AVMaster/Old/oldMaster.py
import argparse
import os
import time
import random
import os.path
import traceback
import sqlite3
from base64 import b64encode
from time import sleep
from ConfigParser import ConfigParser
from multiprocessing import Pool
from redis import Redis, StrictRedis
from redis.exceptions import ConnectionError
from flask.ext.sqlalchemy import SQLAlchemy
from lib.core.VMachine import VMachine
from lib.core.VMManager import vSphere, VMRun
from lib.core.report import Report
from lib.web.models import db, Test, Result, Sample
from lib.web.settings import DB_PATH
from lib.core.logger import setLogger
vm_conf_file = os.path.join("../conf", "vms.cfg")
# get configuration for AV update process (exe, vms, etc)
logdir = ""
test_id = -1
status = 0
vmman = VMRun(vm_conf_file)
#vsphere = vSphere( vm_conf_file )
# vsphere.connect()
updatetime = 50
def job_log(vm_name, status):
print "+ %s: %s" % (vm_name, status)
def update(flargs):
vms = len(flargs[1].vms)
try:
vm_name = flargs[0]
vm = VMachine(vm_conf_file, vm_name)
job_log(vm_name, "UPDATE")
vm.revert_last_snapshot()
job_log(vm_name, "REVERTED")
sleep(random.randint(60, 60 * vms))
vm.startup()
job_log(vm_name, "STARTED")
#sleep(5 * 60)
if wait_for_startup(vm) is False:
job_log(vm_name, "NOT STARTED")
return "ERROR wait for startup for %s" % vm_name
if check_infection_status(vm) is not True:
vm.shutdown()
return "ERROR VM IS INFECTED!!!"
out_img = "%s/screenshot_%s_update.png" % (logdir, vm_name)
vmman.takeScreenshot(vm, out_img)
print "[%s] waiting for Updates" % vm_name
sleep(updatetime * 60)
sleep(random.randint(10, 300))
job_log(vm_name, "SHUTDOWN")
r = vmman.shutdownUpgrade(vm)
if r is False:
job_log(vm_name, "NOT UPDATED")
return "%s, ERROR: NOT Updated! no shutdown..." % vm_name
else:
# RESTART TIME
while vm.is_powered_off() is False:
sleep(60)
job_log(vm_name, "POWERED OFF")
vm.startup()
if wait_for_startup(vm) is False:
job_log(vm_name, "NOT RESTARTED")
vm.shutdown()
job_log(vm_name, "RESTARTED")
vm.refresh_snapshot()
job_log(vm_name, "UPDATED")
return "%s, SUCCESS: Updated!" % vm_name
except Exception as e:
job_log(vm_name, "ERROR")
print "DBG trace %s" % traceback.format_exc()
return "%s, ERROR: not updated. Reason: %s" % (vm_name, e)
def revert(flargs):
vm_name = flargs[0]
job_log(vm_name, "REVERT")
vm = VMachine(vm_conf_file, vm_name)
vm.revert_last_snapshot()
return "[*] %s reverted!" % vm_name
def run_command(flargs):
#arg = args.kind
# if args.action == "command":
# arg = args.cmd
vm_name, args = flargs
cmd = args.cmd
if cmd is None:
return False
vm = VMachine(vm_conf_file, vm_name)
vm._run_cmd(cmd)
return True
def start_test():
global db
try:
timestamp = time.strftime("%Y%m%d_%H%M", time.gmtime())
t = Test(0, str(timestamp))
db.session.add(t)
db.session.commit()
return t
except Exception as e:
print "DBG error inserting report in db. Exception: %s" % e
print DB_PATH
return None
def end_test(test):
try:
#t = Test.query.filter_by(id=t_id)
if test is None:
return False
test.status = 1
db.session.add(test)
db.session.commit()
return True
except Exception as e:
print "DBG error changing test status to completed. Exception: %s" % e
return False
def add_record_result(vm_name, kind, t_id, status, result=None):
try:
timestamp = time.strftime("%Y%m%d_%H%M", time.gmtime())
r = Result(vm_name, t_id, kind, status, result)
db.session.add(r)
db.session.commit()
return r.id
except Exception as e:
print "DBG error inserting results of test in db. Exception: %s" % e
return
def upd_record_result(r_id, status=None, result=None):
r = Result.query.filter_by(id=r_id).first()
if not r:
print "DBG result not found"
return
print "DBG result: %s" % result
if result is not None:
r.result = result
db.session.commit()
if status is not None:
r.status = status
db.session.commit()
def save_results(vm, kind, test_id, result_id):
global status, logdir
try:
if kind == "silent" or kind == "melt":
max_minute = 45
elif kind == "exploit":
max_minute = 20
elif kind == "mobile" or "exploit_" in kind:
max_minute = 5
results = wait_for_results(vm, result_id, max_minute)
print "DBG [%s] passing debug files txt from host" % vm.name
res_txt_dst = "%s/results_%s_%s.txt" % (logdir, vm, kind)
res_txt_src = "C:\\Users\\avtest\\Desktop\\AVTEST\\results.txt"
vm.get_file(res_txt_src, res_txt_dst)
print "DBG results are %s" % results
return "%s, %s, %s" % (vm.name, kind, results[-1])
except Exception as e:
return "%s, %s, ERROR saving results with exception: %s" % (vm, kind, e)
def save_screenshot(vm, result_id):
try:
#out_img = "/tmp/screenshot_%s_%s.png" % (vm, kind)
out_img = "/tmp/screenshot_%s.png" % vm
vmman.takeScreenshot(vm, out_img)
with open(out_img, 'rb') as f:
result = Result.query.filter_by(id=result_id).first_or_404()
#result.scrshoot = b64encode(f.read())
result.scrshot = f.read()
db.session.commit()
return True
except Exception as e:
print "DBG image was not saved. Exception handled: %s" % e
return False
def save_logs(result_id, log):
try:
result = Result.query.filter_by(id=result_id).first_or_404()
result.log = log
db.session.commit()
except Exception as e:
print "DBG failed saving results log. Exception: %s" % e
def copy_to_guest(vm, test_dir, filestocopy):
#lib_dir = "%s\\lib" % test_dir
#assets_dir = "%s\\assets" % test_dir
vmavtest = "../AVAgent"
memo = []
for filetocopy in filestocopy:
d, f = filetocopy.split("/")
src = "%s/%s/%s" % (vmavtest, d, f)
if d == ".":
dst = "%s\\%s" % (test_dir, f)
else:
dst = "%s\\%s\\%s" % (test_dir, d, f)
rdir = "%s\\%s" % (test_dir, d)
if not rdir in memo:
print "DBG mkdir %s " % (rdir)
vmman.mkdirInGuest(vm, rdir)
memo.append(rdir)
print "DBG %s copy %s -> %s" % (vm.name, src, dst)
vmman.copyFileToGuest(vm, src, dst)
def dispatch(flargs):
try:
vm_name, args = flargs
kind = args.kind
results = []
print "DBG %s, %s" % (vm_name, kind)
# GROUP OF TESTS Implementation
if kind == "agents":
results.append(dispatch_kind(vm_name, "silent", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "mobile", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_docx", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_web", args))
elif kind == "silentmelt":
results.append(dispatch_kind(vm_name, "silent", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "melt", args))
elif kind == "release":
results.append(dispatch_kind(vm_name, "silent", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "melt", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "mobile", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_docx", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_web", args))
elif kind == "exploits":
results.append(dispatch_kind(vm_name, "exploit", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_docx", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_ppsx", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_web", args))
elif kind == "all":
results.append(dispatch_kind(vm_name, "silent", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "melt", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_docx", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "exploit_web", args))
sleep(random.randint(5, 10))
results.append(dispatch_kind(vm_name, "mobile", args))
else:
results.append(dispatch_kind(vm_name, kind, args))
return results
except Exception as e:
print "ERROR %s %s" % (kind, e)
print "DBG trace %s" % traceback.format_exc()
return {'ERROR': e}
def dispatch_kind(vm_name, kind, args, r_id=None, tries=0):
# PREPARE FILES
global status, test_id
print "DBG test_id is %s" % test_id
delay = len(args.vms)
test_dir_7 = "C:\\Users\\avtest\\Desktop\\AVTEST"
# test_dir_xp = "C:\\Documents and Settings\\avtest\\Desktop\\AVTEST"
buildbat = "build_%s_%s.bat" % (kind, args.server)
filestocopy = ["./%s" % buildbat,
"lib/build.py",
"lib/logger.py",
"lib/rcs_client.py",
"conf/vmavtest.cfg",
"assets/config_desktop.json",
"assets/config_mobile.json",
"assets/keyinject.exe",
"assets/meltapp.exe",
"assets/meltexploit.txt",
"assets/meltexploit.docx",
"assets/meltexploit.ppsx"]
if kind == "exploit_web":
filestocopy.append("assets/avtest.swf")
filestocopy.append("assets/owned.docm")
filestocopy.append("assets/PMIEFuck-WinWord.dll")
if kind == "mobile" or kind == "silent":
filestocopy.append("assets/codec")
filestocopy.append("assets/codec_mod")
filestocopy.append("assets/sqlite")
filestocopy.append("assets/sqlite_mod")
res = "%s, %s, ERROR GENERAL" % (vm_name, kind)
vm = VMachine(vm_conf_file, vm_name)
job_log(vm.name, "DISPATCH %s" % kind)
# STARTUP VM
if tries <= 0:
vm.revert_last_snapshot()
job_log(vm.name, "REVERTED")
sleep(random.randint(30, delay * 30))
elif tries == 10:
return "%s, %s, ERROR not started after 10 tries." % (vm_name, kind)
else:
vm.shutdown()
while vm.is_powered_off() is False:
sleep(5)
vm.startup()
job_log(vm.name, "STARTUP")
# OPEN CHANNEL
if kind == "silent" or kind == "melt":
max_minute = 45
elif kind == "exploit":
max_minute = 20
elif kind == "mobile" or "exploit_" in kind:
max_minute = 5
r = StrictRedis(socket_timeout=max_minute * 60)
p = r.pubsub()
p.subscribe(vm.name)
started = False
results = []
log = ""
res = ""
try:
for m in p.listen():
print "DBG %s: %s" % (m['channel'], m['data'])
try:
if started is False:
if "STARTED" in m['data']: # and started is False:
started = True
# PREPARE ENVIRONMENT
if r_id is None:
result_id = add_record_result(
vm_name, kind, test_id, status, "STARTED")
else:
result_id = r_id
print "DBG %s added result with id %s" % (vm_name, result_id)
job_log(vm_name, "LOGGED")
test_dir = test_dir_7
copy_to_guest(vm, test_dir, filestocopy)
job_log(vm_name, "ENVIRONMENT")
# EXECUTE
vmman.executeCmd(
vm, "%s\\%s" % (test_dir, buildbat), interactive=True, bg=True)
# CHECK FOR ERROR IN EXECUTION
sleep(3)
out = vmman.listProcesses(vm)
found = False
tick = 0
script_name = "build_%s_minotauro.bat" % kind
print "DBG script to find is %s" % script_name
while tick <= 5:
if "python.exe" in out or script_name in out or "cmd.exe" in out:
found = True
print "DBG process found for %s!" % vm_name
if found == True:
break
print "DBG Python.EXE not found for %s. sleeping 5 secs (retry %d)" % (vm_name, tick)
print "DBG processes:\n%s" % out
tick += 1
sleep(5)
if found == False:
tries += 1
print "%s STARTED but not EXECUTED. Retry %d setup" % (vm_name, tries)
return dispatch_kind(vm_name, kind, args, result_id, tries)
job_log(vm_name, "EXECUTED %s" % kind)
else: # started is True
if "ENDED" not in m['data']: # and started is True:
# SAVING LOGS
if log is "":
log = str(m['data'])
save_logs(result_id, log)
else:
log += ", %s" % str(m['data'])
save_logs(result_id, log)
# SAVING CURRENT RESULT
if "+" in m['data']:
results.append(str(m['data']))
if "STARTED" not in res: # or res is not "":
res += ", %s" % str(m['data'])
else:
res += "%s" % str(m['data'])
upd_record_result(
result_id, result=res.replace("+ ", "").strip())
if "FAILED SCOUT BUILD" in m['data'] or "FAILED SCOUT EXECUTE" in m['data']:
# SAVING SAMPLE
test_dir = "C:\\Users\\avtest\\Desktop\\AVTEST\\build"
platform = m['data'].split(" ")[-1].split("\\")[-2]
build_zip_src = "%s\\%s\\build.zip" % (
test_dir, platform)
build_zip_dst = "tmp/detected_%s.zip" % vm
print "DBG copying %s to %s" % (build_zip_src, build_zip_dst)
vm.get_file(build_zip_src, build_zip_dst)
#vmman.copyFileFromGuest(vm, build_zip_src, build_zip_dst)
print "DBG adding record sample"
a = add_record_sample(result_id, build_zip_dst)
if a:
print "sample SAVED on db"
#os.system('sudo rm -fr %s') % build_zip_dst
else:
print "sample NOT SAVED on db"
else:
print "DBG [%s] passing debug files txt from host" % vm.name
res_txt_dst = "%s/results_%s_%s.txt" % (
logdir, vm, kind)
res_txt_src = "C:\\Users\\avtest\\Desktop\\AVTEST\\results.txt"
vm.get_file(res_txt_src, res_txt_dst)
print "DBG results are %s" % results
job_log(vm_name, "SAVED %s" % kind)
#execute(vm, test_id, result_id, "%s\\%s" % (test_dir, buildbat), kind)
#timestamp = time.strftime("%Y%m%d_%H%M", time.gmtime())
if save_screenshot(vm, result_id) is True:
job_log(vm_name, "SCREENSHOT ok")
# suspend & refresh snapshot
# vm.suspend()
vm.shutdown()
job_log(vm_name, "SUSPENDED %s" % kind)
# return results # should be: vm_name, kind, results
return "%s, %s, %s" % (vm_name, kind, res.split(",")[-1].replace("+ ", ""))
except TypeError:
pass
except ConnectionError:
if started is False:
tries += 1
print "DBG %s: not STARTED. Timeout occurred." % vm
return dispatch_kind(vm_name, kind, args, None, tries)
else:
tries += 1
print "DBG %s: Timeout occurred during execution" % vm
return dispatch_kind(vm_name, kind, args, result_id, tries)
def push(flargs):
vm_name, args = flargs
kind = args.kind
vm = VMachine(vm_conf_file, vm_name)
if vm.is_powered_on():
print "[!] %s is already powered on. please shutdown vm before." % vm_name
return "%s not pushed %s" % (vm_name, kind)
job_log(vm_name, "PUSH %s" % kind)
vm.revert_last_snapshot()
job_log(vm_name, "REVERTED")
sleep(random.randint(30, 60))
vm.startup()
job_log(vm_name, "STARTUP")
test_dir = "C:\\Users\\avtest\\Desktop\\AVTEST"
buildbat = "push_%s_%s.bat" % (kind, args.server)
filestocopy = ["./%s" % buildbat,
"./push_all_minotauro.bat",
"lib/build.py",
"lib/logger.py",
"lib/rcs_client.py",
"conf/vmavtest.cfg",
"assets/config_desktop.json",
"assets/config_mobile.json",
"assets/keyinject.exe",
"assets/meltapp.exe",
"assets/meltexploit.txt",
"assets/meltexploit.docx",
"assets/meltexploit.ppsx"]
result = "%s, ERROR GENERAL" % vm_name
"""
if wait_for_startup(vm) is False:
result = "ERROR wait for startup for %s" % vm_name
else:
copy_to_guest(vm, test_dir, filestocopy)
job_log(vm_name, "ENVIRONMENT")
result = "%s, pushed %s." % (vm_name, kind)
"""
r = StrictRedis(socket_timeout=5 * 60)
p = r.pubsub()
p.subscribe(vm_name)
try:
for m in p.listen():
try:
print "DBG %s: %s" % (m['channel'], m['data'])
if "STARTED" in m['data']: # and started is False:
copy_to_guest(vm, test_dir, filestocopy)
job_log(vm_name, "ENVIRONMENT")
result = "%s, pushed %s." % (vm_name, kind)
return result
except TypeError:
pass
except ConnectionError:
print "DBG %s: not STARTED. Timeout occurred." % vm_name
return push(flargs)
return result
def test_internet(flargs):
vm_name = flargs[0]
try:
vm = VMachine(vm_conf_file, vm_name)
vm.startup()
test_dir = "C:\\Users\\avtest\\Desktop\\TEST_INTERNET"
filestocopy = ["./test_internet.bat",
"lib/build.py",
"lib/logger.py",
"lib/rcs_client.py"]
if wait_for_startup(vm) is False:
result = "ERROR wait for startup for %s" % vm_name
else:
vm.send_files("../AVAgent", test_dir, filestocopy)
# executing bat synchronized
vm.execute_cmd("%s\\test_internet.bat" % test_dir)
sleep(random.randint(100, 200))
# vmman.shutdown(vm)
return "[%s] dispatched test internet" % vm_name
except Exception as e:
return "[%s] failed test internet. reason: %s" % (vm_name, e)
def check_infection_status(vm):
startup_dir = "C:\\Users\\avtest\\AppData\\Microsoft"
stuff = check_directory(vm, startup_dir)
print stuff
if stuff is None:
return True
test_dir = "C:\\Users\\avtest\\Desktop\\AVTEST"
test = check_directory(vm, test_dir)
print test
if test is None:
return True
return False
def check_directory(vm, directory):
return vm.list_directory(directory)
def do_test(flargs):
'''
results = [['fakeav, silent, STARTED',
'fakeav, melt, ERROR',
'fakeav, exploit, SUCCESS',
'fakeav, exploit_ppsx, FAILED']]
rep = Report(9999, results)
if rep.send_report_color_mail("reportz") is False:
print "[!] Problem sending HTML email Report!"
'''
# results = [['360cn, silent, + SUCCESS ELITE BLACKLISTED', '360cn, melt, + SUCCESS SCOUT SYNC', '360cn, exploit_docx, + SUCCESS EXPLOIT SAVE', '360cn, exploit_web, + SUCCESS EXPLOIT SAVE', '360cn, mobile, + SUCCESS PULL android'], ['avast, silent, + SUCCESS ELITE UNINSTALLED', 'avast, melt, + SUCCESS SCOUT SYNC', 'avast, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avast, exploit_web, + SUCCESS EXPLOIT SAVE', 'avast, mobile, + SUCCESS PULL android'], ['avira, silent, + SUCCESS ELITE UNINSTALLED', 'avira, melt, + SUCCESS SCOUT SYNC', 'avira, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avira, exploit_web, + SUCCESS EXPLOIT SAVE', 'avira, mobile, + SUCCESS PULL android'], ['avg, silent, + SUCCESS ELITE BLACKLISTED', 'avg, melt, + SUCCESS SCOUT SYNC', 'avg, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avg, exploit_web, + SUCCESS EXPLOIT SAVE', 'avg, mobile, + SUCCESS PULL android'], ['ahnlab, silent, + SUCCESS ELITE UNINSTALLED', 'ahnlab, melt, + SUCCESS SCOUT SYNC', 'ahnlab, exploit_docx, + SUCCESS EXPLOIT SAVE', 'ahnlab, exploit_web, + SUCCESS EXPLOIT SAVE', 'ahnlab, mobile, + SUCCESS PULL android'], ['adaware, silent, + SUCCESS ELITE UNINSTALLED', 'adaware, melt, + SUCCESS SCOUT SYNC', 'adaware, exploit_docx, + SUCCESS EXPLOIT SAVE', 'adaware, exploit_web, + SUCCESS EXPLOIT SAVE', 'adaware, mobile, + SUCCESS PULL android'], ['avg32, silent, + SUCCESS ELITE BLACKLISTED', 'avg32, melt, + SUCCESS SCOUT SYNC', 'avg32, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avg32, exploit_web, + SUCCESS EXPLOIT SAVE', 'avg32, mobile, + SUCCESS PULL android'], ['avast32, silent, + SUCCESS ELITE UNINSTALLED', 'avast32, melt, + SUCCESS SCOUT SYNC', 'avast32, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avast32, exploit_web, + SUCCESS EXPLOIT SAVE', 'avast32, mobile, + SUCCESS PULL android'], ['bitdef, silent, + SUCCESS ELITE BLACKLISTED', 'bitdef, melt, + FAILED SCOUT SYNC', 'bitdef, exploit_docx, + SUCCESS EXPLOIT SAVE', 'bitdef, exploit_web, + SUCCESS EXPLOIT SAVE', 'bitdef, mobile, + SUCCESS PULL android'], ['comodo, silent, + SUCCESS ELITE BLACKLISTED', 'comodo, melt, + SUCCESS SCOUT SYNC', 'comodo, exploit_docx, + SUCCESS EXPLOIT SAVE', 'comodo, exploit_web, + SUCCESS EXPLOIT SAVE', 'comodo, mobile, + SUCCESS PULL android'], ['drweb, silent, + SUCCESS ELITE BLACKLISTED', 'drweb, melt, + SUCCESS SCOUT SYNC', 'drweb, exploit_docx, + SUCCESS EXPLOIT SAVE', 'drweb, exploit_web, + SUCCESS EXPLOIT SAVE', 'drweb, mobile, + SUCCESS PULL android'], ['eset, silent, + SUCCESS ELITE UNINSTALLED', 'eset, melt, + SUCCESS SCOUT SYNC', 'eset, exploit_docx, + SUCCESS EXPLOIT SAVE', 'eset, exploit_web, + SUCCESS EXPLOIT SAVE', 'eset, mobile, + SUCCESS PULL android'], ['fsecure, silent, + SUCCESS ELITE UNINSTALLED', 'fsecure, melt, + SUCCESS SCOUT SYNC', 'fsecure, exploit_docx, + SUCCESS EXPLOIT SAVE', 'fsecure, exploit_web, + SUCCESS EXPLOIT SAVE', 'fsecure, mobile, + SUCCESS PULL android'], ['gdata, silent, + SUCCESS ELITE BLACKLISTED', 'gdata, melt, + SUCCESS SCOUT SYNC', 'gdata, exploit_docx, + SUCCESS EXPLOIT SAVE', 'gdata, exploit_web, + SUCCESS EXPLOIT SAVE', 'gdata, mobile, + SUCCESS PULL android'], ['kis, silent, + SUCCESS ELITE UNINSTALLED', 'kis, melt, + SUCCESS SCOUT SYNC', 'kis, exploit_docx, + SUCCESS EXPLOIT SAVE', 'kis, exploit_web, + SUCCESS EXPLOIT SAVE', 'kis, mobile, + SUCCESS PULL android'], ['kis32, silent, + SUCCESS ELITE BLACKLISTED', 'kis32, melt, + SUCCESS SCOUT SYNC', 'kis32, exploit_docx, + SUCCESS EXPLOIT SAVE', 'kis32, exploit_web, + SUCCESS EXPLOIT SAVE', 'kis32, mobile, + SUCCESS PULL android'], ['mcafee, silent, + SUCCESS ELITE UNINSTALLED', 'mcafee, melt, + SUCCESS SCOUT SYNC', 'mcafee, exploit_docx, + SUCCESS EXPLOIT SAVE', 'mcafee, exploit_web, + SUCCESS EXPLOIT SAVE', 'mcafee, mobile, + SUCCESS PULL android'], ['msessential, silent, + SUCCESS ELITE UNINSTALLED', 'msessential, melt, + SUCCESS SCOUT SYNC', 'msessential, exploit_docx, + SUCCESS EXPLOIT SAVE', 'msessential, exploit_web, + SUCCESS EXPLOIT SAVE', 'msessential, mobile, + SUCCESS PULL android'], ['mbytes, silent, + SUCCESS ELITE UNINSTALLED', 'mbytes, melt, + SUCCESS SCOUT SYNC', 'mbytes, exploit_docx, + SUCCESS EXPLOIT SAVE', 'mbytes, exploit_web, + SUCCESS EXPLOIT SAVE', 'mbytes, mobile, + SUCCESS PULL android'], ['norton, silent, + SUCCESS ELITE UNINSTALLED', 'norton, melt, + SUCCESS SCOUT SYNC', 'norton, exploit_docx, + SUCCESS EXPLOIT SAVE', 'norton, exploit_web, + SUCCESS EXPLOIT SAVE', 'norton, mobile, + SUCCESS PULL android'], ['norman, silent, n', 'norman, melt, + SUCCESS SCOUT SYNC', 'norman, exploit_docx, + SUCCESS EXPLOIT SAVE', 'norman, exploit_web, + SUCCESS EXPLOIT SAVE', 'norman, mobile, + SUCCESS PULL android'], ['panda, silent, + SUCCESS ELITE UNINSTALLED', 'panda, melt, + SUCCESS SCOUT SYNC', 'panda, exploit_docx, + SUCCESS EXPLOIT SAVE', 'panda, exploit_web, + SUCCESS EXPLOIT SAVE', 'panda, mobile, + SUCCESS PULL android'], ['pctools, silent, + SUCCESS ELITE UNINSTALLED', 'pctools, melt, + SUCCESS SCOUT SYNC', 'pctools, exploit_docx, + SUCCESS EXPLOIT SAVE', 'pctools, exploit_web, + SUCCESS EXPLOIT SAVE', 'pctools, mobile, + SUCCESS PULL android'], ['risint, silent, + SUCCESS ELITE UNINSTALLED', 'risint, melt, + SUCCESS SCOUT SYNC', 'risint, exploit_docx, + SUCCESS EXPLOIT SAVE', 'risint, exploit_web, + SUCCESS EXPLOIT SAVE', 'risint, mobile, + SUCCESS PULL android'], ['sophos, silent, + SUCCESS ELITE BLACKLISTED', 'sophos, melt, + SUCCESS SCOUT SYNC', 'sophos, exploit_docx, + SUCCESS EXPLOIT SAVE', 'sophos, exploit_web, + SUCCESS EXPLOIT SAVE', 'sophos, mobile, + SUCCESS PULL android'], ['trendm, silent, + SUCCESS ELITE UNINSTALLED', 'trendm, melt, + SUCCESS SCOUT SYNC', 'trendm, exploit_docx, + SUCCESS EXPLOIT SAVE', 'trendm, exploit_web, + SUCCESS EXPLOIT SAVE', 'trendm, mobile, + SUCCESS PULL android'], ['zoneal, silent, + SUCCESS ELITE UNINSTALLED', 'zoneal, melt, + SUCCESS SCOUT SYNC', 'zoneal, exploit_docx, + SUCCESS EXPLOIT SAVE', 'zoneal, exploit_web, + SUCCESS EXPLOIT SAVE', 'zoneal, mobile, + SUCCESS PULL android']]
# results = [['360cn, silent, + SUCCESS ELITE BLACKLISTED', '360cn, melt, + SUCCESS SCOUT SYNC', '360cn, exploit_docx, + SUCCESS EXPLOIT SAVE', '360cn, exploit_web, + SUCCESS EXPLOIT SAVE', '360cn, mobile, + SUCCESS PULL android'], ['avast, silent, + SUCCESS ELITE UNINSTALLED', 'avast, melt, + SUCCESS SCOUT SYNC', 'avast, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avast, exploit_web, + SUCCESS EXPLOIT SAVE', 'avast, mobile, + SUCCESS PULL android'], ['avira, silent, + SUCCESS ELITE UNINSTALLED', 'avira, melt, + SUCCESS SCOUT SYNC', 'avira, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avira, exploit_web, + SUCCESS EXPLOIT SAVE', 'avira, mobile, + SUCCESS PULL android'], ['avg, silent, + SUCCESS ELITE BLACKLISTED', 'avg, melt, + SUCCESS SCOUT SYNC', 'avg, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avg, exploit_web, + SUCCESS EXPLOIT SAVE', 'avg, mobile, + SUCCESS PULL android'], ['ahnlab, silent, + SUCCESS ELITE UNINSTALLED', 'ahnlab, melt, + SUCCESS SCOUT SYNC', 'ahnlab, exploit_docx, + SUCCESS EXPLOIT SAVE', 'ahnlab, exploit_web, + SUCCESS EXPLOIT SAVE', 'ahnlab, mobile, + SUCCESS PULL android'], ['adaware, silent, + SUCCESS ELITE UNINSTALLED', 'adaware, melt, + SUCCESS SCOUT SYNC', 'adaware, exploit_docx, + SUCCESS EXPLOIT SAVE', 'adaware, exploit_web, + SUCCESS EXPLOIT SAVE', 'adaware, mobile, + SUCCESS PULL android'], ['avg32, silent, + SUCCESS ELITE BLACKLISTED', 'avg32, melt, + SUCCESS SCOUT SYNC', 'avg32, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avg32, exploit_web, + SUCCESS EXPLOIT SAVE', 'avg32, mobile, + SUCCESS PULL android'], ['avast32, silent, + SUCCESS ELITE UNINSTALLED', 'avast32, melt, + SUCCESS SCOUT SYNC', 'avast32, exploit_docx, + SUCCESS EXPLOIT SAVE', 'avast32, exploit_web, + SUCCESS EXPLOIT SAVE', 'avast32, mobile, + SUCCESS PULL android'], ['bitdef, silent, + SUCCESS ELITE BLACKLISTED', 'bitdef, melt, + FAILED SCOUT SYNC', 'bitdef, exploit_docx, + SUCCESS EXPLOIT SAVE', 'bitdef, exploit_web, + SUCCESS EXPLOIT SAVE', 'bitdef, mobile, + SUCCESS PULL android'], ['comodo, silent, + SUCCESS ELITE BLACKLISTED', 'comodo, melt, + SUCCESS SCOUT SYNC', 'comodo, exploit_docx, + SUCCESS EXPLOIT SAVE', 'comodo, exploit_web, + SUCCESS EXPLOIT SAVE', 'comodo, mobile, + SUCCESS PULL android'], ['drweb, silent, + SUCCESS ELITE BLACKLISTED', 'drweb, melt, + SUCCESS SCOUT SYNC', 'drweb, exploit_docx, + SUCCESS EXPLOIT SAVE', 'drweb, exploit_web, + SUCCESS EXPLOIT SAVE', 'drweb, mobile, + SUCCESS PULL android'], ['eset, silent, + SUCCESS ELITE UNINSTALLED', 'eset, melt, + SUCCESS SCOUT SYNC', 'eset, exploit_docx, + SUCCESS EXPLOIT SAVE', 'eset, exploit_web, + SUCCESS EXPLOIT SAVE', 'eset, mobile, + SUCCESS PULL android'], ['fsecure, silent, + SUCCESS ELITE UNINSTALLED', 'fsecure, melt, + SUCCESS SCOUT SYNC', 'fsecure, exploit_docx, + SUCCESS EXPLOIT SAVE', 'fsecure, exploit_web, + SUCCESS EXPLOIT SAVE', 'fsecure, mobile, + SUCCESS PULL android'], ['gdata, silent, + SUCCESS ELITE BLACKLISTED', 'gdata, melt, + SUCCESS SCOUT SYNC', 'gdata, exploit_docx, + SUCCESS EXPLOIT SAVE', 'gdata, exploit_web, + SUCCESS EXPLOIT SAVE', 'gdata, mobile, + SUCCESS PULL android'], ['kis, silent, + SUCCESS ELITE UNINSTALLED', 'kis, melt, + SUCCESS SCOUT SYNC', 'kis, exploit_docx, + SUCCESS EXPLOIT SAVE', 'kis, exploit_web, + SUCCESS EXPLOIT SAVE', 'kis, mobile, + SUCCESS PULL android'], ['kis32, silent, + SUCCESS ELITE BLACKLISTED', 'kis32, melt, + SUCCESS SCOUT SYNC', 'kis32, exploit_docx, + SUCCESS EXPLOIT SAVE', 'kis32, exploit_web, + SUCCESS EXPLOIT SAVE', 'kis32, mobile, + SUCCESS PULL android'], ['mcafee, silent, + SUCCESS ELITE UNINSTALLED', 'mcafee, melt, + SUCCESS SCOUT SYNC', 'mcafee, exploit_docx, + SUCCESS EXPLOIT SAVE', 'mcafee, exploit_web, + SUCCESS EXPLOIT SAVE', 'mcafee, mobile, + SUCCESS PULL android'], ['msessential, silent, + SUCCESS ELITE UNINSTALLED', 'msessential, melt, + SUCCESS SCOUT SYNC', 'msessential, exploit_docx, + SUCCESS EXPLOIT SAVE', 'msessential, exploit_web, + SUCCESS EXPLOIT SAVE', 'msessential, mobile, + SUCCESS PULL android'], ['mbytes, silent, + SUCCESS ELITE UNINSTALLED', 'mbytes, melt, + SUCCESS SCOUT SYNC', 'mbytes, exploit_docx, + SUCCESS EXPLOIT SAVE', 'mbytes, exploit_web, + SUCCESS EXPLOIT SAVE', 'mbytes, mobile, + SUCCESS PULL android'], ['norton, silent, + SUCCESS ELITE UNINSTALLED', 'norton, melt, + SUCCESS SCOUT SYNC', 'norton, exploit_docx, + SUCCESS EXPLOIT SAVE', 'norton, exploit_web, + SUCCESS EXPLOIT SAVE', 'norton, mobile, + SUCCESS PULL android'], ['norman, silent, n', 'norman, melt, + SUCCESS SCOUT SYNC', 'norman, exploit_docx, + SUCCESS EXPLOIT SAVE', 'norman, exploit_web, + SUCCESS EXPLOIT SAVE', 'norman, mobile, + SUCCESS PULL android'], ['panda, silent, + SUCCESS ELITE UNINSTALLED', 'panda, melt, + SUCCESS SCOUT SYNC', 'panda, exploit_docx, + SUCCESS EXPLOIT SAVE', 'panda, exploit_web, + SUCCESS EXPLOIT SAVE', 'panda, mobile, + SUCCESS PULL android'], ['pctools, silent, + SUCCESS', 'pctools, melt, + SUCCESS', 'pctools, exploit_docx, + SUCCESS', 'pctools, exploit_web, + SUCCESS', 'pctools, mobile, SUCCESS']] #, ['risint, silent, + SUCCESS ELITE UNINSTALLED', 'risint, melt, + SUCCESS SCOUT SYNC', 'risint, exploit_docx, + SUCCESS EXPLOIT SAVE', 'risint, exploit_web, + SUCCESS EXPLOIT SAVE', 'risint, mobile, + SUCCESS PULL android'], ['sophos, silent, + SUCCESS ELITE BLACKLISTED', 'sophos, melt, + SUCCESS SCOUT SYNC', 'sophos, exploit_docx, + SUCCESS EXPLOIT SAVE', 'sophos, exploit_web, + SUCCESS EXPLOIT SAVE', 'sophos, mobile, + SUCCESS PULL android'], ['trendm, silent, + SUCCESS ELITE UNINSTALLED', 'trendm, melt, + SUCCESS SCOUT SYNC', 'trendm, exploit_docx, + SUCCESS EXPLOIT SAVE', 'trendm, exploit_web, + SUCCESS EXPLOIT SAVE', 'trendm, mobile, + SUCCESS PULL android'], ['zoneal, silent, + SUCCESS ELITE UNINSTALLED', 'zoneal, melt, + SUCCESS SCOUT SYNC', 'zoneal, exploit_docx, + SUCCESS EXPLOIT SAVE', 'zoneal, exploit_web, + SUCCESS EXPLOIT SAVE', 'zoneal, mobile, + SUCCESS PULL android']]
# rep = Report(42, results)
# print rep.results
# if rep.send_report_color_mail("rep") is False:
# print "[!] Problem sending HTML email Report!"
# for result in rep.results:
# print "%s: %s" % (result.vm_name,result.result)
vm_name = "gdata"
vm = VMachine(vm_conf_file, vm_name)
out = vmman.listProcesses(vm)
if "msdtc.exe" in out:
print "found"
else:
print "not found"
print "end test"
def add_record_sample(result_id, build_zip_dst):
print "DBG Saving Sample"
if not os.path.exists(build_zip_dst):
return False
with open(build_zip_dst, 'rb') as f:
sample = Sample(result_id, f.read())
db.session.add(sample)
db.session.commit()
return True
def timestamp():
return time.strftime("%Y%m%d_%H%M", time.gmtime())
def main():
global logdir, status, test_id
# PARSING
parser = argparse.ArgumentParser(description='AVMonitor master.')
parser.add_argument('action', choices=['update', 'revert', 'dispatch',
'test', 'command', 'test_internet', 'push'],
help="The operation to perform")
parser.add_argument('-m', '--vm', required=False,
help="Virtual Machine where execute the operation")
parser.add_argument('-p', '--pool', type=int, required=False,
help="This is the number of parallel process (default 2)")
parser.add_argument('-l', '--logdir', default="/var/log/avmonitor/report",
help="Log folder")
parser.add_argument('-v', '--verbose', action='store_true', default=False,
help="Verbose")
parser.add_argument('-k', '--kind', default="all", type=str,
choices=[
'silent', 'melt', 'exploit', 'exploit_docx', 'exploit_ppsx', 'exploit_web',
'mobile', 'agents', 'exploits', 'silentmelt', 'release', 'all'],
help="Kind of test (or test case)", )
parser.add_argument('-c', '--cmd', required=False,
help="Run VMRUN command")
parser.add_argument('-u', '--updatetime', default=50, type=int,
help="Update time in minutes")
parser.add_argument(
'-s', '--server', default='minotauro', choices=['minotauro', 'zeus', 'castore', 'polluce'],
help="Server name")
args = parser.parse_args()
# LOGGER
print "updatetime: ", args.updatetime
logdir = "%s/%s_%s" % (args.logdir, args.action, timestamp())
if not os.path.exists(logdir):
print "DBG mkdir %s" % logdir
os.mkdir(logdir)
sym = "%s/%s" % (args.logdir, args.action)
if os.path.exists(sym):
os.unlink(sym)
os.symlink(logdir, sym)
setLogger(debug=args.verbose, filelog="%s/master.logger.txt" %
(logdir.rstrip('/')))
# GET CONFIGURATION FOR AV UPDATE PROCESS (exe, vms, etc)
c = ConfigParser()
c.read(vm_conf_file)
vSphere.hostname = c.get("vsphere", "host")
vSphere.username = "%s\\%s" % (
c.get("vsphere", "domain"), c.get("vsphere", "user"))
vSphere.password = c.get("vsphere", "passwd")
if args.vm:
if args.vm == "all":
vm_names = c.get("pool", "all").split(",")
else:
vm_names = args.vm.split(',')
else:
# get vm names
vm_names = c.get("pool", "machines").split(",")
args.vms = vm_names
[job_log(v, "INIT") for v in vm_names]
global updatetime
updatetime = args.updatetime
# TEST
if args.action == "test":
# get_results("eset")
do_test(args)
exit(0)
# SHUT DOWN NETWORK
if args.action == "update":
os.system('sudo ./net_enable.sh')
print "[!] Enabling NETWORKING!"
else:
os.system('sudo ./net_disable.sh')
print "[!] Disabling NETWORKING!"
if args.action == "dispatch":
print "DBG add record to db"
test = start_test()
if test.id is not None:
test_id = test.id
else:
print "[!] Problems with DB insert. QUITTING!"
return
# POOL EXECUTION
if args.pool:
pool_size = args.pool
else:
pool_size = int(c.get("pool", "size"))
args.pool = pool_size
pool = Pool(pool_size)
print "[*] selected operation %s" % args.action
actions = {"update": update, "revert": revert,
"dispatch": dispatch, "test_internet": test_internet,
"command": run_command, "push": push}
print "MASTER on %s, action %s" % (vm_names, args.action)
r = pool.map_async(actions[args.action], [(n, args) for n in vm_names])
results = r.get()
# print "Finalizing test."
# if end_test(test) is False:
# print "[!] problem updating test status!"
# REPORT
rep = Report(test_id, results)
if args.action == "dispatch":
if rep.send_report_color_mail(logdir.split('/')[-1]) is False:
print "[!] Problem sending HTML email Report!"
else:
if args.action == "update": # or args.action == "revert":
if rep.send_mail() is False:
print "[!] Problem sending mail!"
os.system('sudo ./net_disable.sh')
print "[!] Disabling NETWORKING!"
os.system('sudo rm -fr /tmp/screenshot_*')
print "[!] Deleting Screenshots!"
if __name__ == "__main__":
main()