def initialize(self):
# Check dependencies
if not HAVE_FRIDA:
raise ModuleInitializationError(self, "Missing dependency: frida")
if not HAVE_PYWIN32:
raise ModuleInitializationError(self,
"Missing dependency: pywin32")
def initialize(self):
if not HAVE_ANDROGUARD:
raise ModuleInitializationError(self,
"Missing dependency: androguard")
if not HAVE_MAGIC:
raise ModuleInitializationError(
self, "Missing dependency: python-magic")
def initialize(self):
# Check dependencies
if not HAVE_REQUESTS:
raise ModuleInitializationError(self,
"Missing dependency: requests")
if not HAVE_IJSON:
raise ModuleInitializationError(self, "Missing dependency: ijson")
def initialize(self):
if not HAVE_ANDROGUARD:
raise ModuleInitializationError(self,
"Missing dependency: androguard")
if not HAVE_NETWORKX:
raise ModuleInitializationError(self,
"Missing dependency: networkx")
def initialize(self):
if not has_dnsdump:
raise ModuleInitializationError(self,
"Missing dependancy: dnsdmpstr")
if not has_tldextract:
raise ModuleInitializationError(self,
"Missing dependancy: tldextract")
def initialize(self):
if not HAVE_PEFILE:
raise ModuleInitializationError(self, 'Missing dependency: pefile')
if not HAVE_MCRYPTO:
raise ModuleInitializationError(self,
'Missing dependency: M2Crypto')
return True
def initialize(self):
if not HAVE_YARA:
raise ModuleInitializationError(self, "Missing dependency: yara")
if not HAVE_RATDECODERS:
raise ModuleInitializationError(self,
"Missing dependency: RATDecoders")
self.results = {}
def initialize(self):
# Check dependencies
if not HAVE_REQUESTS:
raise ModuleInitializationError(self,
"Missing dependency: requests")
if not HAVE_MAGIC:
raise ModuleInitializationError(self, "Missing dependency: magic")
if not HAVE_TRIAGE:
raise ModuleInitializationError(self, "Missing dependency: triage")
def initialize(self):
if not HAVE_CAPA:
raise ModuleInitializationError(self, "Missing dependency: capa")
if not HAVE_VIVISECT:
raise ModuleInitializationError(self, "Missing dependency: vivisect")
if not HAVE_ARGPARSE:
raise ModuleInitializationError(self, "Missing dependency: argparse")
if not HAVE_GITPYTHON:
raise ModuleInitializationError(self, "Missing dependency: gitpython")
def initialize(self):
# Check dependencies
if not HAVE_WINAPPDBG:
raise ModuleInitializationError(self,
"Missing dependency: WinAppDbg")
if not HAVE_PYWIN32:
raise ModuleInitializationError(self,
"Missing dependency: pywin32")
self.timeout = 30
def initialize(self):
if ReportingModule.initialize(self):
if not HAVE_REQUESTS:
raise ModuleInitializationError(self, "Missing dependency: requests")
if not HAVE_DEFANG:
raise ModuleInitializationError(self, "Missing dependency: defang")
return True
else:
return False
def initialize(self):
if ReportingModule.initialize(self):
if not HAS_TEAMS:
raise ModuleInitializationError(
self, "Missing dependency: pymsteams")
if not HAS_DEFANG:
raise ModuleInitializationError(self,
"Missing dependency: defang")
return True
else:
return False
def initialize(self):
super(MemYara, self).initialize()
# Check dependencies
if not HAVE_VOLATILITY:
raise ModuleInitializationError(self,
"Missing dependency: volatility")
if not HAVE_HEXDUMP:
raise ModuleInitializationError(self,
"Missing dependency: hexdump")
self.needs_plugin("windows.vadyarascan.VadYaraScan")
self.results = []
def initialize(self, vm, base_url, snapshot=None):
VirtualizationModule.initialize(self, vm, base_url, snapshot)
if find_executable('VBoxManage') is None:
raise ModuleInitializationError(self, "Missing dependency: VBoxManage")
return True
def initialize(self, vm, base_url, snapshot=None):
VirtualizationModule.initialize(self, vm, base_url, snapshot)
if not HAVE_LIBVIRT:
raise ModuleInitializationError(self,
"Missing dependency: libvirt")
return True
def initialize(self):
if not HAVE_REQUESTS:
raise ModuleInitializationError(
self, "Missing dependency: requests")
self.threat_types = [threat_type.strip() for threat_type in self.threat_types.split(',')]
self.platform_types = [platform_type.strip() for platform_type in self.platform_types.split(',')]
return True
def _send_module(self):
fd = open(inspect.getsourcefile(self.__class__))
result = self._post('/module_update', files={'file': fd})
fd.close()
result = self._post('/module_update_info', json={'name': self.name, 'config': self._get_config()})
if result['status'] != 'ok':
raise ModuleInitializationError(self, result['error'])
def initialize(self):
if ReportingModule.initialize(self):
if not HAVE_REQUESTS:
raise ModuleInitializationError(self, "Missing dependency: requests")
if not HAVE_DEFANG:
raise ModuleInitializationError(self, "Missing dependency: defang")
if not HAVE_PDFKIT:
raise ModuleInitializationError(self, "Missing dependency: pdfkit")
if find_executable("7z") is None:
raise ModuleInitializationError(self, "Missing dependency: 7z")
return True
else:
return False
def initialize(self):
self.task_id = None
self.should_restore = False
self.labels = ordered_list_value(self.label)
self.ip_addresses = ordered_list_value(self.ip_address)
self.ports = ordered_list_value(self.port)
if not (len(self.labels) == len(self.ip_addresses) == len(self.ports)):
raise ModuleInitializationError(self, "List values for 'label', 'ip_address' and 'port' must contain exactly the same number of elements.")
def initialize(self):
# Check dependencies
if not HAVE_VOLATILITY:
raise ModuleInitializationError(self,
"Missing dependency: volatility")
# Default configuration
base_conf = {
"profile": self.volatility.profile,
"use_old_as": None,
"kdbg": None,
"help": False,
"kpcr": None,
"tz": None,
"pid": None,
"output_file": None,
"physical_offset": None,
"conf_file": None,
"dtb": None,
"output": None,
"info": None,
"plugins": self.volatility.plugins,
"debug": None,
"cache_dtb": True,
"filename": None,
"cache_directory": None,
"verbose": None,
"write": False
}
# Create Volatility API configuration
self._volconfig = conf.ConfObject()
self._volconfig.optparser.set_conflict_handler("resolve")
for key, value in base_conf.items():
self._volconfig.update(key, value)
# Get all available plugins
# These two imports must occur after configuration init
# Else, 'plugins' configuration will not be effective
self._volcommands = import_module("volatility.commands")
self._volregistry = import_module("volatility.registry")
self._volutils = import_module("volatility.utils")
self._volregistry.PluginImporter()
self.plugins = self._volregistry.get_plugin_classes(
self._volcommands.Command, lower=True)
# Check if we have the right volatility plugins for this module
if self.plugin_name is not None:
self.needs_plugin(self.plugin_name)
def needs_plugin(self, plugins):
"""Indicate that this module needs specific volatility plugins.
Only useful when outside of the default scenario.
Args:
plugins: a string or list of strings containing volatility plugins
names.
Raises:
ModuleInitializationError: when one of the plugins is not
available."""
for plugin in iterify(plugins):
if plugin not in self.plugins:
raise ModuleInitializationError(self, "volatility plugin '{}' needed".format(plugin))
def initialize(self):
# Check dependencies
if not HAVE_VOLATILITY:
raise ModuleInitializationError(self, "Missing dependency: volatility")
# Make sure installed volatility is compatible
volatility.framework.require_interface_version(2, 0, 0)
# Create the context and list plugins
self.vol_ctx = contexts.Context()
volatility.plugins.__path__ = constants.PLUGINS_PATH
if self.volatility.plugins and os.path.isdir(self.volatility.plugins):
volatility.plugins.__path__.append(self.volatility.plugins)
volatility.framework.import_files(volatility.plugins, True)
self.plugins = volatility.framework.list_plugins()
def needs_variable(self, variables):
"""Indicate that the module needs a specific attribute to work properly.
This function is only useful in abstract modules, in order to make sure
that modules that inherit from this class correctly defines needed class
attributes.
Args:
variables: a string or an array of strings containing the name of
needed class attributes.
Raises:
ModuleInitializationError: One of the needed attributes is not
correctly defined.
"""
for variable in iterify(variables):
if getattr(self, variable) is None:
raise ModuleInitializationError(self, "no '%s' defined" % variable)
def initialize(self):
if not HAVE_PEFILE:
raise ModuleInitializationError(self, "Missing dependency: pefile")
if not HAVE_YARA:
raise ModuleInitializationError(self, "Missing dependency: yara")
if not HAVE_RARFILE:
raise ModuleInitializationError(self,
"Missing dependency: rarfile")
if not HAVE_PYCRYPTO:
raise ModuleInitializationError(self,
"Missing dependency: pycrypto")
if not HAVE_PBKDF2:
raise ModuleInitializationError(self, "Missing dependency: pbkdf2")
if not HAVE_BAMF:
raise ModuleInitializationError(self,
"Missing dependency: BAMF_Detect")
self.results = {}
def initialize(self):
if not HAVE_OLETOOLS:
raise ModuleInitializationError(self,
'Missing dependency: oletools')
return True
def initialize(self):
if not HAVE_REQUESTS:
raise ModuleInitializationError(self, 'Missing dependency: requests')
return True
def initialize(self):
if not HAVE_DOCKER:
raise ModuleInitializationError(self, "Missing dependency: docker")
return True
def initialize(self):
if not HAVE_LIEF:
raise ModuleInitializationError(self, "Missing dependency: lief")
def initialize(self):
# Check dependencies
if not HAVE_VIRUSTOTAL:
raise ModuleInitializationError(self,
"Missing dependency: virustotal")
def initialize(self):
if not HAVE_YARA:
raise ModuleInitializationError(self, "Missing dependency: yara")
if not HAVE_RATDECODERS:
raise ModuleInitializationError(
self, "Missing dependency: malwareconfig")
