def __init__(self):
Analyzer.__init__(self)
self.filepath = self.get_param('file', None, 'File parameter is missing.')
self.filename = self.get_param('filename', None, 'Filename is missing.')
self.filetype = pyexifinfo.fileType(self.filepath)
self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
# Check if manalyze submodule is enabled
if self.get_param('config.manalyze_enable', False, 'Parameter manalyze_enable not given.'
'Please enable or disable manalyze submodule explicitly.'):
binary_path = self.get_param('config.manalyze_binary_path',
'/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze')
if self.get_param('config.manalyze_enable_docker', False):
available_submodules.append(
ManalyzeSubmodule(
use_docker=True
)
)
elif self.get_param('config.manalyze_enable_binary', False) \
and os.path.isfile(binary_path):
available_submodules.append(
ManalyzeSubmodule(
use_binary=True,
binary_path=binary_path
)
)
else:
self.error('Manalyze submodule is enabled, but either there is no method allowed (docker or binary)'
'or the path to binary is not correct.')
def __init__(self):
Analyzer.__init__(self)
self.filepath = self.get_param('file', None, 'File parameter is missing.')
self.filename = self.get_param('filename', None, 'Filename is missing.')
self.filetype = pyexifinfo.fileType(self.filepath)
self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
# Check if manalyze submodule is enabled
if self.get_param('config.manalyze_enable', False, 'Parameter manalyze_enable not given.'
'Please enable or disable manalyze submodule explicitly.'):
binary_path = self.get_param('config.manalyze_binary_path',
'/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze')
if self.get_param('config.manalyze_enable_docker', False):
available_submodules.append(
ManalyzeSubmodule(
use_docker=True
)
)
elif self.get_param('config.manalyze_enable_binary', False) \
and os.path.isfile(binary_path):
available_submodules.append(
ManalyzeSubmodule(
use_binary=True,
binary_path=binary_path
)
)
else:
self.error('Manalyze submodule is enabled, but either there is no method allowed (docker or binary)'
'or the path to binary is not correct.')
def __init__(self):
Analyzer.__init__(self)
self.filepath = self.get_param('file', None,
'File parameter is missing.')
self.filename = self.get_param('filename', None,
'Filename is missing.')
self.filetype = pyexifinfo.fileType(self.filepath)
self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
def get_date_from_exif(self, fn):
self.counter['FILE_TYPE_' + pyexifinfo.fileType(fn)] += 1
d = pyexifinfo.get_json(fn)[0]
# 'EXIF:DateTimeOriginal': '2016:09:06 19:34:07'
# 'QuickTime:CreateDate': '2016:09:05 13:11:08'
if 'EXIF:DateTimeOriginal' in d:
return d['EXIF:DateTimeOriginal']
if 'QuickTime:CreateDate' in d:
return d['QuickTime:CreateDate']
def run(analyzer_name, job_id, filepath, filename, md5,
additional_config_params):
logger.info("started analyzer {} job_id {}"
"".format(analyzer_name, job_id))
report = general.get_basic_report_template(analyzer_name)
try:
results = {}
results["magic"] = magic.from_file(filepath)
results["mimetype"] = magic.from_file(filepath, mime=True)
results["filetype"] = pyexifinfo.fileType(filepath)
exif_report = pyexifinfo.get_json(filepath)
if exif_report:
exif_report_cleaned = {
key: value
for key, value in exif_report[0].items()
if not (key.startswith("File") or key.startswith("SourceFile"))
}
results["exiftool"] = exif_report_cleaned
binary = general.get_binary(job_id)
results["md5"] = hashlib.md5(binary).hexdigest()
results["sha1"] = hashlib.sha1(binary).hexdigest()
results["sha256"] = hashlib.sha256(binary).hexdigest()
results["ssdeep"] = pydeep.hash_file(filepath).decode()
report["report"] = results
except AnalyzerRunException as e:
error_message = (
"job_id:{} analyzer:{} md5:{} filename: {} Analyzer Error {}"
"".format(job_id, analyzer_name, md5, filename, e))
logger.error(error_message)
report["errors"].append(error_message)
report["success"] = False
except Exception as e:
traceback.print_exc()
error_message = (
"job_id:{} analyzer:{} md5:{} filename: {} Unexpected Error {}"
"".format(job_id, analyzer_name, md5, filename, e))
logger.exception(error_message)
report["errors"].append(str(e))
report["success"] = False
else:
report["success"] = True
general.set_report_and_cleanup(job_id, report)
logger.info("ended analyzer {} job_id {}" "".format(analyzer_name, job_id))
return report
def __init__(self):
Analyzer.__init__(self)
self.filepath = self.get_param("file", None, "File parameter is missing.")
self.filename = self.get_param("filename", None, "Filename is missing.")
self.filetype = pyexifinfo.fileType(self.filepath)
self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
self.auto_extract_artifacts = self.get_param("auto_extract_artifacts", None)
self.observables = []
# Check if manalyze submodule is enabled
if self.get_param(
"config.manalyze_enable",
False,
"Parameter manalyze_enable not given."
"Please enable or disable manalyze submodule explicitly.",
):
binary_path = self.get_param(
"config.manalyze_binary_path",
"/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze",
)
if self.get_param("config.manalyze_enable_docker", False):
available_submodules.append(ManalyzeSubmodule(use_docker=True))
elif self.get_param(
"config.manalyze_enable_binary", False
) and os.path.isfile(binary_path):
available_submodules.append(
ManalyzeSubmodule(use_binary=True, binary_path=binary_path)
)
else:
self.error(
"Manalyze submodule is enabled, but either there is no method allowed (docker or binary)"
"or the path to binary is not correct."
)
# Check if floss submodule is enabled
if self.get_param("config.floss_enable", False):
binary_path = self.get_param(
"config.floss_binary_path", False, "Floss binary path not given."
)
available_submodules.append(
FlossSubmodule(
binary_path=binary_path,
string_length=self.get_param(
"config.floss_minimal_string_length", 4
),
)
)
def analyze_file(self, path):
# Hash the file
with io.open(path, "rb") as fh:
buf = fh.read()
md5 = hashlib.md5()
md5.update(buf)
sha1 = hashlib.sha1()
sha1.update(buf)
sha256 = hashlib.sha256()
sha256.update(buf)
ssdeep = Hash()
ssdeep.update(buf)
self.add_result_subsection(
"Hashes",
{
"md5": md5.hexdigest(),
"sha1": sha1.hexdigest(),
"sha256": sha256.hexdigest(),
"ssdeep": ssdeep.digest(),
},
)
self.add_result_subsection("Exif Info", self.exif(path))
# Get libmagic info
magicliteral = magic.Magic(mime_encoding=True).from_file(path)
mimetype = magic.Magic(mime=True, mime_encoding=True).from_file(path)
# filetype = pyexifinfo.fileType(path)
self.add_result_subsection(
"File information",
{
"Magic literal": magicliteral,
"MimeType": mimetype,
"Filetype": pyexifinfo.fileType(path),
"Filesize": os.path.getsize(path),
},
)
return self.results, None
def run(self):
results = {}
results["magic"] = magic.from_file(self.filepath)
results["mimetype"] = magic.from_file(self.filepath, mime=True)
results["filetype"] = pyexifinfo.fileType(self.filepath)
exif_report = pyexifinfo.get_json(self.filepath)
if exif_report:
exif_report_cleaned = {
key: value
for key, value in exif_report[0].items()
if not (key.startswith("File") or key.startswith("SourceFile"))
}
results["exiftool"] = exif_report_cleaned
binary = get_binary(self.job_id)
results["md5"] = hashlib.md5(binary).hexdigest()
results["sha1"] = hashlib.sha1(binary).hexdigest()
results["sha256"] = hashlib.sha256(binary).hexdigest()
results["ssdeep"] = pydeep.hash_file(self.filepath).decode()
return results
def analyze_file(self, path):
# Hash the file
with io.open(path, 'rb') as fh:
buf = fh.read()
md5 = hashlib.md5()
md5.update(buf)
sha1 = hashlib.sha1()
sha1.update(buf)
sha256 = hashlib.sha256()
sha256.update(buf)
ssdeep = Hash()
ssdeep.update(buf)
self.add_result_subsection(
'Hashes', {
'md5': md5.hexdigest(),
'sha1': sha1.hexdigest(),
'sha256': sha256.hexdigest(),
'ssdeep': ssdeep.digest()
})
self.add_result_subsection('Exif Info', self.exif(path))
# Get libmagic info
magicliteral = magic.Magic(mime_encoding=True).from_file(path)
mimetype = magic.Magic(mime=True, mime_encoding=True).from_file(path)
# filetype = pyexifinfo.fileType(path)
self.add_result_subsection(
'File information', {
'Magic literal': magicliteral,
'MimeType': mimetype,
'Filetype': pyexifinfo.fileType(path),
'Filesize': os.path.getsize(path)
})
return self.results
def analyze_file(self, path):
# Hash the file
with io.open(path, 'rb') as fh:
buf = fh.read()
md5 = hashlib.md5()
md5.update(buf)
sha1 = hashlib.sha1()
sha1.update(buf)
sha256 = hashlib.sha256()
sha256.update(buf)
ssdeep = Hash()
ssdeep.update(buf)
self.add_result_subsection('Hashes', {
'md5': md5.hexdigest(),
'sha1': sha1.hexdigest(),
'sha256': sha256.hexdigest(),
'ssdeep': ssdeep.digest()
})
self.add_result_subsection('Exif Info', self.exif(path))
# Get libmagic info
magicliteral = magic.Magic().from_file(path)
mimetype = magic.Magic(mime=True).from_file(path)
# filetype = pyexifinfo.fileType(path)
self.add_result_subsection('File information', {
'Magic literal': magicliteral,
'MimeType': mimetype,
'Filetype': pyexifinfo.fileType(path),
'Filesize': os.path.getsize(path)}
)
return self.results
def test_get_fileType():
a = p.fileType(image)
assert a.lower() == 'png'
def test_get_fileType():
a = p.fileType(image)
assert a.lower() == 'png'
def filetype(self):
return pyexifinfo.fileType(self.path)
def test_get_fileType():
loop = asyncio.get_event_loop()
a = loop.run_until_complete(p.fileType(image))
assert a.lower() == 'png'
def get_file_extension(self, filename):
return pyexifinfo.fileType(filename).lower()