diff --git a/src/python/strelka/scanners/common/__init__.py b/src/python/strelka/scanners/common/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/src/python/strelka/scanners/common/password_cracking.py b/src/python/strelka/scanners/common/password_cracking.py index 12f12877..633fa441 100644 --- a/src/python/strelka/scanners/common/password_cracking.py +++ b/src/python/strelka/scanners/common/password_cracking.py @@ -128,6 +128,8 @@ def crack_john( if match := re_password.match(line): self.flags.append("cracked_by_wordlist") return match.group("password") + else: + self.flags.append("wordlist_file_missing") if brute: self.flags.append("incremental") diff --git a/src/python/strelka/tests/test_scan_seven_zip.py b/src/python/strelka/tests/test_scan_seven_zip.py index ef5c819e..6c9c8610 100644 --- a/src/python/strelka/tests/test_scan_seven_zip.py +++ b/src/python/strelka/tests/test_scan_seven_zip.py @@ -95,7 +95,7 @@ def test_scan_sevenzip_wordlist(mocker): options={ "log_pws": True, "password_file": str( - Path(Path(__file__).parent / "fixtures/test_passwords.dat") + Path(Path(__file__).parent / "helpers/test_passwords.dat") ), }, ) @@ -148,7 +148,7 @@ def test_scan_sevenzip_wordlist_filenames(mocker): options={ "log_pws": True, "password_file": str( - Path(Path(__file__).parent / "fixtures/test_passwords.dat") + Path(Path(__file__).parent / "helpers/test_passwords.dat") ), }, ) diff --git a/src/python/strelka/tests_configuration/test_scanner_assignment.py b/src/python/strelka/tests_configuration/test_scanner_assignment.py index f56566c9..958a7c35 100644 --- a/src/python/strelka/tests_configuration/test_scanner_assignment.py +++ b/src/python/strelka/tests_configuration/test_scanner_assignment.py @@ -8,8 +8,8 @@ from strelka import strelka # Scanners that apply to all files (*) are not included -test_assignments_expected = { - "test.7z": ["ScanLibarchive"], +test_assignments_expected: dict = { + "test.7z": ["ScanSevenZip"], "test.b64": ["ScanUrl"], "test.bat": ["ScanBatch"], "test.bz2": ["ScanBzip2"], @@ -96,6 +96,7 @@ ], "test_lzx.cab": ["ScanLibarchive"], "test_manifest.json": ["ScanJson", "ScanManifest"], + "test_password.7z": ["ScanSevenZip"], "test_password.doc": ["ScanEncryptedZip", "ScanExiftool", "ScanOle", "ScanVba"], "test_password.docx": [ "ScanEncryptedDoc", @@ -103,6 +104,7 @@ "ScanOle", "ScanVba", ], + "test_password_brute.7z": ["ScanSevenZip"], "test_password_brute.doc": [ "ScanEncryptedZip", "ScanExiftool", @@ -115,6 +117,7 @@ "ScanOle", "ScanVba", ], + "test_password_filenames.7z": ["ScanSevenZip"], "test_pe.b64": ["ScanBase64PE", "ScanUrl"], "test_pe_object.doc": [ "ScanEncryptedZip", diff --git a/src/python/strelka/tests_configuration/test_taste.py b/src/python/strelka/tests_configuration/test_taste.py index 60eae89f..d4f9d6a5 100644 --- a/src/python/strelka/tests_configuration/test_taste.py +++ b/src/python/strelka/tests_configuration/test_taste.py @@ -82,16 +82,19 @@ "mime": ["application/json"], "yara": ["browser_manifest", "json_file"], }, + "test_password.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]}, "test_password.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]}, "test_password.docx": { "mime": ["application/encrypted"], "yara": ["encrypted_word_document", "olecf_file"], }, + "test_password_brute.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]}, "test_password_brute.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]}, "test_password_brute.docx": { "mime": ["application/encrypted"], "yara": ["encrypted_word_document", "olecf_file"], }, + "test_password_filenames.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]}, "test_pe.b64": {"mime": ["text/plain"], "yara": ["base64_pe"]}, "test_pe_object.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]}, "test_pe_object_classic.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]},