def get_config():
cfg = Config(find_config())
try:
access_key = cfg.config["minio"]["access_key"]
secret_key = cfg.config["minio"]["secret_key"]
except KeyError:
sys.stderr.write(
"WARNING! Misconfiguration: section [minio] of config.ini doesn't contain access_key or secret_key.\n"
)
return cfg
if not access_key and not secret_key:
if not os.path.exists("/etc/drakcore/minio.env"):
raise RuntimeError(
"ERROR! MinIO access credentials are not configured (and can not be auto-detected), unable to start.\n"
)
with open("/etc/drakcore/minio.env", "r") as f:
minio_cfg = [
line.strip().split("=", 1) for line in f
if line.strip() and "=" in line
]
minio_cfg = {k: v for k, v in minio_cfg}
try:
cfg.config["minio"]["access_key"] = minio_cfg["MINIO_ACCESS_KEY"]
cfg.config["minio"]["secret_key"] = minio_cfg["MINIO_SECRET_KEY"]
except KeyError:
sys.stderr.write(
"WARNING! Misconfiguration: minio.env doesn't contain MINIO_ACCESS_KEY or MINIO_SECRET_KEY.\n"
)
return cfg
def get_config():
cfg = Config(find_config())
try:
access_key = cfg.config['minio']['access_key']
secret_key = cfg.config['minio']['secret_key']
except KeyError:
sys.stderr.write(
'WARNING! Misconfiguration: section [minio] of config.ini doesn\'t contain access_key or secret_key.\n'
)
return cfg
if not access_key and not secret_key:
if not os.path.exists('/etc/drakcore/minio.env'):
raise RuntimeError(
'ERROR! MinIO access credentials are not configured (and can not be auto-detected), unable to start.\n'
)
with open('/etc/drakcore/minio.env', 'r') as f:
minio_cfg = [
line.strip().split('=', 1) for line in f
if line.strip() and '=' in line
]
minio_cfg = {k: v for k, v in minio_cfg}
try:
cfg.config['minio']['access_key'] = minio_cfg['MINIO_ACCESS_KEY']
cfg.config['minio']['secret_key'] = minio_cfg['MINIO_SECRET_KEY']
except KeyError:
sys.stderr.write(
'WARNING! Misconfiguration: minio.env doesn\'t contain MINIO_ACCESS_KEY or MINIO_SECRET_KEY.\n'
)
return cfg
def main(cls):
parser = cls.args_parser()
args = parser.parse_args()
config = Config(args.config_file)
service = YaraMatcher(config=config, yara_rule_dir=args.rules)
service.loop()
def main(args):
conf_path = os.path.join(ETC_DIR, "config.ini")
conf = patch_config(Config(conf_path))
if not conf.config.get('minio', 'access_key').strip():
logging.warning(
f"Detected blank value for minio access_key in {conf_path}. "
"This service may not work properly.")
unrecommended = validate_xen_commandline()
if unrecommended:
logging.warning("-" * 80)
logging.warning(
"You don't have the recommended settings in your Xen's command line."
)
logging.warning(
"Please amend settings in your GRUB_CMDLINE_XEN_DEFAULT in /etc/default/grub.d/xen.cfg file."
)
for k, v, actual_v in unrecommended:
if actual_v is not None:
logging.warning(f"- Set {k}={v} (instead of {k}={actual_v})")
else:
logging.warning(f"- Set {k}={v} ({k} is not set right now)")
logging.warning(
"Then, please execute the following commands as root: update-grub && reboot"
)
logging.warning("-" * 80)
logging.warning(
"This check can be skipped by adding xen_cmdline_check=ignore in [drakrun] section of drakrun's config."
)
logging.warning(
"Please be aware that some bugs may arise when using unrecommended settings."
)
try:
xen_cmdline_check = conf.config.get('drakrun', 'xen_cmdline_check')
except NoOptionError:
xen_cmdline_check = 'fail'
if xen_cmdline_check == 'ignore':
logging.warning(
"ATTENTION! Configuration specified that check result should be ignored, continuing anyway..."
)
else:
logging.error(
"Exitting due to above warnings. Please ensure that you are using recommended Xen's command line."
)
sys.exit(1)
# Apply Karton configuration overrides
drakrun_conf = conf.config["drakrun"] if conf.config.has_section(
"drakrun") else {}
DrakrunKarton.reconfigure(drakrun_conf)
c = DrakrunKarton(conf, args.instance)
c.init_drakrun()
c.loop()
def main(cls):
parser = cls.args_parser()
args = parser.parse_args()
config = Config(args.config_file)
service = cls(
config, args.misp_url, args.misp_key, not args.misp_insecure, args.mwdb_url
)
service.loop()
def main(cls):
conf_path = os.path.join(ETC_DIR, "config.ini")
config = patch_config(Config(conf_path))
consumer = RegressionTester(config)
if not consumer.backend.minio.bucket_exists("draktestd"):
consumer.backend.minio.make_bucket(bucket_name="draktestd")
consumer.loop()
def main(cls):
parser = cls.args_parser()
args = parser.parse_args()
config = Config(args.config_file)
user_config = {
'modules': args.modules,
'rootfs': args.rootfs,
'emulator_timeout': args.emulator_timeout,
'timeout': args.timeout,
'debug': args.debug
}
service = Unpacker(config=config, user_config=user_config)
service.loop()
def submit_main(cls):
parser = cls.args_parser()
args = parser.parse_args()
conf_path = os.path.join(ETC_DIR, "config.ini")
config = patch_config(Config(conf_path))
with open(args.tests) as tests:
testcases = [TestCase(**case) for case in json.load(tests)]
root_uids = []
for test in testcases:
sample = test.get_sample()
sys.stderr.write(f"Submitting {test.sha256}\n")
t = Task(headers=dict(type="sample-test", platform="win64"))
t.add_payload("sample", Resource("malwar", sample))
t.add_payload("testcase", test.to_json())
if args.timeout:
t.add_payload("timeout", args.timeout)
p = Producer(config)
p.send_task(t)
root_uids.append(t.root_uid)
consumer = RegressionTester(config)
results = {}
with tqdm(total=len(root_uids)) as pbar:
while len(results) != len(root_uids):
for root_uid in cls.get_finished_tasks(consumer.backend,
root_uids):
if root_uid not in results:
res = json.load(
consumer.backend.minio.get_object(
"draktestd", root_uid))
results[root_uid] = res
print(json.dumps(results[root_uid]))
pbar.update(1)
time.sleep(1)
print(json.dumps(list(results.values())))
def main(cls):
parser = cls.args_parser()
args = parser.parse_args()
config = Config(args.config_file)
if args.rules is None and args.compiled_rules is None:
log.error('--rules or --compiled-rules argument is required')
parser.print_help()
sys.exit(1)
if args.rules is not None and args.compiled_rules is not None:
log.error(
'--rules or --compiled-rules must be specified, not both')
parser.print_help()
sys.exit(1)
service = YaraMatcher(config=config,
yara_rule_dir=args.rules,
yara_compiled_rules=args.compiled_rules)
service.loop()
def main(cls):
parser = cls.args_parser()
args = parser.parse_args()
attributes: DefaultDict[str, List[str]] = defaultdict(list)
for attr in args.attribute:
key, value = attr.split("=", 1)
attributes[key].append(value)
config = Config(args.config_file)
service = ConfigExtractor(
config,
identity=args.identity,
modules=args.modules,
result_tags=args.tag,
result_attributes=dict(attributes),
)
service.loop()
def main():
parser = argparse.ArgumentParser(description="Push sample to the karton")
parser.add_argument("sample", help="Path to the sample")
parser.add_argument(
"--start_command",
help="e.g. start %f, %f will be replaced by file name",
required=False,
)
parser.add_argument(
"--timeout",
default=600,
type=int,
help="analysis timeout in seconds",
required=False,
)
args = parser.parse_args()
conf = patch_config(Config(os.path.join(ETC_DIR, "config.ini")))
producer = Producer(conf)
task = Task({"type": "sample", "stage": "recognized", "platform": "win32"})
with open(args.sample, "rb") as f:
sample = Resource("sample", f.read())
task.add_resource("sample", sample)
# Add filename
filename = os.path.basename(args.sample)
task.add_payload("file_name", os.path.splitext(filename)[0])
# Extract and add extension
extension = os.path.splitext(filename)[1][1:]
if extension:
task.headers["extension"] = extension
if args.start_command is not None:
task.add_payload("start_command", args.start_command)
if args.timeout is not None:
task.add_payload("timeout", args.timeout)
producer.send_task(task)
filters = [
{
"type": "analysis",
"kind": "drakrun"
}
]
def process(self):
tmp_dir = tempfile.mkdtemp(prefix="drakrun")
analysis_uid = self.current_task.payload['analysis_uid']
self.log.info(f"Storing analysis {analysis_uid} into {tmp_dir}")
for name, resource in self.current_task.iterate_resources():
resource.download_to_file(os.path.join(tmp_dir, name))
with open(os.path.join(tmp_dir, "procmon.log"), "r") as f:
self.log.info(f"First 10 lines of procmon output for analysis {self.current_task.uid}")
for obj in map(json.loads, f.read().split('\n')[:10]):
self.log.info(obj)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Exemplary DRAKVUF Sandbox analysis consumer')
args = parser.parse_args()
conf = Config(os.path.join(os.path.dirname(__file__), "config.ini"))
c = DrakrunAnalysisConsumer(conf)
c.loop()
