viper-framework / viper-modules Goto Github PK
View Code? Open in Web Editor NEWLicense: BSD 3-Clause "New" or "Revised" License
License: BSD 3-Clause "New" or "Revised" License
I'm trying to install all the dependencies by running pip3 install -r requirements.txt
on the requirements.txt file in the repositories. For the lines specifying a git repo I'm getting the error
Collecting verify-sigs@ git+https://github.com/sebdraven/verify-sigs.git#egg=verify-sigs (from -r /tmp/requirements.txt (line 80)) Exception: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/basecommand.py", line 215, in main status = self.run(options, args) File "/usr/lib/python3/dist-packages/pip/commands/install.py", line 353, in run wb.build(autobuilding=True) File "/usr/lib/python3/dist-packages/pip/wheel.py", line 749, in build self.requirement_set.prepare_files(self.finder) File "/usr/lib/python3/dist-packages/pip/req/req_set.py", line 380, in prepare_files ignore_dependencies=self.ignore_dependencies)) File "/usr/lib/python3/dist-packages/pip/req/req_set.py", line 554, in _prepare_file require_hashes File "/usr/lib/python3/dist-packages/pip/req/req_install.py", line 278, in populate_link self.link = finder.find_requirement(self, upgrade) File "/usr/lib/python3/dist-packages/pip/index.py", line 465, in find_requirement all_candidates = self.find_all_candidates(req.name) File "/usr/lib/python3/dist-packages/pip/index.py", line 423, in find_all_candidates for page in self._get_pages(url_locations, project_name): File "/usr/lib/python3/dist-packages/pip/index.py", line 568, in _get_pages page = self._get_page(location) File "/usr/lib/python3/dist-packages/pip/index.py", line 683, in _get_page return HTMLPage.get_page(link, session=self.session) File "/usr/lib/python3/dist-packages/pip/index.py", line 795, in get_page resp.raise_for_status() File "/usr/share/python-wheels/requests-2.18.4-py2.py3-none-any.whl/requests/models.py", line 935, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 404 Client Error: Not Found for url: https://pypi.org/simple/verify-sigs/
If I change the line to remove the @ section before the git repo it seems to work
It seems that the MISP modules is still using the old function calls from PyMISP.
Such as:
adulau@dobbertin:~/.viper/modules$ git diff
diff --git a/misp.py b/misp.py
index 02b26cd..b841cdb 100644
--- a/misp.py
+++ b/misp.py
@@ -504,7 +504,7 @@ class MISP(Module):
return
open_session = len(self.args.event) == 1
for e in self.args.event:
- event = self.misp.get(e)
+ event = self.misp.get_events(e)
if not self._has_error_message(event):
self._search_local_hashes(event, open_session)
self._dump()
diff --git a/misp_methods/check_hashes.py b/misp_methods/check_hashes.py
index 98ad179..16cd27a 100644
--- a/misp_methods/check_hashes.py
+++ b/misp_methods/check_hashes.py
@@ -34,7 +34,7 @@ def _populate(self, event):
event_id = self._get_eventid()
if event_id is None:
return
- event = self.misp.get(event_id)
+ event = self.misp.get_event(event_id)
if self._has_error_message(event):
return
__sessions__.new(misp_event=MispEvent(event, self.offline_mode))
@@ -83,7 +83,7 @@ def check_hashes(self):
event_id = self._get_eventid()
if event_id is None:
return
- misp_event = self.misp.get(event_id)
+ misp_event = self.misp.get_event(event_id)
if self._has_error_message(misp_event):
return
There are also other issues related to the object
viper > misp check_hashes -p 73155
[!] The command misp raised an exception:
Traceback (most recent call last):
File "/home/adulau/.local/lib/python3.6/site-packages/viper/core/ui/console.py", line 322, in start
module.run()
File "/home/adulau/.viper/modules/misp.py", line 642, in run
self.check_hashes()
File "/home/adulau/.viper/modules/misp_methods/check_hashes.py", line 94, in check_hashes
for o in misp_event.Object:
AttributeError: 'dict' object has no attribute 'Object'
viper > quit
@Rafiot could you have a look? Thanks a lot.
During a recent install, python warned about a double requirement, notably the bitstring==3.1.6 and bitstring==3.1.7 in the requirements.txt file.
Do the modules require both of these versions specifically, or can the requirements.txt file be modified to only require one of the versions?
Line 467 in d21d555
misp pull doesn't work without:
diff --git a/misp.py b/misp.py
index 02b26cd..18c0adc 100644
--- a/misp.py
+++ b/misp.py
@@ -504,7 +504,7 @@ class MISP(Module):
return
open_session = len(self.args.event) == 1
for e in self.args.event:
- event = self.misp.get(e)
+ event = self.misp.get_event(e)
if not self._has_error_message(event):
self._search_local_hashes(event, open_session)
self._dump()
According to the current implementation of calculate_pehash
, "pad to 16 bits"
viper-modules/pehash/pehasher.py
Lines 25 to 28 in d21d555
exe.FILE_HEADER.Characteristics
is 0x22 (e.g., PE+ EXE), upper 8bits data cannot be accessed, so "ValueError: Bitstrings must have the same length for ^ operator." exception is thrown as follows
#pad to 16 bits
img_chars = bitstring.BitArray(bytes=img_chars.tobytes())
--> img_chars_xor = img_chars[0:8] ^ img_chars[8:16]
/usr/local/lib/python3.5/dist-packages/bitstring-3.1.5-py3.5.egg/bitstring.py in __xor__(self, bs)
1128 bs = Bits(bs)
1129 if self.len != bs.len:
-> 1130 raise ValueError("Bitstrings must have the same length "
1131 "for ^ operator.")
1132 s = self._copy()
ValueError: Bitstrings must have the same length for ^ operator.
I think these lines should be fixed as follows.
#image characteristics
img_chars = bitstring.BitArray(hex(exe.FILE_HEADER.Characteristics))
#pad to 16 bits
# img_chars = bitstring.BitArray(bytes=img_chars.tobytes()) # <- this line do not do 16bits padding
img_chars = img_chars.bin.zfill(16) # <- correct 16bits padding
img_chars_xor = img_chars[0:8] ^ img_chars[8:16]
Is this an intended behavior of calculate_pehash
function?
@Rafiot for your info
viper [MISP 73155] > misp check_hashes -p 69109
WARNING [api.py:128 - __init__() ] The version of PyMISP recommended by the MISP instance (2.4.130) is newer than the one you're using now (2.4.128). Please upgrade PyMISP.
[!] aa5e8e21c79b0b4a02726233b9f5eb4994c87ad3: The requested resource is not among the finished, queued or pending scans
[!] dbea8daf48cc54c7cfb0dcc689d4c9549d3dd23f: The requested resource is not among the finished, queued or pending scans
[!] 20ff1a290a53b39c4e54a670e8c27852be8bcff4: The requested resource is not among the finished, queued or pending scans
[!] 3b923fa1e5dcb4f65daa138beceb123d7c431d1b: The requested resource is not among the finished, queued or pending scans
[!] The command misp raised an exception:
Traceback (most recent call last):
File "/home/adulau/.local/lib/python3.6/site-packages/viper/core/ui/console.py", line 322, in start
module.run()
File "/home/adulau/.viper/modules/misp.py", line 642, in run
self.check_hashes()
File "/home/adulau/.viper/modules/misp_methods/check_hashes.py", line 178, in check_hashes
vt_object = self._make_VT_object(to_expand, original_attribute)
File "/home/adulau/.viper/modules/misp_methods/check_hashes.py", line 67, in _make_VT_object
default_attributes_parameters=default_attributes_parameters)
File "/home/adulau/.local/lib/python3.6/site-packages/pymisp/tools/vtreportobject.py", line 35, in __init__
self._report = self.__query_virustotal(apikey, indicator)
File "/home/adulau/.local/lib/python3.6/site-packages/pymisp/tools/vtreportobject.py", line 82, in __query_virustotal
report_json = report.json()
File "/home/adulau/.local/lib/python3.6/site-packages/requests/models.py", line 898, in json
return complexjson.loads(self.text, **kwargs)
File "/usr/lib/python3/dist-packages/simplejson/__init__.py", line 518, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 370, in decode
obj, end = self.raw_decode(s)
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 400, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.