search

matonis / page_brute

Page File analysis tools.
124 stars 21 forks source link

Errors on Ubuntu 13.10 #1

Open adamziaja opened 10 years ago

adamziaja commented 10 years ago 
$ python page_brute-BETA.py -r cmd_optimistic_blanks.yar -f pagefile.sys
[+] - PAGE_BRUTE processing file: pagefile.sys
Traceback (most recent call last):
  File "page_brute-BETA.py", line 227, in <module>
    main()
  File "page_brute-BETA.py", line 176, in main
    authoritative_rules=build_ruleset()
  File "page_brute-BETA.py", line 33, in build_ruleset
    if RULETYPE == "FILE":
NameError: global name 'RULETYPE' is not defined
$ python page_brute-BETA.py -r default_signatures.yar -f pagefile.sys
[+] - PAGE_BRUTE processing file: pagefile.sys
[+] - YARA rule of File type provided for compilation: default_signatures.yar
..... Ruleset Compilation Successful.
[+] - PAGE_BRUTE running with the following options:
    [-] - FILE: pagefile.sys
    [-] - PAGE_SIZE: 4096
    [-] - RULES TYPE: FILE
    [-] - RULE LOCATION: default_signatures.yar
    [-] - INVERSION SCAN: False
    [-] - WORKING DIR: PAGE_BRUTE-2014-04-05-01-31-47-RESULTS
    =================

Traceback (most recent call last):
  File "page_brute-BETA.py", line 227, in <module>
    main()
  File "page_brute-BETA.py", line 200, in main
    CHUNK_OUTPUT_DIR=os.path.join(WORKING_DIR,matches.rule)
AttributeError: 'str' object has no attribute 'rule'

Ubuntu 13.10

matonis commented 10 years ago

Looking in to it. Thanks!

mattulm commented 10 years ago

thanks, not sure if this helps, but also getting the error on SIFT 3.0. Ubuntu 12.04 uname -a Linux siftworkstation 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:39:31 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

I have tried using the full path for everything instead of just relative paths

2xyo commented 9 years ago

:+1:

aniketbhardwaj02 commented 9 years ago

Has this been resolved? I am getting the similar error as below (reported by adamziaja). I am trying this on the latest distribution of SIFT workstation.

root@siftworkstation:/home/sansforensics/Desktop/page_brute-master# ./page_brute-BETA.py -r default_signatures.yar -f /home/sansforensics/Desktop/cases/pagefile.sys [+] - PAGE_BRUTE processing file: /home/sansforensics/Desktop/cases/pagefile.sys [+] - YARA rule of File type provided for compilation: default_signatures.yar ..... Ruleset Compilation Successful. [+] - PAGE_BRUTE running with the following options: [-] - FILE: /home/sansforensics/Desktop/cases/pagefile.sys [-] - PAGE_SIZE: 4096 [-] - RULES TYPE: FILE [-] - RULE LOCATION: default_signatures.yar [-] - INVERSION SCAN: False [-] - WORKING DIR: PAGE_BRUTE-2015-01-02-20-41-57-RESULTS

Traceback (most recent call last): File "./page_brute-BETA.py", line 227, in main() File "./page_brute-BETA.py", line 200, in main CHUNK_OUTPUT_DIR=os.path.join(WORKING_DIR,matches.rule) AttributeError: 'str' object has no attribute 'rule'