예제 #1
0
    def form(self, query, result):
        result.para(
            'NOTICE: This loader attempts to load IIS log files completely automatically by determining field names and types from the header comments, if this loader fails, please use the "Simple" loader'
        )

        def test(query, result):
            self.parse(query)
            result.text(
                "The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing."
            )
            self.display_test_log(result)
            return True

        result.wizard(names=(
            "Step 1: Select Log File",
            "Step 2: View test result",
            "Step 3: Save Preset",
            "Step 4: End",
        ),
                      callbacks=(
                          LogFile.get_file,
                          test,
                          FlagFramework.Curry(LogFile.save_preset, log=self),
                          LogFile.end,
                      ))
예제 #2
0
파일: CSV.py 프로젝트: olivierh59500/pyflag
    def form(self, query, result):
        def test_csv(query, result):
            self.parse(query)
            result.start_table()
            result.row("Unprocessed text from file", colspan=5)
            sample = []
            count = 0
            for line in self.read_record():
                sample.append(line)
                count += 1
                if count > 3:
                    break

            result.row('\n'.join(sample), bgcolor='lightgray')
            result.end_table()

            self.draw_type_selector(result)

        def test(query, result):
            self.parse(query)
            result.text(
                "The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing."
            )
            self.display_test_log(result)
            return True

        result.wizard(names=[
            "Step 1: Select Log File", "Step 2: Configure Columns",
            "Step 3: View test result", "Step 4: Save Preset", "Step 5: End"
        ],
                      callbacks=[
                          LogFile.get_file, test_csv, test,
                          FlagFramework.Curry(LogFile.save_preset, log=self),
                          LogFile.end
                      ])
예제 #3
0
    def form(self,query,result):
        """ This draws the form required to fulfill all the parameters for this report
        """
        def configure(query, result):
            result.start_table(hstretch=False)
            result.const_selector("Choose Format String", 'format', formats.values(), formats.keys())
            result.ruler()
            result.checkbox("Split Request into Method/URL/Version", "split_req", "true")
            result.end_table()
            

        def extra_options(query, result):
            self.parse(query)
            result.start_table()
            result.row("Raw text from file")
            sample = []
            count =0
            for line in self.read_record():
                sample.append(line)
                count +=1
                if count>3:
                    break

            [result.row(s,bgcolor='lightgray') for s in sample]
            result.end_table()
            
            result.start_table()
            result.heading("Select Options:")
            result.row("Select Fields to ignore:")
            for i in range(len(self.fields)):
                try:
                    result.checkbox(self.fields[i].name, 'ignore%s' % i, 'true')
                except: pass
            result.end_table()

            #self.draw_type_selector(result)

        def test(query,result):
            self.parse(query)
            result.text("The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing.")
            self.display_test_log(result)
            return True

        result.wizard(
            names = (
            "Step 1: Select Log File",
            "Step 2: Select Format String",
            "Step 3: Select Options",
            "Step 4: View test result",
            "Step 5: Save Preset",
            "Step 6: End",
            ),
            callbacks = (
            LogFile.get_file,
            configure,
            extra_options,
            test,
            FlagFramework.Curry(LogFile.save_preset, log=self),
            LogFile.end,
            ))
예제 #4
0
    def form(self, query, result):
        def test(query, result):
            self.parse(query)
            result.text(
                "The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing."
            )
            self.display_test_log(result)
            return True

        result.wizard(names=(
            "Step 1: Select Log File",
            "Step 2: View test result",
            "Step 3: Save Preset",
            "Step 4: End",
        ),
                      callbacks=(
                          LogFile.get_file,
                          test,
                          FlagFramework.Curry(LogFile.save_preset, log=self),
                          LogFile.end,
                      ))
예제 #5
0
    def display_data(self,
                     query,
                     result,
                     max,
                     cb,
                     slack=False,
                     overread=False):
        """ Displays the data.
        
        The callback takes care of paging the data from self. The callback cb is used to actually render the data:
        
        'def cb(offset,data,result)
        
        offset is the offset in the file where we start, data is the data.
        """
        #Set limits for the dump
        try:
            limit = int(query['hexlimit'])
        except KeyError:
            limit = 0

        oldslack = self.slack
        oldoverread = self.overread
        self.slack = slack
        self.overread = overread

        self.seek(limit)
        data = self.read(max + 1)

        self.slack = oldslack
        self.overread = oldoverread

        ## We try to use our own private toolbar if possible:
        #toolbar_id = result.new_toolbar()
        toolbar_id = 1

        if (not data or len(data) == 0):
            result.text("No Data Available")
        else:
            cb(limit, data, result)

        #Do the navbar
        new_query = query.clone()
        previous = limit - max
        if previous < 0:
            if limit > 0:
                previous = 0
            else:
                previous = None

        if previous != None:
            new_query.set('hexlimit', 0)
            result.toolbar(text="Start",
                           icon="stock_first.png",
                           link=new_query,
                           toolbar=toolbar_id,
                           pane="self")
        else:
            result.toolbar(text="Start",
                           icon="stock_first_gray.png",
                           toolbar=toolbar_id,
                           pane="self")

        if previous != None:
            new_query.set('hexlimit', previous)
            result.toolbar(text="Previous page",
                           icon="stock_left.png",
                           link=new_query,
                           toolbar=toolbar_id,
                           pane="self")
        else:
            result.toolbar(text="Previous page",
                           icon="stock_left_gray.png",
                           toolbar=toolbar_id,
                           pane="self")

        next = limit + max

        ## If we did not read a full page, we do not display
        ## the next arrow
        if len(data) >= max:
            new_query.set('hexlimit', next)
            result.toolbar(text="Next page",
                           icon="stock_right.png",
                           link=new_query,
                           toolbar=toolbar_id,
                           pane="self")
        else:
            result.toolbar(text="Next page",
                           icon="stock_right_gray.png",
                           toolbar=toolbar_id,
                           pane="self")

        if len(data) >= max:
            new_query.set('hexlimit', self.size - self.size % 1024)
            result.toolbar(text="End",
                           icon="stock_last.png",
                           link=new_query,
                           toolbar=toolbar_id,
                           pane="self")
        else:
            result.toolbar(text="End",
                           icon="stock_last_gray.png",
                           toolbar=toolbar_id,
                           pane="self")

        ## Allow the user to skip to a certain page directly:
        result.toolbar(cb=FlagFramework.Curry(goto_page_cb,
                                              variable='hexlimit'),
                       text="Current Offset %s" % limit,
                       icon="stock_next-page.png",
                       toolbar=toolbar_id,
                       pane="popup")

        return result
예제 #6
0
    def form(self, query, result):
        """ This draws the form required to fulfill all the parameters for this report
        """
        def configure_filters(query, result):
            self.parse(query)
            result.start_table()
            result.row("Unprocessed text from file")
            sample = []
            count = 0
            for line in self.read_record():
                sample.append(line)
                count += 1
                if count > 3:
                    break

            [result.row(s, bgcolor='lightgray') for s in sample]
            result.end_table()

            result.start_table()
            result.ruler()
            tmp = result.__class__(result)
            tmp.heading("Step:")
            result.row(tmp, " Select pre-filter(s) to use on the data")
            result.ruler()

            pre_selector(result)
            result.end_table()
            result.start_table()
            ## Show the filtered sample:
            result.row("Prefiltered data:", align="left")
            sample = [self.prefilter_record(record) for record in sample]
            [result.row(s, bgcolor='lightgray') for s in sample]
            result.end_table()

        def configure_seperators(query, result):
            self.parse(query)
            result.start_table(hstretch=False)
            result.const_selector("Simple Field Separator:",
                                  'delimiter',
                                  delimiters.values(),
                                  delimiters.keys(),
                                  autosubmit=True)

            result.end_table()

            self.draw_type_selector(result)

        def test(query, result):
            self.parse(query)
            result.text(
                "The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing."
            )
            self.display_test_log(result)
            return True

        result.wizard(
            names=[
                "Step 1: Select Log File", "Step 2: Configure preprocessors",
                "Step 3: Configure Columns", "Step 4: View test result",
                "Step 5: Save Preset", "Step 6: End"
            ],
            callbacks=[
                LogFile.get_file, configure_filters, configure_seperators,
                test,
                FlagFramework.Curry(LogFile.save_preset, log=self), LogFile.end
            ],
        )
예제 #7
0
            socket.inet_ntoa(struct.pack(
                ">L", connection['src_ip'])), connection['src_port'],
            socket.inet_ntoa(struct.pack(">L", connection['dest_ip'])),
            connection['dest_port'], connection['l'])

        if options.stats:
            stats_fd = open(options.stats, 'ab')
            stats_fd.write(stat)
            stats_fd.close()
            #for i in range(len(connection['packets'])):
            #    tmp.append("%s" % ((connection['packets'][i], connection['offset'][i],
            #                        connection['length'][i]),))

            #stats_fd.write("%s\n" % ','.join(tmp))


processor = reassembler.Reassembler(
    packet_callback=FlagFramework.Curry(Callback, options=options))
for f in args:
    try:
        pcap_file = pypcap.PyPCAP(open(f, "rb"))
    except IOError:
        continue

    while 1:
        try:
            packet = pcap_file.dissect()
            processor.process(packet)
        except StopIteration:
            break
예제 #8
0
    add_constraints = {
        'category': TableActions.selector_constraint,
#        'inode_id': store_inode,
        }

    edit_constraints = {
        'category': TableActions.selector_constraint,
#        'inode_id': store_inode,
        }

    def __init__(self, case=None, id=None):
        self.form_actions = {
            #'inode_id': self.inode_action,
            'inode_id': TableActions.noop,
            'note': TableActions.textarea,
            'category': FlagFramework.Curry(TableActions.selector_display,
                              table='annotate', field='category', case=case),
            }

        TableObj.TableObj.__init__(self,case,id)

## We add callback to allow annotation of Inode displays:
def render_annotate_inode_id(self, inode_id, row, result):
    inode = ''
    if not inode_id: return ''
    
    link = FlagFramework.query_type(case=self.case,
                                    family='Disk Forensics',
                                    report='ViewFile',
                                    mode = 'Summary',
                                    inode_id = inode_id)
    ## This is the table object which is responsible for the
예제 #9
0
        def test(query,result):
            self.parse(query)
            result.text("The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing.")
            self.display_test_log(result)
            return True

        result.wizard(
            names = [ "Step 1: Select Log File",
                      "Step 2: Add Columns",
                      "Step 3: Save Preset",
                      "Step : Test",
                      "Step 4: End"],
            callbacks = [ LogFile.get_file,
                          add_columns,
                          test,
                          FlagFramework.Curry(LogFile.save_preset, log=self),
                          LogFile.end
                          ],
            )

class PadType(ColumnTypes.ColumnType, ColumnTypes.LogParserMixin):
    def __init__(self, regex='.', **kwargs):
        ColumnTypes.ColumnType.__init__(self, name="-", column="-")
        self.re = re.compile(regex)
        self.ignore = True
        
    def insert(self, value):
        pass

    def log_parse(self, row):
        m = self.re.match(row)
예제 #10
0
                s = '\x00' * 1024
                buf = format.Buffer(string=s)
                fd = None
                fdsize = 0

##            print 'File Size %s' % fdsize

            struct = DAFTFormats.DynamicStruct(buf)
            struct.create_fields(query, 'parameter_')

            struct.read(buf)
            popup_row = {}
            for i in range(struct.count):
                tmp = result.__class__(result)
                tmp.popup(FlagFramework.Curry(popup_cb,
                                              column_number=i,
                                              mode='insert'),
                          "Insert column",
                          icon="insert.png")
                tmp.popup(FlagFramework.Curry(popup_cb, column_number=i),
                          "Edit column",
                          icon="edit.png")
                tmp.popup(FlagFramework.Curry(delete_col_cb, column_number=i),
                          "Delete column",
                          icon="delete.png")
                popup_row[query['name_%s' % i]] = tmp

            result.popup(settings_cb, "Change settings", icon="page.png")
            result.popup(FlagFramework.Curry(popup_cb,
                                             column_number=struct.count),
                         "Add new column",