37 lines
1.2 KiB
Python
37 lines
1.2 KiB
Python
from os import path
|
|
from flask import Blueprint, request, jsonify, abort
|
|
from werkzeug.utils import secure_filename
|
|
import config
|
|
import oletools.olevba
|
|
|
|
olevba_bp = Blueprint('olevba', __name__)
|
|
|
|
@olevba_bp.route('/analyze', methods=['GET'])
|
|
def analyze_vba():
|
|
file = secure_filename(request.args.get('file', ''))
|
|
if file == '':
|
|
abort(400)
|
|
filepath = path.join(config.Config.FILE_DIRECTORY, file)
|
|
|
|
# Analyze with olevba
|
|
vbaparser = oletools.olevba.VBA_Parser(filename=filepath, relaxed=True)
|
|
stomping = vbaparser.detect_vba_stomping()
|
|
results = vbaparser.analyze_macros(show_decoded_strings=True, deobfuscate=True)
|
|
macros = vbaparser.extract_all_macros()
|
|
forms = vbaparser.find_vba_forms()
|
|
nb_macros = vbaparser.nb_macros
|
|
nb_autoexec = vbaparser.nb_autoexec
|
|
nb_iocs = vbaparser.nb_iocs
|
|
nb_suspicious = vbaparser.nb_suspicious
|
|
|
|
vbaparser.close()
|
|
return jsonify({
|
|
"results": results,
|
|
"stomping": stomping,
|
|
"macros": macros,
|
|
"forms": forms,
|
|
"nb_macros": nb_macros,
|
|
"nb_autoexec": nb_autoexec,
|
|
"nb_iocs": nb_iocs,
|
|
"nb_suspicious": nb_suspicious
|
|
})
|