def dotransform(request, response):
if request.fields['behavioral'] != "false":
behavior = ast.literal_eval(request.fields['behavior_data'])
if behavior.has_key("filesystem"):
if behavior['filesystem'].has_key("written"):
for t_file in behavior['filesystem']['written']:
r = Filename(t_file['path'])
r.linklabel = "vt_behave->written"
response += r
else:
debug("ripVT: No behavioral for %s" % request.value)
return response
def dotransform(request, response):
submission_names=ast.literal_eval(request.fields['submission_names'])
for name in submission_names:
if not name == "vti-rescan":
try:
tmp_name=name.encode('utf-8')
r=Filename(tmp_name)
except:
r=Filename("HEXENC-%s" % (str(name).encode("hex")))
r.linklabel="vtrep->names"
response+=r
return response
def dotransform(request, response):
#Build the request
type = 'hash'
page = build(request.value, type)
try:
list = page.find(text='File: ').findNext('b')
except:
raise MaltegoException('No filename')
if list.text != '':
response += Filename(list.text)
return response
def dotransform(request, response):
page = build(request.value)
try:
results = page.findAll('td', {"class": "field-key"})
for entry in results:
text = entry.text
if re.search('File names', text):
lines = ''.join(entry.next.next.next.findAll(text=True))
for line in lines.split():
response += Filename(line)
except:
raise MaltegoException('Could not find Filenames')
return response
def dotransform(request, response): data = getreport(request.value) try: try: addinfo = data['additional_info'] except: #no additional info pass try: pub = addinfo['sigcheck']['publisher'] response += Phrase(pub) except: #no dns data pass try: prod = addinfo['sigcheck']['product'] response += Phrase(prod) except: #no product data pass try: desc = addinfo['sigcheck']['description'] response += Phrase(desc) except: #no description data pass try: orig = addinfo['sigcheck']['original name'] response += Filename(orig) except: #no original name pass try: sign = addinfo['sigcheck']['signers'] response += Phrase(sign) except: #no signers pass try: intern = addinfo['sigcheck']['internal name'] response += Phrase(intern) except: #no internal name pass except: response += UIMessage(data['verbose_msg']) return response
def dotransform(request, response):
page = build(request.value)
try:
results = page.findAll('span', {"class": "field-key"})
for entry in results:
text = entry.text
if re.search('TimeStamp', text):
e = entry.next.next.strip()
response += Phrase(e)
elif re.search('FileType', text):
e = entry.next.next.strip()
response += Phrase(e)
elif re.search('EntryPoint', text):
e = entry.next.next.strip()
response += Phrase(e)
elif re.search('FileVersionNumber', text):
e = entry.next.next.strip()
response += Phrase(e)
elif re.search('LanguageCode', text):
e = entry.next.next.strip()
response += Phrase(e)
elif re.search('CharacterSet', text):
e = entry.next.next.strip()
response += Phrase(e)
elif re.search('InternalName', text):
e = entry.next.next.strip()
response += Phrase(e)
elif re.search('FileDescription', text):
e = entry.next.next.strip()
response += Phrase(e)
elif re.search('OriginalFilename', text):
e = entry.next.next.strip()
response += Filename(e)
elif re.search('ProductVersionNumber', text):
e = entry.next.next.strip()
response += Phrase(e)
except:
raise MaltegoException('Could not Exif Information')
return response
def dotransform(request, response): data = getreport(request.value) try: try: exif = data['additional_info']['exiftool'] except: #no exif data pass try: prod = exif['ProductName'] response += Phrase(prod) except: #no Product Name pass try: lang = exif['LanguageCode'] response += Phrase(lang) except: #no language code pass try: char = exif['CharacterSet'] response += Phrase(char) except: #no character set pass try: orig = exif['OriginalFilename'] response += Filename(orig) except: #no original name pass try: time = exif['Timestamp'] response += Phrase(time) except: #no timestamp pass try: intern = exif['InternalName'] response += Phrase(intern) except: #no internal name pass try: type = exif['FileType'] response += Phrase(type) except: #no filetype pass try: desc = exif['FileDescription'] response += Phrase(desc) except: #no file description pass try: copy = exif['LegalCopyright'] response += Phrase(copy) except: #no copyright data pass try: entry = exif['EntryPoint'] response += Phrase(entry) except: #no entry point pass try: ver1 = exif['FileVersionNumber'] response += Phrase(ver1) except: #no File Version Number pass try: ver2 = exif['ProductVersion'] response += Phrase(ver2) except: #no Product Version pass except: response += UIMessage(data['verbose_msg']) return response