def interactive_mode(): header('Interactive mode (press TAB to show commands)') help_list = ['?', 'h', 'help', 'ls', 'dir'] drop_list = ['q!', 'exit', 'quit', 'bye'] while 1: user_input = autocomplete.get_result( cmd_list, "[peframe]>") #input ("[peframe]> ") if user_input in help_list: print(json.dumps(cmd_list, sort_keys=True, indent=4)) elif user_input in drop_list: print('goodbye!\n') break # info elif user_input == 'info': get_info() print('\n') elif user_input == 'yara_plugins': yara_plugins_list = [] for items in result['yara_plugins']: for item in items.values(): yara_plugins_list.append(item) print(json.dumps(yara_plugins_list, sort_keys=True, indent=4)) elif user_input == 'behavior': if result['peinfo']: print( json.dumps(result['peinfo']['behavior'], sort_keys=True, indent=4)) if result['docinfo']: print( json.dumps(result['docinfo']['behavior'], sort_keys=True, indent=4)) elif user_input == 'virustotal': try: vt = virustotal.get_result(peframe.load_config( peframe.path_to_file('config-peframe.json', 'config'))['virustotal'], result['hashes']['md5'], full=True) if vt['response_code'] == 200: print( json.dumps(cmd_list_select['virustotal'], sort_keys=True, indent=4)) print('\nUse \'back\' to return') while 1: user_input_virustotal = autocomplete.get_result( cmd_list_select['virustotal'], "[peframe/virustotal]>") if user_input_virustotal == 'back': break elif user_input_virustotal == 'permalink': print(vt['results']['permalink']) elif user_input_virustotal == 'antivirus': print( json.dumps(vt['results']['scans'], sort_keys=True, indent=4)) elif user_input_virustotal == 'scan_date': print(vt['results']['scan_date']) except: print('VT Query error') # directories elif user_input == 'directories': print( json.dumps(cmd_list_select['directories'], sort_keys=True, indent=4)) print('\nUse \'back\' to return') while 1: user_input_directories = autocomplete.get_result( cmd_list_select['directories'], "[peframe/directories]>") if user_input_directories == 'back': break elif user_input_directories == 'list': for item in user_input_directories['directories']: print(item) elif user_input_directories == 'import': print( json.dumps(result['peinfo']['directories']['import'], sort_keys=True, indent=4)) elif user_input_directories == 'export': print( json.dumps(result['peinfo']['directories']['export'], sort_keys=True, indent=4)) elif user_input_directories == 'debug': print( json.dumps(result['peinfo']['directories']['debug'], sort_keys=True, indent=4)) elif user_input_directories == 'tls': print( json.dumps(result['peinfo']['directories']['tls'], sort_keys=True, indent=4)) elif user_input_directories == 'resources': print( json.dumps( result['peinfo']['directories']['resources'], sort_keys=True, indent=4)) elif user_input_directories == 'relocations': print( json.dumps( result['peinfo']['directories']['relocations'], sort_keys=True, indent=4)) elif user_input_directories == 'sign': print( json.dumps(result['peinfo']['directories']['sign'], sort_keys=True, indent=4)) # sections elif user_input == 'sections': print( json.dumps(cmd_list_select['sections'], sort_keys=True, indent=4)) print('\nUse \'back\' to return') while 1: user_input_sections = autocomplete.get_result( cmd_list_select['sections'], "[peframe/sections]>") if user_input_sections == 'back': break elif user_input_sections in cmd_list_select['sections']: for item in result['peinfo']['sections']['details']: if item['section_name'] == user_input_sections: print(json.dumps(item, sort_keys=True, indent=4)) # features elif user_input == 'features': print( json.dumps(cmd_list_select['features'], sort_keys=True, indent=4)) print('\nUse \'back\' to return') while 1: user_input_features = autocomplete.get_result( cmd_list_select['features'], "[peframe/features]>") if user_input_features == 'back': break elif user_input_features == 'antidbg': print( json.dumps(result['peinfo']['features']['antidbg'], sort_keys=True, indent=4)) elif user_input_features == 'antivm': print( json.dumps(result['peinfo']['features']['antivm'], sort_keys=True, indent=4)) elif user_input_features == 'mutex': print( json.dumps(result['peinfo']['features']['mutex'], sort_keys=True, indent=4)) elif user_input_features == 'packer': print( json.dumps(result['peinfo']['features']['packer'], sort_keys=True, indent=4)) elif user_input_features == 'xor': print( json.dumps(result['peinfo']['features']['xor'], sort_keys=True, indent=4)) elif user_input_features == 'crypto': print( json.dumps(result['peinfo']['features']['crypto'], sort_keys=True, indent=4)) elif user_input == 'breakpoint': print( json.dumps(result['peinfo']['breakpoint'], sort_keys=True, indent=4)) elif user_input == 'hashes': print(json.dumps(result['hashes'], sort_keys=True, indent=4)) elif user_input == 'macro': print(result['docinfo']['macro']) elif user_input == 'attributes': print( json.dumps(result['docinfo']['attributes'], sort_keys=True, indent=4)) elif user_input == 'metadata': print( json.dumps(result['peinfo']['metadata'], sort_keys=True, indent=4)) # Strings elif user_input == 'strings': print( json.dumps(cmd_list_select['strings'], sort_keys=True, indent=4)) print('\nUse \'back\' to return') while 1: user_input_strings = autocomplete.get_result( cmd_list_select['strings'], "[peframe/strings]>") if user_input_strings == 'back': break elif user_input_strings == 'list': for item in cmd_list_select['strings']: print(item) elif user_input_strings in cmd_list_select['strings']: print( json.dumps(result['strings'][user_input_strings], sort_keys=True, indent=4))
def interactive_mode(): header('Interactive mode (press TAB to show commands)') help_list = ['?', 'h', 'help', 'ls', 'dir'] drop_list = ['q!', 'exit', 'quit', 'bye'] while 1: user_input = autocomplete.get_result(cmd_list, "[peframe]>") #input ("[peframe]> ") if user_input in help_list: print (json.dumps(cmd_list, sort_keys=True, indent=4)) elif user_input in drop_list: print ('goodbye!\n') break # info elif user_input == 'info': get_info() print ('\n') elif user_input == 'yara_plugins': yara_plugins_list = [] for items in result['yara_plugins']: for item in items.values(): yara_plugins_list.append(item) print (json.dumps(yara_plugins_list, sort_keys=True, indent=4)) elif user_input == 'behavior': if result['peinfo']: print (json.dumps(result['peinfo']['behavior'], sort_keys=True, indent=4)) if result['docinfo']: print (json.dumps(result['docinfo']['behavior'], sort_keys=True, indent=4)) elif user_input == 'virustotal': try: vt = virustotal.get_result(peframe.load_config(peframe.path_to_file('config-peframe.json', 'config'))['virustotal'], result['hashes']['md5'], full=True) if vt['response_code'] == 200: print (json.dumps(cmd_list_select['virustotal'], sort_keys=True, indent=4)) print ('\nUse \'back\' to return') while 1: user_input_virustotal = autocomplete.get_result(cmd_list_select['virustotal'], "[peframe/virustotal]>") if user_input_virustotal == 'back': break elif user_input_virustotal == 'permalink': print (vt['results']['permalink']) elif user_input_virustotal == 'antivirus': print (json.dumps(vt['results']['scans'], sort_keys=True, indent=4)) elif user_input_virustotal == 'scan_date': print (vt['results']['scan_date']) except: print ('VT Query error') # directories elif user_input == 'directories': print (json.dumps(cmd_list_select['directories'], sort_keys=True, indent=4)) print ('\nUse \'back\' to return') while 1: user_input_directories = autocomplete.get_result(cmd_list_select['directories'], "[peframe/directories]>") if user_input_directories == 'back': break elif user_input_directories == 'list': for item in user_input_directories['directories']: print (item) elif user_input_directories == 'import': print (json.dumps(result['peinfo']['directories']['import'], sort_keys=True, indent=4)) elif user_input_directories == 'export': print (json.dumps(result['peinfo']['directories']['export'], sort_keys=True, indent=4)) elif user_input_directories == 'debug': print (json.dumps(result['peinfo']['directories']['debug'], sort_keys=True, indent=4)) elif user_input_directories == 'tls': print (json.dumps(result['peinfo']['directories']['tls'], sort_keys=True, indent=4)) elif user_input_directories == 'resources': print (json.dumps(result['peinfo']['directories']['resources'], sort_keys=True, indent=4)) elif user_input_directories == 'relocations': print (json.dumps(result['peinfo']['directories']['relocations'], sort_keys=True, indent=4)) elif user_input_directories == 'sign': print (json.dumps(result['peinfo']['directories']['sign'], sort_keys=True, indent=4)) # sections elif user_input == 'sections': print (json.dumps(cmd_list_select['sections'], sort_keys=True, indent=4)) print ('\nUse \'back\' to return') while 1: user_input_sections = autocomplete.get_result(cmd_list_select['sections'], "[peframe/sections]>") if user_input_sections == 'back': break elif user_input_sections in cmd_list_select['sections']: for item in result['peinfo']['sections']['details']: if item['section_name'] == user_input_sections: print (json.dumps(item, sort_keys=True, indent=4)) # features elif user_input == 'features': print (json.dumps(cmd_list_select['features'], sort_keys=True, indent=4)) print ('\nUse \'back\' to return') while 1: user_input_features = autocomplete.get_result(cmd_list_select['features'], "[peframe/features]>") if user_input_features == 'back': break elif user_input_features == 'antidbg': print (json.dumps(result['peinfo']['features']['antidbg'], sort_keys=True, indent=4)) elif user_input_features == 'antivm': print (json.dumps(result['peinfo']['features']['antivm'], sort_keys=True, indent=4)) elif user_input_features == 'mutex': print (json.dumps(result['peinfo']['features']['mutex'], sort_keys=True, indent=4)) elif user_input_features == 'packer': print (json.dumps(result['peinfo']['features']['packer'], sort_keys=True, indent=4)) elif user_input_features == 'xor': print (json.dumps(result['peinfo']['features']['xor'], sort_keys=True, indent=4)) elif user_input_features == 'crypto': print (json.dumps(result['peinfo']['features']['crypto'], sort_keys=True, indent=4)) elif user_input == 'breakpoint': print (json.dumps(result['peinfo']['breakpoint'], sort_keys=True, indent=4)) elif user_input == 'hashes': print (json.dumps(result['hashes'], sort_keys=True, indent=4)) elif user_input == 'macro': print (result['docinfo']['macro']) elif user_input == 'attributes': print (json.dumps(result['docinfo']['attributes'], sort_keys=True, indent=4)) elif user_input == 'metadata': print (json.dumps(result['peinfo']['metadata'], sort_keys=True, indent=4)) # Strings elif user_input == 'strings': print (json.dumps(cmd_list_select['strings'], sort_keys=True, indent=4)) print ('\nUse \'back\' to return') while 1: user_input_strings = autocomplete.get_result(cmd_list_select['strings'], "[peframe/strings]>") if user_input_strings == 'back': break elif user_input_strings == 'list': for item in cmd_list_select['strings']: print (item) elif user_input_strings in cmd_list_select['strings']: print (json.dumps(result['strings'][user_input_strings], sort_keys=True, indent=4))