def build_options(self):
"""Generate analysis options.
@return: options dict.
"""
options = {}
options["id"] = self.task.id
options["ip"] = self.cfg.resultserver.ip
options["port"] = self.cfg.resultserver.port
options["category"] = self.task.category
options["target"] = self.task.target
options["package"] = self.task.package
options["options"] = self.task.options
options["enforce_timeout"] = self.task.enforce_timeout
if not self.task.timeout or self.task.timeout == 0:
options["timeout"] = self.cfg.timeouts.default
else:
options["timeout"] = self.task.timeout
if self.task.category == "file":
options["file_name"] = File(self.task.target).get_name()
options["file_type"] = File(self.task.target).get_type()
return options
def run(self):
"""Run file information gathering.
@return: information dict.
"""
self.key = "target"
target_info = {"category": self.task["category"]}
if self.task["category"] == "file":
target_info["file"] = File(self.file_path).get_all()
target_info["file"]["name"] = File(self.task["target"]).get_name()
elif self.task["category"] == "url":
target_info["url"] = self.task["target"]
return target_info
def add_path(self,
file_path,
timeout=0,
package="",
options="",
priority=1,
custom="",
machine="",
platform="",
memory=False,
enforce_timeout=False):
"""Add a task to database from file path.
@param file_path: sample path.
@param timeout: selected timeout.
@param options: analysis options.
@param priority: analysis priority.
@param custom: custom options.
@param machine: selected machine.
@param platform: platform.
@param memory: toggle full memory dump.
@param enforce_timeout: toggle full timeout execution.
@return: cursor or None.
"""
if not file_path or not os.path.exists(file_path):
return None
return self.add(File(file_path), timeout, package, options, priority,
custom, machine, platform, memory, enforce_timeout)
def run(self):
self.key = "network"
results = Pcap(self.pcap_path).run()
# Save PCAP file hash.
if os.path.exists(self.pcap_path):
results["pcap_sha256"] = File(self.pcap_path).get_sha256()
return results
def run(self, results):
"""Writes report.
@param results: Cuckoo results dict.
@raise CuckooReportError: if fails to write report.
"""
if not HAVE_JINJA2:
raise CuckooReportError(
"Failed to generate HTML report: Jinja2 Python library is not installed"
)
shots_path = os.path.join(self.analysis_path, "shots")
if os.path.exists(shots_path):
shots = []
counter = 1
for shot_name in os.listdir(shots_path):
if not shot_name.endswith(".jpg"):
continue
shot_path = os.path.join(shots_path, shot_name)
if os.path.getsize(shot_path) == 0:
continue
shot = {}
shot["id"] = os.path.splitext(File(shot_path).get_name())[0]
shot["data"] = base64.b64encode(open(shot_path, "rb").read())
shots.append(shot)
counter += 1
shots.sort(key=lambda shot: shot["id"])
results["screenshots"] = shots
else:
results["screenshots"] = []
results["apt"] = random.choice(HAX0RS)
env = Environment(autoescape=True)
env.loader = FileSystemLoader(os.path.join(CUCKOO_ROOT, "data",
"html"))
try:
tpl = env.get_template("report.html")
html = tpl.render({"results": results})
except Exception as e:
raise CuckooReportError("Failed to generate HTML report: %s" % e)
try:
report = open(os.path.join(self.reports_path, "report.html"), "w")
report.write(html)
report.close()
except (TypeError, IOError) as e:
raise CuckooReportError("Failed to write HTML report: %s" % e)
return True
def run(self):
"""Run analysis.
@return: results dict.
"""
self.key = "static"
static = {}
if HAVE_PEFILE:
if self.task["category"] == "file":
if "PE32" in File(self.file_path).get_type():
static = PortableExecutable(self.file_path).run()
return static
def run(self):
"""Run analysis.
@return: list of dropped files with related information.
"""
self.key = "dropped"
dropped_files = []
for dir_name, dir_names, file_names in os.walk(self.dropped_path):
for file_name in file_names:
file_path = os.path.join(dir_name, file_name)
file_info = File(file_path=file_path,
strip_name=True).get_all()
dropped_files.append(file_info)
return dropped_files
def run(self):
"""Runs VirusTotal processing
@return: full VirusTotal report.
"""
self.key = "virustotal"
virustotal = []
if not VIRUSTOTAL_KEY:
raise CuckooProcessingError("VirusTotal API key not configured, skip")
if self.task["category"] == "file":
if not os.path.exists(self.file_path):
raise CuckooProcessingError("File {0} not found, skip".format(self.file_path))
resource = File(self.file_path).get_md5()
url = VIRUSTOTAL_FILE_URL
elif self.task["category"] == "url":
resource = self.task.target
url = VIRUSTOTAL_URL_URL
data = urllib.urlencode({"resource" : resource, "apikey" : VIRUSTOTAL_KEY})
try:
request = urllib2.Request(url, data)
response = urllib2.urlopen(request)
response_data = response.read()
except urllib2.URLError as e:
raise CuckooProcessingError("Unable to establish connection to VirusTotal: {0}".format(e))
except urllib2.HTTPError as e:
raise CuckooProcessingError("Unable to perform HTTP request to VirusTotal (http code={0})".format(e.code))
try:
virustotal = json.loads(response_data)
except ValueError as e:
raise CuckooProcessingError("Unable to convert response to JSON: {0}".format(e))
return virustotal
def store_file(self):
"""Store a copy of the file being analyzed."""
if not os.path.exists(self.task.target):
log.error(
"The file to analyze does not exist at path \"%s\", "
"analysis aborted", self.task.target)
return False
sha256 = File(self.task.target).get_sha256()
self.binary = os.path.join(CUCKOO_ROOT, "storage", "binaries", sha256)
if os.path.exists(self.binary):
log.info("File already exists at \"%s\"", self.binary)
else:
# TODO: do we really need to abort the analysis in case we are not
# able to store a copy of the file?
try:
shutil.copy(self.task.target, self.binary)
except (IOError, shutil.Error) as e:
log.error(
"Unable to store file from \"%s\" to \"%s\", "
"analysis aborted", self.task.target, self.binary)
return False
try:
new_binary_path = os.path.join(self.storage, "binary")
if hasattr(os, "symlink"):
os.symlink(self.binary, new_binary_path)
else:
shutil.copy(self.binary, new_binary_path)
except (AttributeError, OSError) as e:
log.error("Unable to create symlink/copy from \"%s\" to \"%s\"",
self.binary, self.storage)
return True
def setUp(self):
self.tmp = tempfile.mkstemp()
self.file = File(self.tmp[1])
