viper-framework / viper-modules Goto Github PK
View Code? Open in Web Editor NEWLicense: BSD 3-Clause "New" or "Revised" License
viper-modules's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
xorhex steveclement rafiot stean smithcoderleo fzxcp3 drakearonhalt acd62081 arothenhaeuser xzvb12 subspacemaneuvers nasingfaundviper-modules's Issues
MISP modules issues
It seems that the MISP modules is still using the old function calls from PyMISP.
Such as:
adulau@dobbertin:~/.viper/modules$ git diff
diff --git a/misp.py b/misp.py
index 02b26cd..b841cdb 100644
--- a/misp.py
+++ b/misp.py
@@ -504,7 +504,7 @@ class MISP(Module):
return
open_session = len(self.args.event) == 1
for e in self.args.event:
- event = self.misp.get(e)
+ event = self.misp.get_events(e)
if not self._has_error_message(event):
self._search_local_hashes(event, open_session)
self._dump()
diff --git a/misp_methods/check_hashes.py b/misp_methods/check_hashes.py
index 98ad179..16cd27a 100644
--- a/misp_methods/check_hashes.py
+++ b/misp_methods/check_hashes.py
@@ -34,7 +34,7 @@ def _populate(self, event):
event_id = self._get_eventid()
if event_id is None:
return
- event = self.misp.get(event_id)
+ event = self.misp.get_event(event_id)
if self._has_error_message(event):
return
__sessions__.new(misp_event=MispEvent(event, self.offline_mode))
@@ -83,7 +83,7 @@ def check_hashes(self):
event_id = self._get_eventid()
if event_id is None:
return
- misp_event = self.misp.get(event_id)
+ misp_event = self.misp.get_event(event_id)
if self._has_error_message(misp_event):
return
There are also other issues related to the object
viper > misp check_hashes -p 73155
[!] The command misp raised an exception:
Traceback (most recent call last):
File "/home/adulau/.local/lib/python3.6/site-packages/viper/core/ui/console.py", line 322, in start
module.run()
File "/home/adulau/.viper/modules/misp.py", line 642, in run
self.check_hashes()
File "/home/adulau/.viper/modules/misp_methods/check_hashes.py", line 94, in check_hashes
for o in misp_event.Object:
AttributeError: 'dict' object has no attribute 'Object'
viper > quit
@Rafiot could you have a look? Thanks a lot.
Double requirement in requirements.txt
During a recent install, python warned about a double requirement, notably the bitstring==3.1.6 and bitstring==3.1.7 in the requirements.txt file.
Do the modules require both of these versions specifically, or can the requirements.txt file be modified to only require one of the versions?
Unable to install using requirements.txt
I'm trying to install all the dependencies by running pip3 install -r requirements.txt on the requirements.txt file in the repositories. For the lines specifying a git repo I'm getting the error
Collecting verify-sigs@ git+https://github.com/sebdraven/verify-sigs.git#egg=verify-sigs (from -r /tmp/requirements.txt (line 80)) Exception: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/basecommand.py", line 215, in main status = self.run(options, args) File "/usr/lib/python3/dist-packages/pip/commands/install.py", line 353, in run wb.build(autobuilding=True) File "/usr/lib/python3/dist-packages/pip/wheel.py", line 749, in build self.requirement_set.prepare_files(self.finder) File "/usr/lib/python3/dist-packages/pip/req/req_set.py", line 380, in prepare_files ignore_dependencies=self.ignore_dependencies)) File "/usr/lib/python3/dist-packages/pip/req/req_set.py", line 554, in _prepare_file require_hashes File "/usr/lib/python3/dist-packages/pip/req/req_install.py", line 278, in populate_link self.link = finder.find_requirement(self, upgrade) File "/usr/lib/python3/dist-packages/pip/index.py", line 465, in find_requirement all_candidates = self.find_all_candidates(req.name) File "/usr/lib/python3/dist-packages/pip/index.py", line 423, in find_all_candidates for page in self._get_pages(url_locations, project_name): File "/usr/lib/python3/dist-packages/pip/index.py", line 568, in _get_pages page = self._get_page(location) File "/usr/lib/python3/dist-packages/pip/index.py", line 683, in _get_page return HTMLPage.get_page(link, session=self.session) File "/usr/lib/python3/dist-packages/pip/index.py", line 795, in get_page resp.raise_for_status() File "/usr/share/python-wheels/requests-2.18.4-py2.py3-none-any.whl/requests/models.py", line 935, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 404 Client Error: Not Found for url: https://pypi.org/simple/verify-sigs/
If I change the line to remove the @ section before the git repo it seems to work
error using misp pull
Line 467 in d21d555
misp pull doesn't work without:
diff --git a/misp.py b/misp.py
index 02b26cd..18c0adc 100644
--- a/misp.py
+++ b/misp.py
@@ -504,7 +504,7 @@ class MISP(Module):
return
open_session = len(self.args.event) == 1
for e in self.args.event:
- event = self.misp.get(e)
+ event = self.misp.get_event(e)
if not self._has_error_message(event):
self._search_local_hashes(event, open_session)
self._dump()
[misp] some exceptions
@Rafiot for your info
viper [MISP 73155] > misp check_hashes -p 69109
WARNING [api.py:128 - __init__() ] The version of PyMISP recommended by the MISP instance (2.4.130) is newer than the one you're using now (2.4.128). Please upgrade PyMISP.
[!] aa5e8e21c79b0b4a02726233b9f5eb4994c87ad3: The requested resource is not among the finished, queued or pending scans
[!] dbea8daf48cc54c7cfb0dcc689d4c9549d3dd23f: The requested resource is not among the finished, queued or pending scans
[!] 20ff1a290a53b39c4e54a670e8c27852be8bcff4: The requested resource is not among the finished, queued or pending scans
[!] 3b923fa1e5dcb4f65daa138beceb123d7c431d1b: The requested resource is not among the finished, queued or pending scans
[!] The command misp raised an exception:
Traceback (most recent call last):
File "/home/adulau/.local/lib/python3.6/site-packages/viper/core/ui/console.py", line 322, in start
module.run()
File "/home/adulau/.viper/modules/misp.py", line 642, in run
self.check_hashes()
File "/home/adulau/.viper/modules/misp_methods/check_hashes.py", line 178, in check_hashes
vt_object = self._make_VT_object(to_expand, original_attribute)
File "/home/adulau/.viper/modules/misp_methods/check_hashes.py", line 67, in _make_VT_object
default_attributes_parameters=default_attributes_parameters)
File "/home/adulau/.local/lib/python3.6/site-packages/pymisp/tools/vtreportobject.py", line 35, in __init__
self._report = self.__query_virustotal(apikey, indicator)
File "/home/adulau/.local/lib/python3.6/site-packages/pymisp/tools/vtreportobject.py", line 82, in __query_virustotal
report_json = report.json()
File "/home/adulau/.local/lib/python3.6/site-packages/requests/models.py", line 898, in json
return complexjson.loads(self.text, **kwargs)
File "/usr/lib/python3/dist-packages/simplejson/__init__.py", line 518, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 370, in decode
obj, end = self.raw_decode(s)
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 400, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
calculate_pehash throws exception for PE+ file format
According to the current implementation of calculate_pehash, "pad to 16 bits"
viper-modules/pehash/pehasher.py
Lines 25 to 28 in d21d555
exe.FILE_HEADER.Characteristics is 0x22 (e.g., PE+ EXE), upper 8bits data cannot be accessed, so "ValueError: Bitstrings must have the same length for ^ operator." exception is thrown as follows
#pad to 16 bits
img_chars = bitstring.BitArray(bytes=img_chars.tobytes())
--> img_chars_xor = img_chars[0:8] ^ img_chars[8:16]
/usr/local/lib/python3.5/dist-packages/bitstring-3.1.5-py3.5.egg/bitstring.py in __xor__(self, bs)
1128 bs = Bits(bs)
1129 if self.len != bs.len:
-> 1130 raise ValueError("Bitstrings must have the same length "
1131 "for ^ operator.")
1132 s = self._copy()
ValueError: Bitstrings must have the same length for ^ operator.
I think these lines should be fixed as follows.
#image characteristics
img_chars = bitstring.BitArray(hex(exe.FILE_HEADER.Characteristics))
#pad to 16 bits
# img_chars = bitstring.BitArray(bytes=img_chars.tobytes()) # <- this line do not do 16bits padding
img_chars = img_chars.bin.zfill(16) # <- correct 16bits padding
img_chars_xor = img_chars[0:8] ^ img_chars[8:16]Is this an intended behavior of calculate_pehash function?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.