#260 add attachments hashes information

2024-11-07 09:28:58 +00:00 · 2018-07-26 07:57:48 +02:00 · 2018-07-26 07:57:48 +02:00 · a52f1ffa59
commit a52f1ffa59
parent 6963e814ef
2 changed files with 20 additions and 13 deletions
--- a/analyzers/EmlParser/parse.py
+++ b/analyzers/EmlParser/parse.py
@ -5,6 +5,7 @@ import eml_parser
 from cortexutils.analyzer import Analyzer
 import magic
 import binascii
+import hashlib
 from pprint import pprint

 class EmlParserAnalyzer(Analyzer):
@ -84,6 +85,7 @@ def parseEml(filepath):
    #attachments
    try:
        for attachment in parsed_eml['attachment']:
+            sha256 = hashlib.sha256()
            attachmentSumUp = dict()
            attachmentSumUp['filename'] = attachment.get('filename', '')

@ -92,7 +94,8 @@ def parseEml(filepath):
            #it has to be calculated, the attachment is in base64
            attachmentSumUp['mime'] = magic.from_buffer(binascii.a2b_base64(attachment['raw']))
            attachmentSumUp['extension'] = attachment.get('extension', '')
-
+            sha256.update(attachment['raw'])
+            attachmentSumUp['sha256'] = sha256.hexdigest()
            result['attachments'].append(attachmentSumUp)

    except KeyError as e:
--- a/thehive-templates/Eml_Parser_1_0/long.html
+++ b/thehive-templates/Eml_Parser_1_0/long.html
@ -42,20 +42,24 @@
                <div class="bm10">This message file includes
                    <ng-pluralize count="content.attachments.length" when="{'1': '1 attachment', 'other': '{} attachments'}"></ng-pluralize>
                </div>
-                <table class="table table-hover">
+                <table class="table table-striped table-bordered">
                    <thead>
-                    <tr>
-                        <th>Filename</th>
-                        <th>Mime Type</th>
-                        <th>Extension</th>
-                    </tr>
+                        <tr>
+                            <th class="col-md-2" >Filename</th>
+                            <th >File information</th>
+
+                        </tr>
                    </thead>
-                    <tbody>
-                    <tr ng-repeat="a in content.attachments">
-                        <td class="wrap">{{a.filename}}</td>
-                        <td class="wrap">{{a.mime}}</td>
-                        <td>{{a.extension}}</td>
-                    </tr>
+                    <tbody ng-repeat="a in content.attachments">
+                        <tr>
+                            <td rowspan=2>{{a.filename}}</td>
+                            <td>[SHA256]: {{a.sha256}}</td>
+                        </tr>
+                        <tr>
+                            <td>
+                                {{a.mime}}
+                            </td>
+                        </tr>
                    </tbody>
                </table>
            </dd>