Extractor of various archive formats for Karton framework
Project description
Extractor karton service
Performs extraction of known archive types and e-mail attachments. Produces "raw" artifacts for further classification.
Author: CERT.pl
Maintainers: psrok1, nazywam, msm
Consumes:
{
"type": "sample",
"stage": "recognized",
"kind": "archive"
"payload": {
"sample": <Resource>,
"extraction_level": <int, default: 0>,
}
}
Produces:
{
"type": "sample",
"kind": "raw",
"payload": {
"sample": <Resource>,
"parent": <Resource>,
"extraction_level": <int++>
}
}
Usage
First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton
In order to unpack all available formats you'll also need a few native dependencies that sflock relies on, the installation method recommended by sflock is:
RUN sed -i 's/ main/ main non-free/' /etc/apt/sources.list \
&& apt-get update && apt-get install -y \
p7zip-full \
rar \
unace \
cabextract \
lzip
Then install karton-archive-extractor from PyPi:
$ pip install karton-archive-extractor
$ karton-archive-extractor
Running in Docker
Sflock uses ZipJail as a usermode syscall filtering mechanism. As a result, in our experience, container running the karton service has to have the SYS_PTRACE
capability in order for the ptrace to execute correctly. Make sure it's enabled if you run into problems extracting certain archive types.
Supported archive/compression formats*
.7z
.ace
.bup
.cab
.daa
.eml
.gz
.gzip
.iso
.lha
.lz
.lzh
.msg
.mso
.pdf
.rar
.tar
.tar.bz2
.tar.gz
.udf
.vhd
.vhdx
.xz
.zip
* Assuming you are running Linux, please see the sflock's readme for more information
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for karton_archive_extractor-1.2.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 68fa7b5a340df302491e724da22296f0576956f6e7e1b8a1556620f2333a29f9 |
|
MD5 | 4cdf368d8bc4ede8fa459136a05e9ec4 |
|
BLAKE2b-256 | 9bd79e3f8e4341dbb421c6ed5ee5812408cf63bd399dbc5b49b48dbf9e4e080f |