File type classifier for Karton framework
Project description
Classifier karton service
File type classifier for the Karton framework.
Entrypoint for samples. Classifies type of samples labeled as kind: raw,
which makes them available for subsystems that receive samples with specific
type only (e.g. raw => runnable:win32:exe)
Author: CERT.pl
Maintainers: psrok1, msm, nazywam
Consumes:
{
"type": "sample",
"kind": "raw"
"payload": {
"magic": "output from 'file' command",
"sample": <Resource>
}
}
Produces:
{
"type": "sample",
"stage": "recognized",
"kind": "runnable" # Executable format default for OS platform
|| "document" # Office document
|| "archive" # Archive containing samples (zip, e-mails)
|| "dump" # Dump from sandbox
|| "script", # Script (js/vbs/bat...)
"platform": "win32"
|| "win64"
|| "linux"
|| "android",
|| "macos",
"extension": "*", # Expected file extension
... (other fields are derived from incoming task)
}
Usage
First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton
Then install karton-classifier from PyPi:
$ pip install karton-classifier
$ karton-classifier
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
File details
Details for the file karton_classifier-1.2.0-py3-none-any.whl.
File metadata
- Download URL: karton_classifier-1.2.0-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3393564649474536594c067d4610cd0ff32d82152f33dda7e36d7af13adad221 |
|
| MD5 | 1168cf00b57b1d8d1b79fd5037e71227 |
|
| BLAKE2b-256 | c3f463640c87fe6c6ef9cce8ef0da1747a0d78195f149e469233a409d0bd2c99 |
