def form(self, query, result): result.para( 'NOTICE: This loader attempts to load IIS log files completely automatically by determining field names and types from the header comments, if this loader fails, please use the "Simple" loader' ) def test(query, result): self.parse(query) result.text( "The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing." ) self.display_test_log(result) return True result.wizard(names=( "Step 1: Select Log File", "Step 2: View test result", "Step 3: Save Preset", "Step 4: End", ), callbacks=( LogFile.get_file, test, FlagFramework.Curry(LogFile.save_preset, log=self), LogFile.end, ))
def form(self, query, result): def test_csv(query, result): self.parse(query) result.start_table() result.row("Unprocessed text from file", colspan=5) sample = [] count = 0 for line in self.read_record(): sample.append(line) count += 1 if count > 3: break result.row('\n'.join(sample), bgcolor='lightgray') result.end_table() self.draw_type_selector(result) def test(query, result): self.parse(query) result.text( "The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing." ) self.display_test_log(result) return True result.wizard(names=[ "Step 1: Select Log File", "Step 2: Configure Columns", "Step 3: View test result", "Step 4: Save Preset", "Step 5: End" ], callbacks=[ LogFile.get_file, test_csv, test, FlagFramework.Curry(LogFile.save_preset, log=self), LogFile.end ])
def form(self,query,result): """ This draws the form required to fulfill all the parameters for this report """ def configure(query, result): result.start_table(hstretch=False) result.const_selector("Choose Format String", 'format', formats.values(), formats.keys()) result.ruler() result.checkbox("Split Request into Method/URL/Version", "split_req", "true") result.end_table() def extra_options(query, result): self.parse(query) result.start_table() result.row("Raw text from file") sample = [] count =0 for line in self.read_record(): sample.append(line) count +=1 if count>3: break [result.row(s,bgcolor='lightgray') for s in sample] result.end_table() result.start_table() result.heading("Select Options:") result.row("Select Fields to ignore:") for i in range(len(self.fields)): try: result.checkbox(self.fields[i].name, 'ignore%s' % i, 'true') except: pass result.end_table() #self.draw_type_selector(result) def test(query,result): self.parse(query) result.text("The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing.") self.display_test_log(result) return True result.wizard( names = ( "Step 1: Select Log File", "Step 2: Select Format String", "Step 3: Select Options", "Step 4: View test result", "Step 5: Save Preset", "Step 6: End", ), callbacks = ( LogFile.get_file, configure, extra_options, test, FlagFramework.Curry(LogFile.save_preset, log=self), LogFile.end, ))
def form(self, query, result): def test(query, result): self.parse(query) result.text( "The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing." ) self.display_test_log(result) return True result.wizard(names=( "Step 1: Select Log File", "Step 2: View test result", "Step 3: Save Preset", "Step 4: End", ), callbacks=( LogFile.get_file, test, FlagFramework.Curry(LogFile.save_preset, log=self), LogFile.end, ))
def display_data(self, query, result, max, cb, slack=False, overread=False): """ Displays the data. The callback takes care of paging the data from self. The callback cb is used to actually render the data: 'def cb(offset,data,result) offset is the offset in the file where we start, data is the data. """ #Set limits for the dump try: limit = int(query['hexlimit']) except KeyError: limit = 0 oldslack = self.slack oldoverread = self.overread self.slack = slack self.overread = overread self.seek(limit) data = self.read(max + 1) self.slack = oldslack self.overread = oldoverread ## We try to use our own private toolbar if possible: #toolbar_id = result.new_toolbar() toolbar_id = 1 if (not data or len(data) == 0): result.text("No Data Available") else: cb(limit, data, result) #Do the navbar new_query = query.clone() previous = limit - max if previous < 0: if limit > 0: previous = 0 else: previous = None if previous != None: new_query.set('hexlimit', 0) result.toolbar(text="Start", icon="stock_first.png", link=new_query, toolbar=toolbar_id, pane="self") else: result.toolbar(text="Start", icon="stock_first_gray.png", toolbar=toolbar_id, pane="self") if previous != None: new_query.set('hexlimit', previous) result.toolbar(text="Previous page", icon="stock_left.png", link=new_query, toolbar=toolbar_id, pane="self") else: result.toolbar(text="Previous page", icon="stock_left_gray.png", toolbar=toolbar_id, pane="self") next = limit + max ## If we did not read a full page, we do not display ## the next arrow if len(data) >= max: new_query.set('hexlimit', next) result.toolbar(text="Next page", icon="stock_right.png", link=new_query, toolbar=toolbar_id, pane="self") else: result.toolbar(text="Next page", icon="stock_right_gray.png", toolbar=toolbar_id, pane="self") if len(data) >= max: new_query.set('hexlimit', self.size - self.size % 1024) result.toolbar(text="End", icon="stock_last.png", link=new_query, toolbar=toolbar_id, pane="self") else: result.toolbar(text="End", icon="stock_last_gray.png", toolbar=toolbar_id, pane="self") ## Allow the user to skip to a certain page directly: result.toolbar(cb=FlagFramework.Curry(goto_page_cb, variable='hexlimit'), text="Current Offset %s" % limit, icon="stock_next-page.png", toolbar=toolbar_id, pane="popup") return result
def form(self, query, result): """ This draws the form required to fulfill all the parameters for this report """ def configure_filters(query, result): self.parse(query) result.start_table() result.row("Unprocessed text from file") sample = [] count = 0 for line in self.read_record(): sample.append(line) count += 1 if count > 3: break [result.row(s, bgcolor='lightgray') for s in sample] result.end_table() result.start_table() result.ruler() tmp = result.__class__(result) tmp.heading("Step:") result.row(tmp, " Select pre-filter(s) to use on the data") result.ruler() pre_selector(result) result.end_table() result.start_table() ## Show the filtered sample: result.row("Prefiltered data:", align="left") sample = [self.prefilter_record(record) for record in sample] [result.row(s, bgcolor='lightgray') for s in sample] result.end_table() def configure_seperators(query, result): self.parse(query) result.start_table(hstretch=False) result.const_selector("Simple Field Separator:", 'delimiter', delimiters.values(), delimiters.keys(), autosubmit=True) result.end_table() self.draw_type_selector(result) def test(query, result): self.parse(query) result.text( "The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing." ) self.display_test_log(result) return True result.wizard( names=[ "Step 1: Select Log File", "Step 2: Configure preprocessors", "Step 3: Configure Columns", "Step 4: View test result", "Step 5: Save Preset", "Step 6: End" ], callbacks=[ LogFile.get_file, configure_filters, configure_seperators, test, FlagFramework.Curry(LogFile.save_preset, log=self), LogFile.end ], )
socket.inet_ntoa(struct.pack( ">L", connection['src_ip'])), connection['src_port'], socket.inet_ntoa(struct.pack(">L", connection['dest_ip'])), connection['dest_port'], connection['l']) if options.stats: stats_fd = open(options.stats, 'ab') stats_fd.write(stat) stats_fd.close() #for i in range(len(connection['packets'])): # tmp.append("%s" % ((connection['packets'][i], connection['offset'][i], # connection['length'][i]),)) #stats_fd.write("%s\n" % ','.join(tmp)) processor = reassembler.Reassembler( packet_callback=FlagFramework.Curry(Callback, options=options)) for f in args: try: pcap_file = pypcap.PyPCAP(open(f, "rb")) except IOError: continue while 1: try: packet = pcap_file.dissect() processor.process(packet) except StopIteration: break
add_constraints = { 'category': TableActions.selector_constraint, # 'inode_id': store_inode, } edit_constraints = { 'category': TableActions.selector_constraint, # 'inode_id': store_inode, } def __init__(self, case=None, id=None): self.form_actions = { #'inode_id': self.inode_action, 'inode_id': TableActions.noop, 'note': TableActions.textarea, 'category': FlagFramework.Curry(TableActions.selector_display, table='annotate', field='category', case=case), } TableObj.TableObj.__init__(self,case,id) ## We add callback to allow annotation of Inode displays: def render_annotate_inode_id(self, inode_id, row, result): inode = '' if not inode_id: return '' link = FlagFramework.query_type(case=self.case, family='Disk Forensics', report='ViewFile', mode = 'Summary', inode_id = inode_id) ## This is the table object which is responsible for the
def test(query,result): self.parse(query) result.text("The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing.") self.display_test_log(result) return True result.wizard( names = [ "Step 1: Select Log File", "Step 2: Add Columns", "Step 3: Save Preset", "Step : Test", "Step 4: End"], callbacks = [ LogFile.get_file, add_columns, test, FlagFramework.Curry(LogFile.save_preset, log=self), LogFile.end ], ) class PadType(ColumnTypes.ColumnType, ColumnTypes.LogParserMixin): def __init__(self, regex='.', **kwargs): ColumnTypes.ColumnType.__init__(self, name="-", column="-") self.re = re.compile(regex) self.ignore = True def insert(self, value): pass def log_parse(self, row): m = self.re.match(row)
s = '\x00' * 1024 buf = format.Buffer(string=s) fd = None fdsize = 0 ## print 'File Size %s' % fdsize struct = DAFTFormats.DynamicStruct(buf) struct.create_fields(query, 'parameter_') struct.read(buf) popup_row = {} for i in range(struct.count): tmp = result.__class__(result) tmp.popup(FlagFramework.Curry(popup_cb, column_number=i, mode='insert'), "Insert column", icon="insert.png") tmp.popup(FlagFramework.Curry(popup_cb, column_number=i), "Edit column", icon="edit.png") tmp.popup(FlagFramework.Curry(delete_col_cb, column_number=i), "Delete column", icon="delete.png") popup_row[query['name_%s' % i]] = tmp result.popup(settings_cb, "Change settings", icon="page.png") result.popup(FlagFramework.Curry(popup_cb, column_number=struct.count), "Add new column",