forked from rabbott2018/cloudOneWorkloadSecurityDemo
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcloud_one_antimalware_test.py
More file actions
78 lines (54 loc) · 2.3 KB
/
cloud_one_antimalware_test.py
File metadata and controls
78 lines (54 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
from cloud_one_workload_security_demo_utils import sendheartbeat
import zipfile #importing zipfile module
import os
import urllib3
import urllib.request
import urllib.parse
from bs4 import BeautifulSoup
import random
import rarfile
def getfile(http):
files_url = "http://www.tekdefense.com/downloads/malware-samples/"
download_base_url = "http://www.tekdefense.com"
r = http.request('GET', files_url)
parsed_html = BeautifulSoup(r.data, 'html.parser')
tempList = parsed_html.body.find_all('h3', attrs={'class': 'title'})
linksDict = {}
for link in tempList:
linksDict.update({link.text: download_base_url + link.find('a').get("href")})
tempDict = {}
for link in linksDict.keys():
if ".exe.zip" not in link:
tempDict.update({link: linksDict[link]})
return random.choice(list(tempDict.items()))
# This is the anti-malware test
# It assumes that real-time antimalware is on the system
# It then attempts to download various versions of the eicar file
# If real-time anti-malware is on the system then these tests should trigger events
# The test will also perform a heartbeat to ensure the events get back to
# Cloud One Workload Security or Deep Security Manager
def antimalwaretest (operating_system):
userAgent = {'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15'}
http = urllib3.PoolManager(5, headers=userAgent)
file = getfile(http)
fileName = file[0]
fileUrl = file[1]
zipPassword = 'infected'
# Attempt to download the various eicar test files
print("---Running Anti-Malware Test---")
print("Downloading Malware -", fileUrl)
# Download file
urllib.request.urlretrieve(fileUrl, fileName)
if fileName.endswith ('.zip'):
with zipfile.ZipFile(fileName) as file:
file.extractall (pwd=bytes(zipPassword, 'utf-8'))
elif fileName.endswith ('.rar'):
with rarfile.Rarfile (file) as file:
fileName.extractall(pwd=zipPassword)
else:
print('pass')
#Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
os.remove (fileName)
# TODO: Needs cleanup of the extracted files
print ("Remove all Malware Files")