Пример #1
0
    def jsrun(aid, ua=None, l=200):
        global jsrun_logger, jsrun_out
        jsrun_logger.seek(0)

        if not o(aid):
            print "Object {} has no content".format(aid)
            return
        global _jw
        t = ThugAPI('', configuration_path=JSCONFPATH)
        t.set_no_fetch()
        t.log_init('')
        url = 'http://{}{}'.format(conversations[aid].host, 
                                   conversations[aid].uri)
        w = t.window_from_file(o(aid), url, offline_content=conversations_r,
                               max_len=l)
        # Customise referer and user-agent, the latter is not
        # especially pretty but what can you do - we cannot have
        # personality files for everything we see
        t.set_referer(conversations[aid].referer)
        if ua:
            w._navigator.personality['userAgent'] = ua
        else:
            w._navigator.personality['userAgent'] \
                = conversations[aid].user_agent
        t.run(w)
        _jw = w
        jsrun_out = jsrun_logger.getvalue()
        p(jsrun_out)
Пример #2
0
def main(url, savedir=thugdir):
    t = ThugAPI(url)
    t.set_web_tracking()
    t.disable_honeyagent()
    t.set_verbose()
    t.set_debug()
    #t.set_ast_debug()
    #t.set_http_debug()
    t.set_extensive()

    t.set_file_logging()
    t.set_json_logging()
    #t.set_mongodb_address("172.17.42.1:27017")
    t.log_init(url)

    #logdir = appdir + "/static/artifacts/thug"
    t.add_urlclassifier(thugdir + "/rule")
    #if output:
    #    logdir = logdir + "/" + output
    t.set_log_dir(savedir)
    
    t.set_no_fetch()
    t.run_local(url)
    #t.run_remote(url)

    #matches = log.URLClassifier.rules.match(url, callback=None)
    matches = []
    rules = log.URLClassifier.rules
    with open(url, 'rb') as data:
        matches = rules.match(url)
    for m in matches:
        rule = str(m.rule)
        tags = []
        for tag in m.tags:
            if not tag in tags:
                tags.append(str(tag))
        strings = []
        for s in m.strings:
            d = s[2]
            if not d in strings:
                strings.append(d)
                result = {
                    "strings":strings,
                    "rule":rule,
                    "tags":tags,
                }
        log.ThugLogging.add_yara_matched(result)
        #log.ThugLogging.add_behavior_warn("[URL Classifier] URL: %s (Rule: %s, Classification: %s)" % (url, ", ".join(rule), ", ".join(tags), ))

    t.log_event()
    return savedir
Пример #3
0
    def jsrun(aid, ua=None, l=200):
        global jsrun_logger, jsrun_out
        jsrun_logger.seek(0)

        if not o(aid):
            print "Object {} has no content".format(aid)
            return
        global _jw
        t = ThugAPI('', configuration_path=JSCONFPATH)
        t.set_no_fetch()
        t.log_init('')
        url = 'http://{}{}'.format(conversations[aid].host,
                                   conversations[aid].uri)
        w = t.window_from_file(o(aid),
                               url,
                               offline_content=conversations_r,
                               max_len=l)
        # Customise referer and user-agent, the latter is not
        # especially pretty but what can you do - we cannot have
        # personality files for everything we see
        t.set_referer(conversations[aid].referer)
        if ua:
            w._navigator.personality['userAgent'] = ua
        else:
            w._navigator.personality['userAgent'] \
                = conversations[aid].user_agent
        t.run(w)
        _jw = w
        jsrun_out = jsrun_logger.getvalue()
        p(jsrun_out)