templates/report.html
<html>
<head>
<title>Analysis Report</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://maxcdn.bootstrapcdn.com/bootswatch/3.3.7/darkly/bootstrap.min.css" rel="stylesheet" media="screen">
<script src="http://code.jquery.com/jquery-1.10.2.min.js"></script>
<script src="http://d3js.org/d3.v3.min.js"></script>
<link rel="stylesheet" type="text/css" href="../templates/tableCustom.css">
<script type="text/javascript" charset="utf8" src="http://cdn.datatables.net/1.10.15/js/jquery.dataTables.js"></script>
<script type="text/javascript" src="../templates/irfunctions.js"></script>
<!-- Latest compiled and minified CSS -->
<!--<style type="text/css">
.container {
max-width: 1000px;
padding-top: 50px;
}
</style>-->
<style type="text/css">
table {
font-family: Century Gothic;
font-size: 12px;
}
.node {
cursor: pointer;
}
.node circle {
fill: #fff;
stroke: steelblue;
stroke-width: 1.5px;
}
.node text {
font: 10px sans-serif;
}
.link {
fill: none;
stroke: #ccc;
stroke-width: 1.5px;
}
.node rect {
cursor: move;
fill-opacity: .9;
shape-rendering: crispEdges;
}
</style>
</head>
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">Analysis Report</a>
</div>
</nav>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Errors</h3>
</div>
<div class="panel-body">
<div class="col-md-6">
<table class="table table-striped table-hover">
<thead></thead>
{% for error in errors %}
{% if error|length >0 %}
<tr>
<td> {{error}} </td>
</tr>
{% endif %}
{% endfor %}
</table>
</div>
</div>
</div>
</div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Image information
<span class="label label-default">[{{ image_info['image_name'] }}]</span></h3>
</div>
<div class="panel-body">
<div class="col-md-6">
<table class="table table-striped table-hover">
<thead></thead>
<tr>
<td>Suggested Profiles</td>
<td> {{profiles}} </td>
</tr>
<tr>
<td>Selected Profile</td>
<td> {{working_profile}} </td>
</tr>
<tr>
<td>KDBG</td>
<td>{{image_info['KDBG']}}</td>
</tr>
<tr>
<td>Number of Processors</td>
<td>{{image_info['Number of Processors']}}</td>
</tr>
<tr>
<td>Image date and time</td>
<td>{{image_info['Image date and time']}}</td>
</tr>
<tr>
<td>Analysis date and time</td>
<td>{{analysis_timestamp}}</td>
</tr>
<tr>
<td>MD5</td>
<td>{{image_md5}}</td>
</tr>
<tr>
<td>SHA1</td>
<td>{{image_sha1}}</td>
</tr>
</table>
</div>
<div class="col-md-6">
<table class="table table-striped table-hover">
<thead></thead>
<tr>
<td>OS Version</td>
<td>{{ version_info['ProductName'] }}</td>
</tr>
<tr>
<td>SP</td>
<td>{{ version_info['CSDVersion'] }}</td>
</tr>
<tr>
<td>CurrentVersion</td>
<td>{{ version_info['CurrentVersion'] }}</td>
</tr>
<tr>
<td>Edition</td>
<td>{{ version_info['EditionID'] }}</td>
</tr>
<tr>
<td>Organization</td>
<td>{{ version_info['RegisteredOrganization'] }}</td>
</tr>
<tr>
<td>Owner</td>
<td>{{ version_info['RegisteredOwner'] }}</td>
</tr>
<tr>
<td>Domain</td>
<td>{{ version_info['domain'] }}</td>
</tr>
<tr>
<td>Computer name</td>
<td>{{ version_info['compname'] }}</td>
</tr>
</table>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Users</h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<table class="table table-striped table-hover">
<thead>
<td><b>Username</b></td>
<td><b>Group(s)</b></td>
<td><b>Last Login</b></td>
<td><b>Account creation</b></td>
<td><b>Account type</b></td>
</thead>
{% for user in users %}
<tr>
<td>{{ user['user'] }}</td>
<td>Not implemented</td>
<td>{{ user['Last Login Date'] }}</td>
<td>{{ user['Account Created Date'] }}</td>
<td>{{ user['Account Type'] }}</td>
</tr>
{% endfor %}
</table>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Process Risk index</h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<table class="table table-striped table-hover">
<thead>
<td><b>PID</b></td>
<td><b>Name</b></td>
<td><b>MD5</b></td>
<td><b>VirusTotal</b></td>
<td><b>Process evaluation</b></td>
</thead>
{% for entry in risk_index %}
<tr>
<td>{{ entry['pid'] }}</td>
<td>{{ entry['name'] }}</td>
{% if entry['vt_code'] == 1 %}
<td><a href="{{ entry['permalink'] }}">{{ entry['md5'] }}</a></td>
<td><span class="glyphicon glyphicon-fire">
{{ entry['positives'] }}/{{ entry['total'] }}
</span></td>
{% else %}
<td>{{ entry['md5'] }}</td>
<td><span class="glyphicon glyphicon-ban-circle">
0/0
</span></td>
{% endif %}
<td>
<div class="progress">
{% if entry['risk_index'] == 1 %}
<div class="progress-bar progress-bar-success" role="progressbar" aria-valuenow="10"
aria-valuemin="0" aria-valuemax="100" style="width:100%">
RISK INDEX {{ entry['risk_index'] }}
{% endif %}
{% if entry['risk_index'] == 2 %}
<div class="progress-bar progress-bar-info" role="progressbar" aria-valuenow="20"
aria-valuemin="0" aria-valuemax="100" style="width:100%">
RISK INDEX {{ entry['risk_index'] }}
{% endif %}
{% if entry['risk_index'] == 3 %}
<div class="progress-bar progress-bar-warning" role="progressbar" aria-valuenow="40"
aria-valuemin="0" aria-valuemax="100" style="width:100%">
RISK INDEX {{ entry['risk_index'] }}
{% endif %}
{% if entry['risk_index'] > 3 %}
<div class="progress-bar progress-bar-danger" role="progressbar" aria-valuenow="80"
aria-valuemin="0" aria-valuemax="100" style="width:100%">
RISK INDEX {{ entry['risk_index'] }}
{% endif %}
</div>
</div>
</td>
</tr>
{% endfor %}
</table>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Process analytics
{% if rule_violations|length > 0 %}
<span class="label label-danger pull-right">Rule violations: {{rule_violations|length}}</span>
{% endif %}
{% if rule_violations|length == 0 %}
<span class="label label-sucess pull-right">Rule violations: {{rule_violations|length}}</span>
{% endif %}
</h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<table class="table table-striped table-hover">
<thead>
<td><b>Process name</b></td>
<td><b>PID</b></td>
<td><b>Rule</b></td>
</thead>
{% for violation in rule_violations %}
<tr>
<td>{{ violation['process']['name'] }}</td>
<td>{{ violation['process']['pid'] }}</td>
<td><span class="glyphicon glyphicon-thumbs-down"> {{ violation['details']}}</span></td>
</tr>
{% endfor %}
</table>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Commands
{% if cmd_info|length > 0 %}
<span class="label label-danger pull-right">Commands run: {{cmd_info|length}}</span>
{% endif %}
</h3>
</div>
<div class="panel-body">
<div class="col-md-12">
{% for cmd in cmd_info %}
<pre>CMD> {{ cmd['Command'] }}</pre>
{% endfor %}
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Memory process dump analysis<span class="label label-primary pull-right"># of processes dumped: {{eplist|length}}</span></h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<table id="processDumpTable" class="display">
<thead>
<td><b>Process name</b></td>
<td><b>PID</b></td>
<td><b>Company</b></td>
<td><b>MD5</b></td>
<td><b>Size</b></td>
<td><b>Virus Scan</b></td>
<td><b>Entropy</b></td>
</thead>
{% for eprocess in eplist %}
<tr>
{% if eprocess['process_name'] |length < 1 %}
<td>{{ eprocess['OriginalFileName'] }}</td>
{% else %}
<td>{{ eprocess['process_name'] }}</td>
{% endif %}
<td>{{ eprocess['pid'] }}</td>
<td>{{ eprocess['CompanyName'] }}</td>
<td>{{ eprocess['md5'] }}</td>
<td>{{ eprocess['FileSize'] }}</td>
<td><span class="label label-success">Not implemented</span> </td>
<td>
{% if eprocess['sn_level'] == "level1" %}
<span class="label label-success">
{% endif %}
{% if eprocess['sn_level'] == "level2" %}
<span class="label label-warning">
{% endif %}
{% if eprocess['sn_level'] == "level3" %}
<span class="label label-danger">
{% endif %}
{{ eprocess['sentropy'] }}</span>
</td>
</tr>
{% endfor %}
</table>
</div>
</div>
</div>
</div>
</div>
<!-- Empty container for new sections -->
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Process list<span class="label label-primary pull-right"></span></h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<table id="processTable" class="display">
<thead>
<td><b>PID</b></td>
<td><b>Process name</b></td>
<td><b>Full name</b></td>
<td><b>PPID</b></td>
<td><b>PPID Name</b></td>
<td><b>User</b></td>
<td><b>Path</b></td>
</thead>
{% for process in plist %}
<tr>
<td>{{ process['pid'] }}</td>
<td>{{ process['name'] }}</td>
<td>{{ process['fullname'] }}</td>
<td>{{ process['ppid'] }}</td>
<td>{{ process['parent'] }}</td>
<td>Not Implemented</td>
<td>{{ process['imagepath'] }}</td>
</tr>
{% endfor %}
</table>
</div>
</div>
</div>
</div>
</div>
<!-- END Empty container for new sections :) -->
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Suspicious processes<span class="label label-primary pull-right"></span></h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<table class="table table-striped table-hover">
<thead>
<td><b>PID</b></td>
<td><b>Process name</b></td>
<td><b>Level</b></td>
</thead>
{% for sprocess in suspicious_plist %}
<tr>
<td>{{ sprocess['pid'] }}</td>
<td>{{ sprocess['name'] }}</td>
{% if sprocess['risk'] == 1 %}
<td><span class="label label-success">
{{ sprocess['risk'] }}
</span>
</td>
{% endif %}
{% if sprocess['risk'] == 2 %}
<td><span class="label label-warning">
{{ sprocess['risk'] }}
</span>
</td>
{% endif %}
{% if sprocess['risk'] == 3 %}
<td><span class="label label-danger">
{{ sprocess['risk'] }}
</span>
</td>
{% endif %}
</tr>
{% endfor %}
</table>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Hidden or injected code/DLLs<span class="label label-warning pull-right">Suspicious: {{malprocesses|length}}</span></h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<table class="table table-striped table-hover">
<thead>
<td><b>Process name</b></td>
<td><b>PID</b></td>
<td><b>MZ Header</b></td>
<td><b>HollowFind</b></td>
<td><b>Trampoline (ML)</b></td>
<td><b>ASM Entropy</b></td>
</thead>
{% for malp in malprocesses %}
<tr>
<td>{{ malp['name'] }}</td>
<td>{{ malp['pid'] }}</td>
<td>
{% if malp['mz'] %}
<span class="glyphicon glyphicon-ok"></span>
{% else %}
<span class="glyphicon glyphicon-remove"></span>
{% endif %}
</td>
{% if malp['hollow'] %}
<td><span class="label label-danger">
<span class="glyphicon glyphicon-record"></span>
</span>
</td>
{% else %}
<td>
<span class="glyphicon glyphicon-record"></span>
</td>
{% endif %}
<td>Not implemented</td>
<td><span class="label label-primary">{{ malp['entropy']}}</span> </td>
<!--
<td><span class="glyphicon glyphicon-ok"></span></td>
<td><span class="glyphicon glyphicon-remove"></span></td>
<td><span class="label label-success">1.3422</span> </td>
-->
</tr>
{% endfor %}
</table>
</div>
</div></div></div></div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Network connections<span class="label label-warning pull-right">Net Results: {{network_info|length}}</span></h3>
</div>
<div class="panel-body">
<div class="panel-body">
<div class="col-md-12">
<img src="netgraph.png" class="img-responsive" >
</div>
<div class="col-md-12">
<table class="table table-striped table-hover">
<thead>
<td><b>PID</b></td>
<td><b>Name</b></td>
<td><b>Address type</b></td>
<td><b>Proto</b></td>
<td><b>Remote address</b></td>
<td><b>GeoIP</b></td>
<td><b>OSINT</b></td>
</thead>
{% for network_entry in network_info %}
<tr>
<td>{{ network_entry['pid'] }}</td>
<td>{{ network_entry['name'] }}</td>
{% if network_entry['address_type'] == "PUBLIC" %}
<td><span class="glyphicon glyphicon-globe"></span></td>
{% else %}
<td><span class="glyphicon glyphicon-record"></span></td>
{% endif %}
<td>Not implemented</td>
<td>{{ network_entry['ip_address'] }}</td>
<td>Not implemented</td>
<td>Not implemented</td>
<!--<td>
<span class="label label-primary"><b>OSINT</b>
<span class="label label-danger"><b>OSINT</b>
<span class="glyphicon glyphicon-fire"></span></span>
</td> -->
</tr>
{% endfor %}
</table>
</div>
</div></div></div></div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Process Tree [Not Implemented]<span class="label label-warning pull-right">Processes:</span></h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<div id="tree-result">
</div>
</div>
</div></div></div></div>
<div class="row">
<div class="container">
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">
<h3 class="panel-title">Future Placeholder<span class="label label-warning pull-right">Data</span></h3>
</div>
<div class="panel-body">
<div class="col-md-12">
<div id="conn-result">
</div>
</div>
</div></div></div></div>
</body>
</html>