コード例 #1
0
    def pehash(self):
        if not HAVE_PEHASH:
            self.log(
                'error',
                "PEhash is missing. Please copy PEhash to the modules directory of Viper"
            )
            return

        current_pehash = None
        if __sessions__.is_set():
            current_pehash = calculate_pehash(__sessions__.current.file.path)
            self.log('info', "PEhash: {0}".format(bold(current_pehash)))

        if self.args.all or self.args.cluster or self.args.scan:
            db = Database()
            samples = db.find(key='all')

            rows = []
            for sample in samples:
                sample_path = get_sample_path(sample.sha256)
                pe_hash = calculate_pehash(sample_path)
                if pe_hash:
                    rows.append((sample.name, sample.md5, pe_hash))

        if self.args.all:
            self.log('info', "PEhash for all files:")
            header = ['Name', 'MD5', 'PEhash']
            self.log('table', dict(header=header, rows=rows))
        elif self.args.cluster:
            self.log('info', "Clustering files by PEhash...")

            cluster = {}
            for sample_name, sample_md5, pe_hash in rows:
                cluster.setdefault(pe_hash,
                                   []).append([sample_name, sample_md5])

            for item in cluster.items():
                if len(item[1]) > 1:
                    self.log(
                        'info', "PEhash {0} was calculated on files:".format(
                            bold(item[0])))
                    self.log('table', dict(header=['Name', 'MD5'],
                                           rows=item[1]))
        elif self.args.scan:
            if __sessions__.is_set() and current_pehash:
                self.log('info', "Finding matching samples...")

                matches = []
                for row in rows:
                    if row[1] == __sessions__.current.file.md5:
                        continue

                    if row[2] == current_pehash:
                        matches.append([row[0], row[1]])

                if matches:
                    self.log('table', dict(header=['Name', 'MD5'],
                                           rows=matches))
                else:
                    self.log('info', "No matches found")
コード例 #2
0
ファイル: pe.py プロジェクト: asymptotic/viper
    def pehash(self):
        if not HAVE_PEHASH:
            self.log('error', "PEhash is missing. Please copy PEhash to the modules directory of Viper")
            return

        current_pehash = None
        if __sessions__.is_set():
            current_pehash = calculate_pehash(__sessions__.current.file.path)
            self.log('info', "PEhash: {0}".format(bold(current_pehash)))

        if self.args.all or self.args.cluster or self.args.scan:
            db = Database()
            samples = db.find(key='all')

            rows = []
            for sample in samples:
                sample_path = get_sample_path(sample.sha256)
                pe_hash = calculate_pehash(sample_path)
                if pe_hash:
                    rows.append((sample.name, sample.md5, pe_hash))

        if self.args.all:
            self.log('info', "PEhash for all files:")
            header = ['Name', 'MD5', 'PEhash']
            self.log('table', dict(header=header, rows=rows))

        elif self.args.cluster:
            self.log('info', "Clustering files by PEhash...")

            cluster = {}
            for sample_name, sample_md5, pe_hash in rows:
                cluster.setdefault(pe_hash, []).append([sample_name, sample_md5])

            for item in cluster.items():
                if len(item[1]) > 1:
                    self.log('info', "PEhash cluster {0}:".format(bold(item[0])))
                    self.log('table', dict(header=['Name', 'MD5'], rows=item[1]))

        elif self.args.scan:
            if __sessions__.is_set() and current_pehash:
                self.log('info', "Finding matching samples...")

                matches = []
                for row in rows:
                    if row[1] == __sessions__.current.file.md5:
                        continue

                    if row[2] == current_pehash:
                        matches.append([row[0], row[1]])

                if matches:
                    self.log('table', dict(header=['Name', 'MD5'], rows=matches))
                else:
                    self.log('info', "No matches found")
コード例 #3
0
ファイル: pe.py プロジェクト: Sigterm-no/viper
    def pehash(self): 
        def usage():
            print("usage: pe pehash [-hac]")

        def help():
            usage()
            print("")
            print("Options:")
            print("\t--help (-h)\tShow this help message")
            print("\t--all (-a)\tPrints the PEhash of all files in the project")
            print("\t--cluster (-c)\tCalculate and cluster all files in the project")
            print("\t--scan (-s)\tScan repository for matching samples")
            print("")

        try:
            opts, argv = getopt.getopt(self.args[1:], 'hacs', ['help', 'all', 'cluster', 'scan'])
        except getopt.GetoptError as e:
            print(e)
            return
        
        arg_all = False
        arg_cluster = False
        arg_scan = False

        for opt, value in opts:
            if opt in ('-h', '--help'):
                help()
                return
            elif opt in ('-a', '--all'):
                arg_all = True
            elif opt in ('-c', '--cluster'):
                arg_cluster = True
            elif opt in ('-s', '--scan'):
                arg_scan = True

        if not HAVE_PEHASH:
            print_error("PEhash is missing. Please copy PEhash to the modules directory of Viper")
            return

        current_pehash = None
        if __sessions__.is_set():
            current_pehash = calculate_pehash(__sessions__.current.file.path)
            print_info("PEhash: {0}".format(bold(current_pehash)))

        if arg_all or arg_cluster or arg_scan:
            db = Database()
            samples = db.find(key='all')

            rows = []
            for sample in samples:
                sample_path = get_sample_path(sample.sha256)
                pe_hash = calculate_pehash(sample_path)
                if pe_hash:
                    rows.append((sample.name, sample.md5, pe_hash))

        if arg_all:
            print_info("PEhash for all files:")
            header = ['Name', 'MD5', 'PEhash']
            print(table(header=header, rows=rows))
        elif arg_cluster:
            print_info("Clustering files by PEhash...")

            cluster = {}
            for sample_name, sample_md5, pe_hash in rows:
                cluster.setdefault(pe_hash, []).append([sample_name, sample_md5])
            
            for item in cluster.items():
                if len(item[1]) > 1:
                    print_info("PEhash {0} was calculated on files:".format(bold(item[0])))
                    print(table(header=['Name', 'MD5'], rows=item[1]))
        elif arg_scan:
            if __sessions__.is_set() and current_pehash:
                print_info("Finding matching samples...")

                matches = []
                for row in rows:
                    if row[1] == __sessions__.current.file.sha256:
                        continue

                    if row[2] == current_pehash:
                        matches.append([row[0], row[1]])

                if matches:
                    print(table(header=['Name', 'MD5'], rows=matches))
                else:
                    print_info("No matches found")
コード例 #4
0
ファイル: pe.py プロジェクト: vicgc/viper
    def pehash(self):
        def usage():
            print("usage: pe pehash [-hac]")

        def help():
            usage()
            print("")
            print("Options:")
            print("\t--help (-h)\tShow this help message")
            print(
                "\t--all (-a)\tPrints the PEhash of all files in the project")
            print(
                "\t--cluster (-c)\tCalculate and cluster all files in the project"
            )
            print("\t--scan (-s)\tScan repository for matching samples")
            print("")

        try:
            opts, argv = getopt.getopt(self.args[1:], 'hacs',
                                       ['help', 'all', 'cluster', 'scan'])
        except getopt.GetoptError as e:
            print(e)
            return

        arg_all = False
        arg_cluster = False
        arg_scan = False

        for opt, value in opts:
            if opt in ('-h', '--help'):
                help()
                return
            elif opt in ('-a', '--all'):
                arg_all = True
            elif opt in ('-c', '--cluster'):
                arg_cluster = True
            elif opt in ('-s', '--scan'):
                arg_scan = True

        if not HAVE_PEHASH:
            print_error(
                "PEhash is missing. Please copy PEhash to the modules directory of Viper"
            )
            return

        current_pehash = None
        if __sessions__.is_set():
            current_pehash = calculate_pehash(__sessions__.current.file.path)
            print_info("PEhash: {0}".format(bold(current_pehash)))

        if arg_all or arg_cluster or arg_scan:
            db = Database()
            samples = db.find(key='all')

            rows = []
            for sample in samples:
                sample_path = get_sample_path(sample.sha256)
                pe_hash = calculate_pehash(sample_path)
                if pe_hash:
                    rows.append((sample.name, sample.md5, pe_hash))

        if arg_all:
            print_info("PEhash for all files:")
            header = ['Name', 'MD5', 'PEhash']
            print(table(header=header, rows=rows))
        elif arg_cluster:
            print_info("Clustering files by PEhash...")

            cluster = {}
            for sample_name, sample_md5, pe_hash in rows:
                cluster.setdefault(pe_hash,
                                   []).append([sample_name, sample_md5])

            for item in cluster.items():
                if len(item[1]) > 1:
                    print_info("PEhash {0} was calculated on files:".format(
                        bold(item[0])))
                    print(table(header=['Name', 'MD5'], rows=item[1]))
        elif arg_scan:
            if __sessions__.is_set() and current_pehash:
                print_info("Finding matching samples...")

                matches = []
                for row in rows:
                    if row[1] == __sessions__.current.file.md5:
                        continue

                    if row[2] == current_pehash:
                        matches.append([row[0], row[1]])

                if matches:
                    print(table(header=['Name', 'MD5'], rows=matches))
                else:
                    print_info("No matches found")