def get_config(): cfg = Config(find_config()) try: access_key = cfg.config["minio"]["access_key"] secret_key = cfg.config["minio"]["secret_key"] except KeyError: sys.stderr.write( "WARNING! Misconfiguration: section [minio] of config.ini doesn't contain access_key or secret_key.\n" ) return cfg if not access_key and not secret_key: if not os.path.exists("/etc/drakcore/minio.env"): raise RuntimeError( "ERROR! MinIO access credentials are not configured (and can not be auto-detected), unable to start.\n" ) with open("/etc/drakcore/minio.env", "r") as f: minio_cfg = [ line.strip().split("=", 1) for line in f if line.strip() and "=" in line ] minio_cfg = {k: v for k, v in minio_cfg} try: cfg.config["minio"]["access_key"] = minio_cfg["MINIO_ACCESS_KEY"] cfg.config["minio"]["secret_key"] = minio_cfg["MINIO_SECRET_KEY"] except KeyError: sys.stderr.write( "WARNING! Misconfiguration: minio.env doesn't contain MINIO_ACCESS_KEY or MINIO_SECRET_KEY.\n" ) return cfg
def get_config(): cfg = Config(find_config()) try: access_key = cfg.config['minio']['access_key'] secret_key = cfg.config['minio']['secret_key'] except KeyError: sys.stderr.write( 'WARNING! Misconfiguration: section [minio] of config.ini doesn\'t contain access_key or secret_key.\n' ) return cfg if not access_key and not secret_key: if not os.path.exists('/etc/drakcore/minio.env'): raise RuntimeError( 'ERROR! MinIO access credentials are not configured (and can not be auto-detected), unable to start.\n' ) with open('/etc/drakcore/minio.env', 'r') as f: minio_cfg = [ line.strip().split('=', 1) for line in f if line.strip() and '=' in line ] minio_cfg = {k: v for k, v in minio_cfg} try: cfg.config['minio']['access_key'] = minio_cfg['MINIO_ACCESS_KEY'] cfg.config['minio']['secret_key'] = minio_cfg['MINIO_SECRET_KEY'] except KeyError: sys.stderr.write( 'WARNING! Misconfiguration: minio.env doesn\'t contain MINIO_ACCESS_KEY or MINIO_SECRET_KEY.\n' ) return cfg
def main(cls): parser = cls.args_parser() args = parser.parse_args() config = Config(args.config_file) service = YaraMatcher(config=config, yara_rule_dir=args.rules) service.loop()
def main(args): conf_path = os.path.join(ETC_DIR, "config.ini") conf = patch_config(Config(conf_path)) if not conf.config.get('minio', 'access_key').strip(): logging.warning( f"Detected blank value for minio access_key in {conf_path}. " "This service may not work properly.") unrecommended = validate_xen_commandline() if unrecommended: logging.warning("-" * 80) logging.warning( "You don't have the recommended settings in your Xen's command line." ) logging.warning( "Please amend settings in your GRUB_CMDLINE_XEN_DEFAULT in /etc/default/grub.d/xen.cfg file." ) for k, v, actual_v in unrecommended: if actual_v is not None: logging.warning(f"- Set {k}={v} (instead of {k}={actual_v})") else: logging.warning(f"- Set {k}={v} ({k} is not set right now)") logging.warning( "Then, please execute the following commands as root: update-grub && reboot" ) logging.warning("-" * 80) logging.warning( "This check can be skipped by adding xen_cmdline_check=ignore in [drakrun] section of drakrun's config." ) logging.warning( "Please be aware that some bugs may arise when using unrecommended settings." ) try: xen_cmdline_check = conf.config.get('drakrun', 'xen_cmdline_check') except NoOptionError: xen_cmdline_check = 'fail' if xen_cmdline_check == 'ignore': logging.warning( "ATTENTION! Configuration specified that check result should be ignored, continuing anyway..." ) else: logging.error( "Exitting due to above warnings. Please ensure that you are using recommended Xen's command line." ) sys.exit(1) # Apply Karton configuration overrides drakrun_conf = conf.config["drakrun"] if conf.config.has_section( "drakrun") else {} DrakrunKarton.reconfigure(drakrun_conf) c = DrakrunKarton(conf, args.instance) c.init_drakrun() c.loop()
def main(cls): parser = cls.args_parser() args = parser.parse_args() config = Config(args.config_file) service = cls( config, args.misp_url, args.misp_key, not args.misp_insecure, args.mwdb_url ) service.loop()
def main(cls): conf_path = os.path.join(ETC_DIR, "config.ini") config = patch_config(Config(conf_path)) consumer = RegressionTester(config) if not consumer.backend.minio.bucket_exists("draktestd"): consumer.backend.minio.make_bucket(bucket_name="draktestd") consumer.loop()
def main(cls): parser = cls.args_parser() args = parser.parse_args() config = Config(args.config_file) user_config = { 'modules': args.modules, 'rootfs': args.rootfs, 'emulator_timeout': args.emulator_timeout, 'timeout': args.timeout, 'debug': args.debug } service = Unpacker(config=config, user_config=user_config) service.loop()
def submit_main(cls): parser = cls.args_parser() args = parser.parse_args() conf_path = os.path.join(ETC_DIR, "config.ini") config = patch_config(Config(conf_path)) with open(args.tests) as tests: testcases = [TestCase(**case) for case in json.load(tests)] root_uids = [] for test in testcases: sample = test.get_sample() sys.stderr.write(f"Submitting {test.sha256}\n") t = Task(headers=dict(type="sample-test", platform="win64")) t.add_payload("sample", Resource("malwar", sample)) t.add_payload("testcase", test.to_json()) if args.timeout: t.add_payload("timeout", args.timeout) p = Producer(config) p.send_task(t) root_uids.append(t.root_uid) consumer = RegressionTester(config) results = {} with tqdm(total=len(root_uids)) as pbar: while len(results) != len(root_uids): for root_uid in cls.get_finished_tasks(consumer.backend, root_uids): if root_uid not in results: res = json.load( consumer.backend.minio.get_object( "draktestd", root_uid)) results[root_uid] = res print(json.dumps(results[root_uid])) pbar.update(1) time.sleep(1) print(json.dumps(list(results.values())))
def main(cls): parser = cls.args_parser() args = parser.parse_args() config = Config(args.config_file) if args.rules is None and args.compiled_rules is None: log.error('--rules or --compiled-rules argument is required') parser.print_help() sys.exit(1) if args.rules is not None and args.compiled_rules is not None: log.error( '--rules or --compiled-rules must be specified, not both') parser.print_help() sys.exit(1) service = YaraMatcher(config=config, yara_rule_dir=args.rules, yara_compiled_rules=args.compiled_rules) service.loop()
def main(cls): parser = cls.args_parser() args = parser.parse_args() attributes: DefaultDict[str, List[str]] = defaultdict(list) for attr in args.attribute: key, value = attr.split("=", 1) attributes[key].append(value) config = Config(args.config_file) service = ConfigExtractor( config, identity=args.identity, modules=args.modules, result_tags=args.tag, result_attributes=dict(attributes), ) service.loop()
def main(): parser = argparse.ArgumentParser(description="Push sample to the karton") parser.add_argument("sample", help="Path to the sample") parser.add_argument( "--start_command", help="e.g. start %f, %f will be replaced by file name", required=False, ) parser.add_argument( "--timeout", default=600, type=int, help="analysis timeout in seconds", required=False, ) args = parser.parse_args() conf = patch_config(Config(os.path.join(ETC_DIR, "config.ini"))) producer = Producer(conf) task = Task({"type": "sample", "stage": "recognized", "platform": "win32"}) with open(args.sample, "rb") as f: sample = Resource("sample", f.read()) task.add_resource("sample", sample) # Add filename filename = os.path.basename(args.sample) task.add_payload("file_name", os.path.splitext(filename)[0]) # Extract and add extension extension = os.path.splitext(filename)[1][1:] if extension: task.headers["extension"] = extension if args.start_command is not None: task.add_payload("start_command", args.start_command) if args.timeout is not None: task.add_payload("timeout", args.timeout) producer.send_task(task)
filters = [ { "type": "analysis", "kind": "drakrun" } ] def process(self): tmp_dir = tempfile.mkdtemp(prefix="drakrun") analysis_uid = self.current_task.payload['analysis_uid'] self.log.info(f"Storing analysis {analysis_uid} into {tmp_dir}") for name, resource in self.current_task.iterate_resources(): resource.download_to_file(os.path.join(tmp_dir, name)) with open(os.path.join(tmp_dir, "procmon.log"), "r") as f: self.log.info(f"First 10 lines of procmon output for analysis {self.current_task.uid}") for obj in map(json.loads, f.read().split('\n')[:10]): self.log.info(obj) if __name__ == "__main__": parser = argparse.ArgumentParser(description='Exemplary DRAKVUF Sandbox analysis consumer') args = parser.parse_args() conf = Config(os.path.join(os.path.dirname(__file__), "config.ini")) c = DrakrunAnalysisConsumer(conf) c.loop()