intelowlproject
diff --git a/‎.github/CHANGELOG.md‎
Lines changed: 10 additions & 0 deletions b/‎.github/CHANGELOG.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 40 additions & 20 deletions b/‎.github/dependabot.yml‎
Lines changed: 40 additions & 20 deletions
diff --git a/‎README.md‎
Lines changed: 4 additions & 4 deletions b/‎README.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎api_app/analyzers_manager/file_analyzers/detectiteasy.py‎
Lines changed: 40 additions & 39 deletions b/‎api_app/analyzers_manager/file_analyzers/detectiteasy.py‎
Lines changed: 40 additions & 39 deletions
@@ -2,6 +2,16 @@
 
 [**Upgrade Guide**](https://intelowlproject.github.io/docs/IntelOwl/installation/#update-to-the-most-recent-version)
 
+## [v6.3.0](https://github.com/intelowlproject/IntelOwl/releases/tag/v6.3.0)
+
+This release brings official support for ARM architecture. From now on, our Docker builds are multi-platform. You can now run IntelOwl in your favourite ARM machine smoothly, e.g. Apple Silicon Mac and Raspberry PI.
+
+We have few new analyzers that you can play with (in particular new Vulnerability scanners like WAD, Nuclei) and updated Abuse.Ch analyzers to allow the configuration of your API key.
+
+Then we have a lot of fixes and dependencies upgrades as usual.
+
+Happy hunting!
+
 ## [v6.2.1](https://github.com/intelowlproject/IntelOwl/releases/tag/v6.2.1)
 Minor fixes and dependencies upgrades
 
 
@@ -7,8 +7,6 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
       - dependency-name: "boto3"
@@ -23,8 +21,6 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
 
@@ -35,8 +31,6 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: [ "version-update:semver-patch" ]
 
@@ -46,6 +40,16 @@ updates:
       interval: "weekly"
       day: "tuesday"
     target-branch: "develop"
+    ignore:
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-patch" ]
+
+  - package-ecosystem: "pip"
+    directory: "/integrations/nuclei_analyzer"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates
@@ -71,8 +75,6 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: [ "version-update:semver-patch" ]
 
@@ -92,8 +94,6 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
 
@@ -104,8 +104,6 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
 
@@ -116,8 +114,6 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
 
@@ -127,6 +123,26 @@ updates:
       interval: "weekly"
       day: "tuesday"
     target-branch: "develop"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]
+
+  - package-ecosystem: "docker"
+    directory: "/integrations/cyberchef"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+    target-branch: "develop"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]
+
+  - package-ecosystem: "docker"
+    directory: "/integrations/nuclei_analyzer"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+    target-branch: "develop"
     ignore:
       # ignore all patch updates since we are using ~=
       # this does not work for security updates
@@ -152,20 +168,26 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
 
+  - package-ecosystem: "docker"
+    directory: "/integrations/thug"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+    target-branch: "develop"
+    ignore:
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-patch" ]
+
   - package-ecosystem: "docker"
     directory: "/integrations/phishing_analyzers"
     schedule:
       interval: "weekly"
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
 
@@ -176,7 +198,5 @@ updates:
       day: "tuesday"
     target-branch: "develop"
     ignore:
-      # ignore all patch updates since we are using ~=
-      # this does not work for security updates
       - dependency-name: "*"
         update-types: ["version-update:semver-patch"]
@@ -55,10 +55,10 @@ To know more about the project and its growth over time, you may be interested i
 
 You can see the full list of all available analyzers in the [documentation](https://intelowlproject.github.io/docs/IntelOwl/usage/#analyzers).
 
-| Type                                               | Analyzers Available                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
-| -------------------------------------------------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Inbuilt modules                                    | - Static Office Document, RTF, PDF, PE, ELF, APK File Analysis and metadata extraction<br/> - Strings Deobfuscation and analysis ([FLOSS](https://github.com/mandiant/flare-floss), [Stringsifter](https://github.com/mandiant/stringsifter), ...)<br/> - [Yara](https://virustotal.github.io/yara/), [ClamAV](https://www.clamav.net/) (a lot of public rules are available. You can also add your own rules)<br/> - PE Emulation with [Qiling](https://github.com/qilingframework/qiling) and [Speakeasy](https://github.com/mandiant/speakeasy)<br/> - PE Signature verification<br/> - PE Capabilities Extraction ([CAPA](https://github.com/mandiant/capa) and [Blint](https://github.com/owasp-dep-scan/blint))<br/> - Javascript Emulation ([Box-js](https://github.com/CapacitorSet/box-js))<br/> - Android Malware Analysis ([Quark-Engine](https://github.com/quark-engine/quark-engine), [Androguard](https://github.com/androguard/androguard), [Mobsf](https://github.com/MobSF/mobsfscan/), ...)<br/> - SPF and DMARC Validator<br/> - PCAP Analysis with [Suricata](https://github.com/OISF/suricata) and [Hfinger](https://github.com/CERT-Polska/hfinger) <br/> - Scanners ([WAD](https://github.com/CERN-CERT/WAD), [Nuclei](https://github.com/projectdiscovery/nuclei), ...) <br/> - more... |
-| External services                                  | - Abuse.ch <a href="https://bazaar.abuse.ch/about/" target="_blank">MalwareBazaar</a>/<a href="https://urlhaus.abuse.ch/" target="_blank">URLhaus</a>/<a href="https://threatfox.abuse.ch/about/" target="_blank">Threatfox</a>/<a href="https://yaraify.abuse.ch/about/" target="_blank">YARAify</a></br> - <a href="https://docs.greynoise.io/docs/3rd-party-integrations" target="_blank"> GreyNoise v2</a><br/> - <a href="https://analyze.intezer.com/?utm_source=IntelOwl" target="_blank"> Intezer</a><br/> - VirusTotal v3<br/> - <a href="https://doc.crowdsec.net/docs/next/cti_api/integration_intelowl/?utm_source=IntelOwl" target="_blank"> Crowdsec</a><br/> - <a href="https://urlscan.io/docs/integrations/" target="_blank">URLscan</a><br/> - Shodan<br/> - AlienVault OTX<br/> - <a href="https://intelx.io/integrations" target="_blank">Intelligence_X</a><br/> - <a href="https://www.misp-project.org/" target="_blank">MISP</a><br/> - many more..                                                                                                                                                                                                                                                                                                               |
+| Type                                               | Analyzers Available                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+| -------------------------------------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Inbuilt modules                                    | - Static Office Document, RTF, PDF, PE, ELF, APK File Analysis and metadata extraction<br/> - Strings Deobfuscation and analysis ([FLOSS](https://github.com/mandiant/flare-floss), [Stringsifter](https://github.com/mandiant/stringsifter), ...)<br/> - [Yara](https://virustotal.github.io/yara/), [ClamAV](https://www.clamav.net/) (a lot of public rules are available. You can also add your own rules)<br/> - PE Emulation with [Qiling](https://github.com/qilingframework/qiling) and [Speakeasy](https://github.com/mandiant/speakeasy)<br/> - PE Signature verification<br/> - PE Capabilities Extraction ([CAPA](https://github.com/mandiant/capa) and [Blint](https://github.com/owasp-dep-scan/blint))<br/> - Javascript Emulation ([Box-js](https://github.com/CapacitorSet/box-js))<br/> - Android Malware Analysis ([Quark-Engine](https://github.com/quark-engine/quark-engine), [Androguard](https://github.com/androguard/androguard), [Mobsf](https://github.com/MobSF/mobsfscan/), ...)<br/> - SPF and DMARC Validator<br/> - PCAP Analysis with [Suricata](https://github.com/OISF/suricata) and [Hfinger](https://github.com/CERT-Polska/hfinger) <br/> - Honeyclients ([Thug](https://github.com/buffer/thug), [Selenium](https://github.com/wkeeling/selenium-wire)) <br/> - Scanners ([WAD](https://github.com/CERN-CERT/WAD), [Nuclei](https://github.com/projectdiscovery/nuclei), ...) <br/> - more... |
+| External services                                  | - Abuse.ch <a href="https://bazaar.abuse.ch/about/" target="_blank">MalwareBazaar</a>/<a href="https://urlhaus.abuse.ch/" target="_blank">URLhaus</a>/<a href="https://threatfox.abuse.ch/about/" target="_blank">Threatfox</a>/<a href="https://yaraify.abuse.ch/about/" target="_blank">YARAify</a></br> - <a href="https://docs.greynoise.io/docs/3rd-party-integrations" target="_blank"> GreyNoise v2</a><br/> - <a href="https://analyze.intezer.com/?utm_source=IntelOwl" target="_blank"> Intezer</a><br/> - VirusTotal v3<br/> - <a href="https://doc.crowdsec.net/docs/next/cti_api/integration_intelowl/?utm_source=IntelOwl" target="_blank"> Crowdsec</a><br/> - <a href="https://urlscan.io/docs/integrations/" target="_blank">URLscan</a><br/> - Shodan<br/> - AlienVault OTX<br/> - <a href="https://intelx.io/integrations" target="_blank">Intelligence_X</a><br/> - <a href="https://www.misp-project.org/" target="_blank">MISP</a><br/> - many more..                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
 
 ## Partnerships and sponsors
 
 
@@ -1,60 +1,61 @@
+import json
 import logging
 
-from api_app.analyzers_manager.classes import DockerBasedAnalyzer, FileAnalyzer
+import die
+
+from api_app.analyzers_manager.classes import FileAnalyzer
 from tests.mock_utils import MockUpResponse
 
 logger = logging.getLogger(__name__)
 
 
-class DetectItEasy(FileAnalyzer, DockerBasedAnalyzer):
-    name: str = "executable_analyzer"
-    url: str = "http://malware_tools_analyzers:4002/die"
-    # http request polling max number of tries
-    max_tries: int = 10
-    # interval between http request polling (in secs)
-    poll_distance: int = 1
+class DetectItEasy(FileAnalyzer):
 
     def update(self):
         pass
 
     def run(self):
-        fname = str(self.filename).replace("/", "_").replace(" ", "_")
-        # get the file to send
-        binary = self.read_file_bytes()
-        args = [f"@{fname}", "--json"]
-        req_data = {
-            "args": args,
-        }
-        req_files = {fname: binary}
-        logger.info(
-            f"Running {self.analyzer_name} on {self.filename} with args: {args}"
+        logger.info(f"Running DIE on {self.filepath} for {self.md5}")
+
+        json_report = die.scan_file(
+            self.filepath, die.ScanFlags.RESULT_AS_JSON, str(die.database_path / "db")
         )
-        report = self._docker_run(req_data, req_files, analyzer_name=self.analyzer_name)
-        if not report:
-            self.report.errors.append("DIE did not detect the file type")
-            return {}
-        return report
+
+        return json.loads(json_report)
 
     @staticmethod
     def mocked_docker_analyzer_get(*args, **kwargs):
         return MockUpResponse(
             {
-                "report": {
-                    "arch": "NOEXEC",
-                    "mode": "Unknown",
-                    "type": "Unknown",
-                    "detects": [
-                        {
-                            "name": "Zip",
-                            "type": "archive",
-                            "string": "archive: Zip(2.0)[38.5%,1 file]",
-                            "options": "38.5%,1 file",
-                            "version": "2.0",
-                        }
-                    ],
-                    "filetype": "Binary",
-                    "endianess": "LE",
-                }
+                "detects": [
+                    {
+                        "filetype": "PE64",
+                        "parentfilepart": "Header",
+                        "values": [
+                            {
+                                "info": "Console64,console",
+                                "name": "GNU linker ld (GNU Binutils)",
+                                "string": "Linker: GNU linker ld (GNU Binutils)(2.28)[Console64,console]",
+                                "type": "Linker",
+                                "version": "2.28",
+                            },
+                            {
+                                "info": "",
+                                "name": "MinGW",
+                                "string": "Compiler: MinGW",
+                                "type": "Compiler",
+                                "version": "",
+                            },
+                            {
+                                "info": "NRV,brute",
+                                "name": "UPX",
+                                "string": "Packer: UPX(4.24)[NRV,brute]",
+                                "type": "Packer",
+                                "version": "4.24",
+                            },
+                        ],
+                    }
+                ]
             },
             200,
         )