def report_markdown(self, json): output = md.h4('General') output += md.paragraph(md.bold('Score: ') + str(json['score'])) output += md.cr() output += md.paragraph(md.bold('Platform: ') + json['platform']) output += md.h4('Analysis') output += md.table_header(('Category', 'Started', 'Ended', 'Duration')) output += md.table_row( (json['analysis']['category'], str(json['analysis']['started']), str(json['analysis']['ended']), str(json['analysis']['duration']))) output += md.h4('Machines') output += md.table_header(('Name', 'Manager')) output += md.table_row( (json['machine']['name'], json['machine']['manager'])) output += md.h4('Signatures') output += md.table_header(('Severity', 'Description')) for s in json['signatures']: if s['severity'] > 2: output += md.table_row( ('%red ' + str(s['severity']) + ' %', s['description'])) elif s['severity'] > 1: output += md.table_row( ('%orange ' + str(s['severity']) + ' %', s['description'])) else: output += md.table_row( ('%blue ' + str(s['severity']) + ' %', s['description'])) return output
def info_markdown(self, json): """ Parse the JSON info block data to Markdown. """ output = md.table_header(('Attribute', 'Value')) output += md.table_row( ('MB Link', 'https://bazaar.abuse.ch/sample/' + str(json['sha256_hash']))) if str(json['reporter']) == "anonymous": reporter = "*Anonymous*" else: reporter = "[@" reporter += str(json['reporter']) reporter += "](https://twitter.com/" reporter += str(json['reporter']) reporter += ")" output += md.table_row(('Reporter', reporter)) comment = str(json['comment']).partition('\n')[0].rstrip(':\r') output += md.table_row(('Comment', comment)) taglist = '' if not json['tags']: taglist = 'None ' else: for tag in json['tags']: taglist += tag + ',' output += md.table_row(('Tags', taglist[:-1])) output += md.table_row(('ClamAV', str(json['intelligence']['clamav']))) output += md.table_row(('First seen', str(json['first_seen']))) output += md.table_row(('Last seen', str(json['last_seen']))) return output
def exports_markdown(self, json): output = md.table_header(['Export', 'Address']) for e in json: # pylint: disable=invalid-name output += md.table_row([e['name'], e['address']]) if not json: output += md.table_row(('-', '-')) return output
def test_table_header(): """ Test table_header function """ output = md.table_header(('a', 'b')) assert output == '| a | b |\r\n| --- | --- |\r\n'
def peid_markdown(self, json): output = md.table_header(['Signatures']) for i in json: output += md.table_row([i]) if not json: output += md.table_row(('-')) return output
def all_markdown(json): output = md.table_header(('Hash Type', 'Hash')) output += md.table_row(('MD5', json['md5_digest'])) output += md.table_row(('SHA1', json['sha1_digest'])) output += md.table_row(('SHA256', json['sha256_digest'])) output += md.table_row(('SHA512', json['sha512_digest'])) output += md.table_row(('SSDEEP', json['ssdeep'])) return output
def info_markdown(self, json): output = md.table_header(('Attribute', 'Value')) output += md.table_row(('VT Link', json['vt_link'])) if int(json['score'].split('/')[0]) < 3: output += md.table_row(('Score', json['score'])) else: output += md.table_row(('Score', json['score'])) return output
def info_markdown(self, json): output = md.table_header(['Attribute', 'Value']) output += md.table_row(['Compile Time:', json['compile_time']]) output += md.table_row(['Language:', json['language']]) output += md.table_row(['Architecture:', json['architecture']]) output += md.table_row(['Certificate:', json['certificate']]) return output
def hash_search_markdown(self, json): output = '**Hits: ' + str(len(json['hits'])) + '**\r\n\r\n' output += md.table_header(('SHA1', 'MD5', 'File Name')) for row in json['hits']: output += md.table_row((row['sha1'], row['md5'], row['file'])) if not json: output += md.table_row(('-', '-', '-')) return output
def sections_markdown(self, json): output = md.table_header( ('Name', 'Address', 'Size', 'Offset', 'Type', 'Flags')) for s in json: # pylint: disable=invalid-name output += md.table_row((s['name'], s['address'], s['size'], s['offset'], s['type'], s['flags'])) if not json: output += md.table_row(('-', '-', '-', '-', '-', '-')) return output
def olevba_keywords_markdown(self, json): output = md.table_header(['Type', 'Keyword', 'Description']) for k in json: output += md.table_row([ k['type'], md.code(md.sanitize(k['keyword']), inline=True), k['description'] ]) if not json: output += md.table_row(('-', '-', '-')) return output
def imports_markdown(self, json): output = md.table_header(('DLL', 'Import', 'Address')) for k, v in json.items(): i = 0 for imp in v: output += md.table_row( [k if i == 0 else '', imp['name'], imp['address']]) i += 1 if not json: md.table_row(('-', '-', '-')) return output
def binary_carver_markdown(self, json): output = md.table_header(('Name', 'SHA256 Digest', 'File Type')) output += md.table_row( (json['name'], md.url( json['sha256_digest'], '/#/{}/{}'.format(json['file_type'], json['sha256_digest'])), json['file_type'])) if not json.keys(): output += md.table_row(('-', '-', '-')) return output
def oleid_markdown(self, json): output = md.table_header(['Name', 'Value', 'Description']) for i in json: output += md.table_row([ i['name'], i['value'], i['description'] ]) if not json: output += md.table_row(('-', '-', '-')) return output
def info_markdown(self, json): output = md.table_header(('Attribute', 'Value')) output += md.table_row(('VT Link', json['vt_link'])) output += md.table_row(('First Seen', json['first_seen'])) output += md.table_row(('Last Seen', json['last_seen'])) if int(json['score'].split('/')[0]) < 3: output += md.table_row(('Score', json['score'])) else: output += md.table_row(('Score', json['score'])) output += md.table_row(('Times Submitted', str(json['times_submitted']))) output += md.table_row(('Type', json['type'])) return output
def info_markdown(self, json): output = md.table_header(('Machine', 'Score')) for j in json['info']: score = j['score'] if score > 5: s = "%red " + str(score) + " %" elif score > 3: s = "%yellow " + str(score) + " %" else: s = str(score) output += md.table_row((j['name'], s)) return output
def functions_markdown(self, json): output = md.h3('Exports') output += md.table_header(('Virtual Address', 'Size', 'Type', 'Name')) if not json['exports']: output += md.table_row(('-', '-', '-', '-')) else: for row in json['exports']: output += md.table_row( ('0x%08x' % row['vaddr'], '%u' % row['size'], row['type'], md.bold(row['name']))) output += md.newline() output += md.h3('Functions') output += md.table_header(('Address Range', 'Offset', 'Size', 'Name')) if not json['functions']: output += md.table_row(('-', '-', '-')) else: for row in json['functions']: output += md.table_row( (md.bold(row['address_range']), '0x%08x' % row['offset'], '%u' % row['size'], row['name'])) return output
def sections_markdown(self, json): output = md.table_header([ 'Name', 'RVA', 'Virtual Size', 'Physical Address', 'Physical Size', 'Entropy' ]) for s in json: # pylint: disable=invalid-name output += md.table_row([ s['name'], s['virtual_address'], s['virtual_size'], s['physical_address'], s['physical_size'], s['entropy'] ]) if not json: md.table_row(('-', '-', '-', '-', '-', '-')) return output
def extract_markdown(self, json): output = md.table_header(('Name', 'SHA256 Digest', 'File Type')) for sample in json: output += md.table_row( (sample['name'], md.url( sample['sha256_digest'], '/#/{}/{}'.format(sample['file_type'], sample['sha256_digest'])), sample['file_type'])) if not json: output += md.table_row(('-', '-', '-')) return output
def fuzzy_search_markdown(json): output = md.table_header(('File Name', 'SHA256', 'Match (%)')) count = 0 for j in json: output += md.table_row( (md.url(str(j[0]), 'samples/' + str(j[1])), str(j[1]), str(j[3]))) count += 1 if count: output += md.paragraph(md.bold('Hits:') + str(count)) else: output += md.table_row(('-', '-', '-')) output += md.paragraph(md.bold('Hits:') + '0') return output
def oledir_markdown(self, json): output = md.table_header(['id', 'Status', 'Type', 'Name', 'Left', 'Right', 'Child', '1st Sec', 'Size']) j = 0 if not json: output += md.table_row(('-', '-', '-')) for i in json: while j < len(i): if not 'obj_tree' in i[j]: output += md.table_row([ str(i[j]['id']), str(i[j]['Status']), str(i[j]['Type']), str(i[j]['Name']), str(i[j]['Left']), str(i[j]['Right']), str(i[j]['Child']), str(i[j]['1st_Sect']), str(i[j]['Size']), ]) j = j + 1 j = 0 output += '\n' output += md.table_header(['id', 'Obj_tree', 'Name', 'Size', 'CLSID']) for i in json: if 'obj_tree' in str(i[j]): while j < len(i): output += md.table_row([ str(i[j]['id2']), str(i[j]['obj_tree']), str(i[j]['Name']), str(i[j]['Size']), str(i[j]['CLSID']).replace('\n',' ') ]) j = j + 1 return output
def olevba_streams_markdown(self, json): # NOTE: Linebreaks in markdown tables are pants and we don't allow raw # html so, we will have to take the ugly approach output = md.table_header(('Stream', 'Stream Path', 'VBA Filename', 'Code')) for stream in json: code = stream['code'].replace('\r\n\r\n', '\r\n').split('\r\n') output += md.table_row(( stream['stream'], stream['stream_path'], stream['vba_filename'], md.code(md.sanitize(code[0]), inline=True) )) for extra in code[1:]: output += md.table_row(('', '', '', md.code(md.sanitize(extra), inline=True))) if not json: output += md.table_row(('-', '-', '-', '-')) return output
def scan_markdown(self, json): output = md.table_header( ['File', 'Rule', 'String', 'Offset', 'Description', 'Author']) for r in json: # pylint: disable=invalid-name output += md.table_row([ md.sanitize(r['file']), md.bold(md.sanitize(r['rule'])), md.code(md.sanitize(r['hits'][0]['hit']), inline=True) if r['hits'] else '', md.code(md.sanitize(r['hits'][0]['offset']), inline=True) if r['hits'] else '', md.sanitize(r['description']), md.sanitize(r['author']) ]) for hit in r['hits'][1:]: output += md.table_row( ('', '', md.code(md.sanitize(hit['hit']), inline=True), md.code(md.sanitize(hit['offset']), inline=True), '', '')) if not json: output += md.table_row(('-', '-', '-', '-', '-')) return output
def reports_markdown(self, json): output = md.table_header(('ID', 'URL', 'Timestamp', 'Status')) for r in json['reports']: output += md.table_row( (r['id'], r['url'], r['timestamp'], r['status'])) return output
def metadata_markdown(self, json): output = md.table_header(('Attribute', 'Value')) for k, v in json.items(): output += md.table_row((k, v)) return output