def __init__(self, options={}, config=None):
Thread.__init__(self)
Auxiliary.__init__(self, options, config)
self.config = Config(cfg="analysis.conf")
self.enabled = self.config.curtain
self.startupinfo = subprocess.STARTUPINFO()
self.startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
def __init__(self, options={}, analyzer=None):
threading.Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
self.config = Config(cfg="analysis.conf")
self.enabled = self.config.sysmon
self.startupinfo = subprocess.STARTUPINFO()
self.startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
def __init__(self, options={}, analyzer=None):
Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
#Move Processing Files (For EMP)
pathLocation = os.path.join(os.getcwd(), "processing_files")
log.debug("Path for processing files: " + pathLocation)
if (os.path.isdir(pathLocation)):
fileList = os.listdir(pathLocation)
for files in fileList:
moveFile(files)
log.debug("Copying DLLs")
#Move DLL Files (For Either)
pathLocation = os.path.join(os.getcwd(), "sw_dll")
copyPath = os.path.join("C:", os.sep, "dlls")
#copyDirEntries(pathLocation,copyPath)
log.debug("Copying from " + pathLocation + " To" + copyPath)
for item in os.listdir(pathLocation):
s = os.path.join(pathLocation, item)
d = os.path.join(copyPath, item)
if os.path.isdir(s):
log.debug("Copying directory " + s)
shutil.copytree(s, d)
else:
log.debug("Copying file " + s)
shutil.copy2(s, d)
#if (os.path.isdir(pathLocation)):
# fileList = os.listdir(pathLocation)
# for files in fileList:
# moveDLL(files)
self.do_run = True
def __init__(self, options={}):
Auxiliary.__init__(self, options)
threading.Thread.__init__(self)
self.package = options.get("apk_entry", ":").split(":")[0]
self.do_run = True
self.window_dumps = []
self.temp_dumpfile = None
def __init__(self, options=None, config=None):
if options is None:
options = {}
Thread.__init__(self)
Auxiliary.__init__(self, options, config)
self.enabled = config.evtx
self.startupinfo = subprocess.STARTUPINFO()
self.startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
def __init__(self, options={}, analyzer=None):
threading.Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
self.do_run = True
self.metrics = []
self.filepath = os.path.join(self.analyzer.path, "bin", "metrics.json")
log.info("Successfully started MetricsSnapshots.")
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.enabled = config.filecollector
self.do_run = self.enabled and HAVE_PYINOTIFY
if self.enabled:
self.initComplete = False
self.thread = Thread(target=self.run)
self.thread.start()
while not self.initComplete:
self.thread.join(0.5)
def __init__(self, options={}, analyzer=None):
self.do_run = True
Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
self.initComplete = False
self.thread = Thread(target=self.run)
self.thread.start()
while not self.initComplete:
self.thread.join(0.5)
log.debug("Human init complete")
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.cert_build = list()
self.time_build = list()
self.json_data = {
"sha1": None,
"signers": list(),
"timestamp": None,
"valid": False,
"error": None,
"error_desc": None
}
self.enabled = True
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.cert_build = list()
self.time_build = list()
self.json_data = {
"sha1": None,
"signers": list(),
"timestamp": None,
"valid": False,
"error": None,
"error_desc": None
}
self.enabled = True
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.config = config
self.enabled = self.config.digisig
self.cert_build = []
self.time_build = []
self.json_data = {
"sha1": None,
"signers": [],
"timestamp": None,
"valid": False,
"error": None,
"error_desc": None
}
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.config = config
self.enabled = self.config.human_linux
self.do_run = self.enabled and HAVE_GUI_LIBS
Thread.__init__(self)
self.initComplete = False
self.thread = Thread(target=self.run)
self.thread.start()
while not self.initComplete:
self.thread.join(0.5)
log.debug("Human init complete")
def __init__(self, options=None, config=None):
if options is None:
options = {}
Thread.__init__(self)
Auxiliary.__init__(self, options, config)
self.config = Config(cfg="analysis.conf")
self.enabled = self.config
# Go to the temp folder to look for pre_script.py
tmp_folder = os.environ["TEMP"]
matched_files = glob.glob(os.path.join(tmp_folder, "pre_script.*"))
# Check if the file exists and if the pre_script is enabled
if matched_files and self.enabled.pre_script:
self.file_path = matched_files[0]
self.file_ext = os.path.splitext(self.file_path)[-1]
self.do_run = True
log.debug("pre_script matched_files: %s", matched_files)
# Try to retrieve timeout for pre_script_timeout (Default 60)
try:
self.timeout = int(self.options.get("pre_script_timeout", 60))
except ValueError:
log.error(
"Invalid timeout value specified, defaulting to 60 seconds"
)
self.timeout = 60
pre_script_args = self.options.get("pre_script_args", [])
if pre_script_args:
try:
self.pre_script_args_list = pre_script_args.split(" ")
except AttributeError:
self.pre_script_args_list = pre_script_args
else:
self.pre_script_args_list = []
# Setting Executable for python if the file ext is py else powershell
if self.file_ext == ".py":
self.executable = ["python.exe"]
elif self.file_ext == ".ps1":
self.executable = [
"powershell.exe", "-NoProfile", "-ExecutionPolicy",
"bypass", "-File"
]
else:
self.executable = ["powershell.exe"]
else:
self.do_run = False
def __init__(self, options=None, config=None):
if options is None:
options = {}
Thread.__init__(self)
Auxiliary.__init__(self, options, config)
self.config = Config(cfg="analysis.conf")
self.enabled = self.config
# Go to the temp folder to look for during_script.py
tmp_folder = os.environ["TEMP"]
matched_files = glob.glob(os.path.join(tmp_folder, "during_script.*"))
# Check if the file exists and if the during_script is enabled
if matched_files and self.enabled.during_script:
log.debug("during_script matched_files: %s", matched_files)
self.file_path = matched_files[0]
self.file_ext = os.path.splitext(self.file_path)[-1]
self.do_run = True
if self.file_ext == ".py":
self.executable = ["python.exe"]
elif self.file_ext == ".ps1":
self.executable = [
"powershell.exe", "-NoProfile", "-ExecutionPolicy",
"bypass", "-File"
]
else:
self.executable = ["powershell.exe"]
during_script_args = self.options.get("during_script_args", [])
if during_script_args:
try:
self.during_script_args_list = during_script_args.split(
" ")
except AttributeError:
self.during_script_args_list = during_script_args
else:
self.during_script_args_list = []
else:
self.do_run = False
def __init__(self, options={}, config=None):
Thread.__init__(self)
Auxiliary.__init__(self, options, config)
self.do_run = options.get("curtain", {}).get("enabled", False)
self.enabled = options.get("curtain", {}).get("enabled", False)
def __init__(self, options={}, analyzer=None):
threading.Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
self.do_run = True
self.parse_options()
self.coordinates = Coordinates(170, 300)
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.enabled = config.file_pickup
self.do_run = self.enabled
def __init__(self, options={}, analyzer=None):
threading.Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
self.do_run = options.get("sysmon", {}).get("enabled", False)
self.enabled = options.get("sysmon", {}).get("enabled", False)
def __init__(self, options={}, analyzer=None):
threading.Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
self.do_run = True
def __init__(self, options):
Auxiliary.__init__(self, options)
Thread.__init__(self)
self.do_run = True
def __init__(self, options={}, analyzer=None):
threading.Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
self.file_name = "test.mp4"
self.src = ScreenRecord(os.environ["TEMP"], self.file_name)
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.enabled = True
def __init__(self, options={}):
threading.Thread.__init__(self)
Auxiliary.__init__(self, options)
self.do_run = True
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
Thread.__init__(self)
self.do_run = True
self.pidlist = []
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
Thread.__init__(self)
self.config = config
self.enabled = self.config.human_windows
self.do_run = self.enabled
def __init__(self, options={}, config=None):
Thread.__init__(self)
Auxiliary.__init__(self, options, config)
self.config = Config(cfg="analysis.conf")
self.enabled = self.config.evtx
self.do_run = self.enabled
def __init__(self, options):
Thread.__init__(self)
Auxiliary.__init__(self, options)
self.do_run = True
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
Thread.__init__(self)
self.do_run = False
def __init__(self, options={}, config=None):
Thread.__init__(self)
Auxiliary.__init__(self, options, config)
self.do_run = True
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.enabled = config.disguise
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
Thread.__init__(self)
self.do_run = True
def __init__(self, options):
Auxiliary.__init__(self, options)
Thread.__init__(self)
self.do_run = True
self.seconds_elapsed = 0
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
Thread.__init__(self)
self.do_run = True
self.seconds_elapsed = 0
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
Thread.__init__(self)
self.enabled = config.usage
self.do_run = self.enabled
self.pidlist = []
def __init__(self, options={}, analyzer=None):
Thread.__init__(self)
Auxiliary.__init__(self, options, analyzer)
self.do_run = True
def __init__(self, options, config):
Auxiliary.__init__(self, options, config)
self.config = config
self.enabled = self.config.stap
self.proc = None
