diff --git a/.gitignore b/.gitignore index 382249529..d72b20050 100644 --- a/.gitignore +++ b/.gitignore @@ -11,5 +11,4 @@ dump.rdb scheduler.lock **/CrossSiteScriptProject **/Image -**/PortableExecute CrossSiteScriptProject \ No newline at end of file diff --git a/ClassCongregation.py b/ClassCongregation.py index a6db25ecd..36d0df0d6 100644 --- a/ClassCongregation.py +++ b/ClassCongregation.py @@ -985,13 +985,13 @@ def Result(self) -> str: TempFileLocation = GetRootFileLocation().Result()+"/Web/CrossSiteScriptHub/CrossSiteScriptTemplate/" return TempFileLocation -class GetPortableExecuteFilePath: # 获取需要进行PE结构处理的文件路径类 +class GetAnalysisFileStoragePath: # 获取分析文件存储路径类 def Result(self) -> str: system_type = sys.platform if system_type == "win32" or system_type == "cygwin": - TempFileLocation = GetRootFileLocation().Result()+"\\Web\\ToolsUtility\\PortableExecute\\" + TempFileLocation = GetRootFileLocation().Result()+"\\Web\\ToolsUtility\\AnalysisFileStorage\\" return TempFileLocation elif system_type == "linux" or system_type == "darwin": - TempFileLocation = GetRootFileLocation().Result()+"/Web/ToolsUtility/PortableExecute/" + TempFileLocation = GetRootFileLocation().Result()+"/Web/ToolsUtility/AnalysisFileStorage/" return TempFileLocation diff --git a/Web/CrossSiteScriptHub/CrossSiteScript.py b/Web/CrossSiteScriptHub/CrossSiteScript.py index 87b4b6ddd..6a82af6d4 100644 --- a/Web/CrossSiteScriptHub/CrossSiteScript.py +++ b/Web/CrossSiteScriptHub/CrossSiteScript.py @@ -28,10 +28,10 @@ def Monitor(request,data):#用于接收信息的监控 try: if request.headers["Content-Type"]=="application/json": - DataPackInfo = str(request.body)#获取post数据包信息 + DataPackInfo = request.body#获取post数据包信息 else: DataPackInfo = str(request.POST.dict()).encode('utf-8')#转换成字典后再换装byte类型穿给加密函数 - HeadersInfo = str(request.headers) # 获取头信息 + HeadersInfo = str(request.headers).encode('utf-8')#获取头信息 CrossSiteScriptInfo().Write(headers=base64.b64encode(HeadersInfo), #对信息进行编码 ip=GetIp(request), #获取IP信息 full_url=str(request.build_absolute_uri()), # 获取完整URL diff --git a/Web/ToolsUtility/PortableExecute/Medusa.txt b/Web/ToolsUtility/AnalysisFileStorage/Medusa.txt similarity index 100% rename from Web/ToolsUtility/PortableExecute/Medusa.txt rename to Web/ToolsUtility/AnalysisFileStorage/Medusa.txt diff --git a/Web/ToolsUtility/ExecutableLinkableFormat.py b/Web/ToolsUtility/ExecutableLinkableFormat.py new file mode 100644 index 000000000..57e607520 --- /dev/null +++ b/Web/ToolsUtility/ExecutableLinkableFormat.py @@ -0,0 +1,42 @@ +from Web.WebClassCongregation import UserInfo +from django.http import JsonResponse +from ClassCongregation import ErrorLog,randoms,GetAnalysisFileStoragePath +import time +from config import portable_execute_file_size +from Web.Workbench.LogRelated import UserOperationLogRecord,RequestLogRecord +import pefile +from cryptography import x509 +from cryptography.hazmat.backends import default_backend +import re +import magic +import os +import hashlib +from asn1crypto import cms + +def Linux(request): # 用于提取保存文件后调用相应的处理函数 + RequestLogRecord(request, request_api="linux_executable_linkable_format_analysis") + if request.method == "POST": + try: + Token =request.headers["token"] + Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID + if Uid != None: # 查到了UID + UserOperationLogRecord(request, request_api="linux_executable_linkable_format_analysis", uid=Uid) # 查询到了在计入 + PictureData = request.FILES.get('file', None) # 获取文件数据 + if 0>=PictureData.size:#判断是不是空文件 + return JsonResponse({'message': "宝贝数据这么小的嘛?", 'code': 400, }) + elif portable_execute_file_size < PictureData.size: #和配置文件中做对比 + SaveFileName = str(int(time.time())) # 重命名文件 + SaveRoute = GetAnalysisFileStoragePath().Result() + SaveFileName # 获得保存路径 + with open(SaveRoute, 'wb') as f: + for line in PictureData: + f.write(line) + #接下来调用处理函数,接着再调用删除函数 + return JsonResponse({'message': "成功了", 'code': 200, }) + else: + return JsonResponse({'message': "文件太大啦~(๑•̀ㅂ•́)و✧", 'code': 501, }) + else: + return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) + except Exception as e: + ErrorLog().Write("Web_ToolsUtility_ExecutableLinkableFormat_Linux(def)", e) + else: + return JsonResponse({'message': '请使用Post请求', 'code': 500, }) \ No newline at end of file diff --git a/Web/ToolsUtility/PortableExecuteStructureAnalysis.py b/Web/ToolsUtility/PortableExecute.py similarity index 70% rename from Web/ToolsUtility/PortableExecuteStructureAnalysis.py rename to Web/ToolsUtility/PortableExecute.py index 49b0eb8ee..7e1519faa 100644 --- a/Web/ToolsUtility/PortableExecuteStructureAnalysis.py +++ b/Web/ToolsUtility/PortableExecute.py @@ -1,6 +1,6 @@ -from Web.WebClassCongregation import UserInfo +from Web.WebClassCongregation import UserInfo,PortableExecutableAnalyticalData from django.http import JsonResponse -from ClassCongregation import ErrorLog,randoms,GetPortableExecuteFilePath +from ClassCongregation import ErrorLog,randoms,GetAnalysisFileStoragePath import time from config import portable_execute_file_size from Web.Workbench.LogRelated import UserOperationLogRecord,RequestLogRecord @@ -14,22 +14,26 @@ from asn1crypto import cms def Windows(request): # 用于提取保存文件后调用相应的处理函数 - RequestLogRecord(request, request_api="windows_portable_execute_structure_analysis") + RequestLogRecord(request, request_api="windows_portable_execute_analysis") if request.method == "POST": try: Token =request.headers["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID - UserOperationLogRecord(request, request_api="windows_portable_execute_structure_analysis", uid=Uid) # 查询到了在计入 + UserOperationLogRecord(request, request_api="windows_portable_execute_analysis", uid=Uid) # 查询到了在计入 PictureData = request.FILES.get('file', None) # 获取文件数据 if 0>=PictureData.size:#判断是不是空文件 return JsonResponse({'message': "宝贝数据这么小的嘛?", 'code': 400, }) elif portable_execute_file_size < PictureData.size: #和配置文件中做对比 - SaveFileName = randoms().result(10) + str(int(time.time())) # 重命名文件 - SaveRoute = GetPortableExecuteFilePath().Result() + SaveFileName # 获得保存路径 + FileMd5 = hashlib.md5(PictureData).hexdigest() # 文件的MD5加密 + FileSha1 = hashlib.sha1(PictureData).hexdigest() # 文件的sha1加密 + FileSha256 = hashlib.sha256(PictureData).hexdigest() # 文件的sha256加密 + SaveFileName = str(FileSha256)+"-"+str(int(time.time())) # 重命名文件 + SaveRoute = GetAnalysisFileStoragePath().Result() + SaveFileName # 获得保存路径 with open(SaveRoute, 'wb') as f: for line in PictureData: f.write(line) + PortableExecute().Run(uid=Uid,md5=FileMd5,save_file_name=SaveFileName,sha1=FileSha1,sha256=FileSha256,path=SaveRoute) #接下来调用处理函数,接着再调用删除函数 return JsonResponse({'message': "成功了", 'code': 200, }) else: @@ -37,39 +41,12 @@ def Windows(request): # 用于提取保存文件后调用相应的处理函数 else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: - ErrorLog().Write("Web_ToolsUtility_AntivirusSoftware_Compared(def)", e) + ErrorLog().Write("Web_ToolsUtility_PortableExecute_Windows(def)", e) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, }) -def Linux(request): # 用于提取保存文件后调用相应的处理函数 - RequestLogRecord(request, request_api="linux_portable_execute_structure_analysis") - if request.method == "POST": - try: - Token =request.headers["token"] - Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID - if Uid != None: # 查到了UID - UserOperationLogRecord(request, request_api="linux_portable_execute_structure_analysis", uid=Uid) # 查询到了在计入 - PictureData = request.FILES.get('file', None) # 获取文件数据 - if 0>=PictureData.size:#判断是不是空文件 - return JsonResponse({'message': "宝贝数据这么小的嘛?", 'code': 400, }) - elif portable_execute_file_size < PictureData.size: #和配置文件中做对比 - SaveFileName = randoms().result(10) + str(int(time.time())) # 重命名文件 - SaveRoute = GetPortableExecuteFilePath().Result() + SaveFileName # 获得保存路径 - with open(SaveRoute, 'wb') as f: - for line in PictureData: - f.write(line) - #接下来调用处理函数,接着再调用删除函数 - return JsonResponse({'message': "成功了", 'code': 200, }) - else: - return JsonResponse({'message': "文件太大啦~(๑•̀ㅂ•́)و✧", 'code': 501, }) - else: - return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) - except Exception as e: - ErrorLog().Write("Web_ToolsUtility_AntivirusSoftware_Compared(def)", e) - else: - return JsonResponse({'message': '请使用Post请求', 'code': 500, }) -class WindowsPortableExecute: +class PortableExecute: def __init__(self): self.IMAGE_DOS_HEADER = [] # 存放DOS头数据 self.IMAGE_NT_HEADERS = {} # 存放NT头数据 @@ -80,6 +57,7 @@ def __init__(self): self.IMAGE_EXPORT_DIRECTORY = [] # 存放导出表数据 self.CertificateDataContainer = [] # 存放证书数据容器 self.IMAGE_RESOURCE_DIRECTORY=[]#存放资源数据 + self.IMAGE_TLS_DIRECTORY= [] # 存放TLS表数据 def DOS(self):#dos头处理函数 _IMAGE_DOS_HEADER = str(self.PE.DOS_HEADER) # DOS头 for i in _IMAGE_DOS_HEADER.splitlines()[1:]: # 对dos头进行清洗 @@ -112,7 +90,7 @@ def SECTION(self):#对节表数据进行清洗 self.IMAGE_SECTION_HEADER.append(IMAGE_SECTION_HEADER_TMP) except Exception as e: ErrorLog().Write( - "Web_ToolsUtility_PortableExecuteStructureAnalysis_WindowsPortableExecute(class)_SECTION(def)", + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_SECTION(def)", e) def CA(self):#对证书进行处理 try: # 获取证书资源段 @@ -143,12 +121,11 @@ def CA(self):#对证书进行处理 except: TMP["cert_issuer"] = None self.CertificateDataContainer.append(TMP) # 存放证书数据 - print(TMP) except: pass except Exception as e: ErrorLog().Write( - "Web_ToolsUtility_PortableExecuteStructureAnalysis_WindowsPortableExecute(class)_CA(def)", e) + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_CA(def)", e) def IMPORT(self):#对导入表进行处理 try: _IMAGE_IMPORT_DESCRIPTOR = self.PE.DIRECTORY_ENTRY_IMPORT # 导入表 @@ -169,7 +146,7 @@ def IMPORT(self):#对导入表进行处理 pass except Exception as e: ErrorLog().Write( - "Web_ToolsUtility_PortableExecuteStructureAnalysis_WindowsPortableExecute(class)_IMPORT(def)", + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_IMPORT(def)", e) def EXPORT(self):#对导出表数据进行处理 @@ -187,7 +164,7 @@ def EXPORT(self):#对导出表数据进行处理 pass except Exception as e: ErrorLog().Write( - "Web_ToolsUtility_PortableExecuteStructureAnalysis_WindowsPortableExecute(class)-EXPORT(def)", + "Web_ToolsUtility_PortableExecute_PortableExecute(class)-EXPORT(def)", e) def RESOURCE(self):#对资源文件进行处理 @@ -221,36 +198,74 @@ def RESOURCE(self):#对资源文件进行处理 TMP["resource_sublanguage"] = str(ResourceThree.data.sublang) # 资源子语言 except Exception as e: ErrorLog().Write( - "Web_ToolsUtility_PortableExecuteStructureAnalysis_WindowsPortableExecute(class)_RESOURCE(def)_ResourceThree", + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_RESOURCE(def)_ResourceThree", e) except Exception as e: ErrorLog().Write( - "Web_ToolsUtility_PortableExecuteStructureAnalysis_WindowsPortableExecute(class)_RESOURCE(def)_ResourceTwo", + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_RESOURCE(def)_ResourceTwo", e) self.IMAGE_RESOURCE_DIRECTORY.append(TMP) # 发送数据到容器中 except Exception as e: ErrorLog().Write( - "Web_ToolsUtility_PortableExecuteStructureAnalysis_WindowsPortableExecute(class)_RESOURCE(def)_ResourceOne", + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_RESOURCE(def)_ResourceOne", e) except Exception as e: ErrorLog().Write( - "Web_ToolsUtility_PortableExecuteStructureAnalysis_WindowsPortableExecute(class)_RESOURCE(def)", + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_RESOURCE(def)", + e) + def TLS(self):#对节表数据进行清洗 + try: + _IMAGE_TLS_DIRECTORY = str(self.PE.DIRECTORY_ENTRY_TLS.struct) # tls表 + for i in _IMAGE_TLS_DIRECTORY.splitlines()[1:]: # 对TLS表数据进行清理 + try: + Name = re.findall(r'(\S*?):', i, re.I)#清洗出来的名字 + Address = re.findall(r':\s*?(0x\w*)', i, re.I)#清洗出来的地址 + self.IMAGE_TLS_DIRECTORY.append({Name[0]:Address[0]})#把数据拼接后发送到容器中 + except Exception as e: + ErrorLog().Write( + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_TLS(def)", + e) + + except Exception as e: + ErrorLog().Write( + "Web_ToolsUtility_PortableExecute_PortableExecute(class)_TLS(def)", e) def Run(self,**kwargs): self.FilePath = kwargs.get("path") # 传入的文件路径 + self.MD5 = kwargs.get("md5") # 传入MD5 + self.SHA1 = kwargs.get("sha1") # 传入SHA1 + self.SHA256 = kwargs.get("sha256") # 传入SHA256 + self.Uid = kwargs.get("uid") # 传入用户的UID + self.SaveFileName = kwargs.get("save_file_name") # 传入保存的文件名 self.PE = pefile.PE(self.FilePath) # 获取路径 - self.MIME = magic.from_file(self.FilePath) #获取文件MIME类型 - self.FileSize =os.path.getsize(self.FilePath) # 传入的文件大小 - self.FileRawDataStream=open(self.FilePath, "rb").read()#获取文件原始数据流 - self.MD5=hashlib.md5(self.FileRawDataStream).hexdigest()#文件的MD5加密 - self.SHA1=hashlib.sha1(self.FileRawDataStream).hexdigest()#文件的sha1加密 - self.SHA256=hashlib.sha256(self.FileRawDataStream).hexdigest()#文件的sha256加密 + self.MIME = str(magic.from_file(self.FilePath) ) #获取文件MIME类型 + self.FileSize =str(os.path.getsize(self.FilePath)) # 传入的文件大小 + self.TimeDateStamp=str(self.PE.NT_HEADERS.FILE_HEADER.TimeDateStamp)#获取PE文件生成时间 self.RESOURCE() self.EXPORT() + self.TLS() self.IMPORT() self.CA() self.SECTION() self.NT() self.DOS() + PortableExecutableAnalyticalData().Write(uid=self.Uid , file_size=self.FileSize, md5=self.MD5, sha1=self.SHA1, sha256=self.SHA256, save_file_name=self.SaveFileName, + file_generation_time= self.TimeDateStamp, image_dos_header=str(self.IMAGE_DOS_HEADER), + image_nt_headers=str(self.IMAGE_NT_HEADERS), image_file_header= str(self.IMAGE_FILE_HEADER), image_optional_header=str(self.IMAGE_OPTIONAL_HEADER), + image_section_header=str(self.IMAGE_SECTION_HEADER), image_import_descriptor=str(self.IMAGE_IMPORT_DESCRIPTOR), + image_export_directory=str(self.IMAGE_EXPORT_DIRECTORY), certificate_data_container=str(self.CertificateDataContainer), + image_resource_directory=str(self.IMAGE_RESOURCE_DIRECTORY), image_tls_directory=str(self.IMAGE_TLS_DIRECTORY)) + +# def test(): +# PictureData=open("/Users/ascotbe/Downloads/04a584091f2a2f48a50c9513fb4f75187f9edf87106f3ab011ba502988d8e9cf.exe", "rb").read() +# FileMd5 = hashlib.md5(PictureData).hexdigest() # 文件的MD5加密 +# FileSha1 = hashlib.sha1(PictureData).hexdigest() # 文件的sha1加密 +# FileSha256 = hashlib.sha256(PictureData).hexdigest() # 文件的sha256加密 +# SaveFileName = str(FileSha256) + "-" + str(int(time.time())) # 重命名文件 +# SaveRoute = GetAnalysisFileStoragePath().Result() + SaveFileName # 获得保存路径 +# with open(SaveRoute, 'wb') as f: +# f.write(PictureData) +# PortableExecute().Run(uid="dadss", md5=FileMd5, save_file_name=SaveFileName, sha1=FileSha1, sha256=FileSha256, +# path=SaveRoute) diff --git a/Web/WebClassCongregation.py b/Web/WebClassCongregation.py index 3e0aaa5bc..5eaacfff0 100644 --- a/Web/WebClassCongregation.py +++ b/Web/WebClassCongregation.py @@ -1204,4 +1204,85 @@ def Query(self): # 查询查看CPU和内存使用信息 return result_list except Exception as e: ErrorLog().Write("Web_WebClassCongregation_HardwareUsageRateInfo(class)_Query(def)", e) - return None \ No newline at end of file + return None + +class PortableExecutableAnalyticalData: # PE文件分析后数据存储 + def __init__(self): + self.con = sqlite3.connect(GetDatabaseFilePath().result()) + # 获取所创建数据的游标 + self.cur = self.con.cursor() + # 创建表 + try: + self.cur.execute("CREATE TABLE PortableExecutable\ + (portable_executable_id INTEGER PRIMARY KEY,\ + uid TEXT NOT NULL,\ + file_size TEXT NOT NULL,\ + md5 TEXT NOT NULL,\ + sha1 TEXT NOT NULL,\ + sha256 TEXT NOT NULL,\ + save_file_name TEXT NOT NULL,\ + creation_time TEXT NOT NULL,\ + file_generation_time TEXT NOT NULL,\ + image_dos_header TEXT NOT NULL,\ + image_nt_headers TEXT NOT NULL,\ + image_file_header TEXT NOT NULL,\ + image_optional_header TEXT NOT NULL,\ + image_section_header TEXT NOT NULL,\ + image_import_descriptor TEXT NOT NULL,\ + image_export_directory TEXT NOT NULL,\ + certificate_data_container TEXT NOT NULL,\ + image_resource_directory TEXT NOT NULL,\ + image_tls_directory TEXT NOT NULL)") + except Exception as e: + ErrorLog().Write("Web_WebClassCongregation_PortableExecutableAnalyticalData(class)_init(def)", e) + + def Write(self, **kwargs) -> bool or None: # 写入相关信息 + CreationTime = str(int(time.time())) # 创建时间 + Uid = kwargs.get("uid") + FileSize= kwargs.get("file_size") + Md5= kwargs.get("md5") + Sha1= kwargs.get("sha1") + Sha256= kwargs.get("sha256") + SaveFileName= kwargs.get("save_file_name") + FileGenerationTime= kwargs.get("file_generation_time") + ImageDosHeader= kwargs.get("image_dos_header") + ImageNewTechnologyHeaders= kwargs.get("image_nt_headers") + ImageFileHeader= kwargs.get("image_file_header") + ImageOptionalHeader= kwargs.get("image_optional_header") + ImageSectionHeader = kwargs.get("image_section_header") + ImageImportDescriptor= kwargs.get("image_import_descriptor") + ImageExportDirectory= kwargs.get("image_export_directory") + CertificateDataContainer= kwargs.get("certificate_data_container") + ImageResourceDirectory= kwargs.get("image_resource_directory") + ImageTransportLayerSecurityDirectory= kwargs.get("image_tls_directory") + + try: + self.cur.execute("INSERT INTO PortableExecutable(uid,file_size,md5,sha1,sha256,save_file_name,creation_time,file_generation_time,image_dos_header,image_nt_headers,image_file_header,image_optional_header,image_section_header,image_import_descriptor,image_export_directory,certificate_data_container,image_resource_directory,image_tls_directory)\ + VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)", (Uid, FileSize, Md5, Sha1,Sha256,SaveFileName,CreationTime,FileGenerationTime,ImageDosHeader,ImageNewTechnologyHeaders,ImageFileHeader,ImageOptionalHeader,ImageSectionHeader ,ImageImportDescriptor,ImageExportDirectory,CertificateDataContainer,ImageResourceDirectory,ImageTransportLayerSecurityDirectory,)) + # 提交 + self.con.commit() + self.con.close() + return True + except Exception as e: + ErrorLog().Write("Web_WebClassCongregation_PortableExecutableAnalyticalData(class)_Write(def)", e) + return False + + # def Query(self): + # try: + # CurrentTime = str(int(time.time())) # 获取当前时间 + # + # self.cur.execute("select * from HardwareUsageRateInfo where creation_time<=? and creation_time>=?", (CurrentTime,str(int(CurrentTime)-3600),))#查询半小时之前的CPU使用率,和内存使用率 + # result_list = [] + # for i in self.cur.fetchall(): + # JsonValues = {} + # JsonValues["memory_used"] = i[1] + # JsonValues["memory_free"] = i[2] + # JsonValues["memory_percent"] = i[3] + # JsonValues["central_processing_unit_usage_rate"] = i[5] + # JsonValues["per_core_central_processing_unit_usage_rate"] = i[6] + # result_list.append(JsonValues) + # self.con.close() + # return result_list + # except Exception as e: + # ErrorLog().Write("Web_WebClassCongregation_PortableExecutableAnalyticalData(class)_Query(def)", e) + # return None \ No newline at end of file diff --git a/Web/urls.py b/Web/urls.py index 0d712e4e9..0e73b6cde 100644 --- a/Web/urls.py +++ b/Web/urls.py @@ -18,7 +18,7 @@ from Web.CrossSiteScriptHub import CrossSiteScript,TemplateManagement from Web.SystemInfo import HardwareInfo from Web.CommonVulnerabilityDetection import Github -from Web.ToolsUtility import AntivirusSoftware,PortableExecuteStructureAnalysis +from Web.ToolsUtility import AntivirusSoftware,PortableExecute,ExecutableLinkableFormat urlpatterns = [ #path('admin/', admin.site.urls), path('api/vulnerability_scanning/', VulnerabilityScanning.Scan),#扫描 @@ -51,7 +51,7 @@ path('api/system_hardware_initialization/', HardwareInfo.Initialization), # 获取当前机器基础信息 path('api/system_hardware_usage_query/', HardwareInfo.UsageQuery), # 获取当前机器cpu和内存使用情况 path('api/antivirus_software_compared/', AntivirusSoftware.Compared), # 通过获取数据进行对比目标机器的杀软 - path('api/windows_portable_execute_structure_analysis/', PortableExecuteStructureAnalysis.Windows), # windows文件上传后进行结构处理 - path('api/linux_portable_execute_structure_analysis/', PortableExecuteStructureAnalysis.Linux),# Linux文件上传后进行结构处理 + path('api/windows_portable_execute_analysis/', PortableExecute.Windows), # windows文件上传后进行结构处理 + path('api/linux_executable_linkable_format_analysis/', ExecutableLinkableFormat.Linux),# Linux文件上传后进行结构处理 ] diff --git a/docs/Documentation/UpDataLog.md b/docs/Documentation/UpDataLog.md index 485bee4ee..6b7bd6d00 100644 --- a/docs/Documentation/UpDataLog.md +++ b/docs/Documentation/UpDataLog.md @@ -2106,4 +2106,13 @@ v0.92.4🌴 v0.92.5🌴 添加Windows资源解析 添加文件数据MD5、sha256、sha1等加密 +``` + +> 2020.12.5 + +``` +v0.92.6🌴 +添加Windows解析TLS结构 +添加PE结构解析数据写入类 +修改一些文件命名和函数命名 ``` \ No newline at end of file diff --git a/text.py b/text.py index 4edca287c..d78daa8ab 100644 --- a/text.py +++ b/text.py @@ -83,7 +83,4 @@ #mitmdump -s ProxyServer.py --proxyauth any --listen-host "0.0.0.0" --listen-port 9747 #.\redis-server.exe redis.windows.conf # git commit -m "v0.82.3:palm_tree:" -#find . -type d -name '__pycache__' | xargs rm -rf -import hashlib -ll="/Users/ascotbe/Downloads/04a584091f2a2f48a50c9513fb4f75187f9edf87106f3ab011ba502988d8e9cf.exe" -f = open(ll, "rb").read() +#find . -type d -name '__pycache__' | xargs rm -rf \ No newline at end of file