def zip_do_zip(azip, afile): """ azip:ZipFile, afile:source archive(s) name """ # test if encrypted try: azip.testzip() except RuntimeError as e: if 'encrypted' in str(e): log_encrypted(BF_ZIP, afile) return else: log_error(str(e), afile) # iterate directly over file names for member in azip.namelist(): # sort directories out if member.endswith('/'): continue # check file name filename = os.path.basename(member).lower() res = RGX_INFILENAME.search(filename) if res: log_secret(res.group(), afile+':'+member) # check file content, calling other modules data = azip.read(member) (ftype, supported) = type_data(data, member) if supported: if ftype in ENCRYPTED: log_encrypted(ftype, member) else: do_data(ftype, data, afile+':'+member)
def text_do_text(text, afile): """text: lowercase test, afile: source file name """ regex = '|'.join(INFILE) for match in re.finditer(regex, text): log_secret(match.group(), afile) if HASHES: search_hashes(text, afile)
def zip_do_zip(azip, afile): """ azip:ZipFile, afile:source archive(s) name """ # test if encrypted try: azip.testzip() except RuntimeError as e: if 'encrypted' in str(e): log_encrypted(BF_ZIP, afile) return else: log_error(str(e), afile) # iterate directly over file names for member in azip.namelist(): # sort directories out if member.endswith('/'): continue # check file name filename = os.path.basename(member).lower() res = RGX_INFILENAME.search(filename) if res: log_secret(res.group(), afile + ':' + member) # check file content, calling other modules data = azip.read(member) (ftype, supported) = type_data(data, member) if supported: if ftype in ENCRYPTED: log_encrypted(ftype, member) else: do_data(ftype, data, afile + ':' + member)
def scan(path, count): """selects files to process, checks file names""" log_comment('scanning %s:' % path) scanned = 0 bar_width = 32 if count < bar_width: bar_width = count if count == 0: bar_width = 1 sys.stdout.write('%s\n' % ("=" * bar_width)) bar_blocksize = count / bar_width bar_left = bar_width bar_count = 0 for root, dirs, files in os.walk(path): for skip in SKIP: if skip in dirs: dirs.remove(skip) for filename in files: abspath = os.path.abspath(os.path.join(root, filename)) res = RGX_INFILENAME.search(filename.lower()) if res: log_secret(res.group(), abspath) try: ftype, supported = type_file(abspath) except TypeError as e: log_error(str(e), abspath) continue if supported: if ftype in ENCRYPTED: # report but do not process log_encrypted(ftype, abspath) if ftype in EXE: # report but do not process if looks_uniform(filename=abspath): log_packed(ftype, abspath) else: log_exe(ftype, abspath) else: # process the file do_file(ftype, abspath) scanned += 1 # update progress bar bar_count += 1 if bar_count >= bar_blocksize and bar_left: sys.stdout.write("=") sys.stdout.flush() bar_count = 0 bar_left -= 1 sys.stdout.write("\n") log_comment('%d files supported were processed' % scanned) return scanned
def tar_do_tar(atar, afile): """ atar:TarFile, afile:source archive(s) name """ # iterate over TarInfo's for member in atar.getmembers(): # only process files if not member.isfile(): continue # check file name filename = os.path.basename(member.name).lower() res = RGX_INFILENAME.search(filename) if res: log_secret(res.group(), afile + ':' + member.name) # check file content, calling other modules data = atar.extractfile(member).read() (ftype, supported) = type_data(data, member.name) if supported: if ftype in ENCRYPTED: log_encrypted(ftype, member.name) else: do_data(ftype, data, afile + ':' + member.name)
def text_do_text(text, afile): """text: lowercase test, afile: source file name """ loggedFilename = False lines = text.splitlines() for lineno in range(len(lines)): line = lines[lineno] lineMatched = False wordsMatched = "" for match in re.finditer(RGX_INFILE, line): start = match.start() offset = start - text.rfind('\n', 0, start) lineMatched = True wordsMatched = " ".join( [wordsMatched, "%s @ %d" % (match.group(0), offset)]) if lineMatched: if not loggedFilename: log_secret("") log_secret("%s" % (afile)) loggedFilename = True log_secret(",%s, Matches:%s" % (lineno, wordsMatched)) if len(lines) > lineno - 2 and 0 <= lineno - 2: log_text_and_line_number((lineno - 2), lines[lineno - 2]) if len(lines) > lineno - 1 and 0 <= lineno - 1: log_text_and_line_number((lineno - 1), lines[lineno - 1]) log_text_and_line_number(lineno, lines[lineno]) if len(lines) > lineno + 1: log_text_and_line_number((lineno + 1), lines[lineno + 1]) if len(lines) > lineno + 2: log_text_and_line_number((lineno + 2), lines[lineno + 2]) if HASHES: search_hashes(text, afile)
def log_text_and_line_number(lineno, text): output = io.BytesIO() writer = csv.writer(output) writer.writerow([text]) log_secret(",,,%s,%s" % (lineno, output.getvalue().splitlines()[0]))
def search_hashes(text, afile): for match in re.finditer(HASH_REGEX, text): ahash = hash_string(match.group(0), HASH_KEY) if ahash in HASHES: log_secret('hash %s' % ahash, afile)