def dotransform(request, response): folder = '' try: if 'sniffMyPackets.outputfld' in request.fields: folder = request.fields['sniffMyPackets.outputfld'] else: folder = request.value except: return response + UIMessage('No folder created or specified') file_list = [] hash_list = [] msg = 'Enter output file' title = 'L0 - Hash all the files [SmP]' fieldNames = ["File Name"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) hash_file = fieldValues[0] for path, subdirs, files in os.walk(folder): for name in files: fname = name fpath = os.path.join(path, name) if fpath not in file_list: file_list.append(fpath) i = len(folder) + 1 for s in file_list: fh = open(s, 'r') sha1hash = hashlib.sha1(fh.read()).hexdigest() fh = open(s, 'r') md5hash = hashlib.md5(fh.read()).hexdigest() fhash = s[i:] + ' ' + str(sha1hash) + ' ' + str(md5hash) if fhash not in hash_list: hash_list.append(fhash) f = open(hash_file, 'w') f.write("\n".join(hash_list)) f.close() e = GenericFile(hash_file) e.linklabel = 'Hash File' e += Field('sniffMyPackets.outputfld', folder, displayname='Folder Location') response += e return response
def dotransform(request, response): target = request.value filepath = request.fields['newfolder'] list_files = [] file_details = [] # Create new folder for the extracted files rnd = str(randint(1, 100)) newfolder = filepath + '/' + rnd if not os.path.exists(newfolder): os.makedirs(newfolder) # Check the file extension and if applicable unzip the file to a new folder then store the files if target.endswith(".zip") or target.endswith(".docx"): uzip = zipfile.ZipFile(target) uzip.extractall(newfolder) rootdir = newfolder for root, subFolders, files in os.walk(rootdir): for file in files: list_files.append(os.path.join(root, file)) else: return response + UIMessage('Sorry not the right type of file') # Iterate through the list of files and calculate the SHA1 hash, the filetype for i in list_files: sha1sum = '' fh = open(i, 'rb') sha1sum = hashlib.sha1(fh.read()).hexdigest() cmd = 'file ' + i x = os.popen(cmd).read() for s in re.finditer('([^:]*)(\s)',x): ftype = s.group(1) file_detail = i, newfolder, sha1sum, ftype if file_detail not in file_details: file_details.append(file_detail) # Create the new entity for each file with the details from above for fname, ffolder, fhash, ftype in file_details: e = GenericFile(fname) e += Field('ffolder', ffolder, displayname='File Location') e += Field('fhash', fhash, displayname='SHA1 Hash') e += Field('ftype', ftype, displayname='File Type') e.linklabel = ftype e.linkcolor = 0x75337D response += e return response
def dotransform(request, response): pcap = request.value pkts = rdpcap(pcap) getsrc = lambda x: x.getlayer(IP).src getdst = lambda x: x.getlayer(IP).dst new_file = '' tstamp = int(clock()) try: tmpfolder = request.fields['sniffMyPackets.outputfld'] except: return response + UIMessage( 'No output folder defined, run the L0 - Prepare pcap transform') if 'stream' not in pcap: new_file = tmpfolder + '/' + str(tstamp) + '.jpg' else: new_file = tmpfolder + '/' + request.value[42:-5] + '.jpg' format = 'jpg' conv = {} for p in pkts: try: c = (getsrc(p), getdst(p)) except: continue conv[c] = conv.get(c, 0) + 1 gr = 'digraph "conv" {\n' for s, d in conv: gr += '\t "%s" -> "%s"\n' % (s, d) gr += "}\n" w, r = os.popen2("dot -T%s -o%s" % (format, new_file)) w.write(gr) w.close e = GenericFile(new_file) e.linklabel = 'JPG File' e += Field('sniffMyPackets.outputfld', tmpfolder, displayname='Folder Location') response += e return response
def dotransform(request, response): pcap = request.value pkts = rdpcap(pcap) getsrc = lambda x:x.getlayer(IP).src getdst = lambda x:x.getlayer(IP).dst new_file = '' tstamp = int(clock()) try: tmpfolder = request.fields['sniffMyPackets.outputfld'] except: return response + UIMessage('No output folder defined, run the L0 - Prepare pcap transform') if 'stream' not in pcap: new_file = tmpfolder + '/' + str(tstamp) + '.jpg' else: new_file = tmpfolder + '/' + request.value[42:-5] + '.jpg' format = 'jpg' conv = {} for p in pkts: try: c = (getsrc(p), getdst(p)) except: continue conv[c] = conv.get(c,0)+1 gr = 'digraph "conv" {\n' for s,d in conv: gr += '\t "%s" -> "%s"\n' % (s,d) gr += "}\n" w,r = os.popen2("dot -T%s -o%s" % (format, new_file)) w.write(gr) w.close e = GenericFile(new_file) e.linklabel = 'JPG File' e += Field('sniffMyPackets.outputfld', tmpfolder, displayname='Folder Location') response += e return response
def dotransform(request, response): conf.verb = 0 # turn off the annoying....'s' pcap = request.value pkts = rdpcap(pcap) new_file = '' tstamp = int(clock()) try: tmpfolder = request.fields['sniffMyPackets.outputfld'] except: return response + UIMessage('No output folder defined, run the L0 - Prepare pcap transform') if 'stream' not in pcap: new_file = tmpfolder + '/' + str(tstamp) + '.pdf' else: new_file = tmpfolder + '/' + request.value[42:-5] + '.pdf' pkts.pdfdump(filename=new_file) e = GenericFile(new_file) e.linklabel = 'PDF File' response += e return response
def dotransform(request, response): conf.verb = 0 # turn off the annoying....'s' pcap = request.value pkts = rdpcap(pcap) new_file = '' tstamp = int(clock()) try: tmpfolder = request.fields['sniffMyPackets.outputfld'] except: return response + UIMessage( 'No output folder defined, run the L0 - Prepare pcap transform') if 'stream' not in pcap: new_file = tmpfolder + '/' + str(tstamp) + '.pdf' else: new_file = tmpfolder + '/' + request.value[42:-5] + '.pdf' pkts.pdfdump(filename=new_file) e = GenericFile(new_file) e.linklabel = 'PDF File' response += e return response