卡顿框架文件类型分类器
项目描述
卡顿服务分类器
卡顿框架的文件类型分类器。
示例入口点。对标记为 kind: raw 的样本进行分类,使其可供仅接收特定类型样本的子系统使用(例如 raw => runnable:win32:exe)
作者: CERT.pl
维护者: psrok1, msm, nazywam
消耗
{
"type": "sample",
"kind": "raw"
"payload": {
"magic": "output from 'file' command",
"sample": <Resource>
}
}
产生
{
"type": "sample",
"stage": "recognized",
"kind": "runnable" # Executable format default for OS platform
|| "document" # Office document
|| "archive" # Archive containing samples (zip, e-mails)
|| "dump" # Dump from sandbox
|| "script", # Script (js/vbs/bat...)
|| "misc", # No platform or extension
"platform": "win32"
|| "win64"
|| "linux"
|| "android",
|| "macos",
|| "freebsd",
|| "netbsd",
|| "openbsd",
|| "solaris",
"extension": "*", # Expected file extension
"mime": "*", # Expected file mimetype
... (other fields are derived from incoming task)
}
注意 输出的 mime 字段在不同 libmagic 版本之间可能不可确定,并可能根据您使用的版本而更改。我们不推荐创建直接监听它的消费者。
用法
首先,请确保您已设置核心系统: https://github.com/CERT-Polska/karton
然后从PyPi安装卡顿分类器
$ pip install karton-classifier
$ karton-classifier
关闭
karton_classifier-2.0.0-py3-none-any.whl 的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | d8fc78fa02a2e7212961862a91f614d668285ba5568b226e3ae604753095579c |
|
| MD5 | 7455322def3c61be0507cb4fd9f1735d |
|
| BLAKE2b-256 | 2453798c704249c5c57caf084e24bf3a5fd33d3ce5367f495dd8e134f566d731 |