def run(self): db = Database() # https://github.com/williballenthin/python-registry file_id = self.request.POST['file_id'] pst_file = db.get_filebyid(file_id) if not pst_file: raise IOError("File not found in DB") try: self.pst = pypff.file() self.pst.open_file_object(pst_file) except Exception as e: raise base_path = u"" root_node = self.pst.get_root_folder() self.email_dict = {} self.recursive_walk_folders(root_node, base_path) # Store in DB Now store_data = {'file_id': file_id, 'pst': self.email_dict} db.create_datastore(store_data) self.render_type = 'file' self.render_data = {'PSTViewer': {'email_dict': self.email_dict, 'file_id': file_id}}
def run(self): db = Database() file_id = rule_file = False if 'file_id' in self.request.POST: file_id = self.request.POST['file_id'] if 'rule_file' in self.request.POST: rule_file = self.request.POST['rule_file'] if rule_file and file_id and YARA: file_object = db.get_filebyid(file_id) file_data = file_object.read() rule_file = os.path.join('yararules', rule_file) if os.path.exists(rule_file): rules = yara.compile(rule_file) matches = rules.match(data=file_data) results = {'rows': [], 'columns': ['Rule', 'Offset', 'Data']} for match in matches: for item in match.strings: results['rows'].append([match.rule, item[0], string_clean_hex(item[2])]) else: raise IOError("Unable to locate rule file: {0}".format(rule_file)) if len(results['rows']) > 0: # Store the results in datastore store_data = {'file_id': file_id, 'yara': results} db.create_datastore(store_data) else: results = 'NoMatch' self.render_type = 'file' self.render_data = {'YaraScanner': {'yara_list': sorted(os.listdir('yararules')), 'yara_results': results}}
def run(self): db = Database() # https://github.com/williballenthin/python-registry file_id = self.request.POST['file_id'] pst_file = db.get_filebyid(file_id) if not pst_file: raise IOError("File not found in DB") try: self.pst = pypff.file() self.pst.open_file_object(pst_file) except Exception as e: raise base_path = u"" root_node = self.pst.get_root_folder() self.email_dict = {} self.recursive_walk_folders(root_node, base_path) # Store in DB Now store_data = {'file_id': file_id, 'pst': self.email_dict} db.create_datastore(store_data) self.render_type = 'file' self.render_data = { 'PSTViewer': { 'email_dict': self.email_dict, 'file_id': file_id } }
def run(self): db = Database() #self.render_javascript = "function test(){ alert(1); }; test();" self.render_javascript = "" if not self.config['virustotal']['api_key'] or not VT_LIB: self.render_type = 'error' self.render_data = "Unable to use Virus Total. No Key or Library Missing. Check the Console for details" if 'file_id' in self.request.POST: # Get file object from DB file_id = self.request.POST['file_id'] file_object = db.get_filebyid(file_id) sha256 = file_object.sha256 # Init the API with key from config vt = PublicApi(self.config.api_key) # If we upload if 'upload' in self.request.POST: response = vt.scan_file(file_object.read(), filename=file_object.filename, from_disk=False) if response['results'][ 'response_code'] == 1 and 'Scan request successfully queued' in response[ 'results']['verbose_msg']: print "File Uploaded and pending" state = 'pending' else: print response state = 'error' vt_results = None # Else just get the results else: # get results from VT response = vt.get_file_report(sha256) vt_results = {} # Valid response if response['response_code'] == 200: print "Valid Response from server" # Not present in data set prompt to uploads if response['results']['response_code'] == 0: state = 'missing' # Still Pending elif response['results']['response_code'] == -2: # Still Pending state = 'pending' # Results availiable elif response['results']['response_code'] == 1: vt_results['permalink'] = response['results']['permalink'] vt_results['total'] = response['results']['total'] vt_results['positives'] = response['results']['positives'] vt_results['scandate'] = response['results']['scan_date'] vt_results['scans'] = response['results']['scans'] # Store the results in datastore state = 'complete' store_data = {'file_id': file_id, 'vt': vt_results, 'state': state} db.create_datastore(store_data) self.render_type = 'file' self.render_data = { 'VirusTotalSearch': { 'state': state, 'vt_results': vt_results, 'file_id': file_id } }
def run(self): db = Database() if 'file_id' in self.request.POST: # Get file object from DB file_id = self.request.POST['file_id'] file_object = db.get_filebyid(file_id) sha256 = file_object.sha256 print self.config['virustotal']['api_key'], type(self.config['virustotal']['api_key']) if self.config['virustotal']['api_key'] == 'None': state = 'error' vt_results = 'No API Key set in volutility.conf' else: # Init the API with key from config vt = PublicApi(self.config['virustotal']['api_key']) # If we upload if 'upload' in self.request.POST: response = vt.scan_file(file_object.read(), filename=file_object.filename, from_disk=False) if response['results']['response_code'] == 1 and 'Scan request successfully queued' in response['results']['verbose_msg']: print "File Uploaded and pending" state = 'pending' else: print response state = 'error' vt_results = None # Else just get the results else: # get results from VT response = vt.get_file_report(sha256) vt_results = {} # Valid response if response['response_code'] == 200: print "Valid Response from server" # Not present in data set prompt to uploads if response['results']['response_code'] == 0: state = 'missing' # Still Pending elif response['results']['response_code'] == -2: # Still Pending state = 'pending' # Results availiable elif response['results']['response_code'] == 1: vt_results['permalink'] = response['results']['permalink'] vt_results['total'] = response['results']['total'] vt_results['positives'] = response['results']['positives'] vt_results['scandate'] = response['results']['scan_date'] vt_results['scans'] = response['results']['scans'] # Store the results in datastore state = 'complete' store_data = {'file_id': file_id, 'vt': vt_results} db.create_datastore(store_data) self.render_type = 'file' self.render_data = {'VirusTotalSearch': {'state': state, 'vt_results': vt_results, 'file_id': file_id}}