def knocknock():
#results
results = []
try:
#init
# ->logging, plugin manager, etc
if not initKK():
#dgb msg
utils.logMessage(utils.MODE_ERROR, 'initialization(s) failed')
#bail
return False
#dbg msg
utils.logMessage(utils.MODE_INFO, 'initialization complete')
#list plugins and bail
if args.list:
#display plugins
listPlugins()
#bail
return True
#scan for thingz
results = scan(args.plugin)
#make sure scan succeeded
if None == results:
#dbg msg
utils.logMessage(utils.MODE_ERROR, 'scan failed')
#bail
return False
#depending on args
# filter out apple signed binaries, or whitelisted binaries, etc
if not args.apple or not args.whitelist: #or args.signed:
#iterate over all results
# ->one for each startup item type
for result in results:
#ignored/whitelisted items
ignoredItems = []
#scan each startup object
# ->if it should be ingored, add to ignore list
for startupObj in result['items']:
#filter out files
# ->depending on args, singed by apple, whitelisted, etc
if isinstance(startupObj, file.File):
#by default, ignore signed by Apple
if not args.apple and startupObj.signedByApple:
#add to list
ignoredItems.append(startupObj)
#ignore white listed items
if not args.whitelist and startupObj.isWhitelisted:
#add to list
ignoredItems.append(startupObj)
#now that we are done iterating
# ->subtract out all ignored/whitelisted items
result['items'] = list(
set(result['items']) - set(ignoredItems))
#filter out dups in unclassified plugin
# ->needed since it just looks at the proc list
removeUnclassDups(results)
#get vt results
if not args.disableVT:
#dbg msg
utils.logMessage(utils.MODE_INFO,
'querying VirusTotal - sit tight!')
#process
# ->will query VT and add VT info to all files
virusTotal.processResults(results)
#format output
# ->normal output or JSON
formattedResults = output.formatResults(results, args.json)
#show em
print formattedResults.encode('ascii', 'xmlcharrefreplace')
#top level exception handler
except Exception, e:
#dbg msg
utils.logMessage(
utils.MODE_ERROR, '\n EXCEPTION, %s() threw: %s' %
(sys._getframe().f_code.co_name, e))
#stack trace
traceback.print_exc()
#bail
return False
def knocknock():
#results
results = []
try:
#init
# ->logging, plugin manager, etc
if not initKK():
#dgb msg
utils.logMessage(utils.MODE_ERROR, 'initialization(s) failed')
#bail
return False
#dbg msg
utils.logMessage(utils.MODE_INFO, 'initialization complete')
#list plugins and bail
if args.list:
#display plugins
listPlugins()
#bail
return True
#scan for thingz
results = scan(args.plugin)
#make sure scan succeeded
if None == results:
#dbg msg
utils.logMessage(utils.MODE_ERROR, 'scan failed')
#bail
return False
#depending on args
# filter out apple signed binaries, or whitelisted binaries, etc
if not args.apple or not args.whitelist: #or args.signed:
#iterate over all results
# ->one for each startup item type
for result in results:
#ignored/whitelisted items
ignoredItems = []
#scan each startup object
# ->if it should be ingored, add to ignore list
for startupObj in result['items']:
#filter out files
# ->depending on args, singed by apple, whitelisted, etc
if isinstance(startupObj, file.File):
#by default, ignore signed by Apple
if not args.apple and startupObj.signedByApple():
#add to list
ignoredItems.append(startupObj)
#ignore white listed items
if not args.whitelist and startupObj.isWhitelisted:
#add to list
ignoredItems.append(startupObj)
#now that we are done iterating
# ->subtract out all ignored/whitelisted items
result['items'] = list(set(result['items']) - set(ignoredItems))
#filter out dups in unclassified plugin
# ->needed since it just looks at the proc list
removeUnclassDups(results)
#format output
# ->normal output or JSON
formattedResults = output.formatResults(results, args.json)
#show em
print formattedResults.encode('ascii', 'xmlcharrefreplace')
#top level exception handler
except Exception, e:
#dbg msg
utils.logMessage(utils.MODE_ERROR, '\n EXCEPTION, %s() threw: %s' % (sys._getframe().f_code.co_name, e))
#stack trace
traceback.print_exc()
#bail
return False
def knocknock():
#results
results = []
try:
#init
# ->logging, plugin manager, etc
if not initKK():
#dgb msg
utils.logMessage(utils.MODE_ERROR, 'initialization(s) failed')
#bail
return False
#dbg msg
utils.logMessage(utils.MODE_INFO, 'initialization complete')
#list plugins and bail
if args.list:
#display plugins
listPlugins()
#bail
return True
#scan for thingz
results = scan(args.plugin)
#make sure scan succeeded
if None == results:
#dbg msg
utils.logMessage(utils.MODE_ERROR, 'scan failed')
#bail
return False
#depending on args
# filter out apple signed binaries, or whitelisted binaries, etc
if not args.apple or not args.whitelist: #or args.signed:
#iterate over all results
# ->one for each startup item type
for result in results:
#list of files to be ignored
ignoredFiles = []
#list of commands to be ignored
ignoredCommands = []
#scan each startup object
# ->if it should be ingored, add to ignore list
for startupObj in result['items']:
#filter out files
# ->depending on args, singed by apple, whitelisted, etc
if isinstance(startupObj, file.File):
#by default, ignore signed by Apple
if not args.apple and startupObj.signedByApple():
#save
ignoredFiles.append(startupObj)
#by default, ignore whitelisted binaries
# ->ignore if already saved though
elif not args.whitelist and startupObj.isWhitelisted:
#save
ignoredFiles.append(startupObj)
#filter out commands
# ->just whitelisted ones
if isinstance(startupObj, command.Command):
#by default, ignore whitelisted commands
if not args.whitelist and startupObj.isWhitelisted:
#save
ignoredCommands.append(startupObj)
#now that we are done iterating
# ->subtract out all ignored files and command
result['items'] = list(set(result['items']) - set(ignoredFiles) - set(ignoredCommands))
#format output
# ->normal output or JSON
formattedResults = output.formatResults(results, args.json, args.post)
#show em, if we need to
if formattedResults != "":
print formattedResults
#top level exception handler
except Exception, e:
#dbg msg
utils.logMessage(utils.MODE_ERROR, '\n EXCEPTION, %s() threw: %s' % (sys._getframe().f_code.co_name, e))
#stack trace
traceback.print_exc()
#bail
return False
