Add file manager, storing extracted files

2025-10-10 19:36:51 +00:00 · 2020-01-08 16:34:31 +01:00 · 2020-01-08 16:34:31 +01:00 · 1217153e78
commit 1217153e78
parent cd01dc7664
4 changed files with 24 additions and 1 deletions
--- a/main.go
+++ b/main.go
@ -33,9 +33,15 @@ func main() {
 		log.Fatalf("Error occurred while analyzing: %s", analyzeErr.Error())
 	}

+	// Extract found and requested files
+	output.StoreFiles()
+
 	// Show user analysis
 	analyze.PrintSummary()

+	// Print filemanager summary
+	output.PrintSummary()
+
 	// Finalize output
 	output.Finalize()
 }
--- a/output/flag.go
+++ b/output/flag.go
@ -5,11 +5,17 @@ import "flag"
 var (
 	fullOutput *bool
 	printEmptyBlocks *bool
+	targetFiles *string
+	targetAllFiles *bool
+	targetOutput *string
 )

 func RegisterFlags() {
 	fullOutput = flag.Bool("full-output", false, "Show full output instead of limiting submodule output")
 	printEmptyBlocks = flag.Bool("print-empty-blocks", false, "Prints blocks (submodule output) even if the submodule doesn't have any content to print.")
+	targetFiles = flag.String("extract-these", "", "Comma-separated list of files to extract.")
+	targetAllFiles = flag.Bool("extract-all", false, "Extract all files found.")
+	targetOutput = flag.String("extract-to", "./extracted", "Directory to store extracted files in.")
 }


--- a/output/output.go
+++ b/output/output.go
@ -17,4 +17,10 @@ func Finalize() {
 		// We did - inform user about this
 		printer.Println("Some submodule output was hidden. Add --print-empty-blocks to show it.")
 	}
+
+	// Check if the user didn't use the file extract option, although there were files available to extract
+	if extractedFiles == 0 && len(registeredFiles) > 0 {
+		// User avoided the files
+		printer.Println("Files found in stream. Add --extract-all or --extract-these <list> to extract them.")
+	}
 }
--- a/protocol/http/httpResponseFactory.go
+++ b/protocol/http/httpResponseFactory.go
@ -3,10 +3,12 @@ package http
 import (
 	"bufio"
 	"fmt"
+	"git.darknebu.la/maride/pancap/output"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/tcpassembly"
 	"github.com/google/gopacket/tcpassembly/tcpreader"
 	"io"
+	"io/ioutil"
 	"net/http"
 )

@ -48,9 +50,12 @@ func (h *httpResponseStream) run() {
 			// Ignore, because it may be a request
 		} else {
 			// Try to process assembled request
-			tcpreader.DiscardBytesToEOF(resp.Body)
+			fileBytes, _ := ioutil.ReadAll(resp.Body)
 			resp.Body.Close()

+			// Register file in filemanager
+			output.RegisterFile("", fileBytes, "HTTP response")
+
 			// Build summary
 			line := fmt.Sprintf("Response %s, Type %s, Size %d bytes", resp.Status, resp.Header.Get("Content-Type"), resp.ContentLength)
 			responseSummaryLines = append(responseSummaryLines, line)