Python list2cmdline示例

示例#1

文件： TrID.py 项目： vanquishsecurity/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False

    cmdline = [conf["path"]]
    cmdline.extend(conf["cmdline"])
    # Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')

    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
        except subprocess.CalledProcessError as e:
            output = e.output

    else:
        host, port, user = conf["host"]
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except Exception as e:
            # TODO: log exeption
            return None

    # Parse output
    output = output.decode("utf-8")
    output = output.replace('\r', '')
    output = output.split('\n')
    results = []
    fresults = {}
    fname = None
    for line in output:
        if line.startswith('File: '):
            fname = line[6:]
            fresults[fname] = []
            continue

        elif line.startswith('Collecting data from file: '):
            fname = line[27:]
            fresults[fname] = []
            continue

        if fname:
            virusresults = re.findall("\s*(\d+.\d+\%) \((\.[^\)]+)\) (.+) \(\d+/", line)
            if virusresults:
                confidence, exnt, ftype = virusresults[0]
                fresults[fname].append([confidence, ftype, exnt])
    for fname in fresults:
        results.append((fname, fresults[fname]))
    metadata = {}
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    metadata["Include"] = False
    return (results, metadata)

示例#2

文件： McAfeeScan.py 项目： visaobuon/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]
    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')

    #Create full command line
    cmdline.insert(0, path)

    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e:
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host,
                             list2cmdline(cmdline),
                             port=port,
                             username=user,
                             key_filename=conf["key"])
        except:
            return None

    #Parse output
    output = output.decode("utf-8")
    virusresults = re.findall("([^\n\r]+) ... Found: ([^\n\r]+)", output,
                              re.MULTILINE)
    metadata = {}
    verinfo = re.search(
        "McAfee VirusScan Command Line for \S+ Version: ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
        verinfo = re.search("AV Engine version: ([\d\.]+)\s", output)
        metadata["Engine version"] = verinfo.group(1)
        verinfo = re.search(
            "Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)",
            output)
        metadata["Definition version"] = verinfo.group(1)
        metadata["Definition date"] = verinfo.group(2)

    return (virusresults, metadata)

示例#3

文件： AVGScan.py 项目： joeyxy/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
    
    cmdline = conf["cmdline"]
    #Generate scan option
    scan = '/SCAN='
    for item in filelist:
        scan += '"' + item + '";'
    
    #Create full command line
    cmdline.insert(0, conf["path"])
    cmdline.append(scan)
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            #returnval = e.returncode
    else:
        host, port, user = conf["host"]
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except:
            return None
    #Parse output
    output = output.decode("utf-8", errors='replace')
    virusresults = re.findall("([^\r\n]+) Virus identified (.+)\s+$", output, re.MULTILINE)
    #Stupid AVG prepends the UNC for mapped drives
    uncdetect = "\(\\\\.*\) ([a-zA-Z]:\\\\.*)$"
    for (file, result) in virusresults[:]:
        retest = re.match(uncdetect, file)
        if not retest:
            continue
        virusresults.remove((file, result))
        virusresults.append((retest.group(1), result))
    
    metadata = {}
    verinfo = re.search("Program version ([\d\.]+), engine ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
        metadata["Engine version"] = verinfo.group(2)
    verinfo = re.search("Virus Database: Version ([\d/]+) ([\d-]+)", output)
    if verinfo:
        metadata["Definition version"] = verinfo.group(1)
        metadata["Definition date"] = verinfo.group(2)
    return (virusresults, metadata)

示例#4

文件： McAfeeScan.py 项目： 971sec/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]
    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')
    
    #Create full command line
    cmdline.insert(0, path)
    
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except:
            return None

    #Parse output
    output = output.decode("utf-8")
    virusresults = re.findall("([^\n\r]+) ... Found: ([^\n\r]+)", output, re.MULTILINE)
    metadata = {}
    verinfo = re.search("McAfee VirusScan Command Line for \S+ Version: ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
        verinfo = re.search("AV Engine version: ([\d\.]+)\s", output)
        metadata["Engine version"] = verinfo.group(1)
        verinfo = re.search("Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)", output)
        metadata["Definition version"] = verinfo.group(1)
        metadata["Definition date"] = verinfo.group(2)
    
    return (virusresults, metadata)	

示例#5

文件： MSEScan.py 项目： visaobuon/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]

    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Create full command line
    cmdline.insert(0, path)

    resultlist = []
    try:
        client = sshconnect(host,
                            port=port,
                            username=user,
                            key_filename=conf["key"])
    except:
        return None

    #Generate scan option
    for item in filelist:
        cmd = cmdline[:]
        cmd.append('"' + item + '"')

        #print(repr(cmd))
        #print(repr(list2cmdline(cmd)))
        output = ""
        if local:
            try:
                output = subprocess.check_output(cmd)
                returnval = 0
            except subprocess.CalledProcessError as e:
                output = e.output
                returnval = e.returncode
        else:
            try:
                stdin, stdout, stderr = client.exec_command(list2cmdline(cmd))
                output = stdout.read()
            except Exception as e:
                return None

        #Parse output
        output = output.decode("utf-8")
        #print(output)

        if "<===========================LIST OF DETECTED THREATS==========================>" not in output:
            #resultlist.append((item, {"malicious": False, "raw_output": output}))
            continue

        #res = {"malicious": True, "raw_output": output, "threats": []}

        while '----------------------------- Threat information ------------------------------' in output:
            _, _, output = output.partition(
                '----------------------------- Threat information ------------------------------'
            )
            output = output.lstrip()

            block, _, _ = output.partition(
                '-------------------------------------------------------------------------------'
            )

            #print(block)
            lines = block.split('\n')
            threat_name = lines[0].partition(':')[2].strip()
            #threat = {"threat": threat_name, "resources": []}
            #for line in lines[2:]:
            #	if not ':' in line:
            #		continue
            #	kind, _, path = line.partition(':')
            #	threat['resources'].append({kind.strip(): path.strip()})

            #res['threats'].append(threat)

        resultlist.append((item, threat_name))

    metadata = {}
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    return (resultlist, metadata)

示例#6

文件： test_common_lib.py 项目： vanquishsecurity/multiscanner

def test_list2cmdline():
    ls = ['1', 'a', '"dsafsad"']
    result = '1 a "dsafsad"'
    assert common.list2cmdline(ls) == result

示例#7

文件： test_common_lib.py 项目： 971sec/multiscanner

def test_list2cmdline():
    l = ['1', 'a', '"dsafsad"']
    result = '1 a "dsafsad"'
    assert common.list2cmdline(l) == result

示例#8

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]

    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')

    #Create full command line
    cmdline.insert(0, path)

    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e:
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host,
                             list2cmdline(cmdline),
                             port=port,
                             username=user,
                             key_filename=conf["key"])
        except:
            return None

    #Parse output
    output = output.decode("utf-8")
    virusresults = re.findall(
        ".*\t([^\t]*)\t(?:detected|suspicion)\t([^\t\r\n]*)", output,
        re.MULTILINE)
    metadata = {}
    #Sometimes reports come out as FILE//data#### this will just make that go into the main file report
    tofix = []
    fixdict = {}

    for (file, result) in virusresults:
        if len(file.split("//")) > 1:
            tofix.append(file.split("//")[0])

    if tofix:
        for (file, result) in virusresults[:]:
            if file.split("//")[0] in tofix:
                virusresults.remove((file, result))
                file = file.split("//")[0]
            elif file in tofix:
                virusresults.remove((file, result))
            else:
                continue
            if file in fixdict:
                blerp = fixdict[file]
                if isinstance(blerp, list):
                    if result not in blerp:
                        blerp.append(result)
                    fixdict[file] = blerp
                else:
                    blerp = fixdict[file]
                    fixdict[file] = [blerp, result]
            else:
                fixdict[file] = result

    for key in fixdict:
        virusresults.append((key, fixdict[key]))

    #This seems to be all the metadata I can get... Maybe there is a better way?
    if local:
        try:
            output = subprocess.check_output([path, "/?"])
            returnval = 0
        except subprocess.CalledProcessError as e:
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host,
                             list2cmdline([path, "/?"]),
                             username=user,
                             key_filename=conf["key"])
        except:
            return None
    output = output.decode("utf-8")
    verinfo = re.search("Kaspersky Anti-Virus \(R\) ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
    return (virusresults, metadata)

示例#9

文件： AVGScan.py 项目： vanquishsecurity/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False

    cmdline = conf["cmdline"]
    # Generate scan option
    scan = '/SCAN='
    for item in filelist:
        scan += '"' + item + '";'

    # Create full command line
    cmdline.insert(0, conf["path"])
    cmdline.append(scan)
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
        except subprocess.CalledProcessError as e:
            output = e.output
    else:
        host, port, user = conf["host"]
        try:
            output = sshexec(host,
                             list2cmdline(cmdline),
                             port=port,
                             username=user,
                             key_filename=conf["key"])
        except Exception as e:
            # TODO: log exception
            return None
    # Parse output
    output = output.decode("utf-8", errors='replace')
    virusresults = re.findall("(?:\([^\)]*\) )?([^\s]+) (.+)\s+$", output,
                              re.MULTILINE)
    results = []
    for (file, result) in virusresults[:]:
        if result.endswith(' '):
            result = result[:-1]
        result = result.split(' ')
        if file not in filelist:
            file = file.split(':')[0]
            while file not in filelist and result:
                file = file + ' ' + result.pop(0)
            if file not in filelist or not result:
                continue
        result = result[-1]
        results.append((file, result))

    metadata = {}
    verinfo = re.search("Program version ([\d\.]+), engine ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
        metadata["Engine version"] = verinfo.group(2)
    verinfo = re.search("Virus Database: Version ([\d/]+) ([\d-]+)", output)
    if verinfo:
        metadata["Definition version"] = verinfo.group(1)
        metadata["Definition date"] = verinfo.group(2)
    return (results, metadata)

示例#10

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False

    cmdline = conf["cmdline"]
    results = []
    output = ""
    cmd = cmdline
    for item in filelist:
        cmd.append('"' + item + '" ')
    cmd.insert(0, conf["path"])

    host, port, user = conf["host"]
    if local:
        try:
            output = subprocess.check_output(cmd)
        except subprocess.CalledProcessError as e:
            output = e.output
            e.returncode
    else:
        try:
            output = sshexec(host,
                             list2cmdline(cmd),
                             port=port,
                             username=user,
                             key_filename=conf["key"])
        except Exception as e:
            # TODO: log exception
            return None

    output = output.decode("utf-8", errors="ignore")
    output = output.replace('\r', '')
    reader = output.split('\n')
    data = {}
    fname = filelist[0]
    for row in reader:
        row = row.split('\t')
        try:
            if row[0].startswith('======== '):
                if data:
                    results.append((fname, data))
                    data = {}
                fname = row[0][9:]
                if re.match('[A-Za-z]:/', fname):
                    # why exif tools, whyyyyyyyy
                    fname = fname.replace('/', '\\')
                continue
        except Exception as e:
            # TODO: log exception
            pass
        try:
            if row[0] not in conf['remove-entry']:
                data[row[0]] = row[1]
        except Exception as e:
            # TODO: log exception
            continue
    if data:
        results.append((fname, data))
        data = {}
    reader = None

    # Gather metadata
    metadata = {}
    output = output.replace('\r', '')
    reader = output.split('\n')
    for row in reader:
        row = row.split('\t')
        if row and row[0] == "ExifTool Version Number":
            metadata["Program version"] = row[1]
            break
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    return (results, metadata)

示例#11

文件： TrID.py 项目： 971sec/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
    
    cmdline = conf["cmdline"]
    #Generate scan option
    scan = ''
    for item in filelist:
        scan += '"' + item + '" '
    
    #Create full command line
    cmdline.insert(0, conf["path"])
    cmdline.append(scan)
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            #returnval = e.returncode

    else:
        host, port, user = conf["host"]
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except:
            return None
    
    #Parse output
    output = output.decode("utf-8")
    output = output.replace('\r', '')
    output = output.split('\n')
    results = []
    fresults = {}
    fname = None
    for line in output:
        if line.startswith('File: '):
            fname = line[6:]
            fresults[fname] = []
            continue
            
        elif line.startswith('Collecting data from file: '):
            fname = line[27:]
            fresults[fname] = []
            continue
            
        if fname:
            virusresults = re.findall("\s*(\d+.\d+\%) \((\.[^\)]+)\) (.+) \(\d+/", line) 
            if virusresults:
                confidence, exnt, ftype = virusresults[0]
                fresults[fname].append([confidence, ftype, exnt])
    for fname in fresults:
        results.append((fname, fresults[fname]))
    metadata = {}
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    metadata["Include"] = False
    return (results, metadata)

示例#12

文件： ExifToolsScan.py 项目： 971sec/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        
    cmdline = conf["cmdline"]
    results = []
    output = ""
    cmd = cmdline
    for item in filelist:
        cmd.append('"' + item + '" ')
    cmd.insert(0, conf["path"])

    host, port, user = conf["host"]
    if local:
        try:
            output = subprocess.check_output(cmd)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host, list2cmdline(cmd), port=port, username=user, key_filename=conf["key"])
        except:
            return None

    output = output.decode("utf-8", errors="ignore")
    output = output.replace('\r', '')
    reader = output.split('\n')
    data = {}
    fname = filelist[0]
    for row in reader:
        row = row.split('\t')
        try:
            if row[0].startswith('======== '):
                if data:
                    results.append((fname, data))
                    data = {}
                fname = row[0][9:]
                if re.match('[A-Za-z]:/', fname):
                    #why exif tools, whyyyyyyyy
                    fname = fname.replace('/', '\\')
                continue
        except:
            pass
        try:
            if row[0] not in conf['remove-entry']:
                data[row[0]] = row[1]
        except:
            continue
    if data:
        results.append((fname, data))
        data = {}
    reader = None
    
    #Gather metadata
    metadata = {}
    output = output.replace('\r', '')
    reader = output.split('\n')
    for row in reader:
        row = row.split('\t')
        if row and row[0] == "ExifTool Version Number":
            metadata["Program version"] = row[1]
            break	
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    return (results, metadata)	

示例#13

文件： KasperskyScan.py 项目： Fchestnut/multiscanner

def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]
    
    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')
    
    #Create full command line
    cmdline.insert(0, path)
    
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except:
            return None

    #Parse output
    output = output.decode("utf-8")
    virusresults = re.findall(".*\t([^\t]*)\tdetected\t([^\t\r\n]*)", output, re.MULTILINE)
    metadata = {}
    #Sometimes reports come out as FILE//data#### this will just make that go into the main file report
    tofix = []
    fixdict = {}

    for (file, result) in virusresults:
        if len(file.split("//")) > 1:
            tofix.append(file.split("//")[0])
    
    if tofix:
        for (file, result) in virusresults[:]:
            if file.split("//")[0] in tofix:
                virusresults.remove((file, result))
                file = file.split("//")[0]
            elif file in tofix:
                virusresults.remove((file, result))
            else:
                continue
            if file in fixdict:
                blerp = fixdict[file]
                if isinstance(blerp, list):
                    blerp.append(result)
                    fixdict[file] = blerp
                else:
                    blerp = fixdict[file]
                    fixdict[file] = [blerp, result]
            else:
                fixdict[file] = result
    
    for key in fixdict:
        virusresults.append((key, fixdict[key]))
    
    #This seems to be all the metadata I can get... Maybe there is a better way?
    if local:
        try:
            output = subprocess.check_output([path,"/?"])
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host, list2cmdline([path,"/?"]), username=user, key_filename=conf["key"])
        except:
            return None
    output = output.decode("utf-8")
    verinfo = re.search("Kaspersky Anti-Virus \(R\) ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
    return (virusresults, metadata)