hybridanalysis

package

v0.0.0-...-53824ec Latest Latest Go to latest Published: Mar 14, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mpkondrashin/mstream

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func FileSHA256(filePath string) (string, error)
func GuessFileName(data *ListLatestData) string
func Sha256(filePath string) (string, error)
func Sha256ForData(data []byte) string
type Client
- func New(APIKey string) *Client
type DownloadSamples
- func NewDownloadSamples(ha *Client) *DownloadSamples
type ListLatest
type ListLatestData
type Samples
- func NewSamples(ha *Client) *Samples
type SamplesStream
- func NewSamplesStream(client *Client, sleeper *sleeper.Sleeper) *SamplesStream
- func (s *SamplesStream) GetSample() (*ListLatestData, error)
- func (s *SamplesStream) UpdateSamples() error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	//	ErrTooBigFile    = errors.New("too big file size")
	ErrResponseError = errors.New("response error")
)

Functions ¶

func FileSHA256 ¶

func FileSHA256(filePath string) (string, error)

func GuessFileName ¶

func GuessFileName(data *ListLatestData) string

func Sha256 ¶

func Sha256(filePath string) (string, error)

func Sha256ForData ¶

func Sha256ForData(data []byte) string

Types ¶

type Client ¶

type Client struct {
	APIKey string
	// contains filtered or unexported fields
}

func New ¶

func New(APIKey string) *Client

func (*Client) DownloadGzipSample ¶

func (c *Client) DownloadGzipSample(id string) (io.ReadCloser, error)

func (*Client) DownloadSample ¶

func (c *Client) DownloadSample(id string) (io.Reader, io.Closer, error)

func (*Client) IterateFiles ¶

func (c *Client) IterateFiles(
	callback func(data *ListLatestData, path string) error,
	filter func(data *ListLatestData) bool) error

func (*Client) IterateReader ¶

func (c *Client) IterateReader(callback func(data *ListLatestData, r io.Reader) error,
	filter func(data *ListLatestData) bool) error

func (*Client) ListLatestSamples ¶

func (c *Client) ListLatestSamples() (*ListLatest, error)

func (*Client) Report ¶

func (c *Client) Report(jobID, reportType string) ([]byte, error)

func (*Client) SetUserAgent ¶

func (c *Client) SetUserAgent(userAgent string) *Client

type DownloadSamples ¶

type DownloadSamples struct {
	// contains filtered or unexported fields
}

func NewDownloadSamples ¶

func NewDownloadSamples(ha *Client) *DownloadSamples

func (*DownloadSamples) Download ¶

func (ds *DownloadSamples) Download(targetFolder string) error

func (*DownloadSamples) MatchExtension ¶

func (ds *DownloadSamples) MatchExtension(fileName string) bool

func (*DownloadSamples) SetExtension ¶

func (ds *DownloadSamples) SetExtension(keyword string) *DownloadSamples

func (*DownloadSamples) SetInclude ¶

func (ds *DownloadSamples) SetInclude(keyword string) *DownloadSamples

func (*DownloadSamples) SetSkip ¶

func (ds *DownloadSamples) SetSkip(keyword string) *DownloadSamples

func (*DownloadSamples) SetThreatLevelThreshold ¶

func (ds *DownloadSamples) SetThreatLevelThreshold(threatLevelThreshold int) *DownloadSamples

type ListLatest ¶

type ListLatest struct {
	Count  int              `json:"count"`
	Status string           `json:"status"`
	Data   []ListLatestData `json:"data"`
}

func Unbackslash(s string) string {
	var sb strings.Builder
	backslash := false
	for _, r := range s {
		if backslash {
			switch r {
			case 'a':
				sb.WriteRune('\a')
			case 'b':
				sb.WriteRune('\b')
			case '\\':
				sb.WriteRune('\\')
			case 't':
				sb.WriteRune('\t')
			case 'n':
				sb.WriteRune('\n')
			case 'f':
				sb.WriteRune('\f')
			case 'r':
				sb.WriteRune('\r')
			case 'v':
				sb.WriteRune('\v')
			case '\'':
				sb.WriteRune('\'')
			case '"':
				sb.WriteRune('"')
			}
			backslash = false
		} else {
			if r == '\\' {
				backslash = true
			} else {
				sb.WriteRune(r)
			}
		}
	}
	return sb.String()
}

type ListLatestData ¶

type ListLatestData struct {
	JobID             string   `json:"job_id"`
	Md5               string   `json:"md5"`
	Sha1              string   `json:"sha1"`
	Sha256            string   `json:"sha256"`
	Interesting       bool     `json:"interesting"`
	AnalysisStartTime string   `json:"analysis_start_time"`
	ThreatScore       int      `json:"threat_score"`
	ThreatLevel       int      `json:"threat_level"`
	ThreatLevelHuman  string   `json:"threat_level_human"`
	Unknown           bool     `json:"unknown"`
	Domains           []string `json:"domains"`
	Hosts             []string `json:"hosts"`
	HostsGeolocation  []struct {
		IP        string `json:"ip"`
		Latitude  string `json:"latitude"`
		Longitude string `json:"longitude"`
		Country   string `json:"country"`
	} `json:"hosts_geolocation"`
	EnvironmentID          int    `json:"environment_id"`
	EnvironmentDescription string `json:"environment_description"`
	SharedAnalysis         bool   `json:"shared_analysis"`
	Reliable               bool   `json:"reliable"`
	ReportURL              string `json:"report_url"`
	Processes              []struct {
		UID            string `json:"uid"`
		Name           string `json:"name"`
		NormalizedPath string `json:"normalized_path"`
		CommandLine    string `json:"command_line"`
		Sha256         string `json:"sha256"`
		Parentuid      string `json:"parentuid,omitempty"`
	} `json:"processes"`
	ExtractedFiles []struct {
		Name                    string   `json:"name"`
		FileSize                int      `json:"file_size"`
		Sha1                    string   `json:"sha1"`
		Sha256                  string   `json:"sha256"`
		Md5                     string   `json:"md5"`
		TypeTags                []string `json:"type_tags,omitempty"`
		Description             string   `json:"description"`
		RuntimeProcess          string   `json:"runtime_process"`
		ThreatLevel             int      `json:"threat_level"`
		ThreatLevelReadable     string   `json:"threat_level_readable"`
		AvMatched               int      `json:"av_matched,omitempty"`
		AvTotal                 int      `json:"av_total,omitempty"`
		FileAvailableToDownload bool     `json:"file_available_to_download"`
		FilePath                string   `json:"file_path,omitempty"`
	} `json:"extracted_files"`
	Ssdeep string `json:"ssdeep"`
}

type Samples ¶

type Samples struct {
	// contains filtered or unexported fields
}

func NewSamples ¶

func NewSamples(ha *Client) *Samples

func (*Samples) Download ¶

func (s *Samples) Download(targetFolder string, pathChan chan string) error

func (*Samples) MatchExtension ¶

func (s *Samples) MatchExtension(fileName string) bool

func (*Samples) SetExtension ¶

func (s *Samples) SetExtension(keyword string) *Samples

func (*Samples) SetInclude ¶

func (s *Samples) SetInclude(keyword string) *Samples

func (*Samples) SetSkip ¶

func (s *Samples) SetSkip(keyword string) *Samples

func (*Samples) SetThreatLevelThreshold ¶

func (s *Samples) SetThreatLevelThreshold(threatLevelThreshold int) *Samples

type SamplesStream ¶

type SamplesStream struct {
	// contains filtered or unexported fields
}

func NewSamplesStream ¶

func NewSamplesStream(client *Client, sleeper *sleeper.Sleeper) *SamplesStream

func (*SamplesStream) GetSample ¶

func (s *SamplesStream) GetSample() (*ListLatestData, error)

func (*SamplesStream) UpdateSamples ¶

func (s *SamplesStream) UpdateSamples() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL