def main_menu_choice(selector,symbols):
if (selector == "1"):
click.echo(click.style("DISPLAY PCAP\n", fg="yellow"))
pcap_exchange_menu(symbols)
elif (selector == "2"):
click.echo(click.style("MANIPULATE MENU\n", fg="yellow"))
manipulate_menu(symbols)
elif(selector == "3"):
click.echo(click.style("SAVE\n", fg="yellow"))
save_object(symbols)
elif(selector == "4"):
click.echo(click.style("IPYTHON SHELL",fg="yellow"))
IPython.embed()
main_menu(symbols)
elif (selector == "5"):
click.echo(click.style("EXPORT MENU", fg="yellow"))
exporter_menu(symbols)
elif (selector == "6"):
click.echo(click.style("Dynamic Analysis MENU", fg="yellow"))
dynamic_sequence_menu(symbols)
elif (selector == "E"):
click.echo(click.style("Bye! Thanks for using TAPIRE, feedback welcome! :)", fg="yellow"))
exit()
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
main_menu(symbols)
def clusterize_by_size(symbols, symbol_selector):
if symbol_selector == "*":
messages = []
for symbol in symbols:
messages += symbol.messages.list
else:
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
messages = symbol.messages.list
new_symbols = Format.clusterBySize(messages)
manipulate_menu(new_symbols)
def identifyHash(symbol_selector,symbols):
identifyer = HashIdentifyer()
if symbol_selector == "*":
for symbol in symbols:
click.echo(click.style("[Symbol] : " + symbol.name, fg="red") + "\n")
identifyer.identify(symbol)
else:
symbol = symbolselector.selectsymbol(symbols,symbol_selector)
click.echo(click.style("[Symbol] : " + symbol.name, fg="red") + "\n")
identifyer.identify(symbol)
manipulate_menu(symbols)
def split_static(symbols, symbol_selector, field_selector):
if symbol_selector == "*":
for symbol in symbols:
if field_selector is not None:
Format.splitStatic(symbol.fields[int(field_selector)])
else:
Format.splitStatic(symbol)
else:
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
Format.splitStatic(symbol)
if isinstance(symbols, TypedList):
return
manipulate_menu(symbols)
def headerSeeker_menu_choice(seeker_selector, symbols):
if (seeker_selector == "1"):
click.echo(click.style("Ratio based search\n", fg="yellow"))
seek_headers_ratio(symbols)
elif (seeker_selector == "2"):
click.echo(click.style("Field separator based search\n", fg="yellow"))
seek_headers_field_sep(symbols)
elif (seeker_selector == "3"):
click.echo(click.style("SEARCH FOR HEADER AND DATA FIELDS\n", fg="yellow"))
seek_headers_value_sep(symbols)
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
manipulate_menu(symbols)
def add_encoding_function(symbols, symbol_selector,encoding,syms):
if isinstance(symbols, list) or isinstance(symbols, TypedList):
if symbol_selector == "*":
for symbol in symbols:
symbol.addEncodingFunction(encoding)
else:
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
symbol.addEncodingFunction(encoding)
else:
symbols.addEncodingFunction(encoding)
if syms is None:
manipulate_menu(symbols)
else:
manipulate_menu(syms)
def clusterize_by_CRC(symbols, symbol_selector):
if symbol_selector == "*":
messages = []
for symbol in symbols:
messages += symbol.messages.list
else:
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
messages = symbol.messages.list
new_symbols = Format.clusterByCRC(messages)
if symbol_selector != "*":
replace_symbols.replace_symb(symbols, symbol, new_symbols)
else:
symbols = new_symbols
manipulate_menu(symbols)
def split_aligned(symbols, symbol_selector, field_selector):
if symbol_selector != "*":
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
Format.splitAligned(symbol)
else:
for symbol in symbols:
if field_selector is not None:
Format.splitAligned(symbol.fields[int(field_selector)],
doInternalSlick=True)
else:
Format.splitAligned(symbol)
if isinstance(symbols, TypedList):
return
manipulate_menu(symbols)
def seek_headers_ratio(symbols):
ratio = 0
while not 0 < ratio <1:
ratio = input(" Please input a ratio >>> ")
ratio = float(ratio)
if not 0 < ratio < 1:
click.echo(click.style("[ERROR] ", fg="red") + click.style("Ratio must be between 0 and 1 (strictly)", fg="blue") + '\n')
click.echo(click.style("Searching for Headers\n", fg="yellow"))
seeker = headerDetector(ratio=True,ratioValue=ratio)
found = seeker.findOnSymbols(symbols)
if found:
click.echo(click.style("Renaming headers\n", fg="yellow"))
else:
click.echo(click.style("Sorry, didn't find anything!\n", fg="yellow"))
manipulate_menu(symbols)
def simpleSeeker_menu_choice(seeker_selector, symbols, symbol_selector):
if (seeker_selector == "1"):
click.echo(click.style("ANALYSE ENTROPY\n", fg="yellow"))
entropyfinder_menu(symbol_selector, symbols)
elif (seeker_selector == "2"):
click.echo(click.style("RELATION FINDER\n", fg="yellow"))
relationfinder_menu(symbol_selector, symbols)
elif (seeker_selector == "3"):
click.echo(click.style("RUN HASH IDENTIFYER\n", fg="yellow"))
identifyHash(symbol_selector, symbols)
elif (seeker_selector == "B"):
click.echo(click.style("BACK TO PREVIOUS MENU\n", fg="yellow"))
manipulate_menu(symbols)
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
simpleSeeker_menu(symbol_selector, symbols)
def seek_headers_value_sep(symbols):
click.echo(click.style("[1] ", fg="green") + click.style("[Ascii]", fg="blue") + '\n')
click.echo(click.style("[2] ", fg="green") + click.style("[Raw]", fg="blue") + '\n')
click.echo(click.style("[3] ", fg="green") + click.style("[HexaString]", fg="blue") + '\n')
click.echo(click.style("[4] ", fg="green") + click.style("[BitArray]", fg="blue") + '\n')
click.echo(click.style("[5] ", fg="green") + click.style("[Integer]", fg="blue") + '\n')
click.echo(click.style("[6] ", fg="green") + click.style("[IPV4]", fg="blue") + '\n')
click.echo(click.style("[7] ", fg="green") + click.style("[TimeStamp]", fg="blue") + '\n')
separator = input(" Please select a type of data for the separator between header and data >>> ")
if separator == "1":
separator = "ASCII"
elif separator == "2":
separator = "RAW"
elif separator == "3":
separator = "Hexadecimal"
elif separator == "4":
separator = "BitArray"
elif separator == "5":
separator = "Integer"
elif separator == "6":
separator = "IPV4"
elif separator == "7":
separator = "TimeStamp"
else:
click.echo(click.style("[ERROR] ", fg="red") + click.style("Wrong selection",
fg="blue") + '\n')
headerSeeker_menu(symbols)
value = input("Please specify the value of the separator>>> ")
if separator == "ASCII":
field = Field(domain = ASCII(value))
elif separator == "Raw":
field = Field(domain=Raw(converter.input_to_raw(value)))
elif separator == "Hexadecimal":
pass
else:
click.echo(click.style("[ERROR] ", fg="red") + click.style("Wrong selection",
fg="blue") + '\n')
headerSeeker_menu(symbols)
seeker = headerDetector(separator=True, separatorValue=field)
found = seeker.findOnSymbols(symbols)
if found:
click.echo(click.style("Renaming headers\n", fg="yellow"))
else:
click.echo(click.style("Sorry, didn't find anything!\n", fg="yellow"))
manipulate_menu(symbols)
pass
def clusterize_by_alignment(symbols, symbol_selector):
if symbol_selector == "*":
messages = []
for symbol in symbols:
messages += symbol.messages.list
else:
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
messages = symbol.messages.list
new_symbols = Format.clusterByAlignment(messages)
if not isinstance(new_symbols, list):
new_symbols = [new_symbols]
if new_symbols[0].name == "Symbol":
index = 0
for sym in new_symbols:
sym.name = "Symbol-" + str(index)
index += 1
manipulate_menu(new_symbols)
def clusterize_by_key_field(symbols, symbol_selector):
if symbol_selector == "*":
click.echo(
click.style("[ERROR] ", fg="red") +
click.style("Selector can't be * for key field clustering!",
fg="blue") + '\n')
manipulate_menu(symbols)
else:
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
display_symbol(symbol)
for index, field in enumerate(symbol.fields):
click.echo(
click.style("[" + str(index) + "] ", fg="green") +
click.style("Field-", fg="blue") + str(index))
field_index = input("Please Select a field to cluster >>> ")
field = symbol.fields[int(field_index)]
new_symbols = Format.clusterByKeyField(symbol, field)
replace_symbols.replace_symb(symbols, symbol, new_symbols)
manipulate_menu(symbols)
def complexSeeker_menu_choice(seeker_selector, symbols, symbol_selector):
if (seeker_selector == "1"):
click.echo(click.style("SEARCH FOR IPS\n", fg="yellow"))
metaseeker_menu(symbol_selector, symbols)
elif (seeker_selector == "2"):
click.echo(click.style("SEARCH FOR CRC32\n", fg="yellow"))
crcSeeker_menu(symbol_selector, symbols)
elif (seeker_selector == "3"):
click.echo(
click.style("SEARCH FOR HEADER AND DATA FIELDS\n", fg="yellow"))
headerSeeker_menu(symbols)
elif (seeker_selector == "4"):
click.echo(click.style("SEARCH FOR SIZE\n", fg="yellow"))
sizeSeeker_menu(symbol_selector, symbols)
elif (seeker_selector == "B"):
click.echo(click.style("BACK TO PREVIOUS MENU\n", fg="yellow"))
manipulate_menu(symbols)
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
complexSeeker_menu(symbol_selector, symbols)
def clusterize_menu_choice(selector, symbols, symbol_selector):
if (selector == "1"):
click.echo(click.style("CLUSTER BY SIZE\n", fg="yellow"))
clusterize_by_size(symbols, symbol_selector)
elif (selector == "2"):
click.echo(click.style("CLUSTER BY ALIGNMENT\n", fg="yellow"))
clusterize_by_alignment(symbols, symbol_selector)
elif (selector == "3"):
click.echo(click.style("CLUSTER BY APPLICATIVE DATA\n", fg="yellow"))
#clusterize_by_applicative(symbols,symbol_selector)
elif (selector == "4" and symbol_selector != "*"):
click.echo(click.style("CLUSTER BY CRC32\n", fg="yellow"))
clusterize_by_CRC(symbols, symbol_selector)
elif (selector == "5" and symbol_selector != "*"):
click.echo(click.style("CLUSTER BY KEY FIELD\n", fg="yellow"))
clusterize_by_key_field(symbols, symbol_selector)
elif (selector == "B"):
manipulate_menu(symbols)
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
clusterize_menu(symbols, symbol_selector)
def crcSeeker_menu_choice(seeker_selector, symbols, symbol_selector):
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
seeker = CRCFinder()
if (seeker_selector == "1"):
not_work = True
#Sometimes clustering fails so we apply this quick workaround untill it succeeds
new_symbols = clusterize_by_CRC(symbol)
while not_work:
#new_symbols = clusterize_by_CRC(symbol)
for sym in new_symbols:
if sym.name.find("No_CRC") == -1:
try:
seeker.findOnSymbol(symbol=sym, create_fields=True)
not_work = False
except:
not_work = True
replace_symbols.replace_symb(symbols, symbol, new_symbols)
manipulate_menu(symbols)
elif (seeker_selector == "2"):
seeker.findOnSymbol(symbol=symbol, create_fields=False)
manipulate_menu(symbols)
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
manipulate_menu(symbols)
def seek_headers_field_sep(symbols):
click.echo(click.style("[1] ", fg="green") + click.style("[Size relation]", fg="blue") + '\n')
click.echo(click.style("[2] ", fg="green") + click.style("[CRC32 relation]", fg="blue") + '\n')
click.echo(click.style("[3] ", fg="green") + click.style("[IPchecksum relation]", fg="blue") + '\n')
field_separator = input(" Please select a type of field relation for separation between header and data >>> ")
if field_separator == "1":
field_separator = "Size"
elif field_separator == "2":
field_separator = "CRC32"
elif field_separator == "3":
field_separator = "InternetChecksum"
else:
click.echo(click.style("[ERROR] ", fg="red") + click.style("Wrong selection",
fg="blue") + '\n')
headerSeeker_menu(symbols)
seeker = headerDetector(field=True,fieldType=field_separator)
found = seeker.findOnSymbols(symbols)
if found:
click.echo(click.style("Renaming headers\n", fg="yellow"))
else:
click.echo(click.style("Sorry, didn't find anything!\n", fg="yellow"))
manipulate_menu(symbols)
def split_menu_choice(selector,
symbol_selector,
symbols,
field_selector,
parent=None):
if (selector == "1"):
click.echo(click.style("SPLIT STATIC\n", fg="yellow"))
split_static(symbols, symbol_selector, field_selector)
elif (selector == "2"):
click.echo(click.style("SPLIT ALIGNED\n", fg="yellow"))
split_aligned(symbols, symbol_selector, field_selector)
elif (selector == "3"):
click.echo(click.style("SPLIT DELIMITER\n", fg="yellow"))
split_delimiter(symbols, symbol_selector, field_selector)
elif (selector == "B"):
if parent is not None:
manipulate_menu(parent)
manipulate_menu(symbols)
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
split_menu(symbol_selector, symbols, parent)
return
def metaseeker_menu_choice(seeker_selector, symbols, symbol_selector):
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
seeker = IPFinder()
click.echo(
click.style("[1] ", fg="green") +
click.style("[Search for two term IPs]", fg="cyan") + '\n')
click.echo(
click.style("[2] ", fg="green") +
click.style("[Don't search for two term IPs]", fg="cyan") + '\n')
two_t = input(" PLEASE SELECT A CHOICE >>> ")
if (seeker_selector == "1"):
if two_t:
try:
seeker.executeOnSymbol(symbol=symbol,
create_fields=True,
two_terms=True)
except:
pass
else:
try:
seeker.executeOnSymbol(symbol=symbol,
create_fields=True,
two_terms=False)
except:
pass
manipulate_menu(symbols)
elif (seeker_selector == "2"):
if two_t:
try:
seeker.executeOnSymbol(symbol=symbol,
create_fields=False,
two_terms=True)
except:
pass
else:
try:
seeker.executeOnSymbol(symbol=symbol,
create_fields=False,
two_terms=False)
except:
pass
manipulate_menu(symbols)
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
manipulate_menu(symbols)
def sizeSeeker_menu_choice(seeker_selector, symbols, symbol_selector,
base_index):
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
seeker = SizeFinder()
if (seeker_selector == "1"):
seeker.findOnSymbol(symbol=symbol,
create_fields=True,
baseIndex=base_index)
manipulate_menu(symbols)
elif (seeker_selector == "2"):
seeker.findOnSymbol(symbol=symbol,
create_fields=False,
baseIndex=base_index)
manipulate_menu(symbols)
else:
click.echo(click.style("ERROR : WRONG SELECTION\n", fg="yellow"))
manipulate_menu(symbols)
def split_delimiter(symbols, symbol_selector, field_selector):
click.echo(
click.style("[1] ", fg="green") + click.style("[Ascii]", fg="blue") +
'\n')
click.echo(
click.style("[2] ", fg="green") + click.style("[Raw]", fg="blue") +
'\n')
click.echo(
click.style("[3] ", fg="green") +
click.style("[HexaString]", fg="blue") + '\n')
click.echo(
click.style("[4] ", fg="green") +
click.style("[BitArray]", fg="blue") + '\n')
click.echo(
click.style("[5] ", fg="green") + click.style("[Integer]", fg="blue") +
'\n')
click.echo(
click.style("[6] ", fg="green") + click.style("[IPV4]", fg="blue") +
'\n')
click.echo(
click.style("[7] ", fg="green") +
click.style("[TimeStamp]", fg="blue") + '\n')
delimiter_Type = input(
"Please select a type of data for the split delimiter >>> ")
if delimiter_Type == "1":
delimiter_Type = "ASCII"
elif delimiter_Type == "2":
delimiter_Type = "Raw"
elif delimiter_Type == "3":
delimiter_Type = "Hexadecimal"
elif delimiter_Type == "4":
delimiter_Type = "BitArray"
elif delimiter_Type == "5":
delimiter_Type = "Integer"
elif delimiter_Type == "6":
delimiter_Type = "IPV4"
elif delimiter_Type == "7":
delimiter_Type = "TimeStamp"
else:
click.echo(
click.style("[ERROR] ", fg="red") +
click.style("Wrong selection", fg="blue") + '\n')
split_menu(symbol_selector, symbols)
delimiter_string = input(
"Please specify a delimiter (For Raw, delimiter should look like so : \"\\\\xca\\\\xfe\\\\xba\\\\xbe\" ) \n >>> "
)
if delimiter_Type == "ASCII":
delimiter = ASCII(delimiter_string)
elif delimiter_Type == "Raw":
delimiter = Raw(converter.input_to_raw(delimiter_string))
elif delimiter_Type == "Hexadecimal":
pass
else:
click.echo(
click.style("[ERROR] ", fg="red") +
click.style("Wrong selection", fg="blue") + '\n')
split_menu(symbol_selector, symbols)
if symbol_selector == "*":
for symbol in symbols:
if field_selector is not None:
Format.splitDelimiter(symbol.fields[int(field_selector)],
delimiter)
else:
Format.splitDelimiter(symbol, delimiter)
else:
symbol = symbolselector.selectsymbol(symbols, symbol_selector)
Format.splitDelimiter(symbol, delimiter)
if isinstance(symbols, TypedList):
return
manipulate_menu(symbols)
def field_manipulate_menu_choice(selector, field_selector, fields, symbols,
symbol_selector):
if symbol_selector != "*":
if field_selector != "*":
if (selector == "1"):
click.echo(click.style("DISPLAY FIELD\n", fg="yellow"))
display_field(fields, field_selector, symbols, symbol_selector)
elif (selector == "2"):
click.echo(click.style("RENAME FIELD\n", fg="yellow"))
rename_field(fields, field_selector, symbols, symbol_selector)
elif (selector == "3"):
click.echo(click.style("EDIT FIELD DESCRIPTION\n",
fg="yellow"))
edit_field_description(fields, field_selector, symbols,
symbol_selector)
elif (selector == "4"):
click.echo(click.style("FIELD MERGER\n", fg="yellow"))
field_merger(fields, field_selector, symbols, symbol_selector)
elif (selector == "5"):
click.echo(click.style("ENCODING MENU\n", fg="yellow"))
encoding_menu(fields, field_selector, symbols)
elif (selector == "6"):
click.echo(click.style("FIELD SPLIT MENU\n", fg="yellow"))
split_menu(field_selector, fields, parent=symbols)
manipulate_menu(symbols)
elif (selector == "B"):
click.echo(
click.style("BACK TO MANIPULATE MENU\n", fg="yellow"))
manipulate_menu(symbols)
else:
click.echo(
click.style("[ERROR] :", fg="red") +
click.style("WRONG SELECTION\n", fg="yellow"))
field_manipulate_menu(symbols, symbol_selector)
else:
if (selector == "1"):
click.echo(click.style("DISPLAY FIELD\n", fg="yellow"))
display_field(fields, field_selector, symbols, symbol_selector)
elif (selector == "2"):
click.echo(click.style("ENCODING MENU\n", fg="yellow"))
encoding_menu(fields, field_selector, symbols)
elif (selector == "B"):
click.echo(
click.style("BACK TO MANIPULATE MENU\n", fg="yellow"))
manipulate_menu(symbols)
else:
click.echo(
click.style("[ERROR] :", fg="red") +
click.style("WRONG SELECTION\n", fg="yellow"))
field_manipulate_menu(symbols, symbol_selector)
else:
if (selector == "1"):
click.echo(click.style("RENAME FIELD\n", fg="yellow"))
rename_field(fields, field_selector, symbols, symbol_selector)
elif (selector == "2"):
click.echo(click.style("EDIT FIELD DESCRIPTION\n", fg="yellow"))
edit_field_description(fields, field_selector, symbols,
symbol_selector)
elif (selector == "3"):
click.echo(click.style("ENCODING MENU\n", fg="yellow"))
encoding_menu(fields, field_selector, symbols)
elif (selector == "4"):
click.echo(click.style("FIELD SPLIT MENU\n", fg="yellow"))
split_menu(symbol_selector, symbols, field_selector)
manipulate_menu(symbols)
elif (selector == "B"):
click.echo(click.style("BACK TO MANIPULATE MENU\n", fg="yellow"))
manipulate_menu(symbols)
else:
click.echo(
click.style("[ERROR] :", fg="red") +
click.style("WRONG SELECTION\n", fg="yellow"))
field_manipulate_menu(symbols, symbol_selector)
def relationfinder_menu(symbol_selector,symbols):
click.echo(click.style("FINDING RELATIONS ",fg="yellow"))
find_relations(symbol_selector,symbols)
manipulate_menu(symbols)
def entropyfinder_menu(symbol_selector,symbols):
click.echo(click.style("ANALYZING ENTROPY",fg="yellow"))
find_entropy(symbol_selector,symbols)
manipulate_menu(symbols)
