def launch_analysis(self): """Start analysis. @raise CuckooAnalysisError: if unable to start analysis. """ log.info("Starting analysis of file \"%s\"" % self.task.file_path) if not os.path.exists(self.task.file_path): raise CuckooAnalysisError("The file to analyze does not exist at path \"%s\", analysis aborted" % self.task.file_path) self.init_storage() self.store_file() options = self.build_options() while True: machine_lock.acquire() vm = mmanager.acquire(machine_id=self.task.machine, platform=self.task.platform) machine_lock.release() if not vm: log.debug("No machine available") time.sleep(1) else: log.info("Acquired machine %s (Label: %s)" % (vm.id, vm.label)) break # Initialize sniffer if self.cfg.cuckoo.use_sniffer: sniffer = Sniffer(self.cfg.cuckoo.tcpdump) sniffer.start(interface=self.cfg.cuckoo.interface, host=vm.ip, file_path=os.path.join(self.analysis.results_folder, "dump.pcap")) else: sniffer = False try: # Start machine mmanager.start(vm.label) # Initialize guest manager guest = GuestManager(vm.ip, vm.platform) # Launch analysis guest.start_analysis(options) # Wait for analysis to complete success = guest.wait_for_completion() # Stop sniffer if sniffer: sniffer.stop() if not success: raise CuckooAnalysisError("Analysis failed, review previous errors") # Save results guest.save_results(self.analysis.results_folder) except (CuckooMachineError, CuckooGuestError) as e: raise CuckooAnalysisError(e.message) finally: # Stop machine mmanager.stop(vm.label) # Release the machine from lock mmanager.release(vm.label) # Launch reports generation Reporter(self.analysis.results_folder).run(Processor(self.analysis.results_folder).run()) log.info("Reports generation completed (path=%s)" % self.analysis.results_folder)
def launch_analysis(self): """Start analysis.""" sniffer = None succeeded = False stored = False log.info("Starting analysis of %s \"%s\" (task=%d)" % (self.task.category.upper(), self.task.target, self.task.id)) # Initialize the the analysis folders. if not self.init_storage(): return False if self.task.category == "file": # Store a copy of the original file. if not self.store_file(): return False # Generate the analysis configuration file. options = self.build_options() # Acquire analysis machine. machine = self.acquire_machine() # If enabled in the configuration, start the tcpdump instance. if self.cfg.sniffer.enabled: sniffer = Sniffer(self.cfg.sniffer.tcpdump) sniffer.start(interface=self.cfg.sniffer.interface, host=machine.ip, file_path=os.path.join(self.storage, "dump.pcap")) try: # Mark the selected analysis machine in the database as started. guest_log = Database().guest_start(self.task.id, machine.name, machine.label, mmanager.__class__.__name__) # Start the machine. mmanager.start(machine.label) except CuckooMachineError as e: log.error(str(e), extra={"task_id" : self.task.id}) # Stop the sniffer. if sniffer: sniffer.stop() return False else: try: # Initialize the guest manager. guest = GuestManager(machine.name, machine.ip, machine.platform) # Start the analysis. guest.start_analysis(options) except CuckooGuestError as e: log.error(str(e), extra={"task_id" : self.task.id}) # Stop the sniffer. if sniffer: sniffer.stop() return False else: # Wait for analysis completion. try: guest.wait_for_completion() succeeded = True except CuckooGuestError as e: log.error(str(e), extra={"task_id" : self.task.id}) succeeded = False # Retrieve the analysis results and store them. try: guest.save_results(self.storage) stored = True except CuckooGuestError as e: log.error(str(e), extra={"task_id" : self.task.id}) stored = False finally: # Stop the sniffer. if sniffer: sniffer.stop() # If the target is a file and the user enabled the option, # delete the original copy. if self.task.category == "file" and self.cfg.cuckoo.delete_original: try: os.remove(self.task.target) except OSError as e: log.error("Unable to delete original file at path \"%s\": " "%s" % (self.task.target, e)) # Take a memory dump of the machine before shutting it off. do_memory_dump = False if self.cfg.cuckoo.memory_dump: do_memory_dump = True else: if self.task.memory: do_memory_dump = True if do_memory_dump: try: mmanager.dump_memory(machine.label, os.path.join(self.storage, "memory.dmp")) except NotImplementedError: log.error("The memory dump functionality is not available " "for current machine manager") except CuckooMachineError as e: log.error(e) try: # Stop the analysis machine. mmanager.stop(machine.label) # Market the machine in the database as stopped. Database().guest_stop(guest_log) # Release the analysis machine. mmanager.release(machine.label) except CuckooMachineError as e: log.error("Unable to release machine %s, reason %s. " "You might need to restore it manually" % (machine.label, e)) # If the results were correctly stored, we process the results and # generate the reports. if stored: self.process_results() return succeeded
def test_tcpdump_path_(self): assert_equals(Sniffer("foo").tcpdump, "foo")
def test_interface_not_found(self): assert_equals(False, Sniffer("foo").start("ethfoo"))
def test_tcpdump_not_found(self): assert_equals(False, Sniffer("foo").start())
def launch_analysis(self): """Start analysis. @raise CuckooAnalysisError: if unable to start analysis. """ log.info("Starting analysis of file \"%s\" (task=%s)" % (self.task.file_path, self.task.id)) if not os.path.exists(self.task.file_path): raise CuckooAnalysisError( "The file to analyze does not exist at path \"%s\", analysis aborted" % self.task.file_path) self.init_storage() self.store_file() options = self.build_options() while True: machine_lock.acquire() vm = mmanager.acquire(machine_id=self.task.machine, platform=self.task.platform) machine_lock.release() if not vm: log.debug("Task #%s: no machine available" % self.task.id) time.sleep(1) else: log.info("Task #%s: acquired machine %s (label=%s)" % (self.task.id, vm.id, vm.label)) break # Initialize sniffer if self.cfg.cuckoo.use_sniffer: sniffer = Sniffer(self.cfg.cuckoo.tcpdump) sniffer.start(interface=self.cfg.cuckoo.interface, host=vm.ip, file_path=os.path.join(self.analysis.results_folder, "dump.pcap")) else: sniffer = False try: # Start machine mmanager.start(vm.label) # Initialize guest manager guest = GuestManager(vm.id, vm.ip, vm.platform) # Launch analysis guest.start_analysis(options) # Wait for analysis to complete success = guest.wait_for_completion() # Stop sniffer if sniffer: sniffer.stop() if not success: raise CuckooAnalysisError( "Task #%s: analysis failed, review previous errors" % self.task.id) # Save results guest.save_results(self.analysis.results_folder) except (CuckooMachineError, CuckooGuestError) as e: raise CuckooAnalysisError(e) finally: # Stop machine mmanager.stop(vm.label) # Release the machine from lock mmanager.release(vm.label) # Launch reports generation Reporter(self.analysis.results_folder).run( Processor(self.analysis.results_folder).run()) log.info("Task #%s: reports generation completed (path=%s)" % (self.task.id, self.analysis.results_folder))
def launch_analysis(self): """Start analysis.""" sniffer = None succeeded = False log.info("Starting analysis of %s \"%s\" (task=%d)", self.task.category.upper(), self.task.target, self.task.id) # Initialize the the analysis folders. if not self.init_storage(): return False if self.task.category == "file": # Store a copy of the original file. if not self.store_file(): return False # Generate the analysis configuration file. options = self.build_options() # Acquire analysis machine. machine = self.acquire_machine() # At this point we can tell the Resultserver about it try: Resultserver().add_task(self.task, machine) except Exception as e: mmanager.release(machine.label) self.errors.put(e) # If enabled in the configuration, start the tcpdump instance. if self.cfg.sniffer.enabled: sniffer = Sniffer(self.cfg.sniffer.tcpdump) sniffer.start(interface=self.cfg.sniffer.interface, host=machine.ip, file_path=os.path.join(self.storage, "dump.pcap")) try: # Mark the selected analysis machine in the database as started. guest_log = Database().guest_start(self.task.id, machine.name, machine.label, mmanager.__class__.__name__) # Start the machine. mmanager.start(machine.label) except CuckooMachineError as e: log.error(str(e), extra={"task_id" : self.task.id}) # Stop the sniffer. if sniffer: sniffer.stop() return False else: try: # Initialize the guest manager. guest = GuestManager(machine.name, machine.ip, machine.platform) # Start the analysis. guest.start_analysis(options) except CuckooGuestError as e: log.error(str(e), extra={"task_id" : self.task.id}) # Stop the sniffer. if sniffer: sniffer.stop() return False else: # Wait for analysis completion. try: guest.wait_for_completion() succeeded = True except CuckooGuestError as e: log.error(str(e), extra={"task_id" : self.task.id}) succeeded = False finally: # Stop the sniffer. if sniffer: sniffer.stop() # Take a memory dump of the machine before shutting it off. if self.cfg.cuckoo.memory_dump or self.task.memory: try: mmanager.dump_memory(machine.label, os.path.join(self.storage, "memory.dmp")) except NotImplementedError: log.error("The memory dump functionality is not available " "for current machine manager") except CuckooMachineError as e: log.error(e) try: # Stop the analysis machine. mmanager.stop(machine.label) except CuckooMachineError as e: log.warning("Unable to stop machine %s: %s", machine.label, e) # Market the machine in the database as stopped. Database().guest_stop(guest_log) try: # Release the analysis machine. mmanager.release(machine.label) except CuckooMachineError as e: log.error("Unable to release machine %s, reason %s. " "You might need to restore it manually", machine.label, e) # after all this, we can make the Resultserver forget about it Resultserver().del_task(self.task, machine) return succeeded
def launch_analysis(self): """Start analysis.""" sniffer = None succeeded = False log.info("Starting analysis of %s \"%s\" (task=%d)", self.task.category.upper(), self.task.target, self.task.id) # Initialize the the analysis folders. if not self.init_storage(): return False ### JG: added interaction if self.task.category == "file" and self.task.interaction < 2: # Store a copy of the original file. if not self.store_file(): return False # Generate the analysis configuration file. options = self.build_options() ### JG: added log output if options['interaction'] > 0: log.info("Starting analysis by interactive command shell or browser") # Acquire analysis machine. machine = self.acquire_machine() # At this point we can tell the Resultserver about it try: Resultserver().add_task(self.task, machine) except Exception as e: mmanager.release(machine.label) self.errors.put(e) # If enabled in the configuration, start the tcpdump instance. if self.cfg.sniffer.enabled: sniffer = Sniffer(self.cfg.sniffer.tcpdump) sniffer.start(interface=self.cfg.sniffer.interface, host=machine.ip, file_path=os.path.join(self.storage, "dump.pcap")) ### JG: If enabled in the configuration, start the netflow probe instance. if self.cfg.netflow.enabled: fprobe = Netflow(self.cfg.netflow.generator, self.cfg.netflow.collector) nflowPort = int(machine.ip.split('.')[-1]) fprobe.start(interface=self.cfg.sniffer.interface, dst=self.cfg.netflow.destination, dport=nflowPort, file_path=os.path.join(self.storage)) else: fprobe = False ### JG: If enabled in the configuration, start the fake DNS server. if self.cfg.fakedns.enabled: fdns = fakeDNS(self.cfg.fakedns.fakedns) fdns.start(ip=self.cfg.fakedns.dnsip, withInternet=options["internet"]) else: fdns = False ### JG: check if NAT should be enabled if options["internet"]: try: pargs = ['/usr/bin/sudo', self.cfg.nat.enable] enableNAT = subprocess.Popen(pargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE) except (OSError, ValueError) as e: log.error("Failed to enable NAT" % (e)) else: try: pargs = ['/usr/bin/sudo', self.cfg.nat.disable] disableNAT = subprocess.Popen(pargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE) except (OSError, ValueError) as e: log.error("Failed to disable NAT" % (e)) try: # Mark the selected analysis machine in the database as started. guest_log = Database().guest_start(self.task.id, machine.name, machine.label, mmanager.__class__.__name__) # Start the machine. mmanager.start(machine.label) except CuckooMachineError as e: log.error(str(e), extra={"task_id" : self.task.id}) # Stop the sniffer. if sniffer: sniffer.stop() ### JG: Stop netflow if fprobe: fprobe.stop() ### JG: Stop fakeDNS if fdns: fdns.stop() ### JG: Disable NAT if options["internet"]: try: pargs = ['/usr/bin/sudo', self.cfg.nat.disable] disableNAT = subprocess.Popen(pargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE) except (OSError, ValueError) as e: log.error("Failed to enable NAT: %s" % (e)) return False else: try: # Initialize the guest manager. guest = GuestManager(machine.name, machine.ip, machine.platform) # Start the analysis. guest.start_analysis(options) log.info("guest initialization successfull.") except CuckooGuestError as e: log.error(str(e), extra={"task_id" : self.task.id}) # Stop the sniffer. if sniffer: sniffer.stop() ### JG: Stop netflow if fprobe: fprobe.stop() ### JG: Stop fakeDNS if fdns: fdns.stop() ### JG: Disable NAT if options["internet"]: try: pargs = ['/usr/bin/sudo', self.cfg.nat.disable] disableNAT = subprocess.Popen(pargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE) except (OSError, ValueError) as e: log.error("Failed to enable NAT: %s" % (e)) return False else: # Wait for analysis completion. try: guest.wait_for_completion() succeeded = True except CuckooGuestError as e: log.error(str(e), extra={"task_id" : self.task.id}) succeeded = False finally: # Stop the sniffer. if sniffer: sniffer.stop() ### JG: Stop netflow if fprobe: fprobe.stop() ### JG: Stop fakeDNS if fdns: fdns.stop() ### JG: Disable NAT if options["internet"]: try: pargs = ['/usr/bin/sudo', self.cfg.nat.disable] disableNAT = subprocess.Popen(pargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE) except (OSError, ValueError) as e: log.error("Failed to enable NAT: %s" % (e)) # Take a memory dump of the machine before shutting it off. if self.cfg.cuckoo.memory_dump or self.task.memory: try: mmanager.dump_memory(machine.label, os.path.join(self.storage, "memory.dmp")) except NotImplementedError: log.error("The memory dump functionality is not available " "for current machine manager") except CuckooMachineError as e: log.error(e) try: # Stop the analysis machine. mmanager.stop(machine.label) except CuckooMachineError as e: log.warning("Unable to stop machine %s: %s", machine.label, e) # Market the machine in the database as stopped. Database().guest_stop(guest_log) try: # Release the analysis machine. mmanager.release(machine.label) except CuckooMachineError as e: log.error("Unable to release machine %s, reason %s. " "You might need to restore it manually", machine.label, e) # after all this, we can make the Resultserver forget about it Resultserver().del_task(self.task, machine) return succeeded
def launch_analysis(self): """Start analysis.""" sniffer = None succeeded = False log.info("Starting analysis of %s \"%s\" (task=%d)", self.task.category.upper(), self.task.target, self.task.id) # Initialize the the analysis folders. if not self.init_storage(): return False if self.task.category == "file": # Store a copy of the original file. if not self.store_file(): return False # Generate the analysis configuration file. options = self.build_options() # Acquire analysis machine. machine = self.acquire_machine() # At this point we can tell the Resultserver about it try: Resultserver().add_task(self.task, machine) except Exception as e: mmanager.release(machine.label) self.errors.put(e) # If enabled in the configuration, start the tcpdump instance. if self.cfg.sniffer.enabled: sniffer = Sniffer(self.cfg.sniffer.tcpdump) sniffer.start(interface=self.cfg.sniffer.interface, host=machine.ip, file_path=os.path.join(self.storage, "dump.pcap")) try: # Mark the selected analysis machine in the database as started. guest_log = Database().guest_start(self.task.id, machine.name, machine.label, mmanager.__class__.__name__) # Start the machine. mmanager.start(machine.label) except CuckooMachineError as e: log.error(str(e), extra={"task_id": self.task.id}) # Stop the sniffer. if sniffer: sniffer.stop() return False else: try: # Initialize the guest manager. guest = GuestManager(machine.name, machine.ip, machine.platform) # Start the analysis. guest.start_analysis(options) except CuckooGuestError as e: log.error(str(e), extra={"task_id": self.task.id}) # Stop the sniffer. if sniffer: sniffer.stop() return False else: # Wait for analysis completion. try: guest.wait_for_completion() succeeded = True except CuckooGuestError as e: log.error(str(e), extra={"task_id": self.task.id}) succeeded = False finally: # Stop the sniffer. if sniffer: sniffer.stop() # Take a memory dump of the machine before shutting it off. if self.cfg.cuckoo.memory_dump or self.task.memory: try: mmanager.dump_memory( machine.label, os.path.join(self.storage, "memory.dmp")) except NotImplementedError: log.error("The memory dump functionality is not available " "for current machine manager") except CuckooMachineError as e: log.error(e) try: # Stop the analysis machine. mmanager.stop(machine.label) except CuckooMachineError as e: log.warning("Unable to stop machine %s: %s", machine.label, e) # Market the machine in the database as stopped. Database().guest_stop(guest_log) try: # Release the analysis machine. mmanager.release(machine.label) except CuckooMachineError as e: log.error( "Unable to release machine %s, reason %s. " "You might need to restore it manually", machine.label, e) # after all this, we can make the Resultserver forget about it Resultserver().del_task(self.task, machine) return succeeded
def launch_analysis(self): """Start analysis. @raise CuckooAnalysisError: if unable to start analysis. """ log.info('Starting analysis of file "%s" (task=%s)' % (self.task.file_path, self.task.id)) if not os.path.exists(self.task.file_path): raise CuckooAnalysisError( 'The file to analyze does not exist at path "%s", analysis aborted' % self.task.file_path ) self.init_storage() self.store_file() options = self.build_options() while True: machine_lock.acquire() vm = mmanager.acquire(machine_id=self.task.machine, platform=self.task.platform) machine_lock.release() if not vm: log.debug("Task #%s: no machine available" % self.task.id) time.sleep(1) else: log.info("Task #%s: acquired machine %s (label=%s)" % (self.task.id, vm.id, vm.label)) break # Initialize sniffer if self.cfg.cuckoo.use_sniffer: sniffer = Sniffer(self.cfg.cuckoo.tcpdump) sniffer.start( interface=self.cfg.cuckoo.interface, host=vm.ip, file_path=os.path.join(self.analysis.results_folder, "dump.pcap"), ) else: sniffer = False try: # Start machine mmanager.start(vm.label) # Initialize guest manager guest = GuestManager(vm.id, vm.ip, vm.platform) # Launch analysis guest.start_analysis(options) # Wait for analysis to complete success = guest.wait_for_completion() # Stop sniffer if sniffer: sniffer.stop() # Save results guest.save_results(self.analysis.results_folder) if not success: raise CuckooAnalysisError("Task #%s: analysis failed, review previous errors" % self.task.id) except (CuckooMachineError, CuckooGuestError) as e: raise CuckooAnalysisError(e) finally: # Delete original file if self.cfg.cuckoo.delete_original: try: os.remove(self.task.file_path) except OSError as e: log.error('Unable to delete original file at path "%s": %s' % (self.task.file_path, e)) try: # Stop machine mmanager.stop(vm.label) # Release the machine from lock log.debug("Task #%s: releasing machine %s (label=%s)" % (self.task.id, vm.id, vm.label)) mmanager.release(vm.label) except CuckooMachineError as e: log.error("Unable to release vm %s, reason %s. You have to fix it manually" % (vm.label, e)) # Check analysis file size to avoid memory leaks. try: for csv in os.listdir(os.path.join(self.analysis.results_folder, "logs")): csv = os.path.join(self.analysis.results_folder, "logs", csv) if os.stat(csv).st_size > self.cfg.cuckoo.analysis_size_limit: raise CuckooAnalysisError( "Analysis file %s is too big to be processed. Analysis aborted. You can process it manually" % csv ) except OSError as e: log.warning("Log access error for analysis #%s: %s" % (self.task.id, e)) # Launch reports generation Reporter(self.analysis.results_folder).run(Processor(self.analysis.results_folder).run()) log.info("Task #%s: reports generation completed (path=%s)" % (self.task.id, self.analysis.results_folder))
def launch_analysis(self): """Start analysis. @raise CuckooAnalysisError: if unable to start analysis. """ log.info("Starting analysis of file \"%s\" (task=%s)" % (self.task.file_path, self.task.id)) if not os.path.exists(self.task.file_path): raise CuckooAnalysisError("The file to analyze does not exist at path \"%s\", analysis aborted" % self.task.file_path) self.init_storage() self.store_file() options = self.build_options() while True: machine_lock.acquire() vm = mmanager.acquire(machine_id=self.task.machine, platform=self.task.platform) machine_lock.release() if not vm: log.debug("Task #%s: no machine available" % self.task.id) time.sleep(1) else: log.info("Task #%s: acquired machine %s (label=%s)" % (self.task.id, vm.id, vm.label)) break # Initialize sniffer if self.cfg.cuckoo.use_sniffer: sniffer = Sniffer(self.cfg.cuckoo.tcpdump) sniffer.start(interface=self.cfg.cuckoo.interface, host=vm.ip, file_path=os.path.join(self.analysis.results_folder, "dump.pcap")) else: sniffer = False # Initialize VMWare ScreenShot MachineManager() module = MachineManager.__subclasses__()[0] mman = module() mman_conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % self.cfg.cuckoo.machine_manager) if not os.path.exists(mman_conf): raise CuckooMachineError("The configuration file for machine manager \"%s\" does not exist at path: %s" % (self.cfg.cuckoo.machine_manager, mman_conf)) mman.set_options(Config(mman_conf)) mman.initialize(self.cfg.cuckoo.machine_manager) screener = Screener(mman.options.vmware.path, vm.label, "avtest", "avtest", self.analysis.results_folder) try: # Start machine mmanager.start(vm.label) # Initialize guest manager guest = GuestManager(vm.id, vm.ip, vm.platform) # Launch analysis guest.start_analysis(options) # Start Screenshots screener.start() # Wait for analysis to complete success = guest.wait_for_completion() # Stop sniffer if sniffer: sniffer.stop() # Stop Screenshots if screener: screener.stop() if not success: raise CuckooAnalysisError("Task #%s: analysis failed, review previous errors" % self.task.id) # Save results guest.save_results(self.analysis.results_folder) except (CuckooMachineError, CuckooGuestError) as e: raise CuckooAnalysisError(e) #""" finally: # Stop machine mmanager.stop(vm.label) # Release the machine from lock mmanager.release(vm.label) #""" # Launch reports generation Reporter(self.analysis.results_folder).run(Processor(self.analysis.results_folder).run()) log.info("Task #%s: reports generation completed (path=%s)" % (self.task.id, self.analysis.results_folder))