def run(self):
db = Database()
# https://github.com/williballenthin/python-registry
file_id = self.request.POST['file_id']
pst_file = db.get_filebyid(file_id)
if not pst_file:
raise IOError("File not found in DB")
try:
self.pst = pypff.file()
self.pst.open_file_object(pst_file)
except Exception as e:
raise
base_path = u""
root_node = self.pst.get_root_folder()
self.email_dict = {}
self.recursive_walk_folders(root_node, base_path)
# Store in DB Now
store_data = {'file_id': file_id, 'pst': self.email_dict}
db.create_datastore(store_data)
self.render_type = 'file'
self.render_data = {'PSTViewer': {'email_dict': self.email_dict, 'file_id': file_id}}
def run(self):
db = Database()
file_id = rule_file = False
if 'file_id' in self.request.POST:
file_id = self.request.POST['file_id']
if 'rule_file' in self.request.POST:
rule_file = self.request.POST['rule_file']
if rule_file and file_id and YARA:
file_object = db.get_filebyid(file_id)
file_data = file_object.read()
rule_file = os.path.join('yararules', rule_file)
if os.path.exists(rule_file):
rules = yara.compile(rule_file)
matches = rules.match(data=file_data)
results = {'rows': [], 'columns': ['Rule', 'Offset', 'Data']}
for match in matches:
for item in match.strings:
results['rows'].append([match.rule, item[0], string_clean_hex(item[2])])
else:
raise IOError("Unable to locate rule file: {0}".format(rule_file))
if len(results['rows']) > 0:
# Store the results in datastore
store_data = {'file_id': file_id, 'yara': results}
db.create_datastore(store_data)
else:
results = 'NoMatch'
self.render_type = 'file'
self.render_data = {'YaraScanner': {'yara_list': sorted(os.listdir('yararules')), 'yara_results': results}}
def run(self):
db = Database()
# https://github.com/williballenthin/python-registry
file_id = self.request.POST['file_id']
pst_file = db.get_filebyid(file_id)
if not pst_file:
raise IOError("File not found in DB")
try:
self.pst = pypff.file()
self.pst.open_file_object(pst_file)
except Exception as e:
raise
base_path = u""
root_node = self.pst.get_root_folder()
self.email_dict = {}
self.recursive_walk_folders(root_node, base_path)
# Store in DB Now
store_data = {'file_id': file_id, 'pst': self.email_dict}
db.create_datastore(store_data)
self.render_type = 'file'
self.render_data = {
'PSTViewer': {
'email_dict': self.email_dict,
'file_id': file_id
}
}
def run(self):
db = Database()
#self.render_javascript = "function test(){ alert(1); }; test();"
self.render_javascript = ""
if not self.config['virustotal']['api_key'] or not VT_LIB:
self.render_type = 'error'
self.render_data = "Unable to use Virus Total. No Key or Library Missing. Check the Console for details"
if 'file_id' in self.request.POST:
# Get file object from DB
file_id = self.request.POST['file_id']
file_object = db.get_filebyid(file_id)
sha256 = file_object.sha256
# Init the API with key from config
vt = PublicApi(self.config.api_key)
# If we upload
if 'upload' in self.request.POST:
response = vt.scan_file(file_object.read(),
filename=file_object.filename,
from_disk=False)
if response['results'][
'response_code'] == 1 and 'Scan request successfully queued' in response[
'results']['verbose_msg']:
print "File Uploaded and pending"
state = 'pending'
else:
print response
state = 'error'
vt_results = None
# Else just get the results
else:
# get results from VT
response = vt.get_file_report(sha256)
vt_results = {}
# Valid response
if response['response_code'] == 200:
print "Valid Response from server"
# Not present in data set prompt to uploads
if response['results']['response_code'] == 0:
state = 'missing'
# Still Pending
elif response['results']['response_code'] == -2:
# Still Pending
state = 'pending'
# Results availiable
elif response['results']['response_code'] == 1:
vt_results['permalink'] = response['results']['permalink']
vt_results['total'] = response['results']['total']
vt_results['positives'] = response['results']['positives']
vt_results['scandate'] = response['results']['scan_date']
vt_results['scans'] = response['results']['scans']
# Store the results in datastore
state = 'complete'
store_data = {'file_id': file_id, 'vt': vt_results, 'state': state}
db.create_datastore(store_data)
self.render_type = 'file'
self.render_data = {
'VirusTotalSearch': {
'state': state,
'vt_results': vt_results,
'file_id': file_id
}
}
def run(self):
db = Database()
if 'file_id' in self.request.POST:
# Get file object from DB
file_id = self.request.POST['file_id']
file_object = db.get_filebyid(file_id)
sha256 = file_object.sha256
print self.config['virustotal']['api_key'], type(self.config['virustotal']['api_key'])
if self.config['virustotal']['api_key'] == 'None':
state = 'error'
vt_results = 'No API Key set in volutility.conf'
else:
# Init the API with key from config
vt = PublicApi(self.config['virustotal']['api_key'])
# If we upload
if 'upload' in self.request.POST:
response = vt.scan_file(file_object.read(), filename=file_object.filename, from_disk=False)
if response['results']['response_code'] == 1 and 'Scan request successfully queued' in response['results']['verbose_msg']:
print "File Uploaded and pending"
state = 'pending'
else:
print response
state = 'error'
vt_results = None
# Else just get the results
else:
# get results from VT
response = vt.get_file_report(sha256)
vt_results = {}
# Valid response
if response['response_code'] == 200:
print "Valid Response from server"
# Not present in data set prompt to uploads
if response['results']['response_code'] == 0:
state = 'missing'
# Still Pending
elif response['results']['response_code'] == -2:
# Still Pending
state = 'pending'
# Results availiable
elif response['results']['response_code'] == 1:
vt_results['permalink'] = response['results']['permalink']
vt_results['total'] = response['results']['total']
vt_results['positives'] = response['results']['positives']
vt_results['scandate'] = response['results']['scan_date']
vt_results['scans'] = response['results']['scans']
# Store the results in datastore
state = 'complete'
store_data = {'file_id': file_id, 'vt': vt_results}
db.create_datastore(store_data)
self.render_type = 'file'
self.render_data = {'VirusTotalSearch': {'state': state, 'vt_results': vt_results, 'file_id': file_id}}
