def run(self, obj, config): if isinstance(obj, RawData): data = obj.data elif isinstance(obj, Sample): samp_data = obj.filedata.read() data = make_ascii_strings(data=samp_data) if not data: self._debug("Could not find sample data to parse.") return else: self._debug("This type is not supported by this service.") return ips = extract_ips(data) for ip in ips: tdict = {'Type': "IP Address"} id_ = Indicator.objects(value=ip).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential IP Address', ip, tdict) domains = extract_domains(data) for domain in domains: tdict = {'Type': "Domain"} id_ = Indicator.objects(value=domain).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential Domains', domain, tdict) emails = extract_emails(data) for email in emails: tdict = {'Type': "Email"} id_ = Indicator.objects(value=email).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential Emails', email, tdict)
def run(self, obj, config): if isinstance(obj, Event): data = obj.description elif isinstance(obj, RawData): data = obj.data elif isinstance(obj, Sample): samp_data = obj.filedata.read() data = make_ascii_strings(data=samp_data) if not data: self._debug("Could not find sample data to parse.") return else: self._debug("This type is not supported by this service.") return ips = extract_ips(data) for ip in ips: tdict = {'Type': IndicatorTypes.IPV4_ADDRESS} id_ = Indicator.objects(value=ip).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential IP Address', ip, tdict) domains = extract_domains(data) for domain in domains: tdict = {'Type': IndicatorTypes.DOMAIN} id_ = Indicator.objects(value=domain).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential Domains', domain, tdict) emails = extract_emails(data) for email in emails: tdict = {'Type': IndicatorTypes.EMAIL_ADDRESS} id_ = Indicator.objects(value=email).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential Emails', email, tdict) hashes = extract_hashes(data) for hash_ in hashes: type_ = hash_[0] val = hash_[1] tdict = {'Type': type_} if type_ == IndicatorTypes.MD5: id_ = Sample.objects(md5=val).only('id').first() elif type_ == IndicatorTypes.SHA1: id_ = Sample.objects(sha1=val).only('id').first() elif type_ == IndicatorTypes.SHA256: id_ = Sample.objects(sha256=val).only('id').first() elif type_ == IndicatorTypes.SSDEEP: id_ = Sample.objects(ssdeep=val).only('id').first() else: id_ = None if id_: tdict['exists'] = str(id_.id) self._add_result('Potential Samples', val, tdict)
def strings(request, sample_md5): """ Generate strings for a sample. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param sample_md5: The MD5 of the sample to use. :type sample_md5: str :returns: :class:`django.http.HttpResponse` """ if request.is_ajax(): strings_data = make_ascii_strings(md5=sample_md5) strings_data += make_unicode_strings(md5=sample_md5) result = {"strings": strings_data} return HttpResponse(json.dumps(result), content_type="application/json") else: return render(request, 'error.html', {'error': "Expected AJAX."})
def xor(request, sample_md5): """ Generate xor results for a sample. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param sample_md5: The MD5 of the sample to use. :type sample_md5: str :returns: :class:`django.http.HttpResponse` """ if request.is_ajax(): key = request.GET.get('key') key = int(key) xor_data = xor_string(md5=sample_md5, key=key) xor_data = make_ascii_strings(data=xor_data) result = {"strings": xor_data} return HttpResponse(json.dumps(result), content_type="application/json") else: return render(request, 'error.html', {'error': "Expected AJAX."})
def xor(request,sample_md5): """ Generate xor results for a sample. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param sample_md5: The MD5 of the sample to use. :type sample_md5: str :returns: :class:`django.http.HttpResponse` """ if request.is_ajax(): key = request.GET.get('key') key = int(key) xor_data = xor_string(md5=sample_md5, key=key) xor_data = make_ascii_strings(data=xor_data) result = {"strings": xor_data} return HttpResponse(json.dumps(result), content_type="application/json") else: return render(request, 'error.html', {'error': "Expected AJAX."})
def _scan(self, context): if isinstance(context, RawDataContext): raw_data = RawData.objects(id=context.identifier).first() if not raw_data: self._debug("Could not find raw data to parse.") return data = raw_data.data elif isinstance(context, SampleContext): data = make_ascii_strings(md5=context.identifier) if not data: self._debug("Could not find sample data to parse.") return else: self._debug("This type is not supported by this service.") return ips = extract_ips(data) for ip in ips: tdict = {'Type': "IP Address"} id_ = Indicator.objects(value=ip).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential IP Address', ip, tdict) domains = extract_domains(data) for domain in domains: tdict = {'Type': "Domain"} id_ = Indicator.objects(value=domain).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential Domains', domain, tdict) emails = extract_emails(data) for email in emails: tdict = {'Type': "Email"} id_ = Indicator.objects(value=email).only('id').first() if id_: tdict['exists'] = str(id_.id) self._add_result('Potential Emails', email, tdict)
def _scan(self, context): if isinstance(context, RawDataContext): raw_data = RawData.objects(id=context.identifier).first() if not raw_data: self._debug("Could not find raw data to parse.") return data = raw_data.data elif isinstance(context, SampleContext): data = make_ascii_strings(md5=context.identifier) if not data: self._debug("Could not find sample data to parse.") return else: self._debug("This type is not supported by this service.") return ips = extract_ips(data) for ip in ips: tdict = {"Type": "IP Address"} id_ = Indicator.objects(value=ip).only("id").first() if id_: tdict["exists"] = str(id_.id) self._add_result("Potential IP Address", ip, tdict) domains = extract_domains(data) for domain in domains: tdict = {"Type": "Domain"} id_ = Indicator.objects(value=domain).only("id").first() if id_: tdict["exists"] = str(id_.id) self._add_result("Potential Domains", domain, tdict) emails = extract_emails(data) for email in emails: tdict = {"Type": "Email"} id_ = Indicator.objects(value=email).only("id").first() if id_: tdict["exists"] = str(id_.id) self._add_result("Potential Emails", email, tdict)