class TestFile: def setUp(self): self.tmp = tempfile.mkstemp() self.file = File(self.tmp[1]) def test_get_name(self): assert_equal(self.tmp[1].split("/")[-1], self.file.get_name()) def test_get_data(self): assert_equal("", self.file.get_data()) def test_get_size(self): assert_equal(0, self.file.get_size()) def test_get_crc32(self): assert_equal("00000000", self.file.get_crc32()) def test_get_md5(self): assert_equal("d41d8cd98f00b204e9800998ecf8427e", self.file.get_md5()) def test_get_sha1(self): assert_equal("da39a3ee5e6b4b0d3255bfef95601890afd80709", self.file.get_sha1()) def test_get_sha256(self): assert_equal( "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", self.file.get_sha256()) def test_get_sha512(self): assert_equal( "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", self.file.get_sha512()) def test_get_ssdeep(self): try: import pydeep assert_not_equal(None, self.file.get_ssdeep()) except ImportError: assert_equal(None, self.file.get_ssdeep()) def test_get_type(self): assert_equal("empty", self.file.get_type()) def test_get_content_type(self): assert_in(self.file.get_content_type(), ["inode/x-empty", "application/x-empty"]) def test_get_all_type(self): assert isinstance(self.file.get_all(), dict) def test_get_all_keys(self): for key in [ "name", "size", "crc32", "md5", "sha1", "sha256", "sha512", "ssdeep", "type" ]: assert key in self.file.get_all() def tearDown(self): os.remove(self.tmp[1])
def build_options(self): """Generate analysis options. @return: options dict. """ options = { "id": self.task.id, "ip": self.machine.resultserver_ip, "port": self.machine.resultserver_port, "category": self.task.category, "target": self.task.target, "package": self.task.package, "options": self.task.options, "enforce_timeout": self.task.enforce_timeout, "clock": self.task.clock, "terminate_processes": self.cfg.cuckoo.terminate_processes, "upload_max_size": self.cfg.resultserver.upload_max_size, "do_upload_max_size": int(self.cfg.resultserver.do_upload_max_size), "timeout": self.task.timeout or self.cfg.timeouts.default, } if self.task.category == "file": file_obj = File(self.task.target) options["file_name"] = file_obj.get_name() options["file_type"] = file_obj.get_type() # if it's a PE file, collect export information to use in more smartly determining the right package to use options["exports"] = PortableExecutable( self.task.target).get_dll_exports() del file_obj # options from auxiliary.conf for plugin in self.aux_cfg.auxiliary_modules.keys(): options[plugin] = self.aux_cfg.auxiliary_modules[plugin] return options
def run(self): """Run androguard to extract static android information @return: list of static features """ self.key = "apkinfo" apkinfo = {} if "file" not in self.task["category"] or not HAVE_ANDROGUARD: return f = File(self.task["target"]) if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type(): if not os.path.exists(self.file_path): raise CuckooProcessingError( "Sample file doesn't exist: \"%s\"" % self.file_path) try: a = APK(self.file_path) if a.is_valid_APK(): manifest = {} apkinfo["files"] = self._apk_files(a) manifest["package"] = a.get_package() # manifest["permissions"]=a.get_details_permissions_new() manifest["main_activity"] = a.get_main_activity() manifest["activities"] = a.get_activities() manifest["services"] = a.get_services() manifest["receivers"] = a.get_receivers() # manifest["receivers_actions"]=a.get__extended_receivers() manifest["providers"] = a.get_providers() manifest["libraries"] = a.get_libraries() apkinfo["manifest"] = manifest # apkinfo["certificate"] = a.get_certificate() static_calls = {} if self.check_size(apkinfo["files"]): vm = DalvikVMFormat(a.get_dex()) vmx = uVMAnalysis(vm) static_calls["all_methods"] = self.get_methods(vmx) static_calls[ "is_native_code"] = analysis.is_native_code(vmx) static_calls["is_dynamic_code"] = analysis.is_dyn_code( vmx) static_calls[ "is_reflection_code"] = analysis.is_reflection_code( vmx) # static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx) # static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx) # static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx) # static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx) # static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx) else: log.warning("Dex size bigger than: %s", self.options.decompilation_threshold) apkinfo["static_method_calls"] = static_calls except (IOError, OSError, BadZipfile) as e: raise CuckooProcessingError("Error opening file %s" % e) return apkinfo
class TestFile: def setUp(self): self.tmp = tempfile.mkstemp() self.file = File(self.tmp[1]) def test_get_name(self): assert_equal(self.tmp[1].split("/")[-1], self.file.get_name()) def test_get_data(self): assert_equal("", self.file.get_data()) def test_get_size(self): assert_equal(0, self.file.get_size()) def test_get_crc32(self): assert_equal("00000000", self.file.get_crc32()) def test_get_md5(self): assert_equal("d41d8cd98f00b204e9800998ecf8427e", self.file.get_md5()) def test_get_sha1(self): assert_equal("da39a3ee5e6b4b0d3255bfef95601890afd80709", self.file.get_sha1()) def test_get_sha256(self): assert_equal( "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", self.file.get_sha256()) def test_get_sha512(self): assert_equal( "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", self.file.get_sha512()) def test_get_ssdeep(self): try: import pydeep assert_not_equal(None, self.file.get_ssdeep()) except ImportError: assert_equal(None, self.file.get_ssdeep()) def test_get_type(self): assert_equal("empty", self.file.get_type()) def test_get_all_type(self): assert isinstance(self.file.get_all(), dict) def test_get_all_keys(self): for key in [ "name", "size", "crc32", "md5", "sha1", "sha256", "sha512", "ssdeep", "type" ]: assert key in self.file.get_all() def tearDown(self): os.remove(self.tmp[1])
def run(self): """Run androguard to extract static android information @return: list of static features """ self.key = "apkinfo" apkinfo = {} if "file" not in self.task["category"] or not HAVE_ANDROGUARD: return f = File(self.task["target"]) if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type(): if not os.path.exists(self.file_path): raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path) try: a = APK(self.file_path) if a.is_valid_APK(): manifest = {} apkinfo["files"] = self._apk_files(a) manifest["package"] = a.get_package() # manifest["permissions"]=a.get_details_permissions_new() manifest["main_activity"] = a.get_main_activity() manifest["activities"] = a.get_activities() manifest["services"] = a.get_services() manifest["receivers"] = a.get_receivers() # manifest["receivers_actions"]=a.get__extended_receivers() manifest["providers"] = a.get_providers() manifest["libraries"] = a.get_libraries() apkinfo["manifest"] = manifest # apkinfo["certificate"] = a.get_certificate() static_calls = {} if self.check_size(apkinfo["files"]): vm = DalvikVMFormat(a.get_dex()) vmx = uVMAnalysis(vm) static_calls["all_methods"] = self.get_methods(vmx) static_calls["is_native_code"] = analysis.is_native_code(vmx) static_calls["is_dynamic_code"] = analysis.is_dyn_code(vmx) static_calls["is_reflection_code"] = analysis.is_reflection_code(vmx) # static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx) # static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx) # static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx) # static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx) # static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx) else: log.warning("Dex size bigger than: %s", self.options.decompilation_threshold) apkinfo["static_method_calls"] = static_calls except (IOError, OSError, BadZipfile) as e: raise CuckooProcessingError("Error opening file %s" % e) return apkinfo
def build_options(self): """Generate analysis options. @return: options dict. """ options = {} options["id"] = self.task.id options["ip"] = self.machine.resultserver_ip options["port"] = self.machine.resultserver_port options["category"] = self.task.category options["target"] = self.task.target options["package"] = self.task.package options["options"] = self.task.options options["enforce_timeout"] = self.task.enforce_timeout options["clock"] = self.task.clock options["terminate_processes"] = self.cfg.cuckoo.terminate_processes options["upload_max_size"] = self.cfg.resultserver.upload_max_size options["do_upload_max_size"] = int(self.cfg.resultserver.do_upload_max_size) if not self.task.timeout or self.task.timeout == 0: options["timeout"] = self.cfg.timeouts.default else: options["timeout"] = self.task.timeout if self.task.category == "file": file_obj = File(self.task.target) options["file_name"] = file_obj.get_name() options["file_type"] = file_obj.get_type() # if it's a PE file, collect export information to use in more smartly determining the right package to use options["exports"] = file_obj.get_dll_exports() del file_obj # options from auxiliar.conf for plugin in self.aux_cfg.auxiliar_modules.keys(): options[plugin] = self.aux_cfg.auxiliar_modules[plugin] return options
def run(self): """Run Google play unofficial python api the get the google play information @return: list of google play features """ self.key = "googleplay" googleplay = {} if not HAVE_GOOGLEPLAY: log.error("Unable to import the GooglePlay library, has it been " "installed properly?") return if not HAVE_ANDROGUARD: log.error("Could not find the Androguard library, please install " "it. (`pip install androguard`)") if ("file" not in self.task["category"]): return f = File(self.task["target"]) if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type(): if not os.path.exists(self.file_path): raise CuckooProcessingError( "Sample file doesn't exist: \"%s\"" % self.file_path) android_id = self.options.get("android_id") google_login = self.options.get("google_login") google_password = self.options.get("google_password") # auth_token = self.options.get("auth_token", None) if not android_id and not google_login and not google_password: raise CuckooProcessingError( "Google Play Credentials not configured, skip") try: a = APK(self.file_path) if a.is_valid_APK(): package = a.get_package() # Connect api = GooglePlayAPI(android_id) api.login(google_login, google_password, None) # Get the version code and the offer type from the app details app_data = api.details(package) app_detail = app_data.docV2.details.appDetails if not app_detail.installationSize: return googleplay googleplay["title"] = app_detail.title googleplay["app_category"] = app_detail.appCategory._values googleplay["version_code"] = app_detail.versionCode googleplay["app_type"] = app_detail.appType googleplay["content_rating"] = app_detail.contentRating googleplay["developer_email"] = app_detail.developerEmail googleplay["developer_name"] = app_detail.developerName googleplay[ "developer_website"] = app_detail.developerWebsite googleplay[ "installation_size"] = app_detail.installationSize googleplay["num_downloads"] = app_detail.numDownloads googleplay["upload_date"] = app_detail.uploadDate googleplay["permissions"] = app_detail.permission._values except (IOError, OSError, BadZipfile) as e: raise CuckooProcessingError("Error opening file %s" % e) return googleplay
def run(self): """Run Google play unofficial python api the get the google play information @return: list of google play features """ self.key = "googleplay" googleplay = {} if not HAVE_GOOGLEPLAY: log.error("Unable to import the GooglePlay library, has it been " "installed properly?") return if not HAVE_ANDROGUARD: log.error("Could not find the Androguard library, please install " "it. (`pip install androguard`)") if ("file" not in self.task["category"]): return f = File(self.task["target"]) if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type(): if not os.path.exists(self.file_path): raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path) android_id = self.options.get("android_id") google_login = self.options.get("google_login") google_password = self.options.get("google_password") # auth_token = self.options.get("auth_token", None) if not android_id and not google_login and not google_password: raise CuckooProcessingError("Google Play Credentials not configured, skip") try: a = APK(self.file_path) if a.is_valid_APK(): package = a.get_package() # Connect api = GooglePlayAPI(android_id) api.login(google_login, google_password, None) # Get the version code and the offer type from the app details app_data = api.details(package) app_detail = app_data.docV2.details.appDetails if not app_detail.installationSize: return googleplay googleplay["title"] = app_detail.title googleplay["app_category"] = app_detail.appCategory._values googleplay["version_code"] = app_detail.versionCode googleplay["app_type"] = app_detail.appType googleplay["content_rating"] = app_detail.contentRating googleplay["developer_email"] = app_detail.developerEmail googleplay["developer_name"] = app_detail.developerName googleplay["developer_website"] = app_detail.developerWebsite googleplay["installation_size"] = app_detail.installationSize googleplay["num_downloads"] = app_detail.numDownloads googleplay["upload_date"] = app_detail.uploadDate googleplay["permissions"] = app_detail.permission._values except (IOError, OSError, BadZipfile) as e: raise CuckooProcessingError("Error opening file %s" % e) return googleplay