Пример #1
0
if sys.version_info < (2, 6, 6):
    sys.stderr.write("Mastiff requires python version 2.6.6")
    sys.exit(1)

setup(
    author='Tyler Hudak',
    author_email='*****@*****.**',
    #data_files=[('/etc/mastiff', ['mastiff.conf'])],
    description="""MASTIFF is a static analysis automation framework.""",
    install_requires=['yapsy'],
    license='Apache License V2.0',
    long_description="""MASTIFF is a static analysis framework that automates the
process of extracting key characteristics from a number of different file
formats. To ensure the framework remains flexible and extensible, a
community-driven set of plug-ins is used to perform file analysis and data
extraction. While originally designed to support malware, intrusion, and
forensic analysis, the framework is well-suited to support a broader range of
analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis
rather than figuring out how to parse files.""",
    maintainer='Tyler Hudak',
    maintainer_email='*****@*****.**',
    name='mastiff',
    packages=find_packages(),
    package_data={'': ['*.py', '*.yapsy-plugin'] },
    platforms=['Linux'],
    scripts=['mas.py'],
    url='http://www.korelogic.com',
    version=get_release_string())

Пример #2
0
from mastiff import get_release_string

if sys.version_info < (2, 6, 6):
    sys.stderr.write("Mastiff requires python version 2.6.6")
    sys.exit(1)

setup(
    author='Tyler Hudak',
    author_email='*****@*****.**',
    data_files=[('/etc/mastiff', ['mastiff.conf'])],
    description="""MASTIFF is a static analysis automation framework.""",
    install_requires=['Yapsy == 1.10, !=1.10-python3'],
    license='Apache License V2.0',
    long_description="""MASTIFF is a static analysis framework that automates the
process of extracting key characteristics from a number of different file
formats. To ensure the framework remains flexible and extensible, a
community-driven set of plug-ins is used to perform file analysis and data
extraction. While originally designed to support malware, intrusion, and
forensic analysis, the framework is well-suited to support a broader range of
analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis
rather than figuring out how to parse files.""",
    maintainer='Tyler Hudak',
    maintainer_email='*****@*****.**',
    name='mastiff',
    packages=find_packages(),
    package_data={'': ['*.py', '*.yapsy-plugin']},
    platforms=['Linux'],
    scripts=['mas.py'],
    url='http://www.korelogic.com',
    version=get_release_string())
Пример #3
0
def main():
    """Parse options and analyze file."""

    usage = "usage: %prog [options] FILE|DIRECTORY"
    parser = OptionParser(
                     add_help_option = False,
                     version = "%prog " + get_release_string(),
                     usage = usage)
    parser.remove_option("--version")
    
    parser.add_option(
                     "--conf",
                     "-c",
                      action = "store",
                      default = "./mastiff.conf",
                      dest = "config_file",
                      help = "Use an alternate config file. The default is './mastiff.conf'.",
                      type = "string")
    parser.add_option(
                      "--help",
                      "-h",
                      action = "help",
                      help = "Show the help message and exit.")
    parser.add_option(
                      "--list",
                      "-l",
                      action = "store",
                      dest = "list_plugins",
                      help = "List all available plug-ins of the specified type and exit. Type must be one of 'analysis' or 'cat'.",
                      metavar = "PLUGIN_TYPE")
    parser.add_option(
                      "--option",
                      "-o",
                      action="append",
                      default = None,
                      dest = "override",
                      help = "Override a config file option. Configuration options should be specified as 'Section.Key=Value' and should be quoted if any whitespace is present. Multiple overrides can be specified by using multiple '-o' options.")
    parser.add_option(
                      "--plugin",
                      "-p",
                      action = "store",
                      default = None,
                      dest = "plugin_name",
                      help = "Only run the specified analysis plug-in. Name must be quoted if it contains whitespace.")
    parser.add_option(
                      "--quiet",
                      "-q",
                      action = "store_true",
                      default = False,
                      dest = "quiet",
                      help = "Only log errors.")
    parser.add_option(
                      "--type",
                      "-t",
                      action = "store",
                      default = None,
                      dest = "ftype",
                      help = "Force file to be analyzed with plug-ins from the specified category (e.g., EXE, PDF, etc.). Run with '-l cat' to list all available category plug-ins.",
                      type = "string")
    parser.add_option(
                      "--verbose",
                      "-V",
                      action = "store_true",
                      dest = "verbose",
                      default = False,
                      help = "Print verbose logs.")
    parser.add_option(
                      "--version",
                      "-v",
                      action = "version",
                      help = "Show program's version number and exit.")
    
    queue_group = OptionGroup(parser, "Queue Options")
    queue_group.add_option(
                      "--append-queue",
                      "",
                      action = "store_true",
                      dest = "append_queue",
                      default = False,
                      help = "Append file or directory to job queue and exit.")
    queue_group.add_option(
                      "--clear-queue",
                      "",
                      action = "store_true",
                      dest = "clear_queue",
                      default = False,
                      help = "Clear job queue and exit.")
    queue_group.add_option(
                      "--ignore-queue",
                      "",
                      action = "store_true",
                      dest = "ignore_queue",
                      default = False,
                      help = "Ignore the job queue and just process file.")   
    queue_group.add_option(
                      "--list-queue",
                      "",
                      action = "store_true",
                      dest = "list_queue",
                      default = False,
                      help = "List the contents of the job queue and exit.")
    queue_group.add_option(
                      "--resume-queue",
                      action = "store_true",
                      default = False,
                      dest = "resume_queue",
                      help = "Continue processing the queue.")
    parser.add_option_group(queue_group)

    (opts, args) = parser.parse_args()

    if (args is None or len(args) < 1) and opts.list_plugins is None \
    and opts.clear_queue is False and opts.resume_queue is False \
    and opts.list_queue is False:
        parser.print_help()
        sys.exit(1)

    if opts.verbose == True:
        loglevel = logging.DEBUG
    elif opts.quiet == True:
        loglevel = logging.ERROR
    else:
        loglevel = logging.INFO
        
    format_ = '[%(asctime)s] [%(levelname)s] [%(name)s] : %(message)s'        
    logging.basicConfig(format=format_)
    log = logging.getLogger("Mastiff")
    log.setLevel(loglevel)

    # check to see if we are running as root
    if os.geteuid() == 0:
        log.warning('You are running MASTIFF as ROOT! This may be DANGEROUS!')

    if opts.list_plugins is not None:
        plugs = Mastiff.Mastiff(opts.config_file)
        plugs.list_plugins(opts.list_plugins)
        sys.exit(0)

    # set up job queue
    job_queue = queue.MastiffQueue(opts.config_file)
    
    # process job queue specific options
    if opts.clear_queue is True:
        log.info('Clearing job queue and exiting.')
        job_queue.clear_queue()
        sys.exit(0)
    elif opts.list_queue is True:
        if len(job_queue) == 0:
            log.info("MASTIFF job queue is empty.")
        else:
            log.info("MASTIFF job queue has %d entries." % len(job_queue))
            print "\nFile Name\n---------\n%s" % (job_queue)            
        sys.exit(0)
        
    if len(args) > 0:
        fname = args[0]
    else:
        fname = None
        
    if opts.ignore_queue is True:        
        log.info('Ignoring job queue.')
        analyze_file(fname,  opts,  loglevel)
        sys.exit(0)

    # add file or directory to queue
    if fname is not None:
        add_to_queue(job_queue, fname)
        if opts.append_queue is True:
            sys.exit(0)    

    # Start analysis on the files in the queue until it is empty
    while len(job_queue) > 0:
        fname = job_queue.popleft()
        analyze_file(fname, opts, loglevel)        
        log.info('There are %d jobs in the queue.' % len(job_queue))