def jsrun(aid, ua=None, l=200): global jsrun_logger, jsrun_out jsrun_logger.seek(0) if not o(aid): print "Object {} has no content".format(aid) return global _jw t = ThugAPI('', configuration_path=JSCONFPATH) t.set_no_fetch() t.log_init('') url = 'http://{}{}'.format(conversations[aid].host, conversations[aid].uri) w = t.window_from_file(o(aid), url, offline_content=conversations_r, max_len=l) # Customise referer and user-agent, the latter is not # especially pretty but what can you do - we cannot have # personality files for everything we see t.set_referer(conversations[aid].referer) if ua: w._navigator.personality['userAgent'] = ua else: w._navigator.personality['userAgent'] \ = conversations[aid].user_agent t.run(w) _jw = w jsrun_out = jsrun_logger.getvalue() p(jsrun_out)
def main(url, output): logdir = appdir + "/artifacts/thug" t = ThugAPI(url) t.set_web_tracking() t.disable_honeyagent() #t.set_verbose() #t.set_debug() #t.set_ast_debug() #t.set_http_debug() t.set_extensive() t.set_file_logging() t.set_json_logging() #t.set_mongodb_address("172.17.42.1:27017") t.log_init(url) t.add_urlclassifier(appdir + "/artifacts/rule.yar") if output: logdir = logdir + "/" + output t.set_log_dir(logdir) t.set_no_fetch() t.run_local(url) #t.run_remote(url) #matches = log.URLClassifier.rules.match(url, callback=None) matches = [] rules = log.URLClassifier.rules with open(url, 'rb') as data: matches = rules.match(url) for m in matches: rule = str(m.rule) tags = [] for tag in m.tags: if not tag in tags: tags.append(str(tag)) strings = [] for s in m.strings: d = s[2] if not d in strings: strings.append(d) result = { "strings":strings, "rule":rule, "tags":tags, } log.ThugLogging.add_yara_matched(result) #log.ThugLogging.add_behavior_warn("[URL Classifier] URL: %s (Rule: %s, Classification: %s)" % (url, ", ".join(rule), ", ".join(tags), )) t.log_event() print logdir return logdir
def main(url, savedir=thugdir): t = ThugAPI(url) t.set_web_tracking() t.disable_honeyagent() t.set_verbose() t.set_debug() #t.set_ast_debug() #t.set_http_debug() t.set_extensive() t.set_file_logging() t.set_json_logging() #t.set_mongodb_address("172.17.42.1:27017") t.log_init(url) #logdir = appdir + "/static/artifacts/thug" t.add_urlclassifier(thugdir + "/rule") #if output: # logdir = logdir + "/" + output t.set_log_dir(savedir) t.set_no_fetch() t.run_local(url) #t.run_remote(url) #matches = log.URLClassifier.rules.match(url, callback=None) matches = [] rules = log.URLClassifier.rules with open(url, 'rb') as data: matches = rules.match(url) for m in matches: rule = str(m.rule) tags = [] for tag in m.tags: if not tag in tags: tags.append(str(tag)) strings = [] for s in m.strings: d = s[2] if not d in strings: strings.append(d) result = { "strings":strings, "rule":rule, "tags":tags, } log.ThugLogging.add_yara_matched(result) #log.ThugLogging.add_behavior_warn("[URL Classifier] URL: %s (Rule: %s, Classification: %s)" % (url, ", ".join(rule), ", ".join(tags), )) t.log_event() return savedir