def returnsubsections(flag,section,initiative=True,subsections=None):
if flag and initiative:
subsections += list(ConfigurationManager.readCuckooResultsConfig(variable='subsections',section=section).split(','))
for subsection in subsections:
subsections+=returnsubsections(flag=literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section='subsection_'+subsection)),
section='subsection_'+subsection,subsections=[],initiative=False)
return subsections
elif flag:
subsections += list(ConfigurationManager.readCuckooResultsConfig(variable='subsections',section=section).split(','))
for subsection in subsections:
returnsubsections(flag=literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section='subsection_'+subsection)),
section='subsection_'+subsection,subsections=[],initiative=False)
return subsections
else:
return subsections
def __init__(self,section,filename=None,data_results=None):
self.logger = Logger()
self.key=ConfigurationManager.readCuckooResultsConfig(variable='key',section=section)
self.encapsulation = literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section=section))
self.keys = list(ConfigurationManager.readCuckooResultsConfig(variable='keys',section=section).split(','))
#Check if there are not any keys
if self.keys==['']:
self.keys=None
self.subsectionskeys={}
if self.encapsulation:
self.subsections = returnsubsections(self.encapsulation,section=section,subsections=[])
for subsection in self.subsections:
self.subsectionskeys[ConfigurationManager.readCuckooResultsConfig(variable='key',section='subsection_'+subsection)] = list(ConfigurationManager.readCuckooResultsConfig(variable='keys',section='subsection_'+subsection).split(','))
results=None
try:
if data_results is not None:
results=data_results[self.key]
elif filename is not None:
results = load_results(filename)[self.key]
except Exception, e:
self.logger.errorLogging(str(e))
import os,socket,SocketServer,sys,ssl,time
from common.configmanager import ConfigurationManager
from common.logger import Logger
import hashlib
from ast import literal_eval
ANALYSIS_PATH=ConfigurationManager.readServerConfig('analysis_path')
MALWARE_PATH = ConfigurationManager.readServerConfig('malware_path')
IOC_SERVER_ADDR = ConfigurationManager.readServerConfig('ioc_address')
IOC_SERVER_PORT = int(ConfigurationManager.readServerConfig('ioc_port'))
SERVER_PORT= int(ConfigurationManager.readServerConfig('port'))
SERVER_ADDRESS=ConfigurationManager.readServerConfig('address')
ID = ConfigurationManager.readServerConfig('server_id')
CERTIFICATES_PATH = ConfigurationManager.readServerConfig('server_certificate')
ioc_server=(IOC_SERVER_ADDR,IOC_SERVER_PORT)
local_server=(SERVER_ADDRESS,SERVER_PORT)
malware_info=[]
class IOCClient(object):
def __init__(self,filename):
self.id =ID
self.malware = filename
for cert in os.listdir(CERTIFICATES_PATH):
if all(x in cert for x in ['pem', 'client']):
self.server_certificate = os.path.join(CERTIFICATES_PATH,cert)
if 'ca' in cert:
self.cacert = os.path.join(CERTIFICATES_PATH,cert)
if 'key' in cert:
self.server_key =os.path.join(CERTIFICATES_PATH,cert)
def send_malware(self):
__author__ = 'george'
from cuckoo_results_handler import Handler
from common.configmanager import ConfigurationManager
from cuckoo_results_handler import Handler
from cuckoo_results_handler import load_results
import os
import json
path= ConfigurationManager.readServerConfig(variable='analysis_path')
filename='cuckoo_results'
filepath = os.path.join(path,filename)
data = load_results(filepath)
if __name__ =='__main__':
import datetime
print(datetime.date.today())
__author__ = 'george'
import os,ssl,socket,subprocess,time,pprint,errno,commands,SocketServer,hashlib
from ast import literal_eval
from common.configmanager import ConfigurationManager
from common.logger import Logger
from ssl import SSLError
CUCKOO_PATH = ConfigurationManager.readServerConfig('cuckoo_path')
INETSIM_PATH = ConfigurationManager.readServerConfig('inetsim_path')
MALWARE_SAMPLES_PATH = ConfigurationManager.readServerConfig('malware_samples_path')
CERTIFICATES_PATH = ConfigurationManager.readServerConfig('certificates_path')
SERVER_ID = ConfigurationManager.readServerConfig('server_id')
INIT_SERVER_ADDRESS = ConfigurationManager.readServerConfig('init_server_address')
INIT_SERVER_PORT = int(ConfigurationManager.readServerConfig('init_server_port'))
SERVER_ADDRESS= ConfigurationManager.readServerConfig('address')
SERVER_PORT = int(ConfigurationManager.readServerConfig('port_number'))
init_server_address=(INIT_SERVER_ADDRESS,int(INIT_SERVER_PORT))
server_address = (SERVER_ADDRESS,SERVER_PORT)
class RequestHandler(SocketServer.BaseRequestHandler):
def set_analysis_task(self,task):
path = os.path.join(CUCKOO_PATH,'utils','submit.py')
taskpath = os.path.join(MALWARE_SAMPLES_PATH,task)
command = "python %s %s"%(path,taskpath)
com_shell ="\"%s; exec $SHELL\""%command
gnome_command="gnome-terminal -x bash -c %s"%com_shell
subprocess.call(gnome_command,shell=True)
time.sleep(20)
def deal_with_request(self,constream):
print("Deal with request")
__author__ = "george"
import socket, sys, ssl, fcntl, os, SocketServer
from ast import literal_eval
from common.configmanager import ConfigurationManager
from common.logger import Logger
SERVER_CERTIFICATE = ConfigurationManager.readServerConfig("server_certificate")
INIT_SERVER_ADDRESS = ConfigurationManager.readServerConfig("init_address")
INIT_SERVER_PORT = int(ConfigurationManager.readServerConfig("init_port"))
available_servers_address = {}
available_servers_environment_status = {}
available_servers = []
server_address = (INIT_SERVER_ADDRESS, INIT_SERVER_PORT)
class TCPHandler(SocketServer.BaseRequestHandler):
def manipulate_data(self, constream, data):
global console
datatuple = literal_eval(data)
if datatuple[0] == "identity":
try:
console.put(repr(constream.getpeername()))
console.put("Server with %s was added" % data)
self.available_servers_address_local[datatuple[1]] = eval(repr(constream.getpeername()))[0]
constream.send(str((True, "Server identity stored")))
except Exception, e:
console.put(str(e))
constream.send((False, "Server identity is not stored"))
elif datatuple[0] == "status":
if datatuple[2] in self.available_servers_address_local.keys():
if datatuple[1] == "up":
__author__ = "george"
import os, json
from xml.etree import ElementTree as ET
from common.configmanager import ConfigurationManager
SOURCE_PATH = ConfigurationManager.readxmlConfig(variable="xsd_source_path")
DESTINATION_PATH = ConfigurationManager.readxmlConfig(variable="xml_created_path")
SCHEMA_FILE_PATH = os.path.join(os.getcwd(), "EnumList.xsd")
def extract_files(source_path):
dict = {}
for dirpath, dirnames, files in os.walk(source_path):
if files and (all("py" not in name for name in files)):
dict[dirpath] = files
return dict
def print_enumeration_values_from_file(file_path):
tree = ET.parse(file_path)
root = tree.getroot()
for child in root:
flag = False
if "name" in child.attrib.keys() and ("Enum" in child.attrib["name"] or "List" in child.attrib["name"]):
if any("restriction" in x.tag for x in child):
for x in child:
if "restriction" in x.tag and list(x):
flag = True
if flag:
print(child.attrib["name"])
print("-------------------------------------------------------------")
__author__ = 'george'
from common.configmanager import ConfigurationManager
import json
SERVER_CERTIFICATE = ConfigurationManager.readServerConfig('server_certificate')
INIT_SERVER_ADDRESS = ConfigurationManager.readServerConfig('init_address')
INIT_SERVER_PORT = ConfigurationManager.readServerConfig('init_address')
a=["{1:'start',","2:'end'}"]
pt='/home/george/PycharmProjects/thesis_public/automatic_maec_ioc/analysis_hub/cuckoo_results'
fl = open(pt,'r')
res = json.load(fl)
print(res.keys())
__author__ = 'george'
from ast import literal_eval
from common.configmanager import ConfigurationManager
from common.logger import Logger
import json,os
import errno
ANALYSIS_PATH=ConfigurationManager.readServerConfig(variable='analysis_path')
# Sections' names
S_ANALYSISINFO='analysisinfo'
S_PROCMEMORY='procmemory'
S_STATIC='static'
S_DROPPED = 'dropped'
S_BEHAVIOR = 'behavior'
S_STRINGS = 'strings'
S_DEBUG = 'debug'
S_MEMORY = 'memory'
S_TARGETINFO = 'targetinfo'
S_VIRUSTOTAL = 'virustotal'
S_NETWORK = 'network'
def returnsubsections(flag,section,initiative=True,subsections=None):
if flag and initiative:
subsections += list(ConfigurationManager.readCuckooResultsConfig(variable='subsections',section=section).split(','))
for subsection in subsections:
subsections+=returnsubsections(flag=literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section='subsection_'+subsection)),
section='subsection_'+subsection,subsections=[],initiative=False)
return subsections
elif flag:
subsections += list(ConfigurationManager.readCuckooResultsConfig(variable='subsections',section=section).split(','))
for subsection in subsections:
returnsubsections(flag=literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section='subsection_'+subsection)),
import json, os, errno,SocketServer
from socket import *
from os import listdir
from os.path import isfile,join
from common.logger import Logger
from common.configmanager import ConfigurationManager
from ast import literal_eval
import ssl
import hashlib
#Define and initialize global variables // Global variables should be initialized from configuration file
ANALYSIS_PATH = ConfigurationManager.readServerConfig(variable='analysis_path')
ADDRESS = ConfigurationManager.readServerConfig(variable = 'address')
ANALYSIS_REPOSITORY=ConfigurationManager.readServerConfig(variable = 'maec_analysis_repository')
PORT = int(ConfigurationManager.readServerConfig(variable='port'))
server_address=(ADDRESS,PORT)
clients_port= int(ConfigurationManager.readServerConfig(variable='clients_port'))
SERVER_CERTIFICATE=ConfigurationManager.readServerConfig(variable='server_certificate')
class RequestHandler(SocketServer.BaseRequestHandler):
def save_analysis_local(self,filename,analysis_results):
try:
xmlfilename= filename+".xml"
filepath = os.path.join(ANALYSIS_REPOSITORY,xmlfilename)
xmlfile =open(filepath,'w')
xmlfile.write(analysis_results)
xmlfile.close()
except IOError, ioer :
errorNum = ioer.errno
errorCode = errno.errorcode[errorNum]
errorString= os.strerror(errorNum)
__author__ = "george"
import SocketServer, socket, ssl, hashlib, os, fcntl
from ast import literal_eval
from common.configmanager import ConfigurationManager
from common.logger import Logger
from threading import Lock
import uuid
SERVER_CERTIFICATE = ConfigurationManager.readServerConfig("server_certificate")
SERVER_PORT = ConfigurationManager.readServerConfig("task_port")
SERVER_HOST = ConfigurationManager.readServerConfig("address")
server_address = (SERVER_HOST, int(SERVER_PORT))
ANALYZER_PORT = ConfigurationManager.readServerConfig("analyzer_port")
class TCPHandler(SocketServer.BaseRequestHandler):
def get_analyzer(self, name, client_id, time, client_ip, hashtag, taskid, length):
global analyzers_pool, active_analyzers
lock = Lock()
analyzer = None
try:
lock.acquire()
if analyzers_pool:
analyzer = analyzers_pool.popitem()
active_analyzers[analyzer[1]] = [name, client_id, time, client_ip, analyzer[0], hashtag, taskid, length]
else:
pass
# what should be done if all analyzers have a task
finally:
lock.release()
