def main(args, pcap_file): CTCore.pcap_file = pcap_file[0] print("[A] Analyzing PCAP: " + CTCore.pcap_file) CTCore.b_use_short_uri = args.short_url # Display short URI paths CTCore.b_auto_ungzip = args.ungzip if(args.report is not None): CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) if not CTCore.conversations: sys.exit("No HTTP conversations were found in PCAP file") print(CTCore.newLine + "[+] Traffic Activity Time: "), try: print(CTCore.activity_date_time) except: print "Couldn't retrieve time" print("[+] Conversations Found:" + CTCore.newLine) print CTCore.show_conversations() # If chosen just to dump files and exit if (args.dump is not None): try: CTCore.ungzip_all() CTCore.dump_all_files(args.dump[0],True) except Exception, ed: print ed
def do_ziplist(self, line): try: line = str(line) import zipfile l = line.split(" ") if (l[0] == ""): self.help_ziplist() else: id, size = get_id_size(line) if in_range(id): response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) fp = StringIO.StringIO(response) fp.write(response) zfp = zipfile.ZipFile(fp, "r") self.retval = " " + str(len(zfp.namelist())) + \ " Files found in zip object {} ({}):".format( str(id),name) + newLine for cnt, fl in enumerate(zfp.namelist()): self.retval += " [Z] " + str(cnt + 1) + " : " + fl cnt += 1 self.retval += newLine except Exception,e: self.retval = "Error unzipping object: " + str(e)
def do_jsbeautify(self,line): try: import jsbeautifier l = line.split(" ") if len(l) < 2: self.help_jsbeautify() else: OPTIONS = ['slice','obj'] option = l[0] if option not in OPTIONS: print "Invalid option" return False id = l[1] response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) if option == "slice": offset = int(l[2]) length = l[3] bytes, length = get_bytes(response,offset,length) js_bytes = bytes res = jsbeautifier.beautify(js_bytes) print res if option == "obj": res = jsbeautifier.beautify(response) obj_num = CTCore.add_object("jsbeautify",res,id=id) print " JavaScript Beautify of object {} ({}) successful!".format(str(id), name) print " New object created: {}".format(obj_num) + newLine except Exception,e: print str(e)
def main(args): file_path = args[1] print("[A] Analyzing PCAP: " + args[1]) parse_pcap.run(file_path) print(CTCore.newLine + "[+] Traffic Activity Time: " + CTCore.activity_date_time.strftime('%a, %x %X')) print("[+] Conversations Found:" + CTCore.newLine) CTCore.show_conversations() start_ws = True if (len(args) > 2): if args[2].lower() == "-s": start_ws = False else: CTCore.PORT = int(args[2]) if (start_ws): try: CTCore.web_server = server() CTCore.web_server.start() time.sleep(0.1) # Fixes graphic issues CTCore.web_server_turned_on = True except Exception,e: print "[E] Error starting Web Service:" if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: print " Port " + str(CTCore.PORT) + " is already Taken." print " Change the port using 'CapTipper.py <pcap_file> [port=80]' or use '-s' to disable web server" print " Proceeding without starting the web server..." + CTCore.newLine else: print " " + str(e)
def do_ls(self, line): try: l = line.split(" ") if (l[0] == ""): CTCore.list_pcap(".") else: CTCore.list_pcap(os.path.expanduser(l[0])) except Exception,e: print str(e)
def do_urlb64d(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_urlb64d() else: id = int(l[0]) if in_range(id): CTCore.urlb64d(id) except Exception,e: print str(e)
def do_hexdump(self,line): try: l = line.split(" ") if (l[0] == ""): self.help_hexdump() else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, size) name = CTCore.get_name(id) print "Displaying hexdump of object {} ({}) body [{} bytes]:".format(id, name, size) print newLine + hexdump(response) + newLine except Exception,e: print str(e)
def do_load(self, line): # try: # CTCore.load_pcap(line) # except Exception, e: # print str(e) try: l = line.split(" ") if (l[0] == ""): self.help_load() else: CTCore.load_pcap(line) exit(0) except Exception,e: print str(e)
def do_req(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_req() else: id, size = get_id_size(line) request, size = CTCore.get_request_size(id, "all") name = CTCore.get_name(id) print "Displaying request for object {} ({}) [{} bytes]:".format(id, name, size) CTCore.show_errors() print newLine + request except Exception,e: print str(e)
def do_body(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_body() else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, size) name = CTCore.get_name(id) print "Displaying body of object {} ({}) [{} bytes]:".format(id, name, size) CTCore.show_errors() print newLine + response except Exception,e: print str(e)
def main(args, pcap_file): if not os.path.exists(args.dump[0]): os.makedirs(args.dump[0]) CTCore.pcap_file = pcap_file[0] if(args.report is not None): CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) # If chosen just to dump files and exit if (args.dump is not None): try: CTCore.ungzip_all() CTCore.dump_all_files(args.dump[0],True) except Exception, ed: print ed
def do_vt(self,line): try: line = str(line) l = line.split(" ") if (l[0] == ""): self.help_vt() else: if not CTCore.VT_APIKEY: print newLine + "No Virus Total API key found, please enter your API key:", CTCore.VT_APIKEY = raw_input() id = int(l[0]) body, sz = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) self.retval = " VirusTotal result for object {} ({}):".format(str(id),name) + newLine hash = hashlib.md5(StringIO.StringIO(body).getvalue()).hexdigest() vtdata = CTCore.send_to_vt(hash, CTCore.VT_APIKEY) if vtdata[0] != -1: jsonDict = vtdata[1] if jsonDict.has_key('response_code'): if jsonDict['response_code'] == 1: if jsonDict.has_key('scans') and jsonDict.has_key('scan_date') \ and jsonDict.has_key('total') and jsonDict.has_key('positives') and jsonDict.has_key('permalink'): self.retval += " Detection: {}/{}".format(jsonDict['positives'], jsonDict['total']) self.retval += " Last Analysis Date: {}".format(jsonDict['scan_date']) self.retval += " Report Link: {}".format(jsonDict['permalink']) + newLine if jsonDict['positives'] > 0: self.retval += " Scan Result:" for av in jsonDict['scans']: av_res = jsonDict['scans'][av] if av_res.has_key('detected') and av_res.has_key('version') and av_res.has_key('result') and av_res.has_key('update'): if av_res['detected']: self.retval += "\t{}\t{}\t{}\t{}".format(av, av_res['result'], av_res['version'], av_res['update']) else: self.retval += " Missing elements in Virus Total Response" else: self.retval += " File not found in VirusTotal" else: self.retval += " Response from VirusTotal isn't valid" else: self.retval += vtdata[1] self.retval += newLine except Exception,e: self.retval = str(e)
def do_strings(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_strings() else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) print "Strings found in object {} ({}) [{} bytes]:".format(id, name, size) strings = CTCore.get_strings(response) print (newLine.join(str for str in strings)) except Exception,e: print str(e)
def do_hexdump(self, line, xor=None, custsize=None): try: line = str(line) l = line.split(" ") if (l[0] == ""): self.help_hexdump() else: id, size = get_id_size(line) if custsize: size = custsize response, size = CTCore.get_response_and_size(id, size) name = CTCore.get_name(id) self.retval = "Displaying hexdump of object {} ({}) body [{} bytes]:".format(id, name, size) self.retval += newLine + hexdump(response) + newLine except Exception,e: self.retval = str(e)
def run(file_path): conn_dict = OrderedDict() try: if file_path != '-': infile = io.open(file_path, "rb") else: infile = sys.stdin try: pcap_file(conn_dict, infile) finally: time.sleep(0.1) CTCore.sort_convs() infile.close() finally: for conn in conn_dict.values(): conn.finish()
def get_plaintext_body_by_id(self, id): if id < len(self.conversations) and self.conversations[id].magic_ext == "GZ": data, name = CTCore.ungzip(id) else: data = self.get_body_by_id(id) return data
def check_path(path,type="file"): directory = os.path.dirname(path) if type == "file" and os.path.isdir(path): CTCore.alert_message("Please specify a full path and not a folder",msg_type.ERROR) return False if not os.path.isdir(directory): print newLine + " Directory {} doesn't exists. Create? (Y/n):".format(directory), ans = raw_input() if ans.lower() == "y" or ans == "": os.makedirs(directory) return True else: return False else: return True
def do_iframes(self,line): try: l = line.split(" ") if (l[0] == ""): self.help_resp() else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) parser = CTCore.CapTipperHTMLParser("iframe") print "Searching for iframes in object {} ({})...".format(str(id),name) parser.feed(response) parser.print_iframes() print "" except Exception,e: print str(e)
def do_vt(self,line): try: l = line.split(" ") if (l[0] == ""): self.help_vt() else: id = int(l[0]) body, sz = get_response_size(id, "all") name = CTCore.get_name(id) print " VirusTotal result for object {} ({}):".format(str(id),name) + newLine import hashlib hash = hashlib.md5(StringIO.StringIO(body).getvalue()).hexdigest() vtdata = CTCore.send_to_vt(hash, CTCore.APIKEY) if vtdata[0] != -1: jsonDict = vtdata[1] if jsonDict.has_key('response_code'): if jsonDict['response_code'] == 1: if jsonDict.has_key('scans') and jsonDict.has_key('scan_date') \ and jsonDict.has_key('total') and jsonDict.has_key('positives') and jsonDict.has_key('permalink'): print " Detection: {}/{}".format(jsonDict['positives'], jsonDict['total']) print " Last Analysis Date: {}".format(jsonDict['scan_date']) print " Report Link: {}".format(jsonDict['permalink']) + newLine if jsonDict['positives'] > 0: print " Scan Result:" for av in jsonDict['scans']: av_res = jsonDict['scans'][av] if av_res.has_key('detected') and av_res.has_key('version') and av_res.has_key('result') and av_res.has_key('update'): if av_res['detected']: print "\t{}\t{}\t{}\t{}".format(av, av_res['result'], av_res['version'], av_res['update']) else: print " Missing elements in Virus Total Response" else: print " File not found in VirusTotal" else: print " Response from VirusTotal isn't valid" else: print vtdata[1] print "" except Exception,e: print str(e)
def do_iframes(self,line,tag="iframe"): try: line = str(line) l = line.split(" ") if (l[0] == ""): self.help_resp() else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) parser = CTCore.srcHTMLParser(tag) self.retval = "Searching for iframes in object {} ({})...".format(str(id),name) parser.feed(response) self.retval += "{} found{}".format(len(parser.tags), newLine) return parser except Exception,e: self.retval = str(e)
def do_unzlib(self,line): try: l = line.split(" ") if (l[0] == ""): self.help_unzlib() else: if l[0].lower() == "all": CTCore.unzlib_all() else: id = int(l[0]) if in_range(id): obj_num, name = CTCore.unzlib(id) if obj_num != -1: print " ZLIB Decompression of object {} ({}) successful!".format(str(id), name) print " New object created: {}".format(obj_num) + newLine else: CTCore.show_errors() except Exception,e: print str(e)
def do_ungzip(self,line): try: l = line.split(" ") if (l[0] == ""): self.help_ungzip() else: id = l[0] body, sz = get_response_size(id, "all") name = CTCore.get_name(id) import gzip decomp = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(body)) page = decomp.read() obj_num = CTCore.add_object("ungzip",page,id=id) print " GZIP Decompression of object {} ({}) successful!".format(str(id), name) print " New object created: {}".format(obj_num) + newLine except Exception,e: print str(e)
def do_dump(self,line): try: l = line.split(" ") if len(l) < 2: self.help_dump() else: if l[0].lower() == "all": dump_exe = True if len(l) > 2 and l[2].lower() == "-e": dump_exe = False CTCore.dump_all_files(l[1], dump_exe) else: id = l[0] path = l[1] if check_path(path, type="file"): CTCore.dump_file(id,path) except Exception,e: print str(e)
def do_slice(self,line): try: l = line.split(" ") if len(l) < 3: self.help_slice() else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) offset = int(l[1]) length = l[2] bytes, length = get_bytes(response,offset,length) print "Displaying {} of bytes from offset {} in object {} ({}):".format(length, offset, id, name) print "" print bytes print "" except Exception,e: print str(e)
def do_ungzip(self,line): try: line = str(line) l = line.split(" ") if (l[0] == ""): self.help_ungzip() else: if l[0].lower() == "all": CTCore.ungzip_all() else: id = int(l[0]) if in_range(id): obj_num, name = CTCore.ungzip_and_add(id) if obj_num != -1: CTCore.conversations[int(id)].decoded = int(obj_num) self.retval = " GZIP Decompression of object {} ({}) successful!".format(str(id), name) self.retval += " New object created: {}".format(obj_num) + newLine else: CTCore.show_errors() except Exception,e: self.retval = str(e)
def do_hashes(self,line): try: l = line.split(" ") if (l[0] == ""): self.help_hashes() else: id = int(l[0]) body, sz = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) print " Hashes of object {} ({}):".format(str(id),name) + newLine for alg in hashlib.algorithms: hashfunc = getattr(hashlib, alg) hash = hashfunc(StringIO.StringIO(body).getvalue()).hexdigest() print " {0:8} : {1}".format(alg, hash) print "" except Exception,e: print str(e)
def do_peinfo(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_peinfo() else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) print "Displaying PE info of object {} ({}) [{} bytes]:".format(id, name, size) if len(l) > 1 and l[1].lower() == "-p": print "Checking for packers..." pescan = PEScanner(response, '', peid_sigs="userdb.txt") else: pescan = PEScanner(response, '', '') out = pescan.collect() print '\n'.join(out) except Exception,e: print str(e)
def do_peinfo(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_peinfo() else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) print "Displaying PE info of object {} ({}) [{} bytes]:".format( id, name, size) if len(l) > 1 and l[1].lower() == "-p": print "Checking for packers..." pescan = PEScanner(response, '', peid_sigs="userdb.txt") else: pescan = PEScanner(response, '', '') out = pescan.collect() print '\n'.join(out) except Exception, e: print str(e)
def do_jsbeautify(self, line): try: line = str(line) import jsbeautifier l = line.split(" ") if len(l) < 2: self.help_jsbeautify() else: OPTIONS = ['slice', 'obj'] option = l[0] if option not in OPTIONS: self.retval = "Invalid option" return False id = l[1] response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) if option == "slice": offset = int(l[2]) length = l[3] bytes, length = get_bytes(response, offset, length) js_bytes = bytes res = jsbeautifier.beautify(js_bytes) self.retval = res if option == "obj": res = jsbeautifier.beautify(response) obj_num = CTCore.add_object("jsbeautify", res, id=id) self.retval = " JavaScript Beautify of object {} ({}) successful!".format( str(id), name) self.retval += " New object created: {}".format( obj_num) + newLine except Exception, e: self.retval = str(e)
def do_hashes(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_hashes() else: id = int(l[0]) body, sz = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) print " Hashes of object {} ({}):".format(str(id), name) + newLine for alg in hashlib.algorithms: hashfunc = getattr(hashlib, alg) hash = hashfunc( StringIO.StringIO(body).getvalue()).hexdigest() print " {0:8} : {1}".format(alg, hash) print "" except Exception, e: print str(e)
def do_head(self,line): try: l = line.split(" ") if (l[0] == ""): self.help_head() else: id = int(l[0]) header = get_head(id) name = CTCore.get_name(id) print "Displaying header of object {} ({}):".format(str(id), name) print newLine + header except Exception,e: print str(e)
def do_hexdump(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_hexdump() else: id, size = get_id_size(line) response, size = get_response_size(id, size) name = CTCore.get_name(id) print "Displaying hexdump of object {} ({}) body [{} bytes]:".format( id, name, size) print newLine + hexdump(response) + newLine except Exception, e: print str(e)
def do_find(self,line): try: l = line.split(" ") if len(l) < 2: self.help_find() else: pattern = " ".join(l[1:]) if l[0].lower() == "all": print "Searching '{}' in all objects:".format(pattern) for i in range(0,len(CTCore.objects)): response, size = CTCore.get_response_and_size(i, "all") name = CTCore.get_name(i) search_res = find_pattern(response, pattern) if len(search_res) > 0: print newLine + " {} [{}]:".format(name,str(i)) for res in search_res: print " " + res print "" else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) print "Searching '{}' in object {} ({}):".format(pattern, id, name) print "" search_res = find_pattern(response, pattern) if len(search_res) > 0: for res in search_res: print res else: print " No Results found" print "" except Exception,e: print str(e)
def do_find(self, line): try: l = line.split(" ") if len(l) < 2: self.help_find() else: pattern = " ".join(l[1:]) if l[0].lower() == "all": print "Searching '{}' in all objects:".format(pattern) for i in range(0, len(CTCore.objects)): response, size = CTCore.get_response_and_size(i, "all") name = CTCore.get_name(i) search_res = find_pattern(response, pattern) if len(search_res) > 0: print newLine + " {} [{}]:".format(name, str(i)) for res in search_res: print " " + res print "" else: id, size = get_id_size(line) response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) print "Searching '{}' in object {} ({}):".format( pattern, id, name) print "" search_res = find_pattern(response, pattern) if len(search_res) > 0: for res in search_res: print res else: print " No Results found" print "" except Exception, e: print str(e)
def do_head(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_head() else: id = int(l[0]) header = get_head(id) name = CTCore.get_name(id) print "Displaying header of object {} ({}):".format( str(id), name) print newLine + header except Exception, e: print str(e)
def do_ungzip(self, line): try: line = str(line) l = line.split(" ") if (l[0] == ""): self.help_ungzip() else: if l[0].lower() == "all": CTCore.ungzip_all() else: id = int(l[0]) if in_range(id): obj_num, name = CTCore.ungzip_and_add(id) if obj_num != -1: CTCore.conversations[int(id)].decoded = int( obj_num) self.retval = " GZIP Decompression of object {} ({}) successful!".format( str(id), name) self.retval += " New object created: {}".format( obj_num) + newLine else: CTCore.show_errors() except Exception, e: self.retval = str(e)
def do_ziplist(self, line): try: import zipfile l = line.split(" ") if (l[0] == ""): self.help_ziplist() else: id, size = get_id_size(line) if in_range(id): response, size = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) fp = StringIO.StringIO(response) fp.write(response) zfp = zipfile.ZipFile(fp, "r") print " " + str(len(zfp.namelist( ))) + " Files found in zip object {} ({}):".format( str(id), name) + newLine for cnt, fl in enumerate(zfp.namelist()): print " [Z] " + str(cnt + 1) + " : " + fl cnt += 1 print "" except Exception, e: print "Error unzipping object: " + str(e)
def _do_output(self): printer_lock.acquire() try: value = self.buf.getvalue() self.buf = StringIO() if value: #print("[%s:%d] -- -- --> [%s:%d] " % (self.client_host[0], self.client_host[1], # self.remote_host[0], self.remote_host[1]), # file=config.out) #print(value.encode('utf8'), file=config.out) CTCore.finish_conversation(self) #config.out.flush() except IOError as e: if e.errno == 32: # may be pipe closed sys.exit(0) else: print(e, file=sys.stderr) sys.exit(-1) finally: printer_lock.release()
def main(args): file_path = args[1] print("[A] Analyzing PCAP: " + args[1]) parse_pcap.run(file_path) print(CTCore.newLine + "[+] Traffic Activity Time: "), try: print(CTCore.activity_date_time.strftime('%a, %x %X')) except: print "Couldn't retrieve time" print("[+] Conversations Found:" + CTCore.newLine) CTCore.show_conversations() start_ws = True if (len(args) > 2): if args[2].lower() == "-s": start_ws = False else: CTCore.PORT = int(args[2]) if (start_ws): try: CTCore.web_server = server() CTCore.web_server.start() time.sleep(0.1) # Fixes graphic issues CTCore.web_server_turned_on = True except Exception,e: print "[E] Error starting Web Service:" if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: print " Port " + str(CTCore.PORT) + " is already Taken." print " Change the port using 'CapTipper.py <pcap_file> [port=80]' or use '-s' to disable web server" print " Proceeding without starting the web server..." + CTCore.newLine else: print " " + str(e)
def do_plugin(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_plugin() elif (l[0] == "-l"): print "Loaded Plugins ({}):".format(len(CTCore.plugins)) for plug in CTCore.plugins: print " {} : {} - {}".format(plug.id, plug.name, plug.description) print "" else: if (l[0].isdigit() and int(l[0]) < len(CTCore.plugins)): plugin_name = CTCore.plugins[int(l[0])].name else: plugin_name = l[0] plugin_args = l[1:] result = CTCore.run_plugin(plugin_name, plugin_args) if result is not None: print result except Exception, e: print str(e)
def main(args, pcap_file): if (args.update): CTCore.update_captipper() CTCore.pcap_file = pcap_file[0] print("[A] Analyzing PCAP: " + CTCore.pcap_file) start_ws = args.server_off # Boolean to start web server CTCore.PORT = args.port # Web server port CTCore.b_use_short_uri = args.short_url # Display short URI paths CTCore.b_auto_ungzip = args.ungzip if (args.report is not None): CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) if not CTCore.conversations: sys.exit("No HTTP conversations were found in PCAP file") print(CTCore.newLine + "[+] Traffic Activity Time: "), try: print(CTCore.activity_date_time) except: print "Couldn't retrieve time" print("[+] Conversations Found:" + CTCore.newLine) CTCore.show_conversations() if (start_ws and args.dump is None and args.report is None): try: CTCore.web_server = server() CTCore.web_server.start() time.sleep(0.1) # Fixes graphic issues CTCore.web_server_turned_on = True except Exception, e: CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR) if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: print " Port " + str(CTCore.PORT) + " is already taken." print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server" print " Proceeding without starting the web server..." + CTCore.newLine else: print " " + str(e)
CTCore.web_server_turned_on = True except Exception, e: CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR) if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: print " Port " + str(CTCore.PORT) + " is already taken." print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server" print " Proceeding without starting the web server..." + CTCore.newLine else: print " " + str(e) # If chosen just to dump files and exit if (args.dump is not None): try: CTCore.ungzip_all() CTCore.dump_all_files(args.dump[0], True) except Exception, ed: print ed # If chosen to create a report elif (args.report is not None): report = Report(CTCore.hosts, CTCore.conversations, CTCore.VERSION + " b" + CTCore.BUILD) report.CreateReport(args.report[0]) else: try: CTPlugin.init_plugins() interpreter = console() interpreter.cmdloop() except:
def get_name_by_id(self, id): name = CTCore.get_name(id) return name
def get_body_by_id(self, id): response, size = CTCore.get_response_and_size(id, "all") return response
def do_wire(self, line): try: CTCore.load_wire() except Exception, e: print str(e)
def do_convs(self, line): line = str(line) self.retval = "Conversations Found:" + newLine self.retval += CTCore.show_conversations()
def do_objects(self, line): self.retval = CTCore.show_objects()
def do_hosts(self, line): self.retval = "Found Hosts:" + newLine self.retval += CTCore.show_hosts()
def do_convs(self, line): print "Conversations Found:" + newLine CTCore.show_conversations()
def do_objects(self, line): CTCore.show_objects() print ""
def do_hosts(self, line): print "Found Hosts:" + newLine CTCore.show_hosts()
def do_vt(self, line): try: l = line.split(" ") if (l[0] == ""): self.help_vt() else: if not CTCore.VT_APIKEY: print newLine + "No Virus Total API key found, please enter your API key:", CTCore.VT_APIKEY = raw_input() id = int(l[0]) body, sz = CTCore.get_response_and_size(id, "all") name = CTCore.get_name(id) print " VirusTotal result for object {} ({}):".format( str(id), name) + newLine hash = hashlib.md5( StringIO.StringIO(body).getvalue()).hexdigest() vtdata = CTCore.send_to_vt(hash, CTCore.VT_APIKEY) if vtdata[0] != -1: jsonDict = vtdata[1] if jsonDict.has_key('response_code'): if jsonDict['response_code'] == 1: if jsonDict.has_key('scans') and jsonDict.has_key('scan_date') \ and jsonDict.has_key('total') and jsonDict.has_key('positives') and jsonDict.has_key('permalink'): print " Detection: {}/{}".format( jsonDict['positives'], jsonDict['total']) print " Last Analysis Date: {}".format( jsonDict['scan_date']) print " Report Link: {}".format( jsonDict['permalink']) + newLine if jsonDict['positives'] > 0: print " Scan Result:" for av in jsonDict['scans']: av_res = jsonDict['scans'][av] if av_res.has_key( 'detected') and av_res.has_key( 'version' ) and av_res.has_key( 'result' ) and av_res.has_key('update'): if av_res['detected']: print "\t{}\t{}\t{}\t{}".format( av, av_res['result'], av_res['version'], av_res['update']) else: print " Missing elements in Virus Total Response" else: print " File not found in VirusTotal" else: print " Response from VirusTotal isn't valid" else: print vtdata[1] print "" except Exception, e: print str(e)
def do_update(self, line): try: CTCore.update_captipper() except Exception, e: print str(e)