Пример #1
0
 def test_get_md5_float(self):
     data = 1.056
     # correct value calculated by
     # $ md5 -s 100500
     # MD5 ("100500") = e745a6bad4ffe5a1b35aac134ea148c7
     self.assertEqual(
         get_md5(data).hexdigest(), "a50a79a1862f5ae748ed507f45f244bc")
Пример #2
0
 def test_get_md5_int(self):
     data = 100500
     # correct value calculated by
     # $ md5 -s 100500
     # MD5 ("100500") = e745a6bad4ffe5a1b35aac134ea148c7
     self.assertEqual(
         get_md5(data).hexdigest(), "e745a6bad4ffe5a1b35aac134ea148c7")
Пример #3
0
 def test_get_md5_str(self):
     data = "a"
     # correct value calculated by
     # $ md5 -s a
     # MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661
     self.assertEqual(
         get_md5(data).hexdigest(), "0cc175b9c0f1b6a831c399e269772661")
Пример #4
0
 def test_get_md5_dict_deep(self):
     data = {
         "c": ["ba", "bu", "nm"],
         "a": 100500,
         "b": {
             "c": ["ba", "bu", "nm"],
             "a": {
                 "c": {
                     "c": ["ba", "bu", "nm"],
                     "a": 100500,
                     "b": {
                         "c": ["ba", "bu", "nm"],
                         "a": 100500,
                         "b": 1056,
                     },
                 },
                 "a": 100500,
                 "b": 1056,
             },
             "b": 1056,
         }
     }
     # note, different key order, but same digest as above
     self.assertEqual(
         get_md5(data).hexdigest(), "e0614921e306095859c904e487c29f17")
Пример #5
0
 def test_get_md5_dict_2(self):
     data = {
         "c": ["ba", "bu", "nm"],
         "a": 100500,
         "b": 1056,
     }
     # note, different key order, but same digest as above
     self.assertEqual(
         get_md5(data).hexdigest(), "e17234cd2697951f7e0116945d11d824")
Пример #6
0
def upload_form(request):

    if request.method == 'POST':
        form = UploadFileForm(request.POST, request.FILES)
        if form.is_valid():
#            handle_uploaded_file(request.FILES['file'])
#            newsample = Sample(sample = request.FILES['sample'])
            f = request.FILES['sample']

            
            newsample = Sample(
                sample = f,
                ticket = request.POST['ticket'],
                filename = f.name,
                size = f.size,
#                type = f.content_type,
                type = handler.get_filetype(f),
                md5 = handler.get_md5(f),
                sha1 = handler.get_sha1(f),
                sha256 = handler.get_sha256(f),
                fuzzy = handler.get_fuzzy(f),
            )
            #breakdebug
            newsample.save()

            #Do post-processing stuff here
            s = Sample.objects.filter().order_by('-id')[0]
            #s.exif = handler.get_exif(s.sample).encode('ascii', errors='replace')
            #s.exif = unicode(handler.get_exif(s.sample))
            s.exif = handler.get_exif(s.sample)
            
            s.strings = handler.get_strings(s.sample)
            s.balbuzard = handler.get_balbuzard(s.sample)
            s.trid = handler.get_trid(s.sample)

            #SSDEEP/Fuzzy hash comparison
            s.ssdeep_compare = handler.ssdeep_compare(s.fuzzy, s.md5)

            #VirusTotal Search
            vt_res, vt_short_res = handler.get_vt(s.md5)
            if vt_res:
                s.vt = vt_res
                s.vt_short = vt_short_res

            #If EXE file, run EXE-specific checks
            if "PE32" and "Windows" in s.type:
                s.peframe = handler.get_peframe(s.sample)
                s.pescanner = handler.get_pescanner(s.sample)

            #If PDF file, run PDF-specific checks
            if "PDF" in s.type:
                s.pdfid = handler.get_pdfid(s.sample)
                s.peepdf = handler.get_peepdf(s.sample)
                s.pdf_strings = handler.get_pdfstrings(s.sample)

            #If DOC file, run DOC-specific checks
            if "Document File V2" in s.type:
                s.oleid = handler.get_oleid(s.sample)
                #If valid OLE file, run OLEMETA
                olematch = re.compile(r'\|\s+OLE format\s+\|\s+True\s+\|')
                if olematch.search(s.oleid):
                    s.olemeta = handler.get_olemeta(s.sample)
                #If VBA code detected, run OLEVBA
                vbamatch = re.compile(r'\|\s+VBA Macros\s+\|\s+True\s+\|')
                if vbamatch.search(s.oleid):
                    s.olevba = handler.get_olevba(s.sample)

            #If RTF file, run RTFOBJ
            if "Rich Text Format" in s.type:
                rtfobj, rtflist = handler.get_rtfobj(s.sample)
                s.rtfobj = rtfobj

            #If Objects found, run strings/balbuzard against them
            #REMOVED - TOO RESOURCE-INTENSIVE
#            if rtflist:
#                s.rtfobj_str = handler.get_rtfobj_str(rtflist)
#                s.rtfobj_balbuz = handler.get_rtfobj_balbuz(rtflist)
            
            

            s.save()

            newpage = "/sanalysis/md5/" + s.md5 + "/?upload=True"

            return HttpResponseRedirect(newpage)
        else:
            form = UploadFileForm()
            sample = Sample.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
            return render(request, 'sanalysis/upload_form.html', {'form': form, 'sample': sample},
                            context_instance = RequestContext(request))

#            return HttpResponseRedirect('/sanalysis/')

#            return render(request, 'sanalysis/sample_page.html', {'sample': sample,
#                                                                  'savename': savename,
#                                                                  'ta_use': ta_use,
#                                                                  'ta_analyses': ta_analyses,
#                                                                  'ta_risks': ta_risks,
#                                                                  'ta_network': ta_network,
#                                                                  'ta_ips': ta_ips,
#                                                                  'ta_domains': ta_domains,
#                                                                  'ta_commands': ta_commands,
#                                                                  'ta_submit': ta_submit,
#                                                                  'crits_use': crits_use,
#                                                                  'crits': crits_dict,
#                                                                  'crits_submit': crits_submit, })


    else:
        form = UploadFileForm()
        sample = Sample.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
        return render(request, 'sanalysis/upload_form.html', {'form': form, 'sample': sample})
Пример #7
0
 def test_get_md5_dict_1(self):
     data = {"a": 100500, "b": 1056, "c": ["ba", "bu", "nm"]}
     self.assertEqual(
         get_md5(data).hexdigest(), "e17234cd2697951f7e0116945d11d824")
Пример #8
0
 def test_get_md5_list_2(self):
     data = [100500, "a", 1.056]
     self.assertEqual(
         get_md5(data).hexdigest(), "0943aa9c84423613b63eda3c18c02ce8")
Пример #9
0
 def test_get_md5_list_1(self):
     data = ["a", 100500, 1.056]
     self.assertEqual(
         get_md5(data).hexdigest(), "0023ec2e3fef8f649c130f22ea6b7820")