Code Monkey home page Code Monkey logo

snake-scales's Introduction

Snake Scales

The official snake scales repository.

Installation

Scale can be installed in one of three ways, using snake, pip or by cloning the respository and pointing Snake to it.

Once installed Snake and the Celery workers must be restarted.

Note: Any missing dependencies or configuration settings will be reported in Snake's log!

Snake Based

The Snake command line utility can be used to install a scale.

snake install SCALE_NAME

The Snake command line utility can also be used to check the loadable state of a scale. This is very useful when a scale has multiple dependencies.

snake check SCALE_NAME

Pip Based

A scale can be installed using pip as follows:

# 1. Install the scale with pip
pip install 'git+https://github.com/countercept/snake-scales#egg=<SCALE>&subdirectory=<SCALE>'

# 2. (Optional) Copy scales conf file if present to /etc/snake/scales
export SCALE=<SCALE>
export SCALE_DIR=`python -c "import imp; print(imp.find_module('snake_${SCALE}')[1])"`
if [ -f "${SCALE_DIR}/${SCALE}.conf" ]; then cp "${SCALE_DIR}/${SCALE}.conf" "/etc/snake/scales/${SCALE}.conf.example"; fi

# 3. Install system dependencies
# If any, these will be reported in the Snake log, or usually listed in the `check` functions within components

Clone Based

All the scales from a repository can easily be added to Snake, just by cloning and pointing.

# 1. Clone the repository to the desired location
git clone https://github.com/countercept/snake-scales.git <SCALE_DIR>

# 2. Add directory to snake.conf
[snip]
snake_scale_dirs: [
  '<SCALE_DIR>'
]
[snip]

# 3. (Optional) Copy scales conf files if present to /etc/snake/scales
# Check through the scales folders and copy their .conf files if present to /etc/snake/scales

# 4. Install python requirements
# If any, either look through the setup.py files or look at the Snake log.

# 5. Install system dependencies
# If any, these will be reported in the Snake log, or usually listed in the `check` functions within components

Scales

Binwalk

Runs binwalk on a sample.

Dependencies

  • (Required) Binwalk

ClamAV

Scans a sample using ClamAV.

Dependencies

  • (Required) ClamAV

Cuckoo

Allows Snake to interact with Cuckoo, such as submitting samples to Cuckoo.

Dependencies

  • (Required) Cuckoo

Configuration

Variable Default Description
cuckoo_api null URL for Cuckoo API
cuckoo_url null URL to Cuckoo Web UI
verify True Verify SSL connection if using HTTPS

ELF

Analyse ELF files using elftools.

Exiftool

Runs exiftool on a sample.

Dependencies

  • (Required) Exiftool

Floss

Runs FireEye's floss on a binary.

Dependencies

  • (Required) Floss

Configuration

Variable Default Description
floss_path null Path to floss binary
home null Path to HOME directory, required if user does not have a HOME

NIST NSRL

Search for sample in NIST's NSRL hashes.

Configuration

Variable Default Description
nsrl_path null Path to NSRL hashes text file

Office

Analyse a sample using olefile, oletools.

PDF

Analyse a sample using pdf-parser, pdfid and peepdf.

Dependencies

  • (Optional) pdf-parser
  • (Optional) pdfid
  • (Optional) peepdf

Configuration

Variable Default Description
pdf_parser_path null Path to pdf-parser.py
pdfid_path null Path to pdfid.py
peepdf_path null Path to peepdf.py

PEFile

Analyse a sample using pefile.

Radare2

Runs radare2 on a sample.

Dependencies

  • (Required) Radare2

Radare2 Scripts

Runs radare2 based scripts on a sample.

Dependencies

  • (Required) Radare2

Rekall

Runs rekall on a sample.

Dependencies

  • (Required) Rekall

Configuration

Variable Default Description
cache_dir null Location of the profiles cache directory
repository_path null Path to search for profiles in, useful for no internet access

RetDec

Runs the Retargetable Decompiler on parts of a sample.

Dependencies

  • (Required) Rardare2

Configuration

Variable Default Description
online true Toggle between using the online instance or a local one
api_key null API key required for interaction with RetDec's online instance (online)
retdec_dir null Directory that retdec is installed to (local)

TRiD

Runs trid on a sample.

Dependencies

  • (Required) TRiD

Configuration

Variable Default Description
trid_path null Path to trid
tridupdate_path null Path to tridupdate.py
triddefs_path null Path to triddefs.trd

VirusTotal

Allows Snake to interact with VirusTotal, such as querying VT for information about a sample.

Configuration

Variable Default Description
api_key null VirusTotal API key
api_private false Enable private features when using private VirusTotal API key

Volatility

Run vol.py on a sample

Dependencies

  • (Required) Volatility

Configuration

Variable Default Description
vol_path null Path to vol.py

Yara

Scan a sample with yara.

Configuration

Variable Default Description
rules_key null Path to directory containing yara rules
blacklisted_rules [] A list of rules to ignore

snake-scales's People

Contributors

alexkornitzer avatar srcr avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

connormorley guillaumecouchard bizarrechaos blue-infosec

snake-scales's Issues

2 Issues about interface

Issue 1: Upload failed when using Cuckoo Interface (submit)

Situation as shown in .gif:
snake

Snake.log lines related to the situation:

[W 210211 03:16:13 snake_handler:208] upload/file - no 'file' in part
[W 210211 03:16:13 web:2105] 422 POST /upload/file (127.0.0.1) 3.87ms

Issue 2: Something wrong in the interface section

I tried to select an interface in the interface section, but nothing show.

Situation as shown in .gif:
snake2

Failed to install scale

Hey, can you help me about this? Scale failed to be install.

Using snake install

ubuntu@ubuntu:~/snake$ snake install binwalk
Installing: binwalk
Collecting git+https://github.com/countercept/snake-scales#subdirectory=binwalk
  Cloning https://github.com/countercept/snake-scales to /tmp/pip-3wbxsdf_-build
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-3wbxsdf_-build/binwalk/setup.py", line 3, in <module>
        import binwalk as scale
      File "/tmp/pip-3wbxsdf_-build/binwalk/binwalk/__init__.py", line 1, in <module>
        from snake.scale import FileType, scale
    ModuleNotFoundError: No module named 'snake.scale'
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-3wbxsdf_-build/binwalk
Failed to install: binwalk

Using pip based

ubuntu@ubuntu:~/snake$ pip install git+https://github.com/countercept/snake-scales/binwalk
Collecting git+https://github.com/countercept/snake-scales/binwalk
  Cloning https://github.com/countercept/snake-scales/binwalk to /tmp/pip-n9LvPR-build
remote: Not Found
fatal: repository 'https://github.com/countercept/snake-scales/binwalk/' not found
Command "git clone -q https://github.com/countercept/snake-scales/binwalk /tmp/pip-n9LvPR-build" failed with error code 128 in None

Cuckoo Configuration

Hi Alex.

May I know, if my cuckoo does not use HTTPS, what should I change for the "verify" part? I tried to change to "False" in the conf, and as a result, my sample cannot be submitted by select Cuckoo as the interface's scale. Vice versa, if I'm remain unchanged the default value "True", the sample submit successfully.

image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.