def getSearchedDataForDecimal(self, value): if not value.isdigit(): return [] # Creation of a SearchTask task = SearchTask(value, value, Format.DECIMAL) task.registerVariation(TypeConvertor.decimalToNetzobRaw(value), "Decimal representation of '{0}'".format(TypeConvertor.decimalToNetzobRaw(value))) task.registerVariation(TypeConvertor.decimalToNetzobRaw(value[::-1]), "Inverted decimal representation of '{0}'".format(TypeConvertor.decimalToNetzobRaw(value[::-1]))) return [task]
def getSearchedDataForHexadecimal(self, value, extraInfo=None): typeIdentifier = TypeIdentifier() if not typeIdentifier.isHexString(value): return [] # Creation of a SearchTask task = SearchTask(value, value, Format.HEX) task.registerVariation(value, "Hex repr of '{0}'({1}))".format(value, extraInfo)) # task.registerVariation(value[::-1], "Inverted representation of '{0}'".format(value[::-1])) return [task]
def getSearchedDataForHexadecimal(self, value, extraInfo=None): typeIdentifier = TypeIdentifier() if not typeIdentifier.isHexString(value): return [] # Creation of a SearchTask task = SearchTask(value, value, Format.HEX) task.registerVariation( value, "Hex repr of '{0}'({1}))".format(value, extraInfo)) # task.registerVariation(value[::-1], "Inverted representation of '{0}'".format(value[::-1])) print task return [task]
def execute(self, symbol): results = [] toBeAnalyzed = [] if symbol is not None: toBeAnalyzed.append(symbol) else: toBeAnalyzed.extend(self.project.getVocabulary().getSymbols()) for symbol in toBeAnalyzed: searchTask = SearchTask( "URL Data Carver", "((http:\/\/|https:\/\/)?(www\.)?(([a-z0-9\-]){2,}\.){1,4}([a-z]){2,6}(\/([a-z\-_\/\.0-9#:?+%=&;,])*)?)", "URL", ) ## TODO: put this things in a dedicated class infoCarvers = { "url": re.compile( "((http:\/\/|https:\/\/)?(www\.)?(([a-z0-9\-]){2,}\.){1,4}([a-z]){2,6}(\/([a-z\-_\/\.0-9#:?+%=&;,])*)?)" ), "email": re.compile("[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}"), "ip": re.compile( "(((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))" ), } foundValues = [] tasks = [] # Execute the search operation in String mode for (carver, regex) in infoCarvers.items(): currentTask = SearchTask(carver, None, carver) taskResults = [] for message in symbol.getMessages(): strData = TypeConvertor.netzobRawToString(message.getReducedStringData()) for match in regex.finditer(strData): if match is None: taskResult = SearchResult(message, "Data Carving: {0}".format(carver)) taskResult.addSegment(0, len(message.getReducedStringData())) taskResults.append(taskResult) else: taskResult = SearchResult(message, "Data Carving: {0}".format(carver)) taskResult.addSegment(match.start(0) * 2, match.end(0) * 2) taskResults.append(taskResult) if len(taskResults) > 0: currentTask.registerResults(taskResults, "Data Carving: {0}".format(carver)) tasks.append(currentTask) results.append(tasks) return results
def getSearchedDataForString(self, value): # Creation of a SearchTask task = SearchTask(value, value, Format.STRING) task.registerVariation(TypeConvertor.stringToNetzobRaw(value), "String representation of '%s'" % value) task.registerVariation(TypeConvertor.stringToNetzobRaw(value[::-1]), "Inverted string representation of '%s'" % value[::-1]) task.registerVariation(TypeConvertor.stringToNetzobRaw(value.decode('utf-8')), "String representation of '%s' encoded in UTF-8" % value) return [task]
def getSearchedDataForString(self, value): # Creation of a SearchTask task = SearchTask(value, value, Format.STRING) task.registerVariation(TypeConvertor.stringToNetzobRaw(value), "String representation of '%s'" % value) task.registerVariation( TypeConvertor.stringToNetzobRaw(value[::-1]), "Inverted string representation of '%s'" % value[::-1]) task.registerVariation( TypeConvertor.stringToNetzobRaw(value.decode('utf-8')), "String representation of '%s' encoded in UTF-8" % value) return [task]
def execute(self, symbol): results = [] toBeAnalyzed = [] if symbol is not None: toBeAnalyzed.append(symbol) else: toBeAnalyzed.extend(self.project.getVocabulary().getSymbols()) for symbol in toBeAnalyzed: searchTask = SearchTask("URL Data Carver", "((http:\/\/|https:\/\/)?(www\.)?(([a-z0-9\-]){2,}\.){1,4}([a-z]){2,6}(\/([a-z\-_\/\.0-9#:?+%=&;,])*)?)", "URL") ## TODO: put this things in a dedicated class infoCarvers = { 'url': re.compile("((http:\/\/|https:\/\/)?(www\.)?(([a-z0-9\-]){2,}\.){1,4}([a-z]){2,6}(\/([a-z\-_\/\.0-9#:?+%=&;,])*)?)"), 'email': re.compile("[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}"), 'ip': re.compile("(((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))") } foundValues = [] tasks = [] # Execute the search operation in String mode for (carver, regex) in infoCarvers.items(): currentTask = SearchTask(carver, None, carver) taskResults = [] for message in symbol.getMessages(): strData = TypeConvertor.netzobRawToString(message.getReducedStringData()) for match in regex.finditer(strData): if match is None: taskResult = SearchResult(message, "Data Carving: {0}".format(carver)) taskResult.addSegment(0, len(message.getReducedStringData())) taskResults.append(taskResult) else: taskResult = SearchResult(message, "Data Carving: {0}".format(carver)) taskResult.addSegment(match.start(0) * 2, match.end(0) * 2) taskResults.append(taskResult) if len(taskResults) > 0: currentTask.registerResults(taskResults, "Data Carving: {0}".format(carver)) tasks.append(currentTask) results.append(tasks) return results
def getSearchedDataForDecimal(self, value): if not value.isdigit(): return [] # Creation of a SearchTask task = SearchTask(value, value, Format.DECIMAL) task.registerVariation( TypeConvertor.decimalToNetzobRaw(value), "Decimal representation of '{0}'".format( TypeConvertor.decimalToNetzobRaw(value))) task.registerVariation( TypeConvertor.decimalToNetzobRaw(value[::-1]), "Inverted decimal representation of '{0}'".format( TypeConvertor.decimalToNetzobRaw(value[::-1]))) return [task]
def getSearchedDataForHexadecimal(self, value): # Creation of a SearchTask task = SearchTask(value, value, Format.HEX) task.registerVariation(value, "Hexadecimal representation of '{0}'".format(value)) task.registerVariation(value[::-1], "Inverted representation of '{0}'".format(value[::-1])) return [task]