Comments (3)
garanews
commented on May 24, 2024
from orochi.
garanews
commented on May 24, 2024
Global
- if not able to find automatically what download, provide URL
- if not able to find automatically what download, upload package (deb, ddeb, rpm,..?)
- upload direcly symbol (json, json.xz)
- proxy support :(
Specific
-
Ubuntu
- find best matching repo
- steps to build symbols
- download linux-image-xxxx-generic-dbgsym.ddeb
- extract ddeb
- extract data.tgz
- find vmlinuz and pass it to dwarf
- identify regexp to match banner result with online link
- banner:
Linux version 5.8.0-25-generic (buildd@lcy01-amd64-022) (gcc (Ubuntu 10.2.0-13ubuntu1) 10.2.0, GNU ld (GNU Binutils for Ubuntu) 2.35.1) #26-Ubuntu SMP Thu Oct 15 10:30:38 UTC 2020 (Ubuntu 5.8.0-25.26-generic 5.8.14) - online package:
linux-image-unsigned-5.8.0-25-generic-dbgsym_5.8.0-25.26_amd64.ddeb
- banner:
- integrate in OROCHI
-
Debian
- find best matching repo
- steps to build symbols
- download linux-image-xxxxx-dbg_xxxxxx.deb
- extract deb
- extract data.tgz
- find vmlinuz and pass it to dwarf
- identify regexp to match banner result with online link
- banner:
Linux version 4.9.0-8-amd64 ([email protected]) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.130-2 (2018-10-27) - online package:
linux-image-4.9.0-8-amd64-dbg_4.9.130-2_amd64.deb
- banner:
- integrate in OROCHI
-
RedHat
- find best matching repo
- https://access.redhat.com/downloads/content/package-browser but need credentials
- steps to build symbols
- extract rpm
- find vmlinuz and pass it to dwarf
- identify regexp to match banner result with online link
- banner:
Linux version 4.18.0-240.15.1.el8_3.x86_64 ([email protected]) (gcc version 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)) #1 SMP Wed Feb 3 03:12:15 EST 2021 - online package:
kernel-debuginfo-4.18.0-240.15.1.el8_3.x86_64.rpm
- banner:
- integrate in OROCHI
- find best matching repo
-
Fedora
- find best matching repo
- steps to build symbols
- extract rpm
- find vmlinuz and pass it to dwarf
- identify regexp to match banner result with online link
- banner:
Linux version 5.8.15-301.fc33.x86_64 ([email protected]) (gcc (GCC) 10.2.1 20200826 (Red Hat 10.2.1-3), GNU ld version 2.35-10.fc33) #1 SMP Thu Oct 15 16:58:06 UTC 2020 - online package:
kernel-debuginfo-5.8.15-301.fc33.x86_64.rpm
- banner:
- integrate in OROCHI
-
other distros
from orochi.
dadokkio
commented on May 24, 2024
django_1 | 172.21.0.1:40816 - - [16/Jan/2024:15:44:08] "GET /symbols?index=dd17ccfa-b485-11ee-890e-0242ac150005" 200 4291
django_1 | - Downloading https://deb.sipwise.com/debian/pool/main/l/linux/linux-image-4.19.0-5-amd64-dbg_4.19.37-5_amd64.deb
django_1 | - Extracting ./usr/lib/debug/lib/modules/4.19.0-5-amd64/vmlinux
django_1 | - Writing to /tmp/vmlinuxwg0426e3
django_1 | Processing Files...
django_1 | - Running ['/dwarf2json/./dwarf2json', 'linux', '--elf', '/tmp/vmlinuxwg0426e3']
django_1 | - Writing to /src/volatility3/volatility3/symbols/linux/added_4.19.0-5-amd64-dbg_4.19.37-5_amd64.json.xz
django_1 | Done
django_1 | ERROR 2024-01-16 15:52:20,257 log 36 140467215779584 Internal Server Error: /symbols
django_1 | Traceback (most recent call last):
django_1 | File "/usr/local/lib/python3.11/site-packages/asgiref/sync.py", line 534, in thread_handler
django_1 | raise exc_info[1]
django_1 | File "/usr/local/lib/python3.11/site-packages/django/core/handlers/exception.py", line 42, in inner
django_1 | response = await get_response(request)
django_1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
django_1 | File "/usr/local/lib/python3.11/site-packages/asgiref/sync.py", line 534, in thread_handler
django_1 | raise exc_info[1]
django_1 | File "/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py", line 253, in _get_response_async
django_1 | response = await wrapped_callback(
django_1 | ^^^^^^^^^^^^^^^^^^^^^^^
django_1 | File "/usr/local/lib/python3.11/site-packages/asgiref/sync.py", line 479, in __call__
django_1 | ret: _R = await loop.run_in_executor(
django_1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
django_1 | File "/usr/local/lib/python3.11/site-packages/asgiref/current_thread_executor.py", line 40, in run
django_1 | result = self.fn(*self.args, **self.kwargs)
django_1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
django_1 | File "/usr/local/lib/python3.11/site-packages/asgiref/sync.py", line 538, in thread_handler
django_1 | return func(*args, **kwargs)
django_1 | ^^^^^^^^^^^^^^^^^^^^^
django_1 | File "/usr/local/lib/python3.11/contextlib.py", line 81, in inner
django_1 | return func(*args, **kwds)
django_1 | ^^^^^^^^^^^^^^^^^^^
django_1 | File "/usr/local/lib/python3.11/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapper_view
django_1 | return view_func(request, *args, **kwargs)
django_1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
django_1 | File "/app/orochi/website/views.py", line 1319, in symbols
django_1 | if check_runnable(dump.pk, dump.operating_system, dump.banner):
django_1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
django_1 | File "/app/orochi/utils/volatility_dask_elk.py", line 756, in check_runnable
django_1 | if banners := automagic.linux.LinuxSymbolFinder(ctx, "").banners:
django_1 | ^^^^^^^^^^^^^^^
django_1 | AttributeError: module 'volatility3.framework.automagic' has no attribute 'linux'
need to be fixed for new automagic + cache logic
from orochi.
Related Issues (20)
- show plugins description with mouse over text
- organize memory dumps in folders
- add possibility to download all symbols from a given ISF URL
- evaluate if latest yara-python build works inside docker
- Upload ntoskrnl.exe and generate symbol HOT 1
- Upgrading to the latest version HOT 3
- uv for installing requirements HOT 1
- why my plugins is empty?
- Read only users for educational. HOT 1
- ldap integration
- Re-run default enabled plugins HOT 1
- Run a plugin among different images
- column color is ok, but also image name would be useful HOT 2
- sort & filter on uploaded dumps HOT 1
- server side table generation
- error passing CSRF_TRUSTED_ORIGINS
- evaluate possibility to switch from daphne to uvicorn for asgi
- manage dump info directly in elastic HOT 1
- Add download button for uploaded dumps
- add description field during dump upload
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from orochi.