def run_module():
project = request.forms.get('project')
if project:
__project__.open(project)
sha256 = request.forms.get('sha256')
if sha256:
file_path = get_sample_path(sha256)
if file_path:
__sessions__.new(file_path)
module_name = request.forms.get('module')
if module_name in __modules__:
module = __modules__[module_name]['obj']()
module.run()
module_output = copy.deepcopy(module.output)
del (module.output[:])
if module_output:
return jsonize(
dict(project=project,
module=module_name,
sha256=sha256,
output=module_output))
def module_cmdline(project=None, cmd_line=None, file_hash=None):
html = ""
cmd = Commands()
split_commands = cmd_line.split(';')
for split_command in split_commands:
split_command = split_command.strip()
if not split_command:
continue
root, args = parse(split_command)
try:
if root in cmd.commands:
cmd.commands[root]['obj'](*args)
html += print_output(cmd.output)
del (cmd.output[:])
elif root in __modules__:
# if prev commands did not open a session open one on the current file
if file_hash:
__project__.open(project)
path = get_sample_path(file_hash)
__sessions__.new(path)
module = __modules__[root]['obj']()
module.set_commandline(args)
module.run()
html += print_output(module.output)
if cfg.modules.store_output and __sessions__.is_set():
Database().add_analysis(file_hash, split_command, module.output)
del (module.output[:])
else:
html += '<p class="text-danger">{0} is not a valid command</p>'.format(cmd_line)
except Exception:
html += '<p class="text-danger">We were unable to complete the command {0}</p>'.format(cmd_line)
__sessions__.close()
return html
def create(self, request, project=None, db=None, *args, **kwargs):
"""Create a new Project"""
# kwargs provided by URLs/Routers: -
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
if serializer.validated_data['name'] in get_project_list():
# exists already
# return Response(data=serializer.validated_data, status=status.HTTP_200_OK)
error = {
"error": {
"code":
"ExistsAlready",
"message":
"Project exists already: {}".format(
serializer.validated_data['name'])
}
}
raise ValidationError(detail=error)
new_project_new = serializer.validated_data['name']
__project__.open(new_project_new)
serializer_new = self.get_serializer(new_project_new)
headers = self.get_success_headers(serializer_new.data)
return Response(data=serializer_new.data,
status=status.HTTP_201_CREATED,
headers=headers)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("-p",
"--project",
help="Specify a new or existing project name",
action="store",
required=False)
parser.add_argument("-f",
"--file",
help="Specify a file to be opened directly",
action="store",
required=False)
parser.add_argument("--version", action="version", version=__version__)
args = parser.parse_args()
if args.project:
__project__.open(args.project)
if args.file:
if not os.path.exists(args.file):
print("ERROR: The specified path does not exist")
sys.exit(-1)
__sessions__.new(args.file)
c = console.Console()
c.start()
def run(self):
super(pstParse, self).run()
pst_path = __sessions__.current.file.path
pff_test = subprocess.call('pffexport -V', shell=True)
if pff_test == 127:
self.log('error', "pffexport not install. Try: 'sudo apt-get install pff-tools'")
return
new_proj = self.args.proj
save_path = self.args.output
if new_proj:
self.log('info', "Creating New Project")
project_name = str(datetime.date.today())
__project__.open('pst_{0}'.format(project_name))
if save_path:
save_path = self.args.output
else:
save_path = tempfile.mkdtemp()
self.log('info', "Temp Dir created at {0}".format(save_path))
self.log('info', "Processing Attachments, this might take a while...")
counter = self.parse_pst(save_path, pst_path)
self.log('success', "Stored {0} Email attachments".format(counter))
if not self.args.keep:
try:
shutil.rmtree('{0}.export'.format(save_path))
shutil.rmtree(save_path)
self.log('info', "Removing Temp Dir")
except OSError as e:
self.log('error', "Unable to delete tmpdir: {0}".format(e))
def post(self, request, *args, **kwargs):
# Get the project and hash of the file
project = kwargs.get('project', 'default')
file_hash = request.POST.get('file_hash')
try:
hex_offset = int(request.POST.get('hex_start'))
except Exception:
return '<p class="text-danger">Error Generating Request</p>'
hex_length = 256
# get file path
__project__.open(project)
hex_path = get_sample_path(file_hash)
# create the command string
hex_cmd = 'hd -s {0} -n {1} {2}'.format(hex_offset, hex_length, hex_path)
# get the output
hex_string = getoutput(hex_cmd)
# Format the data
html_string = ''
hex_rows = hex_string.split('\n')
for row in hex_rows:
if len(row) > 9:
off_str = row[0:8]
hex_str = row[9:58]
asc_str = row[58:78]
asc_str = asc_str.replace('"', '"')
asc_str = asc_str.replace('<', '<')
asc_str = asc_str.replace('>', '>')
html_string += '<div class="row"><span class="text-primary mono">{0}</span> \
<span class="text-muted mono">{1}</span> <span class="text-success mono"> \
{2}</span></div>'.format(off_str, hex_str, asc_str)
# return the data
return HttpResponse(html_string)
def module_cmdline(project=None, cmd_line=None, file_hash=None):
html = ""
cmd = Commands()
split_commands = cmd_line.split(';')
for split_command in split_commands:
split_command = split_command.strip()
if not split_command:
continue
root, args = parse(split_command)
try:
if root in cmd.commands:
cmd.commands[root]['obj'](*args)
html += print_output(cmd.output)
del (cmd.output[:])
elif root in __modules__:
# if prev commands did not open a session open one on the current file
if file_hash:
__project__.open(project)
path = get_sample_path(file_hash)
__sessions__.new(path)
module = __modules__[root]['obj']()
module.set_commandline(args)
module.run()
html += print_output(module.output)
if cfg.modules.store_output and __sessions__.is_set():
Database().add_analysis(file_hash, split_command, module.output)
del (module.output[:])
else:
html += '<p class="text-danger">{0} is not a valid command</p>'.format(cmd_line)
except Exception:
html += '<p class="text-danger">We were unable to complete the command {0}</p>'.format(cmd_line)
__sessions__.close()
return html
def func_wrapper(viewset, *args, **kwargs):
log.debug("running decorator: get_project_open_db - called by: {}".
format(viewset))
project = viewset.kwargs.get(viewset.lookup_field_project, None)
if project == 'default':
__project__.open(project)
db = Database()
elif project in get_project_list():
log.debug("setting project to: {}".format(project))
__project__.open(project)
db = Database()
else:
db = None
if not db:
error = {
"error": {
"code": "NotFound",
"message": "Project not found: {}".format(project)
}
}
log.error(error)
raise NotFound(detail=error)
return func(viewset, project=project, db=db, *args, **kwargs)
def post(self, request, *args, **kwargs):
# Get the project and hash of the file
project = kwargs.get('project', 'default')
file_hash = request.POST.get('file_hash')
try:
hex_offset = int(request.POST.get('hex_start'))
except:
return '<p class="text-danger">Error Generating Request</p>'
hex_length = 256
# get file path
__project__.open(project)
hex_path = get_sample_path(file_hash)
# create the command string
hex_cmd = 'hd -s {0} -n {1} {2}'.format(hex_offset, hex_length, hex_path)
# get the output
hex_string = getoutput(hex_cmd)
# Format the data
html_string = ''
hex_rows = hex_string.split('\n')
for row in hex_rows:
if len(row) > 9:
off_str = row[0:8]
hex_str = row[9:58]
asc_str = row[58:78]
asc_str = asc_str.replace('"', '"')
asc_str = asc_str.replace('<', '<')
asc_str = asc_str.replace('>', '>')
html_string += '<div class="row"><span class="text-primary mono">{0}</span> \
<span class="text-muted mono">{1}</span> <span class="text-success mono"> \
{2}</span></div>'.format(off_str, hex_str, asc_str)
# return the data
return HttpResponse(html_string)
def file_download(file_hash, project=False):
if project in project_list():
__project__.open(project)
else:
__project__.open('../')
project = 'Main'
# Open the Database
db = Database()
# Open a session
rows = db.find(key='sha256', value=file_hash)
if not rows:
return template(
'error.tpl',
error="{0} Does not match any hash in the Database".format(
file_hash))
path = get_sample_path(rows[0].sha256)
if not path:
return template('error.tpl', error="File not found on disk")
response.content_length = os.path.getsize(path)
response.content_type = 'application/octet-stream; charset=UTF-8'
data = ''
for chunk in File(path).get_chunks():
data += chunk
return data
def post(self, request, *args, **kwargs):
project_name = request.POST['project'].replace(' ', '_')
if project_name not in get_project_list():
log.debug("creating new project: {}".format(project_name))
log.debug("redirecting to project: {}".format(project_name))
__project__.open(project_name)
return redirect(reverse('main-page-project', kwargs={'project': project_name}))
def post(self, request, *args, **kwargs):
project_name = request.POST['project'].replace(' ', '_')
if project_name not in get_project_list():
log.debug("creating new project: {}".format(project_name))
log.debug("redirecting to project: {}".format(project_name))
__project__.open(project_name)
return redirect(reverse('main-page-project', kwargs={'project': project_name}))
def open_db(project):
# Check for valid project
project_list = __project__.list()
if any(d.get('name', None) == project for d in project_list):
# Open Project
__project__.open(project)
# Init DB
return Database()
def cmd_projects(self, *args):
parser = argparse.ArgumentParser(
prog='projects',
description="Open a file",
epilog="List or switch existing projects")
group = parser.add_mutually_exclusive_group()
group.add_argument('-l',
'--list',
action='store_true',
help="List all existing projects")
group.add_argument('-s',
'--switch',
metavar='PROJECT NAME',
help="Switch to the specified project")
try:
args = parser.parse_args(args)
except:
return
projects_path = os.path.join(os.getcwd(), 'projects')
if not os.path.exists(projects_path):
self.log('info', "The projects directory does not exist yet")
return
if args.list:
self.log('info', "Projects Available:")
rows = []
for project in os.listdir(projects_path):
project_path = os.path.join(projects_path, project)
if os.path.isdir(project_path):
current = ''
if __project__.name and project == __project__.name:
current = 'Yes'
rows.append([
project,
time.ctime(os.path.getctime(project_path)), current
])
self.log(
'table',
dict(header=['Project Name', 'Creation Time', 'Current'],
rows=rows))
elif args.switch:
if __sessions__.is_set():
__sessions__.close()
self.log('info', "Closed opened session")
__project__.open(args.switch)
self.log('info',
"Switched to project {0}".format(bold(args.switch)))
# Need to re-initialize the Database to open the new SQLite file.
self.db = Database()
else:
self.log('info', parser.print_usage())
def open_db(project):
# Check for valid project
if project == 'default':
__project__.open(project)
return Database()
else:
try:
__project__.open(project)
return Database()
except Exception:
return False
def open_db(project):
project_list = __project__.list()
# Check for valid project
if project == 'default':
__project__.open(project)
elif any(d.get('name', None) == project for d in project_list):
# Open Project
__project__.open(project)
else:
return False
return Database()
def open_db(project):
# Check for valid project
if project == 'default':
__project__.open(project)
return Database()
else:
try:
__project__.open(project)
return Database()
except Exception:
return False
def tags(tag_action=False):
# Set DB
db = Database()
# Search or Delete
if request.method == 'GET':
action = request.query.action
value = request.query.value.strip()
if value:
if action == 'search':
# This will search all projects
# Get project list
projects = project_list()
# Add Main db to list.
projects.append('../')
# Search All projects
p_list = []
results = {}
for project in projects:
__project__.open(project)
# Init DB
db = Database()
#get results
proj_results = []
rows = db.find(key='tag', value=value)
for row in rows:
if project == '../':
project = 'Main'
proj_results.append([row.name, row.sha256])
results[project] = proj_results
p_list.append(project)
# Return the search template
return template('search.tpl', projects=p_list, results=results)
else:
return template(
'error.tpl',
error="'{0}' Is not a valid tag action".format(action))
# Add / Delete
if request.method == 'POST':
file_hash = request.forms.get('sha256')
project = request.forms.get('project')
tag_name = request.forms.get('tag')
if tag_action == 'add':
if file_hash and project:
tags = request.forms.get('tags')
db.add_tags(file_hash, tags)
if tag_action == 'del':
if file_hash and tag_name:
db.delete_tag(tag_name, file_hash)
redirect('/file/{0}/{1}'.format(project, file_hash))
def add_file():
tags = request.forms.get('tag_list')
uploads = request.files.getlist('file')
# Set Project
project = request.forms.get('project')
if project in project_list():
__project__.open(project)
else:
__project__.open('../')
project = 'Main'
db = Database()
file_list = []
# Write temp file to disk
with upload_temp() as temp_dir:
for upload in uploads:
file_path = os.path.join(temp_dir, upload.filename)
with open(file_path, 'w') as tmp_file:
tmp_file.write(upload.file.read())
# Zip Files
if request.forms.get('unzip'):
zip_pass = request.forms.get('zip_pass')
try:
with ZipFile(file_path) as zf:
zf.extractall(temp_dir, pwd=zip_pass)
for root, dirs, files in os.walk(temp_dir, topdown=False):
for name in files:
if not name == upload.filename:
file_list.append(os.path.join(root, name))
except Exception as e:
return template('error.tpl',
error="Error with zipfile - {0}".format(e))
# Non zip files
else:
file_list.append(file_path)
# Add each file
for new_file in file_list:
print new_file
obj = File(new_file)
new_path = store_sample(obj)
success = True
if new_path:
# Add file to the database.
success = db.add(obj=obj, tags=tags)
if not success:
return template(
'error.tpl',
error="Unable to Store The File: {0}".format(
upload.filename))
redirect("/project/{0}".format(project))
def tags(tag_action=False):
# Set DB
db = Database()
# Search or Delete
if request.method == 'GET':
action = request.query.action
value = request.query.value.strip()
if value:
if action == 'search':
# This will search all projects
# Get project list
projects = project_list()
# Add Main db to list.
projects.append('../')
# Search All projects
p_list = []
results = {}
for project in projects:
__project__.open(project)
# Init DB
db = Database()
#get results
proj_results = []
rows = db.find(key='tag', value=value)
for row in rows:
if project == '../':
project = 'Main'
proj_results.append([row.name, row.sha256])
results[project] = proj_results
p_list.append(project)
# Return the search template
return template('search.tpl', projects=p_list, results=results)
else:
return template('error.tpl', error="'{0}' Is not a valid tag action".format(action))
# Add / Delete
if request.method == 'POST':
file_hash = request.forms.get('sha256')
project = request.forms.get('project')
tag_name = request.forms.get('tag')
if tag_action == 'add':
if file_hash and project:
tags = request.forms.get('tags')
db.add_tags(file_hash, tags)
if tag_action == 'del':
if file_hash and tag_name:
db.delete_tag(tag_name, file_hash)
redirect('/file/{0}/{1}'.format(project, file_hash))
def tags(tag_action=False):
# Set DB
db = Database()
# Search or Delete
if request.method == "GET":
action = request.query.action
value = request.query.value.strip()
if value:
if action == "search":
# This will search all projects
# Get project list
projects = project_list()
# Add Main db to list.
projects.append("../")
# Search All projects
p_list = []
results = {}
for project in projects:
__project__.open(project)
# Init DB
db = Database()
# get results
proj_results = []
rows = db.find(key="tag", value=value)
for row in rows:
if project == "../":
project = "Main"
proj_results.append([row.name, row.sha256])
results[project] = proj_results
p_list.append(project)
# Return the search template
return template("search.tpl", projects=p_list, results=results)
else:
return template("error.tpl", error="'{0}' Is not a valid tag action".format(action))
# Add / Delete
if request.method == "POST":
file_hash = request.forms.get("sha256")
project = request.forms.get("project")
tag_name = request.forms.get("tag")
if tag_action == "add":
if file_hash and project:
tags = request.forms.get("tags")
db.add_tags(file_hash, tags)
if tag_action == "del":
if file_hash and tag_name:
db.delete_tag(tag_name, file_hash)
redirect("/file/{0}/{1}".format(project, file_hash))
def cuckoo_submit():
# Get Query Strings
project = request.query.project
file_hash = request.query.hash
if project in project_list():
__project__.open(project)
else:
__project__.open("../")
project = "Main"
# Open the Database
db = Database()
# Open a session
try:
path = get_sample_path(file_hash)
__sessions__.new(path)
except:
return '<span class="alert alert-danger">Invalid Submission</span>'
try:
# Return URI For Existing Entry
check_uri = "{0}/files/view/sha256/{1}".format(cuckoo_api, file_hash)
check_file = requests.get(check_uri)
if check_file.status_code == 200:
check_result = dict(check_file.json())
cuckoo_id = check_result["sample"]["id"]
return '<a href="{0}/submit/status/{1}" target="_blank"> Link To Cukoo Report</a>'.format(
cuckoo_web, str(cuckoo_id)
)
except Exception as e:
return '<span class="alert alert-danger">Error Connecting To Cuckoo</span>'
# If it doesn't exist, submit it.
# Get the file data from viper
file_data = open(__sessions__.current.file.path, "rb").read()
file_name = __sessions__.current.file.name
if file_data:
# Submit file data to cuckoo
uri = "{0}{1}".format(cuckoo_api, "/tasks/create/file")
options = {"file": (file_name, file_data)}
cuckoo_response = requests.post(uri, files=options)
if cuckoo_response.status_code == 200:
cuckoo_id = dict(cuckoo_response.json())["task_id"]
return '<a href="{0}/submit/status/{1}" target="_blank"> Link To Cukoo Report</a>'.format(
cuckoo_web, str(cuckoo_id)
)
else:
return '<span class="alert alert-danger">Unable to Submit File</span>'
def cmd_projects(self, *args):
parser = argparse.ArgumentParser(prog='projects', description="Open a file", epilog="List or switch existing projects")
group = parser.add_mutually_exclusive_group()
group.add_argument('-l', '--list', action='store_true', help="List all existing projects")
group.add_argument('-s', '--switch', metavar='PROJECT NAME', help="Switch to the specified project")
try:
args = parser.parse_args(args)
except:
return
cfg = Config()
if cfg.paths.storage_path:
base_path = cfg.paths.storage_path
else:
base_path = os.path.join(expanduser("~"), '.viper')
projects_path = os.path.join(base_path, 'projects')
if not os.path.exists(projects_path):
self.log('info', "The projects directory does not exist yet")
return
if args.list:
self.log('info', "Projects Available:")
rows = []
for project in os.listdir(projects_path):
project_path = os.path.join(projects_path, project)
if os.path.isdir(project_path):
current = ''
if __project__.name and project == __project__.name:
current = 'Yes'
rows.append([project, time.ctime(os.path.getctime(project_path)), current])
self.log('table', dict(header=['Project Name', 'Creation Time', 'Current'], rows=rows))
elif args.switch:
if __sessions__.is_set():
__sessions__.close()
self.log('info', "Closed opened session")
__project__.open(args.switch)
self.log('info', "Switched to project {0}".format(bold(args.switch)))
# Need to re-initialize the Database to open the new SQLite file.
self.db = Database()
else:
self.log('info', parser.print_usage())
def file_info(file_hash, project=False):
contents = {}
if project in project_list():
__project__.open(project)
contents['project'] = project
else:
__project__.open('../')
contents['project'] = 'Main'
# Open the Database
db = Database()
# Open a session
try:
path = get_sample_path(file_hash)
__sessions__.new(path)
except:
return template('error.tpl', error="{0} Does not match any hash in the Database".format(file_hash))
# Get the file info
contents['file_info'] = [
__sessions__.current.file.name,
__sessions__.current.file.tags,
__sessions__.current.file.path,
__sessions__.current.file.size,
__sessions__.current.file.type,
__sessions__.current.file.mime,
__sessions__.current.file.md5,
__sessions__.current.file.sha1,
__sessions__.current.file.sha256,
__sessions__.current.file.sha512,
__sessions__.current.file.ssdeep,
__sessions__.current.file.crc32
]
# Get Any Notes
note_list = []
malware = db.find(key='sha256', value=file_hash)
if malware:
notes = malware[0].note
if notes:
rows = []
for note in notes:
note_list.append([note.title, note.body, note.id])
contents['notes'] = note_list
# Close the session
__sessions__.close()
# Return the page
return template('file.tpl', **contents)
def cuckoo_submit():
# Get Query Strings
project = request.query.project
file_hash = request.query.hash
if project in project_list():
__project__.open(project)
else:
__project__.open('../')
project = 'Main'
# Open the Database
db = Database()
# Open a session
try:
path = get_sample_path(file_hash)
__sessions__.new(path)
except:
return '<span class="alert alert-danger">Invalid Submission</span>'
try:
# Return URI For Existing Entry
check_uri = '{0}/files/view/sha256/{1}'.format(cuckoo_api, file_hash)
check_file = requests.get(check_uri)
if check_file.status_code == 200:
check_result = dict(check_file.json())
cuckoo_id = check_result['sample']['id']
return '<a href="{0}/analysis/{1}" target="_blank"> Link To Cukoo Report</a>'.format(
cuckoo_web, str(cuckoo_id))
except Exception as e:
return '<span class="alert alert-danger">Error Connecting To Cuckoo</span>'
# If it doesn't exist, submit it.
# Get the file data from viper
file_data = open(__sessions__.current.file.path, 'rb').read()
file_name = __sessions__.current.file.name
if file_data:
# Submit file data to cuckoo
uri = '{0}{1}'.format(cuckoo_api, '/tasks/create/file')
options = {'file': (file_name, file_data)}
cuckoo_response = requests.post(uri, files=options)
if cuckoo_response.status_code == 200:
cuckoo_id = dict(cuckoo_response.json())['task_id']
return '<a href="{0}/analysis/{1}" target="_blank"> Link To Cukoo Report</a>'.format(
cuckoo_web, str(cuckoo_id))
else:
return '<span class="alert alert-danger">Unable to Submit File</span>'
def add_file():
tags = request.forms.get('tag_list')
upload = request.files.get('file')
# Set Project
project = request.forms.get('project')
if project in project_list():
__project__.open(project)
else:
__project__.open('../')
project = 'Main'
db = Database()
# Write temp file to disk
with upload_temp() as temp_dir:
file_path = os.path.join(temp_dir, upload.filename)
with open(file_path, 'w') as tmp_file:
tmp_file.write(upload.file.read())
file_list = []
# Zip Files
if request.forms.get('unzip'):
zip_pass = request.forms.get('zip_pass')
try:
with ZipFile(file_path) as zf:
zf.extractall(temp_dir, pwd=zip_pass)
for root, dirs, files in os.walk(temp_dir, topdown=False):
for name in files:
if not name == upload.filename:
file_list.append(os.path.join(root, name))
except Exception as e:
return template('error.tpl', error="Error with zipfile - {0}".format(e))
# Non zip files
else:
file_list.append(file_path)
# Add each file
for new_file in file_list:
obj = File(new_file)
new_path = store_sample(obj)
success = False
if new_path:
# Add file to the database.
success = db.add(obj=obj, tags=tags)
if success:
redirect("/project/{0}".format(project))
else:
return template('error.tpl', error="Unable to Store The File")
def cmd_projects(self, *args):
parser = argparse.ArgumentParser(
prog="projects", description="Open a file", epilog="List or switch existing projects"
)
group = parser.add_mutually_exclusive_group()
group.add_argument("-l", "--list", action="store_true", help="List all existing projects")
group.add_argument("-s", "--switch", metavar="PROJECT NAME", help="Switch to the specified project")
try:
args = parser.parse_args(args)
except:
return
projects_path = os.path.join(os.getcwd(), "projects")
if not os.path.exists(projects_path):
self.log("info", "The projects directory does not exist yet")
return
if args.list:
self.log("info", "Projects Available:")
rows = []
for project in os.listdir(projects_path):
project_path = os.path.join(projects_path, project)
if os.path.isdir(project_path):
current = ""
if __project__.name and project == __project__.name:
current = "Yes"
rows.append([project, time.ctime(os.path.getctime(project_path)), current])
self.log("table", dict(header=["Project Name", "Creation Time", "Current"], rows=rows))
elif args.switch:
if __sessions__.is_set():
__sessions__.close()
self.log("info", "Closed opened session")
__project__.open(args.switch)
self.log("info", "Switched to project {0}".format(bold(args.switch)))
# Need to re-initialize the Database to open the new SQLite file.
self.db = Database()
else:
self.log("info", parser.print_usage())
def run(self):
super(PST, self).run()
if not __sessions__.is_set():
self.log(
'error',
"No open session. This command expects a file to be open.")
return
pst_path = __sessions__.current.file.path
pff_test = subprocess.call('pffexport -V', shell=True)
if pff_test == 127:
self.log(
'error',
"pffexport not installed. Try: 'sudo apt-get install pff-tools'"
)
return
new_proj = self.args.proj
save_path = self.args.output
if new_proj:
self.log('info', "Creating New Project")
project_name = str(datetime.date.today())
__project__.open('pst_{0}'.format(project_name))
if save_path:
save_path = self.args.output
else:
save_path = tempfile.mkdtemp()
self.log('info', "Temp Dir created at {0}".format(save_path))
self.log('info', "Processing Attachments, this might take a while...")
counter = self.parse_pst(save_path, pst_path)
self.log('success', "Stored {0} Email attachments".format(counter))
if not self.args.keep:
try:
shutil.rmtree('{0}.export'.format(save_path))
shutil.rmtree(save_path)
self.log('info', "Removing Temp Dir")
except OSError as e:
self.log('error', "Unable to delete tmpdir: {0}".format(e))
def run(self, *args):
try:
args = self.parser.parse_args(args)
except SystemExit:
return
if cfg.get('paths').storage_path:
base_path = cfg.get('paths').storage_path
else:
base_path = os.path.join(expanduser("~"), '.viper')
projects_path = os.path.join(base_path, 'projects')
if args.list:
if not os.path.exists(projects_path):
self.log('info', "The projects directory does not exist yet")
return
self.log('info', "Projects Available:")
rows = []
for project in os.listdir(projects_path):
project_path = os.path.join(projects_path, project)
if os.path.isdir(project_path):
current = ''
if __project__.name and project == __project__.name:
current = 'Yes'
rows.append([project, time.ctime(os.path.getctime(project_path)), current])
self.log('table', dict(header=['Project Name', 'Creation Time', 'Current'], rows=rows))
elif args.switch:
if __sessions__.is_set():
__sessions__.close()
self.log('info', "Closed opened session")
__project__.open(args.switch)
self.log('info', "Switched to project {0}".format(bold(args.switch)))
# Need to re-initialize the Database to open the new SQLite file.
db.__init__()
else:
self.log('info', self.parser.print_usage())
def func_wrapper(viewset, *args, **kwargs):
log.debug("running decorator: get_project_open_db - called by: {}".format(viewset))
project = viewset.kwargs.get(viewset.lookup_field_project, None)
if project == 'default':
__project__.open(project)
db = Database()
elif project in get_project_list():
log.debug("setting project to: {}".format(project))
__project__.open(project)
db = Database()
else:
db = None
if not db:
error = {"error": {"code": "NotFound", "message": "Project not found: {}".format(project)}}
log.error(error)
raise NotFound(detail=error)
return func(viewset, project=project, db=db, *args, **kwargs)
def run_module():
# Optional Project
project = request.forms.get('project')
# Optional sha256
sha256 = request.forms.get('sha256')
# Not Optional Command Line Args
cmd_line = request.forms.get('cmdline')
if project:
__project__.open(project)
else:
__project__.open('../')
if sha256:
file_path = get_sample_path(sha256)
if file_path:
__sessions__.new(file_path)
if not cmd_line:
response.code = 404
return jsonize({'message':'Invalid command line'})
results = module_cmdline(cmd_line, sha256)
__sessions__.close()
return jsonize(results)
def run_module():
project = request.forms.get('project')
if project:
__project__.open(project)
sha256 = request.forms.get('sha256')
if sha256:
file_path = get_sample_path(sha256)
if file_path:
__sessions__.new(file_path)
module_name = request.forms.get('module')
if module_name in __modules__:
module = __modules__[module_name]['obj']()
module.run()
module_output = copy.deepcopy(module.output)
del(module.output[:])
if module_output:
return jsonize(dict(project=project, module=module_name, sha256=sha256, output=module_output))
def landing(p=False):
contents = {}
if p in project_list():
__project__.open(p)
contents['p'] = p
else:
__project__.open("../")
contents['p'] = 'Main'
db = Database()
# Pagination
# 25 per page
value = 25
offset = 0
contents['count'] = db.get_sample_count()
page = request.query.page
if not page:
page = 0
offset = int(page) * int(value)
contents['act_page'] = page
contents['latest'] = db.find('latest', value=value, offset=offset)
# return the Template
return template('index.tpl', **contents)
def create(self, request, project=None, db=None, *args, **kwargs):
"""Create a new Project"""
# kwargs provided by URLs/Routers: -
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
if serializer.validated_data['name'] in get_project_list():
# exists already
# return Response(data=serializer.validated_data, status=status.HTTP_200_OK)
error = {"error": {"code": "ExistsAlready",
"message": "Project exists already: {}".format(serializer.validated_data['name'])}}
raise ValidationError(detail=error)
new_project_new = serializer.validated_data['name']
__project__.open(new_project_new)
serializer_new = self.get_serializer(new_project_new)
headers = self.get_success_headers(serializer_new.data)
return Response(data=serializer_new.data, status=status.HTTP_201_CREATED, headers=headers)
def landing(p=False):
contents = {}
if p in project_list():
__project__.open(p)
contents['p'] = p
else:
__project__.open("../")
contents['p'] = 'Main'
db = Database()
# Pagination
# 25 per page
value = 25
offset = 0
contents['count'] = db.get_sample_count()
page = request.query.page
if not page:
page = 0
offset = int(page) * int(value)
contents['act_page'] = page
contents['latest'] = db.find('latest', value=value, offset=offset)
# return the Template
return template('index.tpl', **contents)
def landing(p=False):
contents = {}
if p in project_list():
__project__.open(p)
contents["p"] = p
else:
__project__.open("../")
contents["p"] = "Main"
db = Database()
# Pagination
# 25 per page
value = 25
offset = 0
contents["count"] = db.get_sample_count()
page = request.query.page
if not page:
page = 0
offset = int(page) * int(value)
contents["act_page"] = page
contents["latest"] = db.find("latest", value=value, offset=offset)
# return the Template
return template("index.tpl", **contents)
def file_download(file_hash, project=False):
if project in project_list():
__project__.open(project)
else:
__project__.open('../')
project = 'Main'
# Open the Database
db = Database()
# Open a session
rows = db.find(key='sha256', value=file_hash)
if not rows:
return template('error.tpl', error="{0} Does not match any hash in the Database".format(file_hash))
path = get_sample_path(rows[0].sha256)
if not path:
return template('error.tpl', error="File not found on disk")
response.content_length = os.path.getsize(path)
response.content_type = 'application/octet-stream; charset=UTF-8'
data = ''
for chunk in File(path).get_chunks():
data += chunk
return data
def find_file():
key = request.forms.get('key')
value = request.forms.get('term').lower()
project_search = request.forms.get('project')
curr_project = request.forms.get('curr_project')
results = {}
projects = []
if project_search:
# Get list of project paths
projects_path = os.path.join(os.getcwd(), 'projects')
if os.path.exists(projects_path):
for name in os.listdir(projects_path):
projects.append(name)
projects.append('../')
else:
# If not searching all projects what are we searching
if curr_project == 'Main':
projects.append('../')
else:
projects.append(curr_project)
# Search each Project in the list
for project in projects:
__project__.open(project)
# Init DB
db = Database()
#get results
proj_results = []
rows = db.find(key=key, value=value)
for row in rows:
if project == '../':
project = 'Main'
proj_results.append([row.name, row.sha256])
results[project] = proj_results
return template('search.tpl', results=results)
def find_file():
key = request.forms.get("key")
value = request.forms.get("term").lower()
project_search = request.forms.get("project")
curr_project = request.forms.get("curr_project")
results = {}
projects = []
if project_search:
# Get list of project paths
projects_path = os.path.join(os.getcwd(), "projects")
if os.path.exists(projects_path):
for name in os.listdir(projects_path):
projects.append(name)
projects.append("../")
else:
# If not searching all projects what are we searching
if curr_project == "Main":
projects.append("../")
else:
projects.append(curr_project)
# Search each Project in the list
for project in projects:
__project__.open(project)
# Init DB
db = Database()
# get results
proj_results = []
rows = db.find(key=key, value=value)
for row in rows:
if project == "../":
project = "Main"
proj_results.append([row.name, row.sha256])
results[project] = proj_results
return template("search.tpl", results=results)
def find_file():
key = request.forms.get('key')
value = request.forms.get('term')
project_search = request.forms.get('project')
curr_project = request.forms.get('curr_project')
results = {}
projects = []
if project_search:
# Get list of project paths
projects_path = os.path.join(os.getcwd(), 'projects')
if os.path.exists(projects_path):
for name in os.listdir(projects_path):
projects.append(name)
projects.append('../')
else:
# If not searching all projects what are we searching
if curr_project == 'Main':
projects.append('../')
else:
projects.append(curr_project)
# Search each Project in the list
for project in projects:
__project__.open(project)
# Init DB
db = Database()
#get results
proj_results = []
rows = db.find(key=key, value=value)
for row in rows:
if project == '../':
project = 'Main'
proj_results.append([row.name, row.sha256])
results[project] = proj_results
return template('search.tpl', results=results)
#!/usr/bin/env python
# This file is part of Viper - https://github.com/viper-framework/viper
# See the file 'LICENSE' for copying permission.
import os
import argparse
from viper.core.project import __project__
parser = argparse.ArgumentParser()
parser.add_argument('-p', '--project', help='Specify a new or existing project name', action='store', required=False)
args = parser.parse_args()
if args.project:
__project__.open(args.project)
'''
IMPORTANT
The Console import needs to be called after the project is set.
Otherwise the table prefixes are not created properly.
'''
from viper.core.ui import console
config_file = 'viper.conf'
if not os.path.exists(config_file):
print ""
print "[!] Unable to find config file at {0}".format(config_file)
print ""
else:
c = console.Console()
c.start()
def copy(self,
id,
src_project,
dst_project,
copy_analysis=True,
copy_notes=True,
copy_tags=True,
copy_children=True,
_parent_sha256=None): # noqa
session = self.Session()
# make sure to open source project
__project__.open(src_project)
# get malware from DB
malware = session.query(Malware). \
options(subqueryload(Malware.analysis)). \
options(subqueryload(Malware.note)). \
options(subqueryload(Malware.parent)). \
options(subqueryload(Malware.tag)). \
get(id)
# get path and load file from disk
malware_path = get_sample_path(malware.sha256)
sample = File(malware_path)
sample.name = malware.name
log.debug("Copying ID: {} ({}): from {} to {}".format(
malware.id, malware.name, src_project, dst_project))
# switch to destination project, add to DB and store on disk
__project__.open(dst_project)
dst_db = Database()
dst_db.add(sample)
store_sample(sample)
print_success("Copied: {} ({})".format(malware.sha256, malware.name))
if copy_analysis:
log.debug("copy analysis..")
for analysis in malware.analysis:
dst_db.add_analysis(malware.sha256,
cmd_line=analysis.cmd_line,
results=analysis.results)
if copy_notes:
log.debug("copy notes..")
for note in malware.note:
dst_db.add_note(malware.sha256,
title=note.title,
body=note.body)
if copy_tags:
log.debug("copy tags..")
dst_db.add_tags(malware.sha256, [x.tag for x in malware.tag])
if copy_children:
children = session.query(Malware).filter(
Malware.parent_id == malware.id).all()
if not children:
pass
else:
_parent_sha256 = malware.sha256 # set current recursion item as parent
for child in children:
self.copy(child.id,
src_project=src_project,
dst_project=dst_project,
copy_analysis=copy_analysis,
copy_notes=copy_notes,
copy_tags=copy_tags,
copy_children=copy_children,
_parent_sha256=_parent_sha256)
# restore parent-child relationships
log.debug("add parent {} to child {}".format(
_parent_sha256, child.sha256))
if _parent_sha256:
dst_db.add_parent(child.sha256, _parent_sha256)
# switch back to source project
__project__.open(src_project)
# store tuple of ID (in source project) and sha256 of copied samples
self.copied_id_sha256.append((malware.id, malware.sha256))
return True
def copy(self, id, src_project, dst_project,
copy_analysis=True, copy_notes=True, copy_tags=True, copy_children=True, _parent_sha256=None): # noqa
session = self.Session()
# make sure to open source project
__project__.open(src_project)
# get malware from DB
malware = session.query(Malware). \
options(subqueryload(Malware.analysis)). \
options(subqueryload(Malware.note)). \
options(subqueryload(Malware.parent)). \
options(subqueryload(Malware.tag)). \
get(id)
# get path and load file from disk
malware_path = get_sample_path(malware.sha256)
sample = File(malware_path)
sample.name = malware.name
log.debug("Copying ID: {} ({}): from {} to {}".format(malware.id, malware.name, src_project, dst_project))
# switch to destination project, add to DB and store on disk
__project__.open(dst_project)
dst_db = Database()
dst_db.add(sample)
store_sample(sample)
print_success("Copied: {} ({})".format(malware.sha256, malware.name))
if copy_analysis:
log.debug("copy analysis..")
for analysis in malware.analysis:
dst_db.add_analysis(malware.sha256, cmd_line=analysis.cmd_line, results=analysis.results)
if copy_notes:
log.debug("copy notes..")
for note in malware.note:
dst_db.add_note(malware.sha256, title=note.title, body=note.body)
if copy_tags:
log.debug("copy tags..")
dst_db.add_tags(malware.sha256, [x.tag for x in malware.tag])
if copy_children:
children = session.query(Malware).filter(Malware.parent_id == malware.id).all()
if not children:
pass
else:
_parent_sha256 = malware.sha256 # set current recursion item as parent
for child in children:
self.copy(child.id,
src_project=src_project, dst_project=dst_project,
copy_analysis=copy_analysis, copy_notes=copy_notes, copy_tags=copy_tags,
copy_children=copy_children, _parent_sha256=_parent_sha256)
# restore parent-child relationships
log.debug("add parent {} to child {}".format(_parent_sha256, child.sha256))
if _parent_sha256:
dst_db.add_parent(child.sha256, _parent_sha256)
# switch back to source project
__project__.open(src_project)
# store tuple of ID (in source project) and sha256 of copied samples
self.copied_id_sha256.append((malware.id, malware.sha256))
return True
def run(self, *args):
try:
args = self.parser.parse_args(args)
except SystemExit:
return
if __config__.get("paths").storage_path:
base_path = __config__.get("paths").storage_path
else:
base_path = os.path.join(expanduser("~"), ".viper")
projects_path = os.path.join(base_path, "projects")
if args.list:
if not os.path.exists(projects_path):
self.log("info", "No projects have been created yet")
return
self.log("info", "Projects Available:")
rows = []
for project in os.listdir(projects_path):
project_path = os.path.join(projects_path, project)
if os.path.isdir(project_path):
current = ""
if __project__.name and project == __project__.name:
current = "Yes"
rows.append([
project,
time.ctime(os.path.getctime(project_path)), current
])
self.log(
"table",
dict(header=["Project Name", "Creation Time", "Current"],
rows=rows))
elif args.switch:
if __sessions__.is_set():
__sessions__.close()
self.log("info", "Closed opened session")
__project__.open(args.switch)
self.log("info",
"Switched to project {0}".format(bold(args.switch)))
# Need to re-initialize the Database to open the new SQLite file.
Database().__init__()
elif args.close:
if __project__.name != "default":
if __sessions__.is_set():
__sessions__.close()
__project__.close()
elif args.delete:
project_to_delete = args.delete
if project_to_delete == "default":
self.log("error", "You can't delete the \"default\" project")
return
# If it"s the currently opened project, we close it.
if project_to_delete == __project__.name:
# We close any opened session.
if __sessions__.is_set():
__sessions__.close()
__project__.close()
project_path = os.path.join(projects_path, project_to_delete)
if not os.path.exists(project_path):
self.log(
"error",
"The folder for project \"{}\" does not seem to exist".
format(project_to_delete))
return
self.log(
"info",
"You asked to delete project with name \"{}\" located at \"{}\""
.format(project_to_delete, project_path))
confirm = input(
"Are you sure you want to delete the project? You will permanently delete all associated files! [y/N] "
)
if confirm.lower() != "y":
return
try:
shutil.rmtree(project_path)
except Exception as e:
self.log(
"error",
"Something failed while trying to delete folder: {}".
format(e))
return
self.log(
"info", "Project \"{}\" was delete successfully".format(
project_to_delete))
else:
self.log("info", self.parser.print_usage())
def cmd_projects(self, *args):
def usage():
print("usage: projects [-h] [-l] [-s=project]")
def help():
usage()
print("")
print("Options:")
print("\t--help (-h)\tShow this help message")
print("\t--list (-l)\tList all existing projects")
print("\t--switch (-s)\tSwitch to the specified project")
print("")
try:
opts, argv = getopt.getopt(args, "hls:", ["help", "list", "switch="])
except getopt.GetoptError as e:
print(e)
usage()
return
arg_list = False
arg_switch = None
for opt, value in opts:
if opt in ("-h", "--help"):
help()
return
elif opt in ("-l", "--list"):
arg_list = True
elif opt in ("-s", "--switch"):
arg_switch = value
projects_path = os.path.join(os.getcwd(), "projects")
if not os.path.exists(projects_path):
print_info("The projects directory does not exist yet")
return
if arg_list:
print_info("Projects Available:")
rows = []
for project in os.listdir(projects_path):
project_path = os.path.join(projects_path, project)
if os.path.isdir(project_path):
current = ""
if __project__.name and project == __project__.name:
current = "Yes"
rows.append([project, time.ctime(os.path.getctime(project_path)), current])
print(table(header=["Project Name", "Creation Time", "Current"], rows=rows))
return
elif arg_switch:
if __sessions__.is_set():
__sessions__.close()
print_info("Closed opened session")
__project__.open(arg_switch)
print_info("Switched to project {0}".format(bold(arg_switch)))
# Need to re-initialize the Database to open the new SQLite file.
self.db = Database()
return
usage()
#!/usr/bin/env python
# This file is part of Viper - https://github.com/botherder/viper
# See the file 'LICENSE' for copying permission.
import argparse
from viper.core.ui import console
from viper.core.project import __project__
parser = argparse.ArgumentParser()
parser.add_argument('-p',
'--project',
help='Specify a new or existing project name',
action='store',
required=False)
args = parser.parse_args()
if args.project:
__project__.open(args.project)
c = console.Console()
c.start()
def create_project(request):
project_name = request.POST['project'].replace(' ', '_')
__project__.open(project_name)
return redirect('/project/{0}'.format(project_name))
def cmd_projects(self, *args):
def usage():
print("usage: projects [-h] [-l] [-s=project]")
def help():
usage()
print("")
print("Options:")
print("\t--help (-h)\tShow this help message")
print("\t--list (-l)\tList all existing projects")
print("\t--switch (-s)\tSwitch to the specified project")
print("")
try:
opts, argv = getopt.getopt(args, 'hls:',
['help', 'list', 'switch='])
except getopt.GetoptError as e:
print(e)
usage()
return
arg_list = False
arg_switch = None
for opt, value in opts:
if opt in ('-h', '--help'):
help()
return
elif opt in ('-l', '--list'):
arg_list = True
elif opt in ('-s', '--switch'):
arg_switch = value
projects_path = os.path.join(os.getcwd(), 'projects')
if not os.path.exists(projects_path):
print_info("The projects directory does not exist yet")
return
if arg_list:
print_info("Projects Available:")
rows = []
for project in os.listdir(projects_path):
project_path = os.path.join(projects_path, project)
if os.path.isdir(project_path):
current = ''
if __project__.name and project == __project__.name:
current = 'Yes'
rows.append([
project,
time.ctime(os.path.getctime(project_path)), current
])
print(
table(header=['Project Name', 'Creation Time', 'Current'],
rows=rows))
return
elif arg_switch:
if __sessions__.is_set():
__sessions__.close()
print_info("Closed opened session")
__project__.open(arg_switch)
print_info("Switched to project {0}".format(bold(arg_switch)))
# Need to re-initialize the Database to open the new SQLite file.
self.db = Database()
return
usage()
def add_project():
project_name = request.forms.get('project').strip()
__project__.open(project_name)
redirect('/project/{0}'.format(project_name))
def add_file():
tags = request.forms.get('tag_list')
uploads = request.files.getlist('file')
# Set Project
project = request.forms.get('project')
if project in project_list():
__project__.open(project)
else:
__project__.open('../')
project = 'Main'
db = Database()
file_list = []
# Write temp file to disk
with upload_temp() as temp_dir:
for upload in uploads:
file_path = os.path.join(temp_dir, upload.filename)
with open(file_path, 'w') as tmp_file:
tmp_file.write(upload.file.read())
# Zip Files
if request.forms.get('compression') == 'zip':
zip_pass = request.forms.get('zip_pass')
try:
with ZipFile(file_path) as zf:
zf.extractall(temp_dir, pwd=zip_pass)
for root, dirs, files in os.walk(temp_dir, topdown=False):
for name in files:
if not name == upload.filename:
file_list.append(os.path.join(root, name))
except Exception as e:
return template('error.tpl',
error="Error with zipfile - {0}".format(e))
# GZip Files
elif request.forms.get('compression') == 'gz':
try:
gzf = GzipFile(file_path, 'rb')
decompress = gzf.read()
gzf.close()
with open(file_path[:-3], "wb") as df:
df.write(decompress)
file_list.append(file_path[:-3])
except Exception as e:
return template(
'error.tpl',
error="Error with gzipfile - {0}".format(e))
# BZip2 Files
elif request.forms.get('compression') == 'bz2':
try:
bz2f = BZ2File(file_path, 'rb')
decompress = bz2f.read()
bz2f.close()
with open(file_path[:-3], "wb") as df:
df.write(decompress)
file_list.append(file_path[:-3])
except Exception as e:
return template(
'error.tpl',
error="Error with bzip2file - {0}".format(e))
# Tar Files (any, including tar.gz tar.bz2)
elif request.forms.get('compression') == 'tar':
try:
if not tarfile.is_tarfile(file_path):
return template('error.tpl',
error="This is not a tar file")
with tarfile.open(file_path, 'r:*') as tarf:
tarf.extractall(temp_dir)
for root, dirs, files in os.walk(temp_dir, topdown=False):
for name in files:
if not name == upload.filename:
file_list.append(os.path.join(root, name))
except Exception as e:
return template('error.tpl',
error="Error with tarfile - {0}".format(e))
# Non zip files
elif request.forms.get('compression') == 'none':
file_list.append(file_path)
# Add each file
for new_file in file_list:
print new_file
obj = File(new_file)
new_path = store_sample(obj)
success = True
if new_path:
# Add file to the database.
success = db.add(obj=obj, tags=tags)
if not success:
return template(
'error.tpl',
error="Unable to Store The File: {0}".format(
upload.filename))
redirect("/project/{0}".format(project))
def add_project():
project_name = request.forms.get('project').strip()
__project__.open(project_name)
redirect('/project/{0}'.format(project_name))
def find_file():
def details(row):
tags = []
for tag in row.tag:
tags.append(tag.tag)
entry = dict(
id=row.id,
name=row.name,
type=row.type,
size=row.size,
md5=row.md5,
sha1=row.sha1,
sha256=row.sha256,
sha512=row.sha512,
crc32=row.crc32,
ssdeep=row.ssdeep,
created_at=row.created_at.__str__(),
tags=tags
)
return entry
for entry in ['md5', 'sha256', 'ssdeep', 'tag', 'name', 'all','latest']:
value = request.forms.get(entry)
if value:
key = entry
break
if not value:
response.code = 400
return jsonize({'message':'Invalid search term'})
# Get the scope of the search
project_search = request.forms.get('project')
projects = []
results = {}
if project_search and project_search == 'all':
# Get list of project paths
projects_path = os.path.join(os.getcwd(), 'projects')
if os.path.exists(projects_path):
for name in os.listdir(projects_path):
projects.append(name)
projects.append('../')
# Specific Project
elif project_search:
projects.append(project_search)
# Primary
else:
projects.append('../')
# Search each Project in the list
for project in projects:
__project__.open(project)
# Init DB
db = Database()
#get results
proj_results = []
rows = db.find(key=key, value=value)
for row in rows:
if project == '../':
project = 'default'
proj_results.append(details(row))
results[project] = proj_results
return jsonize(results)
