9b
/ mr_named_funcs.js
Created
March 24, 2011 19:37
Unique named functions with instance and total counts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var map = function () { | |
| this.structure.keywords.keyword.forEach( | |
| function (z) { | |
| emit(z.name, {count_sum: z.count, count: 1}); | |
| } | |
| ); | |
| } | |
| var reduce = function (key, values) { | |
| var total = 0; |
9b
/ mr_named_funcs_hex.js
Created
March 24, 2011 19:38
Unique encoded named functions with instance and total counts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var map = function () { | |
| this.structure.keywords.keyword.forEach(function (z) {emit(z.name, {count_hex: z.hexcodecount, count:1});}); | |
| } | |
| var reduce = function (key, values) { | |
| var total = 0; | |
| var count = 0; | |
| for (var i = 0; i < values.length; i++) { | |
| if (values[i].count_hex > 0) { | |
| total += values[i].count_hex; |
9b
/ mr_component_totals.js
Created
March 24, 2011 19:39
Component totals and averages for a PDF set
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var map = function () { | |
| this.structure.components.component.forEach( | |
| function (z) { | |
| emit(z.name, {count: 0, total: z.count, avg:0}); | |
| } | |
| ); | |
| } | |
| var reduce = function (key, values) { | |
| var count = db.malware.count(); |
9b
/ mr_composite_scans.js
Created
March 24, 2011 19:43
Key off anti-virus name and collect signatures, unique signature count and total detection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var map = function () { | |
| this.scans.virustotal.report.results.scanners.forEach( | |
| function (z) { | |
| emit(z.antivirus, {signatures: [z.signature] , count: 1, total: 0}); | |
| } | |
| ); | |
| } | |
| var reduce = function (key, values) { | |
| var count = 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from jabberbot import JabberBot, botcmd | |
| import datetime | |
| import base64 | |
| import pymongo | |
| import traceback | |
| import simplejson as json | |
| import os, sys, csv, zipfile, getopt, traceback, socket, urlparse, time, urllib2, string | |
| import StringIO | |
| import logging |
9b
/ magic_mappy.py
Created
September 22, 2011 17:46
Generate a bunch of simple mapreduce jobs and output accordingly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import simplejson as json | |
| from pymongo import Connection | |
| from bson.code import Code | |
| #cheap connection | |
| def connect_to_mongo(host, port, database, collection): | |
| connection = Connection(host, port) | |
| db = connection[database] | |
| collection = db[collection] | |
| return collection |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __description__ = 'Analyzes Malicious PDF Object in Memory' | |
| __author__ = 'Brandon Dixon' | |
| __version__ = '1.0' | |
| __date__ = '2011/11/07' | |
| from object_builder import * | |
| import simplejson as json | |
| import optparse | |
| import malobjclass | |
| import codecs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package | |
| { | |
| import flash.display.MovieClip; | |
| import flash.display.SimpleButton; | |
| import flash.display.Shape; | |
| import flash.events.Event; | |
| import flash.events.MouseEvent; | |
| import flash.net.*; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # V0.1 2008/05/23 | |
| # make-pdf-javascript, use it to create a PDF document with embedded JavaScript that will execute automatically when the document is opened | |
| # requires module mPDF.py | |
| # Source code put in public domain by Didier Stevens, no Copyright | |
| # https://DidierStevens.com | |
| # Use at your own risk | |
| # | |
| # History: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # module with simple class to build PDF documents with basic PDF elements | |
| # Source code put in public domain by Didier Stevens, no Copyright | |
| # https://DidierStevens.com | |
| # Use at your own risk | |
| # | |
| # History: | |
| # | |
| # 2008/05/18: continue |