Update Scanner class to provide options to init(), update scanners to…

… include updated init()

src/python/strelka/scanners/scan_antiword.py

@@ -12,6 +12,9 @@ class ScanAntiword(strelka.Scanner):
             Defaults to '/tmp/'.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         tmp_directory = options.get("tmp_directory", "/tmp/")
 

src/python/strelka/scanners/scan_base64.py

@@ -6,6 +6,9 @@
 class ScanBase64(strelka.Scanner):
     """Decodes base64-encoded file."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         decoded = base64.b64decode(data)
 

src/python/strelka/scanners/scan_base64_pe.py

@@ -8,6 +8,9 @@
 class ScanBase64PE(strelka.Scanner):
     """Decodes base64-encoded file."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         with io.BytesIO(data) as encoded_file:
             extract_data = b""

src/python/strelka/scanners/scan_batch.py

@@ -13,7 +13,7 @@ class ScanBatch(strelka.Scanner):
         lexer: Pygments lexer ('batch') used to parse the file.
     """
 
-    def init(self):
+    def init(self, options):
         self.lexer = lexers.get_lexer_by_name("batch")
 
     def scan(self, data, file, options, expire_at):

src/python/strelka/scanners/scan_bmp_eof.py

@@ -7,6 +7,9 @@ class ScanBmpEof(strelka.Scanner):
     the expected marker.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         expectedSize = int.from_bytes(data[2:6], "little")
         actualSize = len(data)

src/python/strelka/scanners/scan_bzip2.py

@@ -7,6 +7,9 @@
 class ScanBzip2(strelka.Scanner):
     """Decompresses bzip2 files."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         with io.BytesIO(data) as bzip2_io:
             with bz2.BZ2File(filename=bzip2_io) as bzip2_obj:

src/python/strelka/scanners/scan_ccn.py

@@ -22,6 +22,9 @@ def digits_of(n):
     def is_luhn_valid(self, card_number):
         return self.luhn_checksum(card_number) == 0
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         # re_amex = re.compile(rb"[^0-9](3[47][0-9]{13})[^0-9]")
         # re_disc = re.compile(rb"[^0-9](6[0-9]{15})[^0-9]")

src/python/strelka/scanners/scan_cuckoo.py

@@ -33,7 +33,7 @@ class ScanCuckoo(strelka.Scanner):
         password: See description above.
     """
 
-    def init(self):
+    def init(self, options):
         self.username = None
         self.password = None
         self.auth_check = False

src/python/strelka/scanners/scan_delay.py

@@ -6,6 +6,9 @@
 class ScanDelay(strelka.Scanner):
     """Delays scanner execution."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         delay = options.get("delay", 5.0)
 

src/python/strelka/scanners/scan_dmg.py

@@ -13,6 +13,9 @@ class ScanDmg(strelka.Scanner):
 
     EXCLUDED_ROOT_DIRS = ["[SYSTEM]"]
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         file_limit = options.get("limit", 1000)
         tmp_directory = options.get("tmp_file_directory", "/tmp/")

src/python/strelka/scanners/scan_docx.py

@@ -16,6 +16,9 @@ class ScanDocx(strelka.Scanner):
             Defaults to False.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         extract_text = options.get("extract_text", False)
         with io.BytesIO(data) as docx_io:
@@ -30,17 +33,17 @@ def scan(self, data, file, options, expire_at):
                 self.event["identifier"] = docx_doc.core_properties.identifier
                 self.event["keywords"] = docx_doc.core_properties.keywords
                 self.event["language"] = docx_doc.core_properties.language
-                self.event["last_modified_by"] = (
-                    docx_doc.core_properties.last_modified_by
-                )
+                self.event[
+                    "last_modified_by"
+                ] = docx_doc.core_properties.last_modified_by
                 if docx_doc.core_properties.last_printed is not None:
-                    self.event["last_printed"] = (
-                        docx_doc.core_properties.last_printed.isoformat()
-                    )
+                    self.event[
+                        "last_printed"
+                    ] = docx_doc.core_properties.last_printed.isoformat()
                 if docx_doc.core_properties.modified is not None:
-                    self.event["modified"] = (
-                        docx_doc.core_properties.modified.isoformat()
-                    )
+                    self.event[
+                        "modified"
+                    ] = docx_doc.core_properties.modified.isoformat()
                 self.event["revision"] = docx_doc.core_properties.revision
                 self.event["subject"] = docx_doc.core_properties.subject
                 self.event["title"] = docx_doc.core_properties.title

src/python/strelka/scanners/scan_donut.py

@@ -10,6 +10,9 @@
 class ScanDonut(strelka.Scanner):
     """Extracts configs and modules from donut payloads"""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         tmp_directory = options.get("tmp_directory", "/tmp/")
 

src/python/strelka/scanners/scan_elf.py

@@ -9,6 +9,9 @@
 class ScanElf(strelka.Scanner):
     """Collects metadata from ELF files."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         elf = ELF.parse(raw=list(data))
 

src/python/strelka/scanners/scan_email.py

@@ -32,6 +32,9 @@ class ScanEmail(strelka.Scanner):
     including inline images.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         """
         Processes the email, extracts metadata and attachments, and optionally generates a thumbnail.

src/python/strelka/scanners/scan_encrypted_doc.py

@@ -119,6 +119,9 @@ class ScanEncryptedDoc(strelka.Scanner):
                     Defaults to /etc/strelka/passwords.dat.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         jtr_path = options.get("jtr_path", "/jtr/")
         tmp_directory = options.get("tmp_file_directory", "/tmp/")

src/python/strelka/scanners/scan_encrypted_zip.py

@@ -109,6 +109,9 @@ class ScanEncryptedZip(strelka.Scanner):
                                     Defaults to /etc/strelka/passwords.dat.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         jtr_path = options.get("jtr_path", "/jtr/")
         tmp_directory = options.get("tmp_file_directory", "/tmp/")

src/python/strelka/scanners/scan_entropy.py

@@ -6,5 +6,8 @@
 class ScanEntropy(strelka.Scanner):
     """Calculates entropy of files."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         self.event["entropy"] = entropy.shannon_entropy(data)

src/python/strelka/scanners/scan_exception.py

@@ -14,7 +14,7 @@ class ScanException(strelka.Scanner):
             Defaults to 0 (unlimited).
     """
 
-    def init(self):
+    def init(self, options):
         pass
 
     def scan(self, data, file, options, expire_at):

src/python/strelka/scanners/scan_exiftool.py

@@ -16,6 +16,9 @@ class ScanExiftool(strelka.Scanner):
             Defaults to '/tmp/'.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         tmp_directory = options.get("tmp_directory", "/tmp/")
 

src/python/strelka/scanners/scan_falcon_sandbox.py

@@ -38,7 +38,7 @@ class ScanFalconSandbox(strelka.Scanner):
             Defaults to [100]
     """
 
-    def init(self):
+    def init(self, options):
         self.api_key = None
         self.api_secret = None
         self.server = ""

src/python/strelka/scanners/scan_footer.py

@@ -12,6 +12,9 @@ class ScanFooter(strelka.Scanner):
         encodings: List of which fields/encodings should be emitted, one of classic, raw, hex, backslash
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         length = options.get("length", 50)
         encodings = options.get("encodings", ["classic"])

src/python/strelka/scanners/scan_gif.py

@@ -7,6 +7,9 @@ class ScanGif(strelka.Scanner):
     This scanner extracts data that is inserted past the GIF trailer.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         if not data.endswith(b"\x00\x3b"):
             trailer_index = data.rfind(b"\x00\x3b")

src/python/strelka/scanners/scan_gzip.py

@@ -8,6 +8,9 @@
 class ScanGzip(strelka.Scanner):
     """Decompresses gzip files."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         try:
             with io.BytesIO(data) as gzip_io:

src/python/strelka/scanners/scan_hash.py

@@ -9,6 +9,9 @@
 class ScanHash(strelka.Scanner):
     """Calculates file hash values."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         self.event["md5"] = md5(data).hexdigest()
         self.event["sha1"] = sha1(data).hexdigest()

src/python/strelka/scanners/scan_header.py

@@ -12,6 +12,9 @@ class ScanHeader(strelka.Scanner):
         encodings: List of which fields/encodings should be emitted, one of classic, raw, hex, backslash
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         length = options.get("length", 50)
         encodings = options.get("encodings", ["classic"])

src/python/strelka/scanners/scan_html.py

@@ -15,6 +15,9 @@ class ScanHtml(strelka.Scanner):
             Defaults to 'html.parser'.
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         parser = options.get("parser", "html.parser")
         max_hyperlinks = options.get("max_hyperlinks", 50)

src/python/strelka/scanners/scan_ini.py

@@ -4,6 +4,9 @@
 class ScanIni(strelka.Scanner):
     """Parses keys from INI files."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         self.event["comments"] = []
         self.event["keys"] = []

src/python/strelka/scanners/scan_iqy.py

@@ -19,6 +19,9 @@ class ScanIqy(strelka.Scanner):
     Reference for IQY file format: https://learn.microsoft.com/en-us/office/vba/api/excel.querytable
     """
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         """
         Processes the provided IQY data to extract URLs.

src/python/strelka/scanners/scan_iso.py

@@ -11,6 +11,9 @@
 class ScanIso(strelka.Scanner):
     """Extracts files from ISO files."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         file_limit = options.get("limit", 1000)
 
@@ -27,19 +30,19 @@ def scan(self, data, file, options, expire_at):
 
                 # Attempt to get Meta
                 try:
-                    self.event["meta"]["date_created"] = (
-                        self._datetime_from_volume_date(iso.pvd.volume_creation_date)
-                    )
-                    self.event["meta"]["date_effective"] = (
-                        self._datetime_from_volume_date(iso.pvd.volume_effective_date)
-                    )
-                    self.event["meta"]["date_expiration"] = (
-                        self._datetime_from_volume_date(iso.pvd.volume_expiration_date)
-                    )
-                    self.event["meta"]["date_modification"] = (
-                        self._datetime_from_volume_date(
-                            iso.pvd.volume_modification_date
-                        )
+                    self.event["meta"][
+                        "date_created"
+                    ] = self._datetime_from_volume_date(iso.pvd.volume_creation_date)
+                    self.event["meta"][
+                        "date_effective"
+                    ] = self._datetime_from_volume_date(iso.pvd.volume_effective_date)
+                    self.event["meta"][
+                        "date_expiration"
+                    ] = self._datetime_from_volume_date(iso.pvd.volume_expiration_date)
+                    self.event["meta"][
+                        "date_modification"
+                    ] = self._datetime_from_volume_date(
+                        iso.pvd.volume_modification_date
                     )
                     self.event["meta"][
                         "volume_identifier"

src/python/strelka/scanners/scan_jar_manifest.py

@@ -6,6 +6,9 @@
 class ScanJarManifest(strelka.Scanner):
     """Collects metadata from JAR manifest files."""
 
+    def init(self, options):
+        pass
+
     def scan(self, data, file, options, expire_at):
         headers = options.get("headers", [])