#212 WIP

TheHive-Project · Apr 25, 2018 · fdec9fd · fdec9fd
1 parent 47c1468
commit fdec9fd
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/analyzers/FileInfo/FileInfo.json b/analyzers/FileInfo/FileInfo.json
@@ -7,6 +7,8 @@
   "description": "Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...",
   "dataTypeList": ["file"],
   "baseConfig": "FileInfo",
-  "command": "FileInfo/fileinfo_analyzer.py"
+  "command": "FileInfo/fileinfo_analyzer.py",
+  "configurationItems": [
+  ]
 }
 
diff --git a/analyzers/FileInfo/submodules/submodule_outlook.py b/analyzers/FileInfo/submodules/submodule_outlook.py
@@ -4,7 +4,7 @@
 from imapclient.imapclient import decode_utf7
 
 class OutlookSubmodule(SubmoduleBaseclass):
-    """This is just for showing how to include a submodule. No real functionality here."""
+    """Parse Outlook Mail and get useful information"""
 
     def __init__(self):
         SubmoduleBaseclass.__init__(self)
@@ -35,7 +35,7 @@ def xstr(s):
             a.append({'name': attachment.longFilename,
                       'sha256': sha256})
 
-        email = { 'header': xstr(m.header),
+        email = {'header': xstr(m.header),
                     'from': xstr(m.sender),
                     'to': xstr(m.to),
                     'cc': xstr(m.cc),

diff --git a/analyzers/FileInfo/submodules/submodule_pdfid.py b/analyzers/FileInfo/submodules/submodule_pdfid.py
@@ -18,14 +18,12 @@ def check_file(self, **kwargs):
         if kwargs.get('filetype') in ['PDF']:
             return True
 
-    @staticmethod
-    def pdfid_cmd(path):
+    def pdfid_cmd(self, path):
         try:
             j = json.loads(
                 PDFiD2JSON(PDFiD(path, allNames=True, extraData=True, disarm=True, force=True), force=True))
-            print(j)
         except Exception as e:
-            print(e)
+            return e
 
     def analyze_file(self, path):
         self.add_result_subsection('PDFiD Information', self.pdfid_cmd(path))

diff --git a/analyzers/FileInfo/submodules/submodule_pe.py b/analyzers/FileInfo/submodules/submodule_pe.py
@@ -98,7 +98,7 @@ def analyze_file(self, path):
             pe = pefile.PE(path)
             pedict = pe.dump_dict()
         except Exception as excp:
-            print("Failed processing {}".format(path))
+            return "Failed processing {}".format(path)
 
         self.add_result_subsection('Headers', self.pe_info(pe))
         self.add_result_subsection('Hashes', {