Пример #1
0
def scan_file():
    """Analyzes a file if it is new or returns an existing analysis."""

    # Get the filename, contents and SHA-1.
    uploaded_file = request.files["file"]
    filename = secure_filename(uploaded_file.filename)
    contents = uploaded_file.read()
    sha1 = Hashes().get_sha1(contents)

    # Redirect the user to the analysis page
    # if the file was already analyzed.
    submission = Submission().query.filter_by(sha1=sha1).first()
    if submission:
        save_log(filename, submission.id, current_user.id)
        return redirect("/analysis?sha1={}&name={}".format(sha1, filename))

    # Save the file at the default samples folder.
    file_path = save_file(sha1, contents)

    # Get the VirusTotal report if it exists, else
    # send the file to analysis.
    virustotal = VirusTotal(current_user.vt_key)
    virustotal_detection = virustotal.report(sha1)
    if virustotal_detection["response_code"] == 0:
        virustotal_detection = virustotal.detection(contents)

    # Get hashes and basic information.
    hashes = Hashes(contents).get_all()
    basic_information = get_basic_information(file_path)
    pe_info = None
    capa_data = None
    data = {"file_name" : filename,
            "hashes" : hashes,
            "basic_information" : basic_information,
            "virustotal_detection" : virustotal_detection,
            "yara" : YaraAnalysis().get_matches(contents),
           }

    # If the file is a PE, analyze it.
    if basic_information["mime_type"] == "application/x-dosexec":
        pe_file = PE(contents)
        pe_info = pe_file.get_all()
        capa_data = Capa().analyze(file_path)
        foremost_data = Foremost().analyze(file_path)
        pe_info["strings"] = Strings("iso-8859-1", file_path).get()

        data["pe_info"] = pe_info
        data["capa"] = capa_data
        data["foremost"] = foremost_data

    # Log the submission and zip the sample.
    save_submission(data, current_user.id)
    zip_file(file_path)

    return redirect("/analysis?sha1={}&name={}".format(sha1, filename))
Пример #2
0
    def post(self):
        """Complete scan of the file.

        Returns basic information, signatures, VirusTotal results and Yara matches.
        If the file is a Portable Executable (PE), it also fetches data about its sections
        (e.g., headers, imports) and capabilities.
        """

        # Get the filename, contents and SHA-1.
        uploaded_file = upload_parser.parse_args()["file"]
        filename = secure_filename(uploaded_file.filename)
        contents = uploaded_file.read()
        sha1 = Hashes().get_sha1(contents)

        # Get user information
        user = User().query.filter_by(freki_key=request.headers["API-KEY"]).first()

        # Return the results if the file was already analyzed.
        submission = Submission().query.filter_by(sha1=sha1).first()
        if submission:
            save_log(filename, submission.id, user.id)
            return json.loads(submission.data), 200

        # Save the file at the default samples folder.
        file_path = save_file(sha1, contents)

        # Get the VirusTotal report if it exists, else
        # send the file to analysis.
        virustotal = VirusTotal(user.vt_key)
        virustotal_detection = virustotal.report(sha1)
        if virustotal_detection["response_code"] == 0:
            virustotal_detection = virustotal.detection(contents)

        # Get hashes and basic information.
        hashes = Hashes(contents).get_all()
        basic_information = get_basic_information(file_path)
        pe_info = None
        capa_data = None
        data = {"file_name" : filename,
                "hashes" : hashes,
                "basic_information" : basic_information,
                "virustotal_detection" : virustotal_detection,
                "yara" : YaraAnalysis().get_matches(contents),
               }

        # If the file is a PE, analyze it.
        if basic_information["mime_type"] == "application/x-dosexec":
            pe_file = PE(contents)
            pe_info = pe_file.get_all()
            capa_data = Capa().analyze(file_path)
            foremost_data = Foremost().analyze(file_path)
            pe_info["strings"] = Strings("iso-8859-1", file_path).get()

            data["pe_info"] = pe_info
            data["capa"] = capa_data
            data["foremost"] = foremost_data

        # Log the submission and zip the sample.
        save_submission(data, user.id)
        zip_file(file_path)

        return data, 200