def dotransform(request, response):
folder = ''
try:
if 'sniffMyPackets.outputfld' in request.fields:
folder = request.fields['sniffMyPackets.outputfld']
else:
folder = request.value
except:
return response + UIMessage('No folder created or specified')
file_list = []
hash_list = []
msg = 'Enter output file'
title = 'L0 - Hash all the files [SmP]'
fieldNames = ["File Name"]
fieldValues = []
fieldValues = multenterbox(msg, title, fieldNames)
hash_file = fieldValues[0]
for path, subdirs, files in os.walk(folder):
for name in files:
fname = name
fpath = os.path.join(path, name)
if fpath not in file_list:
file_list.append(fpath)
i = len(folder) + 1
for s in file_list:
fh = open(s, 'r')
sha1hash = hashlib.sha1(fh.read()).hexdigest()
fh = open(s, 'r')
md5hash = hashlib.md5(fh.read()).hexdigest()
fhash = s[i:] + ' ' + str(sha1hash) + ' ' + str(md5hash)
if fhash not in hash_list:
hash_list.append(fhash)
f = open(hash_file, 'w')
f.write("\n".join(hash_list))
f.close()
e = GenericFile(hash_file)
e.linklabel = 'Hash File'
e += Field('sniffMyPackets.outputfld',
folder,
displayname='Folder Location')
response += e
return response
def dotransform(request, response):
folder = ''
try:
if 'sniffMyPackets.outputfld' in request.fields:
folder = request.fields['sniffMyPackets.outputfld']
else:
folder = request.value
except:
return response + UIMessage('No folder created or specified')
file_list = []
hash_list = []
msg = 'Enter output file'
title = 'L0 - Hash all the files [SmP]'
fieldNames = ["File Name"]
fieldValues = []
fieldValues = multenterbox(msg, title, fieldNames)
hash_file = fieldValues[0]
for path, subdirs, files in os.walk(folder):
for name in files:
fname = name
fpath = os.path.join(path, name)
if fpath not in file_list:
file_list.append(fpath)
i = len(folder) + 1
for s in file_list:
fh = open(s, 'r')
sha1hash = hashlib.sha1(fh.read()).hexdigest()
fh = open(s, 'r')
md5hash = hashlib.md5(fh.read()).hexdigest()
fhash = s[i:] + ' ' + str(sha1hash) + ' ' + str(md5hash)
if fhash not in hash_list:
hash_list.append(fhash)
f = open(hash_file, 'w')
f.write("\n".join(hash_list))
f.close()
e = GenericFile(hash_file)
e.linklabel = 'Hash File'
e += Field('sniffMyPackets.outputfld', folder, displayname='Folder Location')
response += e
return response
def dotransform(request, response):
target = request.value
filepath = request.fields['newfolder']
list_files = []
file_details = []
# Create new folder for the extracted files
rnd = str(randint(1, 100))
newfolder = filepath + '/' + rnd
if not os.path.exists(newfolder): os.makedirs(newfolder)
# Check the file extension and if applicable unzip the file to a new folder then store the files
if target.endswith(".zip") or target.endswith(".docx"):
uzip = zipfile.ZipFile(target)
uzip.extractall(newfolder)
rootdir = newfolder
for root, subFolders, files in os.walk(rootdir):
for file in files:
list_files.append(os.path.join(root, file))
else:
return response + UIMessage('Sorry not the right type of file')
# Iterate through the list of files and calculate the SHA1 hash, the filetype
for i in list_files:
sha1sum = ''
fh = open(i, 'rb')
sha1sum = hashlib.sha1(fh.read()).hexdigest()
cmd = 'file ' + i
x = os.popen(cmd).read()
for s in re.finditer('([^:]*)(\s)',x):
ftype = s.group(1)
file_detail = i, newfolder, sha1sum, ftype
if file_detail not in file_details:
file_details.append(file_detail)
# Create the new entity for each file with the details from above
for fname, ffolder, fhash, ftype in file_details:
e = GenericFile(fname)
e += Field('ffolder', ffolder, displayname='File Location')
e += Field('fhash', fhash, displayname='SHA1 Hash')
e += Field('ftype', ftype, displayname='File Type')
e.linklabel = ftype
e.linkcolor = 0x75337D
response += e
return response
def dotransform(request, response):
pcap = request.value
pkts = rdpcap(pcap)
getsrc = lambda x: x.getlayer(IP).src
getdst = lambda x: x.getlayer(IP).dst
new_file = ''
tstamp = int(clock())
try:
tmpfolder = request.fields['sniffMyPackets.outputfld']
except:
return response + UIMessage(
'No output folder defined, run the L0 - Prepare pcap transform')
if 'stream' not in pcap:
new_file = tmpfolder + '/' + str(tstamp) + '.jpg'
else:
new_file = tmpfolder + '/' + request.value[42:-5] + '.jpg'
format = 'jpg'
conv = {}
for p in pkts:
try:
c = (getsrc(p), getdst(p))
except:
continue
conv[c] = conv.get(c, 0) + 1
gr = 'digraph "conv" {\n'
for s, d in conv:
gr += '\t "%s" -> "%s"\n' % (s, d)
gr += "}\n"
w, r = os.popen2("dot -T%s -o%s" % (format, new_file))
w.write(gr)
w.close
e = GenericFile(new_file)
e.linklabel = 'JPG File'
e += Field('sniffMyPackets.outputfld',
tmpfolder,
displayname='Folder Location')
response += e
return response
def dotransform(request, response):
pcap = request.value
pkts = rdpcap(pcap)
getsrc = lambda x:x.getlayer(IP).src
getdst = lambda x:x.getlayer(IP).dst
new_file = ''
tstamp = int(clock())
try:
tmpfolder = request.fields['sniffMyPackets.outputfld']
except:
return response + UIMessage('No output folder defined, run the L0 - Prepare pcap transform')
if 'stream' not in pcap:
new_file = tmpfolder + '/' + str(tstamp) + '.jpg'
else:
new_file = tmpfolder + '/' + request.value[42:-5] + '.jpg'
format = 'jpg'
conv = {}
for p in pkts:
try:
c = (getsrc(p), getdst(p))
except:
continue
conv[c] = conv.get(c,0)+1
gr = 'digraph "conv" {\n'
for s,d in conv:
gr += '\t "%s" -> "%s"\n' % (s,d)
gr += "}\n"
w,r = os.popen2("dot -T%s -o%s" % (format, new_file))
w.write(gr)
w.close
e = GenericFile(new_file)
e.linklabel = 'JPG File'
e += Field('sniffMyPackets.outputfld', tmpfolder, displayname='Folder Location')
response += e
return response
def dotransform(request, response):
conf.verb = 0 # turn off the annoying....'s'
pcap = request.value
pkts = rdpcap(pcap)
new_file = ''
tstamp = int(clock())
try:
tmpfolder = request.fields['sniffMyPackets.outputfld']
except:
return response + UIMessage('No output folder defined, run the L0 - Prepare pcap transform')
if 'stream' not in pcap:
new_file = tmpfolder + '/' + str(tstamp) + '.pdf'
else:
new_file = tmpfolder + '/' + request.value[42:-5] + '.pdf'
pkts.pdfdump(filename=new_file)
e = GenericFile(new_file)
e.linklabel = 'PDF File'
response += e
return response
def dotransform(request, response):
conf.verb = 0 # turn off the annoying....'s'
pcap = request.value
pkts = rdpcap(pcap)
new_file = ''
tstamp = int(clock())
try:
tmpfolder = request.fields['sniffMyPackets.outputfld']
except:
return response + UIMessage(
'No output folder defined, run the L0 - Prepare pcap transform')
if 'stream' not in pcap:
new_file = tmpfolder + '/' + str(tstamp) + '.pdf'
else:
new_file = tmpfolder + '/' + request.value[42:-5] + '.pdf'
pkts.pdfdump(filename=new_file)
e = GenericFile(new_file)
e.linklabel = 'PDF File'
response += e
return response
