Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Tree: 16df8c626e
Fetching contributors…

Cannot retrieve contributors at this time

executable file 177 lines (141 sloc) 4.59 kB
#!/usr/bin/env ruby
# Copyright (C) 2013 marco riccardi.
# This file is part of Dorothy - http://www.honeynet.it/dorothy
# See the file 'LICENSE' for copying permission.
require 'rubygems'
require 'trollop'
require 'dorothy2' #comment for testing/developmnet
#load '../lib/dorothy2.rb' #uncomment for testing/developmnet
include Dorothy
opts = Trollop.options do
banner <<-EOS
####################################################
## ##
## The Dorothy Malware Analysis Framework 2.0 ##
## ##
####################################################
marco.riccardi@honeynet.it
www.honeynet.it/dorothy
Usage:
dorothy_start [options]
where [options] are:
EOS
opt :verbose, "Enable verbose mode"
opt :infoflow, "Print the analysis flow"
opt :source, "Choose a source (from the ones defined in etc/sources.yml)", :type => :string
opt :daemon, "Stay in the backround, by constantly pooling datasources"
opt :SandboxUpdate, "Update Dorothive with the new Sandbox file"
opt :DorothiveInit, "(RE)Install the Dorothy Database (Dorothive)"
end
if opts[:infoflow]
puts "
The Dorothy Malware Analysis Framework 2.0
---------------Execution Flow-------------
#0) Fetch new malwares
#1) Start VM
#2) Copy File to VM
#3) Start Sniffer
#4) Execute file into VM
#5) Make screenshot
#6) Wait X minutes (configure X in the conf file)
#7) Stop Sniffer
#8) Download Screenshot and trafficdump
#9) Try to retreive malware info from VirusTotal
#10) Insert data into Dorothy-DB
------------------------------------------
"
exit(0)
end
puts "
####################################################
## ##
## The Dorothy Malware Analysis Framework 2.0 ##
## ##
####################################################
"
#VARS
HOME = File.expand_path("..",File.dirname(__FILE__))
VERBOSE = (opts[:verbose] ? true : false)
daemon = (opts[:daemon] ? true : false)
#DEFAULT CONF FILES
#conf = HOME + '/etc/dorothy.yml'
conf = "#{File.expand_path("~")}/.dorothy.yml"
#LOAD ENV
if Util.exists?(conf)
DoroSettings.load!(conf)
else
DoroConfig.create
exit(0)
end
#Logging
logout = (daemon ? DoroSettings.env[:logfile] : STDOUT)
LOGGER = DoroLogger.new(logout, DoroSettings.env[:logage])
LOGGER.sev_threshold = DoroSettings.env[:loglevel]
home = DoroSettings.env[:home]
#check homefolder
unless Util.exists?(home)
DoroConfig.init_home(home)
end
sfile = home + '/etc/sources.yml'
sboxfile = home + '/etc/sandboxes.yml'
#INIT DB Connector
begin
db = Insertdb.new
rescue => e
if e.inspect =~ /exist/
puts "WARNING".yellow + " The database doesn't exist yet. Press Enter to load the ddl into the DB"
gets
Util.init_db(true)
exit(0)
else
puts "ERROR".red + " Can't connect to the database"
puts e
exit(0)
end
end
if opts[:DorothiveInit]
Util.init_db
exit(0)
end
if opts[:SandboxUpdate]
puts "[Dorothy]".yellow + " Loading #{sboxfile} into Dorothive"
DoroConfig.init_sandbox(sboxfile)
puts "[Dorothy]".yellow + " Done."
exit(0)
end
if Util.exists?(sfile)
sources = YAML.load_file(sfile)
#check if all the source directories exist
sources.keys.each do |s|
unless Util.exists?("#{sources[s]["localdir"]}")
LOGGER.warn "INIT", "Warning, the source's localdir #{s} doesn't exist yet, I'm going to create it"
Dir.mkdir("#{sources[s]["localdir"]}")
end
end
else
puts "[WARNING]".red + " A source file doesn't exist, please crate one into #{home}/etc. See the example file in #{HOME}/etc/sandboxes.yml.example"
exit(0)
end
unless Util.exists?(sboxfile)
puts "[WARNING]".red + " There is no sandbox configured yet. Please do it now."
DoroConfig.create_sandbox(sboxfile)
DoroConfig.init_sandbox(sboxfile)
end
#Check DB sandbox data
if db.table_empty?("sandboxes")
puts "[WARNING]".red + " No sandbox found in Dorothive, the DB will be filled with " + sboxfile
DoroConfig.init_sandbox(sboxfile)
end
if opts[:source] && !sources.key?(opts[:source])
puts "[WARNING]".red + " The selected source is not yet configured.\nThe available sources are: "
puts sources.keys
exit(0)
end
db.close
begin
Dorothy.start sources[opts[:source]], daemon
rescue => e
LOGGER.error "Dorothy", "An error occurred: " + $!
LOGGER.debug "Dorothy", "#{e.inspect} --BACKTRACE: #{e.backtrace}"
LOGGER.error "Dorothy", "Dorothy has been stopped"
end
Jump to Line
Something went wrong with that request. Please try again.