def findNodes(self, query): v = vfs.vfs() rootnode = v.getnode("/") filters = Filter("") # query = 'name matches re("^global_history.dat")' filters.compile(query) filters.process(rootnode, True) result = filters.matchedNodes() return result
def filter(self, pattern, node): children = self.getDirectories(node) if len(children) > 0: f = Filter("completer") exp = '(name matches re("^'+ pattern +'",i))' f.compile(exp) f.process(children) possible = f.matchedNodes() return possible return []
def filter(self, pattern, node): children = self.getDirectories(node) if len(children) > 0: f = Filter("completer") exp = '(name matches re("^' + pattern + '",i))' f.compile(exp) f.process(children) possible = f.matchedNodes() return possible return []
def searchTaggedNode(self): f = Filter("") f.compile('tags in ["malware", "suspicious"]') f.process(self.root) malwareNodes = f.matchedNodes() if len(malwareNodes ) != 0: #if get some results we add it to the report page = self.reportManager.createPage("MyAnalysis", "Files") page.addNodeList("Malware", malwareNodes) self.reportManager.addPage(page)
def findMorkFiles(self): # For Firefox < version 3 filesname = ["formhistory.dat", "history.dat"] v = vfs.vfs() rootnode = v.getnode("/") filters = Filter("") query = 'type == "database/mork"' filters.compile(query) filters.process(rootnode, True) result = filters.matchedNodes() return result
def start(self, args): self.root = self.vfs.getnode("/") try: #self.status #searching filter = Filter("") query = '(type in["image/jpeg"])' filter.compile(query) filter.process(self.root, True) nodes = filter.matchedNodes() #self.status getting coord for x on x for node in nodes: coord = self.getCoordinates(node) if coord: self.nodeCoord[node] = coord except Exception as e: print 'Maps module error ', e
def scanJoin(self, root, modulesToApply = None): modMap = {} modCount = 0 jobs = [] while not self.empty(): task = self.get() moduleName = task[1][0] if modulesToApply != None: if not module in modulesToApply: self.task_done() continue module = self.loader.modules[moduleName] try: filterText = module.scanFilter if filterText != '': arguments = task[1][1] nodeArguments = module.conf.argumentsByType(typeId.Node) if len(nodeArguments) == 1: node = arguments[nodeArguments[0].name()].value() filter = Filter('') filter.compile(str(filterText)) filter.process(node) matches = filter.matchedNodes() if not len(matches): self.task_done() continue except : #filter can throw pass try : modMap[task[1][0]] += 1 except KeyError: modMap[task[1][0]] = 1 job2 = (self.task_done_scan, (root, task[1][0],)) job = (task, job2) jobs.append(job) modCount += 1 if modCount: self.displayItem(root, modCount, modMap) for job in jobs: sched.enqueue(job) self.join() self.refresh()
def search(self, query): filters = Filter("") filters.compile(query) filters.process(self.root, True) return filters.matchedNodes()
def searchQuery(self, query, node): filters = Filter("") filters.compile(query) filters.process(node) return filters.matchedNodes()