├── .codeclimate.yml ├── .gitignore ├── .travis.yml ├── LICENSE ├── README.md ├── analyzer ├── __init__.py └── darwin │ ├── __init__.py │ ├── analyzer.py │ ├── lib │ ├── __init__.py │ ├── common │ │ ├── __init__.py │ │ ├── config.py │ │ ├── hashing.py │ │ ├── rand.py │ │ └── results.py │ ├── core │ │ ├── __init__.py │ │ ├── constants.py │ │ ├── data │ │ │ ├── signatures.yml │ │ │ └── types.yml │ │ ├── filetimes.py │ │ ├── host.py │ │ ├── osx.py │ │ └── packages.py │ └── dtrace │ │ ├── __init__.py │ │ ├── apicalls.d │ │ ├── apicalls.py │ │ ├── autoprobes.py │ │ ├── common.py │ │ ├── dtruss.py │ │ ├── dtruss.sh │ │ ├── follow_children.d │ │ ├── ipconnections.d │ │ └── ipconnections.py │ └── modules │ ├── __init__.py │ └── packages │ ├── __init__.py │ ├── app.py │ ├── bash.py │ ├── macho.py │ └── zip.py ├── config ├── signatures.yml └── types.yml ├── requirements.txt ├── scripts ├── bootstrap_guest.sh └── bootstrap_host.sh └── tests ├── assets ├── probes │ └── test_probes_integration.d.reference ├── test_apicalls_basic.c ├── test_apicalls_children.c ├── test_apicalls_children_root.c ├── test_apicalls_errno.c ├── test_apicalls_errno_root.c ├── test_apicalls_from_dynamic_library.c ├── test_apicalls_from_dynamic_library_root.c ├── test_apicalls_root.c ├── test_apicalls_timeout.c ├── test_apicalls_timeout_root.c ├── test_apicalls_with_args.c ├── test_apicalls_with_args_root.c ├── test_apicalls_without_target.c ├── test_cuckoo_dropped_files ├── test_cuckoo_dropped_files.c ├── test_cuckoo_parents_and_children ├── test_cuckoo_parents_and_children.c ├── test_dtruss_children.c ├── test_dtruss_helloworld.c ├── test_dtruss_non_root.c ├── test_dtruss_root.c ├── test_dtruss_specific_syscall.c ├── test_dtruss_timeout.c ├── test_dtruss_with_args.c ├── test_dtruss_without_target.c ├── test_ipconnections_empty.c ├── test_ipconnections_target_with_args.c ├── test_ipconnections_tcp.c ├── test_ipconnections_tcp_with_timeout.c └── test_ipconnections_udp.c ├── common.py ├── test_analyzer.py ├── test_apicalls.py ├── test_cuckoo.py ├── test_dtruss.py ├── test_ipconnections.py ├── test_packages.py └── test_probesgenerator.py /.codeclimate.yml: -------------------------------------------------------------------------------- 1 | languages: 2 | Python: true 3 | exclude_paths: 4 | - "tests/*" 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/.gitignore -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/.travis.yml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/README.md -------------------------------------------------------------------------------- /analyzer/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/analyzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/analyzer.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/common/__init__.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/common/config.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/hashing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/common/hashing.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/rand.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/common/rand.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/results.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/common/results.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/constants.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/core/constants.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/data/signatures.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/core/data/signatures.yml -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/data/types.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/core/data/types.yml -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/filetimes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/core/filetimes.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/host.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/core/host.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/osx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/core/osx.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/packages.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/core/packages.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/apicalls.d: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/apicalls.d -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/apicalls.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/apicalls.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/autoprobes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/autoprobes.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/common.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/dtruss.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/dtruss.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/dtruss.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/dtruss.sh -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/follow_children.d: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/follow_children.d -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/ipconnections.d: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/ipconnections.d -------------------------------------------------------------------------------- /analyzer/darwin/lib/dtrace/ipconnections.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/lib/dtrace/ipconnections.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/modules/packages/app.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/bash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/modules/packages/bash.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/macho.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/modules/packages/macho.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/zip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/analyzer/darwin/modules/packages/zip.py -------------------------------------------------------------------------------- /config/signatures.yml: -------------------------------------------------------------------------------- 1 | ../analyzer/darwin/lib/core/data/signatures.yml -------------------------------------------------------------------------------- /config/types.yml: -------------------------------------------------------------------------------- 1 | ../analyzer/darwin/lib/core/data/types.yml -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pymongo 2 | pyyaml 3 | nose 4 | -------------------------------------------------------------------------------- /scripts/bootstrap_guest.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/scripts/bootstrap_guest.sh -------------------------------------------------------------------------------- /scripts/bootstrap_host.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/scripts/bootstrap_host.sh -------------------------------------------------------------------------------- /tests/assets/probes/test_probes_integration.d.reference: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/probes/test_probes_integration.d.reference -------------------------------------------------------------------------------- /tests/assets/test_apicalls_basic.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_basic.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_children.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_children.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_children_root.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_children_root.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_errno.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_errno.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_errno_root.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_errno_root.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_from_dynamic_library.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_from_dynamic_library.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_from_dynamic_library_root.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_from_dynamic_library_root.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_root.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_root.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_timeout.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_timeout.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_timeout_root.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_timeout_root.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_with_args.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_with_args.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_with_args_root.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_with_args_root.c -------------------------------------------------------------------------------- /tests/assets/test_apicalls_without_target.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_apicalls_without_target.c -------------------------------------------------------------------------------- /tests/assets/test_cuckoo_dropped_files: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_cuckoo_dropped_files -------------------------------------------------------------------------------- /tests/assets/test_cuckoo_dropped_files.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_cuckoo_dropped_files.c -------------------------------------------------------------------------------- /tests/assets/test_cuckoo_parents_and_children: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_cuckoo_parents_and_children -------------------------------------------------------------------------------- /tests/assets/test_cuckoo_parents_and_children.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_cuckoo_parents_and_children.c -------------------------------------------------------------------------------- /tests/assets/test_dtruss_children.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_dtruss_children.c -------------------------------------------------------------------------------- /tests/assets/test_dtruss_helloworld.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_dtruss_helloworld.c -------------------------------------------------------------------------------- /tests/assets/test_dtruss_non_root.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_dtruss_non_root.c -------------------------------------------------------------------------------- /tests/assets/test_dtruss_root.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_dtruss_root.c -------------------------------------------------------------------------------- /tests/assets/test_dtruss_specific_syscall.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_dtruss_specific_syscall.c -------------------------------------------------------------------------------- /tests/assets/test_dtruss_timeout.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_dtruss_timeout.c -------------------------------------------------------------------------------- /tests/assets/test_dtruss_with_args.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_dtruss_with_args.c -------------------------------------------------------------------------------- /tests/assets/test_dtruss_without_target.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_dtruss_without_target.c -------------------------------------------------------------------------------- /tests/assets/test_ipconnections_empty.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_ipconnections_empty.c -------------------------------------------------------------------------------- /tests/assets/test_ipconnections_target_with_args.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_ipconnections_target_with_args.c -------------------------------------------------------------------------------- /tests/assets/test_ipconnections_tcp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_ipconnections_tcp.c -------------------------------------------------------------------------------- /tests/assets/test_ipconnections_tcp_with_timeout.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_ipconnections_tcp_with_timeout.c -------------------------------------------------------------------------------- /tests/assets/test_ipconnections_udp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/assets/test_ipconnections_udp.c -------------------------------------------------------------------------------- /tests/common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/common.py -------------------------------------------------------------------------------- /tests/test_analyzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/test_analyzer.py -------------------------------------------------------------------------------- /tests/test_apicalls.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/test_apicalls.py -------------------------------------------------------------------------------- /tests/test_cuckoo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/test_cuckoo.py -------------------------------------------------------------------------------- /tests/test_dtruss.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/test_dtruss.py -------------------------------------------------------------------------------- /tests/test_ipconnections.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/test_ipconnections.py -------------------------------------------------------------------------------- /tests/test_packages.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/test_packages.py -------------------------------------------------------------------------------- /tests/test_probesgenerator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rodionovd/cuckoo-osx-analyzer/HEAD/tests/test_probesgenerator.py --------------------------------------------------------------------------------