1. Advisor
  2. turbinia
  3. functions
  4. turbinia.lib.text_formatter.bold
View all turbinia analysis

How to use the turbinia.lib.text_formatter.bold function in turbinia

To help you get started, we’ve selected a few turbinia examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github google / turbinia / turbinia / workers / sshd.py View on Github external
r'^\s*PasswordAuthentication[\s"]*No', re.IGNORECASE | re.MULTILINE)
    permit_empty_passwords_re = re.compile(
        r'^\s*PermitEmptyPasswords[\s"]*Yes', re.IGNORECASE | re.MULTILINE)

    if re.search(permit_root_login_re, config):
      findings.append(fmt.bullet('Root login enabled.'))

    if not re.search(password_authentication_re, config):
      findings.append(fmt.bullet('Password authentication enabled.'))

    if re.search(permit_empty_passwords_re, config):
      findings.append(fmt.bullet('Empty passwords permitted.'))

    if findings:
      summary = 'Insecure SSH configuration found.'
      findings.insert(0, fmt.heading4(fmt.bold(summary)))
      report = '\n'.join(findings)
      return (report, Priority.HIGH, summary)

    report = 'No issues found in SSH configuration'
    return (report, Priority.LOW, report)
github google / turbinia / turbinia / workers / hadoop.py View on Github external
for filepath in collected_artifacts:
      relpath = os.path.relpath(filepath, output_dir)
      command = 'strings -a "{0:s}"'.format(filepath)
      log.debug('Running command [{0:s}]'.format(command))
      proc = subprocess.Popen(
          command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
      strings_output, _ = proc.communicate()
      strings_output = codecs.decode(strings_output, 'utf-8')
      for line in strings_output.splitlines():
        strings_count += 1
        if (line.find('curl') >= 0) or (line.find('wget') >= 0):
          evil_commands.append((relpath, line))

    if evil_commands:
      msg = 'Found suspicious commands!'
      report.append(fmt.heading4(fmt.bold(msg)))
      summary = msg
      priority = Priority.CRITICAL
    else:
      msg = 'Did not find any suspicious commands.'
      report.append(fmt.heading4(msg))
      summary = msg

    for filepath, command in evil_commands:
      report.append(fmt.bullet(fmt.bold('Command:')))
      report.append(fmt.code(command))
      report.append('Found in file:')
      report.append(fmt.code(filepath))

    msg = 'Extracted {0:d} strings from {1:d} file(s)'.format(
        strings_count, len(collected_artifacts))
    report.append(fmt.bullet(msg))
github google / turbinia / turbinia / workers / hadoop.py View on Github external
strings_count += 1
        if (line.find('curl') >= 0) or (line.find('wget') >= 0):
          evil_commands.append((relpath, line))

    if evil_commands:
      msg = 'Found suspicious commands!'
      report.append(fmt.heading4(fmt.bold(msg)))
      summary = msg
      priority = Priority.CRITICAL
    else:
      msg = 'Did not find any suspicious commands.'
      report.append(fmt.heading4(msg))
      summary = msg

    for filepath, command in evil_commands:
      report.append(fmt.bullet(fmt.bold('Command:')))
      report.append(fmt.code(command))
      report.append('Found in file:')
      report.append(fmt.code(filepath))

    msg = 'Extracted {0:d} strings from {1:d} file(s)'.format(
        strings_count, len(collected_artifacts))
    report.append(fmt.bullet(msg))

    return (report, priority, summary)
github google / turbinia / turbinia / workers / tomcat.py View on Github external
for password_entry in re.findall(tomcat_user_passwords_re, tomcat_file):
      findings.append(fmt.bullet('Tomcat user: ' + password_entry.strip()))
      count += 1

    for deployment_entry in re.findall(tomcat_deploy_re, tomcat_file):
      findings.append(
          fmt.bullet('Tomcat App Deployed: ' + deployment_entry.strip()))
      count += 1

    for mgmt_entry in re.findall(tomcat_manager_activity_re, tomcat_file):
      findings.append(fmt.bullet('Tomcat Management: ' + mgmt_entry.strip()))
      count += 1

    if findings:
      msg = 'Tomcat analysis found {0:d} results'.format(count)
      findings.insert(0, fmt.heading4(fmt.bold(msg)))
      report = '\n'.join(findings)
      return (report, Priority.HIGH, msg)

    report = 'No Tomcat findings to report'
    return (report, Priority.LOW, report)
github google / turbinia / turbinia / workers / analysis / jenkins.py View on Github external
report = []
    summary = ''
    priority = Priority.LOW
    credentials_registry = {hash: username for username, hash in credentials}
    # TODO: Add timeout parameter when dynamic configuration is ready.
    # Ref: https://github.com/google/turbinia/issues/244
    weak_passwords = bruteforce_password_hashes(credentials_registry.keys())

    if not version:
      version = 'Unknown'
    report.append(fmt.bullet('Jenkins version: {0:s}'.format(version)))

    if weak_passwords:
      priority = Priority.CRITICAL
      summary = 'Jenkins analysis found potential issues'
      report.insert(0, fmt.heading4(fmt.bold(summary)))
      line = '{0:n} weak password(s) found:'.format(len(weak_passwords))
      report.append(fmt.bullet(fmt.bold(line)))
      for password_hash, plaintext in weak_passwords:
        line = 'User "{0:s}" with password "{1:s}"'.format(
            credentials_registry.get(password_hash), plaintext)
        report.append(fmt.bullet(line, level=2))
    elif credentials_registry or version != 'Unknown':
      summary = (
          'Jenkins version {0:s} found with {1:d} credentials, but no issues '
          'detected'.format(version, len(credentials_registry)))
      report.insert(0, fmt.heading4(summary))
      priority = Priority.MEDIUM
    else:
      summary = 'No Jenkins instance found'
      report.insert(0, fmt.heading4(summary))
github google / turbinia / turbinia / client.py View on Github external
def format_task_detail(self, task, show_files=False):
    """Formats a single task in detail.

    Args:
      task (dict): The task to format data for
      show_files (bool): Whether we want to print out log file paths

    Returns:
      list: Formatted task data
    """
    report = []
    saved_paths = task.get('saved_paths') or []
    status = task.get('status') or 'No task status'

    report.append(fmt.heading2(task.get('name')))
    line = '{0:s} {1:s}'.format(fmt.bold('Status:'), status)
    report.append(fmt.bullet(line))
    report.append(fmt.bullet('Task Id: {0:s}'.format(task.get('id'))))
    report.append(
        fmt.bullet('Executed on worker {0:s}'.format(task.get('worker_name'))))
    if task.get('report_data'):
      report.append('')
      report.append(fmt.heading3('Task Reported Data'))
      report.extend(task.get('report_data').splitlines())
    if show_files:
      report.append('')
      report.append(fmt.heading3('Saved Task Files:'))
      for path in saved_paths:
        report.append(fmt.bullet(fmt.code(path)))
      report.append('')
    return report

turbinia

Automation and Scaling of Digital Forensics Tools

GitHub
Apache-2.0
Latest version published 2 months ago

Package Health Score

84 / 100
Full package analysis

Popular turbinia functions

Similar packages