def analyze(self):
p = getattr(self, 'run_remote', None)
try:
options, args = getopt.getopt(self.args, 'hVu:e:w:n:o:r:p:lxvdqmagA:PS:RJ:Kt:ET:Q:W:',
['help',
'version',
'useragent=',
'events=',
'delay=',
'logdir=',
'output=',
'referer=',
'proxy=',
'local',
'local-nofetch',
'verbose',
'debug',
'quiet',
'no-cache',
'ast-debug',
'http-debug',
'adobepdf=',
'no-adobepdf',
'shockwave=',
'no-shockwave',
'javaplugin=',
'no-javaplugin',
'threshold',
'extensive',
'timeout',
'urlclassifier',
'jsclassifier'
])
except getopt.GetoptError:
self.usage()
if not options and not args:
self.usage()
for option in options:
if option[0] in ('-h', '--help'):
self.usage()
if option[0] in ('-V', '--version'):
self.version()
for option in options:
if option[0] in ('-u', '--useragent', ):
self.set_useragent(option[1])
if option[0] in ('-e', '--events'):
self.set_events(option[1])
if option[0] in ('-w', '--delay'):
self.set_delay(option[1])
if option[0] in ('-r', '--referer', ):
self.set_referer(option[1])
if option[0] in ('-p', '--proxy', ):
self.set_proxy(option[1])
if option[0] in ('-l', '--local', ):
p = getattr(self, 'run_local')
if option[0] in ('-x', '--local-nofetch', ):
p = getattr(self, 'run_local')
self.set_no_fetch()
if option[0] in ('-v', '--verbose', ):
self.set_verbose()
if option[0] in ('-d', '--debug', ):
self.set_debug()
if option[0] in ('-m', '--no-cache'):
self.set_no_cache()
if option[0] in ('-a', '--ast-debug', ):
self.set_ast_debug()
if option[0] in ('-g', '--http-debug', ):
self.set_http_debug()
if option[0] in ('-A', '--adobepdf', ):
self.set_acropdf_pdf(option[1])
if option[0] in ('-P', '--no-adobepdf', ):
self.disable_acropdf()
if option[0] in ('-S', '--shockwave', ):
self.set_shockwave_flash(option[1])
if option[0] in ('-R', '--no-shockwave', ):
self.disable_shockwave_flash()
if option[0] in ('-J', '--javaplugin', ):
self.set_javaplugin(option[1])
if option[0] in ('-K', '--no-javaplugin', ):
self.disable_javaplugin()
if option[0] in ('-t', '--threshold', ):
self.set_threshold(option[1])
if option[0] in ('-E', '--extensive', ):
self.set_extensive()
if option[0] in ('-T', '--timeout', ):
self.set_timeout(option[1])
if option[0] in ('-Q', '--urlclassifier'):
for classifier in option[1].split(','):
self.add_urlclassifier(os.path.abspath(classifier))
if option[0] in ('-W', '--jsclassifier'):
for classifier in option[1].split(','):
self.add_jsclassifier(os.path.abspath(classifier))
self.log_init(args[0])
for option in options:
if option[0] in ('-n', '--logdir'):
self.set_log_dir(option[1])
if option[0] in ('-o', '--output', ):
self.set_log_output(option[1])
if option[0] in ('-q', '--quiet', ):
self.set_log_quiet()
if p:
ThugPlugins(PRE_ANALYSIS_PLUGINS, self)()
p(args[0])
ThugPlugins(POST_ANALYSIS_PLUGINS, self)()
self.log_event()
return log
def analyze(self):
p = getattr(self, 'run_remote', None)
try:
options, args = getopt.getopt(
self.args,
'hVu:e:w:n:o:r:p:yszNlxvdqmagA:PS:RJ:Kt:ET:BQ:W:C:FZMGD:b:L:',
[
'help',
'version',
'useragent=',
'events=',
'delay=',
'logdir=',
'output=',
'referer=',
'proxy=',
'vtquery',
'vtsubmit',
'web-tracking',
'no-honeyagent',
'local',
'local-nofetch',
'verbose',
'debug',
'quiet',
'no-cache',
'ast-debug',
'http-debug',
'adobepdf=',
'no-adobepdf',
'shockwave=',
'no-shockwave',
'javaplugin=',
'no-javaplugin',
'threshold=',
'extensive',
'timeout=',
'broken-url',
'urlclassifier=',
'jsclassifier=',
'sampleclassifier=',
'file-logging',
'json-logging',
'maec11-logging',
'elasticsearch-logging',
'mongodb-address=',
'vt-apikey=',
'max-len=',
])
except getopt.GetoptError:
self.usage()
if not options and not args:
self.usage()
for option in options:
if option[0] in ('-h', '--help'):
self.usage()
elif option[0] in ('-V', '--version'):
self.version()
for option in options:
if option[0] in (
'-u',
'--useragent',
):
self.set_useragent(option[1])
elif option[0] in ('-e', '--events'):
self.set_events(option[1])
elif option[0] in ('-w', '--delay'):
self.set_delay(option[1])
elif option[0] in (
'-r',
'--referer',
):
self.set_referer(option[1])
elif option[0] in (
'-p',
'--proxy',
):
self.set_proxy(option[1])
elif option[0] in (
'-y',
'--vtquery',
):
self.set_vt_query()
elif option[0] in (
'-s',
'--vtsubmit',
):
self.set_vt_submit()
elif option[0] in (
'-b',
'--vt-apikey',
):
self.set_vt_runtime_apikey(option[1])
elif option[0] in (
'-z',
'--web-tracking',
):
self.set_web_tracking()
elif option[0] in (
'-N',
'--no-honeyagent',
):
self.disable_honeyagent()
elif option[0] in (
'-l',
'--local',
):
p = getattr(self, 'run_local')
elif option[0] in (
'-x',
'--local-nofetch',
):
p = getattr(self, 'run_local')
self.set_no_fetch()
elif option[0] in (
'-v',
'--verbose',
):
self.set_verbose()
elif option[0] in (
'-d',
'--debug',
):
self.set_debug()
elif option[0] in ('-m', '--no-cache'):
self.set_no_cache()
elif option[0] in (
'-a',
'--ast-debug',
):
self.set_ast_debug()
elif option[0] in (
'-g',
'--http-debug',
):
self.set_http_debug()
elif option[0] in (
'-A',
'--adobepdf',
):
self.set_acropdf_pdf(option[1])
elif option[0] in (
'-P',
'--no-adobepdf',
):
self.disable_acropdf()
elif option[0] in (
'-S',
'--shockwave',
):
self.set_shockwave_flash(option[1])
elif option[0] in (
'-R',
'--no-shockwave',
):
self.disable_shockwave_flash()
elif option[0] in (
'-J',
'--javaplugin',
):
self.set_javaplugin(option[1])
elif option[0] in (
'-K',
'--no-javaplugin',
):
self.disable_javaplugin()
elif option[0] in (
'-t',
'--threshold',
):
self.set_threshold(option[1])
elif option[0] in (
'-E',
'--extensive',
):
self.set_extensive()
elif option[0] in (
'-T',
'--timeout',
):
self.set_timeout(option[1])
elif option[0] in ('-Q', '--urlclassifier'):
for classifier in option[1].split(','):
self.add_urlclassifier(os.path.abspath(classifier))
elif option[0] in ('-W', '--jsclassifier'):
for classifier in option[1].split(','):
self.add_jsclassifier(os.path.abspath(classifier))
elif option[0] in ('-C', '--sampleclassifier'):
for classifier in option[1].split(','):
self.add_sampleclassifier(os.path.abspath(classifier))
elif option[0] in (
'-B',
'--broken-url',
):
self.set_broken_url()
elif option[0] in (
'-F',
'--file-logging',
):
self.set_file_logging()
elif option[0] in (
'-Z',
'--json-logging',
):
self.set_json_logging()
elif option[0] in (
'-M',
'--maec11-logging',
):
self.set_maec11_logging()
elif option[0] in (
'-G',
'--elasticsearch-logging',
):
self.set_elasticsearch_logging()
elif option[0] in (
'-D',
'--mongodb-address',
):
self.set_mongodb_address(option[1])
self.log_init(args[0])
for option in options:
if option[0] in ('-n', '--logdir'):
self.set_log_dir(option[1])
elif option[0] in (
'-o',
'--output',
):
self.set_log_output(option[1])
elif option[0] in (
'-q',
'--quiet',
):
self.set_log_quiet()
elif option[0] in (
'-L',
'--max_len',
):
self.set_max_len(option[1])
if p:
ThugPlugins(PRE_ANALYSIS_PLUGINS, self)()
p(args[0])
ThugPlugins(POST_ANALYSIS_PLUGINS, self)()
self.log_event()
return log
def analyze(self, opts):
p = getattr(self, 'run_remote', None)
# Dictionary format of JSON opts
options = json.loads(opts)
if options['version']:
return self.thug_version
self.set_useragent(options['useragent'])
if options['events']:
self.set_events(options['events'])
if options['delay']:
self.set_delay(options['delay'])
if options['referer']:
self.set_referer(options['referer'])
if options['proxy']:
self.set_proxy(options['proxy'])
if options['local']:
p = getattr(self, 'run_local')
if options['local_nofetch']:
p = getattr(self, 'run_local')
self.set_no_fetch()
if options['verbose']:
self.set_verbose()
if options['debug']:
self.set_debug()
if options['no_cache']:
self.set_no_cache()
if options['ast_debug']:
self.set_ast_debug()
if options['adobepdf']:
self.set_acropdf_pdf(options['adobepdf'])
if options['no_adobepdf']:
self.disable_acropdf()
if options['shockwave']:
self.set_shockwave_flash(options['shockwave'])
if options['no_shockwave']:
self.disable_shockwave_flash()
if options['javaplugin']:
self.set_javaplugin(options['javaplugin'])
if options['no_javaplugin']:
self.disable_javaplugin()
if options['threshold']:
self.set_threshold(options['threshold'])
if options['extensive']:
self.set_extensive()
if options['timeout']:
self.set_timeout(options['timeout'])
if options['urlclassifier']:
for classifier in options['urlclassifier'].split(','):
self.add_urlclassifier(os.path.abspath(classifier))
if options['jsclassifier']:
for classifier in options['jsclassifier'].split(','):
self.add_jsclassifier(os.path.abspath(classifier))
if options['json_logging']:
self.set_json_logging()
if options['file_logging']:
self.set_file_logging()
if options['vtquery']:
self.set_vt_query()
self.log_init(self.args)
if options['logdir']:
self.set_log_dir(options['logdir'])
if options['output']:
self.set_log_output(options['output'])
if options['quiet']:
self.set_log_quiet()
if p:
ThugPlugins(PRE_ANALYSIS_PLUGINS, self)()
p(self.args)
ThugPlugins(POST_ANALYSIS_PLUGINS, self)()
self.log_event()
return log