data = dict(sha256=sha256, tags=tags) h = httplib2.Http(".cache", disable_ssl_certificate_validation=True) response, content = h.request(CODE_DB_URL_TAG % (config.get("host"), config.get("port")), "POST", body=urlencode(data), headers=headers) if not "'status': '200'" in str(response) : log.error("%s --> %s = %s" % (sha256, tags, str(content))) data = json.loads(content) log.info("%s --> %s = %s" % (sha256, tags, data.get("Status"))) if __name__ == '__main__': # Datenbank database = Database() # VxCage-Handler vxCage = VxCageHandler() vxcageEnabled = cfgReporting.getOption("vxcage", "enabled") parser = argparse.ArgumentParser(description='Ragpicker Manager') subparsers = parser.add_subparsers(title='subcommands', description='valid subcommands', help='additional help') parser_stop = subparsers.add_parser('stop', help='Stops a running Ragpicker instance') parser_stop.set_defaults(which='stop') parser_export = subparsers.add_parser('export', help='Export Ragpicker-Data') parser_export.set_defaults(which='export') parser_export.add_argument('-d','--dirname', required=True, help='Export-Directory') parser_export.add_argument('-f','--sha256_file', required=True, help='SHA256-File') parser_export.add_argument('--json', default=False, help='File in json-format? Default=False') parser_vxcage = subparsers.add_parser('vxcage', help='Exports only the malware files from the VxCage') parser_vxcage.set_defaults(which='vxcage') parser_vxcage.add_argument('-d','--dirname', required=True, help='Export-Directory') parser_vxcage.add_argument('-f','--sha256_file', required=True, help='SHA256-File')
def run(self, results, objfile): self.key = "VxCage" vxcage = VxCageHandler() if objfile.file.is_permittedType(): # Save file if vxcage.isFileInCage(md5 = objfile.file.get_fileMd5()) == False: fileName = objfile.file.get_fileMd5() + '.' + objfile.file.file_extension() vxcage.upload(objfile.file.temp_file, fileName, self._getTags(results, objfile.file)) # Save unpacked file if objfile.unpacked_file and \ vxcage.isFileInCage(md5 = objfile.unpacked_file.get_fileMd5()) == False: fileName = objfile.unpacked_file.get_fileMd5() + '.' + objfile.unpacked_file.file_extension() vxcage.upload(objfile.unpacked_file.temp_file, fileName, self._getTags(results, objfile.unpacked_file)) # Save included files if len(objfile.included_files) > 0: for incl_file in objfile.included_files: if vxcage.isFileInCage(md5 = incl_file.get_fileMd5()) == False: fileName = incl_file.get_fileMd5() + '.' + incl_file.file_extension() vxcage.upload(incl_file.temp_file, fileName, self._getTags(results, incl_file))
if isJson: data = json.load(file) for sha256 in data.itervalues(): yield sha256.rstrip() else: for sha256 in file: yield sha256.rstrip() file.close() if __name__ == '__main__': # Datenbank database = Database() # VxCage-Handler vxCage = VxCageHandler() vxcageEnabled = cfgReporting.getOption("vxcage", "enabled") parser = argparse.ArgumentParser(description='Ragpicker Manager') subparsers = parser.add_subparsers(title='subcommands', description='valid subcommands', help='additional help') parser_stop = subparsers.add_parser('stop', help='Stops a running Ragpicker instance') parser_stop.set_defaults(which='stop') parser_export = subparsers.add_parser('export', help='Export Ragpicker-Data') parser_export.set_defaults(which='export') parser_export.add_argument('-d','--dirname', required=True, help='Export-Directory') parser_export.add_argument('-f','--sha256_file', required=True, help='SHA256-File') parser_export.add_argument('--json', default=False, help='File in json-format? Default=False') parser_vxcage = subparsers.add_parser('vxcage', help='Exports only the malware files from the VxCage') parser_vxcage.set_defaults(which='vxcage') parser_vxcage.add_argument('-d','--dirname', required=True, help='Export-Directory') parser_vxcage.add_argument('-f','--sha256_file', required=True, help='SHA256-File')