-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathmain.py
96 lines (87 loc) · 3.5 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Name : main.py
# Version : 0.1
# Author : Abdesslem Amri
# Date : 15-01-2014
# Owner : Abdesslem Amri
# License : GPLv2
# Description : This is the main script: run the command line application
#----------------------------------------------------------------------------
import readline
import sys, os
import peframe
import dynamic
class main(object): # Custom completer
def __init__(self, options):
self.options = sorted(options)
# Autocomplete functionality
def complete(self, text, state):
if state == 0: # on first trigger, build possible matches
if text: # cache matches (entries that start with entered text)
self.matches = [s for s in self.options
if s and s.startswith(text)]
else: # no text entered, all matches possible
self.matches = self.options[:]
# return match indexed by state
try:
return self.matches[state]
except IndexError:
return None
def static(filename):
print "Use <strings> to show strings in the file"
print "Use <peid> to detect packer signatures"
print "Use <export> to show imported function and dll"
print "Use <import> to show exported function and dll"
print "Use <sections> to show sections information"
print "Use <fileurl> to show file urls"
print "Use <suspicious> to show some suspicious functions"
print "Use <auto> to auto-analysis the file"
while True:
input = raw_input('Static>> ')
if (input=="strings"):
peframe.show_strings(filename)
elif (input=="peid"):
peframe.show_packer(filename)
elif (input=="suspicious"):
peframe.show_suspicious(filename)
elif (input=="fileurl"):
peframe.show_fileurl(filename)
elif (input=="import"):
peframe.show_imported_functions(filename)
elif (input=="export"):
peframe.show_exported_functions(filename)
elif (input=="meta"):
peframe.show_meta(filename)
elif (input=="sections"):
peframe.show_sections(filename)
elif (input=='auto'):
peframe.autoanalysis(filename)
elif (input=='exit'):
return
if __name__ == '__main__':
if not os.geteuid() == 0: sys.exit("\nOnly root can run this script\n")
completer = main(["sandbox","static","exit()"])
readline.set_completer(completer.complete)
readline.parse_and_bind('tab: complete')
filename = raw_input('Path to malware file: ')
if not os.path.isfile(filename): sys.exit("\nFile not found\n")
if not filename.endswith('.exe'): sys.exit("\n Only executable file are accepted")
while(1):
try:
input = raw_input('Hunter>> ')
if (input=="static"):
print "Start the static analysis"
static(filename)
elif (input=="sandbox"):
print "Dynamic analysis for suspicious files"
dynamic.dynamic(filename)
elif (input=='exit()'):
sys.exit(0)
else :
print "This command is not used"
except KeyboardInterrupt:
print "type exit() to stop"
except EOFError:
print "type exit() to stop"