viper-framework / viper-web Goto Github PK
View Code? Open in Web Editor NEWLicense: BSD 3-Clause "New" or "Revised" License
License: BSD 3-Clause "New" or "Revised" License
Having a devil of a time figuring out how to run a module against a sample.
I am using the v3 api and can see the Modules listed in API , but I can't seem to find the ability to actually run them against a sample. Can someone give me a hint?
The "interactive API" is implemented in rest_framework_swagger
which unfortunately is no longer maintained: marcgibbons/django-rest-swagger#815 (comment).
An alternative seems to be: https://github.com/axnsan12/drf-yasg
Hi,
Been using Viper-web for some time now and I love it! I plan to move my current database to a new server. However, is there a method I can use to backup my current database (notes, samples, users, tags etc...) or would I need to add everything manually?
OS: Ubuntu Server 18.04.4 LTS
Thank you!
This is likely due to the project re-alignment mentioned viper-framework/viper#767, but what is the process to install viper-web?
I followed the install instructions for core viper (using pip3 install) and then did a git clone of the viper-web repository into the $HOME/.viper directory. After installing the requirements, when attempting to run viper-web I receive "No module named viper.web" from django.setup().
I suspect it may be due to the location I'm trying to run viper web from?
On a fresh build with both Viper Framework and Viper Web running, I can't seem to access the API docs through the UI. When navigating to /v3/api/docs I get 500 Internal Server Error. Below is the error being thrown up by the API:
`The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/user/.local/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/home/user/.local/lib/python3.6/site-packages/django/core/handlers/base.py", line 145, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/home/user/.local/lib/python3.6/site-packages/django/core/handlers/base.py", line 143, in _get_response
response = response.render()
File "/home/user/.local/lib/python3.6/site-packages/django/template/response.py", line 106, in render
self.content = self.rendered_content
File "/home/user/.local/lib/python3.6/site-packages/rest_framework/response.py", line 70, in rendered_content
ret = renderer.render(self.data, accepted_media_type, context)
File "/home/user/.local/lib/python3.6/site-packages/rest_framework_swagger/renderers.py", line 58, in render
renderer_context
File "/home/user/.local/lib/python3.6/site-packages/django/shortcuts.py", line 36, in render
content = loader.render_to_string(template_name, context, request, using=using)
File "/home/user/.local/lib/python3.6/site-packages/django/template/loader.py", line 62, in render_to_string
return template.render(context, request)
File "/home/user/.local/lib/python3.6/site-packages/django/template/backends/django.py", line 63, in render
reraise(exc, self.backend)
File "/home/user/.local/lib/python3.6/site-packages/django/template/backends/django.py", line 84, in reraise
raise new from exc
django.template.exceptions.TemplateDoesNotExist: rest_framework_swagger/base.html`
Any ideas?
First we install the dependencies
sudo apt install git build-essential python3 python3-dev python3-pip exiftool clamav-daemon tor libdpkg-perl libssl-dev swig libffi-dev ssdeep libfuzzy-dev unrar p7zip-full virtualenv gcc
We create and activate an environment
virtualenv --python=python3 ~/venv/viper
. ~/venv/viper/bin/activate
Clone and install viper
git clone https://github.com/viper-framework/viper
cd viper
pip install .
Open viper and update modules
viper
update-modules
Clone viper-web in .viper
cd ~/.viper
git clone https://github.com/viper-framework/viper-web.git
cd viper-web
pip install -r requirements.txt
We get an error when running viper-web
./viper-web
Change code in itypes.py
nano ~/venv/viper/lib/python3.10/site-packages/itypes.py
In line 2 we put this
from collections.abc import Mapping, Sequence
And finally we run it
./viper-web
We can change the launch options in
nano ~/.viper/viper.conf
And go to [web]
Based on the tutorial of f0wL's Blog
I am using Cuckoo Version 2.0.7 and I am getting an error of Unable to Submit File
with a 401 Unauthorized error code when submitting to Cuckoo from Viper Web. Newer versions of Cuckoo requires an API token in the header to access the API according to the Cuckoo Docs https://cuckoo.readthedocs.io/en/latest/usage/api/#starting-the-api-server
To fix this, I had to replace this line (line 711) in views.py:
cuckoo_response = requests.post(uri, files=options)
with this
if cfg.cuckoo.cuckoo_modified:
cuckoo_response = requests.post(uri, files=options)
else:
auth_headers = {'Authorization': "Bearer {0}".format(cfg.cuckoo.auth_token)}
cuckoo_response = requests.post(uri, headers=auth_headers, files=options)
Then I had to add an auth_token line to the cuckoo section of viper.conf
[cuckoo]
cuckoo_modified = False
cuckoo_host = http://localhost:8090
cuckoo_web = http://localhost:8000
auth_token = <Cuckoo API Key goes Here>
How to reproduce:
example payload:
$ cat this_is_a_test
this
<h1>is a</h1>
test
<strong>payload</strong>
<script>alert('this is a test');</script>
upload the this_is_a_test
sample to the Viper instance, go to the modules tab and run the All Strings
module...
You'll get an alert and formatted HTML in the display.
Why it's bad:
This could allow malicious code embedded in malware samples to achieve execution in an analysts browser session...
How to fix it:
It should be using innerText
over innerHTML
when injecting the content into the page, as this will have it bypass HTML processing attempts. An alternative fix would be running all output returned from modules through an HTML special characters encoding process before injecting the content into the page.
Either case should fix the problem.
Did someone else faced issues with running Viper modules in parallel, in different windows?
Here is an example:
__sessions__.close()
is called, which sets self.current = None
views.py(#261)xored = xordata(__sessions__.current.file.data, key)
- which will fail, as sessions.current was destroyed one step ago.I don't know if this is an expected behavior, or that the VIPER framework should not be used for parallel processing - so, if someone else faces this issue, feel free to join the party. Here is the fix that worked for me, in order to delay the 2nd, 3rd, etc processing and process them sequential:
views.py:
def module_cmdline(project=None, cmd_line=None, file_hash=None):
wait_counts = 0
while __sessions__.is_set():
time.sleep(3)
wait_counts+=1
print('Waiting for the session to become available')
if wait_counts >= 60:
return '<p class="text-danger">Was not able to acquire an available session. Please retry or restart the web server</p>'
html = ""
cmd = Commands()
split_commands = cmd_line.split(';')
.......
Hello viper-team,
could you please help with this issue raised right after a fresh install?
After login to viper, a 500-Error apears and wont let me do any further action.
Nevertheless, the login to the admin works fine...
Thanks a lot for the help and more thanks for giving us such a great tool .... :-)
Cheers
Marcus
_2020-10-03 13:37:16 - django.request - ERROR - log.py:228 - Internal Server Error: /
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/django/template/defaulttags.py", line 1021, in find_library
return parser.libraries[name]
KeyError: 'staticfiles'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.6/dist-packages/django/core/handlers/base.py", line 113, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.6/dist-packages/django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/django/contrib/auth/mixins.py", line 52, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/django/views/generic/base.py", line 97, in dispatch
return handler(request, *args, **kwargs)
File "/opt/viper/viper/web/viperweb/views.py", line 310, in get
'projects': get_project_list()})
File "/usr/local/lib/python3.6/dist-packages/django/shortcuts.py", line 19, in render
content = loader.render_to_string(template_name, context, request, using=using)
File "/usr/local/lib/python3.6/dist-packages/django/template/loader.py", line 61, in render_to_string
template = get_template(template_name, using=using)
File "/usr/local/lib/python3.6/dist-packages/django/template/loader.py", line 15, in get_template
return engine.get_template(template_name)
File "/usr/local/lib/python3.6/dist-packages/django/template/backends/django.py", line 34, in get_template
return Template(self.engine.get_template(template_name), self)
File "/usr/local/lib/python3.6/dist-packages/django/template/engine.py", line 143, in get_template
template, origin = self.find_template(template_name)
File "/usr/local/lib/python3.6/dist-packages/django/template/engine.py", line 125, in find_template
template = loader.get_template(name, skip=skip)
File "/usr/local/lib/python3.6/dist-packages/django/template/loaders/cached.py", line 53, in get_template
template = super().get_template(template_name, skip)
File "/usr/local/lib/python3.6/dist-packages/django/template/loaders/base.py", line 30, in get_template
contents, origin, origin.template_name, self.engine,
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 156, in init
self.nodelist = self.compile_nodelist()
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 194, in compile_nodelist
return parser.parse()
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 477, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 475, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.6/dist-packages/django/template/loader_tags.py", line 266, in do_extends
nodelist = parser.parse()
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 477, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 475, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.6/dist-packages/django/template/loader_tags.py", line 209, in do_block
nodelist = parser.parse(('endblock',))
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 477, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.6/dist-packages/django/template/base.py", line 475, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.6/dist-packages/django/template/defaulttags.py", line 1072, in load
lib = find_library(parser, name)
File "/usr/local/lib/python3.6/dist-packages/django/template/defaulttags.py", line 1025, in find_library
name, "\n".join(sorted(parser.libraries)),
django.template.exceptions.TemplateSyntaxError: 'staticfiles' is not a registered tag library. Must be one of:
admin_list
admin_modify
admin_urls
bootstrap
cache
debugger_tags
highlighting
i18n
indent_text
l10n
log
rest_framework
static
syntax_color
truncate_letters
tz
viper_template_tags
widont
2020-10-03 13:37:16 - django.server - ERROR - basehttp.py:157 - "GET / HTTP/1.1" 500 5411
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.