Пример #1
0
def interactive_mode():
    header('Interactive mode (press TAB to show commands)')
    help_list = ['?', 'h', 'help', 'ls', 'dir']
    drop_list = ['q!', 'exit', 'quit', 'bye']
    while 1:
        user_input = autocomplete.get_result(
            cmd_list, "[peframe]>")  #input ("[peframe]> ")

        if user_input in help_list:
            print(json.dumps(cmd_list, sort_keys=True, indent=4))
        elif user_input in drop_list:
            print('goodbye!\n')
            break

        # info
        elif user_input == 'info':
            get_info()
            print('\n')
        elif user_input == 'yara_plugins':
            yara_plugins_list = []
            for items in result['yara_plugins']:
                for item in items.values():
                    yara_plugins_list.append(item)
            print(json.dumps(yara_plugins_list, sort_keys=True, indent=4))
        elif user_input == 'behavior':
            if result['peinfo']:
                print(
                    json.dumps(result['peinfo']['behavior'],
                               sort_keys=True,
                               indent=4))
            if result['docinfo']:
                print(
                    json.dumps(result['docinfo']['behavior'],
                               sort_keys=True,
                               indent=4))
        elif user_input == 'virustotal':
            try:
                vt = virustotal.get_result(peframe.load_config(
                    peframe.path_to_file('config-peframe.json',
                                         'config'))['virustotal'],
                                           result['hashes']['md5'],
                                           full=True)
                if vt['response_code'] == 200:
                    print(
                        json.dumps(cmd_list_select['virustotal'],
                                   sort_keys=True,
                                   indent=4))
                    print('\nUse \'back\' to return')
                    while 1:
                        user_input_virustotal = autocomplete.get_result(
                            cmd_list_select['virustotal'],
                            "[peframe/virustotal]>")
                        if user_input_virustotal == 'back':
                            break
                        elif user_input_virustotal == 'permalink':
                            print(vt['results']['permalink'])
                        elif user_input_virustotal == 'antivirus':
                            print(
                                json.dumps(vt['results']['scans'],
                                           sort_keys=True,
                                           indent=4))
                        elif user_input_virustotal == 'scan_date':
                            print(vt['results']['scan_date'])
            except:
                print('VT Query error')

        # directories
        elif user_input == 'directories':
            print(
                json.dumps(cmd_list_select['directories'],
                           sort_keys=True,
                           indent=4))
            print('\nUse \'back\' to return')
            while 1:
                user_input_directories = autocomplete.get_result(
                    cmd_list_select['directories'], "[peframe/directories]>")
                if user_input_directories == 'back':
                    break
                elif user_input_directories == 'list':
                    for item in user_input_directories['directories']:
                        print(item)
                elif user_input_directories == 'import':
                    print(
                        json.dumps(result['peinfo']['directories']['import'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_directories == 'export':
                    print(
                        json.dumps(result['peinfo']['directories']['export'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_directories == 'debug':
                    print(
                        json.dumps(result['peinfo']['directories']['debug'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_directories == 'tls':
                    print(
                        json.dumps(result['peinfo']['directories']['tls'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_directories == 'resources':
                    print(
                        json.dumps(
                            result['peinfo']['directories']['resources'],
                            sort_keys=True,
                            indent=4))
                elif user_input_directories == 'relocations':
                    print(
                        json.dumps(
                            result['peinfo']['directories']['relocations'],
                            sort_keys=True,
                            indent=4))
                elif user_input_directories == 'sign':
                    print(
                        json.dumps(result['peinfo']['directories']['sign'],
                                   sort_keys=True,
                                   indent=4))

        # sections
        elif user_input == 'sections':
            print(
                json.dumps(cmd_list_select['sections'],
                           sort_keys=True,
                           indent=4))
            print('\nUse \'back\' to return')
            while 1:
                user_input_sections = autocomplete.get_result(
                    cmd_list_select['sections'], "[peframe/sections]>")
                if user_input_sections == 'back':
                    break
                elif user_input_sections in cmd_list_select['sections']:
                    for item in result['peinfo']['sections']['details']:
                        if item['section_name'] == user_input_sections:
                            print(json.dumps(item, sort_keys=True, indent=4))

        # features
        elif user_input == 'features':
            print(
                json.dumps(cmd_list_select['features'],
                           sort_keys=True,
                           indent=4))
            print('\nUse \'back\' to return')
            while 1:
                user_input_features = autocomplete.get_result(
                    cmd_list_select['features'], "[peframe/features]>")
                if user_input_features == 'back':
                    break
                elif user_input_features == 'antidbg':
                    print(
                        json.dumps(result['peinfo']['features']['antidbg'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_features == 'antivm':
                    print(
                        json.dumps(result['peinfo']['features']['antivm'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_features == 'mutex':
                    print(
                        json.dumps(result['peinfo']['features']['mutex'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_features == 'packer':
                    print(
                        json.dumps(result['peinfo']['features']['packer'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_features == 'xor':
                    print(
                        json.dumps(result['peinfo']['features']['xor'],
                                   sort_keys=True,
                                   indent=4))
                elif user_input_features == 'crypto':
                    print(
                        json.dumps(result['peinfo']['features']['crypto'],
                                   sort_keys=True,
                                   indent=4))

        elif user_input == 'breakpoint':
            print(
                json.dumps(result['peinfo']['breakpoint'],
                           sort_keys=True,
                           indent=4))
        elif user_input == 'hashes':
            print(json.dumps(result['hashes'], sort_keys=True, indent=4))
        elif user_input == 'macro':
            print(result['docinfo']['macro'])
        elif user_input == 'attributes':
            print(
                json.dumps(result['docinfo']['attributes'],
                           sort_keys=True,
                           indent=4))
        elif user_input == 'metadata':
            print(
                json.dumps(result['peinfo']['metadata'],
                           sort_keys=True,
                           indent=4))

        # Strings
        elif user_input == 'strings':
            print(
                json.dumps(cmd_list_select['strings'],
                           sort_keys=True,
                           indent=4))
            print('\nUse \'back\' to return')
            while 1:
                user_input_strings = autocomplete.get_result(
                    cmd_list_select['strings'], "[peframe/strings]>")
                if user_input_strings == 'back':
                    break
                elif user_input_strings == 'list':
                    for item in cmd_list_select['strings']:
                        print(item)
                elif user_input_strings in cmd_list_select['strings']:
                    print(
                        json.dumps(result['strings'][user_input_strings],
                                   sort_keys=True,
                                   indent=4))
Пример #2
0
def interactive_mode():
	header('Interactive mode (press TAB to show commands)')
	help_list = ['?', 'h', 'help', 'ls', 'dir']
	drop_list = ['q!', 'exit', 'quit', 'bye']
	while 1:
		user_input = autocomplete.get_result(cmd_list, "[peframe]>") #input ("[peframe]> ")

		if user_input in help_list:
			print (json.dumps(cmd_list, sort_keys=True, indent=4))
		elif user_input in drop_list:
			print ('goodbye!\n')
			break

		# info
		elif user_input == 'info':
			get_info()
			print ('\n')
		elif user_input == 'yara_plugins':
			yara_plugins_list = []
			for items in result['yara_plugins']:
				for item in items.values():
					yara_plugins_list.append(item)
			print (json.dumps(yara_plugins_list, sort_keys=True, indent=4))
		elif user_input == 'behavior':
			if result['peinfo']:
				print (json.dumps(result['peinfo']['behavior'], sort_keys=True, indent=4))
			if result['docinfo']:
				print (json.dumps(result['docinfo']['behavior'], sort_keys=True, indent=4))
		elif user_input == 'virustotal':
			try:
				vt = virustotal.get_result(peframe.load_config(peframe.path_to_file('config-peframe.json', 'config'))['virustotal'], 
					result['hashes']['md5'], full=True)
				if vt['response_code'] == 200:
					print (json.dumps(cmd_list_select['virustotal'], sort_keys=True, indent=4))
					print ('\nUse \'back\' to return')
					while 1:
						user_input_virustotal = autocomplete.get_result(cmd_list_select['virustotal'], "[peframe/virustotal]>")
						if user_input_virustotal == 'back':
							break
						elif user_input_virustotal == 'permalink':
							print (vt['results']['permalink'])
						elif user_input_virustotal == 'antivirus':
							print (json.dumps(vt['results']['scans'], sort_keys=True, indent=4))
						elif user_input_virustotal == 'scan_date':
							print (vt['results']['scan_date'])
			except:
				print ('VT Query error')

		# directories
		elif user_input == 'directories':
			print (json.dumps(cmd_list_select['directories'], sort_keys=True, indent=4))
			print ('\nUse \'back\' to return')
			while 1:
				user_input_directories = autocomplete.get_result(cmd_list_select['directories'], "[peframe/directories]>")
				if user_input_directories == 'back':
					break
				elif user_input_directories == 'list':
					for item in user_input_directories['directories']:
						print (item)
				elif user_input_directories == 'import':
					print (json.dumps(result['peinfo']['directories']['import'], sort_keys=True, indent=4))
				elif user_input_directories == 'export':
					print (json.dumps(result['peinfo']['directories']['export'], sort_keys=True, indent=4))
				elif user_input_directories == 'debug':
					print (json.dumps(result['peinfo']['directories']['debug'], sort_keys=True, indent=4))
				elif user_input_directories == 'tls':
					print (json.dumps(result['peinfo']['directories']['tls'], sort_keys=True, indent=4))
				elif user_input_directories == 'resources':
					print (json.dumps(result['peinfo']['directories']['resources'], sort_keys=True, indent=4))
				elif user_input_directories == 'relocations':
					print (json.dumps(result['peinfo']['directories']['relocations'], sort_keys=True, indent=4))
				elif user_input_directories == 'sign':
					print (json.dumps(result['peinfo']['directories']['sign'], sort_keys=True, indent=4))

		# sections
		elif user_input == 'sections':
			print (json.dumps(cmd_list_select['sections'], sort_keys=True, indent=4))
			print ('\nUse \'back\' to return')
			while 1:
				user_input_sections = autocomplete.get_result(cmd_list_select['sections'], "[peframe/sections]>")
				if user_input_sections == 'back':
					break
				elif user_input_sections in cmd_list_select['sections']:
					for item in result['peinfo']['sections']['details']:
						if item['section_name'] == user_input_sections:
							print (json.dumps(item, sort_keys=True, indent=4))

		# features
		elif user_input == 'features':
			print (json.dumps(cmd_list_select['features'], sort_keys=True, indent=4))
			print ('\nUse \'back\' to return')
			while 1:
				user_input_features = autocomplete.get_result(cmd_list_select['features'], "[peframe/features]>")
				if user_input_features == 'back':
					break
				elif user_input_features == 'antidbg':
					print (json.dumps(result['peinfo']['features']['antidbg'], sort_keys=True, indent=4))
				elif user_input_features == 'antivm':
					print (json.dumps(result['peinfo']['features']['antivm'], sort_keys=True, indent=4))
				elif user_input_features == 'mutex':
					print (json.dumps(result['peinfo']['features']['mutex'], sort_keys=True, indent=4))
				elif user_input_features == 'packer':
					print (json.dumps(result['peinfo']['features']['packer'], sort_keys=True, indent=4))
				elif user_input_features == 'xor':
					print (json.dumps(result['peinfo']['features']['xor'], sort_keys=True, indent=4))
				elif user_input_features == 'crypto':
					print (json.dumps(result['peinfo']['features']['crypto'], sort_keys=True, indent=4))

		elif user_input == 'breakpoint':
			print (json.dumps(result['peinfo']['breakpoint'], sort_keys=True, indent=4))
		elif user_input == 'hashes':
			print (json.dumps(result['hashes'], sort_keys=True, indent=4))
		elif user_input == 'macro':
			print (result['docinfo']['macro'])
		elif user_input == 'attributes':
			print (json.dumps(result['docinfo']['attributes'], sort_keys=True, indent=4))
		elif user_input == 'metadata':
			print (json.dumps(result['peinfo']['metadata'], sort_keys=True, indent=4))

		# Strings
		elif user_input == 'strings':
			print (json.dumps(cmd_list_select['strings'], sort_keys=True, indent=4))
			print ('\nUse \'back\' to return')
			while 1:
				user_input_strings = autocomplete.get_result(cmd_list_select['strings'], "[peframe/strings]>")
				if user_input_strings == 'back':
					break
				elif user_input_strings == 'list':
					for item in cmd_list_select['strings']:
						print (item)
				elif user_input_strings in cmd_list_select['strings']:
					print (json.dumps(result['strings'][user_input_strings], sort_keys=True, indent=4))