Config File, and AutoRun Plugins at session load.

Author: kevthehermit

.gitignore

@@ -71,4 +71,5 @@ vt_key.py
 test.py
 plugins/overlays/*.zip
 plugins/*
-!plugins/overlays/__init__.py
+!plugins/overlays/__init__.py
+volutility.conf

volutility.conf.sample

@@ -0,0 +1,13 @@
+[database]
+mongo_uri = mongodb://localhost
+
+[virustotal]
+api_type = public
+api_key =
+
+[autorun]
+#
+# Volutility will try to run these plugins as soon as the image is loaded.
+#
+autorun = False
+plugins = pslist,psscan

web/checks.py

@@ -1,8 +1,8 @@
 from django.core.checks import Error, Warning, register
 from django.core.checks import Tags
-
 import vol_interface
 
+
 ##
 # Django System Checks
 ##
@@ -25,11 +25,6 @@ def compat_check(app_configs=None, **kwargs):
     except ImportError:
         errors.append(Warning('Unable to import virustotalapi', hint='sudo pip install virustotal'))
 
-    try:
-        from vt_key import API_KEY
-    except ImportError:
-        errors.append(Warning('Unable to import virustotal key', hint='create api_key.py as per wiki'))
-
     try:
         import yara
     except ImportError:
@@ -49,6 +44,16 @@ def compat_check(app_configs=None, **kwargs):
     except Exception as error:
         errors.append(Error('Unable to find Volatility Version Number', hint='Read the installation wiki'))
 
+    # Config
+    try:
+        from common import Config
+        config = Config()
+        if config.valid:
+            pass
+
+    except:
+        errors.append(Error('Unable to parse a volutility.conf file', hint='Copy volutiltiy.conf.sample to volutitliy.conf'))
+
 
     # Database Connection finally
     if have_mongo:

web/common.py

@@ -4,6 +4,7 @@
 import contextlib
 import tempfile
 import shutil
+import ConfigParser
 
 try:
     from subprocess import getoutput
@@ -63,3 +64,26 @@ def temp_dumpdir():
     temp_dir = tempfile.mkdtemp()
     yield temp_dir
     shutil.rmtree(temp_dir)
+
+class Config:
+    def __init__(self):
+        config = ConfigParser.ConfigParser(allow_no_value=True)
+
+        conf_file = 'volutility.conf'
+
+        if not os.path.exists('volutility.conf'):
+            conf_file = 'volutility.conf.sample'
+            logger.warning('Using default config file. Check your volutility.conf file exists')
+
+
+        valid = config.read(conf_file)
+        if len(valid) > 0:
+            self.valid = True
+            for section in config.sections():
+                for key, value in config.items(section):
+                    setattr(self, key, value)
+        else:
+            self.valid = False
+            logger.error('Unable to find a valid volutility.conf file.')
+
+

web/database.py

@@ -2,12 +2,18 @@
 import pymongo
 from bson.objectid import ObjectId
 from gridfs import GridFS
+from common import Config
+config = Config()
 
 class Database():
     def __init__(self):
         # Create the connection
+        if config.valid:
+            mongo_uri = config.mongo_uri
+        else:
+            mongo_uri = 'mongodb://localhost'
 
-        connection = pymongo.MongoClient('localhost')
+        connection = pymongo.MongoClient(mongo_uri)
 
         # Version Check
         server_version = connection.server_info()['version']

web/static/js/volutility.js

@@ -24,7 +24,10 @@ Params:
     spinner: Bool = Overlay a loading spinner or not.'
  */
 
-
+function changeCSS(cssname){
+    var newcss = '/static/css/bootstrap_' + cssname + '.min.css';
+    $('#bootswatch').attr('href', newcss);
+}
 
 
 /*
@@ -49,6 +52,7 @@ $(document).ready(function() {
     }(jQuery));
 
 });
+
 /*
 SpinnerControl opens and closes the loading page
 Not many plugins need to use this.

web/templates/base.html

@@ -6,7 +6,7 @@
 <meta charset="UTF-8">
 <meta name="description" content="Volutility">
 <meta name="keywords" content="yara,rules">
-<link href="{% static 'css/bootstrap.min.css' %}" rel="stylesheet">
+<link id="bootswatch" href="{% static 'css/bootstrap.min.css' %}" rel="stylesheet">
 <link href="{% static 'css/style.css' %}" rel="stylesheet">
 <link href="{% static 'css/datatables.min.css' %}" rel="stylesheet">
 
@@ -56,6 +56,8 @@
             <li class="divider"></li>
             <li><a href="#" data-toggle="modal" data-target="#aboutModal">About</a></li>
             <li><a href="#" onclick="spinnerControl('open', 'Cats Loading Stuffs')">Loading page</a></li>
+            <li><a href="#" onclick="changeCSS('lumen')">Lumen Css</a></li>
+            <li><a href="#" onclick="changeCSS('flatly')">Flatly Css</a></li>
           </ul>
         </li>
       </ul>

web/templates/modals/add_session_modal.html

@@ -37,6 +37,10 @@ <h5><strong>Extra Plugin Dirs: </strong>{{ plugin_dirs }}</h5>
                     <textarea class="form-control" rows="3" name="description" placeholder="Description"></textarea>
                 </div>
 
+                <div class="form-group">
+                    <input type="text" class="form-control" name="auto_run" placeholder="optional autorun plugins">
+                </div>
+
 
                 <button type="submit" class="btn btn-default" name="new" value="New">Submit</button>
 

web/views.py

@@ -3,6 +3,9 @@
 import hashlib
 from datetime import datetime
 from web.common import *
+import multiprocessing
+from common import Config
+config = Config()
 
 logger = logging.getLogger(__name__)
 
@@ -30,13 +33,6 @@
     YARA = False
     logger.warning("Unable to import Yara")
 
-try:
-    from vt_key import API_KEY
-    VT_KEY = True
-except ImportError:
-    VT_KEY = False
-    logger.warning("Unable to import VirusTotal API Key from vt_key.py")
-
 ##
 # Import The volatility Interface and DB Class
 ##
@@ -141,6 +137,11 @@ def session_page(request, sess_id):
                     'volatility': vol_interface.vol_version,
                     'volutility': volutility_version}
 
+    # Check if file still exists
+
+    if not os.path.exists(session_details['session_path']):
+        error_line = 'Memory Image can not be found at {0}'.format(session_details['session_path'])
+
 
     return render(request, 'session.html', {'session_details': session_details,
                                             'plugin_list': plugin_list,
@@ -225,6 +226,22 @@ def create_session(request):
     # Store it
     session_id = db.create_session(new_session)
 
+    # Autorun list from config
+    if config.autorun:
+        auto_list = config.plugins.split(',')
+    else:
+        auto_list = False
+
+    # Merge Autorun from manual post with config
+    if 'auto_run' in request.POST:
+        run_list = request.POST['auto_run'].split(',')
+        if not auto_list:
+            auto_list = run_list
+        else:
+            for run in run_list:
+                if run not in auto_list:
+                    auto_list.append(run)
+
     # For each plugin create the entry
     for plugin in plugin_list:
         db_results = {}
@@ -241,7 +258,11 @@ def create_session(request):
         db_results['plugin_output'] = None
         db_results['status'] = None
         # Write to DB
-        db.create_plugin(db_results)
+        plugin_id = db.create_plugin(db_results)
+
+        if auto_list:
+            if plugin_name in auto_list:
+                multiprocessing.Process(target=run_plugin, args=(session_id, plugin_id)).start()
 
     return redirect('/session/{0}'.format(str(session_id)))
 
@@ -650,30 +671,28 @@ def ajax_handler(request, command):
 
             return render(request, 'hive_details.html', {'hive_details': hive_details})
 
-
     if command == 'dottree':
         session_id = request.POST['session_id']
         session = db.get_session(ObjectId(session_id))
         vol_int = RunVol(session['session_profile'], session['session_path'])
         results = vol_int.run_plugin('pstree', output_style='dot')
         return HttpResponse(results)
 
-
     if command == 'virustotal':
-        if not VT_KEY or not VT_LIB:
+        if not config.api_key or not VT_LIB:
+            logger.error('No Virustotal key provided in volutitliy.conf')
             return HttpResponse("Unable to use Virus Total. No Key or Library Missing. Check the Console for details")
 
         if 'file_id' in request.POST:
             file_id = request.POST['file_id']
 
             file_object = db.get_filebyid(ObjectId(file_id))
             sha256 = file_object.sha256
-            vt = PublicApi(API_KEY)
+            vt = PublicApi(config.api_key)
             response = vt.get_file_report(sha256)
 
             vt_fields = {}
 
-
             if response['results']['response_code'] == 1:
                 vt_fields['permalink'] = response['results']['permalink']
                 vt_fields['total'] = response['results']['total']