def analyzer(_file):
try:
entropy_found = False
rule_triggerred = False
if ADVANCED_SEARCH:
additional_checks = advancedSearch.AdvancedSearch()
additional_checks.filetype_check(_file)
for word in file_reader(_file):
base64_strings = get_strings(word)
for string in base64_strings:
b64Entropy = shannon_entropy(string)
if b64Entropy > HIGH_ENTROPY_EDGE:
#print(string + 'has entropy ' + str(b64Entropy))
print(colored('FOUND HIGH ENTROPY!!!', 'green'))
print(colored('The following string: ', 'green') + colored(string, 'magenta') + colored(' has been found in ' + _file, 'green'))
logger.info('high entropy has been found in a file ' + _file)
entropy_found = True
if ADVANCED_SEARCH:
additional_checks.grepper(word)
if ADVANCED_SEARCH:
rule_triggerred = additional_checks.final(_file)
if REMOVE_FLAG and not (entropy_found or rule_triggerred): remove_file(_file)
except Exception as e:
logger.error('while trying to analyze ' + str(_file) + '. Details:\n' + str(e))
def analyze_file(_file):
try:
if BAD_EXPRESSIONS:
if bad_expression_verifier(_file):
logger.info("Bad expression has been found in a " + _file
+ " file. Skipping further analysis.")
return
entropy_found = False
rule_triggerred = False
if ADVANCED_SEARCH:
additional_checks = advancedSearch.AdvancedSearch()
additional_checks.filetype_check(_file)
for word in get_all_strings_from_file(_file):
additional_checks.grepper(word)
if is_base64_with_correct_length(word, MIN_KEY_LENGTH, MAX_KEY_LENGTH):
if found_high_entropy(_file, word):
entropy_found = True
if additional_checks.final(_file):
data = {"Finding": "Advanced rule triggerred", "File": _file,
"Details": {"filetype": additional_checks._FILETYPE,
"filetype_weight": additional_checks._FILETYPE_WEIGHT,
"grep_words": additional_checks._GREP_WORDS,
"grep_word_occurrence": additional_checks._GREP_WORD_OCCURRENCE,
"grep_words_weight": additional_checks._GREP_WORDS_WEIGHT}}
result.put(data)
for word in get_base64_strings_from_file(_file, MIN_KEY_LENGTH, MAX_KEY_LENGTH):
if found_high_entropy(_file, word):
entropy_found = True
if PASSWORD_SEARCH:
# have to read line by line instead of words
try:
with open(_file) as f:
for line in f:
pass_list = password_search(line)
if pass_list:
for password in pass_list:
print(colored("FOUND POTENTIAL PASSWORD!!!", 'yellow'))
print(colored("Potential password ", 'yellow') + colored(password[0], 'magenta')
+ colored(" has been found in file " + _file, 'yellow'))
data = {"Finding": "Password",
"File": _file,
"Details": {"Password complexity": password[1],
"String": password[0]}}
result.put(data)
logger.info("potential password has been found in a file " + _file)
except Exception as e:
logger.error("while trying to open " + str(_file) + ". Details:\n" + str(e))
if REMOVE_FLAG and not (entropy_found or rule_triggerred):
remove_file(_file)
except Exception as e:
logger.error("while trying to analyze " + str(_file) + ". Details:\n" + str(e))
def analyzer(_file):
try:
entropy_found = False
rule_triggerred = False
if ADVANCED_SEARCH:
additional_checks = advancedSearch.AdvancedSearch()
additional_checks.filetype_check(_file)
for word in file_reader(_file):
base64_strings = get_strings(word)
for string in base64_strings:
b64Entropy = shannon_entropy(string)
if (b64Entropy >
HIGH_ENTROPY_EDGE) and false_positive_filter(string):
print(colored("FOUND HIGH ENTROPY!!!", 'green'))
print(
colored("The following string: ", 'green') +
colored(string, 'magenta') +
colored(" has been found in " + _file, 'green'))
print()
logger.info("high entropy has been found in a file " \
+ _file)
data = {
"Finding": "High entropy",
"File": _file,
"Details": {
"Entropy": b64Entropy,
"String": string
}
}
result.put(data)
entropy_found = True
if ADVANCED_SEARCH:
additional_checks.grepper(word)
if ADVANCED_SEARCH:
if additional_checks.final(_file):
data = {
"Finding": "Advanced rule triggerred",
"File": _file,
"Details": {
"filetype": additional_checks._FILETYPE,
"filetype_weight": additional_checks._FILETYPE_WEIGHT,
"grep_words": additional_checks._GREP_WORDS,
"grep_word_occurrence":
additional_checks._GREP_WORD_OCCURRENCE,
"grep_words_weight":
additional_checks._GREP_WORDS_WEIGHT
}
}
result.put(data)
if PASSWORD_SEARCH:
#have to read line by line instead of words
try:
with open(_file) as f:
for line in f:
pass_list = password_search(line)
if pass_list:
for password in pass_list:
print(
colored("FOUND POTENTIAL PASSWORD!!!",
'yellow'))
print(
colored("Potential password ", 'yellow') +
colored(password[0], 'magenta') +
colored(" has been found in file " +
_file, 'yellow'))
data = {
"Finding": "Password",
"File": _file,
"Details": {
"Password complexity": password[1],
"String": password[0]
}
}
result.put(data)
logger.info(
"potential password has been found in a file "
+ _file)
except Exception as e:
logger.error("while trying to open " + str(_file) +
". Details:\n" + str(e))
if REMOVE_FLAG and not (entropy_found or rule_triggerred):
remove_file(_file)
except Exception as e:
logger.error("while trying to analyze " + str(_file) + ". Details:\n" +
str(e))
def analyze_file(_file, result, settings):
try:
bad_expressions = settings.bad_expressions if settings.bad_expressions else BAD_EXPRESSIONS
if bad_expressions:
if bad_expression_verifier(_file, bad_expressions):
logger.info("Bad expression has been found in a " + _file +
" file. Skipping further analysis.")
return
entropy_found = False
rule_triggerred = False
min_key = settings.min_key if settings.min_key else MIN_KEY_LENGTH
max_key = settings.max_key if settings.max_key else MAX_KEY_LENGTH
entropy = settings.entropy if settings.entropy else HIGH_ENTROPY_EDGE
regexlist = settings.regex_list if settings.regex_list else REGEXP_LIST
singleregex = settings.single_regex if settings.single_regex else SINGLE_REGEX
if settings.regexlist:
# have to read line by line instead of words
try:
file = open(f'{_file}')
lines = file.readlines()
foundings = []
found = 0
file = yaml.safe_load(open(f'{regexlist}'))
regexArray = file.get("signatures")
for _key in lines:
for _finding in regexArray:
if any('regex' in _key for _key in _finding):
regex = f"{_finding['regex']}"
pattern = re.compile(regex)
found = pattern.findall(_key)
if (found == ['']):
print(
f'Possibe match: {colored(_finding["name"], "cyan")}'
)
print(f'File: {colored(_file, "green")}')
print(f'Key: {colored(_key, "magenta")}')
foundings.append(
f'Possibly matched: {colored(_finding["name"], "cyan")} with key: {colored(_key, "magenta")}'
)
data = {
"Finding": f'{_finding["name"]}',
'Key': f'{_key}',
'File': f'{_file}'
}
result.put(data)
if (found != [] and found != ['']):
i = len(found)
for var in list(range(i)):
print(
f'Possibe match: {colored(_finding["name"], "cyan")}'
)
print(f'File: {colored(_file, "green")}')
print(
f'Key: {colored(found[var] + "", "magenta")}\n'
)
foundings.append(
f'Possibly matched: {colored(_finding["name"], "cyan")} with key: {colored(_key, "magenta")}'
)
data = {
"Finding": f'{_finding["name"]}',
'Key': f'{found[var]}',
'File': f'{_file}'
}
result.put(data)
except Exception as e:
logger.error("while trying to open " + str(_file) +
". Details:\n" + str(e))
if settings.singleregex:
#Single regex availible now, multiple inline regexes will be addressed in future updates
try:
file = open(f'{_file}')
lines = file.readlines()
# foundings = []
found = 0
with open(_file) as f:
for _key in lines:
pattern = re.compile(singleregex)
found = pattern.findall(_key)
if found:
i = len(found)
for var in list(range(i)):
print(f'File: {colored(_file, "green")}')
print(f'Key: {colored(found[var], "magenta")}')
data = {
'Key': f'{found[var]}',
'File': f'{_file}'
}
result.put(data)
except Exception as e:
logger.error("while trying to open " + str(_file) +
". Details:\n" + str(e))
if settings.advance:
additional_checks = advancedSearch.AdvancedSearch()
additional_checks.filetype_check(_file)
for word in get_all_strings_from_file(_file):
additional_checks.grepper(word)
if is_base64_with_correct_length(word, min_key, max_key):
if found_high_entropy(_file, word, result, entropy):
entropy_found = True
if additional_checks.final(_file):
data = {
"Finding": "Advanced rule triggerred",
"File": _file,
"Details": {
"filetype": additional_checks._FILETYPE,
"filetype_weight": additional_checks._FILETYPE_WEIGHT,
"grep_words": additional_checks._GREP_WORDS,
"grep_word_occurrence":
additional_checks._GREP_WORD_OCCURRENCE,
"grep_words_weight":
additional_checks._GREP_WORDS_WEIGHT
}
}
result.put(data)
if settings.noentropysearch != False:
for word in get_base64_strings_from_file(_file, min_key, max_key):
if found_high_entropy(_file, word, result, entropy):
entropy_found = True
if settings.secret:
# have to read line by line instead of words
try:
with open(_file) as f:
for line in f:
for password in password_search(line, settings):
print(
colored("FOUND POTENTIAL PASSWORD!!!",
'yellow'))
print(
colored("Potential password ", 'yellow') +
colored(password[0], 'magenta') +
colored(" has been found in file " +
_file, 'yellow'))
data = {
"Finding": "Password",
"File": _file,
"Details": {
"Password complexity": password[1],
"String": password[0]
}
}
result.put(data)
logger.info(
"potential password has been found in a file "
+ _file)
except Exception as e:
logger.error("while trying to open " + str(_file) +
". Details:\n" + str(e))
if settings.remove and not (entropy_found or rule_triggerred):
remove_file(_file)
except Exception as e:
logger.error("while trying to analyze " + str(_file) + ". Details:\n" +
str(e))