Open oasec1 opened 9 years ago
Hey Robert, hopefully I can lend a hand. :)
It looks like you may have ssdeep installed, however you'll need the python implementation of it. Try this here:
https://pypi.python.org/pypi/ssdeep/2.9-0.3
or just "pip install ssdeep" to see if you can get ssdeep to import.
If that doesn't work and you're not able to get ssdeep working, change this line:
tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
to this:
tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each)
This will save sha256 hash as ssdeep, but it should be enough to get it working for you. Let me know how it works, and glad you liked the presentation!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 4:56 PM, oasec1 notifications@github.com wrote:
I got this error while attempting to run the sample;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 27, in import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED ImportError: No module named ssdeep
After commenting that line out in the shredder.py file i got this error;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 204, in parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 167, in parse_the_email tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
NameError: global name 'ssdeep' is not defined
SSDeep is installed see here;
robert@ubuntu:/opt$ sudo apt-get install ssdeep Reading package lists... Done Building dependency tree Reading state information... Done ssdeep is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. robert@ubuntu:/opt$
I loved your presentation,Enjoyed All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise?
Thanks for sharing this concept. Robert
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1.
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep
Downloading/unpacking ssdeep
Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded
Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info
for package ssdeep
Traceback (most recent call last):
File "
File "
File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 notifications@github.com wrote:
Hey Robert, hopefully I can lend a hand. :)
It looks like you may have ssdeep installed, however you'll need the python implementation of it. Try this here:
https://pypi.python.org/pypi/ssdeep/2.9-0.3
or just "pip install ssdeep" to see if you can get ssdeep to import.
If that doesn't work and you're not able to get ssdeep working, change this line:
tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
to this:
tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each)
This will save sha256 hash as ssdeep, but it should be enough to get it working for you. Let me know how it works, and glad you liked the presentation!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 4:56 PM, oasec1 notifications@github.com wrote:
I got this error while attempting to run the sample;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 27, in import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED ImportError: No module named ssdeep
After commenting that line out in the shredder.py file i got this error;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 204, in parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 167, in parse_the_email tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
NameError: global name 'ssdeep' is not defined
SSDeep is installed see here;
robert@ubuntu:/opt$ sudo apt-get install ssdeep Reading package lists... Done Building dependency tree Reading state information... Done ssdeep is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. robert@ubuntu:/opt$
I loved your presentation,Enjoyed All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise?
Thanks for sharing this concept. Robert
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520.
How about sudo pip install ssdeep? On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com wrote:
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 notifications@github.com wrote:
Hey Robert, hopefully I can lend a hand. :)
It looks like you may have ssdeep installed, however you'll need the python implementation of it. Try this here:
https://pypi.python.org/pypi/ssdeep/2.9-0.3
or just "pip install ssdeep" to see if you can get ssdeep to import.
If that doesn't work and you're not able to get ssdeep working, change this line:
tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
to this:
tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each)
This will save sha256 hash as ssdeep, but it should be enough to get it working for you. Let me know how it works, and glad you liked the presentation!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 4:56 PM, oasec1 notifications@github.com wrote:
I got this error while attempting to run the sample;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 27, in import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED ImportError: No module named ssdeep
After commenting that line out in the shredder.py file i got this error;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 204, in parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 167, in parse_the_email tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
NameError: global name 'ssdeep' is not defined
SSDeep is installed see here;
robert@ubuntu:/opt$ sudo apt-get install ssdeep Reading package lists... Done Building dependency tree Reading state information... Done ssdeep is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. robert@ubuntu:/opt$
I loved your presentation,Enjoyed All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise?
Thanks for sharing this concept. Robert
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359.
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep
Downloading/unpacking ssdeep
Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded
Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info
for package ssdeep
Traceback (most recent call last):
File "
File "
File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 notifications@github.com wrote:
How about sudo pip install ssdeep? On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com wrote:
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 notifications@github.com wrote:
Hey Robert, hopefully I can lend a hand. :)
It looks like you may have ssdeep installed, however you'll need the python implementation of it. Try this here:
https://pypi.python.org/pypi/ssdeep/2.9-0.3
or just "pip install ssdeep" to see if you can get ssdeep to import.
If that doesn't work and you're not able to get ssdeep working, change this line:
tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
to this:
tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each)
This will save sha256 hash as ssdeep, but it should be enough to get it working for you. Let me know how it works, and glad you liked the presentation!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 4:56 PM, oasec1 notifications@github.com wrote:
I got this error while attempting to run the sample;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 27, in import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED ImportError: No module named ssdeep
After commenting that line out in the shredder.py file i got this error;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 204, in parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 167, in parse_the_email tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
NameError: global name 'ssdeep' is not defined
SSDeep is installed see here;
robert@ubuntu:/opt$ sudo apt-get install ssdeep Reading package lists... Done Building dependency tree Reading state information... Done ssdeep is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. robert@ubuntu:/opt$
I loved your presentation,Enjoyed All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise?
Thanks for sharing this concept. Robert
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498.
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 notifications@github.com wrote:
How about sudo pip install ssdeep? On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com wrote:
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 notifications@github.com wrote:
Hey Robert, hopefully I can lend a hand. :)
It looks like you may have ssdeep installed, however you'll need the python implementation of it. Try this here:
https://pypi.python.org/pypi/ssdeep/2.9-0.3
or just "pip install ssdeep" to see if you can get ssdeep to import.
If that doesn't work and you're not able to get ssdeep working, change this line:
tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
to this:
tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each)
This will save sha256 hash as ssdeep, but it should be enough to get it working for you. Let me know how it works, and glad you liked the presentation!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 4:56 PM, oasec1 notifications@github.com wrote:
I got this error while attempting to run the sample;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 27, in import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED ImportError: No module named ssdeep
After commenting that line out in the shredder.py file i got this error;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 204, in parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 167, in parse_the_email tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
NameError: global name 'ssdeep' is not defined
SSDeep is installed see here;
robert@ubuntu:/opt$ sudo apt-get install ssdeep Reading package lists... Done Building dependency tree Reading state information... Done ssdeep is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. robert@ubuntu:/opt$
I loved your presentation,Enjoyed All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise?
Thanks for sharing this concept. Robert
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498 .
Blah, ssdeep library always gave me problems too. :)
Try to comment out the ssdeep import and use tSsdeep = hashlib.sha256(each).hexdigest() . that should get ya something working.
Regards, On Nov 11, 2014 8:29 PM, "oasec1" notifications@github.com wrote:
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
- https://pypi.python.org/simple/ssdeep/ Analyzing links from page https://pypi.python.org/simple/ssdeep/ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.5.tar.gz#md5=fd9e5271c01ca389cc621ae306327ab6 ($ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.9-0.1.zip#md5=58ca7f02f75c4ca90001cdb85045f53d $ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.9-0.2.zip#md5=6cf29a15cca50085f9a83ff1128a87f1 $ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.9-0.3.tar.gz#md5=ba7125cd68c4fcc4a69a3811dc8aa7$ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-3.0.tar.gz#md5=cabd8d06fe67f7796df193ef15a68859 ($ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-3.1.tar.gz#md5=645ecb3fecb6c490938ae4b1c5d3e2ea ($ Skipping link http://ssdeep.sourceforge.net/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link http://ssdeep.sourceforge.net/changes.txt (from https://pypi.python.org/simple/ssdeep/); unknown archi$ Skipping link http://www.dinotools.org/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://bitbucket.org/denis/ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://github.com/DinoTools/python-ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Using version 3.1 (newest of versions: 3.1, 3.0, 2.9-0.3, 2.9-0.2, 2.9-0.1, 2.5)
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 notifications@github.com wrote:
How about sudo pip install ssdeep? On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com wrote:
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 notifications@github.com
wrote:
Hey Robert, hopefully I can lend a hand. :)
It looks like you may have ssdeep installed, however you'll need the python implementation of it. Try this here:
https://pypi.python.org/pypi/ssdeep/2.9-0.3
or just "pip install ssdeep" to see if you can get ssdeep to import.
If that doesn't work and you're not able to get ssdeep working, change this line:
tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
to this:
tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each)
This will save sha256 hash as ssdeep, but it should be enough to get it working for you. Let me know how it works, and glad you liked the presentation!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 4:56 PM, oasec1 notifications@github.com wrote:
I got this error while attempting to run the sample;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 27, in import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED ImportError: No module named ssdeep
After commenting that line out in the shredder.py file i got this error;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 204, in parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 167, in parse_the_email tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
NameError: global name 'ssdeep' is not defined
SSDeep is installed see here;
robert@ubuntu:/opt$ sudo apt-get install ssdeep Reading package lists... Done Building dependency tree Reading state information... Done ssdeep is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. robert@ubuntu:/opt$
I loved your presentation,Enjoyed All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise?
Thanks for sharing this concept. Robert
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498> .
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62655428.
ok, making that change let me get a bit further, see below.
robert@ubuntu:/opt/pm_shredder$ sudo cat Message\ Filtered\ (Filter\ \
EISO-20140.msg | ./shredder.py
cat: Message Filtered (Filter EISO-20140.msg: No such file or directory
Traceback (most recent call last):
File "./shredder.py", line 204, in
Any thoughts?
contents of folder
robert@ubuntu:/opt/pm_shredder$ ls clarityData Message Filtered (Filter EISO-201403) (1).msg README.md yara_headers.yar create_db.py Message Filtered (Filter EISO-201403) (2).msg Rules yara_include.yar display_db.py Message Filtered (Filter EISO-201403).msg shredder.py YO this is BAD ! FW- Voice Message.eml makePath.py Message Filtered (Filter EISO-201409).msg shredder.py.org
On Tue, Nov 11, 2014 at 8:48 PM, x41x41x90 notifications@github.com wrote:
Blah, ssdeep library always gave me problems too. :)
Try to comment out the ssdeep import and use tSsdeep = hashlib.sha256(each).hexdigest() . that should get ya something working.
Regards, On Nov 11, 2014 8:29 PM, "oasec1" notifications@github.com wrote:
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
- https://pypi.python.org/simple/ssdeep/ Analyzing links from page https://pypi.python.org/simple/ssdeep/ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.5.tar.gz#md5=fd9e5271c01ca389cc621ae306327ab6 ($ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.9-0.1.zip#md5=58ca7f02f75c4ca90001cdb85045f53d $ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.9-0.2.zip#md5=6cf29a15cca50085f9a83ff1128a87f1 $ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.9-0.3.tar.gz#md5=ba7125cd68c4fcc4a69a3811dc8aa7$ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-3.0.tar.gz#md5=cabd8d06fe67f7796df193ef15a68859 ($ Found link
https://pypi.python.org/packages/source/s/ssdeep/ssdeep-3.1.tar.gz#md5=645ecb3fecb6c490938ae4b1c5d3e2ea ($ Skipping link http://ssdeep.sourceforge.net/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link http://ssdeep.sourceforge.net/changes.txt (from https://pypi.python.org/simple/ssdeep/); unknown archi$ Skipping link http://www.dinotools.org/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://bitbucket.org/denis/ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://github.com/DinoTools/python-ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Using version 3.1 (newest of versions: 3.1, 3.0, 2.9-0.3, 2.9-0.2, 2.9-0.1, 2.5)
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 notifications@github.com wrote:
How about sudo pip install ssdeep? On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com wrote:
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 < notifications@github.com>
wrote:
Hey Robert, hopefully I can lend a hand. :)
It looks like you may have ssdeep installed, however you'll need the python implementation of it. Try this here:
https://pypi.python.org/pypi/ssdeep/2.9-0.3
or just "pip install ssdeep" to see if you can get ssdeep to import.
If that doesn't work and you're not able to get ssdeep working, change this line:
tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
to this:
tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each)
This will save sha256 hash as ssdeep, but it should be enough to get it working for you. Let me know how it works, and glad you liked the presentation!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 4:56 PM, oasec1 notifications@github.com
wrote:
I got this error while attempting to run the sample;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 27, in import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED ImportError: No module named ssdeep
After commenting that line out in the shredder.py file i got this error;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 204, in parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 167, in parse_the_email tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest()
ssdeep.hash(each)
NameError: global name 'ssdeep' is not defined
SSDeep is installed see here;
robert@ubuntu:/opt$ sudo apt-get install ssdeep Reading package lists... Done Building dependency tree Reading state information... Done ssdeep is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. robert@ubuntu:/opt$
I loved your presentation,Enjoyed All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise?
Thanks for sharing this concept. Robert
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498>
.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62655428.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62656962.
Alright...hopefully this will be the last piece. :)
Remove the database (rm clarityData) and ./create_db.py. That will re-initialize a database for you, and hopefully get you working.
You may want to do it like cat email.eml | ./shredder.py debug, as that should let you bypass VirusTotal integration if you didn't put in a key. I usually pass "no no", and that's enough for me.
Let me know if that works for ya!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 11:39 PM, oasec1 notifications@github.com wrote:
ok, making that change let me get a bit further, see below.
robert@ubuntu:/opt/pm_shredder$ sudo cat Message\ Filtered\ (Filter\ \ EISO-20140.msg | ./shredder.py cat: Message Filtered (Filter EISO-20140.msg: No such file or directory Traceback (most recent call last): File "./shredder.py", line 204, in
parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 173, in parse_the_email my_db.execute("INSERT INTO hash_db VALUES (\'" + my_uuid + "\', \'" + tMd5 + "\', \'" + tSha256 + "\', \'" + tSsdeep + "\')") sqlite3.OperationalError: attempt to write a readonly database Any thoughts?
contents of folder
robert@ubuntu:/opt/pm_shredder$ ls clarityData Message Filtered (Filter EISO-201403) (1).msg README.md yara_headers.yar create_db.py Message Filtered (Filter EISO-201403) (2).msg Rules yara_include.yar display_db.py Message Filtered (Filter EISO-201403).msg shredder.py YO this is BAD ! FW- Voice Message.eml makePath.py Message Filtered (Filter EISO-201409).msg shredder.py.org
On Tue, Nov 11, 2014 at 8:48 PM, x41x41x90 notifications@github.com wrote:
Blah, ssdeep library always gave me problems too. :)
Try to comment out the ssdeep import and use tSsdeep = hashlib.sha256(each).hexdigest() . that should get ya something working.
Regards, On Nov 11, 2014 8:29 PM, "oasec1" notifications@github.com wrote:
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
- https://pypi.python.org/simple/ssdeep/ Analyzing links from page https://pypi.python.org/simple/ssdeep/ Found link
($ Found link
$ Found link
$ Found link
Found link
($ Found link
($ Skipping link http://ssdeep.sourceforge.net/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link http://ssdeep.sourceforge.net/changes.txt (from https://pypi.python.org/simple/ssdeep/); unknown archi$ Skipping link http://www.dinotools.org/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://bitbucket.org/denis/ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://github.com/DinoTools/python-ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Using version 3.1 (newest of versions: 3.1, 3.0, 2.9-0.3, 2.9-0.2, 2.9-0.1, 2.5)
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in
ext_package="ssdeep",
File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in init
self.fetch_build_eggs(attrs.pop('setup_requires'))
File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs
parse_requirements(requires), installer=self.fetch_build_egg
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1'))
Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2
On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 notifications@github.com
wrote:
How about sudo pip install ssdeep? On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com wrote:
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in __init__ self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File " ", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in **init** self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) --- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2 On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 < notifications@github.com> wrote: > Hey Robert, hopefully I can lend a hand. :) > > It looks like you may have ssdeep installed, however you'll > need > the > python > implementation of it. Try this here: > > https://pypi.python.org/pypi/ssdeep/2.9-0.3 > > or just "pip install ssdeep" to see if you can get ssdeep to > import. > > If that doesn't work and you're not able to get ssdeep working, > change > this > line: > > tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > #ssdeep.hash(each) > > to this: > > tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each) > > This will save sha256 hash as ssdeep, but it should be enough > to > get > it > working for you. Let me know how it works, and glad you liked > the > presentation! > > Regards, > > --Ronnie > @iHeartMalware > > On Tue, Nov 11, 2014 at 4:56 PM, oasec1 < > notifications@github.com> wrote: > > I got this error while attempting to run the sample; > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ > > !\ > > \ > > \ > > FW-\ > > Voice\ Message.eml | ./shredder.py > > Traceback (most recent call last): > > File "./shredder.py", line 27, in > > import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED > > ImportError: No module named ssdeep > > > > After commenting that line out in the shredder.py file i got > > this > > error; > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ > > !\ > > \ > > \ > > FW-\ > > Voice\ Message.eml | ./shredder.py > > Traceback (most recent call last): > > File "./shredder.py", line 204, in > > parse_the_email(my_email) # Does the magic, calls def > > parse_the_email(email) > > File "./shredder.py", line 167, in parse_the_email > > tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > #ssdeep.hash(each) > > NameError: global name 'ssdeep' is not defined > > > > SSDeep is installed see here; > > > > robert@ubuntu:/opt$ sudo apt-get install ssdeep > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > ssdeep is already the newest version. > > 0 upgraded, 0 newly installed, 0 to remove and 5 not > > upgraded. > > robert@ubuntu:/opt$ > > > > I loved your presentation,Enjoyed All Your Metadatas Are > > Belong > > To > > Me: > > Reverse Engineering Emails on an Enterprise? > > > > Thanks for sharing this concept. > > Robert > > > > — > > Reply to this email directly or view it on GitHub > > https://github.com/x41x41x90/pm_shredder/issues/1. > > — > Reply to this email directly or view it on GitHub > < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498>
.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62655428>.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62656962.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62669303.
OK I was working in Linux yesterday and got that to work now. :) now today I'm in windows and also got that to work. I question would it be hard to add the code to parse multiple messages matching a specific file extension, IE; msg,eml etc?
Thanks for all of your help. :) Robert
On Wed, Nov 12, 2014 at 9:29 AM, x41x41x90 notifications@github.com wrote:
Alright...hopefully this will be the last piece. :)
Remove the database (rm clarityData) and ./create_db.py. That will re-initialize a database for you, and hopefully get you working.
You may want to do it like cat email.eml | ./shredder.py debug, as that should let you bypass VirusTotal integration if you didn't put in a key. I usually pass "no no", and that's enough for me.
Let me know if that works for ya!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 11:39 PM, oasec1 notifications@github.com wrote:
ok, making that change let me get a bit further, see below.
robert@ubuntu:/opt/pm_shredder$ sudo cat Message\ Filtered\ (Filter\ \ EISO-20140.msg | ./shredder.py cat: Message Filtered (Filter EISO-20140.msg: No such file or directory Traceback (most recent call last): File "./shredder.py", line 204, in
parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 173, in parse_the_email my_db.execute("INSERT INTO hash_db VALUES (\'" + my_uuid + "\', \'" + tMd5 + "\', \'" + tSha256 + "\', \'" + tSsdeep + "\')") sqlite3.OperationalError: attempt to write a readonly database Any thoughts?
contents of folder
robert@ubuntu:/opt/pm_shredder$ ls clarityData Message Filtered (Filter EISO-201403) (1).msg README.md yara_headers.yar create_db.py Message Filtered (Filter EISO-201403) (2).msg Rules yara_include.yar display_db.py Message Filtered (Filter EISO-201403).msg shredder.py YO this is BAD ! FW- Voice Message.eml makePath.py Message Filtered (Filter EISO-201409).msg shredder.py.org
On Tue, Nov 11, 2014 at 8:48 PM, x41x41x90 notifications@github.com wrote:
Blah, ssdeep library always gave me problems too. :)
Try to comment out the ssdeep import and use tSsdeep = hashlib.sha256(each).hexdigest() . that should get ya something working.
Regards, On Nov 11, 2014 8:29 PM, "oasec1" notifications@github.com wrote:
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
- https://pypi.python.org/simple/ssdeep/ Analyzing links from page https://pypi.python.org/simple/ssdeep/ Found link
($ Found link
$ Found link
$ Found link
Found link
($ Found link
($ Skipping link http://ssdeep.sourceforge.net/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link http://ssdeep.sourceforge.net/changes.txt (from https://pypi.python.org/simple/ssdeep/); unknown archi$ Skipping link http://www.dinotools.org/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://bitbucket.org/denis/ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://github.com/DinoTools/python-ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Using version 3.1 (newest of versions: 3.1, 3.0, 2.9-0.3, 2.9-0.2, 2.9-0.1, 2.5)
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in __init__ self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File " ", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in **init** self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) --- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2 On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 < notifications@github.com> wrote: > How about sudo pip install ssdeep? > On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com > wrote: > > > Changing the file was unsuccessful. The new pip install also > > threw > > errors. > > > > robert@ubuntu:/opt$ pip install ssdeep > > Downloading/unpacking ssdeep > > Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded > > Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) > > egg_info > > for package ssdeep > > Traceback (most recent call last): > > File " ", line 17, in > > File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in > > > > ext_package="ssdeep", > > File "/usr/lib/python2.7/distutils/core.py", line 112, in setup > > _setup_distribution = dist = klass(attrs) > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 221, > > in __init__ > > self.fetch_build_eggs(attrs.pop('setup_requires')) > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 245, > > in fetch_build_eggs > > parse_requirements(requires), installer=self.fetch_build_egg > > File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line > > 598, > > in resolve > > raise VersionConflict(dist,req) # XXX put more info here > > pkg_resources.VersionConflict: (six 1.3.0 > > (/usr/lib/python2.7/dist-packages), > > Requirement.parse('six>=1.4.1')) > > Complete output from command python setup.py egg_info: > > Traceback (most recent call last): > > > > File " ", line 17, in > > > > File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in > > > > > > ext_package="ssdeep", > > > > File "/usr/lib/python2.7/distutils/core.py", line 112, in setup > > > > _setup_distribution = dist = klass(attrs) > > > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 221, > > in > > **init** > > > > self.fetch_build_eggs(attrs.pop('setup_requires')) > > > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 245, > > in > > fetch_build_eggs > > > > parse_requirements(requires), installer=self.fetch_build_egg > > > > File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line > > 598, > > in > > resolve > > > > raise VersionConflict(dist,req) # XXX put more info here > > > > pkg_resources.VersionConflict: (six 1.3.0 > > (/usr/lib/python2.7/dist-packages), > > Requirement.parse('six>=1.4.1')) > > > > --- > > > > Cleaning up... > > Command python setup.py egg_info failed with error code 1 in > > /tmp/pip_build_robert/ssdeep > > Storing debug log for failure in /tmp/tmpt2KBX2 > > > > On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 < > > notifications@github.com> > > > > wrote: > > > > > Hey Robert, hopefully I can lend a hand. :) > > > > > > It looks like you may have ssdeep installed, however you'll > > > need > > > the > > > python > > > implementation of it. Try this here: > > > > > > https://pypi.python.org/pypi/ssdeep/2.9-0.3 > > > > > > or just "pip install ssdeep" to see if you can get ssdeep to > > > import. > > > > > > If that doesn't work and you're not able to get ssdeep > > > working, > > > change > > > this > > > line: > > > > > > tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > > #ssdeep.hash(each) > > > > > > to this: > > > > > > tSsdeep = hashlib.sha256(each).hexdigest() #ssdeep.hash(each) > > > > > > This will save sha256 hash as ssdeep, but it should be enough > > > to > > > get > > > it > > > working for you. Let me know how it works, and glad you liked > > > the > > > presentation! > > > > > > Regards, > > > > > > --Ronnie > > > @iHeartMalware > > > > > > On Tue, Nov 11, 2014 at 4:56 PM, oasec1 < > > > notifications@github.com> > > > > wrote: > > > > > > I got this error while attempting to run the sample; > > > > > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ > > > > BAD\ > > > > !\ > > > > \ > > > > \ > > > > FW-\ > > > > Voice\ Message.eml | ./shredder.py > > > > Traceback (most recent call last): > > > > File "./shredder.py", line 27, in > > > > import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED > > > > ImportError: No module named ssdeep > > > > > > > > After commenting that line out in the shredder.py file i > > > > got > > > > this > > > > error; > > > > > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ > > > > BAD\ > > > > !\ > > > > \ > > > > \ > > > > FW-\ > > > > Voice\ Message.eml | ./shredder.py > > > > Traceback (most recent call last): > > > > File "./shredder.py", line 204, in > > > > parse_the_email(my_email) # Does the magic, calls def > > > > parse_the_email(email) > > > > File "./shredder.py", line 167, in parse_the_email > > > > tSsdeep = > > > > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > > > #ssdeep.hash(each) > > > > NameError: global name 'ssdeep' is not defined > > > > > > > > SSDeep is installed see here; > > > > > > > > robert@ubuntu:/opt$ sudo apt-get install ssdeep > > > > Reading package lists... Done > > > > Building dependency tree > > > > Reading state information... Done > > > > ssdeep is already the newest version. > > > > 0 upgraded, 0 newly installed, 0 to remove and 5 not > > > > upgraded. > > > > robert@ubuntu:/opt$ > > > > > > > > I loved your presentation,Enjoyed All Your Metadatas Are > > > > Belong > > > > To > > > > Me: > > > > Reverse Engineering Emails on an Enterprise? > > > > > > > > Thanks for sharing this concept. > > > > Robert > > > > > > > > — > > > > Reply to this email directly or view it on GitHub > > > > https://github.com/x41x41x90/pm_shredder/issues/1. > > > > > > — > > > Reply to this email directly or view it on GitHub > > > < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498>
.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62655428>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62656962>.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62669303.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62725253.
Parsing .msg files gets messy, so that's why I have just the .eml files. This was meant to be able to pull things off the wire, so that's why I stuck with .eml files. :)
Regards,
--Ronnie @iHeartMalware
On Wed, Nov 12, 2014 at 10:44 AM, oasec1 notifications@github.com wrote:
OK I was working in Linux yesterday and got that to work now. :) now today I'm in windows and also got that to work. I question would it be hard to add the code to parse multiple messages matching a specific file extension, IE; msg,eml etc?
Thanks for all of your help. :) Robert
On Wed, Nov 12, 2014 at 9:29 AM, x41x41x90 notifications@github.com wrote:
Alright...hopefully this will be the last piece. :)
Remove the database (rm clarityData) and ./create_db.py. That will re-initialize a database for you, and hopefully get you working.
You may want to do it like cat email.eml | ./shredder.py debug, as that should let you bypass VirusTotal integration if you didn't put in a key. I usually pass "no no", and that's enough for me.
Let me know if that works for ya!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 11:39 PM, oasec1 notifications@github.com wrote:
ok, making that change let me get a bit further, see below.
robert@ubuntu:/opt/pm_shredder$ sudo cat Message\ Filtered\ (Filter\ \ EISO-20140.msg | ./shredder.py cat: Message Filtered (Filter EISO-20140.msg: No such file or directory Traceback (most recent call last): File "./shredder.py", line 204, in
parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 173, in parse_the_email my_db.execute("INSERT INTO hash_db VALUES (\'" + my_uuid + "\', \'" + tMd5 + "\', \'" + tSha256 + "\', \'" + tSsdeep + "\')") sqlite3.OperationalError: attempt to write a readonly database Any thoughts?
contents of folder
robert@ubuntu:/opt/pm_shredder$ ls clarityData Message Filtered (Filter EISO-201403) (1).msg README.md yara_headers.yar create_db.py Message Filtered (Filter EISO-201403) (2).msg Rules yara_include.yar display_db.py Message Filtered (Filter EISO-201403).msg shredder.py YO this is BAD ! FW- Voice Message.eml makePath.py Message Filtered (Filter EISO-201409).msg shredder.py.org
On Tue, Nov 11, 2014 at 8:48 PM, x41x41x90 notifications@github.com wrote:
Blah, ssdeep library always gave me problems too. :)
Try to comment out the ssdeep import and use tSsdeep = hashlib.sha256(each).hexdigest() . that should get ya something working.
Regards, On Nov 11, 2014 8:29 PM, "oasec1" notifications@github.com wrote:
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
- https://pypi.python.org/simple/ssdeep/ Analyzing links from page https://pypi.python.org/simple/ssdeep/ Found link
($ Found link
$ Found link
$ Found link
Found link
($ Found link
($ Skipping link http://ssdeep.sourceforge.net/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link http://ssdeep.sourceforge.net/changes.txt (from https://pypi.python.org/simple/ssdeep/); unknown archi$ Skipping link http://www.dinotools.org/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://bitbucket.org/denis/ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://github.com/DinoTools/python-ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Using version 3.1 (newest of versions: 3.1, 3.0, 2.9-0.3, 2.9-0.2, 2.9-0.1, 2.5)
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in __init__ self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File " ", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in **init** self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) --- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2 On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 < notifications@github.com> wrote: > How about sudo pip install ssdeep? > On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com > wrote: > > > Changing the file was unsuccessful. The new pip install also > > threw > > errors. > > > > robert@ubuntu:/opt$ pip install ssdeep > > Downloading/unpacking ssdeep > > Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded > > Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) > > egg_info > > for package ssdeep > > Traceback (most recent call last): > > File " ", line 17, in > > File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in > > > > ext_package="ssdeep", > > File "/usr/lib/python2.7/distutils/core.py", line 112, in > > setup > > _setup_distribution = dist = klass(attrs) > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 221, > > in __init__ > > self.fetch_build_eggs(attrs.pop('setup_requires')) > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 245, > > in fetch_build_eggs > > parse_requirements(requires), installer=self.fetch_build_egg > > File "/usr/lib/python2.7/dist-packages/pkg_resources.py", > > line > > 598, > > in resolve > > raise VersionConflict(dist,req) # XXX put more info here > > pkg_resources.VersionConflict: (six 1.3.0 > > (/usr/lib/python2.7/dist-packages), > > Requirement.parse('six>=1.4.1')) > > Complete output from command python setup.py egg_info: > > Traceback (most recent call last): > > > > File " ", line 17, in > > > > File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in > > > > > > ext_package="ssdeep", > > > > File "/usr/lib/python2.7/distutils/core.py", line 112, in > > setup > > > > _setup_distribution = dist = klass(attrs) > > > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 221, > > in > > **init** > > > > self.fetch_build_eggs(attrs.pop('setup_requires')) > > > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 245, > > in > > fetch_build_eggs > > > > parse_requirements(requires), installer=self.fetch_build_egg > > > > File "/usr/lib/python2.7/dist-packages/pkg_resources.py", > > line > > 598, > > in > > resolve > > > > raise VersionConflict(dist,req) # XXX put more info here > > > > pkg_resources.VersionConflict: (six 1.3.0 > > (/usr/lib/python2.7/dist-packages), > > Requirement.parse('six>=1.4.1')) > > > > --- > > > > Cleaning up... > > Command python setup.py egg_info failed with error code 1 in > > /tmp/pip_build_robert/ssdeep > > Storing debug log for failure in /tmp/tmpt2KBX2 > > > > On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 < > > notifications@github.com> > > > > wrote: > > > > > Hey Robert, hopefully I can lend a hand. :) > > > > > > It looks like you may have ssdeep installed, however you'll > > > need > > > the > > > python > > > implementation of it. Try this here: > > > > > > https://pypi.python.org/pypi/ssdeep/2.9-0.3 > > > > > > or just "pip install ssdeep" to see if you can get ssdeep > > > to > > > import. > > > > > > If that doesn't work and you're not able to get ssdeep > > > working, > > > change > > > this > > > line: > > > > > > tSsdeep = > > > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > > #ssdeep.hash(each) > > > > > > to this: > > > > > > tSsdeep = hashlib.sha256(each).hexdigest() > > > #ssdeep.hash(each) > > > > > > This will save sha256 hash as ssdeep, but it should be > > > enough > > > to > > > get > > > it > > > working for you. Let me know how it works, and glad you > > > liked > > > the > > > presentation! > > > > > > Regards, > > > > > > --Ronnie > > > @iHeartMalware > > > > > > On Tue, Nov 11, 2014 at 4:56 PM, oasec1 < > > > notifications@github.com> > > > > wrote: > > > > > > I got this error while attempting to run the sample; > > > > > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ > > > > BAD\ > > > > !\ > > > > \ > > > > \ > > > > FW-\ > > > > Voice\ Message.eml | ./shredder.py > > > > Traceback (most recent call last): > > > > File "./shredder.py", line 27, in > > > > import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED > > > > ImportError: No module named ssdeep > > > > > > > > After commenting that line out in the shredder.py file i > > > > got > > > > this > > > > error; > > > > > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ > > > > BAD\ > > > > !\ > > > > \ > > > > \ > > > > FW-\ > > > > Voice\ Message.eml | ./shredder.py > > > > Traceback (most recent call last): > > > > File "./shredder.py", line 204, in > > > > parse_the_email(my_email) # Does the magic, calls def > > > > parse_the_email(email) > > > > File "./shredder.py", line 167, in parse_the_email > > > > tSsdeep = > > > > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > > > #ssdeep.hash(each) > > > > NameError: global name 'ssdeep' is not defined > > > > > > > > SSDeep is installed see here; > > > > > > > > robert@ubuntu:/opt$ sudo apt-get install ssdeep > > > > Reading package lists... Done > > > > Building dependency tree > > > > Reading state information... Done > > > > ssdeep is already the newest version. > > > > 0 upgraded, 0 newly installed, 0 to remove and 5 not > > > > upgraded. > > > > robert@ubuntu:/opt$ > > > > > > > > I loved your presentation,Enjoyed All Your Metadatas Are > > > > Belong > > > > To > > > > Me: > > > > Reverse Engineering Emails on an Enterprise? > > > > > > > > Thanks for sharing this concept. > > > > Robert > > > > > > > > — > > > > Reply to this email directly or view it on GitHub > > > > https://github.com/x41x41x90/pm_shredder/issues/1. > > > > > > — > > > Reply to this email directly or view it on GitHub > > > < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498>
.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62655428>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62656962>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62669303>.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62725253.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62738433.
can it process multiple .eml messages with one command line?
On Wed, Nov 12, 2014 at 11:03 AM, x41x41x90 notifications@github.com wrote:
Parsing .msg files gets messy, so that's why I have just the .eml files. This was meant to be able to pull things off the wire, so that's why I stuck with .eml files. :)
Regards,
--Ronnie @iHeartMalware
On Wed, Nov 12, 2014 at 10:44 AM, oasec1 notifications@github.com wrote:
OK I was working in Linux yesterday and got that to work now. :) now today I'm in windows and also got that to work. I question would it be hard to add the code to parse multiple messages matching a specific file extension, IE; msg,eml etc?
Thanks for all of your help. :) Robert
On Wed, Nov 12, 2014 at 9:29 AM, x41x41x90 notifications@github.com wrote:
Alright...hopefully this will be the last piece. :)
Remove the database (rm clarityData) and ./create_db.py. That will re-initialize a database for you, and hopefully get you working.
You may want to do it like cat email.eml | ./shredder.py debug, as that should let you bypass VirusTotal integration if you didn't put in a key. I usually pass "no no", and that's enough for me.
Let me know if that works for ya!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 11:39 PM, oasec1 notifications@github.com wrote:
ok, making that change let me get a bit further, see below.
robert@ubuntu:/opt/pm_shredder$ sudo cat Message\ Filtered\ (Filter\ \ EISO-20140.msg | ./shredder.py cat: Message Filtered (Filter EISO-20140.msg: No such file or directory Traceback (most recent call last): File "./shredder.py", line 204, in
parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 173, in parse_the_email my_db.execute("INSERT INTO hash_db VALUES (\'" + my_uuid + "\', \'" + tMd5 + "\', \'" + tSha256 + "\', \'" + tSsdeep + "\')") sqlite3.OperationalError: attempt to write a readonly database Any thoughts?
contents of folder
robert@ubuntu:/opt/pm_shredder$ ls clarityData Message Filtered (Filter EISO-201403) (1).msg README.md yara_headers.yar create_db.py Message Filtered (Filter EISO-201403) (2).msg Rules yara_include.yar display_db.py Message Filtered (Filter EISO-201403).msg shredder.py YO this is BAD ! FW- Voice Message.eml makePath.py Message Filtered (Filter EISO-201409).msg shredder.py.org
On Tue, Nov 11, 2014 at 8:48 PM, x41x41x90 notifications@github.com
wrote:
Blah, ssdeep library always gave me problems too. :)
Try to comment out the ssdeep import and use tSsdeep = hashlib.sha256(each).hexdigest() . that should get ya something working.
Regards, On Nov 11, 2014 8:29 PM, "oasec1" notifications@github.com wrote:
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
- https://pypi.python.org/simple/ssdeep/ Analyzing links from page https://pypi.python.org/simple/ssdeep/ Found link
($ Found link
$ Found link
$ Found link
Found link
($ Found link
($ Skipping link http://ssdeep.sourceforge.net/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link http://ssdeep.sourceforge.net/changes.txt (from https://pypi.python.org/simple/ssdeep/); unknown archi$ Skipping link http://www.dinotools.org/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://bitbucket.org/denis/ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://github.com/DinoTools/python-ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Using version 3.1 (newest of versions: 3.1, 3.0, 2.9-0.3, 2.9-0.2, 2.9-0.1, 2.5)
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in __init__ self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File " ", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in **init** self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) --- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2 On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 < notifications@github.com> wrote: > How about sudo pip install ssdeep? > On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com > wrote: > > > Changing the file was unsuccessful. The new pip install > > also > > threw > > errors. > > > > robert@ubuntu:/opt$ pip install ssdeep > > Downloading/unpacking ssdeep > > Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded > > Running setup.py > > (path:/tmp/pip_build_robert/ssdeep/setup.py) > > egg_info > > for package ssdeep > > Traceback (most recent call last): > > File " ", line 17, in > > File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in > > > > ext_package="ssdeep", > > File "/usr/lib/python2.7/distutils/core.py", line 112, in > > setup > > _setup_distribution = dist = klass(attrs) > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 221, > > in __init__ > > self.fetch_build_eggs(attrs.pop('setup_requires')) > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 245, > > in fetch_build_eggs > > parse_requirements(requires), > > installer=self.fetch_build_egg > > File "/usr/lib/python2.7/dist-packages/pkg_resources.py", > > line > > 598, > > in resolve > > raise VersionConflict(dist,req) # XXX put more info here > > pkg_resources.VersionConflict: (six 1.3.0 > > (/usr/lib/python2.7/dist-packages), > > Requirement.parse('six>=1.4.1')) > > Complete output from command python setup.py egg_info: > > Traceback (most recent call last): > > > > File " ", line 17, in > > > > File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in > > > > > > ext_package="ssdeep", > > > > File "/usr/lib/python2.7/distutils/core.py", line 112, in > > setup > > > > _setup_distribution = dist = klass(attrs) > > > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 221, > > in > > **init** > > > > self.fetch_build_eggs(attrs.pop('setup_requires')) > > > > File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", > > line > > 245, > > in > > fetch_build_eggs > > > > parse_requirements(requires), > > installer=self.fetch_build_egg > > > > File "/usr/lib/python2.7/dist-packages/pkg_resources.py", > > line > > 598, > > in > > resolve > > > > raise VersionConflict(dist,req) # XXX put more info here > > > > pkg_resources.VersionConflict: (six 1.3.0 > > (/usr/lib/python2.7/dist-packages), > > Requirement.parse('six>=1.4.1')) > > > > --- > > > > Cleaning up... > > Command python setup.py egg_info failed with error code 1 > > in > > /tmp/pip_build_robert/ssdeep > > Storing debug log for failure in /tmp/tmpt2KBX2 > > > > On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 < > > notifications@github.com> > > > > wrote: > > > > > Hey Robert, hopefully I can lend a hand. :) > > > > > > It looks like you may have ssdeep installed, however > > > you'll > > > need > > > the > > > python > > > implementation of it. Try this here: > > > > > > https://pypi.python.org/pypi/ssdeep/2.9-0.3 > > > > > > or just "pip install ssdeep" to see if you can get ssdeep > > > to > > > import. > > > > > > If that doesn't work and you're not able to get ssdeep > > > working, > > > change > > > this > > > line: > > > > > > tSsdeep = > > > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > > #ssdeep.hash(each) > > > > > > to this: > > > > > > tSsdeep = hashlib.sha256(each).hexdigest() > > > #ssdeep.hash(each) > > > > > > This will save sha256 hash as ssdeep, but it should be > > > enough > > > to > > > get > > > it > > > working for you. Let me know how it works, and glad you > > > liked > > > the > > > presentation! > > > > > > Regards, > > > > > > --Ronnie > > > @iHeartMalware > > > > > > On Tue, Nov 11, 2014 at 4:56 PM, oasec1 < > > > notifications@github.com> > > > > wrote: > > > > > > I got this error while attempting to run the sample; > > > > > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ > > > > BAD\ > > > > !\ > > > > \ > > > > \ > > > > FW-\ > > > > Voice\ Message.eml | ./shredder.py > > > > Traceback (most recent call last): > > > > File "./shredder.py", line 27, in > > > > import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED > > > > ImportError: No module named ssdeep > > > > > > > > After commenting that line out in the shredder.py file > > > > i > > > > got > > > > this > > > > error; > > > > > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ > > > > BAD\ > > > > !\ > > > > \ > > > > \ > > > > FW-\ > > > > Voice\ Message.eml | ./shredder.py > > > > Traceback (most recent call last): > > > > File "./shredder.py", line 204, in > > > > parse_the_email(my_email) # Does the magic, calls def > > > > parse_the_email(email) > > > > File "./shredder.py", line 167, in parse_the_email > > > > tSsdeep = > > > > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > > > #ssdeep.hash(each) > > > > NameError: global name 'ssdeep' is not defined > > > > > > > > SSDeep is installed see here; > > > > > > > > robert@ubuntu:/opt$ sudo apt-get install ssdeep > > > > Reading package lists... Done > > > > Building dependency tree > > > > Reading state information... Done > > > > ssdeep is already the newest version. > > > > 0 upgraded, 0 newly installed, 0 to remove and 5 not > > > > upgraded. > > > > robert@ubuntu:/opt$ > > > > > > > > I loved your presentation,Enjoyed All Your Metadatas > > > > Are > > > > Belong > > > > To > > > > Me: > > > > Reverse Engineering Emails on an Enterprise? > > > > > > > > Thanks for sharing this concept. > > > > Robert > > > > > > > > — > > > > Reply to this email directly or view it on GitHub > > > > https://github.com/x41x41x90/pm_shredder/issues/1. > > > > > > — > > > Reply to this email directly or view it on GitHub > > > < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498>
.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62655428>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62656962>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62669303>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62725253>.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62738433.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62742014.
You'll just need a dispatcher to have it suck in the files. This is by design, as it's meant to be run with postfix for threading.
--Ronnie @iHeartMalware
On Wed, Nov 12, 2014 at 11:35 AM, oasec1 notifications@github.com wrote:
can it process multiple .eml messages with one command line?
On Wed, Nov 12, 2014 at 11:03 AM, x41x41x90 notifications@github.com wrote:
Parsing .msg files gets messy, so that's why I have just the .eml files. This was meant to be able to pull things off the wire, so that's why I stuck with .eml files. :)
Regards,
--Ronnie @iHeartMalware
On Wed, Nov 12, 2014 at 10:44 AM, oasec1 notifications@github.com wrote:
OK I was working in Linux yesterday and got that to work now. :) now today I'm in windows and also got that to work. I question would it be hard to add the code to parse multiple messages matching a specific file extension, IE; msg,eml etc?
Thanks for all of your help. :) Robert
On Wed, Nov 12, 2014 at 9:29 AM, x41x41x90 notifications@github.com wrote:
Alright...hopefully this will be the last piece. :)
Remove the database (rm clarityData) and ./create_db.py. That will re-initialize a database for you, and hopefully get you working.
You may want to do it like cat email.eml | ./shredder.py debug, as that should let you bypass VirusTotal integration if you didn't put in a key. I usually pass "no no", and that's enough for me.
Let me know if that works for ya!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 11:39 PM, oasec1 notifications@github.com wrote:
ok, making that change let me get a bit further, see below.
robert@ubuntu:/opt/pm_shredder$ sudo cat Message\ Filtered\ (Filter\ \ EISO-20140.msg | ./shredder.py cat: Message Filtered (Filter EISO-20140.msg: No such file or directory Traceback (most recent call last): File "./shredder.py", line 204, in
parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 173, in parse_the_email my_db.execute("INSERT INTO hash_db VALUES (\'" + my_uuid + "\', \'" + tMd5 + "\', \'" + tSha256 + "\', \'" + tSsdeep + "\')") sqlite3.OperationalError: attempt to write a readonly database Any thoughts?
contents of folder
robert@ubuntu:/opt/pm_shredder$ ls clarityData Message Filtered (Filter EISO-201403) (1).msg README.md yara_headers.yar create_db.py Message Filtered (Filter EISO-201403) (2).msg Rules yara_include.yar display_db.py Message Filtered (Filter EISO-201403).msg shredder.py YO this is BAD ! FW- Voice Message.eml makePath.py Message Filtered (Filter EISO-201409).msg shredder.py.org
On Tue, Nov 11, 2014 at 8:48 PM, x41x41x90 < notifications@github.com>
wrote:
Blah, ssdeep library always gave me problems too. :)
Try to comment out the ssdeep import and use tSsdeep = hashlib.sha256(each).hexdigest() . that should get ya something working.
Regards, On Nov 11, 2014 8:29 PM, "oasec1" notifications@github.com wrote:
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
- https://pypi.python.org/simple/ssdeep/ Analyzing links from page https://pypi.python.org/simple/ssdeep/ Found link
($ Found link
$ Found link
$ Found link
Found link
($ Found link
($ Skipping link http://ssdeep.sourceforge.net/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link http://ssdeep.sourceforge.net/changes.txt (from https://pypi.python.org/simple/ssdeep/); unknown archi$ Skipping link http://www.dinotools.org/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://bitbucket.org/denis/ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://github.com/DinoTools/python-ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Using version 3.1 (newest of versions: 3.1, 3.0, 2.9-0.3, 2.9-0.2, 2.9-0.1, 2.5)
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in __init__ self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File " ", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in **init** self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) --- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2 On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 < notifications@github.com> wrote: > How about sudo pip install ssdeep? > On Nov 11, 2014 8:16 PM, "oasec1" notifications@github.com wrote:
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in __init__ self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File " ", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in **init** self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) --- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2 On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 < notifications@github.com> wrote: > Hey Robert, hopefully I can lend a hand. :) > > It looks like you may have ssdeep installed, however > you'll > need > the > python > implementation of it. Try this here: > > https://pypi.python.org/pypi/ssdeep/2.9-0.3 > > or just "pip install ssdeep" to see if you can get > ssdeep > to > import. > > If that doesn't work and you're not able to get ssdeep > working, > change > this > line: > > tSsdeep = > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > #ssdeep.hash(each) > > to this: > > tSsdeep = hashlib.sha256(each).hexdigest() > #ssdeep.hash(each) > > This will save sha256 hash as ssdeep, but it should be > enough > to > get > it > working for you. Let me know how it works, and glad you > liked > the > presentation! > > Regards, > > --Ronnie > @iHeartMalware > > On Tue, Nov 11, 2014 at 4:56 PM, oasec1 < > notifications@github.com> wrote: > > I got this error while attempting to run the sample; > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ > > is\ > > BAD\ > > !\ > > \ > > \ > > FW-\ > > Voice\ Message.eml | ./shredder.py > > Traceback (most recent call last): > > File "./shredder.py", line 27, in > > import ssdeep # for fuzzy hashes // TEMPORARILY > > REMOVED > > ImportError: No module named ssdeep > > > > After commenting that line out in the shredder.py > > file > > i > > got > > this > > error; > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ > > is\ > > BAD\ > > !\ > > \ > > \ > > FW-\ > > Voice\ Message.eml | ./shredder.py > > Traceback (most recent call last): > > File "./shredder.py", line 204, in > > parse_the_email(my_email) # Does the magic, calls def > > parse_the_email(email) > > File "./shredder.py", line 167, in parse_the_email > > tSsdeep = > > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > #ssdeep.hash(each) > > NameError: global name 'ssdeep' is not defined > > > > SSDeep is installed see here; > > > > robert@ubuntu:/opt$ sudo apt-get install ssdeep > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > ssdeep is already the newest version. > > 0 upgraded, 0 newly installed, 0 to remove and 5 not > > upgraded. > > robert@ubuntu:/opt$ > > > > I loved your presentation,Enjoyed All Your Metadatas > > Are > > Belong > > To > > Me: > > Reverse Engineering Emails on an Enterprise? > > > > Thanks for sharing this concept. > > Robert > > > > — > > Reply to this email directly or view it on GitHub > > https://github.com/x41x41x90/pm_shredder/issues/1. > > — > Reply to this email directly or view it on GitHub > < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498>
.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62655428>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62656962>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62669303>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62725253>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62738433>.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62742014.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62747881.
OK, I was able to kludge up a working script file. Now for a few other questions. Your read me mentions tying it into a SEIM, we have a SEIM and SPLUNK, my preference is to tie it into that. Do you have more information regarding making the connection, or how to do that?. I have to tell you this is a great approach to this.
On Wed, Nov 12, 2014 at 1:03 PM, x41x41x90 notifications@github.com wrote:
You'll just need a dispatcher to have it suck in the files. This is by design, as it's meant to be run with postfix for threading.
--Ronnie @iHeartMalware
On Wed, Nov 12, 2014 at 11:35 AM, oasec1 notifications@github.com wrote:
can it process multiple .eml messages with one command line?
On Wed, Nov 12, 2014 at 11:03 AM, x41x41x90 notifications@github.com wrote:
Parsing .msg files gets messy, so that's why I have just the .eml files. This was meant to be able to pull things off the wire, so that's why I stuck with .eml files. :)
Regards,
--Ronnie @iHeartMalware
On Wed, Nov 12, 2014 at 10:44 AM, oasec1 notifications@github.com wrote:
OK I was working in Linux yesterday and got that to work now. :) now today I'm in windows and also got that to work. I question would it be hard to add the code to parse multiple messages matching a specific file extension, IE; msg,eml etc?
Thanks for all of your help. :) Robert
On Wed, Nov 12, 2014 at 9:29 AM, x41x41x90 notifications@github.com
wrote:
Alright...hopefully this will be the last piece. :)
Remove the database (rm clarityData) and ./create_db.py. That will re-initialize a database for you, and hopefully get you working.
You may want to do it like cat email.eml | ./shredder.py debug, as that should let you bypass VirusTotal integration if you didn't put in a key. I usually pass "no no", and that's enough for me.
Let me know if that works for ya!
Regards,
--Ronnie @iHeartMalware
On Tue, Nov 11, 2014 at 11:39 PM, oasec1 notifications@github.com
wrote:
ok, making that change let me get a bit further, see below.
robert@ubuntu:/opt/pm_shredder$ sudo cat Message\ Filtered\ (Filter\ \ EISO-20140.msg | ./shredder.py cat: Message Filtered (Filter EISO-20140.msg: No such file or directory Traceback (most recent call last): File "./shredder.py", line 204, in
parse_the_email(my_email) # Does the magic, calls def parse_the_email(email) File "./shredder.py", line 173, in parse_the_email my_db.execute("INSERT INTO hash_db VALUES (\'" + my_uuid + "\', \'" + tMd5 + "\', \'" + tSha256 + "\', \'" + tSsdeep + "\')") sqlite3.OperationalError: attempt to write a readonly database Any thoughts?
contents of folder
robert@ubuntu:/opt/pm_shredder$ ls clarityData Message Filtered (Filter EISO-201403) (1).msg README.md yara_headers.yar create_db.py Message Filtered (Filter EISO-201403) (2).msg Rules yara_include.yar display_db.py Message Filtered (Filter EISO-201403).msg shredder.py YO this is BAD ! FW- Voice Message.eml makePath.py Message Filtered (Filter EISO-201409).msg shredder.py.org
On Tue, Nov 11, 2014 at 8:48 PM, x41x41x90 < notifications@github.com>
wrote:
Blah, ssdeep library always gave me problems too. :)
Try to comment out the ssdeep import and use tSsdeep = hashlib.sha256(each).hexdigest() . that should get ya something working.
Regards, On Nov 11, 2014 8:29 PM, "oasec1" notifications@github.com wrote:
here is the output log file
Downloading/unpacking ssdeep Getting page https://pypi.python.org/simple/ssdeep/ URLs to search for versions for ssdeep:
- https://pypi.python.org/simple/ssdeep/ Analyzing links from page https://pypi.python.org/simple/ssdeep/ Found link
($ Found link
$ Found link
$ Found link
Found link
($ Found link
($ Skipping link http://ssdeep.sourceforge.net/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link http://ssdeep.sourceforge.net/changes.txt (from https://pypi.python.org/simple/ssdeep/); unknown archi$ Skipping link http://www.dinotools.org/ (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://bitbucket.org/denis/ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Skipping link https://github.com/DinoTools/python-ssdeep (from https://pypi.python.org/simple/ssdeep/); not a file Using version 3.1 (newest of versions: 3.1, 3.0, 2.9-0.3, 2.9-0.2, 2.9-0.1, 2.5)
Doesn't show any errors here... Ugh
On Tue, Nov 11, 2014 at 8:27 PM, Rob Ayers oasec1@gmail.com
wrote:
that caused these errors
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in __init__ self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File " ", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in **init** self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) --- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2 On Tue, Nov 11, 2014 at 8:17 PM, x41x41x90 < notifications@github.com> wrote: > How about sudo pip install ssdeep? > On Nov 11, 2014 8:16 PM, "oasec1" < > notifications@github.com> wrote:
Changing the file was unsuccessful. The new pip install also threw errors.
robert@ubuntu:/opt$ pip install ssdeep Downloading/unpacking ssdeep Downloading ssdeep-3.1.tar.gz (386kB): 386kB downloaded Running setup.py (path:/tmp/pip_build_robert/ssdeep/setup.py) egg_info for package ssdeep Traceback (most recent call last): File "
", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in __init__ self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) Complete output from command python setup.py egg_info: Traceback (most recent call last): File " ", line 17, in File "/tmp/pip_build_robert/ssdeep/setup.py", line 128, in ext_package="ssdeep", File "/usr/lib/python2.7/distutils/core.py", line 112, in setup _setup_distribution = dist = klass(attrs) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 221, in **init** self.fetch_build_eggs(attrs.pop('setup_requires')) File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 245, in fetch_build_eggs parse_requirements(requires), installer=self.fetch_build_egg File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 598, in resolve raise VersionConflict(dist,req) # XXX put more info here pkg_resources.VersionConflict: (six 1.3.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.4.1')) --- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_robert/ssdeep Storing debug log for failure in /tmp/tmpt2KBX2 On Tue, Nov 11, 2014 at 7:55 PM, x41x41x90 < notifications@github.com> wrote: > Hey Robert, hopefully I can lend a hand. :) > > It looks like you may have ssdeep installed, however > you'll > need > the > python > implementation of it. Try this here: > > https://pypi.python.org/pypi/ssdeep/2.9-0.3 > > or just "pip install ssdeep" to see if you can get > ssdeep > to > import. > > If that doesn't work and you're not able to get > ssdeep > working, > change > this > line: > > tSsdeep = > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > #ssdeep.hash(each) > > to this: > > tSsdeep = hashlib.sha256(each).hexdigest() > #ssdeep.hash(each) > > This will save sha256 hash as ssdeep, but it should > be > enough > to > get > it > working for you. Let me know how it works, and glad > you > liked > the > presentation! > > Regards, > > --Ronnie > @iHeartMalware > > On Tue, Nov 11, 2014 at 4:56 PM, oasec1 < > notifications@github.com> wrote: > > I got this error while attempting to run the > > sample; > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ > > is\ > > BAD\ > > !\ > > \ > > \ > > FW-\ > > Voice\ Message.eml | ./shredder.py > > Traceback (most recent call last): > > File "./shredder.py", line 27, in > > import ssdeep # for fuzzy hashes // TEMPORARILY > > REMOVED > > ImportError: No module named ssdeep > > > > After commenting that line out in the shredder.py > > file > > i > > got > > this > > error; > > > > robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ > > is\ > > BAD\ > > !\ > > \ > > \ > > FW-\ > > Voice\ Message.eml | ./shredder.py > > Traceback (most recent call last): > > File "./shredder.py", line 204, in > > parse_the_email(my_email) # Does the magic, calls > > def > > parse_the_email(email) > > File "./shredder.py", line 167, in parse_the_email > > tSsdeep = > > ssdeep.hash(each)#hashlib.sha256(each).hexdigest() > > #ssdeep.hash(each) > > NameError: global name 'ssdeep' is not defined > > > > SSDeep is installed see here; > > > > robert@ubuntu:/opt$ sudo apt-get install ssdeep > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > ssdeep is already the newest version. > > 0 upgraded, 0 newly installed, 0 to remove and 5 > > not > > upgraded. > > robert@ubuntu:/opt$ > > > > I loved your presentation,Enjoyed All Your > > Metadatas > > Are > > Belong > > To > > Me: > > Reverse Engineering Emails on an Enterprise? > > > > Thanks for sharing this concept. > > Robert > > > > — > > Reply to this email directly or view it on GitHub > > https://github.com/x41x41x90/pm_shredder/issues/1. > > — > Reply to this email directly or view it on GitHub > < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62652520>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654359>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62654498>
.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62655428>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62656962>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62669303>.
— Reply to this email directly or view it on GitHub <
https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62725253>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62738433>.
— Reply to this email directly or view it on GitHub < https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62742014>.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62747881.
— Reply to this email directly or view it on GitHub https://github.com/x41x41x90/pm_shredder/issues/1#issuecomment-62762742.
I got this error while attempting to run the sample;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 27, in
import ssdeep # for fuzzy hashes // TEMPORARILY REMOVED
ImportError: No module named ssdeep
After commenting that line out in the shredder.py file i got this error;
robert@ubuntu:/opt/pm_shredder$ sudo cat YO\ this\ is\ BAD\ !\ \ \ FW-\ Voice\ Message.eml | ./shredder.py Traceback (most recent call last): File "./shredder.py", line 204, in
parse_the_email(my_email) # Does the magic, calls def parse_the_email(email)
File "./shredder.py", line 167, in parse_the_email
tSsdeep = ssdeep.hash(each)#hashlib.sha256(each).hexdigest() #ssdeep.hash(each)
NameError: global name 'ssdeep' is not defined
SSDeep is installed see here;
robert@ubuntu:/opt$ sudo apt-get install ssdeep Reading package lists... Done Building dependency tree Reading state information... Done ssdeep is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. robert@ubuntu:/opt$
I loved your presentation,Enjoyed All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise?
Thanks for sharing this concept. Robert