Esempio n. 1
0
    def __init__(self):
        Analyzer.__init__(self)
        self.filepath = self.get_param('file', None, 'File parameter is missing.')
        self.filename = self.get_param('filename', None, 'Filename is missing.')
        self.filetype = pyexifinfo.fileType(self.filepath)
        self.mimetype = magic.Magic(mime=True).from_file(self.filepath)

        # Check if manalyze submodule is enabled
        if self.get_param('config.manalyze_enable', False, 'Parameter manalyze_enable not given.'
                                                           'Please enable or disable manalyze submodule explicitly.'):
            binary_path = self.get_param('config.manalyze_binary_path',
                                         '/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze')
            if self.get_param('config.manalyze_enable_docker', False):
                available_submodules.append(
                    ManalyzeSubmodule(
                        use_docker=True
                    )
                )
            elif self.get_param('config.manalyze_enable_binary', False) \
                    and os.path.isfile(binary_path):
                available_submodules.append(
                    ManalyzeSubmodule(
                        use_binary=True,
                        binary_path=binary_path
                    )
                )
            else:
                self.error('Manalyze submodule is enabled, but either there is no method allowed (docker or binary)'
                           'or the path to binary is not correct.')
    def __init__(self):
        Analyzer.__init__(self)
        self.filepath = self.get_param('file', None, 'File parameter is missing.')
        self.filename = self.get_param('filename', None, 'Filename is missing.')
        self.filetype = pyexifinfo.fileType(self.filepath)
        self.mimetype = magic.Magic(mime=True).from_file(self.filepath)

        # Check if manalyze submodule is enabled
        if self.get_param('config.manalyze_enable', False, 'Parameter manalyze_enable not given.'
                                                           'Please enable or disable manalyze submodule explicitly.'):
            binary_path = self.get_param('config.manalyze_binary_path',
                                         '/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze')
            if self.get_param('config.manalyze_enable_docker', False):
                available_submodules.append(
                    ManalyzeSubmodule(
                        use_docker=True
                    )
                )
            elif self.get_param('config.manalyze_enable_binary', False) \
                    and os.path.isfile(binary_path):
                available_submodules.append(
                    ManalyzeSubmodule(
                        use_binary=True,
                        binary_path=binary_path
                    )
                )
            else:
                self.error('Manalyze submodule is enabled, but either there is no method allowed (docker or binary)'
                           'or the path to binary is not correct.')
 def __init__(self):
     Analyzer.__init__(self)
     self.filepath = self.get_param('file', None,
                                    'File parameter is missing.')
     self.filename = self.get_param('filename', None,
                                    'Filename is missing.')
     self.filetype = pyexifinfo.fileType(self.filepath)
     self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
Esempio n. 4
0
 def get_date_from_exif(self, fn):
     self.counter['FILE_TYPE_' + pyexifinfo.fileType(fn)] += 1
     d = pyexifinfo.get_json(fn)[0]
     # 'EXIF:DateTimeOriginal': '2016:09:06 19:34:07'
     # 'QuickTime:CreateDate': '2016:09:05 13:11:08'
     if 'EXIF:DateTimeOriginal' in d:
         return d['EXIF:DateTimeOriginal']
     if 'QuickTime:CreateDate' in d:
         return d['QuickTime:CreateDate']
Esempio n. 5
0
def run(analyzer_name, job_id, filepath, filename, md5,
        additional_config_params):
    logger.info("started analyzer {} job_id {}"
                "".format(analyzer_name, job_id))
    report = general.get_basic_report_template(analyzer_name)
    try:
        results = {}
        results["magic"] = magic.from_file(filepath)
        results["mimetype"] = magic.from_file(filepath, mime=True)
        results["filetype"] = pyexifinfo.fileType(filepath)

        exif_report = pyexifinfo.get_json(filepath)
        if exif_report:
            exif_report_cleaned = {
                key: value
                for key, value in exif_report[0].items()
                if not (key.startswith("File") or key.startswith("SourceFile"))
            }
            results["exiftool"] = exif_report_cleaned

        binary = general.get_binary(job_id)
        results["md5"] = hashlib.md5(binary).hexdigest()
        results["sha1"] = hashlib.sha1(binary).hexdigest()
        results["sha256"] = hashlib.sha256(binary).hexdigest()
        results["ssdeep"] = pydeep.hash_file(filepath).decode()

        report["report"] = results
    except AnalyzerRunException as e:
        error_message = (
            "job_id:{} analyzer:{} md5:{} filename: {} Analyzer Error {}"
            "".format(job_id, analyzer_name, md5, filename, e))
        logger.error(error_message)
        report["errors"].append(error_message)
        report["success"] = False
    except Exception as e:
        traceback.print_exc()
        error_message = (
            "job_id:{} analyzer:{} md5:{} filename: {} Unexpected Error {}"
            "".format(job_id, analyzer_name, md5, filename, e))
        logger.exception(error_message)
        report["errors"].append(str(e))
        report["success"] = False
    else:
        report["success"] = True

    general.set_report_and_cleanup(job_id, report)

    logger.info("ended analyzer {} job_id {}" "".format(analyzer_name, job_id))

    return report
    def __init__(self):
        Analyzer.__init__(self)
        self.filepath = self.get_param("file", None, "File parameter is missing.")
        self.filename = self.get_param("filename", None, "Filename is missing.")
        self.filetype = pyexifinfo.fileType(self.filepath)
        self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
        self.auto_extract_artifacts = self.get_param("auto_extract_artifacts", None)
        self.observables = []

        # Check if manalyze submodule is enabled
        if self.get_param(
            "config.manalyze_enable",
            False,
            "Parameter manalyze_enable not given."
            "Please enable or disable manalyze submodule explicitly.",
        ):
            binary_path = self.get_param(
                "config.manalyze_binary_path",
                "/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze",
            )
            if self.get_param("config.manalyze_enable_docker", False):
                available_submodules.append(ManalyzeSubmodule(use_docker=True))
            elif self.get_param(
                "config.manalyze_enable_binary", False
            ) and os.path.isfile(binary_path):
                available_submodules.append(
                    ManalyzeSubmodule(use_binary=True, binary_path=binary_path)
                )
            else:
                self.error(
                    "Manalyze submodule is enabled, but either there is no method allowed (docker or binary)"
                    "or the path to binary is not correct."
                )

        # Check if floss submodule is enabled
        if self.get_param("config.floss_enable", False):
            binary_path = self.get_param(
                "config.floss_binary_path", False, "Floss binary path not given."
            )
            available_submodules.append(
                FlossSubmodule(
                    binary_path=binary_path,
                    string_length=self.get_param(
                        "config.floss_minimal_string_length", 4
                    ),
                )
            )
Esempio n. 7
0
    def analyze_file(self, path):
        # Hash the file
        with io.open(path, "rb") as fh:
            buf = fh.read()
            md5 = hashlib.md5()
            md5.update(buf)
            sha1 = hashlib.sha1()
            sha1.update(buf)
            sha256 = hashlib.sha256()
            sha256.update(buf)
            ssdeep = Hash()
            ssdeep.update(buf)

        self.add_result_subsection(
            "Hashes",
            {
                "md5": md5.hexdigest(),
                "sha1": sha1.hexdigest(),
                "sha256": sha256.hexdigest(),
                "ssdeep": ssdeep.digest(),
            },
        )

        self.add_result_subsection("Exif Info", self.exif(path))

        # Get libmagic info
        magicliteral = magic.Magic(mime_encoding=True).from_file(path)
        mimetype = magic.Magic(mime=True, mime_encoding=True).from_file(path)
        # filetype = pyexifinfo.fileType(path)

        self.add_result_subsection(
            "File information",
            {
                "Magic literal": magicliteral,
                "MimeType": mimetype,
                "Filetype": pyexifinfo.fileType(path),
                "Filesize": os.path.getsize(path),
            },
        )

        return self.results, None
Esempio n. 8
0
    def run(self):
        results = {}
        results["magic"] = magic.from_file(self.filepath)
        results["mimetype"] = magic.from_file(self.filepath, mime=True)
        results["filetype"] = pyexifinfo.fileType(self.filepath)

        exif_report = pyexifinfo.get_json(self.filepath)
        if exif_report:
            exif_report_cleaned = {
                key: value
                for key, value in exif_report[0].items()
                if not (key.startswith("File") or key.startswith("SourceFile"))
            }
            results["exiftool"] = exif_report_cleaned

        binary = get_binary(self.job_id)
        results["md5"] = hashlib.md5(binary).hexdigest()
        results["sha1"] = hashlib.sha1(binary).hexdigest()
        results["sha256"] = hashlib.sha256(binary).hexdigest()
        results["ssdeep"] = pydeep.hash_file(self.filepath).decode()

        return results
    def analyze_file(self, path):
        # Hash the file
        with io.open(path, 'rb') as fh:
            buf = fh.read()
            md5 = hashlib.md5()
            md5.update(buf)
            sha1 = hashlib.sha1()
            sha1.update(buf)
            sha256 = hashlib.sha256()
            sha256.update(buf)
            ssdeep = Hash()
            ssdeep.update(buf)

        self.add_result_subsection(
            'Hashes', {
                'md5': md5.hexdigest(),
                'sha1': sha1.hexdigest(),
                'sha256': sha256.hexdigest(),
                'ssdeep': ssdeep.digest()
            })

        self.add_result_subsection('Exif Info', self.exif(path))

        # Get libmagic info
        magicliteral = magic.Magic(mime_encoding=True).from_file(path)
        mimetype = magic.Magic(mime=True, mime_encoding=True).from_file(path)
        # filetype = pyexifinfo.fileType(path)

        self.add_result_subsection(
            'File information', {
                'Magic literal': magicliteral,
                'MimeType': mimetype,
                'Filetype': pyexifinfo.fileType(path),
                'Filesize': os.path.getsize(path)
            })

        return self.results
    def analyze_file(self, path):
        # Hash the file
        with io.open(path, 'rb') as fh:
            buf = fh.read()
            md5 = hashlib.md5()
            md5.update(buf)
            sha1 = hashlib.sha1()
            sha1.update(buf)
            sha256 = hashlib.sha256()
            sha256.update(buf)
            ssdeep = Hash()
            ssdeep.update(buf)

        self.add_result_subsection('Hashes', {
            'md5': md5.hexdigest(),
            'sha1': sha1.hexdigest(),
            'sha256': sha256.hexdigest(),
            'ssdeep': ssdeep.digest()
        })

        self.add_result_subsection('Exif Info', self.exif(path))

        # Get libmagic info
        magicliteral = magic.Magic().from_file(path)
        mimetype = magic.Magic(mime=True).from_file(path)
        # filetype = pyexifinfo.fileType(path)


        self.add_result_subsection('File information', {
            'Magic literal': magicliteral,
            'MimeType': mimetype,
            'Filetype': pyexifinfo.fileType(path),
            'Filesize': os.path.getsize(path)}
                                   )

        return self.results
Esempio n. 11
0
def test_get_fileType():
    a = p.fileType(image)
    assert a.lower() == 'png'
Esempio n. 12
0
def test_get_fileType():
    a = p.fileType(image)
    assert a.lower() == 'png'
Esempio n. 13
0
 def filetype(self):
     return pyexifinfo.fileType(self.path)
Esempio n. 14
0
def test_get_fileType():
    loop = asyncio.get_event_loop()
    a = loop.run_until_complete(p.fileType(image))
    assert a.lower() == 'png'
Esempio n. 15
0
 def get_file_extension(self, filename):
     return pyexifinfo.fileType(filename).lower()