示例#1
0
def parsePageContent(data):
    newDict = {}
    for json in data:
        if json.find('{"status":') != -1:
            tempDict = eval(json)
            newDict['status'] = tempDict.get('status')
        elif json.find('{"content":') != -1:
            tempDict = eval(json)
            newDict['content'] = tempDict.get('content')
    return newDict
示例#2
0
def extract_json_value(key, json):
    key = "\"" + key + "\":"
    idx = json.find(key)
    val = None
    if idx >= 0:
        val = json[idx + len(key):]
        val = val.strip(" ")
        val = val[1:]  # remove opening quote
        idx = val.find("\"")
        val = val[0:idx]
    return val
示例#3
0
def process(outfd, file_to_send):
    global DBNAME
    if DBNAME != None:
        return process_sql(outfd, file_to_send)
    f = open(file_to_send, "r")
    file_contents = f.read()
    f.close()

    files = [("file", os.path.basename(file_to_send), file_contents)]
    fields = [("uploadedFile", file_to_send), ("filename", os.path.basename(file_to_send))]

    json = post_multipart(host, selector, fields, files)

    if json.find("suspiciousfile") == -1: 
        print "Unable to submit sample"
        print json
        return -1

    jsondict = simplejson.loads(json)
    for key, val in jsondict.items():
        outfd.write("*" * 72 + "\n")
        outfd.write("{0:30} {1}\n".format("Filename:", os.path.basename(file_to_send)))
        outfd.write("{0:30} {1}\n".format("md5:", val['md5']))
        outfd.write("{0:30} {1}\n".format("sha1:", val['sha1']))
        outfd.write("{0:30} {1}\n".format("Start Time:", val['starttime']))
        outfd.write("{0:30} {1}\n".format("End Time:", val['endtime']))
        outfd.write("{0:30} {1}\n".format("Final Result:", val['finalresult']))
        if val['finalthreatfound'] == "":
            val['finalthreatfound'] = "None"
        outfd.write("{0:30} {1}\n".format("Final Threat Found:", val['finalthreatfound']))
        outfd.write("*" * 72 + "\n")
        if val['finalthreatfound'] == "None":
            continue 
        for item in val['avresults']:
            outfd.write("{0:30} {1}\n".format("AV Name:", item['avname'] + " " + item['avversion'] + " " + item['avdefversiondate']))
            if item['scanresult'] == 'Failed':
                item['scanresult'] = item['scanresult'].upper()
            outfd.write("{0:30} {1}\n".format("Scan Result:", item['scanresult']))
            if item['threatsfound'] == "":
                item['threatsfound'] = "None"
            else:
                item['threatsfound'] += "  [!!]"
            outfd.write("{0:30} {1}\n".format("Threats Found:", item['threatsfound']))
            outfd.write("{0:30} {1}\n".format("AV DefSignature/DefVersion:", item['avdefsignature'] + "/" + item['avdefversion']))
            outfd.write("-" * 72 + "\n")
        outfd.write("\n\n")
    return 0
示例#4
0
def process_sql(outfd, file_to_send):
    global DBNAME
    conn = sqlite3.connect(DBNAME)
    cur = conn.cursor()

    f = open(file_to_send, "r")
    file_contents = f.read()
    f.close()

    files = [("file", os.path.basename(file_to_send), file_contents)]
    fields = [("uploadedFile", file_to_send), ("filename", os.path.basename(file_to_send))]

    json = post_multipart(host, selector, fields, files)

    if json.find("suspiciousfile") == -1:
        print "Unable to submit sample"
        print json
        conn.close()
        return -1

    jsondict = simplejson.loads(json)
    for key, val in jsondict.items():
        outfd.write("*" * 72 + "\n")
        outfd.write("{0:30} {1}\n".format("Filename:", os.path.basename(file_to_send)))
        outfd.write("{0:30} {1}\n".format("Final Result:", val['finalresult']))
        if val['finalthreatfound'] == "": 
            val['finalthreatfound'] = "None"
        outfd.write("{0:30} {1}\n".format("Final Threat Found:", val['finalthreatfound']))

        cur.execute("SELECT COUNT(*) FROM opswat WHERE md5 = ?", [val['md5']])
        count = cur.fetchone()[0]
        if count > 0:
            outfd.write("Sample {0} already exists in DB... not dumped\n".format(val['md5']))
            outfd.write("*" * 72 + "\n")
            continue
        outfd.write("*" * 72 + "\n")

        cur.execute("INSERT INTO opswat VALUES(null, ?,?,?,?,?,?,?)", ("", os.path.basename(file_to_send), 
                    val['md5'], val['sha1'], val['starttime'], val['endtime'], val['finalthreatfound']))
        conn.commit()
        cur.execute("SELECT id FROM opswat WHERE md5 = ?", [val['md5']])
        id = cur.fetchone()[0]

        if val['finalthreatfound'] == "None":
            continue

        cur.execute("SELECT count(*) FROM artifacts WHERE file LIKE ?", [os.path.basename(file_to_send)])
        count = cur.fetchone()[0]
        if count == 0:
            try:
                if os.path.basename(file_to_send).find(".exe") != -1 and q[0].find(".dmp") == -1: 
                    cur.execute("SELECT pname FROM procdump WHERE dump_file = ?", [os.path.basename(file_to_send)])
                    artifact = "Executable: " + cur.fetchone()[0]
                elif os.path.basename(file_to_send).find(".dll") != -1: 
                    cur.execute("SELECT path FROM dlldump WHERE dump_file = ?", [os.path.basename(file_to_send)])
                    artifact = "DLL: " + cur.fetchone()[0]
                elif os.path.basename(file_to_send).find(".dmp") != -1: 
                    cur.execute("SELECT pname FROM vaddump WHERE dump_file like ?", [os.path.basename(file_to_send)])
                    artifact = "Vaddump from process: " + cur.fetchone()[0]
                else:
                    cur.execute("SELECT name FROM moddump WHERE dump_file = ?", [os.path.basename(file_to_send)])
                    artifact = "Module: " + cur.fetchone()[0]
                cur.execute("INSERT INTO artifacts VALUES(null,?,?,?)", (artifact, os.path.basename(file_to_send), "opswat"))
                conn.commit()
            except:
                pass

        for item in val['avresults']:
            if item['scanresult'] == 'Failed':
                item['scanresult'] = item['scanresult'].upper()
            if item['threatsfound'] == "":
                item['threatsfound'] = "None"
            cur.execute("INSERT INTO opswat_avscans VALUES(null, ?,?,?,?,?,?,?,?)", (id, item['avname'], item['avversion'], item['avdefversiondate'],
                        item['scanresult'], item['threatsfound'], item['avdefsignature'], item['avdefversion']))
            conn.commit()

        outfd.write("*" * 72 + "\n\n")
    conn.close()
    return 0
示例#5
0
文件: parsed.py 项目: johnner/parsed
 def fix_json(self, json):
     """remove slashes since they can break download process"""
     json = json.replace('\'', '"')
     sep_index = json.find('<!>')
     json = json[:sep_index]
     return json