wepawet 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. data/.document +5 -0
  2. data/Gemfile +14 -0
  3. data/LICENSE.txt +20 -0
  4. data/README.rdoc +37 -0
  5. data/Rakefile +52 -0
  6. data/VERSION +1 -0
  7. data/bin/wepawet +123 -0
  8. data/lib/wepawet.rb +1 -0
  9. data/test/helper.rb +18 -0
  10. data/test/test_wepawet.rb +23 -0
  11. metadata +199 -0
data/.document ADDED
@@ -0,0 +1,5 @@
1
+ lib/**/*.rb
2
+ bin/*
3
+ -
4
+ features/**/*.feature
5
+ LICENSE.txt
data/Gemfile ADDED
@@ -0,0 +1,14 @@
1
+ source "http://rubygems.org"
2
+ # Add dependencies required to use your gem here.
3
+ # Example:
4
+ gem "multipart-post", ">= 1.1.0"
5
+ gem "libxml-ruby", ">= 1.1.4"
6
+
7
+ # Add dependencies to develop your gem here.
8
+ # Include everything needed to run rake, tests, features, etc.
9
+ group :development do
10
+ gem "shoulda", ">= 0"
11
+ gem "bundler", "~> 1.0.0"
12
+ gem "jeweler", "~> 1.5.2"
13
+ gem "rcov", ">= 0"
14
+ end
data/LICENSE.txt ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2011 Chris Lee
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.rdoc ADDED
@@ -0,0 +1,37 @@
1
+ = wepawet
2
+
3
+ This gem provides an interface to UAB's wepawet malicious URL analysis project
4
+ Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu
5
+
6
+ Example usage:
7
+ config = {
8
+ 'wepawetSubmitUrl' => 'http://wepawet.cs.ucsb.edu/services/upload.php',
9
+ 'wepawetQueryUrl' => 'http://wepawet.cs.ucsb.edu/services/query.php',
10
+ 'wepawetDomainUrl' => 'http://wepawet.cs.ucsb.edu/services/domain.php',
11
+ 'wepawetUrlUrl' => 'http://wepawet.cs.ucsb.edu/services/url.php',
12
+ }
13
+ w = Wepawet::Submit.new(config)
14
+ hash = w.submit_url("http://example.com")
15
+ q = Wepawet::Query.new(config)
16
+ resp = q.by_taskid(hash)
17
+ # => {"url"=>"http://example.com", "status"=>"queued"}
18
+ resp = q.by_domain("example.com")
19
+ # => {"domain"=>"example.com", "report_url"=>"http://wepawet.cs.ucsb.edu/domain.php?hash=a6bf1757fff057f266b697df9cf176fd&type=js"}
20
+ resp = q.by_url("http://example.com")
21
+ # => {"url"=>"http://example.com", "benign"=>"http://wepawet.cs.ucsb.edu/view.php?hash=a9b9f04336ce0181a08e774e01113b31&t=1303679363&type=js"}
22
+
23
+ == Contributing to wepawet
24
+
25
+ * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
26
+ * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
27
+ * Fork the project
28
+ * Start a feature/bugfix branch
29
+ * Commit and push until you are happy with your contribution
30
+ * Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
31
+ * Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
32
+
33
+ == Copyright
34
+
35
+ Copyright (c) 2011 Chris Lee. See LICENSE.txt for
36
+ further details.
37
+
data/Rakefile ADDED
@@ -0,0 +1,52 @@
1
+ require 'rubygems'
2
+ require 'bundler'
3
+ begin
4
+ Bundler.setup(:default, :development)
5
+ rescue Bundler::BundlerError => e
6
+ $stderr.puts e.message
7
+ $stderr.puts "Run `bundle install` to install missing gems"
8
+ exit e.status_code
9
+ end
10
+ require 'rake'
11
+
12
+ require 'jeweler'
13
+ Jeweler::Tasks.new do |gem|
14
+ # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
15
+ gem.name = "wepawet"
16
+ gem.homepage = "http://github.com/chrislee35/wepawet"
17
+ gem.license = "MIT"
18
+ gem.summary = %Q{provides an interface to UAB's wepawet malicious URL analysis project}
19
+ gem.description = %Q{Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu}
20
+ gem.email = "rubygems@chrislee.dhs.org"
21
+ gem.authors = ["Chris Lee"]
22
+ gem.add_runtime_dependency "multipart-post", ">= 1.1.0"
23
+ gem.add_runtime_dependency "libxml-ruby", ">= 1.1.4"
24
+ gem.executables = ["wepawet"]
25
+ end
26
+ Jeweler::RubygemsDotOrgTasks.new
27
+
28
+ require 'rake/testtask'
29
+ Rake::TestTask.new(:test) do |test|
30
+ test.libs << 'lib' << 'test'
31
+ test.pattern = 'test/**/test_*.rb'
32
+ test.verbose = true
33
+ end
34
+
35
+ require 'rcov/rcovtask'
36
+ Rcov::RcovTask.new do |test|
37
+ test.libs << 'test'
38
+ test.pattern = 'test/**/test_*.rb'
39
+ test.verbose = true
40
+ end
41
+
42
+ task :default => :test
43
+
44
+ require 'rake/rdoctask'
45
+ Rake::RDocTask.new do |rdoc|
46
+ version = File.exist?('VERSION') ? File.read('VERSION') : ""
47
+
48
+ rdoc.rdoc_dir = 'rdoc'
49
+ rdoc.title = "wepawet #{version}"
50
+ rdoc.rdoc_files.include('README*')
51
+ rdoc.rdoc_files.include('lib/**/*.rb')
52
+ end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.1.0
data/bin/wepawet ADDED
@@ -0,0 +1,123 @@
1
+ #!/usr/bin/env ruby
2
+ # DESCRIPTION: queries wepawet
3
+ begin
4
+ require 'wepawet'
5
+ rescue LoadError
6
+ require 'rubygems'
7
+ require 'wepawet'
8
+ end
9
+ require 'getoptlong'
10
+ require 'configparser'
11
+ require 'pp'
12
+
13
+ def usage
14
+ msg = <<EOD
15
+ Usage: #{$0} OPTIONS
16
+ -c,--config FILE use a given configuration file
17
+ -C,--credentials USER:PASSWD use the given credentials
18
+ -d,--domain DOMAIN query if DOMAIN has been analyzed
19
+ -h,--help print this message and exit
20
+ -q,--query TASK_ID query the status of a request
21
+ -r,--referer URL use URL as the initial referer
22
+ -s,--submit URL submit URL for analysis
23
+ -u,--url URL query if URL has been analyzed
24
+ -w,--wepawet SERVER wepawet server
25
+ EOD
26
+ exit
27
+ end
28
+
29
+ opts = GetoptLong.new(
30
+ [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
31
+ [ '--config', '-c', GetoptLong::REQUIRED_ARGUMENT ],
32
+ [ '--credentials', '-C', GetoptLong::REQUIRED_ARGUMENT ],
33
+ [ '--wepawet', '-w', GetoptLong::REQUIRED_ARGUMENT ],
34
+
35
+ [ '--submit', '-s', GetoptLong::REQUIRED_ARGUMENT ],
36
+ [ '--referer', '-r', GetoptLong::REQUIRED_ARGUMENT ],
37
+
38
+ [ '--query', '-q', GetoptLong::REQUIRED_ARGUMENT ],
39
+ [ '--domain', '-d', GetoptLong::REQUIRED_ARGUMENT ],
40
+ [ '--url', '-u', GetoptLong::REQUIRED_ARGUMENT ]
41
+ )
42
+
43
+ config = "#{ENV['HOME']}/.wepawet"
44
+ action = 'query' # or 'submit'
45
+ querytype = 'hash' # or 'url' or 'domain'
46
+ item = nil
47
+ referer = nil
48
+
49
+ user = nil
50
+ pass = nil
51
+ host = nil
52
+
53
+ opts.each do |opt, arg|
54
+ case opt
55
+ when '--help'
56
+ usage
57
+ when '--config'
58
+ config = arg
59
+ when '--credentials'
60
+ user, pass = arg.split(/:/)
61
+ when '--wepawet'
62
+ host = arg
63
+ when '--submit'
64
+ action = 'submit'
65
+ item = arg
66
+ when '--referer'
67
+ referer = arg
68
+ when '--domain'
69
+ querytype = 'domain'
70
+ item = arg
71
+ when '--query'
72
+ item = arg
73
+ when '--url'
74
+ querytype = 'url'
75
+ item = arg
76
+ else
77
+ usage
78
+ end
79
+ end
80
+
81
+ if File.exists? config
82
+ config = ConfigParser.new(config)
83
+ else
84
+ config = {}
85
+ end
86
+
87
+ if user
88
+ config['user'] = user
89
+ config['pass'] = pass
90
+ end
91
+ if host
92
+ config['wepawetQueryUrl'] = "http://#{host}/services/query.php"
93
+ config['wepawetSubmitUrl'] = "http://#{host}/services/upload.php"
94
+ config['wepawetDomainUrl'] = "http://#{host}/services/domain.php"
95
+ config['wepawetUrlUrl'] = "http://#{host}/services/url.php"
96
+ end
97
+ unless config['wepawetQueryUrl']
98
+ puts "wepawetQueryUrl is not defined in either the configuration file or via the --wepawet option"
99
+ usage
100
+ end
101
+
102
+ if action == 'submit'
103
+ w = Wepawet::Submit.new(config)
104
+ if File.exists(item)
105
+ puts w.submit_file(item)
106
+ else
107
+ puts w.submit_url(item)
108
+ end
109
+ elsif action == 'query'
110
+ w = Wepawet::Query.new(config)
111
+ case querytype
112
+ when 'hash'
113
+ pp w.by_hash(item)
114
+ when 'domain'
115
+ pp w.by_domain(item)
116
+ when 'url'
117
+ pp w.by_url(item)
118
+ else
119
+ usage
120
+ end
121
+ else
122
+ usage
123
+ end
data/lib/wepawet.rb ADDED
@@ -0,0 +1 @@
1
+ require 'wepawet/wepawet'
data/test/helper.rb ADDED
@@ -0,0 +1,18 @@
1
+ require 'rubygems'
2
+ require 'bundler'
3
+ begin
4
+ Bundler.setup(:default, :development)
5
+ rescue Bundler::BundlerError => e
6
+ $stderr.puts e.message
7
+ $stderr.puts "Run `bundle install` to install missing gems"
8
+ exit e.status_code
9
+ end
10
+ require 'test/unit'
11
+ require 'shoulda'
12
+
13
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
14
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
15
+ require 'wepawet'
16
+
17
+ class Test::Unit::TestCase
18
+ end
data/test/test_wepawet.rb ADDED
@@ -0,0 +1,23 @@
1
+ require 'helper'
2
+
3
+ class TestWepawet < Test::Unit::TestCase
4
+ should "submit submit http://example.com for analysis" do
5
+ config = {
6
+ 'wepawetSubmitUrl' => 'http://wepawet.cs.ucsb.edu/services/upload.php',
7
+ 'wepawetQueryUrl' => 'http://wepawet.cs.ucsb.edu/services/query.php',
8
+ 'wepawetDomainUrl' => 'http://wepawet.cs.ucsb.edu/services/domain.php',
9
+ 'wepawetUrlUrl' => 'http://wepawet.cs.ucsb.edu/services/url.php',
10
+ }
11
+ w = Wepawet::Submit.new(config)
12
+ hash = w.submit_url("http://example.com")
13
+ assert_equal(32, hash.length)
14
+ assert(hash =~ /^[a-fA-F0-9]{32}$/)
15
+ q = Wepawet::Query.new(config)
16
+ resp = q.by_taskid(hash)
17
+ assert("http://example.com", resp['url'])
18
+ resp = q.by_domain("example.com")
19
+ assert("example.com", resp['domain'])
20
+ resp = q.by_url("http://example.com")
21
+ assert("http://example.com", resp['url'])
22
+ end
23
+ end
metadata ADDED
@@ -0,0 +1,199 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: wepawet
3
+ version: !ruby/object:Gem::Version
4
+ hash: 27
5
+ prerelease:
6
+ segments:
7
+ - 0
8
+ - 1
9
+ - 0
10
+ version: 0.1.0
11
+ platform: ruby
12
+ authors:
13
+ - Chris Lee
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2011-04-24 00:00:00 Z
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
21
+ version_requirements: &id001 !ruby/object:Gem::Requirement
22
+ none: false
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ hash: 19
27
+ segments:
28
+ - 1
29
+ - 1
30
+ - 0
31
+ version: 1.1.0
32
+ requirement: *id001
33
+ prerelease: false
34
+ name: multipart-post
35
+ type: :runtime
36
+ - !ruby/object:Gem::Dependency
37
+ version_requirements: &id002 !ruby/object:Gem::Requirement
38
+ none: false
39
+ requirements:
40
+ - - ">="
41
+ - !ruby/object:Gem::Version
42
+ hash: 27
43
+ segments:
44
+ - 1
45
+ - 1
46
+ - 4
47
+ version: 1.1.4
48
+ requirement: *id002
49
+ prerelease: false
50
+ name: libxml-ruby
51
+ type: :runtime
52
+ - !ruby/object:Gem::Dependency
53
+ version_requirements: &id003 !ruby/object:Gem::Requirement
54
+ none: false
55
+ requirements:
56
+ - - ">="
57
+ - !ruby/object:Gem::Version
58
+ hash: 3
59
+ segments:
60
+ - 0
61
+ version: "0"
62
+ requirement: *id003
63
+ prerelease: false
64
+ name: shoulda
65
+ type: :development
66
+ - !ruby/object:Gem::Dependency
67
+ version_requirements: &id004 !ruby/object:Gem::Requirement
68
+ none: false
69
+ requirements:
70
+ - - ~>
71
+ - !ruby/object:Gem::Version
72
+ hash: 23
73
+ segments:
74
+ - 1
75
+ - 0
76
+ - 0
77
+ version: 1.0.0
78
+ requirement: *id004
79
+ prerelease: false
80
+ name: bundler
81
+ type: :development
82
+ - !ruby/object:Gem::Dependency
83
+ version_requirements: &id005 !ruby/object:Gem::Requirement
84
+ none: false
85
+ requirements:
86
+ - - ~>
87
+ - !ruby/object:Gem::Version
88
+ hash: 7
89
+ segments:
90
+ - 1
91
+ - 5
92
+ - 2
93
+ version: 1.5.2
94
+ requirement: *id005
95
+ prerelease: false
96
+ name: jeweler
97
+ type: :development
98
+ - !ruby/object:Gem::Dependency
99
+ version_requirements: &id006 !ruby/object:Gem::Requirement
100
+ none: false
101
+ requirements:
102
+ - - ">="
103
+ - !ruby/object:Gem::Version
104
+ hash: 3
105
+ segments:
106
+ - 0
107
+ version: "0"
108
+ requirement: *id006
109
+ prerelease: false
110
+ name: rcov
111
+ type: :development
112
+ - !ruby/object:Gem::Dependency
113
+ version_requirements: &id007 !ruby/object:Gem::Requirement
114
+ none: false
115
+ requirements:
116
+ - - ">="
117
+ - !ruby/object:Gem::Version
118
+ hash: 19
119
+ segments:
120
+ - 1
121
+ - 1
122
+ - 0
123
+ version: 1.1.0
124
+ requirement: *id007
125
+ prerelease: false
126
+ name: multipart-post
127
+ type: :runtime
128
+ - !ruby/object:Gem::Dependency
129
+ version_requirements: &id008 !ruby/object:Gem::Requirement
130
+ none: false
131
+ requirements:
132
+ - - ">="
133
+ - !ruby/object:Gem::Version
134
+ hash: 27
135
+ segments:
136
+ - 1
137
+ - 1
138
+ - 4
139
+ version: 1.1.4
140
+ requirement: *id008
141
+ prerelease: false
142
+ name: libxml-ruby
143
+ type: :runtime
144
+ description: Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu
145
+ email: rubygems@chrislee.dhs.org
146
+ executables:
147
+ - wepawet
148
+ extensions: []
149
+
150
+ extra_rdoc_files:
151
+ - LICENSE.txt
152
+ - README.rdoc
153
+ files:
154
+ - .document
155
+ - Gemfile
156
+ - LICENSE.txt
157
+ - README.rdoc
158
+ - Rakefile
159
+ - VERSION
160
+ - lib/wepawet.rb
161
+ - test/helper.rb
162
+ - test/test_wepawet.rb
163
+ - bin/wepawet
164
+ homepage: http://github.com/chrislee35/wepawet
165
+ licenses:
166
+ - MIT
167
+ post_install_message:
168
+ rdoc_options: []
169
+
170
+ require_paths:
171
+ - lib
172
+ required_ruby_version: !ruby/object:Gem::Requirement
173
+ none: false
174
+ requirements:
175
+ - - ">="
176
+ - !ruby/object:Gem::Version
177
+ hash: 3
178
+ segments:
179
+ - 0
180
+ version: "0"
181
+ required_rubygems_version: !ruby/object:Gem::Requirement
182
+ none: false
183
+ requirements:
184
+ - - ">="
185
+ - !ruby/object:Gem::Version
186
+ hash: 3
187
+ segments:
188
+ - 0
189
+ version: "0"
190
+ requirements: []
191
+
192
+ rubyforge_project:
193
+ rubygems_version: 1.7.2
194
+ signing_key:
195
+ specification_version: 3
196
+ summary: provides an interface to UAB's wepawet malicious URL analysis project
197
+ test_files:
198
+ - test/helper.rb
199
+ - test/test_wepawet.rb