├── .github
└── ISSUE_TEMPLATE
│ ├── bug_report.md
│ └── feature_request.md
├── .gitignore
├── .python-version
├── LICENSE
├── PULL_REQUEST_TEMPLATE.md
├── README.md
├── docker-compose.yml
├── flower
├── Dockerfile
└── README.md
├── handler
├── Dockerfile
├── celeryconfig.py
├── requirements.txt
├── rules.sh
└── tasks.py
├── pit
├── Dockerfile
├── app.py
└── requirements.txt
├── ragpicker
├── Dockerfile
├── README.md
├── config
│ ├── crawler.conf
│ ├── preProcessing.conf
│ ├── processing.conf
│ └── reporting.conf
├── core
│ ├── __init__.py
│ ├── abstracts.py
│ ├── commonutils.py
│ ├── config.py
│ ├── constants.py
│ ├── database.py
│ ├── databaseMysql.py
│ ├── objfile.py
│ ├── statistics.py
│ ├── viperHandler.py
│ ├── vxCageHandler.py
│ └── worker.py
├── crawler
│ ├── __init__.py
│ ├── cleanmx.py
│ ├── cleanmx.yapsy-plugin
│ ├── joxeankoret.py
│ ├── joxeankoret.yapsy-plugin
│ ├── malShare.py
│ ├── malShare.yapsy-plugin
│ ├── malc0de.py
│ ├── malc0de.yapsy-plugin
│ ├── malwarebl.py
│ ├── malwarebl.yapsy-plugin
│ ├── malwaredl.py
│ ├── malwaredl.yapsy-plugin
│ ├── secuboxlabs.py
│ ├── secuboxlabs.yapsy-plugin
│ ├── spyeyetracker.py
│ ├── spyeyetracker.yapsy-plugin
│ ├── urlquery.py
│ ├── urlquery.yapsy-plugin
│ ├── vxvault.py
│ ├── vxvault.yapsy-plugin
│ ├── zeustracker.py
│ └── zeustracker.yapsy-plugin
├── data
│ ├── clamav_dummy.hdb
│ ├── html
│ │ ├── base-report.html
│ │ ├── htmlSections
│ │ │ ├── antivirus.html
│ │ │ ├── family.html
│ │ │ ├── file_information.html
│ │ │ ├── network_analysis.html
│ │ │ ├── office.html
│ │ │ ├── other.html
│ │ │ ├── own_location.html
│ │ │ ├── pdf.html
│ │ │ ├── pe.html
│ │ │ ├── rtf.html
│ │ │ ├── source_information.html
│ │ │ ├── subfile.html
│ │ │ └── yara.html
│ │ └── report.html
│ ├── index_result.yar
│ ├── index_sample.yar
│ ├── peiddb.txt
│ └── yara_signatures
│ │ ├── result_apihttp.yar
│ │ ├── result_blackListLanguages.yar
│ │ ├── sample_blackListFunctions.yar
│ │ ├── sample_blackliststrings.yar
│ │ ├── sample_capabilities.yar
│ │ ├── sample_embedded.yar
│ │ ├── sample_kins.yar
│ │ ├── sample_maldoc.yara
│ │ ├── sample_njRAT.yar
│ │ └── sample_vmdetect.yar
├── dumpdir
│ ├── files
│ │ └── empty.txt
│ └── reports
│ │ └── empty.txt
├── manager.py
├── preProcessing
│ ├── 01_unpack_archive.py
│ ├── 01_unpack_archive.yapsy-plugin
│ ├── 02_unpacker_clamav.py
│ ├── 02_unpacker_clamav.yapsy-plugin
│ ├── 03_extract_rsrc.py
│ ├── 03_extract_rsrc.yapsy-plugin
│ ├── 04_extract_office.py
│ ├── 04_extract_office.yapsy-plugin
│ ├── 05_pe_carve.py
│ ├── 05_pe_carve.yapsy-plugin
│ └── __init__.py
├── processing
│ ├── __init__.py
│ ├── all_bluecoatMalwareAnalysisAppliance.py
│ ├── all_bluecoatMalwareAnalysisAppliance.yapsy-plugin
│ ├── all_cuckooSandbox.py
│ ├── all_cuckooSandbox.yapsy-plugin
│ ├── all_info.py
│ ├── all_info.yapsy-plugin
│ ├── all_subFile.py
│ ├── all_subFile.yapsy-plugin
│ ├── all_virustotal.py
│ ├── all_virustotal.yapsy-plugin
│ ├── all_yara.py
│ ├── all_yara.yapsy-plugin
│ ├── antivirus_avast.py
│ ├── antivirus_avast.yapsy-plugin
│ ├── antivirus_avg.py
│ ├── antivirus_avg.yapsy-plugin
│ ├── antivirus_avira.py
│ ├── antivirus_avira.yapsy-plugin
│ ├── antivirus_bitDefender.py
│ ├── antivirus_bitDefender.yapsy-plugin
│ ├── antivirus_clamav.py
│ ├── antivirus_clamav.yapsy-plugin
│ ├── antivirus_comodo.py
│ ├── antivirus_comodo.yapsy-plugin
│ ├── antivirus_eset.py
│ ├── antivirus_eset.yapsy-plugin
│ ├── antivirus_fprot.py
│ ├── antivirus_fprot.yapsy-plugin
│ ├── antivirus_fsecure.py
│ ├── antivirus_fsecure.yapsy-plugin
│ ├── antivirus_teamcymru.py
│ ├── antivirus_teamcymru.yapsy-plugin
│ ├── net_getOwnLocation.py
│ ├── net_getOwnLocation.yapsy-plugin
│ ├── net_inetSourceAnalysis.py
│ ├── net_inetSourceAnalysis.yapsy-plugin
│ ├── ole_officescan.py
│ ├── ole_officescan.yapsy-plugin
│ ├── pdf_pdfid.py
│ ├── pdf_pdfid.yapsy-plugin
│ ├── pe_pefile.py
│ ├── pe_pefile.yapsy-plugin
│ ├── pe_peid.py
│ ├── pe_peid.yapsy-plugin
│ ├── pe_verifySigs.py
│ ├── rtf_rtfscan.py
│ └── rtf_rtfscan.yapsy-plugin
├── ragpicker.py
├── reporting
│ ├── __init__.py
│ ├── codeDB.py
│ ├── codeDB.yapsy-plugin
│ ├── codeDBold.py
│ ├── filedump.py
│ ├── filedump.yapsy-plugin
│ ├── hpfriends.py
│ ├── hpfriends.yapsy-plugin
│ ├── jsondump.py
│ ├── jsondump.yapsy-plugin
│ ├── mongodb.py
│ ├── mongodb.yapsy-plugin
│ ├── mysql.py
│ ├── mysql.yapsy-plugin
│ ├── reporthtml.py
│ ├── reporthtml.yapsy-plugin
│ ├── reportxml.py
│ ├── reportxml.yapsy-plugin
│ ├── viper.py
│ └── viper.yapsy-plugin
├── requirements.txt
├── statistics.py
├── tools
│ ├── __init__.py
│ ├── vtTool.py
│ └── vtToolTest.txt
└── utils
│ ├── OfficeMalScanner
│ ├── Cadt.dll
│ ├── DisView.exe
│ ├── LZNT1Decompress.dll
│ ├── MalHost-Setup.exe
│ ├── OfficeMalScanner.exe
│ ├── RTFScan.exe
│ └── Unzipper.dll
│ ├── __init__.py
│ ├── codeDBobjects.py
│ ├── dict2xml.py
│ ├── exiftool.py
│ ├── hpfeeds.py
│ ├── logo.py
│ ├── magic.py
│ ├── multiPartForm.py
│ ├── oletools
│ ├── LICENSE.txt
│ ├── __init__.py
│ ├── ezhexviewer.py
│ ├── olebrowse.py
│ ├── oleid.py
│ ├── olemeta.py
│ ├── oletimes.py
│ ├── olevba.py
│ ├── pyxswf.py
│ ├── rtfobj.py
│ └── thirdparty
│ │ ├── OleFileIO_PL
│ │ ├── LICENSE.txt
│ │ ├── OleFileIO_PL.py
│ │ ├── README.txt
│ │ └── __init__.py
│ │ ├── __init__.py
│ │ ├── easygui
│ │ ├── LICENSE.txt
│ │ ├── __init__.py
│ │ └── easygui.py
│ │ ├── olefile
│ │ ├── CONTRIBUTORS.txt
│ │ ├── LICENSE.txt
│ │ ├── README.html
│ │ ├── README.rst
│ │ ├── __init__.py
│ │ ├── doc
│ │ │ ├── API.html
│ │ │ ├── API.md
│ │ │ ├── Contribute.html
│ │ │ ├── Contribute.md
│ │ │ ├── Home.html
│ │ │ ├── Home.md
│ │ │ ├── Install.html
│ │ │ ├── Install.md
│ │ │ ├── License.html
│ │ │ ├── License.md
│ │ │ ├── OLE_Overview.html
│ │ │ ├── OLE_Overview.md
│ │ │ └── OLE_VBA_sample.png
│ │ ├── olefile.html
│ │ ├── olefile.py
│ │ ├── olefile2.html
│ │ └── olefile2.py
│ │ ├── prettytable
│ │ ├── CHANGELOG
│ │ ├── COPYING
│ │ ├── README
│ │ ├── __init__.py
│ │ └── prettytable.py
│ │ ├── xglob
│ │ ├── LICENSE.txt
│ │ ├── __init__.py
│ │ └── xglob.py
│ │ └── xxxswf
│ │ ├── LICENSE.txt
│ │ ├── __init__.py
│ │ └── xxxswf.py
│ ├── ordlookup
│ ├── __init__.py
│ ├── oleaut32.py
│ └── ws2_32.py
│ ├── pdf-parser.py
│ ├── pdfid.py
│ ├── pefile.py
│ ├── peutils.py
│ ├── pyasn1
│ ├── __init__.py
│ ├── codec
│ │ ├── __init__.py
│ │ ├── ber
│ │ │ ├── __init__.py
│ │ │ ├── decoder.py
│ │ │ ├── encoder.py
│ │ │ └── eoo.py
│ │ ├── cer
│ │ │ ├── __init__.py
│ │ │ ├── decoder.py
│ │ │ └── encoder.py
│ │ └── der
│ │ │ ├── __init__.py
│ │ │ ├── decoder.py
│ │ │ └── encoder.py
│ ├── compat
│ │ ├── __init__.py
│ │ └── octets.py
│ ├── debug.py
│ ├── dn.py
│ ├── error.py
│ ├── oids.py
│ ├── pkcs7.py
│ ├── spc.py
│ ├── time_test.py
│ ├── type
│ │ ├── __init__.py
│ │ ├── base.py
│ │ ├── char.py
│ │ ├── constraint.py
│ │ ├── error.py
│ │ ├── namedtype.py
│ │ ├── namedval.py
│ │ ├── tag.py
│ │ ├── tagmap.py
│ │ ├── univ.py
│ │ └── useful.py
│ ├── x509.py
│ └── x509_time.py
│ ├── rarfile.py
│ ├── socks.py
│ └── verifySigs
│ ├── __init__.py
│ ├── auth_data.py
│ ├── fingerprint.py
│ ├── pecoff_blob.py
│ └── sigcheck.exe
├── redis
├── Dockerfile
└── docker-healthcheck
├── requirements.txt
├── snake
├── CuckooAPI
│ └── __init__.py
├── Dockerfile
├── celeryconfig.py
├── requirements.txt
└── tasks.py
└── viper
├── .gitignore
├── .travis.yml
├── CHANGELOG
├── CONTRIBUTING.md
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── data
├── peid
│ └── UserDB.TXT
├── web
│ ├── cli.tpl
│ ├── error.tpl
│ ├── file.tpl
│ ├── footer.tpl
│ ├── header.tpl
│ ├── index.tpl
│ ├── search.tpl
│ ├── sections
│ │ ├── about.tpl
│ │ ├── hex.tpl
│ │ ├── modules.tpl
│ │ ├── notes.tpl
│ │ └── static.tpl
│ ├── static
│ │ ├── css
│ │ │ ├── bootstrap.css
│ │ │ └── style.css
│ │ ├── fonts
│ │ │ ├── glyphicons-halflings-regular.eot
│ │ │ ├── glyphicons-halflings-regular.svg
│ │ │ ├── glyphicons-halflings-regular.ttf
│ │ │ └── glyphicons-halflings-regular.woff
│ │ ├── images
│ │ │ ├── favicon.ico
│ │ │ ├── icon-generic.gif
│ │ │ ├── icon-image.gif
│ │ │ ├── icon-media.gif
│ │ │ ├── icon-zip.gif
│ │ │ └── viper.png
│ │ └── js
│ │ │ ├── ajax_submit.js
│ │ │ ├── bootstrap-filestyle.min.js
│ │ │ ├── bootstrap.js
│ │ │ ├── dropdown.js
│ │ │ ├── jquery-2.1.3.min.js
│ │ │ ├── pagination.js
│ │ │ └── spin.min.js
│ └── yara.tpl
└── yara
│ ├── APT_NGO_wuaclt_PDF.yara
│ ├── Antidebug_AntiVM
│ └── antidebug_antivm.yar
│ ├── Antidebug_AntiVM_index.yar
│ ├── CVE_Rules
│ ├── CVE-2010-0805.yar
│ ├── CVE-2010-0887.yar
│ ├── CVE-2010-1297.yar
│ ├── CVE-2012-0158.yar
│ ├── CVE-2013-0074.yar
│ ├── CVE-2013-0422.yar
│ ├── CVE-2015-1701.yar
│ ├── CVE-2015-2426.yar
│ ├── CVE-2015-2545.yar
│ ├── CVE-2015-5119.yar
│ └── CVE-2016-5195.yar
│ ├── CVE_Rules_index.yar
│ ├── Crypto
│ ├── base64.yar
│ └── crypto_signatures.yar
│ ├── Crypto_index.yar
│ ├── Exploit-Kits
│ ├── EK_Angler.yar
│ ├── EK_Blackhole.yar
│ ├── EK_BleedingLife.yar
│ ├── EK_Crimepack.yar
│ ├── EK_Eleonore.yar
│ ├── EK_Fragus.yar
│ ├── EK_Phoenix.yar
│ ├── EK_Sakura.yar
│ ├── EK_ZeroAcces.yar
│ ├── EK_Zerox88.yar
│ └── EK_Zeus.yar
│ ├── Exploit-Kits_index.yar
│ ├── GeorBotBinary.yara
│ ├── GeorBotMemory.yara
│ ├── LICENSE
│ ├── Malicious_Documents
│ ├── Maldoc_APT_OLE_JSRat.yar
│ ├── Maldoc_CVE-2017-0199.yar
│ ├── Maldoc_Contains_VBE_File.yar
│ ├── Maldoc_Dridex.yar
│ ├── Maldoc_Hidden_PE_file.yar
│ ├── Maldoc_MIME_ActiveMime_b64.yar
│ ├── Maldoc_PDF.yar
│ ├── Maldoc_UserForm.yar
│ ├── Maldoc_VBA_macro_code.yar
│ ├── Maldoc_hancitor_dropper
│ └── maldoc_somerules.yar
│ ├── Malicious_Documents_index.yar
│ ├── Mobile_Malware
│ ├── Android_ASSDdeveloper.yar
│ ├── Android_AVITOMMS.yar
│ ├── Android_AliPay_smsStealer.yar
│ ├── Android_Amtrckr_20160519.yar
│ ├── Android_Backdoor.yar
│ ├── Android_Backdoor_script.yar
│ ├── Android_BadMirror.yar
│ ├── Android_BatteryBot_ClickFraud.yar
│ ├── Android_Clicker_G.yar
│ ├── Android_Copy9.yar
│ ├── Android_DeathRing.yar
│ ├── Android_Dectus_rswm.yar
│ ├── Android_Dendroid_RAT.yar
│ ├── Android_Dogspectus.yar
│ ├── Android_FakeApps.yar
│ ├── Android_FakeBank_Fanta.yar
│ ├── Android_Godless.yar
│ ├── Android_HackintTeam_Implant.yar
│ ├── Android_Libyan_Scorpions.yar
│ ├── Android_MalwareCertificates.yar
│ ├── Android_Malware_Ramsonware.yar
│ ├── Android_Malware_Tinhvan.yar
│ ├── Android_Malware_Towelroot.yar
│ ├── Android_Marcher_2.yar
│ ├── Android_MazarBot_z.yar
│ ├── Android_Metasploit.yar
│ ├── Android_OmniRat.yar
│ ├── Android_Overlayer.yar
│ ├── Android_Pink_Locker.yar
│ ├── Android_RuMMS.yar
│ ├── Android_SMSFraud.yar
│ ├── Android_SandroRat.yar
│ ├── Android_SlemBunk.yar
│ ├── Android_SpyAgent.yar
│ ├── Android_SpyNote.yar
│ ├── Android_Spynet.yar
│ ├── Android_Spywaller.yar
│ ├── Android_Switcher.yar
│ ├── Android_Tachi.yar
│ ├── Android_Tordow.yar
│ ├── Android_Triada_Banking.yar
│ ├── Android_VikingOrder.yar
│ ├── Android_VirusPolicia.yar
│ ├── Android_adware.yar
│ ├── Android_fake_mario_app
│ ├── Android_generic_adware.yar
│ ├── Android_generic_smsfraud.yar
│ ├── Android_malware_Advertising.yar
│ ├── Android_malware_ChinesePorn.yar
│ ├── Android_malware_Dropper.yar
│ ├── Android_malware_Fake_MosKow.yar
│ ├── Android_malware_HackingTeam.yar
│ ├── Android_malware_SMSsender.yar
│ ├── Android_malware_banker.yar
│ ├── Android_malware_xbot007.yar
│ ├── Android_mapin.yar
│ ├── Android_pornClicker.yar
│ └── Android_sk_bankTr.yar
│ ├── Mobile_Malware_index.yar
│ ├── Packers
│ ├── JJencode.yar
│ ├── Javascript_exploit_and_obfuscation.yar
│ ├── packer.yar
│ ├── packer_compiler_signatures.yar
│ └── peid.yar
│ ├── Packers_index.yar
│ ├── README.md
│ ├── Webshells
│ ├── WShell_APT_Laudanum.yar
│ ├── WShell_PHP_Anuna.yar
│ ├── WShell_PHP_in_images.yar
│ ├── WShell_THOR_Webshells.yar
│ ├── Wshell_ChineseSpam.yar
│ └── Wshell_fire2013.yar
│ ├── Webshells_index.yar
│ ├── apt1.yara
│ ├── citizenlab.yara
│ ├── email
│ ├── EMAIL_Cryptowall.yar
│ ├── attachment.yar
│ ├── bank_rule.yar
│ ├── email_Ukraine_BE_powerattack.yar
│ ├── eml
│ │ ├── davivienda.eml
│ │ ├── transferencia1.eml
│ │ └── transferencia2.eml
│ ├── image.yar
│ ├── scam.yar
│ └── urls.yar
│ ├── email_index.yar
│ ├── embedded.yara
│ ├── fpu.yara
│ ├── hangover.yara
│ ├── index.yar
│ ├── index_gen.sh
│ ├── index_w_mobile.yar
│ ├── kins.yara
│ ├── leverage.yar
│ ├── malware
│ ├── APT_APT1.yar
│ ├── APT_APT17.yar
│ ├── APT_APT29_Grizzly_Steppe.yar
│ ├── APT_APT3102.yar
│ ├── APT_APT9002.yar
│ ├── APT_Backspace.yar
│ ├── APT_Bestia.yar
│ ├── APT_Blackenergy.yar
│ ├── APT_Bluetermite_Emdivi.yar
│ ├── APT_C16.yar
│ ├── APT_Carbanak.yar
│ ├── APT_Careto.yar
│ ├── APT_Casper.yar
│ ├── APT_CheshireCat.yar
│ ├── APT_Cloudduke.yar
│ ├── APT_Codoso.yar
│ ├── APT_DeepPanda_Anthem.yar
│ ├── APT_DeputyDog.yar
│ ├── APT_Derusbi.yar
│ ├── APT_Dubnium.yar
│ ├── APT_Duqu2.yar
│ ├── APT_EQUATIONGRP.yar
│ ├── APT_Emissary.yar
│ ├── APT_Equation.yar
│ ├── APT_FVEY_ShadowBrokers_Jan17_Screen_Strings.yar
│ ├── APT_FiveEyes.yar
│ ├── APT_Grasshopper.yar
│ ├── APT_Greenbug.yar
│ ├── APT_Grizzlybear_uscert.yar
│ ├── APT_HackingTeam.yar
│ ├── APT_Hellsing.yar
│ ├── APT_Hikit.yar
│ ├── APT_Irontiger.yar
│ ├── APT_Kaba.yar
│ ├── APT_Ke3Chang_TidePool.yar
│ ├── APT_KeyBoy.yar
│ ├── APT_LotusBlossom.yar
│ ├── APT_Minidionis.yar
│ ├── APT_Mirage.yar
│ ├── APT_Molerats.yar
│ ├── APT_Mongall.yar
│ ├── APT_MoonlightMaze
│ ├── APT_NGO.yar
│ ├── APT_OPCleaver.yar
│ ├── APT_Oilrig.yar
│ ├── APT_OpClandestineWolf.yar
│ ├── APT_OpDustStorm.yar
│ ├── APT_OpPotao.yar
│ ├── APT_PCclient.yar
│ ├── APT_Passcv.yar
│ ├── APT_Pipcreat.yar
│ ├── APT_Platinum.yar
│ ├── APT_Poseidon_Group.yar
│ ├── APT_Prikormka.yar
│ ├── APT_PutterPanda.yar
│ ├── APT_RedLeaves
│ ├── APT_Regin.yar
│ ├── APT_Sauron
│ ├── APT_Sauron_extras
│ ├── APT_Scarab_Scieron.yar
│ ├── APT_Seaduke.yar
│ ├── APT_Shamoon_StoneDrill.yar
│ ├── APT_Snowglobe_Babar.yar
│ ├── APT_Sofacy_Bundestag.yar
│ ├── APT_Sofacy_Fysbis.yar
│ ├── APT_Sofacy_Jun16.yar
│ ├── APT_Sphinx_Moth.yar
│ ├── APT_Stuxnet.yar
│ ├── APT_Terracota.yar
│ ├── APT_ThreatGroup3390.yar
│ ├── APT_Turla_RUAG.yar
│ ├── APT_UP007_SLServer.yar
│ ├── APT_Unit78020.yar
│ ├── APT_Waterbug.yar
│ ├── APT_WildNeutron.yar
│ ├── APT_Windigo_Onimiki.yar
│ ├── APT_Winnti.yar
│ ├── APT_WoolenGoldfish.yar
│ ├── APT_eqgrp_apr17.yar
│ ├── APT_fancybear_dnc.yar
│ ├── APT_furtim.yar
│ ├── EXPERIMENTAL_Beef.yar
│ ├── GEN_PowerShell.yar
│ ├── MALW_AdGholas.yar
│ ├── MALW_Alina.yar
│ ├── MALW_Andromeda.yar
│ ├── MALW_Athena.yar
│ ├── MALW_Atmos.yar
│ ├── MALW_BackdoorSSH.yar
│ ├── MALW_Backoff.yar
│ ├── MALW_Bangat.yar
│ ├── MALW_Batel.yar
│ ├── MALW_BlackRev.yar
│ ├── MALW_BlackWorm.yar
│ ├── MALW_Boouset.yar
│ ├── MALW_Bublik.yar
│ ├── MALW_Buzus_Softpulse.yar
│ ├── MALW_CAP_HookExKeylogger.yar
│ ├── MALW_CAP_Win32Inet.yara
│ ├── MALW_Chicken.yar
│ ├── MALW_Citadel.yar
│ ├── MALW_Cloaking.yar
│ ├── MALW_Cookies.yar
│ ├── MALW_Corkow.yar
│ ├── MALW_Cxpid.yar
│ ├── MALW_Cythosia.yar
│ ├── MALW_DDoSTf.yar
│ ├── MALW_Derkziel.yar
│ ├── MALW_Dexter.yar
│ ├── MALW_DiamondFox.yar
│ ├── MALW_DirtJumper.yar
│ ├── MALW_Eicar
│ ├── MALW_Elex.yar
│ ├── MALW_Elknot.yar
│ ├── MALW_Empire.yar
│ ├── MALW_Enfal.yar
│ ├── MALW_Exploit_UAC_Elevators.yar
│ ├── MALW_Ezcob.yar
│ ├── MALW_F0xy.yar
│ ├── MALW_FakeM.yar
│ ├── MALW_Fareit.yar
│ ├── MALW_Favorite.yar
│ ├── MALW_Furtim.yar
│ ├── MALW_Genome.yar
│ ├── MALW_Glasses.yar
│ ├── MALW_Gozi.yar
│ ├── MALW_Grozlex.yar
│ ├── MALW_Hsdfihdf_banking.yar
│ ├── MALW_IMuler.yar
│ ├── MALW_Iexpl0ree.yar
│ ├── MALW_Install11.yar
│ ├── MALW_Intel_Virtualization.yar
│ ├── MALW_Jolob_Backdoor.yar
│ ├── MALW_KINS.yar
│ ├── MALW_Kelihos.yar
│ ├── MALW_Korlia.yar
│ ├── MALW_Korplug.yar
│ ├── MALW_Kovter.yar
│ ├── MALW_Kraken.yar
│ ├── MALW_LURK0.yar
│ ├── MALW_Lateral_Movement.yar
│ ├── MALW_Lenovo_Superfish.yar
│ ├── MALW_LinuxMoose.yar
│ ├── MALW_LostDoor.yar
│ ├── MALW_LuckyCat.yar
│ ├── MALW_MacControl.yar
│ ├── MALW_Madness.yar
│ ├── MALW_Magento_backend.yar
│ ├── MALW_Magento_frontend.yar
│ ├── MALW_Magento_suspicious.yar
│ ├── MALW_Mailers.yar
│ ├── MALW_Miancha.yar
│ ├── MALW_MiniAsp3_mem.yar
│ ├── MALW_Mirai.yar
│ ├── MALW_Miscelanea.yar
│ ├── MALW_Miscelanea_Linux.yar
│ ├── MALW_NSFree.yar
│ ├── MALW_Naikon.yar
│ ├── MALW_Naspyupdate.yar
│ ├── MALW_NetTraveler.yar
│ ├── MALW_NionSpy.yar
│ ├── MALW_Notepad.yar
│ ├── MALW_OSX_Leverage.yar
│ ├── MALW_Odinaff.yar
│ ├── MALW_Olyx.yar
│ ├── MALW_PE_sections.yar
│ ├── MALW_PittyTiger.yar
│ ├── MALW_PolishBankRat
│ ├── MALW_Ponmocup.yar
│ ├── MALW_Pony.yar
│ ├── MALW_PubSab.yar
│ ├── MALW_Pyinstaller.yar
│ ├── MALW_Quarian.yar
│ ├── MALW_Regsubdat.yar
│ ├── MALW_Retefe.yar
│ ├── MALW_Rockloader.yar
│ ├── MALW_Rooter.yar
│ ├── MALW_Rovnix.yar
│ ├── MALW_Safenet.yar
│ ├── MALW_Sakurel.yar
│ ├── MALW_Sayad.yar
│ ├── MALW_Scarhikn.yar
│ ├── MALW_Sendsafe.yar
│ ├── MALW_Shamoon.yar
│ ├── MALW_Shifu.yar
│ ├── MALW_Skeleton.yar
│ ├── MALW_Spora.yar
│ ├── MALW_Sqlite.yar
│ ├── MALW_Stealer.yar
│ ├── MALW_Surtr.yar
│ ├── MALW_T5000.yar
│ ├── MALW_Tedroo.yar
│ ├── MALW_Tinba.yar
│ ├── MALW_Torte_ELF.yar
│ ├── MALW_TreasureHunt.yar
│ ├── MALW_Upatre.yar
│ ├── MALW_Urausy.yar
│ ├── MALW_Vidgrab.yar
│ ├── MALW_Wabot.yar
│ ├── MALW_Warp.yar
│ ├── MALW_Wimmie.yar
│ ├── MALW_XOR_DDos.yar
│ ├── MALW_Yayih.yar
│ ├── MALW_Zegost.yar
│ ├── MALW_Zeus.yar
│ ├── MALW_kirbi_mimikatz
│ ├── MALW_viotto_keylogger.yar
│ ├── MALW_xDedic_marketplace.yar
│ ├── Operation_Blockbuster
│ │ ├── DeltaCharlie.yara
│ │ ├── HotelAlfa.yara
│ │ ├── IndiaAlfa.yara
│ │ ├── IndiaBravo.yara
│ │ ├── IndiaCharlie.yara
│ │ ├── IndiaDelta.yara
│ │ ├── IndiaEcho.yara
│ │ ├── IndiaGolf.yara
│ │ ├── IndiaHotel.yara
│ │ ├── IndiaJuliett.yara
│ │ ├── IndiaWhiskey.yara
│ │ ├── KiloAlfa.yara
│ │ ├── LimaAlfa.yara
│ │ ├── LimaBravo.yara
│ │ ├── LimaCharlie.yara
│ │ ├── LimaDelta.yara
│ │ ├── PapaAlfa.yara
│ │ ├── RomeoAlfa.yara
│ │ ├── RomeoBravo.yara
│ │ ├── RomeoCharlie.yara
│ │ ├── RomeoDelta.yara
│ │ ├── RomeoEcho.yara
│ │ ├── RomeoFoxtrot_mod.yara.error
│ │ ├── RomeoGolf_mod.yara
│ │ ├── RomeoHotel.yara
│ │ ├── RomeoWhiskey.yara
│ │ ├── SierraAlfa.yara
│ │ ├── SierraBravo.yara
│ │ ├── SierraCharlie.yara
│ │ ├── SierraJuliettMikeOne.yara
│ │ ├── SierraJuliettMikeTwo.yara
│ │ ├── TangoAlfa.yara
│ │ ├── TangoBravo.yara
│ │ ├── UniformAlfa.yara
│ │ ├── UniformJuliett.yara
│ │ ├── WhiskeyAlfa.yara
│ │ ├── WhiskeyBravo_mod.yara
│ │ ├── WhiskeyCharlie.yara
│ │ ├── WhiskeyDelta.yara
│ │ ├── cert_wiper.yara
│ │ ├── general.yara
│ │ ├── mastersig
│ │ ├── sharedcode.yara
│ │ └── suicidescripts.yara
│ ├── POS.yar
│ ├── POS_Bernhard.yar
│ ├── POS_BruteforcingBot.yar
│ ├── POS_Easterjack.yar
│ ├── POS_FastPOS.yar
│ ├── POS_LogPOS.yar
│ ├── POS_MalumPOS.yar
│ ├── POS_Mozart.yar
│ ├── RANSOM_.CRYPTXXX.yar
│ ├── RANSOM_777.yar
│ ├── RANSOM_Alpha.yar
│ ├── RANSOM_Cerber.yar
│ ├── RANSOM_Comodosec.yar
│ ├── RANSOM_Crypren.yar
│ ├── RANSOM_Cryptolocker.yar
│ ├── RANSOM_DMALocker.yar
│ ├── RANSOM_GoldenEye.yar
│ ├── RANSOM_Locky.yar
│ ├── RANSOM_Petya.yar
│ ├── RANSOM_Satana.yar
│ ├── RANSOM_Stampado.yar
│ ├── RANSOM_TeslaCrypt.yar
│ ├── RANSOM_Tox.yar
│ ├── RAT_Adwind.yar
│ ├── RAT_Adzok.yar
│ ├── RAT_BlackShades.yar
│ ├── RAT_Bolonyokte.yar
│ ├── RAT_Bozok.yar
│ ├── RAT_Cerberus.yar
│ ├── RAT_Crimson.yar
│ ├── RAT_CyberGate.yar
│ ├── RAT_DarkComet.yar
│ ├── RAT_FlyingKitten.yar
│ ├── RAT_Gh0st.yar
│ ├── RAT_Gholee.yar
│ ├── RAT_Glass.yar
│ ├── RAT_Havex.yar
│ ├── RAT_Hizor.yar
│ ├── RAT_Indetectables.yar
│ ├── RAT_Inocnation.yar
│ ├── RAT_Meterpreter_Reverse_Tcp.yar
│ ├── RAT_Nanocore.yar
│ ├── RAT_NetwiredRC.yar
│ ├── RAT_Njrat.yar
│ ├── RAT_Orcus
│ ├── RAT_PlugX.yar
│ ├── RAT_PoisonIvy.yar
│ ├── RAT_Ratdecoders.yar
│ ├── RAT_Sakula.yar
│ ├── RAT_ShadowTech.yar
│ ├── RAT_Shim.yar
│ ├── RAT_Terminator.yar
│ ├── RAT_Xtreme.yar
│ ├── RAT_ZoxPNG.yar
│ ├── RAT_jRAT.yar
│ ├── RAT_xRAT.yar
│ ├── RAT_xRAT20.yar
│ ├── TOOLKIT_Chinese_Hacktools.yar
│ ├── TOOLKIT_Dubrute.yar
│ ├── TOOLKIT_FinFisher_.yar
│ ├── TOOLKIT_Gen_powerkatz.yar
│ ├── TOOLKIT_PassTheHash.yar
│ ├── TOOLKIT_Pwdump.yar
│ ├── TOOLKIT_THOR_HackTools.yar
│ ├── TOOLKIT_Wineggdrop.yar
│ └── TOOLKIT_exe2hex_payload.yar
│ ├── malware_index.yar
│ ├── rats.yara
│ ├── result_apihttp.yar
│ ├── result_blackListLanguages.yar
│ ├── sample_blackListFunctions.yar
│ ├── sample_blackliststrings.yar
│ ├── sample_capabilities.yar
│ ├── sample_embedded.yar
│ ├── sample_kins.yar
│ ├── sample_maldoc.yara
│ ├── sample_njRAT.yar
│ ├── sample_vmdetect.yar
│ ├── themask.yara
│ ├── urausy_skypedat.yar
│ ├── utils
│ ├── domain.yar
│ ├── ip.yar
│ └── url.yar
│ └── vmdetect.yara
├── docs
├── Makefile
├── make.bat
└── source
│ ├── conf.py
│ ├── customize
│ └── index.rst
│ ├── final_remarks
│ └── index.rst
│ ├── images
│ └── viper.png
│ ├── index.rst
│ ├── installation
│ └── index.rst
│ ├── known_issues
│ └── index.rst
│ └── usage
│ ├── commands.rst
│ ├── concepts.rst
│ ├── index.rst
│ └── web.rst
├── requirements.txt
├── setup.py
├── viper-api
├── viper-api-cli.py
├── viper-cli
├── viper-update
├── viper-web
├── viper.conf.sample
└── viper
├── __init__.py
├── common
├── __init__.py
├── abstracts.py
├── autorun.py
├── colors.py
├── constants.py
├── network.py
├── objects.py
├── out.py
└── utils.py
├── core
├── __init__.py
├── config.py
├── database.py
├── plugins.py
├── project.py
├── session.py
├── storage.py
└── ui
│ ├── __init__.py
│ ├── commands.py
│ └── console.py
└── modules
├── __init__.py
├── apk.py
├── clamav.py
├── cuckoo.py
├── debup.py
├── editdistance.py
├── elf.py
├── emailparse.py
├── exif.py
├── fuzzy.py
├── htmlparser.py
├── ida.py
├── idx.py
├── image.py
├── jar.py
├── koodous.py
├── lastline.py
├── macho.py
├── misp.py
├── office.py
├── pdf.py
├── pdftools
├── __init__.py
├── pdf-parser.py
├── pdfid.py
├── plugin_embeddedfile.py
├── plugin_list
├── plugin_nameobfuscation.py
└── plugin_triage.py
├── pdns.py
├── pe.py
├── peepdf
├── AUTHORS
├── CHANGELOG
├── COPYING
├── JSAnalysis.py
├── PDFConsole.py
├── PDFCore.py
├── PDFCrypto.py
├── PDFFilters.py
├── PDFUtils.py
├── README
├── TODO
├── __init__.py
├── aes.py
├── aespython
│ ├── __init__.py
│ ├── aes_cipher.py
│ ├── aes_tables.py
│ ├── cbc_mode.py
│ ├── cfb_mode.py
│ ├── key_expander.py
│ ├── ofb_mode.py
│ └── test_keys.py
├── ccitt.py
├── colorama
│ ├── PKG-INFO
│ ├── __init__.py
│ ├── ansi.py
│ ├── ansitowin32.py
│ ├── initialise.py
│ ├── win32.py
│ └── winterm.py
├── jjdecode.py
├── jsbeautifier
│ ├── __init__.py
│ └── unpackers
│ │ ├── README.specs.mkd
│ │ ├── __init__.py
│ │ ├── evalbased.py
│ │ ├── javascriptobfuscator.py
│ │ ├── myobfuscate.py
│ │ ├── packer.py
│ │ └── urlencode.py
├── lzw.py
└── peepdf.dtd
├── pehash
├── __init__.py
└── pehasher.py
├── pssl.py
├── pst.py
├── pymacho
├── Constants.py
├── MachO.py
├── MachODYLDInfoCommand.py
├── MachODYLinkerCommand.py
├── MachODYSymtabCommand.py
├── MachOEncryptionInfoCommand.py
├── MachOHeader.py
├── MachOLinkeditDataCommand.py
├── MachOLoadCommand.py
├── MachOLoadDYLibCommand.py
├── MachOMainCommand.py
├── MachONList.py
├── MachORPathCommand.py
├── MachORelocationInfo.py
├── MachOSection.py
├── MachOSegment.py
├── MachOSourceVersionCommand.py
├── MachOSymtabCommand.py
├── MachOThreadCommand.py
├── MachOUUIDCommand.py
├── MachOVersionMinCommand.py
├── Utils.py
└── __init__.py
├── radare.py
├── rat.py
├── rats
├── __init__.py
├── adwind.py
├── adzok.py
├── albertino.py
├── arcom.py
├── blacknix.py
├── blackshades.py
├── bluebanana.py
├── bozok.py
├── clientmesh.py
├── cybergate.py
├── darkcomet.py
├── darkrat.py
├── greame.py
├── hawkeye.py
├── jrat.py
├── lostdoor.py
├── luxnet.py
├── nanocore.py
├── njrat.py
├── pandora.py
├── poisonivy.py
├── predatorpain.py
├── punisher.py
├── smallnet.py
├── unrecom.py
├── winnti.py
├── xrat.py
└── xtreme.py
├── reports.py
├── shellcode.py
├── size.py
├── strings.py
├── swf.py
├── triage.py
├── verifysigs
├── __init__.py
├── asn1
│ ├── __init__.py
│ ├── dn.py
│ ├── oids.py
│ ├── pkcs7.py
│ ├── spc.py
│ ├── x509.py
│ └── x509_time.py
├── auth_data.py
├── fingerprint.py
├── pecoff_blob.py
└── verifysigs.py
├── virustotal.py
├── xor.py
└── yarascan.py
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 |
5 | ---
6 |
7 | **Describe the bug**
8 | A clear and concise description of what the bug is.
9 |
10 | **To Reproduce**
11 | Steps to reproduce the behavior:
12 | 1. Go to '...'
13 | 2. Click on '....'
14 | 3. Scroll down to '....'
15 | 4. See error
16 |
17 | **Expected behavior**
18 | A clear and concise description of what you expected to happen.
19 |
20 | **Screenshots**
21 | If applicable, add screenshots to help explain your problem.
22 |
23 | **Desktop (please complete the following information):**
24 | - OS: [e.g. iOS]
25 | - Browser [e.g. chrome, safari]
26 | - Version [e.g. 22]
27 |
28 | **Smartphone (please complete the following information):**
29 | - Device: [e.g. iPhone6]
30 | - OS: [e.g. iOS8.1]
31 | - Browser [e.g. stock browser, safari]
32 | - Version [e.g. 22]
33 |
34 | **Additional context**
35 | Add any other context about the problem here.
36 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 |
5 | ---
6 |
7 | **Is your feature request related to a problem? Please describe.**
8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
9 |
10 | **Describe the solution you'd like**
11 | A clear and concise description of what you want to happen.
12 |
13 | **Describe alternatives you've considered**
14 | A clear and concise description of any alternative solutions or features you've considered.
15 |
16 | **Additional context**
17 | Add any other context or screenshots about the feature request here.
18 |
--------------------------------------------------------------------------------
/.python-version:
--------------------------------------------------------------------------------
1 | 3.7.2
2 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 Jeremy Wagner-Kaiser
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | **What does this do?**
2 |
3 | **Why is this important?**
4 |
5 | **Anything you would like to add?**
6 |
--------------------------------------------------------------------------------
/flower/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python
2 |
3 | # WARNING: BE SURE NOT TO USE THE WORD 'FLOWER' IN THE ENV VARS
4 | # E.G. VIA LINKING OR MAESTRO-NG: THEY HAVE A SPECIAL MEANING IN FLOWER.
5 |
6 | RUN pip install redis
7 | RUN pip install flower
8 |
9 | # Default port
10 | EXPOSE 5555
11 |
12 | CMD flower --port=5555 --broker=redis://$REDIS_HOST:$REDIS_PORT/$REDIS_DATABASE
13 |
--------------------------------------------------------------------------------
/flower/README.md:
--------------------------------------------------------------------------------
1 | #Usage
2 | This docker provides the flower GUI for the celery workflow system, based on a redis broker.
3 |
4 | The redis broker settings can be set via environment variables:
5 |
6 | REDIS_HOST: Defaults to 'redis', so in case of docker linking this will work out of the box
7 | REDIS_PORT: Defaults to 6379
8 | REDIS_DATABASE: Defaults to 0
9 |
10 | Example with linking:
11 |
12 | docker run -d --name flower --link redis:redis placr/flower
13 |
14 | Example with redis running on 'another.host' (linking will not work across hosts):
15 |
16 | docker run -d --name flower -e REDIS_HOST=another.host placr/flower
17 |
18 | ##WARNING
19 | **BE SURE NOT TO USE THE WORD 'FLOWER' IN THE ENVIRONMENT VARIABLES
20 | E.G. VIA LINKING OR MAESTRO-NG (BOTH OF WHICH MAKE THEM FOR SERVICE DISCOVERY): THEY HAVE A SPECIAL MEANING IN FLOWER. FLOWER WILL FAIL TO START**
21 |
22 |
--------------------------------------------------------------------------------
/handler/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:latest
2 | RUN apt-get update && apt-get install -y git curl
3 |
4 | RUN groupadd -r handler && useradd --no-log-init -r -g handler handler -d /app/handler
5 | WORKDIR /app/handler
6 | COPY requirements.txt requirements.txt
7 | RUN pip install -r requirements.txt
8 | COPY . /app/handler
9 | RUN chmod +x /app/handler/rules.sh
10 | USER handler
11 |
12 | CMD ./rules.sh && celery worker -Q scoring --loglevel info -E
13 |
--------------------------------------------------------------------------------
/handler/celeryconfig.py:
--------------------------------------------------------------------------------
1 | """Responsible for configuring and routing this Celery worker."""
2 | import os
3 |
4 | CELERY_IMPORTS = ('tasks', )
5 | BROKER_URL = os.getenv('BROKER_URL', 'redis://redis:6379/0')
6 | CELERY_RESULT_BACKEND = BROKER_URL
7 | CELERY_ACCEPT_CONTENT = ['json']
8 | CELERY_TASK_SERIALIZER = 'json'
9 | CELERY_RESULT_SERIALIZER = 'json'
10 | CELERY_TRACK_STARTED = True
11 | CELERY_QUEUES = {
12 | "analysis": {
13 | "binding_key": "snakepit.analysis.#",
14 | },
15 | "scoring": {
16 | "binding_key": "snakepit.scoring.#",
17 | },
18 | }
19 |
--------------------------------------------------------------------------------
/handler/requirements.txt:
--------------------------------------------------------------------------------
1 | celery[redis]
2 | requests
3 |
--------------------------------------------------------------------------------
/handler/rules.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 | curl -H "Content-Type: application/json" -d '{"matcher": ".*", "value": 1, "analysis_key": "viperData", "rule_key":"proof_of_concept"}' http://pit:5000/rule
3 |
--------------------------------------------------------------------------------
/pit/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:latest
2 | RUN apt-get update && apt-get install -y git python-dev libpq-dev libyaml-dev libyaml-0-2
3 |
4 | COPY requirements.txt /app/pit/requirements.txt
5 | RUN pip install -r /app/pit/requirements.txt
6 | COPY . /app/pit/
7 |
8 | CMD cd /app/pit && FLASK_APP=app.py flask run -h 0.0.0.0
9 |
--------------------------------------------------------------------------------
/pit/requirements.txt:
--------------------------------------------------------------------------------
1 | alembic==0.8.7
2 | click==6.6
3 | Flask
4 | Flask-Cors==3.0.2
5 | Flask-Migrate==2.0.0
6 | Flask-Restless==0.17.0
7 | flask-restless-swagger==0.2.1
8 | Flask-Script==2.0.5
9 | Flask-SQLAlchemy==2.1
10 | itsdangerous==0.24
11 | Jinja2
12 | Mako==1.0.4
13 | MarkupSafe==0.23
14 | mimerender==0.6.0
15 | psycopg2==2.7.5
16 | python-dateutil==2.5.3
17 | python-editor==1.0.1
18 | python-mimeparse==1.5.2
19 | pytz==2016.6.1
20 | PyYAML
21 | six==1.10.0
22 | SQLAlchemy
23 | Werkzeug
24 |
--------------------------------------------------------------------------------
/ragpicker/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ubuntu:latest
2 | RUN apt-get update && apt-get install -y python-pip git python-dev libssl-dev
3 | RUN pip install --upgrade pip
4 |
5 | COPY requirements.txt /app/ragpicker/requirements.txt
6 | RUN pip install -r /app/ragpicker/requirements.txt
7 | COPY . /app/ragpicker/
8 |
9 | CMD cd /app/ragpicker && python /app/ragpicker/ragpicker.py -p 1 -d /app/ragpicker/tools/
10 |
--------------------------------------------------------------------------------
/ragpicker/config/preProcessing.conf:
--------------------------------------------------------------------------------
1 | [01_unpack_archive]
2 | enabled = no
3 | dataTypes = Zip, RAR
4 |
5 | [02_unpacker_clamav]
6 | enabled = no
7 | dataTypes = PE32, PE32+, MS-DOS
8 | clamscan_path = /usr/bin/clamscan
9 |
10 | [03_extract_rsrc]
11 | enabled = no
12 | dataTypes = PE32, PE32+, MS-DOS
13 | extractTypes = Zip, RAR
14 |
15 | [04_extract_office]
16 | enabled = no
17 | dataTypes = Rich, Composite
18 | wine = /usr/bin/wine
19 | brute = true
20 |
21 | [05_pe_carve]
22 | enabled = no
23 | dataTypes = PE32, PE32+, MS-DOS
24 |
--------------------------------------------------------------------------------
/ragpicker/core/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/core/__init__.py
--------------------------------------------------------------------------------
/ragpicker/core/statistics.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/core/statistics.py
--------------------------------------------------------------------------------
/ragpicker/crawler/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/crawler/__init__.py
--------------------------------------------------------------------------------
/ragpicker/crawler/cleanmx.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2013-2015 Ragpicker Developers.
2 | # This file is part of Ragpicker Malware Crawler - http://code.google.com/p/malware-crawler/
3 |
4 | import logging
5 | import re
6 |
7 | from core.abstracts import Crawler
8 |
9 |
10 | try:
11 | from yapsy.IPlugin import IPlugin
12 | except ImportError:
13 | raise ImportError, 'Yapsy (Yet Another Plugin System) is required to run this program : http://yapsy.sourceforge.net'
14 |
15 | log = logging.getLogger("CleanmxCrawler")
16 |
17 | class Cleanmx(IPlugin, Crawler):
18 |
19 | def run(self):
20 | self.mapURL = {}
21 | log.debug("Fetching from Cleanmx RSS")
22 |
23 | # parser
24 | soup = self.parse('http://support.clean-mx.de/clean-mx/xmlviruses.php?')
25 |
26 | for row in soup('url'):
27 | try:
28 | self.storeURL(re.sub('[\[CDATA\]]', '', row.string))
29 | except Exception as e:
30 | log.error('Error in get from soup: (%s)', e)
31 |
32 | log.info("Found %s urls" % len(self.mapURL))
33 |
34 | return self.mapURL
35 |
--------------------------------------------------------------------------------
/ragpicker/crawler/cleanmx.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = cleanmx
3 | Module = cleanmx
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from Cleanmx RSS (http://support.clean-mx.de)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/joxeankoret.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = joxeankoret
3 | Module = joxeankoret
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from joxeankoret.com (http://malwareurls.joxeankoret.com)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/malShare.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = malShare
3 | Module = malShare
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from MalShare daily list (http://www.malshare.com)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/malc0de.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = malc0de
3 | Module = malc0de
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from Malc0de RSS (http://malc0de.com)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/malwarebl.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2013-2015 Ragpicker Developers.
2 | # This file is part of Ragpicker Malware Crawler - http://code.google.com/p/malware-crawler/
3 |
4 | import logging
5 |
6 | from core.abstracts import Crawler
7 |
8 |
9 | try:
10 | from yapsy.IPlugin import IPlugin
11 | except ImportError:
12 | raise ImportError, 'Yapsy (Yet Another Plugin System) is required to run this program : http://yapsy.sourceforge.net'
13 |
14 | log = logging.getLogger("MalwareblCrawler")
15 |
16 | class Malwarebl(IPlugin, Crawler):
17 |
18 | def run(self):
19 | self.mapURL = {}
20 | log.debug("Fetching from Malware Black List")
21 |
22 | # parser
23 | soup = self.parse('http://www.malwareblacklist.com/mbl.xml')
24 |
25 | for row in soup('description'):
26 | site = str(row).split()[1].replace(',', '')
27 | self.storeURL(site)
28 |
29 | log.info("Found %s urls" % len(self.mapURL))
30 |
31 | return self.mapURL
32 |
--------------------------------------------------------------------------------
/ragpicker/crawler/malwarebl.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = malwarebl
3 | Module = malwarebl
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from Malware Black List (http://www.malwareblacklist.com)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/malwaredl.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = malwaredl
3 | Module = malwaredl
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from Malware Domain List (http://www.malwaredomainlist.com)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/secuboxlabs.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = secuboxlabs
3 | Module = secuboxlabs
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from SecuBox Labs (FRANCE) RSS (http://secuboxlabs.fr)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/spyeyetracker.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2013-2015 Ragpicker Developers.
2 | # This file is part of Ragpicker Malware Crawler - http://code.google.com/p/malware-crawler/
3 |
4 | import logging
5 |
6 | from core.abstracts import Crawler
7 |
8 |
9 | try:
10 | from yapsy.IPlugin import IPlugin
11 | except ImportError:
12 | raise ImportError, 'Yapsy (Yet Another Plugin System) is required to run this program : http://yapsy.sourceforge.net'
13 |
14 | log = logging.getLogger("SpyEyetrackerCrawler")
15 |
16 | class SpyEyetracker(IPlugin, Crawler):
17 |
18 | def run(self):
19 | self.mapURL = {}
20 | log.debug("Fetching from SpyEyetracker RSS")
21 |
22 | # parser
23 | soup = self.parse('https://spyeyetracker.abuse.ch/monitor.php?rssfeed=binaryurls')
24 |
25 | for row in soup('description'):
26 | site = str(row).split()[2].replace(',', '')
27 | if site != "This":
28 | self.storeURL(site)
29 |
30 | log.info("Found %s urls" % len(self.mapURL))
31 |
32 | return self.mapURL
33 |
--------------------------------------------------------------------------------
/ragpicker/crawler/spyeyetracker.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = spyeyetracker
3 | Module = spyeyetracker
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from SpyEyetracker RSS (https://spyeyetracker.abuse.ch)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/urlquery.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2013-2015 Ragpicker Developers.
2 | # This file is part of Ragpicker Malware Crawler - http://code.google.com/p/malware-crawler/
3 |
4 | import logging
5 | import re
6 |
7 | from core.abstracts import Crawler
8 |
9 |
10 | try:
11 | from yapsy.IPlugin import IPlugin
12 | except ImportError:
13 | raise ImportError, 'Yapsy (Yet Another Plugin System) is required to run this program : http://yapsy.sourceforge.net'
14 |
15 | log = logging.getLogger("UrlQueryCrawler")
16 |
17 | class UrlQuery(IPlugin, Crawler):
18 |
19 | def run(self):
20 | self.mapURL = {}
21 | log.debug("Fetching from UrlQuery")
22 |
23 | # parser
24 | soup = self.parse('http://urlquery.net')
25 |
26 | for t in soup("table", { "class" : "test" }):
27 | for a in t("a"):
28 | self.storeURL('http://' + re.sub('&', '&', a.text))
29 |
30 | log.info("Found %s urls" % len(self.mapURL))
31 |
32 | return self.mapURL
--------------------------------------------------------------------------------
/ragpicker/crawler/urlquery.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = urlquery
3 | Module = urlquery
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from urlquery.net (http://urlquery.net)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/vxvault.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2013-2015 Ragpicker Developers.
2 | # This file is part of Ragpicker Malware Crawler - http://code.google.com/p/malware-crawler/
3 |
4 | import logging
5 |
6 | from core.abstracts import Crawler
7 |
8 |
9 | try:
10 | from yapsy.IPlugin import IPlugin
11 | except ImportError:
12 | raise ImportError, 'Yapsy (Yet Another Plugin System) is required to run this program : http://yapsy.sourceforge.net'
13 |
14 | log = logging.getLogger("VxvaultCrawler")
15 |
16 | class Vxvault(IPlugin, Crawler):
17 |
18 | def run(self):
19 | self.mapURL = {}
20 | log.debug("Fetching from VXVault List")
21 |
22 | # parser
23 | soup = self.parse('http://vxvault.siri-urz.net/URL_List.php')
24 |
25 | vxv = []
26 |
27 | for row in soup('pre'):
28 | vxv = row.string.split('\r\n')
29 | del vxv[:4]
30 | del vxv[-1]
31 | log.info("Found %s urls" % len(vxv))
32 | for row in vxv:
33 | self.storeURL(row)
34 |
35 | return self.mapURL
36 |
--------------------------------------------------------------------------------
/ragpicker/crawler/vxvault.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = vxvault
3 | Module = vxvault
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from VXVault (http://vxvault.siri-urz.net)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/crawler/zeustracker.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2013-2015 Ragpicker Developers.
2 | # This file is part of Ragpicker Malware Crawler - http://code.google.com/p/malware-crawler/
3 |
4 | import logging
5 |
6 | from core.abstracts import Crawler
7 |
8 |
9 | try:
10 | from yapsy.IPlugin import IPlugin
11 | except ImportError:
12 | raise ImportError, 'Yapsy (Yet Another Plugin System) is required to run this program : http://yapsy.sourceforge.net'
13 |
14 | log = logging.getLogger("ZeustrackerCrawler")
15 |
16 | class Zeustracker(IPlugin, Crawler):
17 |
18 | def run(self):
19 | self.mapURL = {}
20 | log.debug("Fetching from Zeustracker RSS")
21 |
22 | # parser
23 | soup = self.parse('https://zeustracker.abuse.ch/monitor.php?urlfeed=binaries')
24 |
25 | for row in soup('description'):
26 | site = str(row).split()[1].replace(',', '')
27 | if site != "ZeuS":
28 | self.storeURL(site)
29 |
30 | log.info("Found %s urls" % len(self.mapURL))
31 |
32 | return self.mapURL
33 |
--------------------------------------------------------------------------------
/ragpicker/crawler/zeustracker.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = zeustracker
3 | Module = zeustracker
4 |
5 | [Documentation]
6 | Description = Fetching Malware-URLs from Zeustracker RSS (https://zeustracker.abuse.ch)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/data/clamav_dummy.hdb:
--------------------------------------------------------------------------------
1 | 0f8816902a5bd1c10a87e06100e68d68:128804:Hello_World.exe
2 |
--------------------------------------------------------------------------------
/ragpicker/data/html/htmlSections/subfile.html:
--------------------------------------------------------------------------------
1 | {% if results.SubFile %}
2 |
31 | {% endif %}
--------------------------------------------------------------------------------
/ragpicker/data/index_result.yar:
--------------------------------------------------------------------------------
1 | include "yara_signatures/result_blackListLanguages.yar"
2 | include "yara_signatures/result_apihttp.yar"
--------------------------------------------------------------------------------
/ragpicker/data/index_sample.yar:
--------------------------------------------------------------------------------
1 | include "yara_signatures/sample_capabilities.yar"
2 | include "yara_signatures/sample_embedded.yar"
3 | include "yara_signatures/sample_kins.yar"
4 | include "yara_signatures/sample_njRAT.yar"
5 | include "yara_signatures/sample_vmdetect.yar"
6 | include "yara_signatures/sample_blackliststrings.yar"
7 | include "yara_signatures/sample_blackListFunctions.yar"
8 | include "yara_signatures/sample_maldoc.yara"
--------------------------------------------------------------------------------
/ragpicker/data/peiddb.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/data/peiddb.txt
--------------------------------------------------------------------------------
/ragpicker/data/yara_signatures/result_apihttp.yar:
--------------------------------------------------------------------------------
1 | rule HTTPApiFunctions {
2 | meta:
3 | description = "Uses the HTTP protocol functions"
4 | strings:
5 | $api1 = "HttpSendRequest" nocase
6 | $api2 = "HttpSendRequestEx" nocase
7 | $api3 = "HttpQueryInfo" nocase
8 | $api4 = "HttpAddRequestHeaders" nocase
9 | $api5 = "HttpEndRequest" nocase
10 | $api6 = "HttpOpenRequest" nocase
11 | condition:
12 | any of them
13 | }
--------------------------------------------------------------------------------
/ragpicker/data/yara_signatures/result_blackListLanguages.yar:
--------------------------------------------------------------------------------
1 | rule BlackListLanguages {
2 | meta:
3 | description = "Unconventionial binary language"
4 | strings:
5 | $lang1 = "LANG_ARABIC"
6 | $lang2 = "LANG_BULGARIAN"
7 | $lang3 = "LANG_CHINESE"
8 | $lang4 = "LANG_ROMANIAN"
9 | $lang5 = "LANG_RUSSIAN"
10 | $lang6 = "LANG_CROATO-SERBIAN"
11 | $lang7 = "LANG_SLOVAK"
12 | $lang8 = "LANG_ALBANIAN"
13 | $lang9 = "LANG_TURKISH"
14 | $lang10 = "LANG_HEBREW"
15 | $lang11 = "LANG_KOREAN"
16 | $lang12 = "SUBLANG_ENGLISH_JAMAICA"
17 | $lang13 = "SUBLANG_ENGLISH_CARIBBEAN"
18 | $lang14 = "SUBLANG_ENGLISH_BELIZE"
19 | $lang15 = "SUBLANG_ENGLISH_TRINIDAD"
20 | $lang16 = "SUBLANG_ENGLISH_ZIMBABWE"
21 | $lang17 = "SUBLANG_ENGLISH_PHILIPPINES"
22 | $lang18 = "LANG_UZBEK"
23 | $lang19 = "LANG_VIETNAMESE"
24 | $lang20 = "LANG_UKRAINIAN"
25 | $lang21 = "LANG_TELUGU"
26 | $lang22 = "LANG_SYRIAC"
27 | $lang23 = "LANG_SERBIAN"
28 | $lang24 = "LANG_LATVIAN"
29 | condition:
30 | any of them
31 | }
--------------------------------------------------------------------------------
/ragpicker/dumpdir/files/empty.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/dumpdir/files/empty.txt
--------------------------------------------------------------------------------
/ragpicker/dumpdir/reports/empty.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/dumpdir/reports/empty.txt
--------------------------------------------------------------------------------
/ragpicker/preProcessing/01_unpack_archive.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = 01_unpack_archive
3 | Module = 01_unpack_archive
4 |
5 | [Documentation]
6 | Description = Recurse unpack archive
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/preProcessing/02_unpacker_clamav.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = 02_unpacker_clamav
3 | Module = 02_unpacker_clamav
4 |
5 | [Documentation]
6 | Description = Unpacking with ClamAv AntiVirus (http://www.clamav.net/lang/en/)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/preProcessing/03_extract_rsrc.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = 03_extract_rsrc
3 | Module = 03_extract_rsrc
4 |
5 | [Documentation]
6 | Description = Extract .rsrc-Section
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/preProcessing/04_extract_office.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = 04_extract_office
3 | Module = 04_extract_office
4 |
5 | [Documentation]
6 | Description = Extract PE-Files from Office-Documents
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/preProcessing/05_pe_carve.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = 05_pe_carve
3 | Module = 05_pe_carve
4 |
5 | [Documentation]
6 | Description = Carve out embeddded executables
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/preProcessing/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/preProcessing/__init__.py
--------------------------------------------------------------------------------
/ragpicker/processing/__init__.py:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/ragpicker/processing/all_bluecoatMalwareAnalysisAppliance.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = all_bluecoatMalwareAnalysisAppliance
3 | Module = all_bluecoatMalwareAnalysisAppliance
4 |
5 | [Documentation]
6 | Description = Adds the Sample to Blue Coat Malware Analysis Appliance (https://www.bluecoat.com)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
9 | Website = https://www.bluecoat.com/products/malware-analysis-appliance
--------------------------------------------------------------------------------
/ragpicker/processing/all_cuckooSandbox.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = all_cuckooSandbox
3 | Module = all_cuckooSandbox
4 |
5 | [Documentation]
6 | Description = Adds the Sample to the list of cuckoo-sandbox tasks to be processed and analyzed
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
9 | Website =
--------------------------------------------------------------------------------
/ragpicker/processing/all_info.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = all_info
3 | Module = all_info
4 |
5 | [Documentation]
6 | Description = Sample Base Infos (Don't disable "info"-Module!!!)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
9 | Website =
--------------------------------------------------------------------------------
/ragpicker/processing/all_subFile.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = all_subFile
3 | Module = all_subFile
4 |
5 | [Documentation]
6 | Description = Find subfile in any binary stream
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
9 | Website =
--------------------------------------------------------------------------------
/ragpicker/processing/all_virustotal.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = all_virustotal
3 | Module = all_virustotal
4 |
5 | [Documentation]
6 | Description = Gets detection ratio from VirusTotal.com (via VT API)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
9 | Website =
--------------------------------------------------------------------------------
/ragpicker/processing/all_yara.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = all_yara
3 | Module = all_yara
4 |
5 | [Documentation]
6 | Description = Identify and classify malware with yara (http://plusvic.github.io/yara/)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_avast.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_avast
3 | Module = antivirus_avast
4 |
5 | [Documentation]
6 | Description = avast! Free Antivirus für Linux v1.3.0 (http://www.avast.com)
7 | Author = Mark Lawrenz
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_avg.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_avg
3 | Module = antivirus_avg
4 |
5 | [Documentation]
6 | Description = Avg AntiVirus Scan (http://free.avg.com)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_avira.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_avira
3 | Module = antivirus_avira
4 |
5 | [Documentation]
6 | Description = Avira AntiVirus Scan (http://www.avira.com/de/avira-free-antivirus)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_bitDefender.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_bitDefender
3 | Module = antivirus_bitDefender
4 |
5 | [Documentation]
6 | Description = BitDefender AntiVirus Scan (http://www.bitdefender.co.uk/)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_clamav.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_clamav
3 | Module = antivirus_clamav
4 |
5 | [Documentation]
6 | Description = ClamAv AntiVirus Scan (http://www.clamav.net/lang/en/)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_comodo.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_comodo
3 | Module = antivirus_comodo
4 |
5 | [Documentation]
6 | Description = COMODO Antivirus Scan (http://www.comodo.com/)
7 | Author = Mark Lawrenz
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_eset.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_eset
3 | Module = antivirus_eset
4 |
5 | [Documentation]
6 | Description = ESET File Security für Linux v4.0.10 (http://www.eset.com)
7 | Author = Mark Lawrenz
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_fprot.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_fprot
3 | Module = antivirus_fprot
4 |
5 | [Documentation]
6 | Description = F-Prot AntiVirus Scan (http://www.f-prot.com/)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_fsecure.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_fsecure
3 | Module = antivirus_fsecure
4 |
5 | [Documentation]
6 | Description = F-Secure Linux Security v10.10.142 (http://www.f-secure.com)
7 | Author = Mark Lawrenz
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/antivirus_teamcymru.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = antivirus_teamcymru
3 | Module = antivirus_teamcymru
4 |
5 | [Documentation]
6 | Description = Malware Hash Registry (MHR) lookup (https://www.team-cymru.org)
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/net_getOwnLocation.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = net_getOwnLocation
3 | Module = net_getOwnLocation
4 |
5 | [Documentation]
6 | Description = Returns the own internet location.
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/net_inetSourceAnalysis.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = net_inetSourceAnalysis
3 | Module = net_inetSourceAnalysis
4 |
5 | [Documentation]
6 | Description = Check IP and Host for reputation.
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/ole_officescan.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = ole_officescan
3 | Module = ole_officescan
4 |
5 | [Documentation]
6 | Description = OLE - Analyze the suspicious Office documents
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/pdf_pdfid.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = pdf_pdfid
3 | Module = pdf_pdfid
4 |
5 | [Documentation]
6 | Description = PDF - Analyze the suspicious PDF documents
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/pe_pefile.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = pe_peid
3 | Module = pe_peid
4 |
5 | [Documentation]
6 | Description = PE - Detects most common packers, cryptors and compilers for PE files
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/pe_peid.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = pe_pefile
3 | Module = pe_pefile
4 |
5 | [Documentation]
6 | Description = PE - pefile is a module to read and work with PE (Portable Executable) files
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/processing/rtf_rtfscan.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = rtf_rtfscan
3 | Module = rtf_rtfscan
4 |
5 | [Documentation]
6 | Description = RTF - Analyze the suspicious RTF documents
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/reporting/__init__.py
--------------------------------------------------------------------------------
/ragpicker/reporting/codeDB.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = codeDB
3 | Module = codeDB
4 |
5 | [Documentation]
6 | Description = codeDB report-plugin for Viviane's Code Database
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/filedump.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = filedump
3 | Module = filedump
4 |
5 | [Documentation]
6 | Description = Save sample file on the file system
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/hpfriends.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = hpfriends
3 | Module = hpfriends
4 |
5 | [Documentation]
6 | Description = Publishes the results on an HPFeeds channel
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/jsondump.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = jsondump
3 | Module = jsondump
4 |
5 | [Documentation]
6 | Description = Saves analysis results in JSON format
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/mongodb.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = mongodb
3 | Module = mongodb
4 |
5 | [Documentation]
6 | Description = Reporting-Modul for MongoDB
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/mysql.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = mysql
3 | Module = mysql
4 |
5 | [Documentation]
6 | Description = Reporting-Modul for MySQL
7 | Author = Mark Lawrenz
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/reporthtml.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = reporthtml
3 | Module = reporthtml
4 |
5 | [Documentation]
6 | Description = HTML Reporting-Modul
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/reportxml.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = reportxml
3 | Module = reportxml
4 |
5 | [Documentation]
6 | Description = Store analysis results as xml document
7 | Author = Robby Zeitfuchs
8 | Version = 1.0
--------------------------------------------------------------------------------
/ragpicker/reporting/viper.yapsy-plugin:
--------------------------------------------------------------------------------
1 | [Core]
2 | Name = viper
3 | Module = viper
4 |
5 | [Documentation]
6 | Description = Viper is a Python application for managing a malware samples repository
7 | Author = Claudio Guarnieri
8 | Version = 3.1.4
9 |
--------------------------------------------------------------------------------
/ragpicker/requirements.txt:
--------------------------------------------------------------------------------
1 | beautifulsoup
2 | bitstring
3 | hachoir-core
4 | hachoir-parser
5 | hachoir-regex
6 | hachoir-subfile
7 | httplib2
8 | Jinja2
9 | jsonpickle
10 | m2crypto
11 | prettytable
12 | pyasn1
13 | pymongo==2.7.2
14 | requests
15 | simplejson
16 | yapsy
17 | celery[redis]
18 |
--------------------------------------------------------------------------------
/ragpicker/tools/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/tools/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/OfficeMalScanner/Cadt.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/OfficeMalScanner/Cadt.dll
--------------------------------------------------------------------------------
/ragpicker/utils/OfficeMalScanner/DisView.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/OfficeMalScanner/DisView.exe
--------------------------------------------------------------------------------
/ragpicker/utils/OfficeMalScanner/LZNT1Decompress.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/OfficeMalScanner/LZNT1Decompress.dll
--------------------------------------------------------------------------------
/ragpicker/utils/OfficeMalScanner/MalHost-Setup.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/OfficeMalScanner/MalHost-Setup.exe
--------------------------------------------------------------------------------
/ragpicker/utils/OfficeMalScanner/OfficeMalScanner.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/OfficeMalScanner/OfficeMalScanner.exe
--------------------------------------------------------------------------------
/ragpicker/utils/OfficeMalScanner/RTFScan.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/OfficeMalScanner/RTFScan.exe
--------------------------------------------------------------------------------
/ragpicker/utils/OfficeMalScanner/Unzipper.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/OfficeMalScanner/Unzipper.dll
--------------------------------------------------------------------------------
/ragpicker/utils/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/oletools/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/OleFileIO_PL/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/oletools/thirdparty/OleFileIO_PL/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/oletools/thirdparty/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/easygui/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/oletools/thirdparty/easygui/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/olefile/CONTRIBUTORS.txt:
--------------------------------------------------------------------------------
1 | CONTRIBUTORS for the olefile project
2 | ====================================
3 |
4 | This is a non-exhaustive list of all the people who helped me improve the
5 | olefile project (formerly OleFileIO_PL), in approximative chronological order.
6 | Please contact me if I forgot to mention your name.
7 |
8 | A big thank you to all of them:
9 |
10 | - Niko Ehrenfeuchter: added support for Jython
11 | - Niko Ehrenfeuchter, Martijn Berger and Dave Jones: helped fix 4K sector support
12 | - Martin Panter: conversion to Python 3.x/2.6+
13 | - mete0r_kr: added support for file-like objects
14 | - chuckleberryfinn: fixed bug in getproperties
15 | - Martijn, Ben G.: bug report for 64 bits platforms
16 | - Philippe Lagadec: main author and maintainer since 2005
17 | - and of course Fredrik Lundh: original author of OleFileIO from 1995 to 2005
18 |
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/olefile/doc/OLE_VBA_sample.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/oletools/thirdparty/olefile/doc/OLE_VBA_sample.png
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/prettytable/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/oletools/thirdparty/prettytable/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/xglob/__init__.py:
--------------------------------------------------------------------------------
1 | from .xglob import *
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/xxxswf/LICENSE.txt:
--------------------------------------------------------------------------------
1 | xxxswf.py is published by Alexander Hanel on
2 | http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html
3 | without explicit license.
--------------------------------------------------------------------------------
/ragpicker/utils/oletools/thirdparty/xxxswf/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/oletools/thirdparty/xxxswf/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/ordlookup/__init__.py:
--------------------------------------------------------------------------------
1 | import ws2_32
2 | import oleaut32
3 |
4 | '''
5 | A small module for keeping a database of ordinal to symbol
6 | mappings for DLLs which frequently get linked without symbolic
7 | infoz.
8 | '''
9 |
10 | ords = {
11 | 'ws2_32.dll':ws2_32.ord_names,
12 | 'wsock32.dll':ws2_32.ord_names,
13 | 'oleaut32.dll':oleaut32.ord_names,
14 | }
15 |
16 | def ordLookup(libname, ord, make_name=False):
17 | '''
18 | Lookup a name for the given ordinal if it's in our
19 | database.
20 | '''
21 | names = ords.get(libname.lower())
22 | if names == None:
23 | if make_name is True:
24 | return 'ord%d' % ord
25 | return None
26 | name = names.get(ord)
27 | if name == None:
28 | return 'ord%d' % ord
29 | return name
30 |
31 |
32 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/__init__.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 | # http://www.python.org/dev/peps/pep-0396/
4 | __version__ = '0.1.4'
5 |
6 | if sys.version_info[:2] < (2, 4):
7 | raise RuntimeError('PyASN1 requires Python 2.4 or later')
8 |
9 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/codec/__init__.py:
--------------------------------------------------------------------------------
1 | # This file is necessary to make this directory a package.
2 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/codec/ber/__init__.py:
--------------------------------------------------------------------------------
1 | # This file is necessary to make this directory a package.
2 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/codec/ber/eoo.py:
--------------------------------------------------------------------------------
1 | from utils.pyasn1.type import base, tag
2 |
3 | class EndOfOctets(base.AbstractSimpleAsn1Item):
4 | defaultValue = 0
5 | tagSet = tag.initTagSet(
6 | tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x00)
7 | )
8 | endOfOctets = EndOfOctets()
9 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/codec/cer/__init__.py:
--------------------------------------------------------------------------------
1 | # This file is necessary to make this directory a package.
2 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/codec/der/__init__.py:
--------------------------------------------------------------------------------
1 | # This file is necessary to make this directory a package.
2 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/codec/der/decoder.py:
--------------------------------------------------------------------------------
1 | # DER decoder
2 | from utils.pyasn1.type import univ
3 | from utils.pyasn1.codec.cer import decoder
4 |
5 | tagMap = decoder.tagMap
6 | typeMap = decoder.typeMap
7 | Decoder = decoder.Decoder
8 |
9 | decode = Decoder(tagMap, typeMap)
10 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/codec/der/encoder.py:
--------------------------------------------------------------------------------
1 | # DER encoder
2 | from utils.pyasn1.type import univ
3 | from utils.pyasn1.codec.cer import encoder
4 |
5 | class SetOfEncoder(encoder.SetOfEncoder):
6 | def _cmpSetComponents(self, c1, c2):
7 | tagSet1 = isinstance(c1, univ.Choice) and \
8 | c1.getEffectiveTagSet() or c1.getTagSet()
9 | tagSet2 = isinstance(c2, univ.Choice) and \
10 | c2.getEffectiveTagSet() or c2.getTagSet()
11 | return cmp(tagSet1, tagSet2)
12 |
13 | tagMap = encoder.tagMap.copy()
14 | tagMap.update({
15 | # Overload CER encodrs with BER ones (a bit hackerish XXX)
16 | univ.BitString.tagSet: encoder.encoder.BitStringEncoder(),
17 | univ.OctetString.tagSet: encoder.encoder.OctetStringEncoder(),
18 | # Set & SetOf have same tags
19 | univ.SetOf().tagSet: SetOfEncoder()
20 | })
21 |
22 | typeMap = encoder.typeMap
23 |
24 | class Encoder(encoder.Encoder):
25 | def __call__(self, client, defMode=1, maxChunkSize=0):
26 | return encoder.Encoder.__call__(self, client, defMode, maxChunkSize)
27 |
28 | encode = Encoder(tagMap, typeMap)
29 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/compat/__init__.py:
--------------------------------------------------------------------------------
1 | # This file is necessary to make this directory a package.
2 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/compat/octets.py:
--------------------------------------------------------------------------------
1 | from sys import version_info
2 |
3 | if version_info[0] <= 2:
4 | int2oct = chr
5 | ints2octs = lambda s: ''.join([ int2oct(x) for x in s ])
6 | null = ''
7 | oct2int = ord
8 | octs2ints = lambda s: [ oct2int(x) for x in s ]
9 | str2octs = lambda x: x
10 | octs2str = lambda x: x
11 | isOctetsType = lambda s: isinstance(s, str)
12 | else:
13 | ints2octs = bytes
14 | int2oct = lambda x: ints2octs((x,))
15 | null = ints2octs()
16 | oct2int = lambda x: x
17 | octs2ints = lambda s: [ x for x in s ]
18 | str2octs = lambda x: x.encode()
19 | octs2str = lambda x: x.decode()
20 | isOctetsType = lambda s: isinstance(s, bytes)
21 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/error.py:
--------------------------------------------------------------------------------
1 | class PyAsn1Error(Exception): pass
2 | class ValueConstraintError(PyAsn1Error): pass
3 | class SubstrateUnderrunError(PyAsn1Error): pass
4 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/type/__init__.py:
--------------------------------------------------------------------------------
1 | # This file is necessary to make this directory a package.
2 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/type/error.py:
--------------------------------------------------------------------------------
1 | from utils.pyasn1.error import PyAsn1Error
2 |
3 | class ValueConstraintError(PyAsn1Error): pass
4 |
--------------------------------------------------------------------------------
/ragpicker/utils/pyasn1/type/useful.py:
--------------------------------------------------------------------------------
1 | # ASN.1 "useful" types
2 | from utils.pyasn1.type import char, tag
3 |
4 | class GeneralizedTime(char.VisibleString):
5 | tagSet = char.VisibleString.tagSet.tagImplicitly(
6 | tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 24)
7 | )
8 |
9 | class UTCTime(char.VisibleString):
10 | tagSet = char.VisibleString.tagSet.tagImplicitly(
11 | tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 23)
12 | )
13 |
--------------------------------------------------------------------------------
/ragpicker/utils/verifySigs/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/verifySigs/__init__.py
--------------------------------------------------------------------------------
/ragpicker/utils/verifySigs/sigcheck.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/ragpicker/utils/verifySigs/sigcheck.exe
--------------------------------------------------------------------------------
/redis/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM redis:latest
2 |
3 | COPY docker-healthcheck /usr/local/bin/
4 |
5 | HEALTHCHECK CMD ["docker-healthcheck"]
6 |
--------------------------------------------------------------------------------
/redis/docker-healthcheck:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -eo pipefail
3 |
4 | host="$(hostname -i || echo '127.0.0.1')"
5 |
6 | if ping="$(redis-cli -h "$host" ping)" && [ "$ping" = 'PONG' ]; then
7 | exit 0
8 | fi
9 |
10 | exit 1
11 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | flake8==3.6.0
2 | mccabe==0.6.1
3 | pycodestyle==2.4.0
4 | pyflakes==2.0.0
5 |
--------------------------------------------------------------------------------
/snake/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:latest
2 | RUN apt-get update && apt-get install -y git curl
3 |
4 | RUN groupadd -r snake && useradd --no-log-init -r -g snake snake -d /app/snake
5 | WORKDIR /app/snake
6 | COPY requirements.txt requirements.txt
7 | RUN pip install -r requirements.txt
8 | COPY . /app/snake
9 | USER snake
10 |
11 | CMD celery worker -Q analysis --loglevel info -E
12 |
--------------------------------------------------------------------------------
/snake/celeryconfig.py:
--------------------------------------------------------------------------------
1 | """Responsible for configuring and routing this Celery worker."""
2 | import os
3 |
4 | CELERY_IMPORTS = ('tasks', )
5 | BROKER_URL = os.getenv('BROKER_URL', 'redis://redis:6379/0')
6 | CELERY_RESULT_BACKEND = BROKER_URL
7 | CELERY_ACCEPT_CONTENT = ['json']
8 | CELERY_TASK_SERIALIZER = 'json'
9 | CELERY_RESULT_SERIALIZER = 'json'
10 | CELERY_TRACK_STARTED = True
11 | CELERY_QUEUES = {
12 | "analysis": {
13 | "binding_key": "snakepit.analysis.#",
14 | },
15 | "scoring": {
16 | "binding_key": "snakepit.scoring.#",
17 | },
18 | }
19 |
--------------------------------------------------------------------------------
/snake/requirements.txt:
--------------------------------------------------------------------------------
1 | celery[redis]
2 | requests
3 | cuckoo-api
4 |
--------------------------------------------------------------------------------
/viper/.gitignore:
--------------------------------------------------------------------------------
1 | *.py[cod]
2 |
3 | # C extensions
4 | *.so
5 |
6 | # Packages
7 | *.egg
8 | *.egg-info
9 | dist
10 | build
11 | eggs
12 | parts
13 | bin
14 | var
15 | sdist
16 | develop-eggs
17 | .installed.cfg
18 | lib
19 | lib64
20 |
21 | # Installer logs
22 | pip-log.txt
23 |
24 | # Unit test / coverage reports
25 | .coverage
26 | .tox
27 | nosetests.xml
28 |
29 | # Translations
30 | *.mo
31 |
32 | # Mr Developer
33 | .mr.developer.cfg
34 | .project
35 | .pydevproject
36 | .idea
37 |
38 | history
39 | binaries/
40 | projects/
41 | *.db
42 | *.conf
43 | *.bak
44 |
45 | data/yara/index.yara
46 |
47 | installed_files.txt
48 |
--------------------------------------------------------------------------------
/viper/.travis.yml:
--------------------------------------------------------------------------------
1 | language: python
2 | python:
3 | - 2.7
4 | before_install:
5 | - sudo apt-get update -qq
6 | - sudo apt-get install gcc python-socksipy libssl-dev swig -qq
7 | - wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.10/ssdeep-2.10.tar.gz
8 | - tar -zxvf ssdeep-2.10.tar.gz
9 | - cd ssdeep-2.10
10 | - ./configure && make
11 | - sudo make install
12 | - cd ..
13 | install:
14 | - pip install -r requirements.txt
15 | script:
16 | - echo "exit" | python viper-cli
17 |
--------------------------------------------------------------------------------
/viper/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | **Wanna contribute?** Viper is an open, BSD-licensed, collaborative development effort that heavily
2 | relies on contributions from the whole community. We welcome tickets, pull requests, feature suggestions.
3 |
4 | When develping new modules or patches, please try to comply to the general code style that we try to
5 | maintain across the project. When introducing new features or fixing significant bugs, please also
6 | include some concise information and possibly also introduce comprehensive documentation in our
7 | guide. Before submitting code, please try to check it first with some code verifications tools like
8 | *pyflakes*, *pylint*, *pychecker*, and *pep8*. They help identifying basic mistakes improve the
9 | quality of the code
10 |
11 |
--------------------------------------------------------------------------------
/viper/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ubuntu:latest
2 | RUN apt-get update && apt-get install -y libfuzzy-dev python-pip git libssl-dev libffi-dev swig libpq-dev python-dev curl
3 | RUN pip install --upgrade pip
4 |
5 | COPY . /app/viper/
6 | RUN pip install -r /app/viper/requirements.txt
7 | RUN cd /app/viper && make install
8 | COPY viper.conf /etc/viper/viper.conf
9 |
10 | EXPOSE 8080
11 | EXPOSE 9090
12 | CMD rm -rf /app/data/binaries/* && python /app/viper/viper-api -H 0.0.0.0 && python /app/viper/viper-web -H 0.0.0.0 -p 9090
13 |
--------------------------------------------------------------------------------
/viper/Makefile:
--------------------------------------------------------------------------------
1 | all: build
2 |
3 | build:
4 | python setup.py build
5 |
6 | install:
7 | python setup.py install --record installed_files.txt
8 | mkdir -p /usr/share/viper
9 | cp -rf data/* /usr/share/viper
10 | cp viper.conf.sample /usr/share/viper/viper.conf.sample
11 |
12 | uninstall:
13 | cat installed_files.txt | xargs rm -rf
14 | rm installed_files.txt
15 | rm -rf /usr/share/viper /etc/viper
16 |
17 | dist:
18 | python setup.py sdist
19 |
20 | clean:
21 | find . -name '*.pyc' -delete
22 | rm -rf dist build viper.egg-info
23 |
--------------------------------------------------------------------------------
/viper/data/peid/UserDB.TXT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kalium/Snakepit/c11f3fb7f78b886dad09421bc84a97ee14b9bf0b/viper/data/peid/UserDB.TXT
--------------------------------------------------------------------------------
/viper/data/web/error.tpl:
--------------------------------------------------------------------------------
1 | % include("header.tpl", title="Viper Web Interface")
2 |
3 |
Sorry! Viper produced an error
4 |
{{!error}}
5 |
4 | - Home
5 | - {{project}}
6 | - {{file_info[8]}}
7 |
8 |
9 |
15 |
16 |
17 | % include("sections/static.tpl")
18 | % include("sections/notes.tpl")
19 | % include("sections/modules.tpl")
20 | % include("sections/hex.tpl")
21 |
22 |
23 |
24 | % include("footer.tpl")
--------------------------------------------------------------------------------
/viper/data/web/footer.tpl:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
11 |
12 |
13 |
14 |
15 |