diff --git a/Mrida/.vs/mrida/v15/.suo b/Mrida/.vs/mrida/v15/.suo
index 4e688f7..407e3ec 100644
Binary files a/Mrida/.vs/mrida/v15/.suo and b/Mrida/.vs/mrida/v15/.suo differ
diff --git a/Mrida/Mrida/Mrida.vcxproj.filters b/Mrida/Mrida/Mrida.vcxproj.filters
index 3794e49..18a2f24 100644
--- a/Mrida/Mrida/Mrida.vcxproj.filters
+++ b/Mrida/Mrida/Mrida.vcxproj.filters
@@ -144,7 +144,7 @@
Header Files\trend
- Header Files
+ Header Files\database
\ No newline at end of file
diff --git a/Mrida/Mrida/mrida.cpp b/Mrida/Mrida/mrida.cpp
index e8cb433..5e4bb16 100644
--- a/Mrida/Mrida/mrida.cpp
+++ b/Mrida/Mrida/mrida.cpp
@@ -226,7 +226,7 @@ int main(int argc, char** argv)
long min_size = std::stoll(req.get_param_value("min_size"));
long max_size = std::stoll(req.get_param_value("max_size"));
std::string type = req.get_param_value("type");
- trendcpp tlsh;
+ threat_database tlsh;
long id = tlsh.matching_hash_from_threat_db(tlsh_hash, type, min_size, max_size);
res.set_content(return_json(id), "application/json");
}
@@ -239,6 +239,21 @@ int main(int argc, char** argv)
res.set_content(send_success_response(), "application/json");
});
+ // Add threat
+ server.Post("/add_threat", [](const httplib::Request& req, httplib::Response& res) {
+ std::string threat_hash = req.get_param_value("hash");
+ std::string name = req.get_param_value("name");
+ unsigned long size = std::stol(req.get_param_value("size"));
+ std::string type = req.get_param_value("type");
+ threat_database database;
+ database.add_threat_to_database(threat_hash, name, size, type);
+ print_terminal_info();
+ set_terminal_color(CYAN);
+ std::cout << "ADDED HASH\n";
+ set_terminal_color();
+ res.set_content(send_success_response(), "application/json");
+ });
+
print_terminal_info();
std::cout << "Server started on: " << "127.0.0.1:" << 5660 << "\n";
server.listen("127.0.0.1", 5660);
diff --git a/Mrida/Mrida/threat_database.cpp b/Mrida/Mrida/threat_database.cpp
index 5ead1b6..96230a8 100644
--- a/Mrida/Mrida/threat_database.cpp
+++ b/Mrida/Mrida/threat_database.cpp
@@ -10,6 +10,7 @@
threat_database::threat_database()
{
+
}
@@ -92,3 +93,63 @@ void threat_database::refactor()
// Reset the terminal color to original
set_terminal_color();
}
+
+void threat_database::add_threat_to_database(std::string tlsh_hash, std::string threat_name, unsigned long file_size, std::string file_type)
+{
+ unsigned int file_type_id = mime_to_id(file_type);
+ try {
+ sqlite::database _threat_database("threat_db.db");
+ _threat_database << "create table if not exists threat(id unsigned bigint primary key, threat_hash text, threat_name text, threat_size unsigned int, threat_type unsigned int);";
+ unsigned long max_id = 0;
+ _threat_database << "select max(id) from threat" >> max_id;
+ max_id++;
+ _threat_database << "insert into threat(id, threat_hash, threat_name, threat_size, threat_type) values(?, ?, ?, ?, ?)" << max_id << tlsh_hash << threat_name << file_size << file_type_id;
+ }
+ catch (std::exception &e)
+ {
+ std::cout << e.what();
+ }
+}
+
+
+unsigned int threat_database::mime_to_id(std::string mime_type)
+{
+
+ sqlite::database db("threat_db.db");
+ db << "create table if not exists mime_table(mime text, id int)";
+ int count = 0;
+ db << "select count(id) from mime_table where mime=?" << mime_type >> count;
+ int max = 0;
+ db << "select max(id) from mime_table limit 1" >> max;
+ if (count == 0)
+ {
+ max++;
+ db << "insert into mime_table(mime, id) values(?, ?)" << mime_type << max;
+ return max;
+ }
+ else
+ {
+ unsigned int id;
+ db << "select id from mime_table where mime=? limit 1" << mime_type >> id;
+ return id;
+ }
+ return 0;
+}
+
+long threat_database::matching_hash_from_threat_db(std::string tlsh_hash, std::string file_type, long file_size_minimum, unsigned long file_size_maximum)
+{
+ long matched_id = -1;
+ sqlite::database threat_table("threat_db.db");
+ threat_table << "create table if not exists threat(id unsigned bigint primary key, threat_hash text, threat_name text, threat_size unsigned int, threat_type unsigned int);";
+ unsigned int file_id = mime_to_id(file_type);
+ threat_table << "select id, threat_hash from threat where threat_size>=? and threat_size<=? and threat_type=?"
+ << file_size_minimum << file_size_maximum << file_id >> [&](unsigned long id, std::string threat_hash)
+ {
+ trendcpp trend;
+ if (trend.similarity_distance(tlsh_hash, threat_hash) < 20)
+ {
+ matched_id = id;
+ }
+ };
+ return matched_id;
+}
diff --git a/Mrida/Mrida/threat_database.h b/Mrida/Mrida/threat_database.h
index 229f4da..8a5d06f 100644
--- a/Mrida/Mrida/threat_database.h
+++ b/Mrida/Mrida/threat_database.h
@@ -1,6 +1,7 @@
// SWAMI KARUPPASWAMI THUNNAI
#pragma once
+#include "httplib.h"
#include
#include
@@ -12,5 +13,14 @@ class threat_database
// Refactor the threat database -- will remove duplicates in the threat database
void refactor();
+
+ // Bool add threat to database
+ void add_threat_to_database(std::string tlsh_hash, std::string threat_name, unsigned long file_size, std::string file_type);
+
+ // Mime Type to Id
+ unsigned int mime_to_id(std::string mime_type);
+
+ // Will get the similar hash matching id from threat db [returns -1 if nothing is matching]
+ long matching_hash_from_threat_db(std::string tlsh_hash, std::string file_type, long file_size_minimum, unsigned long file_size_maximum);
};
diff --git a/Mrida/Mrida/threat_db.db b/Mrida/Mrida/threat_db.db
index 7346dcb..977a608 100644
Binary files a/Mrida/Mrida/threat_db.db and b/Mrida/Mrida/threat_db.db differ
diff --git a/Mrida/Mrida/trendcpp.cpp b/Mrida/Mrida/trendcpp.cpp
index d5e6d1e..84b1994 100644
--- a/Mrida/Mrida/trendcpp.cpp
+++ b/Mrida/Mrida/trendcpp.cpp
@@ -160,19 +160,6 @@ const Tlsh * trendcpp::hash_file(std::string file_location)
return &th;
}
-void trendcpp::add_threat_to_database(unsigned long int id, std::string tlsh_hash, std::string threat_name, unsigned long file_size, unsigned int file_type)
-{
- try {
- sqlite::database threat_database("threat_db.db");
- threat_database << "create table if not exists threat(id unsigned bigint primary key, threat_hash text, threat_name text, threat_size unsigned int, threat_type unsigned int);";
- threat_database << "insert into threat(id, threat_hash, threat_name, threat_size, threat_type) values(?, ?, ?, ?, ?)" << id << tlsh_hash << threat_name << file_size << file_type;
- }
- catch (std::exception &e)
- {
- std::cout << e.what();
- }
-}
-
int trendcpp::similarity_distance(std::string hash_one, std::string hash_two)
{
Tlsh t1;
@@ -185,43 +172,3 @@ int trendcpp::similarity_distance(std::string hash_one, std::string hash_two)
return t1.totalDiff(&t2);
}
-unsigned int trendcpp::mime_to_id(std::string mime_type)
-{
-
- sqlite::database db("threat_db.db");
- db << "create table if not exists mime_table(mime text, id int)";
- int count = 0;
- db << "select count(id) from mime_table where mime=?" << mime_type >> count;
- int max = 0;
- db << "select max(id) from mime_table limit 1" >> max;
- if (count == 0)
- {
- max++;
- db << "insert into mime_table(mime, id) values(?, ?)" << mime_type << max;
- return max;
- }
- else
- {
- unsigned int id;
- db << "select id from mime_table where mime=? limit 1" << mime_type >> id;
- return id;
- }
- return 0;
-}
-
-long trendcpp::matching_hash_from_threat_db(std::string tlsh_hash, std::string file_type, long file_size_minimum, unsigned long file_size_maximum)
-{
- long matched_id = -1;
- sqlite::database threat_table("threat_db.db");
- threat_table << "create table if not exists threat(id unsigned bigint primary key, threat_hash text, threat_name text, threat_size unsigned int, threat_type unsigned int);";
- unsigned int file_id = mime_to_id(file_type);
- threat_table << "select id, threat_hash from threat where threat_size>=? and threat_size<=? and threat_type=?"
- << file_size_minimum << file_size_maximum << file_id >> [&] (unsigned long id, std::string threat_hash)
- {
- if (similarity_distance(tlsh_hash, threat_hash) < 20)
- {
- matched_id = id;
- }
- };
- return matched_id;
-}
diff --git a/Mrida/Mrida/trendcpp.h b/Mrida/Mrida/trendcpp.h
index 87c7b79..fc73adb 100644
--- a/Mrida/Mrida/trendcpp.h
+++ b/Mrida/Mrida/trendcpp.h
@@ -16,16 +16,7 @@ class trendcpp
// Get TLSH object
const Tlsh* hash_file(std::string file_location);
- // Bool add threat to database
- void add_threat_to_database(unsigned long int id, std::string tlsh_hash, std::string threat_name, unsigned long file_size, unsigned int file_type);
-
// Getting the similarity distance
int similarity_distance(std::string hash_one, std::string hash_two);
-
- // Mime Type to Id
- unsigned int mime_to_id(std::string mime_type);
-
- // Will get the similar hash matching id from threat db [returns -1 if nothing is matching]
- long matching_hash_from_threat_db(std::string tlsh_hash, std::string file_type, long file_size_minimum, unsigned long file_size_maximum);
};
diff --git a/Mrida/Release/mrida.iobj b/Mrida/Release/mrida.iobj
new file mode 100644
index 0000000..62d5d43
Binary files /dev/null and b/Mrida/Release/mrida.iobj differ
diff --git a/Mrida/Release/mrida.ipdb b/Mrida/Release/mrida.ipdb
new file mode 100644
index 0000000..d0710cb
Binary files /dev/null and b/Mrida/Release/mrida.ipdb differ
diff --git a/Mrida/Release/mrida.pdb b/Mrida/Release/mrida.pdb
new file mode 100644
index 0000000..bee9fcf
Binary files /dev/null and b/Mrida/Release/mrida.pdb differ
diff --git a/mrida_gui/.idea/workspace.xml b/mrida_gui/.idea/workspace.xml
index ca0ce69..572ac38 100644
--- a/mrida_gui/.idea/workspace.xml
+++ b/mrida_gui/.idea/workspace.xml
@@ -10,12 +10,36 @@
-
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -34,6 +58,7 @@
+
@@ -114,14 +139,34 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -165,6 +210,16 @@
+
+
+
+
+
+
+
+
+
+
@@ -184,18 +239,28 @@
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-
+
diff --git a/mrida_gui/mrida.py b/mrida_gui/mrida.py
index fa61e29..0e24958 100644
--- a/mrida_gui/mrida.py
+++ b/mrida_gui/mrida.py
@@ -4,6 +4,7 @@
from PyQt5.QtWidgets import QMainWindow, QApplication, QTabWidget
from PyQt5.QtCore import Qt
from scan import ScanWidget
+from update import UpdateWidget
class MridaMainWidget(QTabWidget):
@@ -11,6 +12,7 @@ class MridaMainWidget(QTabWidget):
def __init__(self):
super().__init__()
self.addTab(ScanWidget(), "Scan")
+ self.addTab(UpdateWidget(), "Update")
class MridaMainWindow(QMainWindow):
diff --git a/mrida_gui/scan.py b/mrida_gui/scan.py
index 25c60a4..4450591 100644
--- a/mrida_gui/scan.py
+++ b/mrida_gui/scan.py
@@ -4,7 +4,7 @@
import requests
import filetype
from PyQt5.QtWidgets import QLabel, QLineEdit, QPushButton, QVBoxLayout, QHBoxLayout, QWidget, QListWidget
-from PyQt5.QtWidgets import QFileDialog, QCheckBox, QListWidgetItem
+from PyQt5.QtWidgets import QFileDialog, QCheckBox, QListWidgetItem, QMessageBox
from PyQt5.QtCore import QThread, QDir, QDirIterator, pyqtSignal, pyqtSlot
@@ -30,6 +30,9 @@ def __init__(self, path, author, name, description):
def is_checked(self):
return self.select_threat.isChecked()
+ def get_path(self):
+ return self.path.text()
+
class ScanThread(QThread):
@@ -51,6 +54,7 @@ def run(self):
self.scanning_signal.emit("[SCANNING]: "+file_name[1])
self.scan_for_yara(path=path)
self.scan_for_tlsh(path=path)
+ self.scanning_signal.emit(None)
def scan_for_yara(self, path):
r = requests.post("http://127.0.0.1:5660/scan_file_for_yara", data={"file": path, "target": "all"})
@@ -114,7 +118,9 @@ def __init__(self):
main_layout.addWidget(self.scan_result)
detection_layout = QHBoxLayout()
delete_selected = QPushButton("DELETE SELECTED")
+ delete_selected.clicked.connect(self.delete_selected_clicked)
delete_all = QPushButton("DELETE ALL")
+ delete_all.clicked.connect(self.delete_all_clicked)
detection_layout.addWidget(delete_selected)
detection_layout.addWidget(delete_all)
main_layout.addLayout(detection_layout)
@@ -130,10 +136,14 @@ def scan_clicked(self):
@pyqtSlot(str)
def scanning_slot(self, value):
- self.status.setText(value)
+ if value:
+ self.status.setText(value)
+ else:
+ QMessageBox.information(self, "Mrida", "Scan has been completed!")
@pyqtSlot(dict)
def detection_slot(self, value):
+ self.scan_result.scrollToBottom()
item = QListWidgetItem(self.scan_result)
widget = DetectionWidget(path=value["path"], author=value["author"], name=value["name"],
description=value["description"])
@@ -141,4 +151,27 @@ def detection_slot(self, value):
self.scan_result.setItemWidget(item, widget)
def stop_clicked(self):
- self.scan_thread.terminate()
\ No newline at end of file
+ self.scan_thread.terminate()
+
+ def delete_selected_clicked(self):
+ paths = []
+ for i in range(self.scan_result.count()):
+ widget = self.scan_result.itemWidget(self.scan_result.item(i))
+ if widget.is_checked():
+ if os.path.exists(widget.get_path()):
+ paths.append((widget.get_path(), i))
+ for path in paths:
+ if os.path.exists(path[0]):
+ os.remove(path[0])
+ self.scan_result.takeItem(path[1])
+
+ def delete_all_clicked(self):
+ paths = []
+ for i in range(self.scan_result.count()):
+ widget = self.scan_result.itemWidget(self.scan_result.item(i))
+ if os.path.exists(widget.get_path()):
+ paths.append((widget.get_path(), i))
+ for path in paths:
+ if os.path.exists(path[0]):
+ os.remove(path[0])
+ self.scan_result.takeItem(path[1])
\ No newline at end of file