def run(self, obj, config): data = obj.filedata.read() zipdata = create_zip([("samples", data)]) url = config.get('url', '') if config.get('use_proxy'): proxy_handler = urllib2.ProxyHandler({'http': settings.HTTP_PROXY}) opener = urllib2.build_opener(proxy_handler) urllib2.install_opener(opener) req = urllib2.Request(url) req.add_header("Content-Type", "application/zip") req.add_data(bytearray(zipdata)) out = urllib2.urlopen(req) text_out = out.read() # Parse XML output handler = XMLTagHandler() parser = xml.parsers.expat.ParserCreate() parser.StartElementHandler = handler.StartElement parser.EndElementHandler = handler.EndElement parser.CharacterDataHandler = handler.CharData parser.Parse(text_out) for threat in handler.threatList: self._add_result( 'av_result', threat["threat_name"], { "engine": threat["engine_name"], "date": datetime.now().isoformat() })
def to_file(self, data, options=None): """ Respond with filedata instead of metadata. :param data: The data to be worked on. :type data: dict for multiple objects, :class:`tastypie.bundle.Bundle` for a single object. :param options: Options to alter how this serializer works. :type options: dict :returns: :class:`django.http.HttpResponse`, :class:`tastypie.exceptions.BadRequest` """ get_file = options.get('file', None) file_format = options.get('file_format', 'raw') response = None zipfile = None if get_file: files = [] if hasattr(data, 'obj'): if hasattr(data.obj, 'filedata'): filename = data.obj.md5 filedata = data.obj.filedata.read() if filedata: filedata = self._format_data(filedata, file_format) files.append([filename, filedata]) elif hasattr(data.obj, 'screenshot'): filename = "%s.png" % data.obj.md5 filedata = data.obj.screenshot.read() if filedata: files.append([filename, filedata]) elif 'objects' in data: try: objs = data['objects'] for obj_ in objs: if hasattr(obj_.obj, 'filedata'): filename = obj_.obj.md5 filedata = obj_.obj.filedata.read() if filedata: filedata = self._format_data(filedata, file_format) files.append([filename, filedata]) elif hasattr(obj_.obj, 'screenshot'): filename = "%s.png" % data.obj.md5 filedata = data.obj.screenshot.read() if filedata: files.append([filename, filedata]) except: pass try: if len(files): zipfile = create_zip(files) response = HttpResponse(zipfile, content_type="application/octet-stream; charset=utf-8") response['Content-Disposition'] = 'attachment; filename="results.zip"' else: response = BadRequest("No files found!") except Exception, e: response = BadRequest(str(e))
def to_file(self, data, options=None): """ Respond with filedata instead of metadata. :param data: The data to be worked on. :type data: dict for multiple objects, :class:`tastypie.bundle.Bundle` for a single object. :param options: Options to alter how this serializer works. :type options: dict :returns: :class:`django.http.HttpResponse`, :class:`tastypie.exceptions.BadRequest` """ get_file = options.get('file', None) file_format = options.get('file_format', 'raw') response = None zipfile = None if get_file: files = [] if hasattr(data, 'obj'): if hasattr(data.obj, 'filedata'): filename = data.obj.md5 filedata = data.obj.filedata.read() if filedata: filedata = self._format_data(filedata, file_format) files.append([filename, filedata]) elif hasattr(data.obj, 'screenshot'): filename = "%s.png" % data.obj.md5 filedata = data.obj.screenshot.read() if filedata: files.append([filename, filedata]) elif 'objects' in data: try: objs = data['objects'] for obj_ in objs: if hasattr(obj_.obj, 'filedata'): filename = obj_.obj.md5 filedata = obj_.obj.filedata.read() if filedata: filedata = self._format_data(filedata, file_format) files.append([filename, filedata]) elif hasattr(obj_.obj, 'screenshot'): filename = "%s.png" % data.obj.md5 filedata = data.obj.screenshot.read() if filedata: files.append([filename, filedata]) except: pass try: if len(files): zipfile = create_zip(files) response = HttpResponse(zipfile, mimetype='application/octet-stream; charset=utf-8') response['Content-Disposition'] = 'attachment; filename="results.zip"' else: response = BadRequest("No files found!") except Exception, e: response = BadRequest(str(e))
def run(self, obj, config): data = obj.filedata.read() zipdata = create_zip([("samples", data)]) url = config.get('url', '') if config.get('use_proxy'): self._debug("OPSWAT: proxy handler set to: %s" % settings.HTTP_PROXY) proxy_handler = urllib2.ProxyHandler({'http': settings.HTTP_PROXY}) else: self._debug("OPSWAT: proxy handler unset") proxy_handler = urllib2.ProxyHandler({}) opener = urllib2.build_opener(proxy_handler) urllib2.install_opener(opener) req = urllib2.Request(url) req.add_header("Content-Type", "application/zip") req.add_data(bytearray(zipdata)) out = urllib2.urlopen(req) text_out = out.read() # Parse XML output handler = XMLTagHandler() parser = xml.parsers.expat.ParserCreate() parser.StartElementHandler = handler.StartElement parser.EndElementHandler = handler.EndElement parser.CharacterDataHandler = handler.CharData parser.Parse(text_out) for threat in handler.threatList: self._add_result('av_result', threat["threat_name"], {"engine":threat["engine_name"], "date":datetime.now().isoformat()})
def run(self, obj, config): api = API(config['api_key']) url = config['url'] headers = {"apikey": api_key} data = obj.filedata.read() zipdata = create_zip([("samples", data)]) # SHA1 hash of the given file file_hash = obj.sha1 if config.get('use_proxy'): self._debug("MetaDefender: proxy handler set to: %s" % settings.HTTP_PROXY) #updated for requests proxy_handler = { 'http': settings.HTTP_PROXY, 'https': settings.HTTP_PROXY } else: self._debug("MetaDefender: proxy handler unset") # was this file scanned/uploaded already? hash_found = api.hashScanResult(file_hash, url, headers)[0] # if so we can obtain the scan result via the file's hash file_scan_result = api.hashScanResult(file_hash, url, headers)[1] if not hash_found: # scan/upload the file if we din't obtain a scan result via the file's hash; save the files data_id file_data_id = api.uploadFile(data, url) # obtain the scan results via the file's data_id file_scan_result = api.retrieveScanResult(file_data_id, url, headers) for engine in file_scan_result["scan_results"]["scan_details"]: #stores the threat intel restults. More data could be pulled from the results json, but this was sufficient for my purpose. r = str(file_scan_result["scan_results"]["scan_details"][engine] ['threat_found']) if r == '': r = 'No Threat Detected' #add result to the table. self._add_result('av_result', str(r), { "engine": str(engine), "date": datetime.now().isoformat() })
def submit_sample(self, obj): timeout = self.config.get('timeout') zipdata = create_zip([(obj.filename, obj.filedata.read())]) machine = self.config.get('machine', "") sc = self.authentication headers = {'X-FEApi-Token': sc} json_option = {'application':'0', 'timeout':timeout, 'priority':'0', 'profiles':[machine], 'analysistype':'0', 'force':'true', 'prefetch':'0'} jsondata = json.dumps(json_option) files = [('filename',('crits.zip', zipdata, '')),('options', ('', jsondata,'application/json'))] r = requests.post(self.base_url + '/submissions', headers=headers, files=files, verify=False, proxies=self.proxies) if r.status_code != requests.codes.ok: msg = "Failed to submit file to machine '%s'." % machine self._error(msg) self._debug(r.text) task_id = r.json()[0]['ID'] self._info("Submitted Task ID %s for machine %s" % (task_id, machine)) self.timeout = timeout self.sc = sc self.task = task_id
def _scan(self, context): data = get_file(context.md5) zipdata = create_zip([("samples", data)]) url = self.config.get('OPSWAT_url', '') req = urllib2.Request(url) req.add_header("Content-Type", "application/zip") req.add_data(bytearray(zipdata)) out = urllib2.urlopen(req) text_out = out.read() # Parse XML output handler = XMLTagHandler() parser = xml.parsers.expat.ParserCreate() parser.StartElementHandler = handler.StartElement parser.EndElementHandler = handler.EndElement parser.CharacterDataHandler = handler.CharData parser.Parse(text_out) for threat in handler.threatList: self._add_result('av_result', threat["threat_name"], {"engine":threat["engine_name"], "date":datetime.now().isoformat()})