def getAnonymizedIpOrDomain(value):
if validators.ipv4(value) or validators.ipv6(value):
return "<IPADDRESS:%s>" % hashlib.md5(value).hexdigest()
elif validators.domain(value):
return "<DOMAIN:%s>" % hashlib.md5(value).hexdigest()
else:
return "<NOTIPADDRESSORDOMAIN:%s>" % hashlib.md5(value).hexdigest()
def read_iocs(cb, file=sys.stdin):
iocs = defaultdict(list)
report_id = hashlib.md5()
report_id.update(str(time.time()).encode("utf-8"))
for idx, line in enumerate(sys.stdin):
line = line.rstrip("\r\n")
report_id.update(line.encode("utf-8"))
if validators.md5(line):
iocs["md5"].append(line)
elif validators.sha256(line):
eprint("line {}: sha256 provided but not yet supported by backend".format(idx + 1))
iocs["sha256"].append(line)
elif validators.ipv4(line):
iocs["ipv4"].append(line)
elif validators.ipv6(line):
iocs["ipv6"].append(line)
elif validators.domain(line):
iocs["dns"].append(line)
else:
if cb.validate_query(line):
query_ioc = {"search_query": line}
iocs["query"].append(query_ioc)
else:
eprint("line {}: invalid query".format(idx + 1))
return (report_id.hexdigest(), dict(iocs))
def is_domain(string):
# 直接利用 validators 来验证域名是否合法
indicator = validators.domain(string)
if indicator: # indicator 为 True
# print 'domain?', indicator, row[0].value
return True
else:
return False
def AgregarContactos():
nombres = {}
while (1):
nombre = input("Introduzca nombre: ")
if ' ' in nombre:
if len(nombre.split()) == 2:
nombre = nombre.title()
nombres[nombre] = {}
break
else:
print("Nombre no valido")
else:
print("Nombre no valido")
numero = {}
numero['telefono'] = []
while (2):
x = input("Introduzca numero: ")
if x.isdigit() == True:
numero['telefono'].append({x})
Otro = input("Desea ingresar otro numero? (y/n): ")
if Otro == 'n':
break
else:
print("Numero no valido")
nombres[nombre].update(numero)
email = {}
email['email'] = []
while (3):
m = input("Introduzca su email: ")
veremail = m.split('@')
if (validators.email(m) == True) and (validators.domain(
veremail[1]) == True):
email['email'].append({m})
em = input("Desea ingresar otro email? (y/n): ")
if em == 'n':
break
else:
print("Correo incorrecto ingrese uno valido.")
nombres[nombre].update(email)
empresa = input("Escriba la empresa del contacto: ")
demas = {}
company = {}
company['company'] = empresa
extra = input("Escriba algo extra que quiera agregar: ")
demas['extra'] = extra
nombres[nombre].update(company)
nombres[nombre].update(demas)
names.append(nombre)
for q in abecedario:
if q == nombre[0]:
letras[q].update(nombres)
toaster.show_toast("Contacto Guardado \U0001F601",
"Puedes verlo en 'Listar contactos'",
duration=3)
while (11):
usuario = input('Presione "enter" para salir...')
if usuario == "":
break
def is_valid(hostname):
# Test if hostname is either a valid IP address or FQDN
if (
validators.ip_address.ipv4(hostname) or
validators.domain(hostname)
):
return True
else:
return False
def test_format_of_column_Domain(all_breaches):
"""checks format of Domain column"""
errors = []
for breach in all_breaches:
if breach["Domain"] != "" and not validators.domain(breach["Domain"]):
errors.append(breach)
logging.error("column Domain in breach: " + str(breach) +
" has wrong format")
assert not errors
def setdomains(self, domains):
doms = domains.split(',')
for dom in doms:
if validators.domain(dom) is True:
self.domains.append(dom)
else:
raise Exception('{} is not a valid domain.'.format(dom))
if len(self.domains) == 0:
raise Exception('You need to provide at least one valid domain name.')
def is_valid_aens_name(domain_name):
"""
Test if the provided name is valid for the aens system
"""
if domain_name is None or not validators.domain(
domain_name.lower()) or (not domain_name.endswith(
('.chain')) and not domain_name.endswith(('.test'))):
return False
return True
def get_whois_by_domain(self, domain):
"""
:param domain: whois domain requested
return whois info of domain
"""
if not (validators.domain(domain)):
raise InvalidInputError('invalid domain')
# use manual whois module for .ir domains
try: # using old version of whois
whois = Whois(parent=self)
parser = Parser()
whois_res, dns = whois.get_whois_with_zone(domain)
except gaierror: # raise when can not access network
raise NetworkError('Unable to find the server')
has_dns = True
if not dns:
has_dns = False
if whois_res == -1:
raise IncorrectDataError('whois server not found for your domain ')
unstructured_res = parser.get_main_srtucture(whois_res,
has_dns=has_dns)
email_res = parser.get_emails(whois_res)
phone_res = parser.get_phones(whois_res)
name_res = parser.get_names(whois_res)
result_list = []
properties_list = []
special_properties_list = []
result = {'results': []}
# create structure data from result
if unstructured_res:
result_list.append(unstructured_res['results'])
special_properties_list = (unstructured_res['special_properties'])
properties_list = (unstructured_res['properties'])
# saving emails, phone, names in list of results
for email in email_res:
if email:
result_list.append(email)
for phone in phone_res:
if phone:
result_list.append(phone)
for name in name_res:
if name:
result_list.append(name)
# if our output is empty, create empty skeleton
if len(special_properties_list) == 0:
result['special_properties'] = ''
else:
result['special_properties'] = special_properties_list
if len(properties_list) == 0:
result['properties'] = ''
else:
result['properties'] = properties_list
result['results'] = result_list
return result
def clean_cdomain(self):
user_domain = self.cleaned_data['cdomain']
regexed = validators.domain(user_domain)
if not regexed:
raise forms.ValidationError('دامنه وارد شده صحیح نیست')
domain = whois(user_domain)
if domain['emails']:
raise forms.ValidationError('این نام دامنه قبلا ثبت شده است')
return user_domain
def is_proxy(proxy):
#proxies should be in format of ipaddress:port or domain:port
if proxy.split(":"):
if is_valid_ip(proxy.split(":")[0]) or validators.domain(
proxy.split(":")[0]):
if int(proxy.split(":")[1]) > 0:
if int(proxy.split(":")[1]) < 65535:
return True
return False
def rwssl_clean_domains(domains):
domainsarr = []
url = re.compile(r"https?://(www\.)?")
# Clean domains
for domain in domains:
cleaneddomain = url.sub('', domain).strip().strip('/')
if validators.domain(cleaneddomain):
domainsarr.append(cleaneddomain)
return domainsarr
def send_server_information(ip, port, spread=True):
# Validates the ip or domain (syntax only)
if validators.domain(ip) is not True:
if validators.ip_address.ipv4(ip) is not True:
if validators.ip_address.ipv6(ip) is not True:
print(
f"Failed to validate ip or domain: {ip}. Check for typing mistakes."
)
return False
# Validates port number
if validators.between(port, min=1, max=65535) is not True:
print(f"Invalid port number: {port} is not between 1 and 65535")
return False
if not registry.exists(settings.ADDRESS_ID_REGISTRY):
print(
f"Address ID was not found in the registry! (Location: {settings.ADDRESS_ID_REGISTRY})"
)
return False
if not registry.exists(settings.RSA_PRIVATE_REGISTRY):
print(
f"RSA Private Key was not found in the registry! (Location: {settings.RSA_PRIVATE_REGISTRY})"
)
return False
address_id = registry.get_value(settings.ADDRESS_ID_REGISTRY)
# Creates server message
server_update_dict = dict(
type=MessageType.SERVER_UPDATE,
signature=0,
address_id=address_id +
1, # Increases the address id, to indicate the information is new and up to date.
address_size=len(ip),
address=ip.encode("ascii"),
port=port,
spread=spread)
# Calculate signature of message
try:
server_update_message = messages.SERVER_UPDATE_MESSAGE.build(
server_update_dict)
# Update signature
server_update_dict["signature"] = messages.sign_message(
server_update_message)
server_update_message = messages.SERVER_UPDATE_MESSAGE.build(
server_update_dict)
except construct.ConstructError as e:
# Should never occur
print(f"Failed to build server update message: {e.args}")
return False
# Sends server information update (should also update local server information)
updater.send_broadcast(server_update_message)
print("Server information was sent to services!")
return True
def test_account_data(account):
assert isinstance(account, Account)
assert account.uid > 0
assert account.username != ''
assert validators.email(account.email)
username, domain = account.email.split('@')
assert account.username == username
assert validators.domain(domain)
def to_internal_value(self, data):
try:
if not validators.domain(data):
raise serializers.ValidationError("Invalid domain name.")
if not ipaddress.IPv4Address(socket.gethostbyname(data)).is_global:
raise serializers.ValidationError("Invalid domain name.")
except Exception as e:
raise serializers.ValidationError("Domain could not be resolved.")
return data
def remote(ctx_conf, delay, url_timeout, search_max, download_limit):
"""
Perform a remote search on the specified domain, grab files and perform analysis.
"""
ctx_conf.search_max = search_max
ctx_conf.download_limit = download_limit
if not validators.domain(ctx_conf.domain):
raise click.BadArgumentUsage("Not a valid domain!")
if delay <= 0:
echo_warning(
f"Delay must be greater than 0. Set to default: {DEFAULT_DELAY}")
ctx_conf.delay = DEFAULT_DELAY
if url_timeout <= 0:
echo_warning(
f"URL timeout (-i) must be greater than 0. Set to default: {DEFAULT_URL_TIMEOUT}"
)
ctx_conf.url_timeout = DEFAULT_URL_TIMEOUT
if not os.path.exists(ctx_conf.working_dir):
echo_warning(
f"The folder \"{ctx_conf.working_dir}\" doesn't exists. Will be created."
)
os.mkdir(ctx_conf.working_dir)
echo_info(f"Downloaded files will be saved here: {ctx_conf.working_dir}")
if not ctx_conf.mercurius:
ctx_conf.mercurius = Mercurius(
ctx_conf.configs,
ctx_conf.domain,
ctx_conf.file_types,
os.path.abspath(ctx_conf.working_dir),
number_of_threads=ctx_conf.number_threads,
verbose=ctx_conf.verbose,
stealth=ctx_conf.stealth,
logger=ctx_conf.logger)
else:
ctx_conf.mercurius.domain = ctx_conf.domain
ctx_conf.mercurius.file_types = ctx_conf.file_types
ctx_conf.mercurius.working_dir = os.path.abspath(ctx_conf.working_dir)
ctx_conf.mercurius.number_of_threads = ctx_conf.number_threads
ctx_conf.mercurius.verbose = ctx_conf.verbose
ctx_conf.mercurius.stealth = ctx_conf.stealth
ctx_conf.mercurius.local = False
ctx_conf.mercurius.url_timeout = ctx_conf.url_timeout
ctx_conf.mercurius.search_max = ctx_conf.search_max
ctx_conf.mercurius.download_file_limit = ctx_conf.download_file_limit
ctx_conf.mercurius.go(False,
delay=ctx_conf.delay,
url_timeout=ctx_conf.url_timeout,
search_max=ctx_conf.search_max,
download_file_limit=ctx_conf.download_limit)
def normalize_site(website):
pattern = re.compile(r'\\t')
search_obj = pattern.search(website)
if search_obj:
website = pattern.sub('', website)
website = website.lower().strip()
if website.startswith('www') or validators.domain(website):
website = 'http://' + website
return website
def validateDataverseExtraHosts(doc):
if not doc['value']:
doc['value'] = defaultDataverseExtraHosts()
if not isinstance(doc['value'], list):
raise ValidationException(
'Dataverse extra hosts setting must be a list.', 'value')
for url in doc['value']:
if not validators.domain(url):
raise ValidationException(
'Invalid domain in Dataverse extra hosts', 'value')
def _cleanList(lst):
# return a list of domain names only
valid_domains = []
for line in lst:
l = line.lstrip().rstrip()
if isinstance(l, bytes):
l = l.decode()
if validators.domain(l):
valid_domains.append(l)
return valid_domains
def validate_name(self, value):
if not python_validators.domain(value):
raise serializers.ValidationError('Domain is not valid.',
code='invalid')
if models.Domain.objects.filter(name__iexact=value).exists():
raise serializers.ValidationError('Domain already exists.',
code='exists')
return value
def validate_domain(self, value):
if not validators.domain(value):
raise serializers.ValidationError(f"Domain '{value}' is invalid.",
code='invalid')
elif os.path.exists(f"{BindPath.domain_dir()}{value}.zone"):
raise serializers.ValidationError(
f"Domain '{value}' currently exists.", code='exists')
return value
def validate_domain(self, value):
if not validators.domain(value):
raise serializers.ValidationError(f"Domain '{value}' is invalid.",
code='invalid')
elif not os.path.exists(f"{BindPath.domain_dir()}{value}.zone"):
raise serializers.ValidationError(
f"Domain '{value}' does not exist.", code='not_found')
return value
def check_if_valid_url(url_to_test):
"""Very lenient test for validity of a url using validators."""
if validators.url(url_to_test) or validators.domain(url_to_test):
print "\n\nValid url: " + str(url_to_test) + "\nStarting test"
return True
else:
print "\nError"
print "Url: " + str(url_to_test) + " ain't valid"
DICT_FOR_RESULTS[INPUT_URL]['SSL labs error'] = True
return False
def check_if_valid_url(url_to_test):
"""Very lenient test for validity of a url using validators."""
if validators.url(url_to_test) or validators.domain(url_to_test):
print "\n\nValid url: " + str(url_to_test) + "\nStarting test"
return True
else:
print "\nError"
print "Url: " + str(url_to_test) + " ain't valid"
DICT_FOR_RESULTS[INPUT_URL]['SSL labs error'] = True
return False
def validate_domain(self, value):
if not validators.domain(value):
raise serializers.ValidationError(f"Domain '{value}' is invalid.",
code='invalid')
elif not os.path.exists(f"{AwstatsPath.sites_dir()}{value}"):
raise serializers.ValidationError(
f"AWStats Domain '{value}' does not exist.", code='not_found')
return value
def prepare_domain_name_result(self, url):
"""
:param url: an url address
:return: a dictionary in format of entity_property for url entity
"""
res = dict()
properties = []
parse_object = urlparse(url)
# urlparse bug, if domain has not scheme can not parse it. add temporary scheme to domain to parse correctly
if parse_object.netloc == '':
url_edit = 'http://' + url
parse_object_edit = urlparse(url_edit)
else:
parse_object_edit = parse_object
# if parse url ( after adding shceme) has path, or the original domain has scheme, it's URL not domain name
if parse_object_edit.path != '' or parse_object.scheme != '':
return None
if not (validators.domain(url)):
return None
res["type"] = 12
if parse_object.netloc:
res["data"] = parse_object.netloc
else:
res["data"] = url
tld = ''
domain = ''
sub_domain = ''
custom_tlds = ['.com', '.ir', '.net', '.org', '.tk', '.me', '.biz']
for i in range(0, len(custom_tlds)):
if url.endswith(str((custom_tlds[i]))):
# use .intertld[i] as tld
tld = custom_tlds[i]
# last part after '.' is domain ( after removing tld)
rest = url.replace(tld, '')
domain = rest.split('.')[-1]
# rest is subdomain
sub_domain = rest.replace(domain, '')
# removing dot from sub domain
sub_domain = sub_domain[:-1]
# if tld is not exist in tld file, use the below code to find domain, tld and subdomain
if tld == '':
# use chars that exist after the last '.' as tld
tld = "." + parse_object.netloc.split(".")[-1]
# use chars that exist between two last '.' as domain
rest = parse_object.netloc.replace(tld, '')
domain = rest.split('.')[-1]
# use the rest string as sub domain
sub_domain = rest.replace(domain, '')
properties.append({'name': domain, 'type': 11})
properties.append({'subdomain': sub_domain, 'type': 11})
properties.append({'tld': tld.replace('.', ''), 'type': 11})
res["properties"] = properties
return res
def validate_domain(domain_str, domain_min_length=2):
res = get_tld(domain_str, as_object=True, fix_protocol=True, fail_silently=True)
if not res:
return False
if len(res.domain) < domain_min_length:
return False
return domain(res.fld)
def process_iocs(results):
"""Return data formatted for Splunk from Twitter."""
if results != None:
provided_iocs = [y for x in results for y in x.values()]
else:
provided_iocs = sys.argv[1:]
if len(provided_iocs) > 180:
return {
"error":
"Search term limit: 180\nTotal Search Terms Provided: {}".format(
len(provided_iocs))
}
session = create_session()
splunk_table = []
if isinstance(session, dict):
splunk_table.append(session)
return splunk_table
rate_limit = check_rate_limit(session, provided_iocs)
if isinstance(rate_limit, dict):
splunk_table.append(rate_limit)
return splunk_table
empty_files = [
"d41d8cd98f00b204e9800998ecf8427e",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
]
splunk_table = []
for provided_ioc in set(provided_iocs):
provided_ioc = provided_ioc.replace("[.]", ".")
provided_ioc = provided_ioc.replace("[d]", ".")
provided_ioc = provided_ioc.replace("[D]", ".")
if provided_ioc in empty_files:
splunk_table.append({"invalid": provided_ioc})
continue
if validators.url(provided_ioc) or validators.domain(provided_ioc) or \
validators.ipv4(provided_ioc) or validators.md5(provided_ioc) or \
validators.sha256(provided_ioc) or \
len(provided_ioc) > 2 and len(provided_ioc) <= 140:
ioc_dicts = query_twitter(session, provided_ioc)
else:
splunk_table.append({"invalid": provided_ioc})
continue
for ioc_dict in ioc_dicts:
ioc_dict = commons.lower_keys(ioc_dict)
splunk_table.append(ioc_dict)
return splunk_table
def query(target):
if validators.ipv4(target) or validators.ipv6(target):
ip_whois = IPWhois(target)
return ip_whois.lookup_rdap(asn_methods=["dns", "whois", "http"],
inc_nir=True)
elif validators.domain(target):
result = whois.whois(target)
return result
else:
logging.error(f"[whois query] not valid target: {target}")
return None
def domain(line_count, domain):
if not validators.domain(domain):
print(
f'\n-----------------------------------------------------------------------------\n'
)
print(f' Error on Row {line_count}. Domain "{domain}" is invalid.')
print(f' Please Validate the domain and retry. Exiting....')
print(
f'\n-----------------------------------------------------------------------------\n'
)
exit()
def is_valid(hostname):
"""
Provide parser validation
"""
# Test if hostname is either a valid IP address or FQDN
if (validators.ip_address.ipv4(hostname) or validators.domain(hostname)):
return True
else:
logger.error(
"{0} is not a valid FQDN or IPv4 address".format(hostname))
return False
def validate_url(url):
"""
Validates the URL
:param url:
:return:
"""
if validators.url(url):
return url
elif validators.domain(url):
return "http://{}".format(url)
return ""
def normalized_url(url):
# Returns two values: a SplitResult value (from urllib) and a Boolean
parts = urlsplit(url)
if parts.netloc:
if validators.domain(host_from_netloc(parts.netloc)):
return url
else:
return None
elif not parts.scheme and not parts.path:
return None
elif parts.path and not parts.scheme:
# Most likely case is the user typed a host or domain name only
starting_url = 'http://' + parts.path
if __debug__: log('Rewrote {} to {}'.format(url, starting_url))
parts = urlsplit(starting_url)
if parts.netloc and validators.domain(host_from_netloc(parts.netloc)):
return starting_url
else:
return None
return url
def validateParameters(parameters):
if not validators.domain(parameters.target):
print("The argument -t (target) is invalid, it must be a domain")
sys.exit()
if not os.path.exists(parameters.outputDir):
print(
"The argument -o (output dir) is invalid, it must be a valid path")
sys.exit()
if not validators.between(int(parameters.threads), min=1, max=50):
print("The argument -q (queued) is invalid, min 1, max 500")
sys.exit()
def extractor(url, levelNow):
draft_response = dict()
draft_response["submitted_URL"] = url
draft_response["depthLevel"] = levelNow
draft_response["title"] = ""
draft_response["totalURLs"] = ""
draft_response["totalDomains"] = ""
draft_response["totalIPs"] = ""
draft_response["totalEmails"] = ""
draft_response["URLs"] = []
draft_response["Domains"] = []
draft_response["IPs"] = []
draft_response["Emails"] = []
pagedata = requests.get(url)
cleanpagedata = bs4.BeautifulSoup(pagedata.text, 'html.parser')
draft_response["title"] = cleanpagedata.title.string
for url in re.findall(
"(?:(?:https?|ftp):\\/\\/)?[\\w/\\-?=%.]+\\.[\\w/\\-?=%.]+",
str(pagedata.text)):
domain = url.split("//")[-1].split("/")[0].split('?')[0]
if domain.split(
".")[-1] not in most_common_types and '-' not in domain.split(
".")[-1] and len(domain.split(".")[0]) != 1:
if validators.domain(domain):
if domain not in draft_response["Domains"]:
draft_response["Domains"].append(domain)
if validators.url(url):
if url not in draft_response["URLs"]:
draft_response["URLs"].append(url)
for ip in re.findall("([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)",
str(pagedata.text)):
if validators.ipv4(ip):
if ip not in draft_response["IPs"]:
draft_response["IPs"].append(ip)
for email in re.findall(
"([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\\.[a-zA-Z0-9_-]+)",
str(pagedata.text)):
if validators.email(email):
if email not in draft_response["Emails"]:
draft_response["Emails"].append(email)
draft_response["totalURLs"] = len(draft_response["URLs"])
draft_response["totalDomains"] = len(draft_response["Domains"])
draft_response["totalIPs"] = len(draft_response["IPs"])
draft_response["totalEmails"] = len(draft_response["Emails"])
return draft_response
def get_domain(self, var, default=NOTSET):
# type: (str, Union[str, NotSetType]) -> str
value = self.get(var, default=default)
if value == default:
return value
if not (validators.ipv4(value) or validators.ipv6(value) or validators.domain(value)):
raise VariableTypeError('Environment variable {var} with value {val} is not a valid hostname.'
.format(var=var, val=value))
return value
def is_valid_aens_name(domain_name):
"""
Test if the provided name is valid for the aens system
"""
# TODO: validate according to the spec!
# TODO: https://github.com/aeternity/protocol/blob/master/AENS.md#name
if domain_name is None or not validators.domain(
domain_name) or not domain_name.endswith(('.test')):
return False
return True
def __init__(self, value):
"""Initialize a new instance.
:param value: a string representing a hostname
:raises InvalidHostnameError: if value parameter is not
a valid domain
"""
value = str(value)
if not validators.domain(value):
msg = "'{}' is not a valid hostname".format(value)
raise_with_traceback(InvalidHostnameError(msg))
hostname = name.Name(value.split('.'))
self.value = hostname
self.relative_domain = hostname
def temp_method(string):
if string is None:
# 排除 None 的情况
# print "domain?", 'false'
return False
else:
if not DomainChecker.is_number(string):
# 不是数字 不是None
if DomainChecker.is_ip_format(string):
# 该字符串是 ip
# print 'domain?', 'ip', row[0].value
return False
else:
# 使用 validator 进一步确认域名
flag = validators.domain(string)
if flag: # flag 为 True
# print 'domain?', flag, row[0].value
return True
else:
return False
else:
# 数字(端口号)排除
# print 'domain?', 'number'
return False
def test_returns_failed_validation_on_invalid_domain(value):
assert isinstance(domain(value), ValidationFailure)
def test_returns_true_on_valid_domain(value):
assert domain(value)
def process(self):
ret={}
data=""
pelib=self._getLibrary(PEFileModule().getName())
if(pelib==None):data=self.sample.getBinary()
else:
for section in pelib.sections:
data=data+section.get_data()
regexp='[A-Za-z0-9/\-:.,_$&@=?%()[\]<> ]{4,}'
strings=re.findall(regexp,data)
aux={}
for s in strings:
aux[repr(s).lower()]=True
unique_strings=[]
for k in aux:
unique_strings.append(k)
mdc=self._getLibrary(MetaDataModule().getName())
if(mdc==None):return ret
searchUsed={}
imports=self.sample.getLastValue("particular_header.imports")
if(imports!=None ):
for i in imports:
searchUsed[i["lib"]]=True
for f in i["functions"]:
searchUsed[f]=True
exports=self.sample.getLastValue("particular_header.exports.symbols")
if(exports!=None ):
#print("No exports")
for i in exports:
searchUsed[i["name"]]=True
if(hasattr(i,"forwarder_dll") and hasattr(i,"forwarder_function")):
searchUsed[i["forwarder_dll"]]=True
searchUsed[i["forwarder_function"]]=True
version_p=self.sample.getLastValue("particular_header.version.string_file_info")
if(version_p!=None ):
for k in version_p.keys():
searchUsed["'"+str(version_p[k])+"'"]=True
raw=[]
hidden=[]
email=[]
url=[]
ip_l=[]
dll=[]
domain=[]
interesting=[]
registry=[]
for s in unique_strings:
#viendo si declara el import o no
#print(s)
#print(searchUsed.get(repr(s).lower()))
#raw_input()
if(searchUsed.get(s)==True): continue
raw.append(s)
#buscando si es un import o no
r=mdc.searchImportByName(s)
if(r!=None):
hidden.append(s)
continue
evaluado=eval(s)
#buscando dll
r=mdc.searchDllByName(s)
if(r!=None):
dll.append(s)
continue
#buscando cosas nombres de archivos
types=["exe","dll","bat","sys","htm","html","js","jar","jpg",
"png","vb","scr","pif","chm","zip","rar","cab","pdf",
"doc","docx","ppt","pptx","xls","xlsx","swf","gif","pdb","cpp"]
salir=False
for pat in types:
if(s.find("."+pat)!=-1):
interesting.append(s)
salir=True
break
if salir: continue
#buscando email
if(validators.email(evaluado)):
email.append(s)
continue
#buscando url
if(validators.url(evaluado)):
url.append(s)
continue
#buscando ip
if(validators.ipv4(evaluado)): #or validators.ipv6(evaluado)):
ip_l.append(s)
continue
#buscando registry
if(s.find("HKLM\\")!=-1 or s.find("HKCU\\")!=-1 ):
registry.append(s)
continue
#buscando dominios
if(validators.domain(evaluado)):
domain.append(s)
continue
ret["raw_strings"]=sorted(raw)
if(len(hidden)>0):ret["hidden_imports"]=sorted(hidden)
if(len(email)>0):ret["emails"]=sorted(email)
if(len(url)>0):ret["urls"]=sorted(url)
if(len(ip_l)>0):ret["ips"]=sorted(ip_l)
if(len(dll)>0):ret["hidden_dll"]=sorted(dll)
if(len(domain)>0):ret["domains"]=sorted(domain)
if(len(interesting)>0):ret["interesting"]=sorted(interesting)
if(len(registry)>0):ret["registry"]=sorted(registry)
return ret
def check_domain(value):
domain_checked = validators.domain(value)
if not domain_checked:
raise argparse.ArgumentTypeError('Invalid {} domain.'.format(value))
return value