Extractor of various archive formats for Karton framework
Project description
Extractor karton service
Performs extraction of known archive types and e-mail attachments. Produces "raw" artifacts for further classification.
Author: CERT.pl
Maintainers: psrok1, nazywam, msm
Consumes:
{
"type": "sample",
"stage": "recognized",
"kind": "archive"
"payload": {
"sample": <Resource>,
"extraction_level": <int, default: 0>,
}
}
Produces:
{
"type": "sample",
"kind": "raw",
"payload": {
"sample": <Resource>,
"parent": <Resource>,
"extraction_level": <int++>
}
}
Usage
First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton
In order to unpack all available formats you'll also need a few native dependencies that sflock relies on, the installation method recommended by sflock is:
RUN sed -i 's/ main/ main non-free/' /etc/apt/sources.list \
&& apt-get update && apt-get install -y \
p7zip-full \
rar \
unace \
cabextract \
lzip
Then install karton-archive-extractor from PyPi:
$ pip install karton-archive-extractor
$ karton-archive-extractor
Running in Docker
Sflock uses ZipJail as a usermode syscall filtering mechanism. As a result, in our experience, container running the karton service has to have the SYS_PTRACE
capability in order for the ptrace to execute correctly. Make sure it's enabled if you run into problems extracting certain archive types.
Supported archive/compression formats*
.7z
.ace
.bup
.cab
.daa
.eml
.gz
.gzip
.iso
.lha
.lz
.lzh
.msg
.mso
.pdf
.rar
.tar
.tar.bz2
.tar.gz
.udf
.vhd
.vhdx
.xz
.zip
* Assuming you are running Linux, please see the sflock's readme for more information
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file karton_archive_extractor-1.2.1-py3-none-any.whl
.
File metadata
- Download URL: karton_archive_extractor-1.2.1-py3-none-any.whl
- Upload date:
- Size: 17.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.6.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.2 CPython/3.8.11
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ee6e6ba4d8f4e3d09cbd7fa93d1704919ad060df9c3b357cf443e9f80d8e0bfb |
|
MD5 | 8a98a9f995070cba8b826d875f62a080 |
|
BLAKE2b-256 | bdd86afcedd981361d8a3bee0e53689c0b2634ee7a3ecc06008e59342cac006a |