From 5db93403df815e820bcd7a3ebe39370399154d68 Mon Sep 17 00:00:00 2001 From: Ryan O'Horo <10855297+ryanohoro@users.noreply.github.com> Date: Thu, 19 Jan 2023 22:48:14 -0600 Subject: [PATCH 1/2] Type hint --- .../strelka/tests_configuration/test_scanner_assignment.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/python/strelka/tests_configuration/test_scanner_assignment.py b/src/python/strelka/tests_configuration/test_scanner_assignment.py index f56566c9..cbd660eb 100644 --- a/src/python/strelka/tests_configuration/test_scanner_assignment.py +++ b/src/python/strelka/tests_configuration/test_scanner_assignment.py @@ -8,7 +8,7 @@ from strelka import strelka # Scanners that apply to all files (*) are not included -test_assignments_expected = { +test_assignments_expected: dict = { "test.7z": ["ScanLibarchive"], "test.b64": ["ScanUrl"], "test.bat": ["ScanBatch"], From df29ace72c7b1a556565beec1c4a0e62ffac5d70 Mon Sep 17 00:00:00 2001 From: Ryan O'Horo <10855297+ryanohoro@users.noreply.github.com> Date: Fri, 20 Jan 2023 10:07:28 -0600 Subject: [PATCH 2/2] New flag for missing wordlist, update test wordlist dir, update tastes/assignments for 7zip --- src/python/strelka/scanners/common/__init__.py | 0 src/python/strelka/scanners/common/password_cracking.py | 2 ++ src/python/strelka/tests/test_scan_seven_zip.py | 4 ++-- .../strelka/tests_configuration/test_scanner_assignment.py | 5 ++++- src/python/strelka/tests_configuration/test_taste.py | 3 +++ 5 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 src/python/strelka/scanners/common/__init__.py diff --git a/src/python/strelka/scanners/common/__init__.py b/src/python/strelka/scanners/common/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/src/python/strelka/scanners/common/password_cracking.py b/src/python/strelka/scanners/common/password_cracking.py index 12f12877..633fa441 100644 --- a/src/python/strelka/scanners/common/password_cracking.py +++ b/src/python/strelka/scanners/common/password_cracking.py @@ -128,6 +128,8 @@ def crack_john( if match := re_password.match(line): self.flags.append("cracked_by_wordlist") return match.group("password") + else: + self.flags.append("wordlist_file_missing") if brute: self.flags.append("incremental") diff --git a/src/python/strelka/tests/test_scan_seven_zip.py b/src/python/strelka/tests/test_scan_seven_zip.py index ef5c819e..6c9c8610 100644 --- a/src/python/strelka/tests/test_scan_seven_zip.py +++ b/src/python/strelka/tests/test_scan_seven_zip.py @@ -95,7 +95,7 @@ def test_scan_sevenzip_wordlist(mocker): options={ "log_pws": True, "password_file": str( - Path(Path(__file__).parent / "fixtures/test_passwords.dat") + Path(Path(__file__).parent / "helpers/test_passwords.dat") ), }, ) @@ -148,7 +148,7 @@ def test_scan_sevenzip_wordlist_filenames(mocker): options={ "log_pws": True, "password_file": str( - Path(Path(__file__).parent / "fixtures/test_passwords.dat") + Path(Path(__file__).parent / "helpers/test_passwords.dat") ), }, ) diff --git a/src/python/strelka/tests_configuration/test_scanner_assignment.py b/src/python/strelka/tests_configuration/test_scanner_assignment.py index cbd660eb..958a7c35 100644 --- a/src/python/strelka/tests_configuration/test_scanner_assignment.py +++ b/src/python/strelka/tests_configuration/test_scanner_assignment.py @@ -9,7 +9,7 @@ # Scanners that apply to all files (*) are not included test_assignments_expected: dict = { - "test.7z": ["ScanLibarchive"], + "test.7z": ["ScanSevenZip"], "test.b64": ["ScanUrl"], "test.bat": ["ScanBatch"], "test.bz2": ["ScanBzip2"], @@ -96,6 +96,7 @@ ], "test_lzx.cab": ["ScanLibarchive"], "test_manifest.json": ["ScanJson", "ScanManifest"], + "test_password.7z": ["ScanSevenZip"], "test_password.doc": ["ScanEncryptedZip", "ScanExiftool", "ScanOle", "ScanVba"], "test_password.docx": [ "ScanEncryptedDoc", @@ -103,6 +104,7 @@ "ScanOle", "ScanVba", ], + "test_password_brute.7z": ["ScanSevenZip"], "test_password_brute.doc": [ "ScanEncryptedZip", "ScanExiftool", @@ -115,6 +117,7 @@ "ScanOle", "ScanVba", ], + "test_password_filenames.7z": ["ScanSevenZip"], "test_pe.b64": ["ScanBase64PE", "ScanUrl"], "test_pe_object.doc": [ "ScanEncryptedZip", diff --git a/src/python/strelka/tests_configuration/test_taste.py b/src/python/strelka/tests_configuration/test_taste.py index 60eae89f..d4f9d6a5 100644 --- a/src/python/strelka/tests_configuration/test_taste.py +++ b/src/python/strelka/tests_configuration/test_taste.py @@ -82,16 +82,19 @@ "mime": ["application/json"], "yara": ["browser_manifest", "json_file"], }, + "test_password.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]}, "test_password.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]}, "test_password.docx": { "mime": ["application/encrypted"], "yara": ["encrypted_word_document", "olecf_file"], }, + "test_password_brute.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]}, "test_password_brute.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]}, "test_password_brute.docx": { "mime": ["application/encrypted"], "yara": ["encrypted_word_document", "olecf_file"], }, + "test_password_filenames.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]}, "test_pe.b64": {"mime": ["text/plain"], "yara": ["base64_pe"]}, "test_pe_object.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]}, "test_pe_object_classic.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]},