Exemplo n.º 1
0
    def submit(self, args, file, opts):
        """
        Routine to submit a sample to MalwareBazaar.
        """
        document = db.file_collection.select(file.sha256_digest)
        with open(file.file_path, "rb") as sample:
            try:
                tags = []
                delivery_method = "other"
                data = {'tags': tags, 'delivery_method': delivery_method}
                files = {
                    'json_data': (None, js.dumps(data), 'application/json'),
                    'file': (document['name'], sample)
                }
                response = requests.post(API_ENDPOINT,
                                         files=files,
                                         headers=HEADERS,
                                         verify=True,
                                         timeout=10)
            except requests.exceptions.RequestException:
                raise error.InterfaceError("Failled to connect")

            json_response = response.json()

        return json_response
Exemplo n.º 2
0
    def info(self, args, file, opts):
        try:
            j = requests.get(CUCKOO_API + '/files/view/sha256/' +
                             file.sha256_digest,
                             verify=VERIFY).json()
        except requests.exceptions.RequestException:
            raise error.InterfaceError("failed to connect to Cuckoo")

        if 'sample' not in j:
            raise error.InterfaceWarning(
                "file has never been submitted to Cuckoo")
        s_id = j['sample']['id']
        r = requests.get(CUCKOO_API + '/tasks/list', verify=VERIFY)
        if not r.status_code == requests.codes.ok:  # pylint: disable=no-member
            return "No reports, sample must be pending/running", "pending"
        j = r.json()
        output = []
        for t in j['tasks']:
            if t['sample_id'] == s_id:
                r = requests.get(CUCKOO_API + '/tasks/report/' + str(t['id']),
                                 verify=VERIFY)
                if r.status_code == requests.codes.ok:  # pylint: disable=no-member
                    j = r.json()
                    output += [{
                        'score': j['info']['score'],
                        'name': j['info']['machine']['name']
                    }]
        if not output:
            return error.InterfaceWarning("no information available!")
        return {'info': output}
Exemplo n.º 3
0
 def report(self, args, file, opts):
     # TODO: Hash match!
     try:
         r = requests.get(CUCKOO_API + '/tasks/report/' + args['id'],
                          verify=VERIFY)
     except requests.exceptions.RequestException:
         raise error.InterfaceError("failed to connect to Cuckoo")
     if not r.status_code == requests.codes.ok:  # pylint: disable=no-member
         return "No task for given id"
     j = r.json()
     output = {
         'score':
         j['info']['score'],
         'platform':
         j['info']['platform'],
         'analysis': {
             'category': j['info']['category'],
             'started': j['info']['started'],
             'ended': j['info']['ended'],
             'duration': j['info']['duration']
         },
         'machine': {
             'name': j['info']['machine']['name'],
             'manager': j['info']['machine']['manager']
         },
         'signatures': [{
             'severity': x['severity'],
             'description': x['description']
         } for x in j['signatures']]
     }
     return output
Exemplo n.º 4
0
    def reports(self, args, file, opts):
        try:
            j = requests.get(CUCKOO_API + '/files/view/sha256/' +
                             file.sha256_digest,
                             verify=VERIFY).json()
        except requests.exceptions.RequestException:
            raise error.InterfaceError("failed to connect to Cuckoo")

        if 'sample' not in j:
            raise error.InterfaceWarning(
                "file has never been submitted to Cuckoo")
        s_id = j['sample']['id']
        r = requests.get(CUCKOO_API + '/tasks/list', verify=VERIFY)
        if not r.status_code == requests.codes.ok:  # pylint: disable=no-member
            return "No reports, sample must be pending/running", "pending"
        j = r.json()
        output = {'reports': []}
        for t in j['tasks']:
            if t['sample_id'] == s_id:
                output['reports'] += [{
                    'id':
                    str(t['id']),
                    'url':
                    config.scale_configs['cuckoo']['cuckoo_url'] +
                    str(t['id']),
                    'timestamp':
                    str(t['added_on']),
                    'status':
                    str(t['status'])
                }]
        return output
Exemplo n.º 5
0
        def upload(self, args, working_dir):
            if not API_KEY:
                raise error.InterfaceError(
                    "config variable 'api_key' has not been set")

            params = {'apikey': API_KEY, 'hash': args['hash']}
            resp = requests.get(
                'https://www.virustotal.com/vtapi/v2/file/download',
                params=params,
                headers=HEADERS,
                proxies=PROXIES,
                stream=True,
                timeout=10)
            name = None
            if 'Content-Disposition' in resp.headers:
                _disp, params = cgi.parse_header(
                    resp.headers['Content-Disposition'])
                if 'filename' in params:
                    name = params['filename']
            if not name:
                name = args['hash']
            with open(path.join(working_dir, name), 'wb') as f:
                for chunk in resp.iter_content(chunk_size=4096):
                    if chunk:
                        f.write(chunk)
            return name
Exemplo n.º 6
0
    def submit(self, args, file, opts):
        document = db.file_collection.select(file.sha256_digest)
        with open(file.file_path, "rb") as f:
            try:
                r = requests.post(CUCKOO_API + '/tasks/create/file',
                                  files={"file": (document['name'], f)},
                                  verify=VERIFY)
            except requests.exceptions.RequestException:
                raise error.InterfaceError("failed to connect to Cuckoo")

        if not r.status_code == requests.codes.ok:  # pylint: disable=no-member
            raise error.InterfaceError('failed to submit sample to Cuckoo')

        j = r.json()

        if not j["task_id"]:
            raise error.InterfaceError('failed to submit sample to Cuckoo')

        return j
Exemplo n.º 7
0
 def check(self):
     """Self check are prerequisits set. API key is needed for upload."""
     if not API_KEY:
         raise error.InterfaceError(
             'config variable \'api_key\' has not been set')
Exemplo n.º 8
0
 def check(self):
     if CUCKOO_API is None or CUCKOO_API == '':
         raise error.InterfaceError(
             "config variable 'cuckoo_api' has not been set")
Exemplo n.º 9
0
 def check(self):
     if not API_KEY:
         raise error.InterfaceError("config variable 'api_key' has not been set")