def test_sample_parse_global(self): instance = Config("viper.conf.sample") instance.parse_http_client() assert instance.http_client.proxies is None assert instance.http_client.verify is True assert instance.http_client.cert is None
def test_sample_parse_global(self): instance = Config() instance.parse_http_client() assert instance.http_client.proxies is None assert instance.http_client.verify is True assert instance.http_client.cert is None
def test_missing_section_http_client(self): instance = Config() assert hasattr(instance, "http_client") delattr(instance, "http_client") assert instance.http_client is None instance.parse_http_client() assert hasattr(instance, "http_client")
def test_missing_section_http_client(self): instance = Config("viper.conf.sample") assert hasattr(instance, "http_client") delattr(instance, "http_client") assert not hasattr(instance, "http_client") instance.parse_http_client() assert hasattr(instance, "http_client")
def test_sample_parse_global_section(self): instance = Config() instance.parse_http_client(instance.cuckoo) assert instance.http_client.proxies is None assert instance.http_client.verify is True assert instance.http_client.cert is None assert instance.cuckoo.proxies is None assert instance.cuckoo.verify is True assert instance.cuckoo.cert is None
def run(self): if (not __sessions__.is_attached_misp()): self.log("error", 'MISP session not attached') return cfg = Config() key = cfg.misp.misp_key url = cfg.misp.misp_url pymisp = PyMISP(url, key, ssl=False, proxies=None, cert=('/opt/ssl/server/csp-internal.crt', '/opt/ssl/server/csp-internal.key')) xorSearch = XorSearch() xorSearch.run() event = pymisp.get_event(__sessions__.current.misp_event.event.id) commentVal = "" for out in xorSearch.output: commentVal += out['data'] # if out['type'] == 'error': # self.log("error", out['data']) pymisp.add_named_attribute( __sessions__.current.misp_event.event.id, "comment", "File: " + __sessions__.current.file.path + " -- XOR search out: " + commentVal)
def run(self): if (not __sessions__.is_attached_misp()): self.log("error", "MISP session not attached") return cfg = Config() key = cfg.misp.misp_key url = cfg.misp.misp_url pymisp = PyMISP(url, key, ssl=False, proxies=None, cert=('/opt/ssl/server/csp-internal.crt', '/opt/ssl/server/csp-internal.key')) shellcode = Shellcode() shellcode.run() commentVal = "" for out in shellcode.output: commentVal += out['data'] self.log( "info", "Updating MISP event " + str(__sessions__.current.misp_event.event.id) + "...") pymisp.add_named_attribute(__sessions__.current.misp_event.event.id, "comment", "Shellcode out: " + commentVal)
def run(self): if (not __sessions__.is_attached_misp()): self.log("error", "MISP session not attached") return cfg = Config() key = cfg.misp.misp_key url = cfg.misp.misp_url vt_apikey = cfg.virustotal.virustotal_key if vt_apikey == '' or vt_apikey == None: self.log("error", 'virustotal_key not set') return pymisp = PyMISP(url, key, ssl=False, proxies=None, cert=('/opt/ssl/server/csp-internal.crt', '/opt/ssl/server/csp-internal.key')) # Get VT object template id from misp object_pattern_id = 0 json_string = pymisp.get_object_templates_list() for item in json_string: # print("==>" + str(item)) if str(item["ObjectTemplate"]["name"]) == "virustotal-report": # print(item["ObjectTemplate"]) object_pattern_id = int(item["ObjectTemplate"]["id"]) url = 'https://www.virustotal.com/vtapi/v2/file/scan' params = {'apikey': vt_apikey} files = { 'file': (__sessions__.current.file.name, open(__sessions__.current.file.path, 'rb')) } response = requests.post(url, files=files, params=params) indicator = response.json()['md5'] misp_objects = generate_report(indicator, vt_apikey) if (__sessions__.is_attached_misp()): self.log("info", 'MISP session attached') self.log( "info", 'MISP event id: ' + str(__sessions__.current.misp_event.event.id)) event = pymisp.get_event(__sessions__.current.misp_event.event.id) #print(event) misp_event = MISPEvent() misp_event.load(event) else: self.log("error", 'MISP session not attached') return for misp_object in misp_objects: res = pymisp.add_object(__sessions__.current.misp_event.event.id, object_pattern_id, misp_object)
# This file is part of Viper - https://github.com/viper-framework/viper # See the file 'LICENSE' for copying permission. import os from viper.core.config import Config cfg = Config() class Project(object): def __init__(self): self.name = None self.path = None if cfg.paths.storage_path: self.path = cfg.paths.storage_path else: self.path = os.path.join(os.getenv('HOME'), '.viper') if not os.path.exists(self.path): os.makedirs(self.path) def open(self, name): if cfg.paths.storage_path: base_path = cfg.paths.storage_path else: base_path = os.path.join(os.getenv('HOME'), '.viper') if not os.path.exists(base_path): raise Exception( "The local storage folder does not exist at path {}".format(
def test_custom_parse_global(self): instance = Config() # http_proxy, no_proxy instance.http_client.https_proxy = None instance.parse_http_client() assert instance.http_client.proxies is None instance.http_client.https_proxy = False instance.parse_http_client() assert instance.http_client.proxies == { 'http': '', 'https': '', 'no': None } instance.http_client.https_proxy = "http://prx1.example.com:3128" instance.parse_http_client() assert instance.http_client.proxies == { 'http': 'http://prx1.example.com:3128', 'https': 'http://prx1.example.com:3128', 'no': None } # tls_verify instance.http_client.tls_verify = None instance.parse_http_client() assert instance.http_client.verify is True instance.http_client.tls_verify = True instance.parse_http_client() assert instance.http_client.verify is True instance.http_client.tls_verify = False instance.parse_http_client() assert instance.http_client.verify is False # tls_ca_bundle instance.http_client.tls_verify = True instance.http_client.tls_ca_bundle = "/etc/ssl/certs/ca_bundle.crt" instance.parse_http_client() assert instance.http_client.verify == "/etc/ssl/certs/ca_bundle.crt" # tls_client_cert instance.http_client.tls_client_cert = None instance.parse_http_client() assert instance.http_client.cert is None instance.http_client.tls_client_cert = "client.pem" instance.parse_http_client() assert instance.http_client.cert == "client.pem"
def test_sample(self): instance = Config() assert isinstance(instance, Config) assert instance.modules.store_output is True
def test_init(self): instance = Config() assert isinstance(instance, Config) assert re.search("viper.conf", instance.config_file)
def test_custom_parse_global_section(self): instance = Config("viper.conf.sample") # http_proxy, no_proxy instance.http_client.https_proxy = None instance.koodous.https_proxy = None instance.parse_http_client(section=instance.koodous) assert instance.koodous.proxies is None instance.http_client.https_proxy = "http://prx1.example.com:3128" instance.koodous.https_proxy = None instance.parse_http_client(section=instance.koodous) assert instance.koodous.proxies == {'http': 'http://prx1.example.com:3128', 'https': 'http://prx1.example.com:3128', 'no': None} instance.http_client.https_proxy = "http://prx1.example.com:3128" instance.koodous.https_proxy = False instance.parse_http_client(section=instance.koodous) assert instance.koodous.proxies == {'http': '', 'https': '', 'no': None} instance.http_client.https_proxy = "http://prx1.example.com:3128" instance.koodous.https_proxy = "http://prx2.example.com:8080" instance.parse_http_client(section=instance.koodous) assert instance.koodous.proxies == {'http': 'http://prx2.example.com:8080', 'https': 'http://prx2.example.com:8080', 'no': None} # tls_verify instance.parse_http_client(section=instance.koodous) assert instance.koodous.verify is True instance.koodous.tls_verify = False instance.parse_http_client(section=instance.koodous) assert instance.koodous.verify is False instance.koodous.tls_verify = True instance.parse_http_client(section=instance.koodous) assert instance.koodous.verify is True # tls_ca_bundle instance.koodous.tls_verify = True instance.koodous.tls_ca_bundle = "/etc/ssl/certs/ca_bundle2.crt" instance.parse_http_client(section=instance.koodous) assert instance.koodous.verify == "/etc/ssl/certs/ca_bundle2.crt" # tls_client_cert instance.koodous.tls_client_cert = "client_koodous.pem" instance.parse_http_client(section=instance.koodous) assert instance.koodous.cert == "client_koodous.pem"
def test_custom_parse_global_section(self): instance = Config("viper.conf.sample") # http_proxy, no_proxy instance.http_client.https_proxy = None instance.koodous.https_proxy = None instance.parse_http_client(section=instance.koodous) assert instance.koodous.proxies is None instance.http_client.https_proxy = "http://prx1.example.com:3128" instance.koodous.https_proxy = None instance.parse_http_client(section=instance.koodous) assert instance.koodous.proxies == { 'http': 'http://prx1.example.com:3128', 'https': 'http://prx1.example.com:3128', 'no': None } instance.http_client.https_proxy = "http://prx1.example.com:3128" instance.koodous.https_proxy = False instance.parse_http_client(section=instance.koodous) assert instance.koodous.proxies == { 'http': '', 'https': '', 'no': None } instance.http_client.https_proxy = "http://prx1.example.com:3128" instance.koodous.https_proxy = "http://prx2.example.com:8080" instance.parse_http_client(section=instance.koodous) assert instance.koodous.proxies == { 'http': 'http://prx2.example.com:8080', 'https': 'http://prx2.example.com:8080', 'no': None } # tls_verify instance.parse_http_client(section=instance.koodous) assert instance.koodous.verify is True instance.koodous.tls_verify = False instance.parse_http_client(section=instance.koodous) assert instance.koodous.verify is False instance.koodous.tls_verify = True instance.parse_http_client(section=instance.koodous) assert instance.koodous.verify is True # tls_ca_bundle instance.koodous.tls_verify = True instance.koodous.tls_ca_bundle = "/etc/ssl/certs/ca_bundle2.crt" instance.parse_http_client(section=instance.koodous) assert instance.koodous.verify == "/etc/ssl/certs/ca_bundle2.crt" # tls_client_cert instance.koodous.tls_client_cert = "client_koodous.pem" instance.parse_http_client(section=instance.koodous) assert instance.koodous.cert == "client_koodous.pem"