def build_options(self): """Generate analysis options. @return: options dict. """ options = {} options["id"] = self.task.id options["ip"] = self.cfg.resultserver.ip options["port"] = self.cfg.resultserver.port options["category"] = self.task.category options["target"] = self.task.target options["package"] = self.task.package options["options"] = self.task.options options["enforce_timeout"] = self.task.enforce_timeout if not self.task.timeout or self.task.timeout == 0: options["timeout"] = self.cfg.timeouts.default else: options["timeout"] = self.task.timeout if self.task.category == "file": options["file_name"] = File(self.task.target).get_name() options["file_type"] = File(self.task.target).get_type() return options
def run(self): """Run file information gathering. @return: information dict. """ self.key = "target" target_info = {"category": self.task["category"]} if self.task["category"] == "file": target_info["file"] = File(self.file_path).get_all() target_info["file"]["name"] = File(self.task["target"]).get_name() elif self.task["category"] == "url": target_info["url"] = self.task["target"] return target_info
def add_path(self, file_path, timeout=0, package="", options="", priority=1, custom="", machine="", platform="", memory=False, enforce_timeout=False): """Add a task to database from file path. @param file_path: sample path. @param timeout: selected timeout. @param options: analysis options. @param priority: analysis priority. @param custom: custom options. @param machine: selected machine. @param platform: platform. @param memory: toggle full memory dump. @param enforce_timeout: toggle full timeout execution. @return: cursor or None. """ if not file_path or not os.path.exists(file_path): return None return self.add(File(file_path), timeout, package, options, priority, custom, machine, platform, memory, enforce_timeout)
def run(self): self.key = "network" results = Pcap(self.pcap_path).run() # Save PCAP file hash. if os.path.exists(self.pcap_path): results["pcap_sha256"] = File(self.pcap_path).get_sha256() return results
def run(self, results): """Writes report. @param results: Cuckoo results dict. @raise CuckooReportError: if fails to write report. """ if not HAVE_JINJA2: raise CuckooReportError( "Failed to generate HTML report: Jinja2 Python library is not installed" ) shots_path = os.path.join(self.analysis_path, "shots") if os.path.exists(shots_path): shots = [] counter = 1 for shot_name in os.listdir(shots_path): if not shot_name.endswith(".jpg"): continue shot_path = os.path.join(shots_path, shot_name) if os.path.getsize(shot_path) == 0: continue shot = {} shot["id"] = os.path.splitext(File(shot_path).get_name())[0] shot["data"] = base64.b64encode(open(shot_path, "rb").read()) shots.append(shot) counter += 1 shots.sort(key=lambda shot: shot["id"]) results["screenshots"] = shots else: results["screenshots"] = [] results["apt"] = random.choice(HAX0RS) env = Environment(autoescape=True) env.loader = FileSystemLoader(os.path.join(CUCKOO_ROOT, "data", "html")) try: tpl = env.get_template("report.html") html = tpl.render({"results": results}) except Exception as e: raise CuckooReportError("Failed to generate HTML report: %s" % e) try: report = open(os.path.join(self.reports_path, "report.html"), "w") report.write(html) report.close() except (TypeError, IOError) as e: raise CuckooReportError("Failed to write HTML report: %s" % e) return True
def run(self): """Run analysis. @return: results dict. """ self.key = "static" static = {} if HAVE_PEFILE: if self.task["category"] == "file": if "PE32" in File(self.file_path).get_type(): static = PortableExecutable(self.file_path).run() return static
def run(self): """Run analysis. @return: list of dropped files with related information. """ self.key = "dropped" dropped_files = [] for dir_name, dir_names, file_names in os.walk(self.dropped_path): for file_name in file_names: file_path = os.path.join(dir_name, file_name) file_info = File(file_path=file_path, strip_name=True).get_all() dropped_files.append(file_info) return dropped_files
def run(self): """Runs VirusTotal processing @return: full VirusTotal report. """ self.key = "virustotal" virustotal = [] if not VIRUSTOTAL_KEY: raise CuckooProcessingError("VirusTotal API key not configured, skip") if self.task["category"] == "file": if not os.path.exists(self.file_path): raise CuckooProcessingError("File {0} not found, skip".format(self.file_path)) resource = File(self.file_path).get_md5() url = VIRUSTOTAL_FILE_URL elif self.task["category"] == "url": resource = self.task.target url = VIRUSTOTAL_URL_URL data = urllib.urlencode({"resource" : resource, "apikey" : VIRUSTOTAL_KEY}) try: request = urllib2.Request(url, data) response = urllib2.urlopen(request) response_data = response.read() except urllib2.URLError as e: raise CuckooProcessingError("Unable to establish connection to VirusTotal: {0}".format(e)) except urllib2.HTTPError as e: raise CuckooProcessingError("Unable to perform HTTP request to VirusTotal (http code={0})".format(e.code)) try: virustotal = json.loads(response_data) except ValueError as e: raise CuckooProcessingError("Unable to convert response to JSON: {0}".format(e)) return virustotal
def store_file(self): """Store a copy of the file being analyzed.""" if not os.path.exists(self.task.target): log.error( "The file to analyze does not exist at path \"%s\", " "analysis aborted", self.task.target) return False sha256 = File(self.task.target).get_sha256() self.binary = os.path.join(CUCKOO_ROOT, "storage", "binaries", sha256) if os.path.exists(self.binary): log.info("File already exists at \"%s\"", self.binary) else: # TODO: do we really need to abort the analysis in case we are not # able to store a copy of the file? try: shutil.copy(self.task.target, self.binary) except (IOError, shutil.Error) as e: log.error( "Unable to store file from \"%s\" to \"%s\", " "analysis aborted", self.task.target, self.binary) return False try: new_binary_path = os.path.join(self.storage, "binary") if hasattr(os, "symlink"): os.symlink(self.binary, new_binary_path) else: shutil.copy(self.binary, new_binary_path) except (AttributeError, OSError) as e: log.error("Unable to create symlink/copy from \"%s\" to \"%s\"", self.binary, self.storage) return True
def setUp(self): self.tmp = tempfile.mkstemp() self.file = File(self.tmp[1])