Viper
msinghal95 opened this issue · 16 comments
Hi Chris,
As i was running the ph0neutria, I found that when i updated the viper web interface it still showed me that there were zero results i.e. that there were no addition to the DB. I am curious whether the addition to Viper happens after the ph0neutria has crawled through all the samples?
Also please add "numpy" as it was also an error saying no module.
Thanks, have added numpy to requirements.txt
If you're not getting any results in Viper, ensure that you're running Viper and ph0neutria under the same account, and when you browse to Viper it's running under the same account that it was running under when you load into it. It stores in '.viper/' under the home directory of the account it runs under... so if you start it under an account that differs to the one you loaded data into it using, there will be nothing.
The logging of ph0neutria will indicate whether addition to Viper is successful or not. It's quite clear if it fails.
Hi Chris,
I tried as you said but still, I am not getting any results. This is what I did, when i first installed all this functionalities i first of all changed from my user to root using "sudo su" and then i installed all the changes. I ran two terminals one was running viper and one was running ph0neutria (both of them as root) but still it was not having any information in the viper. Today hower i tried as my user and still I didn't get any results.
As I said in my update above, "The logging of ph0neutria will indicate whether addition to Viper is successful or not. It's quite clear if it fails.".
Can you see in the ph0neutria stdout that it's successfully inserting items via the Viper API? Does the account that Viper is running under have a '.viper' folder in it's home directory? When ph0neutria is running and attempting inserts into Viper, are there any errors in the Viper stdout? etc.
- No it is not successfully adding the items into the Viper API.
- It does not have a ".viper" in its home directory.
- I did see some dependencies missing in the viper stdout like 7zip and unrar.
Please provide a sample log from the ph0neutria stdout that contains the error for why the API POST fails.
2+3) Issues with the Viper install fall outside of the support I'm willing to give for this project.
These are the log results i have while running the ph0neutria.
Would you recommend for 2+3 issue to put up an issue in the Viper project on github?
Those logs show nothing that suggests you're failing submit to Viper because there is nothing there pertaining to Viper - did you not notice this? Did you look at the code in viper_utils.py and see what output you should expect when submissions are occurring? You need to wait longer until the URL list has completed assembling and it begins to submit.
Failure to query VirusTotal is likely because you're hitting API limits. I'd +1 the requestsperminute value in your config to wait a little longer between requests.
No, you should not submit an issue on the Viper project for 2+3 unless you're experiencing an actual bug with it.
I'd suggest you read through the readme of both projects and attempt to do a bit more troubleshooting of your own before raising another Issue. Thanks.
After performing a fresh reinstall of the newest versions of both this and viper i am experiencing the same issues. Using an older configured setup as a baseline, i configured the new setup and found that ph0neutria indeed does not upload samples to viper and does not report anything related to the uploading of files to viper.
Could something added with the tagging in the last few commits have broken the upload calls in the malware_utils file?
Will investigate when time permits this week.
I just ran the scraper again but with the tagging setting set to false, this causes the viper related logging to return and display the result of the api upload call
I just ran the scraper again but with the tagging setting set to false, this causes the viper related logging to return and display the result of the api upload call
@wkleinhenz - I have just spun up a new Ubuntu 16.04 VM and set up the project with the install script, updated the API keys etc where required and done a run through. Items are appearing in Viper with tags just fine. There were some missing Viper module dependencies (introduced recently I assume), but nothing that would have stopped API submissions.
The following copy of malware_utils.py has a try except around the tagging. Copy that in place and see if that catches where your failure is occurring. I really can't provide much help without exception logs as I'm unable to reproduce this myself on either Lubuntu Desktop or Ubuntu Server.
https://bin.phage.nz/?592f91f43c0f162f#uah2h/0+/QrfMRvVsb/a6rNMUVGK5UH1KzDF+otWzn4=
Having used that code didnt show anything new i think, but i may have relized the issue it seems that when tagging is enable if VirusTotal cannot be queried for tagging the file is removed rather than uploaded. Due to the cost/availability of more robust VT license/api access is this the intended action or should the file at least be added to viper even if VT cant give tags. also i attached a log of the last execution i ran to help if possible
ph0neutira-1.0.1-run.txt
actually i may have made a mistake on my end i swapped the values of username and api under VT let me retest
I see what happened. get_class_for_hash returns False and I didn't have any specific handling for that, so it went straight to the cleanup method and skipped the upload. In my testing I always returned a classification. In my most recent commit I've added handling for failed classifications when tagging is enabled. They'll just get tagged with something generic, however.
API request rate throttling is calculated by taking into consideration number of workers and your VT request limit. If VT is still failing then I'd suggest dropping the value in your config by 1... working from there.
Closing due to inactivity.
I have the same issue. Installed Ubuntu 16.04 and followed the steps in the docs. Viper is run as the same user as ph0neutria (user logged on) and yet nothing seems to be showing an error uploading in to Viper. However logging in to the webgui using the same user (which API Key has been added to the config file and the same user that's run Viper and ph0neutria) shows no results.
Whilst nothing shows an error for uploading to Viper, nothing shows a successful upload to it either.