def __init__(self): Analyzer.__init__(self) self.filepath = self.get_param('file', None, 'File parameter is missing.') self.filename = self.get_param('filename', None, 'Filename is missing.') self.filetype = pyexifinfo.fileType(self.filepath) self.mimetype = magic.Magic(mime=True).from_file(self.filepath) # Check if manalyze submodule is enabled if self.get_param('config.manalyze_enable', False, 'Parameter manalyze_enable not given.' 'Please enable or disable manalyze submodule explicitly.'): binary_path = self.get_param('config.manalyze_binary_path', '/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze') if self.get_param('config.manalyze_enable_docker', False): available_submodules.append( ManalyzeSubmodule( use_docker=True ) ) elif self.get_param('config.manalyze_enable_binary', False) \ and os.path.isfile(binary_path): available_submodules.append( ManalyzeSubmodule( use_binary=True, binary_path=binary_path ) ) else: self.error('Manalyze submodule is enabled, but either there is no method allowed (docker or binary)' 'or the path to binary is not correct.')
def __init__(self): Analyzer.__init__(self) self.filepath = self.get_param('file', None, 'File parameter is missing.') self.filename = self.get_param('filename', None, 'Filename is missing.') self.filetype = pyexifinfo.fileType(self.filepath) self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
def get_date_from_exif(self, fn): self.counter['FILE_TYPE_' + pyexifinfo.fileType(fn)] += 1 d = pyexifinfo.get_json(fn)[0] # 'EXIF:DateTimeOriginal': '2016:09:06 19:34:07' # 'QuickTime:CreateDate': '2016:09:05 13:11:08' if 'EXIF:DateTimeOriginal' in d: return d['EXIF:DateTimeOriginal'] if 'QuickTime:CreateDate' in d: return d['QuickTime:CreateDate']
def run(analyzer_name, job_id, filepath, filename, md5, additional_config_params): logger.info("started analyzer {} job_id {}" "".format(analyzer_name, job_id)) report = general.get_basic_report_template(analyzer_name) try: results = {} results["magic"] = magic.from_file(filepath) results["mimetype"] = magic.from_file(filepath, mime=True) results["filetype"] = pyexifinfo.fileType(filepath) exif_report = pyexifinfo.get_json(filepath) if exif_report: exif_report_cleaned = { key: value for key, value in exif_report[0].items() if not (key.startswith("File") or key.startswith("SourceFile")) } results["exiftool"] = exif_report_cleaned binary = general.get_binary(job_id) results["md5"] = hashlib.md5(binary).hexdigest() results["sha1"] = hashlib.sha1(binary).hexdigest() results["sha256"] = hashlib.sha256(binary).hexdigest() results["ssdeep"] = pydeep.hash_file(filepath).decode() report["report"] = results except AnalyzerRunException as e: error_message = ( "job_id:{} analyzer:{} md5:{} filename: {} Analyzer Error {}" "".format(job_id, analyzer_name, md5, filename, e)) logger.error(error_message) report["errors"].append(error_message) report["success"] = False except Exception as e: traceback.print_exc() error_message = ( "job_id:{} analyzer:{} md5:{} filename: {} Unexpected Error {}" "".format(job_id, analyzer_name, md5, filename, e)) logger.exception(error_message) report["errors"].append(str(e)) report["success"] = False else: report["success"] = True general.set_report_and_cleanup(job_id, report) logger.info("ended analyzer {} job_id {}" "".format(analyzer_name, job_id)) return report
def __init__(self): Analyzer.__init__(self) self.filepath = self.get_param("file", None, "File parameter is missing.") self.filename = self.get_param("filename", None, "Filename is missing.") self.filetype = pyexifinfo.fileType(self.filepath) self.mimetype = magic.Magic(mime=True).from_file(self.filepath) self.auto_extract_artifacts = self.get_param("auto_extract_artifacts", None) self.observables = [] # Check if manalyze submodule is enabled if self.get_param( "config.manalyze_enable", False, "Parameter manalyze_enable not given." "Please enable or disable manalyze submodule explicitly.", ): binary_path = self.get_param( "config.manalyze_binary_path", "/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze", ) if self.get_param("config.manalyze_enable_docker", False): available_submodules.append(ManalyzeSubmodule(use_docker=True)) elif self.get_param( "config.manalyze_enable_binary", False ) and os.path.isfile(binary_path): available_submodules.append( ManalyzeSubmodule(use_binary=True, binary_path=binary_path) ) else: self.error( "Manalyze submodule is enabled, but either there is no method allowed (docker or binary)" "or the path to binary is not correct." ) # Check if floss submodule is enabled if self.get_param("config.floss_enable", False): binary_path = self.get_param( "config.floss_binary_path", False, "Floss binary path not given." ) available_submodules.append( FlossSubmodule( binary_path=binary_path, string_length=self.get_param( "config.floss_minimal_string_length", 4 ), ) )
def analyze_file(self, path): # Hash the file with io.open(path, "rb") as fh: buf = fh.read() md5 = hashlib.md5() md5.update(buf) sha1 = hashlib.sha1() sha1.update(buf) sha256 = hashlib.sha256() sha256.update(buf) ssdeep = Hash() ssdeep.update(buf) self.add_result_subsection( "Hashes", { "md5": md5.hexdigest(), "sha1": sha1.hexdigest(), "sha256": sha256.hexdigest(), "ssdeep": ssdeep.digest(), }, ) self.add_result_subsection("Exif Info", self.exif(path)) # Get libmagic info magicliteral = magic.Magic(mime_encoding=True).from_file(path) mimetype = magic.Magic(mime=True, mime_encoding=True).from_file(path) # filetype = pyexifinfo.fileType(path) self.add_result_subsection( "File information", { "Magic literal": magicliteral, "MimeType": mimetype, "Filetype": pyexifinfo.fileType(path), "Filesize": os.path.getsize(path), }, ) return self.results, None
def run(self): results = {} results["magic"] = magic.from_file(self.filepath) results["mimetype"] = magic.from_file(self.filepath, mime=True) results["filetype"] = pyexifinfo.fileType(self.filepath) exif_report = pyexifinfo.get_json(self.filepath) if exif_report: exif_report_cleaned = { key: value for key, value in exif_report[0].items() if not (key.startswith("File") or key.startswith("SourceFile")) } results["exiftool"] = exif_report_cleaned binary = get_binary(self.job_id) results["md5"] = hashlib.md5(binary).hexdigest() results["sha1"] = hashlib.sha1(binary).hexdigest() results["sha256"] = hashlib.sha256(binary).hexdigest() results["ssdeep"] = pydeep.hash_file(self.filepath).decode() return results
def analyze_file(self, path): # Hash the file with io.open(path, 'rb') as fh: buf = fh.read() md5 = hashlib.md5() md5.update(buf) sha1 = hashlib.sha1() sha1.update(buf) sha256 = hashlib.sha256() sha256.update(buf) ssdeep = Hash() ssdeep.update(buf) self.add_result_subsection( 'Hashes', { 'md5': md5.hexdigest(), 'sha1': sha1.hexdigest(), 'sha256': sha256.hexdigest(), 'ssdeep': ssdeep.digest() }) self.add_result_subsection('Exif Info', self.exif(path)) # Get libmagic info magicliteral = magic.Magic(mime_encoding=True).from_file(path) mimetype = magic.Magic(mime=True, mime_encoding=True).from_file(path) # filetype = pyexifinfo.fileType(path) self.add_result_subsection( 'File information', { 'Magic literal': magicliteral, 'MimeType': mimetype, 'Filetype': pyexifinfo.fileType(path), 'Filesize': os.path.getsize(path) }) return self.results
def analyze_file(self, path): # Hash the file with io.open(path, 'rb') as fh: buf = fh.read() md5 = hashlib.md5() md5.update(buf) sha1 = hashlib.sha1() sha1.update(buf) sha256 = hashlib.sha256() sha256.update(buf) ssdeep = Hash() ssdeep.update(buf) self.add_result_subsection('Hashes', { 'md5': md5.hexdigest(), 'sha1': sha1.hexdigest(), 'sha256': sha256.hexdigest(), 'ssdeep': ssdeep.digest() }) self.add_result_subsection('Exif Info', self.exif(path)) # Get libmagic info magicliteral = magic.Magic().from_file(path) mimetype = magic.Magic(mime=True).from_file(path) # filetype = pyexifinfo.fileType(path) self.add_result_subsection('File information', { 'Magic literal': magicliteral, 'MimeType': mimetype, 'Filetype': pyexifinfo.fileType(path), 'Filesize': os.path.getsize(path)} ) return self.results
def test_get_fileType(): a = p.fileType(image) assert a.lower() == 'png'
def filetype(self): return pyexifinfo.fileType(self.path)
def test_get_fileType(): loop = asyncio.get_event_loop() a = loop.run_until_complete(p.fileType(image)) assert a.lower() == 'png'
def get_file_extension(self, filename): return pyexifinfo.fileType(filename).lower()