polyswarm · sbneto · Jun 19, 2024 · Mar 28, 2024 · Mar 28, 2024 · Mar 28, 2024
diff --git a/README.md b/README.md
@@ -149,11 +149,11 @@ Please contribute to this project by helping create new signatures, parsers, or
 
 A huge thank you to @D00m3dR4v3n for single-handedly porting CAPE to Python 3.
 
+## Installation recommendations and scripts for optimal performance
 * Python3
     * agent.py is tested with python (3.7.2|3.8) x86. __You should use x86 python version inside of the VM!__
     * host tested with python3 version 3.7, 3.8, 3.10, but newer versions should work too
 
-## Installation recommendations and scripts for optimal performance
 * __Only rooter should be executed as root__, the rest as __cape__ user. Running as root will mess with permissions.
 1. Become familiar with the [documentation](https://capev2.readthedocs.io/en/latest/) and __do read ALL__ config files inside of `conf` folder!
 2. For best compabitility we strongly suggest installing on [Ubuntu 22.04 LTS](https://ubuntu.com/#download) and using Windows 10 21H2 as target.

diff --git a/agent/agent.py b/agent/agent.py
@@ -20,6 +20,7 @@
 import subprocess
 import sys
 import tempfile
+import time
 import traceback
 from io import StringIO
 from typing import Iterable
@@ -174,8 +175,8 @@ def run(
         port: int = 8000,
         event: multiprocessing.Event = None,
     ):
-        socketserver.TCPServer.allow_reuse_address = True
-        self.s = socketserver.TCPServer((host, port), self.handler)
+        socketserver.ThreadingTCPServer.allow_reuse_address = True
+        self.s = socketserver.ThreadingTCPServer((host, port), self.handler)
 
         # tell anyone waiting that they're good to go
         if event:
@@ -219,6 +220,7 @@ def handle(self, obj):
             self.close_connection = True
 
     def shutdown(self):
+
         # BaseServer also features a .shutdown() method, but you can't use
         # that from the same thread as that will deadlock the whole thing.
         if hasattr(self, "s"):
@@ -258,26 +260,47 @@ def headers(self, obj):
 class send_file:
     """Wrapper that represents Flask.send_file functionality."""
 
-    def __init__(self, path, encoding):
+    def __init__(self, path, encoding, streaming):
         self.length = None
         self.path = path
         self.status_code = 200
         self.encoding = encoding
+        self.streaming = False
+        if streaming == "1":
+            self.streaming = True
 
     def okay_to_send(self):
         return os.path.isfile(self.path) and os.access(self.path, os.R_OK)
 
     def init(self):
         if self.okay_to_send():
-            if self.encoding != BASE_64_ENCODING:
+            if self.encoding != BASE_64_ENCODING and not self.streaming:
                 self.length = os.path.getsize(self.path)
         else:
             self.status_code = 404
 
+    def write_streaming(self, httplog, sock):
+        """Streaming output. similar to using 'tail -f <file>"""
+
+        with open(self.path, "rb") as f:
+            while True:
+                line = f.readline()
+                if not line:
+                    time.sleep(0.1)
+                    continue
+                try:
+                    sock.write(line)
+                except (BrokenPipeError, ConnectionResetError):
+                    httplog.log_message(f"Client disconnected while reading {self.path}")
+                    break
+
     def write(self, httplog, sock):
         if not self.okay_to_send():
             return
 
+        if self.streaming:
+            self.write_streaming(httplog, sock)
+            return
         try:
             with open(self.path, "rb") as f:
                 buf = f.read(1024 * 1024)
@@ -290,7 +313,8 @@ def write(self, httplog, sock):
             httplog.log_error(f"Error reading file {self.path}: {ex}")
 
     def headers(self, obj):
-        obj.send_header("Content-Length", self.length)
+        if self.length is not None:
+            obj.send_header("Content-Length", self.length)
 
 
 class request:
@@ -565,7 +589,7 @@ def do_retrieve():
     if "filepath" not in request.form:
         return json_error(400, "No filepath has been provided")
 
-    return send_file(request.form["filepath"], request.form.get("encoding", ""))
+    return send_file(request.form["filepath"], request.form.get("encoding", ""), request.form.get("streaming", ""))
 
 
 @app.route("/extract", methods=["POST"])

diff --git a/agent/test_agent.py b/agent/test_agent.py
@@ -211,6 +211,10 @@ def teardown_method(self):
         shutil.rmtree(DIRPATH, ignore_errors=True)
         assert not os.path.isdir(DIRPATH)
 
+        if sys.platform == "win32":
+            # shutdown will hang on win32 without this
+            self.agent_process.terminate()
+
         # Ensure agent process completes; release resources.
         self.agent_process.join()
         self.agent_process.close()

diff --git a/analyzer/linux/modules/packages/deb.py b/analyzer/linux/modules/packages/deb.py
@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+# Copyright (C) 2024 xiangchen96
+# This software may be modified and distributed under the terms
+# of the MIT license. See the LICENSE file for details.
+
+from lib.core.packages import Package
+
+
+class Deb(Package):
+    """Deb analysis package."""
+
+    def prepare(self):
+        self.args = [self.target] + self.args
+        self.target = "dpkg -i"
diff --git a/analyzer/linux/modules/packages/perl.py b/analyzer/linux/modules/packages/perl.py
@@ -3,15 +3,12 @@
 # This software may be modified and distributed under the terms
 # of the MIT license. See the LICENSE file for details.
 
-from os import system
-
 from lib.core.packages import Package
 
 
 class Perl(Package):
-    """Mach-O executable analysys package."""
+    """Perl script analysis package."""
 
     def prepare(self):
-        # Make sure that our target is executable
-        # /usr/bin/open will handle it
-        system(f'/bin/chmod +x "{self.target}"')
+        self.args = [self.target] + self.args
+        self.target = "/usr/bin/perl"