def upload_form(request):
if request.method == 'POST':
form = UploadUrlForm(request.POST)
if form.is_valid():
uri = request.POST['uri']
newurl = URL(
uri = uri,
ticket = request.POST['ticket'],
md5 = hashlib.md5(uri).hexdigest(),
fuzzy = pydeep.hash_buf(uri),
#html = handler.get_html(uri),
)
ua = request.POST['UserAgent']
results = handler.get_thug(uri, ua, request.POST['ticket'])
#newurl.ssdeep_compare = unicode(handler.ssdeep_compare(newurl.fuzzy, newurl.md5), 'utf-8', errors="replace")
newurl.ssdeep_compare = handler.ssdeep_compare(newurl.fuzzy, newurl.md5)
newurl.html = unicode(results['html'], 'utf-8', errors="replace")
newurl.thug = unicode(results['thug_res'], 'utf-8', errors="replace")
newurl.js = unicode(results['js'], 'utf-8', errors="replace")
newurl.js_didier = unicode(results['js_didier'], 'utf-8', errors="replace")
#newurl.js = handler.get_js(newurl.html)
#If VirusTotal is activated, get vt results
#URL['vt']=handler.get_vt(url)
newurl.save()
newpage = "/uanalysis/url/" + newurl.md5
return HttpResponseRedirect(newpage)
else:
form = UploadUrlForm()
url = URL.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
return render(request, 'uanalysis/upload_form.html', {'form': form, 'url': url})
else:
form = UploadUrlForm()
url = URL.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
return render(request, 'uanalysis/upload_form.html', {'form': form, 'url': url})
def upload_form(request):
if request.method == 'POST':
form = UploadFileForm(request.POST, request.FILES)
if form.is_valid():
# handle_uploaded_file(request.FILES['file'])
# newsample = Sample(sample = request.FILES['sample'])
f = request.FILES['sample']
newsample = Sample(
sample = f,
ticket = request.POST['ticket'],
filename = f.name,
size = f.size,
# type = f.content_type,
type = handler.get_filetype(f),
md5 = handler.get_md5(f),
sha1 = handler.get_sha1(f),
sha256 = handler.get_sha256(f),
fuzzy = handler.get_fuzzy(f),
)
#breakdebug
newsample.save()
#Do post-processing stuff here
s = Sample.objects.filter().order_by('-id')[0]
#s.exif = handler.get_exif(s.sample).encode('ascii', errors='replace')
#s.exif = unicode(handler.get_exif(s.sample))
s.exif = handler.get_exif(s.sample)
s.strings = handler.get_strings(s.sample)
s.balbuzard = handler.get_balbuzard(s.sample)
s.trid = handler.get_trid(s.sample)
#SSDEEP/Fuzzy hash comparison
s.ssdeep_compare = handler.ssdeep_compare(s.fuzzy, s.md5)
#VirusTotal Search
vt_res, vt_short_res = handler.get_vt(s.md5)
if vt_res:
s.vt = vt_res
s.vt_short = vt_short_res
#If EXE file, run EXE-specific checks
if "PE32" and "Windows" in s.type:
s.peframe = handler.get_peframe(s.sample)
s.pescanner = handler.get_pescanner(s.sample)
#If PDF file, run PDF-specific checks
if "PDF" in s.type:
s.pdfid = handler.get_pdfid(s.sample)
s.peepdf = handler.get_peepdf(s.sample)
s.pdf_strings = handler.get_pdfstrings(s.sample)
#If DOC file, run DOC-specific checks
if "Document File V2" in s.type:
s.oleid = handler.get_oleid(s.sample)
#If valid OLE file, run OLEMETA
olematch = re.compile(r'\|\s+OLE format\s+\|\s+True\s+\|')
if olematch.search(s.oleid):
s.olemeta = handler.get_olemeta(s.sample)
#If VBA code detected, run OLEVBA
vbamatch = re.compile(r'\|\s+VBA Macros\s+\|\s+True\s+\|')
if vbamatch.search(s.oleid):
s.olevba = handler.get_olevba(s.sample)
#If RTF file, run RTFOBJ
if "Rich Text Format" in s.type:
rtfobj, rtflist = handler.get_rtfobj(s.sample)
s.rtfobj = rtfobj
#If Objects found, run strings/balbuzard against them
#REMOVED - TOO RESOURCE-INTENSIVE
# if rtflist:
# s.rtfobj_str = handler.get_rtfobj_str(rtflist)
# s.rtfobj_balbuz = handler.get_rtfobj_balbuz(rtflist)
s.save()
newpage = "/sanalysis/md5/" + s.md5 + "/?upload=True"
return HttpResponseRedirect(newpage)
else:
form = UploadFileForm()
sample = Sample.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
return render(request, 'sanalysis/upload_form.html', {'form': form, 'sample': sample},
context_instance = RequestContext(request))
# return HttpResponseRedirect('/sanalysis/')
# return render(request, 'sanalysis/sample_page.html', {'sample': sample,
# 'savename': savename,
# 'ta_use': ta_use,
# 'ta_analyses': ta_analyses,
# 'ta_risks': ta_risks,
# 'ta_network': ta_network,
# 'ta_ips': ta_ips,
# 'ta_domains': ta_domains,
# 'ta_commands': ta_commands,
# 'ta_submit': ta_submit,
# 'crits_use': crits_use,
# 'crits': crits_dict,
# 'crits_submit': crits_submit, })
else:
form = UploadFileForm()
sample = Sample.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
return render(request, 'sanalysis/upload_form.html', {'form': form, 'sample': sample})