コード例 #1
0
ファイル: peframe.py プロジェクト: ki1556ki/MJUOpenSource
def stdoutput(get_info_from):
    output = json.loads(get_info_from)

    print "Peframe v.", output['peframe_ver']
    print
    print "Short information"
    print "-" * 60
    print "File type".ljust(15), output['file_type']
    print "File name".ljust(15), output['file_name']
    print "File size".ljust(15), output['file_size']
    print "Hash MD5".ljust(15), output['hash']['md5']

    # output에 virustotal 이 있으면 해당정보 출력
    if output['virustotal']:
        positives = output['virustotal']['positives']
        total = output['virustotal']['total']
        print "Virustotal".ljust(15), str(positives) + '/' + str(total)

    if output['pe_info']:
        for item in output['pe_info']:
            if output['pe_info'][item]:

                if item == 'detected':
                    print "Detected".ljust(15), ', '.join(
                        output['pe_info'][item])

                if item == 'directories':
                    print "Directories".ljust(15), ', '.join(
                        output['pe_info'][item])
                if item == 'sections_number':
                    if output['pe_info'][item] > 0:
                        x = 0
                        for suspicious in output['pe_info']['sections_info']:
                            if suspicious['suspicious']:
                                x = x + 1
                    print "Sections".ljust(15), output['pe_info'][
                        item], '(' + str(x) + ' suspicious)'

                if item == 'import_hash':
                    print "Import Hash".ljust(15), output['pe_info'][item]

                if item == 'compile_time':
                    print "Compile time".ljust(15), output['pe_info'][item]

                if item == 'dll':
                    print "Dll".ljust(15), output['pe_info'][item]

    if output['pe_info']:
        for item in output['pe_info']:
            if output['pe_info'][item]:

                if item == 'xor_info':
                    print
                    print "Xor info"
                    print "-" * 60
                    print "Key length".ljust(15), "Offset (hex)".ljust(
                        15), "Offset (dec)"
                    for elem in output['pe_info'][item]:
                        print elem.ljust(15), hex(
                            output['pe_info'][item][elem]).ljust(
                                15), output['pe_info'][item][elem]

                if item == 'sign_info':
                    print
                    print "Sign info"
                    print "-" * 60
                    for elem in output['pe_info'][item]:
                        print elem.ljust(15), output['pe_info'][item][elem]

                if item == 'packer_info':
                    print
                    print "Paker info"
                    print "-" * 60
                    for packer in output['pe_info'][item]:
                        print packer

                if item == 'mutex_info':
                    print
                    print "Mutex info"
                    print "-" * 60
                    for mutex in output['pe_info'][item]:
                        print mutex

                if item == 'antidbg_info':
                    print
                    print "Antidbg info"
                    print "-" * 60
                    for antidbg in output['pe_info'][item]:
                        print antidbg

                if item == 'antivm_info':
                    print
                    print "AntiVM info"
                    print "-" * 60
                    for antivm in output['pe_info'][item]:
                        print antivm

                if item == 'apialert_info':
                    print
                    print "Apialert info"
                    print "-" * 60
                    for apialert in output['pe_info'][item]:
                        print apialert

                if item == 'resources_info':
                    print
                    print "Resources info"
                    print "-" * 60
                    for res in output['pe_info'][item]:
                        name = str(res['name'])
                        size = str(res['size'])
                        data = str(res['data'])[0:35]
                        data = re.sub(r'\t|\n|\r|\s+', ' ', data)
                        print name.ljust(15), size.ljust(8), data

                if item == 'import_function':
                    print
                    print "Import function"
                    print "-" * 60
                    for func in output['pe_info'][item]:
                        f = len(output['pe_info'][item][func])
                        print func.ljust(15), str(f)

                if item == 'export_function':
                    print
                    print "Export function"
                    print "-" * 60
                    for func in output['pe_info'][item]:
                        if func['function'] is None:
                            print "Unnamed export".ljust(15), func['address']
                        else:
                            print func['function'][0:15].ljust(
                                15), func['address']

                if item == 'sections_info':
                    for secsusp in output['pe_info'][item]:
                        if secsusp['suspicious']:
                            print
                            print "Sections suspicious"
                            print "-" * 60
                            suspicious = True
                            break
                    if suspicious:
                        y = 0
                        for secsusp in output['pe_info'][item]:
                            for elem in secsusp:
                                if secsusp['suspicious']:
                                    print elem.ljust(15), secsusp[elem]
                                    y = y + 1
                            if y > 1 and y < x * 7 and secsusp['suspicious']:
                                print

    if output['file_found']:
        print
        print "Filename found"
        print "-" * 60
        for item in output['file_found']:
            for fname in output['file_found'][item]:
                print item.ljust(15), fname

    if output['url_found']:
        print
        print "Url found"
        print "-" * 60
        for item in output['url_found']:
            print item

    if output['ip_found']:
        print
        print "IP found"
        print "-" * 60
        for item in output['ip_found']:
            print item

    if output['fuzzing']:
        print
        print "Fuzzing match"
        print "-" * 60
        for item in output['fuzzing']:
            print str(len(output['fuzzing'][item])).ljust(15), item

    if output['pe_info']:
        for item in output['pe_info']:
            if output['pe_info'][item]:
                if item == 'meta_info':
                    print
                    print "Meta info"
                    print "-" * 60
                    for meta in output['pe_info'][item]:
                        print meta.ljust(15), output['pe_info'][item][meta]
コード例 #2
0
ファイル: peframe.py プロジェクト: LucaBongiorni/peframe
def stdoutput(get_info_from):
	output = json.loads(get_info_from)
	
	print "Peframe v.", output['peframe_ver']
	print
	print "Short information"
	print "-"*60
	print "File type".ljust(15),output['file_type']
	print "File name".ljust(15), output['file_name']
	print "File size".ljust(15), output['file_size']
	print "Hash MD5".ljust(15), output['hash']['md5']

	if output['virustotal']:
		positives = output['virustotal']['positives']
		total = output['virustotal']['total']
		print "Virustotal".ljust(15), str(positives)+'/'+str(total)

	if output['pe_info']:
		for item in output['pe_info']:
			if output['pe_info'][item]:
				
				if item == 'detected':
					print "Detected".ljust(15), ', '.join(output['pe_info'][item])

				if item == 'directories':
					print "Directories".ljust(15), ', '.join(output['pe_info'][item])

				if item == 'sections_number':
					if output['pe_info'][item] > 0:
						x = 0
						for suspicious in output['pe_info']['sections_info']:
							if suspicious['suspicious']:
								x = x+1
					print "Sections".ljust(15), output['pe_info'][item], '('+str(x)+' suspicious)'

				if item == 'import_hash':
					print "Import Hash".ljust(15), output['pe_info'][item]

				if item == 'compile_time':
					print "Compile time".ljust(15), output['pe_info'][item]

				if item == 'dll':
					print "Dll".ljust(15), output['pe_info'][item]

	if output['pe_info']:
		for item in output['pe_info']:
			if output['pe_info'][item]:

				if item == 'xor_info':
					print
					print "Xor info"
					print "-"*60
					print "Key length".ljust(15), "Offset (hex)".ljust(15), "Offset (dec)"
					for elem in output['pe_info'][item]:
						print elem.ljust(15), hex(output['pe_info'][item][elem]).ljust(15), output['pe_info'][item][elem]

				if item == 'sign_info':
					print
					print "Sign info"
					print "-"*60
					for elem in output['pe_info'][item]:
						print elem.ljust(15), output['pe_info'][item][elem]

				if item == 'packer_info':
					print
					print "Paker info"
					print "-"*60
					for packer in output['pe_info'][item]:
						print packer

				if item == 'mutex_info':
					print
					print "Mutex info"
					print "-"*60
					for mutex in output['pe_info'][item]:
						print mutex

				if item == 'antidbg_info':
					print
					print "Antidbg info"
					print "-"*60
					for antidbg in output['pe_info'][item]:
						print antidbg

				if item == 'antivm_info':
					print
					print "AntiVM info"
					print "-"*60
					for antivm in output['pe_info'][item]:
						print antivm

				if item == 'apialert_info':
					print
					print "Apialert info"
					print "-"*60
					for apialert in output['pe_info'][item]:
						print apialert

				if item == 'resources_info':
					print
					print "Resources info"
					print "-"*60
					for res in output['pe_info'][item]:
						name = str(res['name'])
						size = str(res['size'])
						data = str(res['data'])[0:35]
						data = re.sub(r'\t|\n|\r|\s+', ' ', data)
						print name.ljust(15), size.ljust(8), data

				if item == 'import_function':
					print
					print "Import function"
					print "-"*60
					for func in output['pe_info'][item]:
						f = len(output['pe_info'][item][func])
						print func.ljust(15), str(f)

				if item == 'export_function':
					print
					print "Export function"
					print "-"*60
					for func in output['pe_info'][item]:
						print func['function'][0:15].ljust(15), func['address']

				if item == 'sections_info':
					for secsusp in output['pe_info'][item]:
						if secsusp['suspicious']:
							print
							print "Sections suspicious"
							print "-"*60
							suspicious = True
							break
					if suspicious:
						y = 0
						for secsusp in output['pe_info'][item]:
							for elem in secsusp:
								if secsusp['suspicious']:
									print elem.ljust(15), secsusp[elem]
									y = y+1
							if y > 1 and y < x*7 and secsusp['suspicious']: print

	if output['file_found']:
		print
		print "Filename found"
		print "-"*60
		for item in output['file_found']:
			for fname in output['file_found'][item]:
				print item.ljust(15), fname

	if output['url_found']:
		print
		print "Url found"
		print "-"*60
		for item in output['url_found']:
			print item

	if output['ip_found']:
		print
		print "IP found"
		print "-"*60
		for item in output['ip_found']:
			print item

	if output['fuzzing']:
		print
		print "Fuzzing match"
		print "-"*60
		for item in output['fuzzing']:
			print str(len(output['fuzzing'][item])).ljust(15), item

	if output['pe_info']:
		for item in output['pe_info']:
			if output['pe_info'][item]:
				if item == 'meta_info':
					print
					print "Meta info"
					print "-"*60
					for meta in output['pe_info'][item]:
						print meta.ljust(15), output['pe_info'][item][meta]