search

viper-framework / viper

Binary analysis and management framework
Other
1.54k stars 351 forks source link

Some installation / usage issues #632

Closed nkl0x55 closed 6 years ago

nkl0x55 commented 6 years ago

Hi,

Had setup viper on a testing machine. pip3 was used for requirements.txt. Encounter the message when starting viper.

Something wrong happened while importing the module viper.modules.pdf: No module named 'viper.modules.pdftools.pdfid'

Rafiot commented 6 years ago

Can you try to run git submodule init && git submodule update and try again?

nkl0x55 commented 6 years ago

Hi Rafiot,

After running the command provided. Able to start viper.

Had 2 more questions:

Where do I config api key for services like virustotal?

Running the fuzzy module, I would encounter the following message. Missing dependency, install pydeep (pip install pydeep)

When I try to perform a pip3 install pydeep, I get the message Requirement already satisfied: pydeep in /usr/local/lib/python3.5/dist-packages

Personally find this project interesting and useful, but the documentation is hard for someone new to get it up and running. Is there a way to contribute to the documentation?

I setting up viper on a personal VPS, so it's quite easy to tear down and re-setup when my installation get messed up.

Rafiot commented 6 years ago

For pydeep, you will need to install the version from trunk: pip3 install git+https://github.com/kbandla/pydeep.git

The documentation on the website is extremely outdated, sorry for that :/ (see: https://github.com/viper-framework/viper/issues/546) but the documentation in the repo (https://github.com/viper-framework/viper/tree/master/docs) is relatively up-to-date.

If you find issues, we welcome pull requests!

nkl0x55 commented 6 years ago

When running clamav, I'll get the message

Unable to scan file 90cb629b6529ce276ad35a7cda1fe72de1cc13ae85606f67042d1c67a0277a29 with antivirus daemon, 'utf-8' codec can't decode byte 0x90 in position 2: invalid start byte

When running fuzzy. I'll get the message

[!] The command fuzzy raised an exception: Traceback (most recent call last): File "/usr/local/lib/python3.5/dist-packages/viper-1.3.dev0-py3.5.egg/viper/core/ui/console.py", line 319, in start module.run() File "/usr/local/lib/python3.5/dist-packages/viper-1.3.dev0-py3.5.egg/viper/modules/fuzzy.py", line 119, in run score = pydeep.compare(sessions.current.file.ssdeep, sample.ssdeep) TypeError: a bytes-like object is required, not 'str'

I testing out / configuring the rest of the modules meanwhile

Rafiot commented 6 years ago

That's what we get for not having unit tests... Working on it right now.

nkl0x55 commented 6 years ago

Apologies for this but encountering issue with both clamav and fuzzy.

fuzzy image

clamav image

Rafiot commented 6 years ago

This is line 119 in the fuzzy module now: https://github.com/viper-framework/viper/blob/master/viper/modules/fuzzy.py#L119

Can you please git pull the most recent version of viper?

nkl0x55 commented 6 years ago

Hi, had performed a git pull. Followed by sudo make install.

klng5@malyzer:~/viper$ viper-cli
Traceback (most recent call last):
  File "/usr/local/bin/viper-cli", line 4, in <module>
    __import__('pkg_resources').run_script('viper==1.3.dev0', 'viper-cli')
  File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 750, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 1527, in run_script
    exec(code, namespace, namespace)
  File "/usr/local/lib/python3.5/dist-packages/viper-1.3.dev0-py3.5.egg/EGG-INFO/scripts/viper-cli", line 8, in <module>
    from viper.core.ui import console
  File "/usr/local/lib/python3.5/dist-packages/viper-1.3.dev0-py3.5.egg/viper/core/ui/console.py", line 19, in <module>
    from viper.core.plugins import __modules__
  File "/usr/local/lib/python3.5/dist-packages/viper-1.3.dev0-py3.5.egg/viper/core/plugins.py", line 47, in <module>
    __modules__ = load_modules()
  File "/usr/local/lib/python3.5/dist-packages/viper-1.3.dev0-py3.5.egg/viper/core/plugins.py", line 41, in load_modules
    parser_args=get_argparse_parser_actions(member_object().parser),
  File "/usr/local/lib/python3.5/dist-packages/viper-1.3.dev0-py3.5.egg/viper/modules/misp.py", line 176, in __init__
    known_types = temp_me.known_types
AttributeError: 'MISPEvent' object has no attribute 'known_types'
Rafiot commented 6 years ago

Right, can you do that: pip install git+https://github.com/MISP/PyMISP

I did a few changes in PyMISP that aren't in the most recent tagged version.

nkl0x55 commented 6 years ago

Working well now :+1: