atomicshop 2.11.47__py3-none-any.whl → 3.10.5__py3-none-any.whl

atomicshop/archiver/zips.py

@@ -1,293 +0,0 @@
-import os
-import time
-import zipfile
-from io import BytesIO
-from typing import Union
-
-from .. import filesystem
-from ..print_api import print_api
-
-
-def is_zip_zipfile(file_object: Union[str, bytes]) -> bool:
-    """
-    Function checks if the file is a zip file.
-    :param file_object: can be two types:
-        string, full path to the file.
-        bytes or BytesIO, the bytes of the file.
-    :return: boolean.
-    """
-
-    try:
-        if isinstance(file_object, bytes):
-            with BytesIO(file_object) as file_object:
-                with zipfile.ZipFile(file_object) as zip_object:
-                    zip_object.testzip()
-                    return True
-        elif isinstance(file_object, str):
-            with zipfile.ZipFile(file_object) as zip_object:
-                zip_object.testzip()
-                return True
-    except zipfile.BadZipFile:
-        return False
-
-
-def is_zip_magic_number(file_path: str) -> bool:
-    """
-    Function checks if the file is a zip file using magic number.
-    :param file_path: string, full path to the file.
-    :return: boolean.
-
-    50 4B 03 04: This is the most common signature, found at the beginning of a ZIP file.
-        It signifies the start of a file within the ZIP archive and is present in almost all ZIP files.
-        Each file within the ZIP archive starts with this signature.
-    50 4B 05 06: This is the end of central directory record signature.
-        It's found at the end of a ZIP file and is essential for identifying the structure of the ZIP archive,
-        especially in cases where the file is split or is a multi-part archive.
-    50 4B 07 08: This signature is used for spanned ZIP archives (also known as split or multi-volume ZIP archives).
-        It's found in the end of central directory locator for ZIP files that are split across multiple volumes.
-    """
-
-    with open(file_path, 'rb') as file:
-        # Read the first 4 bytes of the file
-        signature = file.read(4)
-
-    # Check if the signature matches any of the ZIP signatures
-    return signature in [b'PK\x03\x04', b'PK\x05\x06', b'PK\x07\x08']
-
-
-def extract_archive_with_zipfile(
-        archive_path: str,
-        extract_directory: str = None,
-        files_without_directories: bool = False,
-        remove_first_directory: bool = False,
-        print_kwargs: dict = None
-) -> str:
-    """
-    Function will extract the archive using standard library 'zipfile'.
-    This method preserves original date and time of the files inside the archive.
-
-    :param archive_path: string, full path to archived file.
-    :param extract_directory: string, full path to directory that the files will be extracted to.
-        If not specified, the files will be extracted to the same directory as the archived file, using the file name
-        without extension as the directory name.
-    :param files_without_directories: boolean, default 'False'.
-        'True': All the files in the archive will be extracted without subdirectories hierarchy.
-            Meaning, that if there are duplicate file names, the latest file with the same file name will overwrite
-            all the rest of the files with the same name.
-        'False': Subdirectory hierarchy will be preserved as it is currently in the archived file.
-    :param remove_first_directory: boolean, default is 'False'.
-        'True': all the files will be extracted without first directory in the hierarchy.
-            Example: package_some_name_1.1.1_build/subdir1/file.exe
-            Will be extracted as: subdir/file.exe
-    :param print_kwargs: dict, kwargs for print_api.
-
-    :return: string, full path to directory that the files were extracted to.
-    """
-
-    if print_kwargs is None:
-        print_kwargs = dict()
-
-    # If 'extract_directory' is not specified, extract to the same directory as the archived file.
-    if extract_directory is None:
-        extract_directory = (
-                filesystem.get_file_directory(archive_path) + os.sep +
-                filesystem.get_file_name_without_extension(archive_path))
-
-    print_api(f'Extracting to directory: {extract_directory}', **print_kwargs)
-
-    # initiating the archived file path as 'zipfile.ZipFile' object.
-    with zipfile.ZipFile(archive_path) as zip_object:
-        # '.infolist()' method of the object contains all the directories and files that are in the archive including
-        # information about each one, like date and time of archiving.
-        for zip_info in zip_object.infolist():
-            # '.filename' attribute of the 'infolist()' method is relative path to each directory and file.
-            # If 'filename' ends with '/' it is a directory (it doesn't matter if it is windows or *nix)
-            # If so, skip current iteration.
-            if zip_info.filename[-1] == '/':
-                continue
-
-            if files_without_directories:
-                # Put into 'filename' the string that contains only the filename without subdirectories.
-                zip_info.filename = os.path.basename(zip_info.filename)
-            elif remove_first_directory:
-                # Cut the first directory from the filename.
-                zip_info.filename = zip_info.filename.split('/', maxsplit=1)[1]
-
-            print_api(f'Extracting: {zip_info.filename}', **print_kwargs)
-
-            # Extract current file from the archive using 'zip_info' of the current file with 'filename' that we
-            # updated under specified parameters to specified directory.
-            zip_object.extract(zip_info, extract_directory)
-
-            # === Change the date and time of extracted file from current time to the time specified in 'zip_info'.
-            # Get full path to extracted file.
-            extracted_file_path: str = extract_directory + os.sep + zip_info.filename
-            # Create needed datetime object with original archived datetime from 'zip_info.date_time'.
-            date_time = time.mktime(zip_info.date_time + (0, 0, -1))
-            # Using 'os' library, changed the datetime of the file to the object created in previous step.
-            os.utime(extracted_file_path, (date_time, date_time))
-    print_api('Extraction done.', color="green", **print_kwargs)
-
-    return extract_directory
-
-
-def get_file_list_from_zip(file_path: str) -> list:
-    """
-    Function returns the list of file names and their relative directories inside the zip file.
-    :param file_path: string, full path to the zip file.
-    :return: list of strings.
-    """
-
-    with zipfile.ZipFile(file_path, 'r') as zip_object:
-        return zip_object.namelist()
-
-
-# def search_file_in_zip(
-#         file_path: str = None,
-#         file_bytes: bytes = None,
-#         file_names_to_search: list[str] = None,
-#         case_sensitive: bool = True,
-#         return_first_only: bool = False,
-#         return_empty_list_per_file_name: bool = False,
-#         recursive: bool = False,
-#         callback_functions: list = None,
-#         extract_file_to_path: str = None
-# ) -> dict[str, list[bytes]]:
-#     """
-#     Function searches for the file names inside the zip file and returns a dictionary where the keys are the
-#     names of the callback functions and the values are lists of found file bytes.
-#     :param file_path: string, full path to the zip file.
-#     :param file_bytes: bytes, the bytes of the zip file.
-#     :param file_names_to_search: list of strings, the names of the files to search.
-#     :param case_sensitive: boolean, default is 'True'. Determines if file name search should be case sensitive.
-#     :param return_first_only: boolean, default is 'False'. Return only the first found file for each file name.
-#     :param return_empty_list_per_file_name: boolean, default is 'False'.
-#         True: Return empty list for each file name that wasn't found.
-#         False: Don't return empty list for each file name that wasn't found.
-#     :param recursive: boolean, default is 'False'. If True, search for file names recursively in nested zip files.
-#     :param callback_functions: list of callables, default is None. Each function takes a file name and should return a
-#         boolean that will tell the main function if this file is 'found' or not.
-#     :param extract_file_to_path: string, full path to the directory where the found files should be extracted.
-#     :return: dictionary of lists of bytes.
-#     """
-#
-#     def get_unique_filename(directory, filename):
-#         """
-#         Generates a unique filename by appending a number if the file already exists.
-#         """
-#         name, ext = os.path.splitext(filename)
-#         counter = 1
-#         unique_filename = filename
-#         while os.path.exists(os.path.join(directory, unique_filename)):
-#             unique_filename = f"{name}_{counter}{ext}"
-#             counter += 1
-#         return unique_filename
-#
-#     def is_zip_file(file, zip_obj):
-#         try:
-#             with zip_obj.open(file) as file_data:
-#                 with zipfile.ZipFile(BytesIO(file_data.read())) as zip_file:
-#                     if zip_file.testzip() is None:  # No errors found
-#                         return True
-#         except zipfile.BadZipFile:
-#             return False
-#         return False
-#
-#     def match_file_name(target, current):
-#         if case_sensitive:
-#             return current.endswith(target)
-#         else:
-#             return current.lower().endswith(target.lower())
-#
-#     def search_in_zip(zip_obj, file_names, results, found_set):
-#         for item in zip_obj.infolist():
-#             if item.filename.endswith('/'):  # Skip directories
-#                 continue
-#             is_nested_zip = recursive and is_zip_file(item.filename, zip_obj)
-#
-#             with zip_obj.open(item) as file_data:
-#                 archived_file_bytes = file_data.read()
-#
-#                 # This is needed to know if the file should be extracted to directory or not.
-#                 should_extract = False
-#
-#                 name_matched = False
-#                 if file_names is not None:
-#                     name_matched = any(match_file_name(file_name, item.filename) for file_name in file_names)
-#                     if name_matched:
-#                         should_extract = True
-#
-#                 callback_matched = False
-#                 if callback_functions:
-#                     for callback in callback_functions:
-#                         callback_result = callback(archived_file_bytes)
-#                         if callback_result:
-#                             callback_matched = True
-#                             # Initialize key for callback function name if not present
-#                             if callback.__name__ not in results:
-#                                 results[callback.__name__] = []
-#                             file_info = {
-#                                 'bytes': archived_file_bytes,
-#                                 'name': item.filename,
-#                                 'size': item.file_size,
-#                                 'modified_time': item.date_time
-#                             }
-#                             results[callback.__name__].append(file_info)
-#                             if return_first_only:
-#                                 found_set.add(item.filename)
-#
-#                             should_extract = True
-#                             break  # Stop checking other callbacks if one has found it
-#
-#                 if should_extract and extract_file_to_path:
-#                     unique_filename = get_unique_filename(extract_file_to_path, os.path.basename(item.filename))
-#                     with open(os.path.join(extract_file_to_path, unique_filename), 'wb') as f:
-#                         f.write(archived_file_bytes)
-#
-#                 if not callback_matched:
-#                     if is_nested_zip:
-#                         # If the file is a nested ZIP and hasn't matched a callback, search recursively
-#                         nested_zip_bytes = BytesIO(archived_file_bytes)
-#                         with zipfile.ZipFile(nested_zip_bytes) as nested_zip:
-#                             search_in_zip(nested_zip, file_names, results, found_set)
-#                     elif name_matched:
-#                         # Handle name match when no callbacks are provided or no callback matched
-#                         if item.filename not in results:
-#                             results[item.filename] = []
-#                         file_info = {
-#                             'bytes': archived_file_bytes,
-#                             'name': item.filename,
-#                             'size': item.file_size,
-#                             'modified_time': item.date_time
-#                         }
-#                         results[item.filename].append(file_info)
-#                         if return_first_only:
-#                             found_set.add(item.filename)  # Mark as found
-#
-#                 if file_names is not None and len(found_set) == len(file_names):
-#                     return  # All files found, stop searching
-#
-#     if file_names_to_search is None and callback_functions is None:
-#         raise ValueError("Either file_names_to_search or callback_functions must be provided.")
-#
-#     # Initialize results dictionary.
-#     if callback_functions:
-#         results = {callback.__name__: [] for callback in callback_functions}
-#     else:
-#         results = {}
-#
-#     found_set = set()
-#     if file_bytes is not None:
-#         with zipfile.ZipFile(BytesIO(file_bytes), 'r') as zip_ref:
-#             search_in_zip(zip_ref, file_names_to_search, results, found_set)
-#     elif file_path is not None:
-#         with zipfile.ZipFile(file_path, 'r') as zip_ref:
-#             search_in_zip(zip_ref, file_names_to_search, results, found_set)
-#     else:
-#         raise ValueError("Either file_path or file_bytes must be provided.")
-#
-#     if not return_empty_list_per_file_name:
-#         # Filter out keys with empty lists
-#         results = {key: value for key, value in results.items() if value}
-#
-#     return results

atomicshop/etw/dns_trace.py

@@ -1,118 +0,0 @@
-from . import etw
-from .. import dns
-from ..wrappers.psutilw import psutilw
-from ..basics import dicts
-from ..process_poller import ProcessPollerPool
-
-
-class DnsTrace:
-    def __init__(self, enable_process_poller: bool = False, attrs: list = None):
-        """
-        DnsTrace class use to trace DNS events from Windows Event Tracing for EventId 3008.
-
-        :param enable_process_poller: Boolean to enable process poller. Gets the process PID, Name and CommandLine,
-            every 100 ms. Since the DNS events doesn't contain the process name and command line, only PID.
-            Then DNS events will be enriched with the process name and command line from the process poller.
-        :param attrs: List of attributes to return. If None, all attributes will be returned.
-        """
-
-        self.enable_process_poller = enable_process_poller
-        self.attrs = attrs
-
-        self.event_trace = etw.EventTrace(
-            [(dns.ETW_DNS_INFO['provider_name'], dns.ETW_DNS_INFO['provider_guid'])],
-            # lambda x: self.event_queue.put(x),
-            event_id_filters=[dns.ETW_DNS_INFO['event_id']]
-        )
-
-        if self.enable_process_poller:
-            self.process_poller = ProcessPollerPool(store_cycles=200, operation='process', poller_method='process_dll')
-
-    def start(self):
-        if self.enable_process_poller:
-            self.process_poller.start()
-
-        self.event_trace.start()
-
-    def stop(self):
-        self.event_trace.stop()
-
-        if self.enable_process_poller:
-            self.process_poller.stop()
-
-    def emit(self):
-        """
-        Function that will return the next event from the queue.
-        The queue is blocking, so if there is no event in the queue, the function will wait until there is one.
-
-        Usage Example:
-            while True:
-                dns_dict = dns_trace.emit()
-                print(dns_dict)
-
-        :return: Dictionary with the event data.
-        """
-
-        event = self.event_trace.emit()
-
-        event_dict: dict = {
-            'pid': event[1]['EventHeader']['ProcessId'],
-            'etw_id': event[0],
-            'domain': event[1]['QueryName'],
-            'query_type_id': str(event[1]['QueryType']),
-            'query_type': dns.TYPES_DICT[str(event[1]['QueryType'])]
-        }
-
-        # # Get process name only from psutil, just in case.
-        # try:
-        #     process_name = psutilw.get_process_name_by_pid(event_dict['pid'])
-        # except psutil.NoSuchProcess:
-        #     process_name = str(event_dict['pid'])
-
-        # Defining list if ips and other answers, which aren't IPs.
-        list_of_ips = list()
-        list_of_other_domains = list()
-        # Parse DNS results, only if 'QueryResults' key isn't empty, since many of the events are, mostly due errors.
-        if event[1]['QueryResults']:
-            # 'QueryResults' key contains a string with all the 'Answers' divided by type and ';' character.
-            # Basically, we can parse each type out of string, but we need only IPs and other answers.
-            list_of_parameters = event[1]['QueryResults'].split(';')
-
-            # Iterating through all the parameters that we got from 'QueryResults' key.
-            for parameter in list_of_parameters:
-                # If 'type' string is present it means that entry is a domain;
-                if 'type' in parameter:
-                    # Remove the 'type' string and get the domain name.
-                    current_iteration_parameter = parameter.rsplit(' ', maxsplit=1)[1]
-                    # Add the variable to the list of other answers.
-                    list_of_other_domains.append(current_iteration_parameter)
-                # If 'type' string is not present it means that entry is an IP.
-                else:
-                    # Sometimes the last parameter in the 'QueryResults' key after ';' character will be empty, skip it.
-                    if parameter:
-                        list_of_ips.append(parameter)
-
-        event_dict['ips'] = list_of_ips
-        event_dict['other_domains'] = list_of_other_domains
-
-        # Getting the 'QueryStatus' key.
-        event_dict['status_id'] = event[1]['QueryStatus']
-
-        # Getting the 'QueryStatus' key. If DNS Query Status is '0' then it was executed successfully.
-        # And if not, it means there was an error. The 'QueryStatus' indicate what number of an error it is.
-        if event[1]['QueryStatus'] == '0':
-            event_dict['status'] = 'Success'
-        else:
-            event_dict['status'] = 'Error'
-
-        if self.enable_process_poller:
-            event_dict = psutilw.cross_single_connection_with_processes(event_dict, self.process_poller.processes)
-            # If it was impossible to get the process name from the process poller, get it from psutil.
-            # if event_dict['name'].isnumeric():
-            #     event_dict['name'] = process_name
-
-        if self.attrs:
-            event_dict = dicts.reorder_keys(
-                event_dict, self.attrs, skip_keys_not_in_list=True)
-
-        return event_dict

atomicshop/etw/etw.py

@@ -1,61 +0,0 @@
-import queue
-
-# Import FireEye Event Tracing library.
-import etw
-
-
-class EventTrace(etw.ETW):
-    def __init__(self, providers: list, event_callback=None, event_id_filters: list = None):
-        """
-        :param providers: List of tuples with provider name and provider GUID.
-            tuple[0] = provider name
-            tuple[1] = provider GUID
-        :param event_callback: Reference to the callable callback function that will be called for each occurring event.
-        :param event_id_filters: List of event IDs that we want to filter. If not provided, all events will be returned.
-            The default in the 'etw.ETW' method is 'None'.
-        """
-        self.event_queue = queue.Queue()
-
-        # If no callback function is provided, we will use the default one, which will put the event in the queue.
-        if not event_callback:
-            function_callable = lambda x: self.event_queue.put(x)
-        # If a callback function is provided, we will use it.
-        else:
-            function_callable = lambda x: event_callback(x)
-
-        # Defining the list of specified ETW providers in 'etw' library format.
-        etw_format_providers: list = list()
-        for provider in providers:
-            etw_format_providers.append(etw.ProviderInfo(provider[0], etw.GUID(provider[1])))
-
-        super().__init__(
-            providers=etw_format_providers, event_callback=function_callable, event_id_filters=event_id_filters)
-
-    def start(self):
-        try:
-            super().start()
-        except OSError as e:
-            raise OSError(f"PyWinTrace Error: {e}\n"
-                          f"PyWinTrace crashed, didn't find solution to this, RESTART computer.")
-
-    def stop(self):
-        super().stop()
-
-    def emit(self):
-        """
-        The Function will return the next event from the queue.
-        The queue is blocking, so if there is no event in the queue, the function will wait until there is one.
-
-        Usage Example:
-            while True:
-                dns_dict = dns_trace.emit()
-                print(dns_dict)
-
-        event object:
-            event[0]: is the event ID. Example: for DNS Tracing, it is event id 3008.
-            event[1]: contains a dictionary with all the event's parameters.
-
-        :return: etw event object.
-        """
-
-        return self.event_queue.get()

atomicshop/file_types.py

@@ -1,24 +0,0 @@
-from typing import Union
-
-import magic
-
-
-def get_mime_type(file_object: Union[str, bytes]):
-    """
-    Determine the MIME type of the given input.
-    The input can be a file path (string) or a bytes object.
-
-    :param file_object: File path as a string or bytes object.
-    :return: MIME type as a string.
-    """
-    mime = magic.Magic(mime=True)
-
-    # Check if input is a file path (str) or bytes
-    if isinstance(file_object, str):
-        # Assuming input_data is a file path
-        return mime.from_file(file_object)
-    elif isinstance(file_object, bytes):
-        # Assuming input_data is bytes
-        return mime.from_buffer(file_object)
-    else:
-        raise TypeError("Input must be a file path (str) or bytes object.")

atomicshop/mitm/engines/create_module_template_example.py

@@ -1,13 +0,0 @@
-engine_name = '_example'
-domains = ['example.com']
-# This script should be in 'engines' folder.
-
-
-# === Create template from above settings. ===
-# Get current file directory, should be the 'engines' directory.
-# noinspection PyPep8
-from atomicshop import filesystem
-engines_path = filesystem.get_working_directory()
-# Create the template.
-from atomicshop.mitm.engines.create_module_template import CreateModuleTemplate
-CreateModuleTemplate(engine_name, domains, engines_path)