file for new_file in file_list: obj = File(new_file) new_path = store_sample(obj) success = False if new_path: # Add file to the database. success = db.add(obj=obj, tags=tags) if success: redirect("/project/{0}".format(project)) else: return template('error.tpl', error="Unable to Store The File")
def cmd_projects(self, *args): parser = argparse.ArgumentParser( prog="projects", description="Open a file", epilog="List or switch existing projects" ) group = parser.add_mutually_exclusive_group() group.add_argument("-l", "--list", action="store_true", help="List all existing projects") group.add_argument("-s", "--switch", metavar="PROJECT NAME", help="Switch to the specified project") try: args = parser.parse_args(args) except: return projects_path = os.path.join(os.getcwd(), "projects") if not os.path.exists(projects_path): self.log("info", "The projects directory does not exist yet") return if args.list: self.log("info", "Projects Available:") rows = [] for project in os.listdir(projects_path): project_path = os.path.join(projects_path, project) if os.path.isdir(project_path): current = "" if __project__.name and project == __project__.name: current = "Yes" rows.append([project, time.ctime(os.path.getctime(project_path)), current]) self.log("table", dict(header=["Project Name", "Creation Time", "Current"], rows=rows)) elif args.switch: if __sessions__.is_set(): __sessions__.close() self.log("info", "Closed opened session") __project__.open(args.switch) self.log("info", "Switched to project {0}".format(bold(args.switch))) # Need to re-initialize the Database to open the new SQLite file. self.db = Database() else: self.log("info", parser.print_usage())
def run(self): super(PST, self).run() if not __sessions__.is_set(): self.log( 'error', "No open session. This command expects a file to be open.") return pst_path = __sessions__.current.file.path pff_test = subprocess.call('pffexport -V', shell=True) if pff_test == 127: self.log( 'error', "pffexport not installed. Try: 'sudo apt-get install pff-tools'" ) return new_proj = self.args.proj save_path = self.args.output if new_proj: self.log('info', "Creating New Project") project_name = str(datetime.date.today()) __project__.open('pst_{0}'.format(project_name)) if save_path: save_path = self.args.output else: save_path = tempfile.mkdtemp() self.log('info', "Temp Dir created at {0}".format(save_path)) self.log('info', "Processing Attachments, this might take a while...") counter = self.parse_pst(save_path, pst_path) self.log('success', "Stored {0} Email attachments".format(counter)) if not self.args.keep: try: shutil.rmtree('{0}.export'.format(save_path)) shutil.rmtree(save_path) self.log('info', "Removing Temp Dir") except OSError as e: self.log('error', "Unable to delete tmpdir: {0}".format(e))
def run(self, *args): try: args = self.parser.parse_args(args) except SystemExit: return if cfg.get('paths').storage_path: base_path = cfg.get('paths').storage_path else: base_path = os.path.join(expanduser("~"), '.viper') projects_path = os.path.join(base_path, 'projects') if args.list: if not os.path.exists(projects_path): self.log('info', "The projects directory does not exist yet") return self.log('info', "Projects Available:") rows = [] for project in os.listdir(projects_path): project_path = os.path.join(projects_path, project) if os.path.isdir(project_path): current = '' if __project__.name and project == __project__.name: current = 'Yes' rows.append([project, time.ctime(os.path.getctime(project_path)), current]) self.log('table', dict(header=['Project Name', 'Creation Time', 'Current'], rows=rows)) elif args.switch: if __sessions__.is_set(): __sessions__.close() self.log('info', "Closed opened session") __project__.open(args.switch) self.log('info', "Switched to project {0}".format(bold(args.switch))) # Need to re-initialize the Database to open the new SQLite file. db.__init__() else: self.log('info', self.parser.print_usage())
def func_wrapper(viewset, *args, **kwargs): log.debug("running decorator: get_project_open_db - called by: {}".format(viewset)) project = viewset.kwargs.get(viewset.lookup_field_project, None) if project == 'default': __project__.open(project) db = Database() elif project in get_project_list(): log.debug("setting project to: {}".format(project)) __project__.open(project) db = Database() else: db = None if not db: error = {"error": {"code": "NotFound", "message": "Project not found: {}".format(project)}} log.error(error) raise NotFound(detail=error) return func(viewset, project=project, db=db, *args, **kwargs)
def run_module(): # Optional Project project = request.forms.get('project') # Optional sha256 sha256 = request.forms.get('sha256') # Not Optional Command Line Args cmd_line = request.forms.get('cmdline') if project: __project__.open(project) else: __project__.open('../') if sha256: file_path = get_sample_path(sha256) if file_path: __sessions__.new(file_path) if not cmd_line: response.code = 404 return jsonize({'message':'Invalid command line'}) results = module_cmdline(cmd_line, sha256) __sessions__.close() return jsonize(results)
def run_module(): project = request.forms.get('project') if project: __project__.open(project) sha256 = request.forms.get('sha256') if sha256: file_path = get_sample_path(sha256) if file_path: __sessions__.new(file_path) module_name = request.forms.get('module') if module_name in __modules__: module = __modules__[module_name]['obj']() module.run() module_output = copy.deepcopy(module.output) del(module.output[:]) if module_output: return jsonize(dict(project=project, module=module_name, sha256=sha256, output=module_output))
def landing(p=False): contents = {} if p in project_list(): __project__.open(p) contents['p'] = p else: __project__.open("../") contents['p'] = 'Main' db = Database() # Pagination # 25 per page value = 25 offset = 0 contents['count'] = db.get_sample_count() page = request.query.page if not page: page = 0 offset = int(page) * int(value) contents['act_page'] = page contents['latest'] = db.find('latest', value=value, offset=offset) # return the Template return template('index.tpl', **contents)
def create(self, request, project=None, db=None, *args, **kwargs): """Create a new Project""" # kwargs provided by URLs/Routers: - serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) if serializer.validated_data['name'] in get_project_list(): # exists already # return Response(data=serializer.validated_data, status=status.HTTP_200_OK) error = {"error": {"code": "ExistsAlready", "message": "Project exists already: {}".format(serializer.validated_data['name'])}} raise ValidationError(detail=error) new_project_new = serializer.validated_data['name'] __project__.open(new_project_new) serializer_new = self.get_serializer(new_project_new) headers = self.get_success_headers(serializer_new.data) return Response(data=serializer_new.data, status=status.HTTP_201_CREATED, headers=headers)
def landing(p=False): contents = {} if p in project_list(): __project__.open(p) contents["p"] = p else: __project__.open("../") contents["p"] = "Main" db = Database() # Pagination # 25 per page value = 25 offset = 0 contents["count"] = db.get_sample_count() page = request.query.page if not page: page = 0 offset = int(page) * int(value) contents["act_page"] = page contents["latest"] = db.find("latest", value=value, offset=offset) # return the Template return template("index.tpl", **contents)
def file_download(file_hash, project=False): if project in project_list(): __project__.open(project) else: __project__.open('../') project = 'Main' # Open the Database db = Database() # Open a session rows = db.find(key='sha256', value=file_hash) if not rows: return template('error.tpl', error="{0} Does not match any hash in the Database".format(file_hash)) path = get_sample_path(rows[0].sha256) if not path: return template('error.tpl', error="File not found on disk") response.content_length = os.path.getsize(path) response.content_type = 'application/octet-stream; charset=UTF-8' data = '' for chunk in File(path).get_chunks(): data += chunk return data
def find_file(): key = request.forms.get('key') value = request.forms.get('term').lower() project_search = request.forms.get('project') curr_project = request.forms.get('curr_project') results = {} projects = [] if project_search: # Get list of project paths projects_path = os.path.join(os.getcwd(), 'projects') if os.path.exists(projects_path): for name in os.listdir(projects_path): projects.append(name) projects.append('../') else: # If not searching all projects what are we searching if curr_project == 'Main': projects.append('../') else: projects.append(curr_project) # Search each Project in the list for project in projects: __project__.open(project) # Init DB db = Database() #get results proj_results = [] rows = db.find(key=key, value=value) for row in rows: if project == '../': project = 'Main' proj_results.append([row.name, row.sha256]) results[project] = proj_results return template('search.tpl', results=results)
def find_file(): key = request.forms.get("key") value = request.forms.get("term").lower() project_search = request.forms.get("project") curr_project = request.forms.get("curr_project") results = {} projects = [] if project_search: # Get list of project paths projects_path = os.path.join(os.getcwd(), "projects") if os.path.exists(projects_path): for name in os.listdir(projects_path): projects.append(name) projects.append("../") else: # If not searching all projects what are we searching if curr_project == "Main": projects.append("../") else: projects.append(curr_project) # Search each Project in the list for project in projects: __project__.open(project) # Init DB db = Database() # get results proj_results = [] rows = db.find(key=key, value=value) for row in rows: if project == "../": project = "Main" proj_results.append([row.name, row.sha256]) results[project] = proj_results return template("search.tpl", results=results)
def find_file(): key = request.forms.get('key') value = request.forms.get('term') project_search = request.forms.get('project') curr_project = request.forms.get('curr_project') results = {} projects = [] if project_search: # Get list of project paths projects_path = os.path.join(os.getcwd(), 'projects') if os.path.exists(projects_path): for name in os.listdir(projects_path): projects.append(name) projects.append('../') else: # If not searching all projects what are we searching if curr_project == 'Main': projects.append('../') else: projects.append(curr_project) # Search each Project in the list for project in projects: __project__.open(project) # Init DB db = Database() #get results proj_results = [] rows = db.find(key=key, value=value) for row in rows: if project == '../': project = 'Main' proj_results.append([row.name, row.sha256]) results[project] = proj_results return template('search.tpl', results=results)
#!/usr/bin/env python # This file is part of Viper - https://github.com/viper-framework/viper # See the file 'LICENSE' for copying permission. import os import argparse from viper.core.project import __project__ parser = argparse.ArgumentParser() parser.add_argument('-p', '--project', help='Specify a new or existing project name', action='store', required=False) args = parser.parse_args() if args.project: __project__.open(args.project) ''' IMPORTANT The Console import needs to be called after the project is set. Otherwise the table prefixes are not created properly. ''' from viper.core.ui import console config_file = 'viper.conf' if not os.path.exists(config_file): print "" print "[!] Unable to find config file at {0}".format(config_file) print "" else: c = console.Console() c.start()
def copy(self, id, src_project, dst_project, copy_analysis=True, copy_notes=True, copy_tags=True, copy_children=True, _parent_sha256=None): # noqa session = self.Session() # make sure to open source project __project__.open(src_project) # get malware from DB malware = session.query(Malware). \ options(subqueryload(Malware.analysis)). \ options(subqueryload(Malware.note)). \ options(subqueryload(Malware.parent)). \ options(subqueryload(Malware.tag)). \ get(id) # get path and load file from disk malware_path = get_sample_path(malware.sha256) sample = File(malware_path) sample.name = malware.name log.debug("Copying ID: {} ({}): from {} to {}".format( malware.id, malware.name, src_project, dst_project)) # switch to destination project, add to DB and store on disk __project__.open(dst_project) dst_db = Database() dst_db.add(sample) store_sample(sample) print_success("Copied: {} ({})".format(malware.sha256, malware.name)) if copy_analysis: log.debug("copy analysis..") for analysis in malware.analysis: dst_db.add_analysis(malware.sha256, cmd_line=analysis.cmd_line, results=analysis.results) if copy_notes: log.debug("copy notes..") for note in malware.note: dst_db.add_note(malware.sha256, title=note.title, body=note.body) if copy_tags: log.debug("copy tags..") dst_db.add_tags(malware.sha256, [x.tag for x in malware.tag]) if copy_children: children = session.query(Malware).filter( Malware.parent_id == malware.id).all() if not children: pass else: _parent_sha256 = malware.sha256 # set current recursion item as parent for child in children: self.copy(child.id, src_project=src_project, dst_project=dst_project, copy_analysis=copy_analysis, copy_notes=copy_notes, copy_tags=copy_tags, copy_children=copy_children, _parent_sha256=_parent_sha256) # restore parent-child relationships log.debug("add parent {} to child {}".format( _parent_sha256, child.sha256)) if _parent_sha256: dst_db.add_parent(child.sha256, _parent_sha256) # switch back to source project __project__.open(src_project) # store tuple of ID (in source project) and sha256 of copied samples self.copied_id_sha256.append((malware.id, malware.sha256)) return True
def copy(self, id, src_project, dst_project, copy_analysis=True, copy_notes=True, copy_tags=True, copy_children=True, _parent_sha256=None): # noqa session = self.Session() # make sure to open source project __project__.open(src_project) # get malware from DB malware = session.query(Malware). \ options(subqueryload(Malware.analysis)). \ options(subqueryload(Malware.note)). \ options(subqueryload(Malware.parent)). \ options(subqueryload(Malware.tag)). \ get(id) # get path and load file from disk malware_path = get_sample_path(malware.sha256) sample = File(malware_path) sample.name = malware.name log.debug("Copying ID: {} ({}): from {} to {}".format(malware.id, malware.name, src_project, dst_project)) # switch to destination project, add to DB and store on disk __project__.open(dst_project) dst_db = Database() dst_db.add(sample) store_sample(sample) print_success("Copied: {} ({})".format(malware.sha256, malware.name)) if copy_analysis: log.debug("copy analysis..") for analysis in malware.analysis: dst_db.add_analysis(malware.sha256, cmd_line=analysis.cmd_line, results=analysis.results) if copy_notes: log.debug("copy notes..") for note in malware.note: dst_db.add_note(malware.sha256, title=note.title, body=note.body) if copy_tags: log.debug("copy tags..") dst_db.add_tags(malware.sha256, [x.tag for x in malware.tag]) if copy_children: children = session.query(Malware).filter(Malware.parent_id == malware.id).all() if not children: pass else: _parent_sha256 = malware.sha256 # set current recursion item as parent for child in children: self.copy(child.id, src_project=src_project, dst_project=dst_project, copy_analysis=copy_analysis, copy_notes=copy_notes, copy_tags=copy_tags, copy_children=copy_children, _parent_sha256=_parent_sha256) # restore parent-child relationships log.debug("add parent {} to child {}".format(_parent_sha256, child.sha256)) if _parent_sha256: dst_db.add_parent(child.sha256, _parent_sha256) # switch back to source project __project__.open(src_project) # store tuple of ID (in source project) and sha256 of copied samples self.copied_id_sha256.append((malware.id, malware.sha256)) return True
def run(self, *args): try: args = self.parser.parse_args(args) except SystemExit: return if __config__.get("paths").storage_path: base_path = __config__.get("paths").storage_path else: base_path = os.path.join(expanduser("~"), ".viper") projects_path = os.path.join(base_path, "projects") if args.list: if not os.path.exists(projects_path): self.log("info", "No projects have been created yet") return self.log("info", "Projects Available:") rows = [] for project in os.listdir(projects_path): project_path = os.path.join(projects_path, project) if os.path.isdir(project_path): current = "" if __project__.name and project == __project__.name: current = "Yes" rows.append([ project, time.ctime(os.path.getctime(project_path)), current ]) self.log( "table", dict(header=["Project Name", "Creation Time", "Current"], rows=rows)) elif args.switch: if __sessions__.is_set(): __sessions__.close() self.log("info", "Closed opened session") __project__.open(args.switch) self.log("info", "Switched to project {0}".format(bold(args.switch))) # Need to re-initialize the Database to open the new SQLite file. Database().__init__() elif args.close: if __project__.name != "default": if __sessions__.is_set(): __sessions__.close() __project__.close() elif args.delete: project_to_delete = args.delete if project_to_delete == "default": self.log("error", "You can't delete the \"default\" project") return # If it"s the currently opened project, we close it. if project_to_delete == __project__.name: # We close any opened session. if __sessions__.is_set(): __sessions__.close() __project__.close() project_path = os.path.join(projects_path, project_to_delete) if not os.path.exists(project_path): self.log( "error", "The folder for project \"{}\" does not seem to exist". format(project_to_delete)) return self.log( "info", "You asked to delete project with name \"{}\" located at \"{}\"" .format(project_to_delete, project_path)) confirm = input( "Are you sure you want to delete the project? You will permanently delete all associated files! [y/N] " ) if confirm.lower() != "y": return try: shutil.rmtree(project_path) except Exception as e: self.log( "error", "Something failed while trying to delete folder: {}". format(e)) return self.log( "info", "Project \"{}\" was delete successfully".format( project_to_delete)) else: self.log("info", self.parser.print_usage())
def cmd_projects(self, *args): def usage(): print("usage: projects [-h] [-l] [-s=project]") def help(): usage() print("") print("Options:") print("\t--help (-h)\tShow this help message") print("\t--list (-l)\tList all existing projects") print("\t--switch (-s)\tSwitch to the specified project") print("") try: opts, argv = getopt.getopt(args, "hls:", ["help", "list", "switch="]) except getopt.GetoptError as e: print(e) usage() return arg_list = False arg_switch = None for opt, value in opts: if opt in ("-h", "--help"): help() return elif opt in ("-l", "--list"): arg_list = True elif opt in ("-s", "--switch"): arg_switch = value projects_path = os.path.join(os.getcwd(), "projects") if not os.path.exists(projects_path): print_info("The projects directory does not exist yet") return if arg_list: print_info("Projects Available:") rows = [] for project in os.listdir(projects_path): project_path = os.path.join(projects_path, project) if os.path.isdir(project_path): current = "" if __project__.name and project == __project__.name: current = "Yes" rows.append([project, time.ctime(os.path.getctime(project_path)), current]) print(table(header=["Project Name", "Creation Time", "Current"], rows=rows)) return elif arg_switch: if __sessions__.is_set(): __sessions__.close() print_info("Closed opened session") __project__.open(arg_switch) print_info("Switched to project {0}".format(bold(arg_switch))) # Need to re-initialize the Database to open the new SQLite file. self.db = Database() return usage()
#!/usr/bin/env python # This file is part of Viper - https://github.com/botherder/viper # See the file 'LICENSE' for copying permission. import argparse from viper.core.ui import console from viper.core.project import __project__ parser = argparse.ArgumentParser() parser.add_argument('-p', '--project', help='Specify a new or existing project name', action='store', required=False) args = parser.parse_args() if args.project: __project__.open(args.project) c = console.Console() c.start()
def create_project(request): project_name = request.POST['project'].replace(' ', '_') __project__.open(project_name) return redirect('/project/{0}'.format(project_name))
def cmd_projects(self, *args): def usage(): print("usage: projects [-h] [-l] [-s=project]") def help(): usage() print("") print("Options:") print("\t--help (-h)\tShow this help message") print("\t--list (-l)\tList all existing projects") print("\t--switch (-s)\tSwitch to the specified project") print("") try: opts, argv = getopt.getopt(args, 'hls:', ['help', 'list', 'switch=']) except getopt.GetoptError as e: print(e) usage() return arg_list = False arg_switch = None for opt, value in opts: if opt in ('-h', '--help'): help() return elif opt in ('-l', '--list'): arg_list = True elif opt in ('-s', '--switch'): arg_switch = value projects_path = os.path.join(os.getcwd(), 'projects') if not os.path.exists(projects_path): print_info("The projects directory does not exist yet") return if arg_list: print_info("Projects Available:") rows = [] for project in os.listdir(projects_path): project_path = os.path.join(projects_path, project) if os.path.isdir(project_path): current = '' if __project__.name and project == __project__.name: current = 'Yes' rows.append([ project, time.ctime(os.path.getctime(project_path)), current ]) print( table(header=['Project Name', 'Creation Time', 'Current'], rows=rows)) return elif arg_switch: if __sessions__.is_set(): __sessions__.close() print_info("Closed opened session") __project__.open(arg_switch) print_info("Switched to project {0}".format(bold(arg_switch))) # Need to re-initialize the Database to open the new SQLite file. self.db = Database() return usage()
def add_project(): project_name = request.forms.get('project').strip() __project__.open(project_name) redirect('/project/{0}'.format(project_name))
def add_file(): tags = request.forms.get('tag_list') uploads = request.files.getlist('file') # Set Project project = request.forms.get('project') if project in project_list(): __project__.open(project) else: __project__.open('../') project = 'Main' db = Database() file_list = [] # Write temp file to disk with upload_temp() as temp_dir: for upload in uploads: file_path = os.path.join(temp_dir, upload.filename) with open(file_path, 'w') as tmp_file: tmp_file.write(upload.file.read()) # Zip Files if request.forms.get('compression') == 'zip': zip_pass = request.forms.get('zip_pass') try: with ZipFile(file_path) as zf: zf.extractall(temp_dir, pwd=zip_pass) for root, dirs, files in os.walk(temp_dir, topdown=False): for name in files: if not name == upload.filename: file_list.append(os.path.join(root, name)) except Exception as e: return template('error.tpl', error="Error with zipfile - {0}".format(e)) # GZip Files elif request.forms.get('compression') == 'gz': try: gzf = GzipFile(file_path, 'rb') decompress = gzf.read() gzf.close() with open(file_path[:-3], "wb") as df: df.write(decompress) file_list.append(file_path[:-3]) except Exception as e: return template( 'error.tpl', error="Error with gzipfile - {0}".format(e)) # BZip2 Files elif request.forms.get('compression') == 'bz2': try: bz2f = BZ2File(file_path, 'rb') decompress = bz2f.read() bz2f.close() with open(file_path[:-3], "wb") as df: df.write(decompress) file_list.append(file_path[:-3]) except Exception as e: return template( 'error.tpl', error="Error with bzip2file - {0}".format(e)) # Tar Files (any, including tar.gz tar.bz2) elif request.forms.get('compression') == 'tar': try: if not tarfile.is_tarfile(file_path): return template('error.tpl', error="This is not a tar file") with tarfile.open(file_path, 'r:*') as tarf: tarf.extractall(temp_dir) for root, dirs, files in os.walk(temp_dir, topdown=False): for name in files: if not name == upload.filename: file_list.append(os.path.join(root, name)) except Exception as e: return template('error.tpl', error="Error with tarfile - {0}".format(e)) # Non zip files elif request.forms.get('compression') == 'none': file_list.append(file_path) # Add each file for new_file in file_list: print new_file obj = File(new_file) new_path = store_sample(obj) success = True if new_path: # Add file to the database. success = db.add(obj=obj, tags=tags) if not success: return template( 'error.tpl', error="Unable to Store The File: {0}".format( upload.filename)) redirect("/project/{0}".format(project))
def find_file(): def details(row): tags = [] for tag in row.tag: tags.append(tag.tag) entry = dict( id=row.id, name=row.name, type=row.type, size=row.size, md5=row.md5, sha1=row.sha1, sha256=row.sha256, sha512=row.sha512, crc32=row.crc32, ssdeep=row.ssdeep, created_at=row.created_at.__str__(), tags=tags ) return entry for entry in ['md5', 'sha256', 'ssdeep', 'tag', 'name', 'all','latest']: value = request.forms.get(entry) if value: key = entry break if not value: response.code = 400 return jsonize({'message':'Invalid search term'}) # Get the scope of the search project_search = request.forms.get('project') projects = [] results = {} if project_search and project_search == 'all': # Get list of project paths projects_path = os.path.join(os.getcwd(), 'projects') if os.path.exists(projects_path): for name in os.listdir(projects_path): projects.append(name) projects.append('../') # Specific Project elif project_search: projects.append(project_search) # Primary else: projects.append('../') # Search each Project in the list for project in projects: __project__.open(project) # Init DB db = Database() #get results proj_results = [] rows = db.find(key=key, value=value) for row in rows: if project == '../': project = 'default' proj_results.append(details(row)) results[project] = proj_results return jsonize(results)