def autorun_module(file_hash):
if not file_hash:
return
# We need an open session
if not __sessions__.is_set():
# Open session
__sessions__.new(get_sample_path(file_hash))
for cmd_line in cfg.autorun.commands.split(','):
split_commands = cmd_line.split(';')
for split_command in split_commands:
split_command = split_command.strip()
if not split_command:
continue
root, args = parse(split_command)
try:
if root in __modules__:
module = __modules__[root]['obj']()
module.set_commandline(args)
module.run()
print_info("Running Command {0}".format(split_command))
if cfg.modules.store_output and __sessions__.is_set():
Database().add_analysis(file_hash, split_command, module.output)
if cfg.autorun.verbose:
print_output(module.output)
del(module.output[:])
else:
print_error('{0} is not a valid command. Please check your viper.conf file.'.format(cmd_line))
except:
print_error('Viper was unable to complete the command {0}'.format(cmd_line))
return
def autorun_module(file_hash):
if not file_hash:
return
# We need an open session
if not __sessions__.is_set():
# Open session
__sessions__.new(get_sample_path(file_hash))
for cmd_line in cfg.autorun.commands.split(','):
split_commands = cmd_line.split(';')
for split_command in split_commands:
split_command = split_command.strip()
if not split_command:
continue
root, args = parse(split_command)
try:
if root in __modules__:
module = __modules__[root]['obj']()
module.set_commandline(args)
module.run()
print_info("Running Command {0}".format(split_command))
if cfg.modules.store_output and __sessions__.is_set():
Database().add_analysis(file_hash, split_command,
module.output)
if cfg.autorun.verbose:
print_output(module.output)
del (module.output[:])
else:
print_error(
'{0} is not a valid command. Please check your viper.conf file.'
.format(cmd_line))
except:
print_error(
'Viper was unable to complete the command {0}'.format(
cmd_line))
return
def bupextract():
# Check for valid OLE
if not OleFileIO_PL.isOleFile(__sessions__.current.file.path):
print_error("Not a valid BUP File")
return
ole = OleFileIO_PL.OleFileIO(__sessions__.current.file.path)
# We know that BUPS are xor'd with 6A which is dec 106 for the decoder
print_info("Switching Session to Embedded File")
data = xordata(ole.openstream('File_0').read(), 106)
# this is a lot of work jsut to get a filename.
data2 = xordata(ole.openstream('Details').read(), 106)
ole.close()
lines = data2.split('\n')
for line in lines:
if line.startswith('OriginalName'):
fullpath = line.split('=')[1]
pathsplit = fullpath.split('\\')
filename = str(pathsplit[-1][:-1])
# now lets write the data out to a file and get a session on it
if data:
tempName = os.path.join('/tmp', filename)
with open(tempName, 'w') as temp:
temp.write(data)
__sessions__.new(tempName)
return
else:
print_error("Unble to Switch Session")
def store(self):
try:
event_path = os.path.join(self.cur_path, 'misp_events')
if not os.path.exists(event_path):
os.mkdir(event_path)
if self.args.list:
header = ['Event ID', 'Title']
rows = []
for eid, path, title in self._get_local_events(event_path):
rows.append((eid, title))
self.log('table', dict(header=header, rows=sorted(rows, key=lambda i: (int(i[0])))))
elif self.args.update:
for eid, path, title in self._get_local_events(event_path):
event = self.misp.get(eid)
with open(path, 'w') as f:
f.write(json.dumps(event))
self.log('success', '{} updated successfully.'.format(eid))
elif self.args.delete:
path = os.path.join(event_path, '{}.json'.format(self.args.delete))
if os.path.exists(path):
os.remove(path)
self.log('success', '{} removed successfully.'.format(self.args.delete))
else:
self.log('error', '{} does not exists.'.format(self.args.delete))
elif self.args.open:
path = os.path.join(event_path, '{}.json'.format(self.args.open))
if os.path.exists(path):
e_json = json.loads(open(path, 'r').read())
__sessions__.new(misp_event=MispEvent(e_json))
else:
self.log('error', '{} does not exists.'.format(self.args.open))
elif __sessions__.is_attached_misp():
self._dump(__sessions__.current.misp_event.event)
except IOError as e:
self.log('error', e.strerror)
def create_event(self):
if self.args.threat is not None:
# Dirty trick to keep consistency in the module: the threat level in the upload
# API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
# It will be fixed in a near future, in the meantime, we do that:
self.args.threat += 1
if not self.args.info:
self.log('error', 'Info field is required for a new event')
info = ' '.join(self.args.info)
# Check if the following arguments have been set (and correctly set). If not, take the config values
self.args.distrib = self.distribution if self.args.distrib is None else self.args.distrib
self.args.sharing = self.sharinggroup if self.args.sharing is None else self.args.sharing
if self.args.sharing and self.args.distrib != 4:
self.args.sharing = None
self.log('info', "Sharing group can only be set if distribution is 4. Clearing set value")
misp_event = MISPEvent()
misp_event.from_dict(info=info, distribution=self.args.distrib,
sharing_group_id=self.args.sharing, threat_level_id=self.args.threat,
analysis=self.args.analysis, date=self.args.date)
self._search_local_hashes(misp_event)
if self.offline_mode:
# New event created locally, no ID
__sessions__.current.misp_event.current_dump_file = self._dump()
__sessions__.current.misp_event.offline()
else:
misp_event = self.misp.add_event(misp_event)
if self._has_error_message(misp_event):
return
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self._dump()
def bupextract():
# Check for valid OLE
if not OleFileIO_PL.isOleFile(__sessions__.current.file.path):
print_error("Not a valid BUP File")
return
ole = OleFileIO_PL.OleFileIO(__sessions__.current.file.path)
# We know that BUPS are xor'd with 6A which is dec 106 for the decoder
print_info("Switching Session to Embedded File")
data = xordata(ole.openstream('File_0').read(), 106)
# this is a lot of work jsut to get a filename.
data2 = xordata(ole.openstream('Details').read(), 106)
ole.close()
lines = data2.split('\n')
for line in lines:
if line.startswith('OriginalName'):
fullpath = line.split('=')[1]
pathsplit = fullpath.split('\\')
filename = str(pathsplit[-1][:-1])
# now lets write the data out to a file and get a session on it
if data:
tempName = os.path.join('/tmp', filename)
with open(tempName, 'w') as temp:
temp.write(data)
__sessions__.new(tempName)
return
else:
print_error("Unble to Switch Session")
def main():
parser = argparse.ArgumentParser()
parser.add_argument("-p",
"--project",
help="Specify a new or existing project name",
action="store",
required=False)
parser.add_argument("-f",
"--file",
help="Specify a file to be opened directly",
action="store",
required=False)
parser.add_argument("--version", action="version", version=__version__)
args = parser.parse_args()
if args.project:
__project__.open(args.project)
if args.file:
if not os.path.exists(args.file):
print("ERROR: The specified path does not exist")
sys.exit(-1)
__sessions__.new(args.file)
c = console.Console()
c.start()
def att_session(att_id, msg, ole_flag):
att_count = 0
if ole_flag:
ole = msg
# Hard part now, each part of the attachment is in a seperate stream
# need to get a unique stream id for each att
# its in the streamname as an 8 digit number.
for i in range(
20
): # arbitrary count of emails. i dont expecet this many
stream_number = str(i).zfill(8)
stream_name = '__attach_version1.0_#' + stream_number
#Unicode
try:
att_filename = ole.openstream(
stream_name + '/__substg1.0_3704001F').read()
att_filename = att_filename.replace('\x00', '')
att_data = ole.openstream(
stream_name + '/__substg1.0_37010102').read()
except:
pass
# ASCII
try:
att_filename = ole.openstream(
stream_name + '/__substg1.0_3704001E').read()
att_data = ole.openstream(
stream_name + '/__substg1.0_37010102').read()
except:
pass
if i == att_id:
print_info(
"Switching session to {0}".format(att_filename))
tmp_path = os.path.join(tempfile.gettempdir(),
att_filename)
with open(tmp_path, 'w') as tmp:
tmp.write(att_data)
__sessions__.new(tmp_path)
return
else:
for part in msg.walk():
if part.get_content_maintype(
) == 'multipart' or not part.get('Content-Disposition'):
continue
att_count += 1
if att_count == att_id:
print_info("Switching session to {0}".format(
part.get_filename()))
data = part.get_payload(decode=True)
if data:
tmp_path = os.path.join(tempfile.gettempdir(),
part.get_filename())
with open(tmp_path, 'w') as tmp:
tmp.write(data)
__sessions__.new(tmp_path)
return
def module_cmdline(cmd_line, file_hash):
html = ""
cmd = Commands()
split_commands = cmd_line.split(';')
for split_command in split_commands:
split_command = split_command.strip()
if not split_command:
continue
root, args = parse(split_command)
try:
if root in cmd.commands:
cmd.commands[root]['obj'](*args)
html += print_output(cmd.output)
del (cmd.output[:])
elif root in __modules__:
# if prev commands did not open a session open one on the current file
if file_hash:
path = get_sample_path(file_hash)
__sessions__.new(path)
module = __modules__[root]['obj']()
module.set_commandline(args)
module.run()
html += print_output(module.output)
if cfg.modules.store_output and __sessions__.is_set():
Database().add_analysis(file_hash, split_command, module.output)
del (module.output[:])
else:
html += '<p class="text-danger">{0} is not a valid command</p>'.format(cmd_line)
except Exception as e:
html += '<p class="text-danger">We were unable to complete the command {0}</p>'.format(cmd_line)
__sessions__.close()
return html
def run(self, *args):
try:
args = self.parser.parse_args(args)
except SystemExit:
return
if __sessions__.is_set():
if not __sessions__.current.file.id:
self.log(
'error',
"The opened file does not have an ID, have you stored it yet?"
)
return
self.log(
'info', "Current name is: {}".format(
bold(__sessions__.current.file.name)))
new_name = input("New name: ")
if not new_name:
self.log('error', "File name can't be empty!")
return
Database().rename(__sessions__.current.file.id, new_name)
self.log('info', "Refreshing session to update attributes...")
__sessions__.new(__sessions__.current.file.path)
else:
self.log(
'error',
"No open session. This command expects a file to be open.")
def publish(self):
current_event = copy.deepcopy(__sessions__.current.misp_event.event)
event = self.misp.publish(current_event)
if not self._has_error_message(event):
self.log('success',
'Event {} published.'.format(event['Event']['id']))
__sessions__.new(misp_event=MispEvent(event))
def run_module():
project = request.forms.get('project')
if project:
__project__.open(project)
sha256 = request.forms.get('sha256')
if sha256:
file_path = get_sample_path(sha256)
if file_path:
__sessions__.new(file_path)
module_name = request.forms.get('module')
if module_name in __modules__:
module = __modules__[module_name]['obj']()
module.run()
module_output = copy.deepcopy(module.output)
del (module.output[:])
if module_output:
return jsonize(
dict(project=project,
module=module_name,
sha256=sha256,
output=module_output))
def test_create_event(self, capsys):
instance = misp.MISP()
instance.command_line = ['--url', url, '-k', apikey, '-v', 'create_event', '-i', 'Viper test event']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Session opened on MISP event.*", out)
event_id = re.findall(r".*Session opened on MISP event (.*)\..*", out)[0]
instance.command_line = ['--url', url, '-k', apikey, '-v', 'add', 'ip-dst', '8.8.8.8']
instance.run()
out, err = capsys.readouterr()
assert re.search(rf".*Session on MISP event {event_id} refreshed.*", out)
instance.command_line = ['--url', url, '-k', apikey, '-v', 'show']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*ip-dst | 8.8.8.8.*", out)
__sessions__.new(os.path.join(FIXTURE_DIR, 'chromeinstall-8u31.exe'))
instance.command_line = ['add_hashes']
instance.run()
instance.command_line = ['--url', url, '-k', apikey, '-v', 'show']
instance.run()
out, err = capsys.readouterr()
assert re.search(rf".*Session on MISP event {event_id} refreshed.*", out)
def create_event(self):
if self.args.threat is not None:
# Dirty trick to keep consistency in the module: the threat level in the upload
# API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
# It will be fixed in a near future, in the meantime, we do that:
self.args.threat += 1
if not self.args.info:
self.log('error', 'Info field is required for a new event')
info = ' '.join(self.args.info)
misp_event = MISPEvent()
misp_event.set_all_values(info=info, distribution=self.args.distrib,
threat_level_id=self.args.threat, analysis=self.args.analysis,
date=self.args.date)
self._search_local_hashes(misp_event)
if self.offline_mode:
# New event created locally, no ID
__sessions__.current.misp_event.current_dump_file = self._dump()
__sessions__.current.misp_event.offline()
else:
misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
if self._has_error_message(misp_event):
return
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self._dump()
def create_event(self):
if self.args.threat is not None:
# Dirty trick to keep consistency in the module: the threat level in the upload
# API can go from 0 import to 3 but it is 1 to 4 in the event mgmt API.
# It will be fixed in a near future, in the meantime, we do that:
self.args.threat += 1
if not self.args.info:
self.log('error', 'Info field is required for a new event')
info = ' '.join(self.args.info)
# Check if the following arguments have been set (and correctly set). If not, take the config values
self.args.distrib = self.distribution if self.args.distrib is None else self.args.distrib
self.args.sharing = self.sharinggroup if self.args.sharing is None else self.args.sharing
if self.args.sharing and self.args.distrib != 4:
self.args.sharing = None
self.log('info', "Sharing group can only be set if distribution is 4. Clearing set value")
misp_event = MISPEvent()
misp_event.set_all_values(info=info, distribution=self.args.distrib,
sharing_group_id=self.args.sharing, threat_level_id=self.args.threat,
analysis=self.args.analysis, date=self.args.date)
self._search_local_hashes(misp_event)
if self.offline_mode:
# New event created locally, no ID
__sessions__.current.misp_event.current_dump_file = self._dump()
__sessions__.current.misp_event.offline()
else:
misp_event = self.misp.add_event(json.dumps(misp_event, cls=EncodeUpdate))
if self._has_error_message(misp_event):
return
__sessions__.new(misp_event=MispEvent(misp_event, self.offline_mode))
self._dump()
def post(self, request, *args, **kwargs):
print("IN F*****G DELETE PARENT VIEW")
child = request.POST.get('child').lower()
parent = request.POST.get('parent').lower()
project = request.POST.get('project', 'default')
db = open_db(project)
if not child:
log.error("no sha256 hashed for child provided")
raise Http404("no sha256 hashed for child provided")
if not parent:
log.error("no sha256 hashed for parent provided")
raise Http404("no sha256 hashed for parent provided")
# Open a session
try:
path = get_sample_path(child)
if not path:
raise Http404(
"could not retrieve file for sha256 hash: {}".format(
child))
__sessions__.new(path)
except Exception as err:
log.error("Error: {}".format(err))
return HttpResponse(
'<span class="alert alert-danger">Invalid Submission</span>'.
format())
db.delete_parent(child)
return redirect(
reverse("file-view", kwargs={
"project": project,
"sha256": child
}))
def module_cmdline(cmd_line, file_hash):
html = ""
cmd = Commands()
split_commands = cmd_line.split(';')
for split_command in split_commands:
split_command = split_command.strip()
if not split_command:
continue
root, args = parse(split_command)
try:
if root in cmd.commands:
cmd.commands[root]['obj'](*args)
html += print_output(cmd.output)
del (cmd.output[:])
elif root in __modules__:
# if prev commands did not open a session open one on the current file
if file_hash:
path = get_sample_path(file_hash)
__sessions__.new(path)
module = __modules__[root]['obj']()
module.set_commandline(args)
module.run()
html += print_output(module.output)
del (module.output[:])
else:
html += '<p class="text-danger">{0} is not a valid command</p>'.format(
cmd_line)
except:
html += '<p class="text-danger">We were unable to complete the command {0}</p>'.format(
cmd_line)
__sessions__.close()
return html
def cmd_tags(self, *args):
parser = argparse.ArgumentParser(
prog='tags', description="Modify tags of the opened file")
parser.add_argument(
'-a',
'--add',
metavar='TAG',
help="Add tags to the opened file (comma separated)")
parser.add_argument('-d',
'--delete',
metavar='TAG',
help="Delete a tag from the opened file")
try:
args = parser.parse_args(args)
except:
return
# This command requires a session to be opened.
if not __sessions__.is_set():
self.log('error', "No open session")
parser.print_usage()
return
# If no arguments are specified, there's not much to do.
# However, it could make sense to also retrieve a list of existing
# tags from this command, and not just from the "find" command alone.
if args.add is None and args.delete is None:
parser.print_usage()
return
# TODO: handle situation where addition or deletion of a tag fail.
db = Database()
if not db.find(key='sha256', value=__sessions__.current.file.sha256):
self.log(
'error', "The opened file is not stored in the database. "
"If you want to add it use the `store` command.")
return
if args.add:
# Add specified tags to the database's entry belonging to
# the opened file.
db.add_tags(__sessions__.current.file.sha256, args.add)
self.log('info', "Tags added to the currently opened file")
# We refresh the opened session to update the attributes.
# Namely, the list of tags returned by the 'info' command
# needs to be re-generated, or it wouldn't show the new tags
# until the existing session is closed a new one is opened.
self.log('info', "Refreshing session to update attributes...")
__sessions__.new(__sessions__.current.file.path)
if args.delete:
# Delete the tag from the database.
db.delete_tag(args.delete, __sessions__.current.file.sha256)
# Refresh the session so that the attributes of the file are
# updated.
self.log('info', "Refreshing session to update attributes...")
__sessions__.new(__sessions__.current.file.path)
def test_no_argument(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = Macho()
instance.run()
out, err = capsys.readouterr()
lines = out.split("\n")
assert re.search(r".*Session opened on.*", lines[0])
def file_view(request, sha256=False, project='default'):
if not sha256:
return render(request, '404.html')
print sha256
db = open_db(project)
# Open a session
try:
path = get_sample_path(sha256)
__sessions__.new(path)
except:
return render(request, '404.html')
# Get the file info
file_info = {
'name': __sessions__.current.file.name,
'tags': __sessions__.current.file.tags.split(','),
'path': __sessions__.current.file.path,
'size': __sessions__.current.file.size,
'type': __sessions__.current.file.type,
'mime': __sessions__.current.file.mime,
'md5': __sessions__.current.file.md5,
'sha1': __sessions__.current.file.sha1,
'sha256': __sessions__.current.file.sha256,
'sha512': __sessions__.current.file.sha512,
'ssdeep': __sessions__.current.file.ssdeep,
'crc32': __sessions__.current.file.crc32,
'parent': __sessions__.current.file.parent,
'children': __sessions__.current.file.children.split(',')
}
# Get Any Notes
note_list = []
module_history = []
malware = db.find(key='sha256', value=sha256)
if malware:
notes = malware[0].note
if notes:
for note in notes:
note_list.append({'title': note.title,
'body': note.body,
'id': note.id
})
analysis_list = malware[0].analysis
if analysis_list:
for ana in analysis_list:
module_history.append({'id': ana.id,
'cmd_line': ana.cmd_line
})
# Return the page
return render(request, 'file.html', {'file_info': file_info,
'note_list': note_list,
'error_line': False,
'project': project,
'projects': project_list(),
'module_history': module_history
})
def test_export(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = office()
instance.command_line = ["-e", 'out_all']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*out_all/ObjectPool-_1398590705-Contents*", out)
def cmd_new(self, *args):
title = input("Enter a title for the new file: ")
# Create a new temporary file.
tmp = tempfile.NamedTemporaryFile(delete=False)
# Open the temporary file with the default editor, or with nano.
os.system('"${EDITOR:-nano}" ' + tmp.name)
__sessions__.new(tmp.name)
__sessions__.current.file.name = title
print_info('New file with title "{0}" added to the current session'.format(bold(title)))
def test_oleid(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = office.Office()
instance.command_line = ["-o"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Macros .*| True.*", out)
def test_run_session(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = fuzzy.Fuzzy()
instance.command_line = []
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*relevant matches found.*", out)
def test_export(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = office.Office()
instance.command_line = ["-e", 'out_all']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*out_all/ObjectPool-_1398590705-Contents*", out)
def test_oleid(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = office()
instance.command_line = ["-o"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Macros .*| True.*", out)
def test_info(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-i"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Package Name: de.rhab.helloworld*", out)
def test_file(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-f"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*APK Contents.*", out)
def test_dump_no_parameter(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-d"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*argument -d/--dump: expected one argument.*", out)
def test_all(self, capsys, filename, pkg_name):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-a"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Package Name: {}.*".format(pkg_name), out)
def test_code(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = office()
instance.command_line = ["-c", 'out_macro']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Writing VBA Code to out_macro.*", out)
def test_meta(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = swf.SWF()
instance.command_line = []
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*The opened file doesn't appear to be compressed.*", out)
def test_code(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = office.Office()
instance.command_line = ["-c", 'out_macro']
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Writing VBA Code to out_macro.*", out)
def test_run_session(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = clamav.ClamAV()
instance.command_line = []
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Clamav identify.*", out)
def _populate(self, event, original_attributes):
if len(event.attributes) == original_attributes:
self.log('info', "No new attributes to add.")
return
event.timestamp = int(time.time())
result = self.misp.update(event._json())
if not self._has_error_message(result):
self.log('success', "All attributes updated successfully")
__sessions__.new(misp_event=MispEvent(result, self.offline_mode))
def test_run_session(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = fuzzy()
instance.command_line = []
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*relevant matches found.*", out)
def test_no_argument(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = macho()
instance.run()
out, err = capsys.readouterr()
lines = out.split("\n")
assert re.search(r".*Session opened on.*", lines[0])
def test_streams(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = office.Office()
instance.command_line = ["-s"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Macros/kfjtir .* 2017-04-09 19:03:45.905000 | 2017-04-09 19:03:45.920000.*", out)
def test_perm(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk()
instance.command_line = ["-p"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*APK Permissions.*", out)
def publish(self):
__sessions__.current.misp_event.event.publish()
if self.offline_mode:
self._dump()
else:
event = self.misp.update(__sessions__.current.misp_event.event)
if not self._has_error_message(event):
self.log('success', 'Event {} published.'.format(event['Event']['id']))
__sessions__.new(misp_event=MispEvent(event, self.offline_mode))
def test_streams(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = office.Office()
instance.command_line = ["-s"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Macros/kfjtir .* 2017-04-09 19:03:45.905000 | 2017-04-09 19:03:45.920000.*", out)
def test_resources(self, capsys, filename, expected):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = pe.PE()
instance.command_line = ["resources"]
instance.run()
out, err = capsys.readouterr()
assert re.search(expected, expected)
def test_security(self, capsys, filename, expected):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = pe.PE()
instance.command_line = ["security"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*{}*".format(expected), out)
def cmd_new(self, *args):
title = raw_input("Enter a title for the new file: ")
# Create a new temporary file.
tmp = tempfile.NamedTemporaryFile(delete=False)
# Open the temporary file with the default editor, or with nano.
os.system('"${EDITOR:-nano}" ' + tmp.name)
__sessions__.new(tmp.name)
__sessions__.current.file.name = title
print_info("New file with title \"{0}\" added to the current session".format(bold(title)))
def test_resources(self, capsys, filename, expected):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = pe.PE()
instance.command_line = ["resources"]
instance.run()
out, err = capsys.readouterr()
assert re.search(expected, expected)
def test_security(self, capsys, filename, expected):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = pe.PE()
instance.command_line = ["security"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*{}*".format(expected), out)
def test_file(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-f"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*APK Contents.*", out)
def test_info(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-i"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Package Name: de.rhab.helloworld*", out)
def test_dump_no_parameter(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-d"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*argument -d/--dump: expected one argument.*", out)
def test_all(self, capsys, filename, pkg_name):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-a"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*Package Name: {}.*".format(pkg_name), out)
def test_language(self, capsys, filename, expected):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = pe.PE()
instance.command_line = ["language"]
instance.run()
out, err = capsys.readouterr()
lines = out.split("\n")
assert re.search(expected, lines[1])
def test_language(self, capsys, filename, expected):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = pe.PE()
instance.command_line = ["language"]
instance.run()
out, err = capsys.readouterr()
lines = out.split("\n")
assert re.search(expected, lines[1])
def test_all(self, capsys, filename, expected):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = emailparse.EmailParse()
instance.command_line = ['-a']
instance.run()
out, err = capsys.readouterr()
for e in expected:
assert re.search(e, out)
def test_url(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-u"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r".*http://schemas.android.com/apk/res/android.*", out)
assert not re.search(r".*http://foo.example.bar.*", out)
def test_cert(self, capsys, filename):
__sessions__.new(os.path.join(FIXTURE_DIR, filename))
instance = apk.AndroidPackage()
instance.command_line = ["-c"]
instance.run()
out, err = capsys.readouterr()
assert re.search(r"md5: 2487974b62a94eaa8254b95dd8ce8fc7", out)
assert re.search(r"sha1: 652f6129c87d0540bf986fc00efd9ab8a78784de", out)
def _check_add(self, new_event):
old_related = self._find_related_id(__sessions__.current.misp_event.event)
new_related = self._find_related_id(new_event)
old_related_ids = [i[0] for i in old_related]
for related, title in new_related:
if related not in old_related_ids:
self.log('success', 'New related event: {}/events/view/{} - {}'.format(self.url.rstrip('/'), related, title))
else:
self.log('info', 'Related event: {}/events/view/{} - {}'.format(self.url.rstrip('/'), related, title))
__sessions__.new(misp_event=MispEvent(new_event, self.offline_mode))
