def secret(request):
if request.method == "GET":
return render_template(request, "secret.html")
if request.POST.get("secret") == config("cuckoo:cuckoo:web_secret"):
request.session["auth"] = True
return redirect("/")
return render_template(request, "secret.html", fail=True)
def secret(request):
if request.method == "GET":
return render_template(request, "secret.html")
if request.POST.get("secret") == config("cuckoo:cuckoo:web_secret"):
request.session["auth"] = True
return redirect("/")
return render_template(request, "secret.html", fail=True)
def search(request):
"""New Search API using ElasticSearch as backend."""
if not elastic.enabled:
return view_error(
request, "ElasticSearch is not enabled and therefore it "
"is not possible to do a global search.")
if request.method == "GET":
return render_template(request, "analysis/search.html")
value = request.POST["search"]
match_value = ".*".join(re.split("[^a-zA-Z0-9]+", value.lower()))
r = elastic.client.search(index=elastic.index + "-*",
body={
"query": {
"query_string": {
"query": "*%s*" % value,
},
},
},
size=1000)
analyses = []
for hit in r["hits"]["hits"]:
# Find the actual matches in this hit and limit to 8 matches.
matches = _search_helper(hit, "none", match_value)
if not matches:
continue
analyses.append({
"task_id": hit["_source"]["report_id"],
"matches": matches[:16],
"total": max(len(matches) - 16, 0),
})
if request.POST.get("raw"):
return render_template(
request, "analysis/search_results.html", **{
"analyses": analyses,
"term": request.POST["search"],
})
return render_template(
request, "analysis/search.html", **{
"analyses": analyses,
"term": request.POST["search"],
"error": None,
})
def misp_export(request, task_id):
if request.method == "POST":
try:
ExportController.misp_export(task_id=task_id)
return render_template(request, "success.html", **{
"message": "Event uploaded to MISP",
})
except Exception as e:
return view_error(request, str(e))
report = AnalysisController.get_report(task_id)
return render_template(request, "analysis/misp_export.html",
report=report)
def search(request):
"""New Search API using ElasticSearch as backend."""
if not elastic.enabled:
return view_error(request, "ElasticSearch is not enabled and therefore it "
"is not possible to do a global search.")
if request.method == "GET":
return render_template(request, "analysis/search.html")
value = request.POST["search"]
match_value = ".*".join(re.split("[^a-zA-Z0-9]+", value.lower()))
r = elastic.client.search(
index=elastic.index + "-*",
body={
"query": {
"query_string": {
"query": '"%s"*' % value,
},
},
}
)
analyses = []
for hit in r["hits"]["hits"]:
# Find the actual matches in this hit and limit to 8 matches.
matches = _search_helper(hit, "none", match_value)
if not matches:
continue
analyses.append({
"task_id": hit["_source"]["report_id"],
"matches": matches[:16],
"total": max(len(matches)-16, 0),
})
if request.POST.get("raw"):
return render_template(request, "analysis/search_results.html", **{
"analyses": analyses,
"term": request.POST["search"],
})
return render_template(request, "analysis/search.html", **{
"analyses": analyses,
"term": request.POST["search"],
"error": None,
})
def test_pdf_has_javascript(self, request):
r = render_template(request,
"analysis/pages/static/index.html",
report={
"analysis": {
"static": {
"pdf": [{
"creation":
"",
"modification":
"",
"version":
1,
"urls": [],
"javascript": [{
"orig_code":
"alert(1)",
"beautified":
"alert(2)",
}],
}],
},
},
},
page="static")
assert "No PDF metadata" not in r.content
assert '<code class="javascript">alert(1)</code>' in r.content
assert '<code class="javascript">alert(2)</code>' in r.content
def test_summary_has_2_cfgextr(self, request):
r = render_template(request,
"analysis/pages/summary/index.html",
report={
"analysis": {
"info": {
"category": "file",
"score": 10,
},
"metadata": {
"cfgextr": [{
"family":
"familyA",
"cnc": [
"http://familyAcnc",
],
}, {
"family":
"familyB",
"cnc": [
"http://familyBcnc",
],
}],
},
},
})
assert "Malware Configuration" in r.content
assert "familyA" in r.content
assert "familyB" in r.content
def test_summary_has_cfgextr(self, request):
r = render_template(request,
"analysis/pages/summary/index.html",
report={
"analysis": {
"info": {
"category": "file",
"score": 10,
},
"metadata": {
"cfgextr": [{
"family":
"Family",
"cnc": [
"http://cncurl1",
"http://cncurl2",
],
"url": [
"http://downloadurl1",
"http://downloadurl2",
],
"type":
"thisistype",
}],
},
},
})
assert "Malware Configuration" in r.content
assert "CnC" in r.content
assert "URLs" in r.content
assert "thisistype" in r.content
def test_pdf_2_version_with_url(self, request):
r = render_template(request,
"analysis/pages/static/index.html",
report={
"analysis": {
"static": {
"pdf": [{
"version":
1,
"urls": [
"http://thisisaurl.com/url1",
],
}, {
"version":
2,
"urls": [
"http://thisisaurl.com/url2",
],
}],
},
},
},
page="static")
assert "No PDF metadata" not in r.content
assert ">http://thisisaurl.com/url1</li>" in r.content
assert ">http://thisisaurl.com/url2</li>" in r.content
ul1 = r.content.index('<ul class="list-group">')
url1 = r.content.index("url1")
url2 = r.content.index("url2")
ul2 = r.content.index("</ul>", ul1)
assert url1 >= ul1 and url1 < ul2
assert url2 >= ul1 and url2 < ul2
def search_behavior(request, task_id):
if request.method != "POST":
raise PermissionDenied
query = request.POST.get("search")
query = re.compile(query, re.I)
results = []
# Fetch analysis report.
record = results_db.analysis.find_one({
"info.id": int(task_id),
})
# Loop through every process
for process in record["behavior"]["processes"]:
process_results = []
chunks = results_db.calls.find({"_id": {"$in": process["calls"]}})
index = -1
for chunk in chunks:
for call in chunk["calls"]:
index += 1
if query.search(call["api"]):
call["id"] = index
process_results.append(call)
continue
for key, value in call["arguments"].items():
if query.search(key):
call["id"] = index
process_results.append(call)
break
if isinstance(value, basestring) and query.search(value):
call["id"] = index
process_results.append(call)
break
if isinstance(value, (tuple, list)):
for arg in value:
if not isinstance(arg, basestring):
continue
if query.search(arg):
call["id"] = index
process_results.append(call)
break
else:
continue
break
if process_results:
results.append({"process": process, "signs": process_results})
return render_template(request,
"analysis/pages/behavior/_search_results.html", **{
"results": results,
})
def export(request, task_id):
if request.method == "POST":
taken_dirs = request.POST.getlist("dirs")
taken_files = request.POST.getlist("files")
try:
zip = ExportController.create(task_id=task_id,
taken_dirs=taken_dirs,
taken_files=taken_files)
response = HttpResponse(zip.getvalue(), content_type="application/zip")
response["Content-Disposition"] = "attachment; filename=%s.zip" % task_id
return response
except Exception as e:
return view_error(request, str(e))
report = AnalysisController.get_report(task_id)
if "analysis_path" not in report.get("analysis", {}).get("info", {}):
return view_error(request, "The analysis was created before the export "
"functionality was integrated with Cuckoo and is "
"therefore not available for this task (in order to "
"export this analysis, please reprocess its report).")
analysis_path = report["analysis"]["info"]["analysis_path"]
dirs, files = ExportController.get_files(analysis_path)
return render_template(request, "analysis/export.html",
report=report, dirs=dirs, files=files)
def detail(request, task_id, page):
report = AnalysisController.get_report(task_id)
pages = {
"summary": "summary/index",
"static": "static/index",
"extracted": "extracted/index",
"behavior": "behavior/index",
"network": "network/index",
"misp": "misp/index",
"dropped_files": "dropped/dropped_files",
"dropped_buffers": "dropped/dropped_buffers",
"memory": "memory/index",
"procmemory": "procmemory/index",
"options": "options/index",
"feedback": "feedback/index",
"curtain": "curtain/index"
}
if page in pages.keys():
return render_template(
request, "analysis/pages/%s.html" % pages[page],
report=report, page=page
)
else:
return view_error(
request, msg="Analysis subpage not found", status=404
)
def detail(request, task_id, page):
report = AnalysisController.get_report(task_id)
pages = {
"summary": "summary/index",
"static": "static/index",
"extracted": "extracted/index",
"behavior": "behavior/index",
"network": "network/index",
"misp": "misp/index",
"dropped_files": "dropped/dropped_files",
"dropped_buffers": "dropped/dropped_buffers",
"memory": "memory/index",
"procmemory": "procmemory/index",
"options": "options/index",
"feedback": "feedback/index"
}
if page in pages.keys():
return render_template(
request, "analysis/pages/%s.html" % pages[page],
report=report, page=page
)
else:
return view_error(
request, msg="Analysis subpage not found", status=404
)
def test_pdf_2_version_with_url(self, request):
r = render_template(request, "analysis/pages/static/index.html", report={
"analysis": {
"static": {
"pdf": [{
"version": 1,
"urls": [
"http://thisisaurl.com/url1",
],
}, {
"version": 2,
"urls": [
"http://thisisaurl.com/url2",
],
}],
},
},
}, page="static")
assert "No PDF metadata" not in r.content
assert ">http://thisisaurl.com/url1</li>" in r.content
assert ">http://thisisaurl.com/url2</li>" in r.content
ul1 = r.content.index('<ul class="list-group">')
url1 = r.content.index("url1")
url2 = r.content.index("url2")
ul2 = r.content.index("</ul>", ul1)
assert url1 >= ul1 and url1 < ul2
assert url2 >= ul1 and url2 < ul2
def export(request, task_id):
if request.method == "POST":
taken_dirs = request.POST.getlist("dirs")
taken_files = request.POST.getlist("files")
try:
zip = ExportController.create(task_id=task_id,
taken_dirs=taken_dirs,
taken_files=taken_files)
response = HttpResponse(zip.getvalue(), content_type="application/zip")
response["Content-Disposition"] = "attachment; filename=%s.zip" % task_id
return response
except Exception as e:
return view_error(request, str(e))
report = AnalysisController.get_report(task_id)
if "analysis_path" not in report.get("analysis", {}).get("info", {}):
return view_error(request, "The analysis was created before the export "
"functionality was integrated with Cuckoo and is "
"therefore not available for this task (in order to "
"export this analysis, please reprocess its report).")
analysis_path = report["analysis"]["info"]["analysis_path"]
dirs, files = ExportController.get_files(analysis_path)
return render_template(request, "analysis/export.html",
report=report, dirs=dirs, files=files)
def left(request, task_id):
try:
data = AnalysisCompareController.left(task_id)
return render_template(request, "analysis/pages/compare/left.html",
**data)
except Exception as e:
return view_error(request, str(e))
def test_summary_has_cfgextr(self, request):
r = render_template(request, "analysis/pages/summary/index.html", report={
"analysis": {
"info": {
"category": "file",
"score": 10,
},
"metadata": {
"cfgextr": [{
"family": "Family",
"cnc": [
"http://cncurl1",
"http://cncurl2",
],
"url": [
"http://downloadurl1",
"http://downloadurl2",
],
"type": "thisistype",
}],
},
},
})
assert "Malware Configuration" in r.content
assert "CnC" in r.content
assert "URLs" in r.content
assert "thisistype" in r.content
def test_summary_has_2_cfgextr(self, request):
r = render_template(request, "analysis/pages/summary/index.html", report={
"analysis": {
"info": {
"category": "file",
"score": 10,
},
"metadata": {
"cfgextr": [{
"family": "familyA",
"cnc": [
"http://familyAcnc",
],
}, {
"family": "familyB",
"cnc": [
"http://familyBcnc",
],
}],
},
},
})
assert "Malware Configuration" in r.content
assert "familyA" in r.content
assert "familyB" in r.content
def export(request, task_id):
if request.method == "POST":
taken_dirs = request.POST.getlist("dirs")
taken_files = request.POST.getlist("files")
if not taken_dirs and not taken_files:
return view_error(
request, "Please select at least one directory or file"
" to be exported."
)
zip = Task.create_zip(
task_id=task_id, taken_dirs=taken_dirs, taken_files=taken_files
)
if not zip:
return view_error(request, "Failed to create zip.")
response = HttpResponse(
zip.getvalue(), content_type="application/zip"
)
response["Content-Disposition"] = (
"attachment; filename=%s.zip" % task_id
)
return response
report = AnalysisController.get_report(task_id)
dirs, files = Task.get_files(task_id)
return render_template(
request, "analysis/export.html", report=report, dirs=dirs,
files=files
)
def reboot(request, task_id):
task_obj = Database().add_reboot(task_id=task_id)
return render_template(request,
"submission/reboot.html",
task_id=task_id,
task_obj=task_obj,
baseurl=request.build_absolute_uri("/")[:-1])
def hash(request, task_id, compare_with_hash):
"""Select all analyses with specified file hash."""
try:
data = AnalysisCompareController.hash(task_id, compare_with_hash)
return render_template(request, "analysis/pages/compare/hash.html", **data)
except Exception as e:
return view_error(request, str(e))
def pending(request):
pending = []
for task in Database().list_tasks(status=TASK_PENDING, limit=500):
pending.append(normalize_task(task.to_dict()))
return render_template(request, "analysis/pending.html", **{
"tasks": pending,
})
def pending(request):
pending = []
for task in Database().list_tasks(status=TASK_PENDING, limit=500):
pending.append(normalize_task(task.to_dict()))
return render_template(request, "analysis/pending.html", **{
"tasks": pending,
})
def hash(request, task_id, compare_with_hash):
"""Select all analyses with specified file hash."""
try:
data = AnalysisCompareController.hash(task_id, compare_with_hash)
return render_template(request, "analysis/pages/compare/hash.html",
**data)
except Exception as e:
return view_error(request, str(e))
def both(request, task_id, compare_with_task_id):
try:
data = AnalysisCompareController.both(task_id,
compare_with_task_id)
return render_template(request, "analysis/pages/compare/both.html",
**data)
except Exception as e:
return view_error(request, str(e))
def presubmit(request, submit_id):
submit = Database().view_submit(submit_id)
if not submit:
# TODO Include an error message regarding the invalid Submit entry.
return redirect("submission/index")
return render_template(
request, "submission/presubmit.html", submit_id=submit_id
)
def presubmit(request, submit_id):
submit = Database().view_submit(submit_id)
if not submit:
# TODO Include an error message regarding the invalid Submit entry.
return redirect("submission/index")
return render_template(
request, "submission/presubmit.html", submit_id=submit_id
)
def test_summary_has_no_cfgextr(self, request):
r = render_template(request, "analysis/pages/summary/index.html", report={
"analysis": {
"info": {
"category": "file",
"score": 1,
},
"metadata": {},
},
})
assert "Malware Configuration" not in r.content
def test_summary_has_no_cfgextr(self, request):
r = render_template(request, "analysis/pages/summary/index.html", report={
"analysis": {
"info": {
"category": "file",
"score": 1,
},
"metadata": {},
},
})
assert "Malware Configuration" not in r.content
def test_network_no_pcap(self, request):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
r = render_template(request, "analysis/pages/network/index.html", report={
"analysis": {
"network": {
"pcap_id": None,
},
},
})
assert "No PCAP file was identified" in r.content
def test_network_no_pcap(self, request):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
r = render_template(request, "analysis/pages/network/index.html", report={
"analysis": {
"network": {
"pcap_id": None,
},
},
})
assert "No PCAP file was identified" in r.content
def filtered_chunk(request, task_id, pid, category):
"""Filter calls for call category.
@param task_id: cuckoo task id
@param pid: pid you want calls
@param category: call category type
"""
if not request.is_ajax():
raise PermissionDenied
# Search calls related to your PID.
record = results_db.analysis.find_one(
{
"info.id": int(task_id),
"behavior.processes.pid": int(pid),
},
{
"behavior.processes.pid": 1,
"behavior.processes.calls": 1,
"behavior.processes.java_process": 1,
}
)
if not record:
raise ObjectDoesNotExist
# Extract embedded document related to your process from response collection.
process = None
for pdict in record["behavior"]["processes"]:
if pdict["pid"] == int(pid):
process = pdict
if not process:
raise ObjectDoesNotExist
# Create empty process dict for AJAX view.
filtered_process = {
"pid": pid,
"calls": [],
}
# Populate dict, fetching data from all calls and selecting only appropriate category.
for call in process["calls"]:
chunk = results_db.calls.find_one({"_id": call})
for call in chunk["calls"]:
if call["category"] == category:
filtered_process["calls"].append(call)
java_process = "java_process" in process and process["java_process"]
return render_template(request, "analysis/pages/behavior/_chunk.html", **{
"chunk": filtered_process, "java_process": java_process,
})
def test_pdf_no_metadata(self, request):
r = render_template(request, "analysis/pages/static/index.html", report={
"analysis": {
"static": {
"pdf": [{
"creation": "",
"modification": "",
"urls": [],
}],
},
},
}, page="static")
assert "No PDF metadata" in r.content
def test_pdf_no_metadata(self, request):
r = render_template(request, "analysis/pages/static/index.html", report={
"analysis": {
"static": {
"pdf": [{
"creation": "",
"modification": "",
"version": 1,
"urls": [],
}],
},
},
}, page="static")
assert "No PDF metadata" in r.content
def filtered_chunk(request, task_id, pid, category):
"""Filters calls for call category.
@param task_id: cuckoo task id
@param pid: pid you want calls
@param category: call category type
"""
if not request.is_ajax():
raise PermissionDenied
# Search calls related to your PID.
record = results_db.analysis.find_one(
{
"info.id": int(task_id),
"behavior.processes.pid": int(pid),
},
{
"behavior.processes.pid": 1,
"behavior.processes.calls": 1,
}
)
if not record:
raise ObjectDoesNotExist
# Extract embedded document related to your process from response collection.
process = None
for pdict in record["behavior"]["processes"]:
if pdict["pid"] == int(pid):
process = pdict
if not process:
raise ObjectDoesNotExist
# Create empty process dict for AJAX view.
filtered_process = {
"pid": pid,
"calls": [],
}
# Populate dict, fetching data from all calls and selecting only appropriate category.
for call in process["calls"]:
chunk = results_db.calls.find_one({"_id": call})
for call in chunk["calls"]:
if call["category"] == category:
filtered_process["calls"].append(call)
return render_template(request, "analysis/pages/behavior/_chunk.html", **{
"chunk": filtered_process,
})
def test_network_has_pcap(self, request):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
r = render_template(request, "analysis/pages/network/index.html", report={
"analysis": {
"network": {
"pcap_id": "wehaveapcapwinner",
"hosts": [], "dns": [], "tcp": [], "udp": [], "icmp": [],
"irc": [], "http": [], "http_ex": [],
},
},
})
assert "Download pcap file" in r.content
assert "network-analysis-hosts" in r.content
assert "network-analysis-dns" in r.content
def test_network_has_pcap(self, request):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
r = render_template(request, "analysis/pages/network/index.html", report={
"analysis": {
"network": {
"pcap_id": "wehaveapcapwinner",
"hosts": [], "dns": [], "tcp": [], "udp": [], "icmp": [],
"irc": [], "http": [], "http_ex": [],
},
},
})
assert "Download pcap file" in r.content
assert "network-analysis-hosts" in r.content
assert "network-analysis-dns" in r.content
def test_pdf_only_1_url(self, request):
r = render_template(request, "analysis/pages/static/index.html", report={
"analysis": {
"static": {
"pdf": [{
"creation": "",
"modification": "",
"urls": [
"http://thisisaurl.com/hello",
],
}],
},
},
}, page="static")
assert "No PDF metadata" not in r.content
assert ">http://thisisaurl.com/hello</li>" in r.content
def test_pdf_only_1_url(self, request):
r = render_template(request, "analysis/pages/static/index.html", report={
"analysis": {
"static": {
"pdf": [{
"creation": "",
"modification": "",
"version": 1,
"urls": [
"http://thisisaurl.com/hello",
],
}],
},
},
}, page="static")
assert "No PDF metadata" not in r.content
assert ">http://thisisaurl.com/hello</li>" in r.content
def postsubmit(request, submit_id):
submit = Database().view_submit(submit_id, tasks=True)
if not submit:
return view_error(request, "Invalid Submit ID specified")
task_ids = []
for task in submit.tasks:
task_ids.append(task.id)
if not task_ids:
return view_error(
request, "This Submit ID is not associated with any tasks. "
"Please submit some files before loading this page.")
return render_template(request,
"submission/postsubmit.html",
task_ids=sorted(task_ids))
def chunk(request, task_id, pid, pagenum):
try:
pid, pagenum = int(pid), int(pagenum)-1
except:
raise PermissionDenied
if not request.is_ajax():
raise PermissionDenied
record = results_db.analysis.find_one(
{
"info.id": int(task_id),
"behavior.processes.pid": pid
},
{
"behavior.processes.pid": 1,
"behavior.processes.calls": 1,
"behavior.processes.java_process": 1,
}
)
if not record:
raise ObjectDoesNotExist
process = None
for pdict in record["behavior"]["processes"]:
if pdict["pid"] == pid:
process = pdict
if not process:
raise ObjectDoesNotExist
if pagenum >= 0 and pagenum < len(process["calls"]):
objectid = process["calls"][pagenum]
chunk = results_db.calls.find_one({"_id": ObjectId(objectid)})
for idx, call in enumerate(chunk["calls"]):
call["id"] = pagenum * 100 + idx
else:
chunk = dict(calls=[])
java_process = "java_process" in process and process["java_process"]
return render_template(request, "analysis/pages/behavior/_chunk.html", **{
"chunk": chunk, "java_process": java_process,
})
def postsubmit(request, submit_id):
submit = Database().view_submit(submit_id, tasks=True)
if not submit:
return view_error(request, "Invalid Submit ID specified")
task_ids = []
for task in submit.tasks:
task_ids.append(task.id)
if not task_ids:
return view_error(
request, "This Submit ID is not associated with any tasks. "
"Please submit some files before loading this page."
)
return render_template(
request, "submission/postsubmit.html", task_ids=sorted(task_ids)
)
def chunk(request, task_id, pid, pagenum):
try:
pid, pagenum = int(pid), int(pagenum)-1
except:
raise PermissionDenied
if not request.is_ajax():
raise PermissionDenied
record = results_db.analysis.find_one(
{
"info.id": int(task_id),
"behavior.processes.pid": pid
},
{
"behavior.processes.pid": 1,
"behavior.processes.calls": 1
}
)
if not record:
raise ObjectDoesNotExist
process = None
for pdict in record["behavior"]["processes"]:
if pdict["pid"] == pid:
process = pdict
if not process:
raise ObjectDoesNotExist
if pagenum >= 0 and pagenum < len(process["calls"]):
objectid = process["calls"][pagenum]
chunk = results_db.calls.find_one({"_id": ObjectId(objectid)})
for idx, call in enumerate(chunk["calls"]):
call["id"] = pagenum * 100 + idx
else:
chunk = dict(calls=[])
return render_template(request, "analysis/pages/behavior/_chunk.html", **{
"chunk": chunk,
})
def test_pdf_has_javascript(self, request):
r = render_template(request, "analysis/pages/static/index.html", report={
"analysis": {
"static": {
"pdf": [{
"creation": "",
"modification": "",
"version": 1,
"urls": [],
"javascript": [{
"orig_code": "alert(1)",
"beautified": "alert(2)",
}],
}],
},
},
}, page="static")
assert "No PDF metadata" not in r.content
assert '<code class="javascript">alert(1)</code>' in r.content
assert '<code class="javascript">alert(2)</code>' in r.content
def player(request, task_id):
task = db.view_task(task_id)
if not task:
raise Http404("Task not found!")
if not config("cuckoo:remotecontrol:enabled"):
raise Http404(
"Remote control is not enabled in the configuration! "
"Please check our documentation on configuring Guacamole.")
if task.options.get("remotecontrol") != "yes":
raise Http404("Remote control was not enabled for this task.")
if task.status == "reported":
return HttpResponseRedirect("/analysis/%d/summary" % int(task_id))
if task.status not in ("running", "completed"):
raise Http404("task is not running")
request.extra_scripts = ["guac.js"]
return render_template(request, "rdp/index.html", task=task)
def player(request, task_id):
task = db.view_task(task_id)
if not task:
raise Http404("Task not found!")
if not config("cuckoo:remotecontrol:enabled"):
raise Http404(
"Remote control is not enabled in the configuration! "
"Please check our documentation on configuring Guacamole."
)
if task.options.get("remotecontrol") != "yes":
raise Http404("Remote control was not enabled for this task.")
if task.status == "reported":
return HttpResponseRedirect("/analysis/%d/summary" % int(task_id))
if task.status not in ("running", "completed"):
raise Http404("task is not running")
request.extra_scripts = ["guac.js"]
return render_template(request, "rdp/index.html", task=task)
def import_(request):
if request.method == "GET":
return render_template(request, "analysis/import.html")
if request.method != "POST":
return view_error(request, "Import analysis request must be POST!")
submit_id = Database().add_submit(None, None, None)
task_ids = []
for analysis in request.FILES.values():
if not analysis.size:
continue
try:
task_ids.append(submit_manager.import_(analysis, submit_id))
except CuckooOperationalError as e:
log.warning("Error importing analysis (%s): %s", analysis.name,
e)
continue
return redirect("submission/post", submit_id=submit_id)
def import_(request):
if request.method == "GET":
return render_template(request, "analysis/import.html")
if request.method != "POST":
return view_error(request, "Import analysis request must be POST!")
submit_id = Database().add_submit(None, None, None)
task_ids = []
for analysis in request.FILES.values():
if not analysis.size:
continue
try:
task_ids.append(submit_manager.import_(analysis, submit_id))
except CuckooOperationalError as e:
log.warning(
"Error importing analysis (%s): %s", analysis.name, e
)
continue
return redirect("submission/post", submit_id=submit_id)
def rdp(request):
request.extra_scripts = ['guac.js']
return render_template(request, "rdp/index.html")
def left(request, task_id):
try:
data = AnalysisCompareController.left(task_id)
return render_template(request, "analysis/pages/compare/left.html", **data)
except Exception as e:
return view_error(request, str(e))
def remove(request, task_id):
"""Remove an analysis.
@todo: remove folder from storage.
"""
analyses = results_db.analysis.find({"info.id": int(task_id)})
# Checks if more analysis found with the same ID, like if process.py
# was run manually.
if analyses.count() > 1:
message = (
"Multiple tasks with this ID deleted, thanks for all the fish "
"(the specified analysis was present multiple times in mongo).")
elif analyses.count() == 1:
message = "Task deleted, thanks for all the fish."
if not analyses.count():
return view_error(request, "The specified analysis does not exist")
for analysis in analyses:
# Delete sample if not used.
if "file_id" in analysis["target"]:
if results_db.analysis.find({
"target.file_id":
ObjectId(analysis["target"]["file_id"])
}).count() == 1:
fs.delete(ObjectId(analysis["target"]["file_id"]))
# Delete screenshots.
for shot in analysis["shots"]:
if isinstance(shot, dict):
if "small" in shot:
if results_db.analysis.find({
"shots":
ObjectId(shot["small"]),
}).count() == 1:
fs.delete(ObjectId(shot["small"]))
if "original" in shot:
if results_db.analysis.find({
"shots":
ObjectId(shot["original"]),
}).count() == 1:
fs.delete(ObjectId(shot["original"]))
continue
if results_db.analysis.find({
"shots": ObjectId(shot)
}).count() == 1:
fs.delete(ObjectId(shot))
# Delete network pcap.
if "pcap_id" in analysis["network"] and results_db.analysis.find({
"network.pcap_id":
ObjectId(analysis["network"]["pcap_id"])
}).count() == 1:
fs.delete(ObjectId(analysis["network"]["pcap_id"]))
# Delete sorted pcap
if "sorted_pcap_id" in analysis[
"network"] and results_db.analysis.find({
"network.sorted_pcap_id":
ObjectId(analysis["network"]["sorted_pcap_id"])
}).count() == 1:
fs.delete(ObjectId(analysis["network"]["sorted_pcap_id"]))
# Delete mitmproxy dump.
if "mitmproxy_id" in analysis["network"] and results_db.analysis.find({
"network.mitmproxy_id":
ObjectId(analysis["network"]["mitmproxy_id"])
}).count() == 1:
fs.delete(ObjectId(analysis["network"]["mitmproxy_id"]))
# Delete dropped.
for drop in analysis.get("dropped", []):
if "object_id" in drop and results_db.analysis.find({
"dropped.object_id":
ObjectId(drop["object_id"])
}).count() == 1:
fs.delete(ObjectId(drop["object_id"]))
# Delete calls.
for process in analysis.get("behavior", {}).get("processes", []):
for call in process["calls"]:
results_db.calls.remove({"_id": ObjectId(call)})
# Delete analysis data.
results_db.analysis.remove({"_id": ObjectId(analysis["_id"])})
# Delete from SQL db.
db = Database()
db.delete_task(task_id)
return render_template(request, "success.html", **{
"message": message,
})
def search_behavior(request, task_id):
if request.method != "POST":
raise PermissionDenied
query = request.POST.get("search")
query = re.compile(query, re.I)
results = []
# Fetch analysis report.
record = results_db.analysis.find_one(
{
"info.id": int(task_id),
}
)
# Loop through every process
for process in record["behavior"]["processes"]:
process_results = []
chunks = results_db.calls.find({
"_id": {"$in": process["calls"]}
})
index = -1
for chunk in chunks:
for call in chunk["calls"]:
index += 1
if query.search(call["api"]):
call["id"] = index
process_results.append(call)
continue
for key, value in call["arguments"].items():
if query.search(key):
call["id"] = index
process_results.append(call)
break
if isinstance(value, basestring) and query.search(value):
call["id"] = index
process_results.append(call)
break
if isinstance(value, (tuple, list)):
for arg in value:
if not isinstance(arg, basestring):
continue
if query.search(arg):
call["id"] = index
process_results.append(call)
break
else:
continue
break
if process_results:
results.append({
"process": process,
"signs": process_results
})
return render_template(request, "analysis/pages/behavior/_search_results.html", **{
"results": results,
})
def index(request):
report = {
"machinery": config("cuckoo:cuckoo:machinery"),
"version": version,
}
return render_template(request, "dashboard/index.html", report=report)
def reboot(request, task_id):
task_obj = Database().add_reboot(task_id=task_id)
return render_template(request, "submission/reboot.html",
task_id=task_id, task_obj=task_obj,
baseurl=request.build_absolute_uri("/")[:-1])
def both(request, task_id, compare_with_task_id):
try:
data = AnalysisCompareController.both(task_id, compare_with_task_id)
return render_template(request, "analysis/pages/compare/both.html", **data)
except Exception as e:
return view_error(request, str(e))
def recent(request):
return render_template(request, "analysis/index.html")
def remove(request, task_id):
"""Remove an analysis.
@todo: remove folder from storage.
"""
analyses = results_db.analysis.find({"info.id": int(task_id)})
# Checks if more analysis found with the same ID, like if process.py
# was run manually.
if analyses.count() > 1:
message = (
"Multiple tasks with this ID deleted, thanks for all the fish "
"(the specified analysis was present multiple times in mongo)."
)
elif analyses.count() == 1:
message = "Task deleted, thanks for all the fish."
if not analyses.count():
return view_error(request, "The specified analysis does not exist")
for analysis in analyses:
# Delete sample if not used.
if "file_id" in analysis["target"]:
if results_db.analysis.find({"target.file_id": ObjectId(analysis["target"]["file_id"])}).count() == 1:
fs.delete(ObjectId(analysis["target"]["file_id"]))
# Delete screenshots.
for shot in analysis["shots"]:
if isinstance(shot, dict):
if "small" in shot:
if results_db.analysis.find({
"shots": ObjectId(shot["small"]),
}).count() == 1:
fs.delete(ObjectId(shot["small"]))
if "original" in shot:
if results_db.analysis.find({
"shots": ObjectId(shot["original"]),
}).count() == 1:
fs.delete(ObjectId(shot["original"]))
continue
if results_db.analysis.find({"shots": ObjectId(shot)}).count() == 1:
fs.delete(ObjectId(shot))
# Delete network pcap.
if "pcap_id" in analysis["network"] and results_db.analysis.find({"network.pcap_id": ObjectId(analysis["network"]["pcap_id"])}).count() == 1:
fs.delete(ObjectId(analysis["network"]["pcap_id"]))
# Delete sorted pcap
if "sorted_pcap_id" in analysis["network"] and results_db.analysis.find({"network.sorted_pcap_id": ObjectId(analysis["network"]["sorted_pcap_id"])}).count() == 1:
fs.delete(ObjectId(analysis["network"]["sorted_pcap_id"]))
# Delete mitmproxy dump.
if "mitmproxy_id" in analysis["network"] and results_db.analysis.find({"network.mitmproxy_id": ObjectId(analysis["network"]["mitmproxy_id"])}).count() == 1:
fs.delete(ObjectId(analysis["network"]["mitmproxy_id"]))
# Delete dropped.
for drop in analysis.get("dropped", []):
if "object_id" in drop and results_db.analysis.find({"dropped.object_id": ObjectId(drop["object_id"])}).count() == 1:
fs.delete(ObjectId(drop["object_id"]))
# Delete calls.
for process in analysis.get("behavior", {}).get("processes", []):
for call in process["calls"]:
results_db.calls.remove({"_id": ObjectId(call)})
# Delete analysis data.
results_db.analysis.remove({"_id": ObjectId(analysis["_id"])})
# Delete from SQL db.
db = Database()
db.delete_task(task_id)
return render_template(request, "success.html", **{
"message": message,
})
def recent(request):
return render_template(request, "analysis/index.html")
def submit(request):
return render_template(request, "submission/submit.html")
def index(request):
report = {
"machinery": config("cuckoo:cuckoo:machinery"),
"version": version,
}
return render_template(request, "dashboard/index.html", report=report)