else:
yara_rules = None
# open CSV file
if options.csv:
print 'Writing output to CSV file: %s' % options.csv
csvfile = open(options.csv, 'wb')
csv_writer = csv.writer(csvfile)
csv_writer.writerow(
['Filename', 'Index', 'Pattern name', 'Found string', 'Length'])
else:
csv_writer = None
# scan each file provided as argument:
for filename, data in iter_files(args, options.recursive,
options.zip_password, options.zip_fname):
print "=" * 79
print "File: %s\n" % filename
if MAGIC:
print "Filetype according to magic: %s\n" % magic.whatis(data)
bbz = Balbuzard(patterns, yara_rules=yara_rules)
bbz.scan_display(data,
filename,
hexdump=options.verbose,
csv_writer=csv_writer)
# close CSV file
if options.csv:
csvfile.close()
# This was coded while listening to The National "Boxer".
yara_rules.append(yara.compile(f))
else:
yara_rules = None
# open CSV file
if options.csv:
print 'Writing output to CSV file: %s' % options.csv
csvfile = open(options.csv, 'wb')
csv_writer = csv.writer(csvfile)
csv_writer.writerow(['Filename', 'Index', 'Pattern name',
'Found string', 'Length'])
else:
csv_writer = None
# scan each file provided as argument:
for filename, data in iter_files(args, options.recursive,
options.zip_password, options.zip_fname):
print "="*79
print "File: %s\n" % filename
if MAGIC:
print "Filetype according to magic: %s\n" % magic.whatis(data)
bbz = Balbuzard(patterns, yara_rules=yara_rules)
bbz.scan_display(data, filename, hexdump=options.verbose, csv_writer=csv_writer)
# close CSV file
if options.csv:
csvfile.close()
# This was coded while listening to The National "Boxer".
def main():
usage = 'usage: %prog [options] <filename> [filename2 ...]'
parser = optparse.OptionParser(usage=usage)
## parser.add_option('-o', '--outfile', dest='outfile',
## help='output file')
parser.add_option('-c',
'--csv',
dest='csv',
help='export results to a CSV file')
parser.add_option("-v",
action="store_true",
dest="verbose",
help='verbose display, with hex view.')
parser.add_option("-r",
action="store_true",
dest="recursive",
help='find files recursively in subdirectories.')
parser.add_option(
"-z",
"--zip",
dest='zip_password',
type='str',
default=None,
help=
'if the file is a zip archive, open first file from it, using the provided password (requires Python 2.6+)'
)
parser.add_option(
"-f",
"--zipfname",
dest='zip_fname',
type='str',
default='*',
help=
'if the file is a zip archive, file(s) to be opened within the zip. Wildcards * and ? are supported. (default:*)'
)
(options, args) = parser.parse_args()
# Print help if no argurments are passed
if len(args) == 0:
print __doc__
parser.print_help()
sys.exit()
# load plugins
for f in rglob(plugins_dir, 'bbz*.py'): # glob.iglob('plugins/bbz*.py'):
print 'Loading plugin from', relpath(f, plugins_dir)
execfile(f)
# load yara plugins
if YARA:
yara_rules = []
for f in rglob(
plugins_dir,
'*.yara'): #glob.iglob('plugins/*.yara'): # or bbz*.yara?
print 'Loading yara plugin from', relpath(f, plugins_dir)
yara_rules.append(yara.compile(f))
else:
yara_rules = None
# open CSV file
if options.csv:
print 'Writing output to CSV file: %s' % options.csv
csvfile = open(options.csv, 'wb')
csv_writer = csv.writer(csvfile)
csv_writer.writerow(
['Filename', 'Index', 'Pattern name', 'Found string', 'Length'])
else:
csv_writer = None
# scan each file provided as argument:
for filename, data in iter_files(args, options.recursive,
options.zip_password, options.zip_fname):
print "=" * 79
print "File: %s\n" % filename
if MAGIC:
print "Filetype according to magic: %s\n" % magic.whatis(data)
bbz = Balbuzard(patterns, yara_rules=yara_rules)
bbz.scan_display(data,
filename,
hexdump=options.verbose,
csv_writer=csv_writer)
# close CSV file
if options.csv:
csvfile.close()