Skip to content

Commit

Permalink
#212 update long report for PDF info, wording in outlook submodule
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeromeleonard
jeromeleonard committed May 16, 2018
1 parent 8d24544 commit 272cfc7
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 8 deletions.
8 changes: 3 additions & 5 deletions analyzers/FileInfo/submodules/submodule_outlook.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,10 @@ def xstr(s):
attachments = m.attachments
a = []
for attachment in attachments:
with attachment.data as fh:
buf = fh.read()
sha256 = hashlib.sha256()
sha256.update(buf)
sha256 = hashlib.sha256()
sha256.update(attachment.data)
a.append({'name': attachment.longFilename,
'sha256': sha256})
'sha256': sha256.hexdigest()})

email = {'header': xstr(m.header),
'from': xstr(m.sender),
Expand Down
3 changes: 2 additions & 1 deletion analyzers/FileInfo/submodules/submodule_pdfid.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
from pdfid.pdfid import *
import optparse

import json

from .submodule_base import SubmoduleBaseclass
Expand All @@ -25,6 +25,7 @@ def pdfid_cmd(self, path):
PDFiD2JSON(PDFiD(path, allNames=True, extraData=True, disarm=True, force=True), force=True))
except Exception as e:
return e
return j

def analyze_file(self, path):
self.add_result_subsection('PDFiD Information', self.pdfid_cmd(path))
Expand Down
64 changes: 62 additions & 2 deletions thehive-templates/FileInfo_3_0/long.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,15 +130,75 @@ <h4 class="panel-title">
<dd class="wrap"><pre>{{r.submodule_section_content.body}}</pre></dd>
</dl>
<dl class="dl-horizontal">
<dt>Attachment hashes</dt>
<dd class="wrap"><pre>{{r.submodule_section_content.attachments}}</pre></dd>
<dt>Attachments</dt>
<dd class="wrap">
<table class="table">
<thead>
<tr>
<th >Filename</th>
<th >SHA256</th>
</tr>
</thead>
<tbody ng-repeat="a in r.submodule_section_content.attachments">
<tr>
<td>{{a.name}}</td>
<td>{{a.sha256}}</td>
</tr>
</tbody>
</table>
</dd>
</dl>
<dl class="dl-horizontal">
<dt>All Headers</dt>
<dd class="wrap"><pre>{{r.submodule_section_content.header}}</pre></dd>
</dl>
</div>
</div>
</div>
</div>
<!-- PDF Information (PDFiD)-->
<div ng-if="result.submodule_name=='PDF Information'">
<div class="panel-body">
<div ng-repeat="r in result.results" class="panel panel-primary">
<div class="panel-heading" ng-if="r.submodule_section_header=='PDFiD Information'">
<h4 class="panel-title">
{{r.submodule_section_header}}
</h4>
</div>
<div class="panel-body">
<div ng-repeat="(k,v) in r.submodule_section_content[0].pdfid">
<dl class="dl-horizontal" ng-if="k!='keywords'">
<dt>{{k}}</dt>
<dd class="wrap">{{v}}</dd>
</dl>
<dl class="dl-horizontal" ng-if="k=='keywords'">
<dt>{{k}}</dt>
<dd class="wrap">
<table class="table">
<thead>
<tr>
<th >name</th>
<th >hexcodecount</th>
<th >count</th>
</tr>
</thead>
<tbody ng-repeat="a in v.keyword">
<tr>
<td>{{a.name}}</td>
<td>{{a.hexcodecount}}</td>
<td>{{a.count}}</td>
</tr>
</tbody>
</table>
</dd>
</dl>
</div>

</div>
</div>


</div>
</div>
<!--Next submodule here -->
</uib-tab>
Expand Down

0 comments on commit 272cfc7

Please sign in to comment.