wepawet 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data/Gemfile.lock +24 -0
  2. data/README.rdoc +1 -1
  3. data/Rakefile +1 -1
  4. data/VERSION +1 -1
  5. data/lib/wepawet/wepawet.rb +106 -0
  6. data/wepawet.gemspec +78 -0
  7. metadata +8 -5
data/Gemfile.lock ADDED
@@ -0,0 +1,24 @@
1
+ GEM
2
+ remote: http://rubygems.org/
3
+ specs:
4
+ git (1.2.5)
5
+ jeweler (1.5.2)
6
+ bundler (~> 1.0.0)
7
+ git (>= 1.2.5)
8
+ rake
9
+ libxml-ruby (1.1.4)
10
+ multipart-post (1.1.0)
11
+ rake (0.8.7)
12
+ rcov (0.9.9)
13
+ shoulda (2.11.3)
14
+
15
+ PLATFORMS
16
+ ruby
17
+
18
+ DEPENDENCIES
19
+ bundler (~> 1.0.0)
20
+ jeweler (~> 1.5.2)
21
+ libxml-ruby (>= 1.1.4)
22
+ multipart-post (>= 1.1.0)
23
+ rcov
24
+ shoulda
data/README.rdoc CHANGED
@@ -1,6 +1,6 @@
1
1
  = wepawet
2
2
 
3
- This gem provides an interface to UAB's wepawet malicious URL analysis project
3
+ This gem provides an interface to UCSB's wepawet malicious URL analysis project
4
4
  Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu
5
5
 
6
6
  Example usage:
data/Rakefile CHANGED
@@ -15,7 +15,7 @@ Jeweler::Tasks.new do |gem|
15
15
  gem.name = "wepawet"
16
16
  gem.homepage = "http://github.com/chrislee35/wepawet"
17
17
  gem.license = "MIT"
18
- gem.summary = %Q{provides an interface to UAB's wepawet malicious URL analysis project}
18
+ gem.summary = %Q{provides an interface to UCSB's wepawet malicious URL analysis project}
19
19
  gem.description = %Q{Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu}
20
20
  gem.email = "rubygems@chrislee.dhs.org"
21
21
  gem.authors = ["Chris Lee"]
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.1.1
data/lib/wepawet/wepawet.rb ADDED
@@ -0,0 +1,106 @@
1
+ require 'net/http'
2
+ require 'net/https'
3
+ require 'uri'
4
+ require 'net/http/post/multipart'
5
+ require 'xml'
6
+ require 'cgi'
7
+
8
+ # The Wepawet module contains all the query and submission classes for wepawet
9
+ module Wepawet
10
+
11
+ # Wepawet::Submit is used to submit new files and/or URLs into the wepawet system.
12
+ class Submit
13
+ def initialize(config)
14
+ @config = config
15
+ end
16
+
17
+ def submit_file(filename, resource_type='js')
18
+ params = {'resource_type' => resource_type}
19
+ ['user','passwd','referer'].each do |opt|
20
+ params[opt] = @config[opt] if @config[opt]
21
+ end
22
+ file = File.open(filename)
23
+ params['file'] = UploadIO.new(file, "application/octet-stream", File.basename(filename))
24
+ uri = URI.parse(@config['wepawetSubmitUrl'])
25
+ http = Net::HTTP.new(uri.host, uri.port)
26
+ http.use_ssl = (url.scheme == 'https')
27
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
28
+ request = Net::HTTP::Post::Multipart.new(uri.path, params)
29
+ request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} wepawet gem (https://github.com/chrislee35/wepawet)")
30
+ response = http.request(request)
31
+ parse_response(response.body)
32
+ end
33
+
34
+ # Wepawet::Submit#submit_url(url) submits a new URL to the wepawet system and returns a task ID (a hash).
35
+ def submit_url(url, resource_type='js')
36
+ params = {'resource_type' => resource_type, 'url' => url}
37
+ ['user','passwd','referer'].each do |opt|
38
+ params[opt] = @config[opt] if @config[opt]
39
+ end
40
+ puts @config['wepawetSubmitUrl']
41
+ uri = URI.parse(@config['wepawetSubmitUrl'])
42
+ http = Net::HTTP.new(uri.host, uri.port)
43
+ http.use_ssl = (uri.scheme == 'https')
44
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
45
+ request = Net::HTTP::Post.new(uri.path)
46
+ request.set_form_data(params)
47
+ request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} wepawet gem (https://github.com/chrislee35/wepawet)")
48
+ response = http.request(request)
49
+ parse_response(response.body)
50
+ end
51
+
52
+ def parse_response(doc)
53
+ xml = XML::Document.string(doc)
54
+ h = xml.find("hash")
55
+ h[0].child.to_s
56
+ rescue Exception
57
+ return nil
58
+ end
59
+ end
60
+
61
+ class Query
62
+ def initialize(config)
63
+ @config = config
64
+ end
65
+
66
+ def by_whatever(whatever, value)
67
+ params = {'resource_type' => 'js', whatever => value}
68
+ urlkey = (whatever == 'hash') ? 'wepawetQueryUrl' : (whatever == 'domain') ? 'wepawetDomainUrl' : (whatever == 'url') ? 'wepawetUrlUrl' : 'wepawetQueryUrl'
69
+ uri = URI.parse(@config[urlkey]+"?"+params.map{|k,v| "#{k}=#{v}"}.join("&"))
70
+ http = Net::HTTP.new(uri.host, uri.port)
71
+ http.use_ssl = (uri.scheme == 'https')
72
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
73
+ request = Net::HTTP::Get.new(uri.path+"?"+uri.query)
74
+ request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} wepawet gem (https://github.com/chrislee35/wepawet)")
75
+ response = http.request(request)
76
+ _parse_response(response.body)
77
+ end
78
+
79
+ def by_taskid(taskid)
80
+ by_whatever('hash',taskid)
81
+ end
82
+
83
+ alias :by_hash :by_taskid
84
+
85
+ def by_domain(domain)
86
+ by_whatever('domain',domain)
87
+ end
88
+
89
+ def by_url(url)
90
+ by_whatever('url', CGI.escape(url))
91
+ end
92
+
93
+ def _parse_response(doc)
94
+ xml = XML::Document.string(doc)
95
+ hash = {}
96
+ xml.child.children.each do |node|
97
+ if node.name =~ /\w/ and node.child
98
+ hash[node.name] = node.child.content
99
+ end
100
+ end
101
+ hash
102
+ rescue Exception
103
+ return nil
104
+ end
105
+ end
106
+ end
data/wepawet.gemspec ADDED
@@ -0,0 +1,78 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{wepawet}
8
+ s.version = "0.1.1"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Chris Lee"]
12
+ s.date = %q{2011-04-24}
13
+ s.description = %q{Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu}
14
+ s.email = %q{rubygems@chrislee.dhs.org}
15
+ s.executables = ["wepawet"]
16
+ s.extra_rdoc_files = [
17
+ "LICENSE.txt",
18
+ "README.rdoc"
19
+ ]
20
+ s.files = [
21
+ ".document",
22
+ "Gemfile",
23
+ "Gemfile.lock",
24
+ "LICENSE.txt",
25
+ "README.rdoc",
26
+ "Rakefile",
27
+ "VERSION",
28
+ "bin/wepawet",
29
+ "lib/wepawet.rb",
30
+ "lib/wepawet/wepawet.rb",
31
+ "test/helper.rb",
32
+ "test/test_wepawet.rb",
33
+ "wepawet.gemspec"
34
+ ]
35
+ s.homepage = %q{http://github.com/chrislee35/wepawet}
36
+ s.licenses = ["MIT"]
37
+ s.require_paths = ["lib"]
38
+ s.rubygems_version = %q{1.7.2}
39
+ s.summary = %q{provides an interface to UCSB's wepawet malicious URL analysis project}
40
+ s.test_files = [
41
+ "test/helper.rb",
42
+ "test/test_wepawet.rb"
43
+ ]
44
+
45
+ if s.respond_to? :specification_version then
46
+ s.specification_version = 3
47
+
48
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
49
+ s.add_runtime_dependency(%q<multipart-post>, [">= 1.1.0"])
50
+ s.add_runtime_dependency(%q<libxml-ruby>, [">= 1.1.4"])
51
+ s.add_development_dependency(%q<shoulda>, [">= 0"])
52
+ s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
53
+ s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
54
+ s.add_development_dependency(%q<rcov>, [">= 0"])
55
+ s.add_runtime_dependency(%q<multipart-post>, [">= 1.1.0"])
56
+ s.add_runtime_dependency(%q<libxml-ruby>, [">= 1.1.4"])
57
+ else
58
+ s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
59
+ s.add_dependency(%q<libxml-ruby>, [">= 1.1.4"])
60
+ s.add_dependency(%q<shoulda>, [">= 0"])
61
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
62
+ s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
63
+ s.add_dependency(%q<rcov>, [">= 0"])
64
+ s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
65
+ s.add_dependency(%q<libxml-ruby>, [">= 1.1.4"])
66
+ end
67
+ else
68
+ s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
69
+ s.add_dependency(%q<libxml-ruby>, [">= 1.1.4"])
70
+ s.add_dependency(%q<shoulda>, [">= 0"])
71
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
72
+ s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
73
+ s.add_dependency(%q<rcov>, [">= 0"])
74
+ s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
75
+ s.add_dependency(%q<libxml-ruby>, [">= 1.1.4"])
76
+ end
77
+ end
78
+
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wepawet
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 25
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 0
10
- version: 0.1.0
9
+ - 1
10
+ version: 0.1.1
11
11
  platform: ruby
12
12
  authors:
13
13
  - Chris Lee
@@ -153,14 +153,17 @@ extra_rdoc_files:
153
153
  files:
154
154
  - .document
155
155
  - Gemfile
156
+ - Gemfile.lock
156
157
  - LICENSE.txt
157
158
  - README.rdoc
158
159
  - Rakefile
159
160
  - VERSION
161
+ - bin/wepawet
160
162
  - lib/wepawet.rb
163
+ - lib/wepawet/wepawet.rb
161
164
  - test/helper.rb
162
165
  - test/test_wepawet.rb
163
- - bin/wepawet
166
+ - wepawet.gemspec
164
167
  homepage: http://github.com/chrislee35/wepawet
165
168
  licenses:
166
169
  - MIT
@@ -193,7 +196,7 @@ rubyforge_project:
193
196
  rubygems_version: 1.7.2
194
197
  signing_key:
195
198
  specification_version: 3
196
- summary: provides an interface to UAB's wepawet malicious URL analysis project
199
+ summary: provides an interface to UCSB's wepawet malicious URL analysis project
197
200
  test_files:
198
201
  - test/helper.rb
199
202
  - test/test_wepawet.rb