diff --git a/CHANGELOG.md b/CHANGELOG.md index 119187a..177ee18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,7 +13,7 @@ All notable changes to this project will be documented in this file. ### Fixed - Resolved missing IOC issue in Moneta. - +- Multiple bug fixes in summary section ## [v1.6.0] - 2025-01-26 ### Added diff --git a/app/analyzers/manager.py b/app/analyzers/manager.py index da887ca..5d722ee 100644 --- a/app/analyzers/manager.py +++ b/app/analyzers/manager.py @@ -291,9 +291,6 @@ class AnalysisManager: } # Cleanup after capturing output - - - # 6. Get RedEdr results if it was started if rededr: diff --git a/app/routes.py b/app/routes.py index 707b932..a9129d9 100644 --- a/app/routes.py +++ b/app/routes.py @@ -266,7 +266,7 @@ def register_routes(app): app.logger.debug(f"Extracted detection counts: {detections}") return render_template( - 'dynamic_results.html', + 'dynamic_info.html', file_info=None, analysis_results=dynamic_results, yara_detections=detections['yara'], @@ -411,9 +411,9 @@ def register_routes(app): app.logger.error(f"Error formatting scan duration: {e}") app.logger.debug(f"Checkplz results structure: {analysis_results.get('checkplz', {})}") - app.logger.debug("Rendering static_results.html template") + app.logger.debug("Rendering static_info.html template") return render_template( - 'static_results.html', + 'static_info.html', file_info=file_info, analysis_results=analysis_results, yara_detections=yara_detections, @@ -426,9 +426,9 @@ def register_routes(app): detections = utils.extract_detection_counts(analysis_results) app.logger.debug(f"Extracted dynamic analysis detections: {detections}") - app.logger.debug("Rendering dynamic_results.html template") + app.logger.debug("Rendering dynamic_info.html template") return render_template( - 'dynamic_results.html', + 'dynamic_info.html', file_info=file_info, analysis_results=analysis_results, yara_detections=detections['yara'], @@ -518,22 +518,21 @@ def register_routes(app): }, 'analysis_summary': { 'yara': { - 'match_count': len(yara_matches), - 'critical_rules': sum(1 for match in yara_matches if match.get('metadata', {}).get('severity', 0) >= 90) + 'total_findings': len(yara_matches), + 'findings': yara_matches # Store complete YARA findings }, 'pe_sieve': { - 'total_suspicious': pe_sieve_findings.get('total_suspicious', 0), - 'implanted': pe_sieve_findings.get('implanted', 0), - 'hooked': pe_sieve_findings.get('hooked', 0) + 'total_findings': pe_sieve_findings.get('total_suspicious', 0), + 'findings': pe_sieve_findings # Store complete PE-sieve findings }, 'moneta': { - 'abnormal_exec': moneta_findings.get('total_abnormal_private_exec', 0), - 'unsigned_modules': moneta_findings.get('total_unsigned_modules', 0), - 'rwx_regions': moneta_findings.get('total_private_rwx', 0) + 'total_findings': sum(1 for key, value in moneta_findings.items() + if key.startswith('total_') and isinstance(value, (int, float)) and value > 0), + 'findings': moneta_findings # Store complete Moneta findings }, 'hsb': { 'total_findings': sum(len(det.get('findings', [])) for det in hsb_detections if det.get('pid') == int(pid)), - 'max_severity': max((det.get('max_severity', 0) for det in hsb_detections if det.get('pid') == int(pid)), default=0) + 'findings': [det for det in hsb_detections if det.get('pid') == int(pid)] # Store complete HSB findings for this PID } } } @@ -626,7 +625,6 @@ def register_routes(app): 'error': str(e) }), 500 - @app.route('/cleanup', methods=['POST']) def cleanup(): try: diff --git a/app/templates/dynamic_results.html b/app/templates/dynamic_info.html similarity index 86% rename from app/templates/dynamic_results.html rename to app/templates/dynamic_info.html index 1c56a1b..8af52db 100644 --- a/app/templates/dynamic_results.html +++ b/app/templates/dynamic_info.html @@ -167,33 +167,42 @@ {{ moneta_detections }} {% if moneta_detections %} - {% set findings = analysis_results.moneta.findings %}
- {% if findings.total_private_rwx > 0 %} -
Private RWX: {{ findings.total_private_rwx }}
- {% endif %} - {% if findings.total_private_rx > 0 %} -
Private RX: {{ findings.total_private_rx }}
- {% endif %} - {% if findings.total_modified_code > 0 %} -
Modified Code: {{ findings.total_modified_code }}
- {% endif %} - {% if findings.total_heap_executable > 0 %} -
Heap Executable: {{ findings.total_heap_executable }}
- {% endif %} - {% if findings.total_missing_peb > 0 %} -
Missing PEB: {{ findings.total_missing_peb }}
- {% endif %} - {% if findings.total_mismatching_peb > 0 %} -
Mismatching PEB: {{ findings.total_mismatching_peb }}
- {% endif %} + {% for key, value in analysis_results.moneta.findings.items() %} + {% if value is number and value > 0 and key != 'scan_duration' %} +
+ {% if key == 'total_regions' %} + Total Regions: {{ value }} + {% elif key == 'total_private_rx' %} + Private RX: {{ value }} + {% elif key == 'total_private_rwx' %} + Private RWX: {{ value }} + {% elif key == 'total_abnormal_private_exec' %} + Abnormal Private Executable: {{ value }} + {% elif key == 'total_heap_executable' %} + Heap Executable: {{ value }} + {% elif key == 'total_modified_code' %} + Modified Code: {{ value }} + {% elif key == 'total_modified_pe_header' %} + Modified PE Headers: {{ value }} + {% elif key == 'total_inconsistent_x' %} + Inconsistent Execute Flags: {{ value }} + {% elif key == 'total_missing_peb' %} + Missing PEB: {{ value }} + {% elif key == 'total_mismatching_peb' %} + Mismatching PEB: {{ value }} + {% elif key == 'total_threads_non_image' %} + Threads in Non-Image Memory: {{ value }} + {% endif %} +
+ {% endif %} + {% endfor %}
{% else %} No anomalies detected {% endif %} - Patriot @@ -353,8 +362,8 @@ Captured Output - - {{ 'Output Available' if analysis_results.process_output.stdout or analysis_results.process_output.stderr else 'No Output' }} + + {{ 'Output Available' if analysis_results.get('process_output', {}).get('stdout') or analysis_results.get('process_output', {}).get('stderr') else 'No Output' }} @@ -364,37 +373,34 @@ class="hidden border-t border-gray-800">
- {% if analysis_results.process_output.stdout %} + {% if analysis_results.get('process_output', {}).get('stdout') %}
Standard Output
- 
{{ analysis_results.process_output.stdout }}
+ 
{{ analysis_results.get('process_output', {}).get('stdout') }}
{% endif %} - {% if analysis_results.process_output.stderr %} + {% if analysis_results.get('process_output', {}).get('stderr') %}
Standard Error
- 
{{ analysis_results.process_output.stderr }}
+ 
{{ analysis_results.get('process_output', {}).get('stderr') }}
{% endif %} - {% if analysis_results.process_output.output_truncated or analysis_results.process_output.exit_code is not none %} - + {% if analysis_results.get('process_output', {}) %}
- {% if analysis_results.process_output %} - {% if analysis_results.process_output.output_truncated is defined and analysis_results.process_output.output_truncated %} - Output was truncated due to size limitations - {% if analysis_results.process_output.exit_code is defined and analysis_results.process_output.exit_code is not none %} • {% endif %} - {% endif %} - {% if analysis_results.process_output.exit_code is defined and analysis_results.process_output.exit_code is not none %} - Process exit code: {{ analysis_results.process_output.exit_code }} - {% endif %} + {% if analysis_results.get('process_output', {}).get('output_truncated') %} + Output was truncated due to size limitations + {% if analysis_results.get('process_output', {}).get('exit_code') is not none %} • {% endif %} + {% endif %} + {% if analysis_results.get('process_output', {}).get('exit_code') is not none %} + Process exit code: {{ analysis_results.get('process_output', {}).get('exit_code') }} {% endif %}
{% endif %} diff --git a/app/templates/static_results.html b/app/templates/static_info.html similarity index 100% rename from app/templates/static_results.html rename to app/templates/static_info.html diff --git a/app/utils.py b/app/utils.py index 2b8f435..96e0430 100644 --- a/app/utils.py +++ b/app/utils.py @@ -770,45 +770,52 @@ class Utils: 'patriot': 0, 'hsb': 0 } - try: + # YARA - Get total matches yara_matches = results.get('yara', {}).get('matches', []) - counts['yara'] = len({match.get('rule') for match in yara_matches if match.get('rule')}) if isinstance(yara_matches, list) else 0 + counts['yara'] = len(yara_matches) if isinstance(yara_matches, list) else 0 except (TypeError, ValueError): pass try: + # PE-sieve - Count all findings pesieve_findings = results.get('pe_sieve', {}).get('findings', {}) - counts['pesieve'] = int(pesieve_findings.get('total_suspicious', 0) or 0) + total_findings = sum( + value for key, value in pesieve_findings.items() + if isinstance(value, (int, float)) and key != 'total_scanned' + ) + counts['pesieve'] = total_findings except (TypeError, ValueError): pass try: + # Moneta - Count all findings moneta_findings = results.get('moneta', {}).get('findings', {}) - counts['moneta'] = sum([ - int(moneta_findings.get('total_private_rwx', 0) or 0), - int(moneta_findings.get('total_private_rx', 0) or 0), - int(moneta_findings.get('total_modified_code', 0) or 0), - int(moneta_findings.get('total_heap_executable', 0) or 0), - int(moneta_findings.get('total_modified_pe_header', 0) or 0), - int(moneta_findings.get('total_inconsistent_x', 0) or 0), - int(moneta_findings.get('total_missing_peb', 0) or 0), - int(moneta_findings.get('total_mismatching_peb', 0) or 0) - ]) + total_findings = sum( + value for key, value in moneta_findings.items() + if isinstance(value, (int, float)) and key.startswith('total_') and key != 'total_regions' + ) + counts['moneta'] = total_findings except (TypeError, ValueError): pass try: + # Patriot - Get all findings patriot_findings = results.get('patriot', {}).get('findings', {}).get('findings', []) counts['patriot'] = len(patriot_findings) if isinstance(patriot_findings, list) else 0 except (TypeError, ValueError): pass try: - hsb_findings = results.get('hsb', {}).get('findings', {}) - if hsb_findings and hsb_findings.get('detections'): - counts['hsb'] = len(hsb_findings['detections'][0].get('findings', [])) - except (TypeError, ValueError, IndexError): + # HSB - Get all findings from all detections + hsb_findings = results.get('hsb', {}).get('findings', {}).get('detections', []) + total_findings = sum( + len(detection.get('findings', [])) + for detection in hsb_findings + if isinstance(detection, dict) + ) + counts['hsb'] = total_findings + except (TypeError, ValueError): pass return counts \ No newline at end of file