def returnsubsections(flag,section,initiative=True,subsections=None): if flag and initiative: subsections += list(ConfigurationManager.readCuckooResultsConfig(variable='subsections',section=section).split(',')) for subsection in subsections: subsections+=returnsubsections(flag=literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section='subsection_'+subsection)), section='subsection_'+subsection,subsections=[],initiative=False) return subsections elif flag: subsections += list(ConfigurationManager.readCuckooResultsConfig(variable='subsections',section=section).split(',')) for subsection in subsections: returnsubsections(flag=literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section='subsection_'+subsection)), section='subsection_'+subsection,subsections=[],initiative=False) return subsections else: return subsections
def __init__(self,section,filename=None,data_results=None): self.logger = Logger() self.key=ConfigurationManager.readCuckooResultsConfig(variable='key',section=section) self.encapsulation = literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section=section)) self.keys = list(ConfigurationManager.readCuckooResultsConfig(variable='keys',section=section).split(',')) #Check if there are not any keys if self.keys==['']: self.keys=None self.subsectionskeys={} if self.encapsulation: self.subsections = returnsubsections(self.encapsulation,section=section,subsections=[]) for subsection in self.subsections: self.subsectionskeys[ConfigurationManager.readCuckooResultsConfig(variable='key',section='subsection_'+subsection)] = list(ConfigurationManager.readCuckooResultsConfig(variable='keys',section='subsection_'+subsection).split(',')) results=None try: if data_results is not None: results=data_results[self.key] elif filename is not None: results = load_results(filename)[self.key] except Exception, e: self.logger.errorLogging(str(e))
import os,socket,SocketServer,sys,ssl,time from common.configmanager import ConfigurationManager from common.logger import Logger import hashlib from ast import literal_eval ANALYSIS_PATH=ConfigurationManager.readServerConfig('analysis_path') MALWARE_PATH = ConfigurationManager.readServerConfig('malware_path') IOC_SERVER_ADDR = ConfigurationManager.readServerConfig('ioc_address') IOC_SERVER_PORT = int(ConfigurationManager.readServerConfig('ioc_port')) SERVER_PORT= int(ConfigurationManager.readServerConfig('port')) SERVER_ADDRESS=ConfigurationManager.readServerConfig('address') ID = ConfigurationManager.readServerConfig('server_id') CERTIFICATES_PATH = ConfigurationManager.readServerConfig('server_certificate') ioc_server=(IOC_SERVER_ADDR,IOC_SERVER_PORT) local_server=(SERVER_ADDRESS,SERVER_PORT) malware_info=[] class IOCClient(object): def __init__(self,filename): self.id =ID self.malware = filename for cert in os.listdir(CERTIFICATES_PATH): if all(x in cert for x in ['pem', 'client']): self.server_certificate = os.path.join(CERTIFICATES_PATH,cert) if 'ca' in cert: self.cacert = os.path.join(CERTIFICATES_PATH,cert) if 'key' in cert: self.server_key =os.path.join(CERTIFICATES_PATH,cert) def send_malware(self):
__author__ = 'george' from cuckoo_results_handler import Handler from common.configmanager import ConfigurationManager from cuckoo_results_handler import Handler from cuckoo_results_handler import load_results import os import json path= ConfigurationManager.readServerConfig(variable='analysis_path') filename='cuckoo_results' filepath = os.path.join(path,filename) data = load_results(filepath) if __name__ =='__main__': import datetime print(datetime.date.today())
__author__ = 'george' import os,ssl,socket,subprocess,time,pprint,errno,commands,SocketServer,hashlib from ast import literal_eval from common.configmanager import ConfigurationManager from common.logger import Logger from ssl import SSLError CUCKOO_PATH = ConfigurationManager.readServerConfig('cuckoo_path') INETSIM_PATH = ConfigurationManager.readServerConfig('inetsim_path') MALWARE_SAMPLES_PATH = ConfigurationManager.readServerConfig('malware_samples_path') CERTIFICATES_PATH = ConfigurationManager.readServerConfig('certificates_path') SERVER_ID = ConfigurationManager.readServerConfig('server_id') INIT_SERVER_ADDRESS = ConfigurationManager.readServerConfig('init_server_address') INIT_SERVER_PORT = int(ConfigurationManager.readServerConfig('init_server_port')) SERVER_ADDRESS= ConfigurationManager.readServerConfig('address') SERVER_PORT = int(ConfigurationManager.readServerConfig('port_number')) init_server_address=(INIT_SERVER_ADDRESS,int(INIT_SERVER_PORT)) server_address = (SERVER_ADDRESS,SERVER_PORT) class RequestHandler(SocketServer.BaseRequestHandler): def set_analysis_task(self,task): path = os.path.join(CUCKOO_PATH,'utils','submit.py') taskpath = os.path.join(MALWARE_SAMPLES_PATH,task) command = "python %s %s"%(path,taskpath) com_shell ="\"%s; exec $SHELL\""%command gnome_command="gnome-terminal -x bash -c %s"%com_shell subprocess.call(gnome_command,shell=True) time.sleep(20) def deal_with_request(self,constream): print("Deal with request")
__author__ = "george" import socket, sys, ssl, fcntl, os, SocketServer from ast import literal_eval from common.configmanager import ConfigurationManager from common.logger import Logger SERVER_CERTIFICATE = ConfigurationManager.readServerConfig("server_certificate") INIT_SERVER_ADDRESS = ConfigurationManager.readServerConfig("init_address") INIT_SERVER_PORT = int(ConfigurationManager.readServerConfig("init_port")) available_servers_address = {} available_servers_environment_status = {} available_servers = [] server_address = (INIT_SERVER_ADDRESS, INIT_SERVER_PORT) class TCPHandler(SocketServer.BaseRequestHandler): def manipulate_data(self, constream, data): global console datatuple = literal_eval(data) if datatuple[0] == "identity": try: console.put(repr(constream.getpeername())) console.put("Server with %s was added" % data) self.available_servers_address_local[datatuple[1]] = eval(repr(constream.getpeername()))[0] constream.send(str((True, "Server identity stored"))) except Exception, e: console.put(str(e)) constream.send((False, "Server identity is not stored")) elif datatuple[0] == "status": if datatuple[2] in self.available_servers_address_local.keys(): if datatuple[1] == "up":
__author__ = "george" import os, json from xml.etree import ElementTree as ET from common.configmanager import ConfigurationManager SOURCE_PATH = ConfigurationManager.readxmlConfig(variable="xsd_source_path") DESTINATION_PATH = ConfigurationManager.readxmlConfig(variable="xml_created_path") SCHEMA_FILE_PATH = os.path.join(os.getcwd(), "EnumList.xsd") def extract_files(source_path): dict = {} for dirpath, dirnames, files in os.walk(source_path): if files and (all("py" not in name for name in files)): dict[dirpath] = files return dict def print_enumeration_values_from_file(file_path): tree = ET.parse(file_path) root = tree.getroot() for child in root: flag = False if "name" in child.attrib.keys() and ("Enum" in child.attrib["name"] or "List" in child.attrib["name"]): if any("restriction" in x.tag for x in child): for x in child: if "restriction" in x.tag and list(x): flag = True if flag: print(child.attrib["name"]) print("-------------------------------------------------------------")
__author__ = 'george' from common.configmanager import ConfigurationManager import json SERVER_CERTIFICATE = ConfigurationManager.readServerConfig('server_certificate') INIT_SERVER_ADDRESS = ConfigurationManager.readServerConfig('init_address') INIT_SERVER_PORT = ConfigurationManager.readServerConfig('init_address') a=["{1:'start',","2:'end'}"] pt='/home/george/PycharmProjects/thesis_public/automatic_maec_ioc/analysis_hub/cuckoo_results' fl = open(pt,'r') res = json.load(fl) print(res.keys())
__author__ = 'george' from ast import literal_eval from common.configmanager import ConfigurationManager from common.logger import Logger import json,os import errno ANALYSIS_PATH=ConfigurationManager.readServerConfig(variable='analysis_path') # Sections' names S_ANALYSISINFO='analysisinfo' S_PROCMEMORY='procmemory' S_STATIC='static' S_DROPPED = 'dropped' S_BEHAVIOR = 'behavior' S_STRINGS = 'strings' S_DEBUG = 'debug' S_MEMORY = 'memory' S_TARGETINFO = 'targetinfo' S_VIRUSTOTAL = 'virustotal' S_NETWORK = 'network' def returnsubsections(flag,section,initiative=True,subsections=None): if flag and initiative: subsections += list(ConfigurationManager.readCuckooResultsConfig(variable='subsections',section=section).split(',')) for subsection in subsections: subsections+=returnsubsections(flag=literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section='subsection_'+subsection)), section='subsection_'+subsection,subsections=[],initiative=False) return subsections elif flag: subsections += list(ConfigurationManager.readCuckooResultsConfig(variable='subsections',section=section).split(',')) for subsection in subsections: returnsubsections(flag=literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section='subsection_'+subsection)),
import json, os, errno,SocketServer from socket import * from os import listdir from os.path import isfile,join from common.logger import Logger from common.configmanager import ConfigurationManager from ast import literal_eval import ssl import hashlib #Define and initialize global variables // Global variables should be initialized from configuration file ANALYSIS_PATH = ConfigurationManager.readServerConfig(variable='analysis_path') ADDRESS = ConfigurationManager.readServerConfig(variable = 'address') ANALYSIS_REPOSITORY=ConfigurationManager.readServerConfig(variable = 'maec_analysis_repository') PORT = int(ConfigurationManager.readServerConfig(variable='port')) server_address=(ADDRESS,PORT) clients_port= int(ConfigurationManager.readServerConfig(variable='clients_port')) SERVER_CERTIFICATE=ConfigurationManager.readServerConfig(variable='server_certificate') class RequestHandler(SocketServer.BaseRequestHandler): def save_analysis_local(self,filename,analysis_results): try: xmlfilename= filename+".xml" filepath = os.path.join(ANALYSIS_REPOSITORY,xmlfilename) xmlfile =open(filepath,'w') xmlfile.write(analysis_results) xmlfile.close() except IOError, ioer : errorNum = ioer.errno errorCode = errno.errorcode[errorNum] errorString= os.strerror(errorNum)
__author__ = "george" import SocketServer, socket, ssl, hashlib, os, fcntl from ast import literal_eval from common.configmanager import ConfigurationManager from common.logger import Logger from threading import Lock import uuid SERVER_CERTIFICATE = ConfigurationManager.readServerConfig("server_certificate") SERVER_PORT = ConfigurationManager.readServerConfig("task_port") SERVER_HOST = ConfigurationManager.readServerConfig("address") server_address = (SERVER_HOST, int(SERVER_PORT)) ANALYZER_PORT = ConfigurationManager.readServerConfig("analyzer_port") class TCPHandler(SocketServer.BaseRequestHandler): def get_analyzer(self, name, client_id, time, client_ip, hashtag, taskid, length): global analyzers_pool, active_analyzers lock = Lock() analyzer = None try: lock.acquire() if analyzers_pool: analyzer = analyzers_pool.popitem() active_analyzers[analyzer[1]] = [name, client_id, time, client_ip, analyzer[0], hashtag, taskid, length] else: pass # what should be done if all analyzers have a task finally: lock.release()