def test_sample_parse_global(self):
instance = Config("viper.conf.sample")
instance.parse_http_client()
assert instance.http_client.proxies is None
assert instance.http_client.verify is True
assert instance.http_client.cert is None
def test_sample_parse_global(self):
instance = Config()
instance.parse_http_client()
assert instance.http_client.proxies is None
assert instance.http_client.verify is True
assert instance.http_client.cert is None
def test_missing_section_http_client(self):
instance = Config()
assert hasattr(instance, "http_client")
delattr(instance, "http_client")
assert instance.http_client is None
instance.parse_http_client()
assert hasattr(instance, "http_client")
def test_missing_section_http_client(self):
instance = Config("viper.conf.sample")
assert hasattr(instance, "http_client")
delattr(instance, "http_client")
assert not hasattr(instance, "http_client")
instance.parse_http_client()
assert hasattr(instance, "http_client")
def test_missing_section_http_client(self):
instance = Config("viper.conf.sample")
assert hasattr(instance, "http_client")
delattr(instance, "http_client")
assert not hasattr(instance, "http_client")
instance.parse_http_client()
assert hasattr(instance, "http_client")
def test_sample_parse_global_section(self):
instance = Config()
instance.parse_http_client(instance.cuckoo)
assert instance.http_client.proxies is None
assert instance.http_client.verify is True
assert instance.http_client.cert is None
assert instance.cuckoo.proxies is None
assert instance.cuckoo.verify is True
assert instance.cuckoo.cert is None
def run(self):
if (not __sessions__.is_attached_misp()):
self.log("error", 'MISP session not attached')
return
cfg = Config()
key = cfg.misp.misp_key
url = cfg.misp.misp_url
pymisp = PyMISP(url,
key,
ssl=False,
proxies=None,
cert=('/opt/ssl/server/csp-internal.crt',
'/opt/ssl/server/csp-internal.key'))
xorSearch = XorSearch()
xorSearch.run()
event = pymisp.get_event(__sessions__.current.misp_event.event.id)
commentVal = ""
for out in xorSearch.output:
commentVal += out['data']
# if out['type'] == 'error':
# self.log("error", out['data'])
pymisp.add_named_attribute(
__sessions__.current.misp_event.event.id, "comment",
"File: " + __sessions__.current.file.path +
" -- XOR search out: " + commentVal)
def run(self):
if (not __sessions__.is_attached_misp()):
self.log("error", "MISP session not attached")
return
cfg = Config()
key = cfg.misp.misp_key
url = cfg.misp.misp_url
pymisp = PyMISP(url,
key,
ssl=False,
proxies=None,
cert=('/opt/ssl/server/csp-internal.crt',
'/opt/ssl/server/csp-internal.key'))
shellcode = Shellcode()
shellcode.run()
commentVal = ""
for out in shellcode.output:
commentVal += out['data']
self.log(
"info", "Updating MISP event " +
str(__sessions__.current.misp_event.event.id) + "...")
pymisp.add_named_attribute(__sessions__.current.misp_event.event.id,
"comment", "Shellcode out: " + commentVal)
def run(self):
if (not __sessions__.is_attached_misp()):
self.log("error", "MISP session not attached")
return
cfg = Config()
key = cfg.misp.misp_key
url = cfg.misp.misp_url
vt_apikey = cfg.virustotal.virustotal_key
if vt_apikey == '' or vt_apikey == None:
self.log("error", 'virustotal_key not set')
return
pymisp = PyMISP(url,
key,
ssl=False,
proxies=None,
cert=('/opt/ssl/server/csp-internal.crt',
'/opt/ssl/server/csp-internal.key'))
# Get VT object template id from misp
object_pattern_id = 0
json_string = pymisp.get_object_templates_list()
for item in json_string:
# print("==>" + str(item))
if str(item["ObjectTemplate"]["name"]) == "virustotal-report":
# print(item["ObjectTemplate"])
object_pattern_id = int(item["ObjectTemplate"]["id"])
url = 'https://www.virustotal.com/vtapi/v2/file/scan'
params = {'apikey': vt_apikey}
files = {
'file': (__sessions__.current.file.name,
open(__sessions__.current.file.path, 'rb'))
}
response = requests.post(url, files=files, params=params)
indicator = response.json()['md5']
misp_objects = generate_report(indicator, vt_apikey)
if (__sessions__.is_attached_misp()):
self.log("info", 'MISP session attached')
self.log(
"info", 'MISP event id: ' +
str(__sessions__.current.misp_event.event.id))
event = pymisp.get_event(__sessions__.current.misp_event.event.id)
#print(event)
misp_event = MISPEvent()
misp_event.load(event)
else:
self.log("error", 'MISP session not attached')
return
for misp_object in misp_objects:
res = pymisp.add_object(__sessions__.current.misp_event.event.id,
object_pattern_id, misp_object)
# This file is part of Viper - https://github.com/viper-framework/viper
# See the file 'LICENSE' for copying permission.
import os
from viper.core.config import Config
cfg = Config()
class Project(object):
def __init__(self):
self.name = None
self.path = None
if cfg.paths.storage_path:
self.path = cfg.paths.storage_path
else:
self.path = os.path.join(os.getenv('HOME'), '.viper')
if not os.path.exists(self.path):
os.makedirs(self.path)
def open(self, name):
if cfg.paths.storage_path:
base_path = cfg.paths.storage_path
else:
base_path = os.path.join(os.getenv('HOME'), '.viper')
if not os.path.exists(base_path):
raise Exception(
"The local storage folder does not exist at path {}".format(
def test_custom_parse_global(self):
instance = Config()
# http_proxy, no_proxy
instance.http_client.https_proxy = None
instance.parse_http_client()
assert instance.http_client.proxies is None
instance.http_client.https_proxy = False
instance.parse_http_client()
assert instance.http_client.proxies == {
'http': '',
'https': '',
'no': None
}
instance.http_client.https_proxy = "http://prx1.example.com:3128"
instance.parse_http_client()
assert instance.http_client.proxies == {
'http': 'http://prx1.example.com:3128',
'https': 'http://prx1.example.com:3128',
'no': None
}
# tls_verify
instance.http_client.tls_verify = None
instance.parse_http_client()
assert instance.http_client.verify is True
instance.http_client.tls_verify = True
instance.parse_http_client()
assert instance.http_client.verify is True
instance.http_client.tls_verify = False
instance.parse_http_client()
assert instance.http_client.verify is False
# tls_ca_bundle
instance.http_client.tls_verify = True
instance.http_client.tls_ca_bundle = "/etc/ssl/certs/ca_bundle.crt"
instance.parse_http_client()
assert instance.http_client.verify == "/etc/ssl/certs/ca_bundle.crt"
# tls_client_cert
instance.http_client.tls_client_cert = None
instance.parse_http_client()
assert instance.http_client.cert is None
instance.http_client.tls_client_cert = "client.pem"
instance.parse_http_client()
assert instance.http_client.cert == "client.pem"
def test_sample(self):
instance = Config()
assert isinstance(instance, Config)
assert instance.modules.store_output is True
def test_init(self):
instance = Config()
assert isinstance(instance, Config)
assert re.search("viper.conf", instance.config_file)
def test_custom_parse_global_section(self):
instance = Config("viper.conf.sample")
# http_proxy, no_proxy
instance.http_client.https_proxy = None
instance.koodous.https_proxy = None
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.proxies is None
instance.http_client.https_proxy = "http://prx1.example.com:3128"
instance.koodous.https_proxy = None
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.proxies == {'http': 'http://prx1.example.com:3128', 'https': 'http://prx1.example.com:3128', 'no': None}
instance.http_client.https_proxy = "http://prx1.example.com:3128"
instance.koodous.https_proxy = False
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.proxies == {'http': '', 'https': '', 'no': None}
instance.http_client.https_proxy = "http://prx1.example.com:3128"
instance.koodous.https_proxy = "http://prx2.example.com:8080"
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.proxies == {'http': 'http://prx2.example.com:8080', 'https': 'http://prx2.example.com:8080', 'no': None}
# tls_verify
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.verify is True
instance.koodous.tls_verify = False
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.verify is False
instance.koodous.tls_verify = True
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.verify is True
# tls_ca_bundle
instance.koodous.tls_verify = True
instance.koodous.tls_ca_bundle = "/etc/ssl/certs/ca_bundle2.crt"
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.verify == "/etc/ssl/certs/ca_bundle2.crt"
# tls_client_cert
instance.koodous.tls_client_cert = "client_koodous.pem"
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.cert == "client_koodous.pem"
def test_custom_parse_global_section(self):
instance = Config("viper.conf.sample")
# http_proxy, no_proxy
instance.http_client.https_proxy = None
instance.koodous.https_proxy = None
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.proxies is None
instance.http_client.https_proxy = "http://prx1.example.com:3128"
instance.koodous.https_proxy = None
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.proxies == {
'http': 'http://prx1.example.com:3128',
'https': 'http://prx1.example.com:3128',
'no': None
}
instance.http_client.https_proxy = "http://prx1.example.com:3128"
instance.koodous.https_proxy = False
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.proxies == {
'http': '',
'https': '',
'no': None
}
instance.http_client.https_proxy = "http://prx1.example.com:3128"
instance.koodous.https_proxy = "http://prx2.example.com:8080"
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.proxies == {
'http': 'http://prx2.example.com:8080',
'https': 'http://prx2.example.com:8080',
'no': None
}
# tls_verify
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.verify is True
instance.koodous.tls_verify = False
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.verify is False
instance.koodous.tls_verify = True
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.verify is True
# tls_ca_bundle
instance.koodous.tls_verify = True
instance.koodous.tls_ca_bundle = "/etc/ssl/certs/ca_bundle2.crt"
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.verify == "/etc/ssl/certs/ca_bundle2.crt"
# tls_client_cert
instance.koodous.tls_client_cert = "client_koodous.pem"
instance.parse_http_client(section=instance.koodous)
assert instance.koodous.cert == "client_koodous.pem"