def scan_file():
"""Analyzes a file if it is new or returns an existing analysis."""
# Get the filename, contents and SHA-1.
uploaded_file = request.files["file"]
filename = secure_filename(uploaded_file.filename)
contents = uploaded_file.read()
sha1 = Hashes().get_sha1(contents)
# Redirect the user to the analysis page
# if the file was already analyzed.
submission = Submission().query.filter_by(sha1=sha1).first()
if submission:
save_log(filename, submission.id, current_user.id)
return redirect("/analysis?sha1={}&name={}".format(sha1, filename))
# Save the file at the default samples folder.
file_path = save_file(sha1, contents)
# Get the VirusTotal report if it exists, else
# send the file to analysis.
virustotal = VirusTotal(current_user.vt_key)
virustotal_detection = virustotal.report(sha1)
if virustotal_detection["response_code"] == 0:
virustotal_detection = virustotal.detection(contents)
# Get hashes and basic information.
hashes = Hashes(contents).get_all()
basic_information = get_basic_information(file_path)
pe_info = None
capa_data = None
data = {"file_name" : filename,
"hashes" : hashes,
"basic_information" : basic_information,
"virustotal_detection" : virustotal_detection,
"yara" : YaraAnalysis().get_matches(contents),
}
# If the file is a PE, analyze it.
if basic_information["mime_type"] == "application/x-dosexec":
pe_file = PE(contents)
pe_info = pe_file.get_all()
capa_data = Capa().analyze(file_path)
foremost_data = Foremost().analyze(file_path)
pe_info["strings"] = Strings("iso-8859-1", file_path).get()
data["pe_info"] = pe_info
data["capa"] = capa_data
data["foremost"] = foremost_data
# Log the submission and zip the sample.
save_submission(data, current_user.id)
zip_file(file_path)
return redirect("/analysis?sha1={}&name={}".format(sha1, filename))
def post(self):
"""Calculates the different hashes of the file.
Returns a dict containing the MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512,
CRC32 and SSDEEP of the uploaded file.
"""
return Hashes(get_bytes()).get_all(), 200
def post(self):
"""Complete scan of the file.
Returns basic information, signatures, VirusTotal results and Yara matches.
If the file is a Portable Executable (PE), it also fetches data about its sections
(e.g., headers, imports) and capabilities.
"""
# Get the filename, contents and SHA-1.
uploaded_file = upload_parser.parse_args()["file"]
filename = secure_filename(uploaded_file.filename)
contents = uploaded_file.read()
sha1 = Hashes().get_sha1(contents)
# Get user information
user = User().query.filter_by(freki_key=request.headers["API-KEY"]).first()
# Return the results if the file was already analyzed.
submission = Submission().query.filter_by(sha1=sha1).first()
if submission:
save_log(filename, submission.id, user.id)
return json.loads(submission.data), 200
# Save the file at the default samples folder.
file_path = save_file(sha1, contents)
# Get the VirusTotal report if it exists, else
# send the file to analysis.
virustotal = VirusTotal(user.vt_key)
virustotal_detection = virustotal.report(sha1)
if virustotal_detection["response_code"] == 0:
virustotal_detection = virustotal.detection(contents)
# Get hashes and basic information.
hashes = Hashes(contents).get_all()
basic_information = get_basic_information(file_path)
pe_info = None
capa_data = None
data = {"file_name" : filename,
"hashes" : hashes,
"basic_information" : basic_information,
"virustotal_detection" : virustotal_detection,
"yara" : YaraAnalysis().get_matches(contents),
}
# If the file is a PE, analyze it.
if basic_information["mime_type"] == "application/x-dosexec":
pe_file = PE(contents)
pe_info = pe_file.get_all()
capa_data = Capa().analyze(file_path)
foremost_data = Foremost().analyze(file_path)
pe_info["strings"] = Strings("iso-8859-1", file_path).get()
data["pe_info"] = pe_info
data["capa"] = capa_data
data["foremost"] = foremost_data
# Log the submission and zip the sample.
save_submission(data, user.id)
zip_file(file_path)
return data, 200
def get_sha1(contents):
"""Returns the SHA-1 of the uploaded file."""
return Hashes().get_sha1(contents)