def execute(self, symbol):
results = []
toBeAnalyzed = []
if symbol is not None:
toBeAnalyzed.append(symbol)
else:
toBeAnalyzed.extend(self.project.getVocabulary().getSymbols())
for symbol in toBeAnalyzed:
searchTask = SearchTask(
"URL Data Carver",
"((http:\/\/|https:\/\/)?(www\.)?(([a-z0-9\-]){2,}\.){1,4}([a-z]){2,6}(\/([a-z\-_\/\.0-9#:?+%=&;,])*)?)",
"URL",
)
## TODO: put this things in a dedicated class
infoCarvers = {
"url": re.compile(
"((http:\/\/|https:\/\/)?(www\.)?(([a-z0-9\-]){2,}\.){1,4}([a-z]){2,6}(\/([a-z\-_\/\.0-9#:?+%=&;,])*)?)"
),
"email": re.compile("[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}"),
"ip": re.compile(
"(((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))"
),
}
foundValues = []
tasks = []
# Execute the search operation in String mode
for (carver, regex) in infoCarvers.items():
currentTask = SearchTask(carver, None, carver)
taskResults = []
for message in symbol.getMessages():
strData = TypeConvertor.netzobRawToString(message.getReducedStringData())
for match in regex.finditer(strData):
if match is None:
taskResult = SearchResult(message, "Data Carving: {0}".format(carver))
taskResult.addSegment(0, len(message.getReducedStringData()))
taskResults.append(taskResult)
else:
taskResult = SearchResult(message, "Data Carving: {0}".format(carver))
taskResult.addSegment(match.start(0) * 2, match.end(0) * 2)
taskResults.append(taskResult)
if len(taskResults) > 0:
currentTask.registerResults(taskResults, "Data Carving: {0}".format(carver))
tasks.append(currentTask)
results.append(tasks)
return results
def execute(self, symbol):
results = []
toBeAnalyzed = []
if symbol is not None:
toBeAnalyzed.append(symbol)
else:
toBeAnalyzed.extend(self.project.getVocabulary().getSymbols())
for symbol in toBeAnalyzed:
searchTask = SearchTask("URL Data Carver", "((http:\/\/|https:\/\/)?(www\.)?(([a-z0-9\-]){2,}\.){1,4}([a-z]){2,6}(\/([a-z\-_\/\.0-9#:?+%=&;,])*)?)", "URL")
## TODO: put this things in a dedicated class
infoCarvers = {
'url': re.compile("((http:\/\/|https:\/\/)?(www\.)?(([a-z0-9\-]){2,}\.){1,4}([a-z]){2,6}(\/([a-z\-_\/\.0-9#:?+%=&;,])*)?)"),
'email': re.compile("[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}"),
'ip': re.compile("(((?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))")
}
foundValues = []
tasks = []
# Execute the search operation in String mode
for (carver, regex) in infoCarvers.items():
currentTask = SearchTask(carver, None, carver)
taskResults = []
for message in symbol.getMessages():
strData = TypeConvertor.netzobRawToString(message.getReducedStringData())
for match in regex.finditer(strData):
if match is None:
taskResult = SearchResult(message, "Data Carving: {0}".format(carver))
taskResult.addSegment(0, len(message.getReducedStringData()))
taskResults.append(taskResult)
else:
taskResult = SearchResult(message, "Data Carving: {0}".format(carver))
taskResult.addSegment(match.start(0) * 2, match.end(0) * 2)
taskResults.append(taskResult)
if len(taskResults) > 0:
currentTask.registerResults(taskResults, "Data Carving: {0}".format(carver))
tasks.append(currentTask)
results.append(tasks)
return results
