Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upload download folder for URLs analysis #2460

Closed
wants to merge 2 commits into from
Closed

Upload download folder for URLs analysis #2460

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f34f621
Upload download folder for URLs analysis
xiangchen96 Jan 14, 2025
fa66495
on/off
doomedraven Jan 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions analyzer/windows/analyzer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,9 +183,11 @@ def del_pid_from_aux_modules(pid):
continue


def upload_files(folder):
def upload_files(folder, prefix=PATHS['root'], upload_folder=None):
"""Create a copy of the given file path."""
log_folder = f"{PATHS['root']}\\{folder}"
if upload_folder is None:
upload_folder = folder
log_folder = f"{prefix}\\{folder}"
try:
if os.path.exists(log_folder):
log.info('Uploading files at path "%s"', log_folder)
Expand All @@ -199,7 +201,7 @@ def upload_files(folder):
for root, _, files in os.walk(log_folder):
for file in files:
file_path = os.path.join(root, file)
upload_path = os.path.join(folder, file)
upload_path = os.path.join(upload_folder, file)
try:
upload_to_host(file_path, upload_path, category=folder)
except (IOError, socket.error) as e:
Expand Down Expand Up @@ -334,6 +336,10 @@ def complete(self):
# TLS secrets (if any)
upload_files("tlsdump")

# Upload downloads folder if URL
if self.config.category == "url" and self.config.upload_downloads_folder:
upload_files("downloads", prefix=os.environ["HOMEPATH"], upload_folder="files")

# Stop the Pipe Servers.
if hasattr(self, "command_pipe"):
self.command_pipe.stop()
Expand Down
5 changes: 5 additions & 0 deletions conf/default/auxiliary.conf.default
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,11 @@ browsermonitor = no
wmi_etw = no
dns_etw = no

# The same as auxiliary_modules but not need to include in unittesting
[auxiliary_modules_custom]
# Url analysis, upload all files from Downloads folder
upload_downloads_folder = no

[AzSniffer]
# Enable or disable the use of Azure Network Watcher packet capture feature, disable standard sniffer if this is in use to not create concurrent .pcap files
enabled = no
Expand Down
4 changes: 4 additions & 0 deletions lib/cuckoo/core/analysis_manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,10 @@ def build_options(self):
for plugin in self.aux_cfg.auxiliary_modules.keys():
options[plugin] = self.aux_cfg.auxiliary_modules[plugin]

# custom options from auxiliary.conf
for plugin in self.aux_cfg.auxiliary_modules_custom.keys():
options[plugin] = self.aux_cfg.auxiliary_modules_custom[plugin]

return options

def category_checks(self) -> Optional[bool]:
Expand Down
Loading