Merge pull request #5 from redBorder/development

Release 0.3.0

Author: ViMesTor

README.md

@@ -1,7 +1,7 @@
 # redborder-malware-pythonpyenv
 
 This project install pyenv with python 3.11.13 and virtual environment
-for dependencies of airlfow.
+for dependencies of airlfow and cape
 
 ## Build
 ```
@@ -18,3 +18,8 @@ dnf install redborder-malware-pythonpyenv
 source /opt/airflow/venv/bin/activate
 python -c 'import crewai; print('\''CrewAI version:'\'', crewai.__version__)'
 ```
+
+## Testing cape virtual environment
+```
+/opt/redborder-cape/venv/bin/python -c 'import yara; print('\''yara version:'\'', yara.__version__)'
+```

VERSION

@@ -1 +1 @@
-0.2.0
+0.3.0

packaging/rpm/Makefile

@@ -23,11 +23,11 @@ archive: SOURCES
 	git archive --prefix=$(PACKAGE_NAME)-$(VERSION)/ \
 		-o packaging/rpm/SOURCES/$(PACKAGE_NAME)-$(VERSION).tar.gz HEAD
 
-
 build_prepare: archive
 	mkdir -p $(RESULT_DIR)
 	rm -f $(RESULT_DIR)/$(PACKAGE_NAME)*.rpm
 	cp *_requirements.txt SOURCES
+	cp pyproject.toml SOURCES
 
 srpm: build_prepare
 	/usr/bin/mock \

packaging/rpm/cape_requirements.txt

@@ -0,0 +1,158 @@
+alembic==1.9.4
+annotated-types==0.7.0
+anyio==4.8.0
+asgiref==3.8.1
+attrs==25.1.0
+autobahn==24.4.2
+automat==24.8.1
+bcrypt==4.2.1
+beautifulsoup4==4.12.3
+bs4==0.0.1
+cachetools==5.5.1
+cape-parsers==0.1.36
+capstone==5.0.5
+certifi==2025.1.31
+cffi==1.17.1
+channels==3.0.5
+chardet==4.0.0
+click==8.1.8
+colorama==0.4.6
+colorclass==2.2.2
+constantly==23.10.4
+crispy-bootstrap4==2024.10
+crudini==0.9.5
+cryptography==44.0.1
+cxxfilt==0.3.0
+cython==3.0.11
+daphne==3.0.2
+django-allauth==65.3.1
+django-crispy-forms==2.3
+django-csp==3.8
+django-extensions==3.2.3
+django-ratelimit==4.1.0
+django-recaptcha==4.0.0
+django-settings-export==1.2.1
+django==5.1.9
+djangorestframework==3.15.2
+dncil==1.0.2
+dnfile==0.15.1
+dnspython==2.7.0
+dpkt==1.9.6
+easygui==0.98.3
+editorconfig==0.17.0
+exceptiongroup==1.2.2
+filelock==3.17.0
+flare-capa==9.1.0
+funcy==2.0
+future==1.0.0
+gevent==24.2.1
+greenlet==3.0.3
+gunicorn==23.0.0
+h11==0.14.0
+httptools==0.6.4
+humanize==4.11.0
+hyperlink==21.0.0
+ida-netnode==3.0
+ida-settings==2.1.0
+idna==3.10
+incremental==24.7.2
+iniparse==0.5
+intervaltree==3.1.0
+jinja2==3.1.6
+jsbeautifier==1.15.1
+lnkparse3==1.5.0
+lxml==5.3.0
+mako==1.3.8
+markdown-it-py==3.0.0
+markupsafe==3.0.2
+maxminddb==2.6.3
+mdurl==0.1.2
+msgpack==1.0.8
+msgspec==0.19.0
+msoffcrypto-tool==5.4.2
+netstruct==1.1.2
+networkx==3.4.2
+olefile==0.47
+oletools==0.60.2
+orjson==3.10.15
+packaging==24.2
+paramiko==3.5.0
+pcodedmp==1.2.6
+pebble==5.1.0
+peepdf-3==5.0.0
+pefile==2024.8.26
+pillow==11.1.0
+prettytable==3.14.0
+protobuf==5.29.3
+psutil==6.1.1
+psycopg2-binary==2.9.10
+pyasn1-modules==0.3.0
+pyasn1==0.5.1
+pycparser==2.22
+pycryptodomex==3.21.0
+pydantic-core==2.27.2
+pydantic==2.10.6
+pydeep2==0.5.1
+pyelftools==0.31
+pygal==2.4.0
+pygments==2.19.1
+pyguacamole==0.11
+pymongo==4.11
+pynacl==1.5.0
+pyopenssl==25.0.0
+pyparsing==3.2.1
+pypdf==5.2.0
+pyre2-updated==0.3.8
+pysocks==1.7.1
+python-dateutil==2.9.0.post0
+python-dotenv==1.0.1
+python-flirt==0.9.2
+python-magic==0.4.27
+python-tlsh==4.5.0
+python-whois==0.9.5
+pythonaes==1.0
+pytz==2021.1
+pyyaml==6.0.2
+pyzipper==0.3.6
+rat-king-parser==4.1.6
+requests-file==2.1.0
+requests==2.32.4
+rich==13.9.4
+ruamel-yaml-clib==0.2.12
+ruamel-yaml==0.18.10
+ruff==0.9.4
+service-identity==24.2.0
+setproctitle==1.3.2
+sflock2==0.3.76
+six==1.17.0
+sniffio==1.3.1
+sortedcontainers==2.4.0
+soupsieve==2.6
+sqlalchemy-utils==0.41.1
+sqlalchemy==2.0.41
+sqlparse==0.5.3
+stpyv8==13.1.201.22
+tldextract==5.1.3
+tomli==2.2.1
+twisted==24.11.0
+txaio==23.1.1
+typing-extensions==4.12.2
+tzdata==2025.1
+unicorn==2.1.1
+urllib3==2.3.0
+uvicorn==0.18.3
+uvloop==0.21.0
+viv-utils==0.8.0
+vivisect==1.2.1
+watchfiles==1.0.4
+wcwidth==0.2.13
+websockets==14.2
+werkzeug==3.1.3
+win-unicode-console==0.5
+xmltodict==0.14.2
+yara-python==4.5.1
+zope-event==5.0
+zope-interface==7.2
+certvalidator==0.11.1
+asn1crypto==1.5.1
+mscerts==2025.8.29

packaging/rpm/pyproject.toml

@@ -0,0 +1,189 @@
+[tool.poetry]
+name = "CAPEv2"
+version = "0.1.0"
+description = "CAPE: Malware Configuration And Payload Extraction"
+authors = ["Kevin O'Reilly <[email protected]>", "doomedraven <[email protected]>"]
+license = "MIT"
+package-mode = false
+
+[tool.poetry.dependencies]
+python = ">=3.10, <4.0"
+alembic = "1.9.4"
+gevent = "24.2.1"
+greenlet = "3.0.3"
+Pebble = "5.1.0"
+# pymisp = "2.4.144"
+cryptography = ">=44.0.1"
+requests = {version = "2.32.4", extras = ["security", "socks"]}
+# pyOpenSSL = "24.0.0"
+pefile = "*"
+tldextract = ">=5.1.2"
+oletools = "0.60.2"
+olefile = "0.47"
+# mixbox = "1.0.5"
+capstone = "5.0.5"
+pycryptodomex = ">=3.20.0"
+# xmltodict = "0.12.0"
+requests-file = ">=1.5.1"
+orjson = ">=3.9.15"
+# maec = "4.1.0.17"
+# regex = "2021.7.6"
+SFlock2 = {version = ">=0.3.76", extras = ["shellcode","linux"]}
+# volatility3 = "2.11.0"
+# XLMMacroDeobfuscator = "0.2.7"
+pyzipper = "0.3.6"
+flare-capa = "9.1.0"
+
+Cython = "3.0.11"
+Django = ">=4.2.18"
+SQLAlchemy = "2.0.41"
+SQLAlchemy-Utils = "0.41.1"
+Jinja2 = "^3.1.6"
+chardet = "4.0.0"
+pygal = "2.4.0"
+dpkt = "1.9.6"
+dnspython = "2.7.0"
+pytz = "2021.1"
+maxminddb = "2.6.3"
+Pillow = ">=8.2.0"
+python-whois = "0.9.5"
+bs4 = "0.0.1"
+pydeep2 = "0.5.1"
+django-recaptcha = "4.0.0"  # https://pypi.org/project/django-recaptcha/
+django-crispy-forms = "2.3"
+crispy-bootstrap4 = "2024.10"
+django-settings-export = "1.2.1"
+django-csp = "3.8"
+django-extensions = "3.2.3"
+django-ratelimit = "4.1.0"
+# qrcode = "7.2"
+python-tlsh = "4.5.0"
+djangorestframework = "3.15.2"
+yara-python = "4.5.1"
+pymongo = ">=4.0.1"
+# ImageHash = "4.3.1"
+LnkParse3 = "1.5.0"
+cachetools = "^5.5.1"
+django-allauth = "65.3.1"  # https://django-allauth.readthedocs.io/en/latest/configuration.html
+# socks5man = {git = "https://github.com/CAPESandbox/socks5man.git", rev = "7b335d027297b67abdf28f38cc7d5d42c9d810b5"}
+# httpreplay = {git = "https://github.com/CAPESandbox/httpreplay.git", rev = "0d5a5b3144ab15f93189b83ca8188afde43db134"}
+# bingraph = {git = "https://github.com/CAPESandbox/binGraph.git", rev = "552d1210ac6770f8b202d0d1fc4610cc14d878ec"}
+psycopg2-binary = "^2.9.10"
+ruff = ">=0.7.2"
+paramiko = "3.5.0"
+psutil = "6.1.1"
+peepdf-3 = "5.0.0"
+pyre2-updated = ">=0.3.8"
+Werkzeug = "3.1.3"
+packaging = "24.2"
+# command line config manipulation
+crudini = "0.9.5"
+python-dateutil = "2.9.0.post0"
+
+# guac-session
+pyguacamole = "^0.11"
+uvicorn = {extras = ["standard"], version = "^0.18.2"}
+gunicorn = "^23.0.0"
+channels = "^3.0.5"
+setproctitle = "1.3.2"
+
+CAPE-parsers = ">=0.1.36"
+maco = "1.1.8"
+
+[tool.poetry.extras]
+maco = ["maco"]
+
+[tool.poetry.group.dev.dependencies]
+black = "^24.3.0"
+isort = "^5.10.1"
+mypy = "1.14.1"
+pytest = "7.2.2"
+pytest-pretty = "1.1.0"
+pytest-cov = "3.0.0"
+pytest-mock = "3.7.0"
+pytest-django = "4.5.2"
+pytest_asyncio = "0.18.3"
+pytest-xdist = "3.6.1"
+pytest-asyncio = "0.18.3"
+pytest-freezer = "0.4.8"
+tenacity = "8.1.0"
+types-requests = "^2.32"
+httpretty = "^1.1.4"
+func-timeout = "^4.3.5"
+pre-commit = "^2.19.0"
+
+[tool.black]
+line-length = 132
+include = "\\.py(_disabled)?$"
+
+[tool.isort]
+profile = "black"
+no_lines_before = ["FUTURE", "STDLIB"]
+line_length = 132
+supported_extensions = ["py", "py_disabled"]
+
+[tool.flake8]
+max-line-length = 132
+exclude = ".git,__pycache__,.cache,.venv"
+
+[tool.pytest.ini_options]
+django_find_project = false
+DJANGO_SETTINGS_MODULE = "web.settings"
+pythonpath = [".", "web"]
+testpaths = ["tests", "agent"]
+norecursedirs = "tests/zip_compound"
+asyncio_mode = "auto"
+
+[build-system]
+requires = ["poetry-core>=1.0.0"]
+build-backend = "poetry.core.masonry.api"
+requires-poetry = ">=2.0"
+
+[tool.ruff]
+line-length = 132
+exclude = [
+    "./analyzer/linux/dbus_next",
+]
+
+[tool.ruff.lint]
+select = [
+	"F",       # pyflakes
+	"E",       # pycodestyle errors
+	"W",       # pycodestyle warnings
+	# "I",       # isort
+	# "N",       # pep8-naming
+	"G",       # flake8-logging-format
+]
+
+ignore = [
+    "E501",    # ignore due to conflict with formatter
+    "N818",    # exceptions don't need the Error suffix
+    "E741",    # allow ambiguous variable names
+    "E402",
+    "W605",    # ToDo to fix - Invalid escape sequence
+]
+
+fixable = ["ALL"]
+
+[tool.ruff.lint.per-file-ignores]
+"stubs/*" = [
+    "N",       # naming conventions don't matter in stubs
+    "F403",    # star imports are okay in stubs
+    "F405",    # star imports are okay in stubs
+]
+
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+skip-magic-trailing-comma = false
+line-ending = "auto"
+
+[tool.ruff.lint.isort]
+known-first-party = ["libqtile", "test"]
+default-section = "third-party"
+
+[tool.mypy]
+warn_unused_configs = true
+files = [
+    "agent/**/*.py",
+]