Wednesday, December 1, 2010

Importing jsunpackn.py as a python library

In case you were wondering, it *IS* possible to import jsunpack-n from your own python programs. The benefits include:
1) greater control of the options (that you'd normally specify on the command line or in the configuration file)
2) control of the output in their native data structures (no more $ ./jsunpackn.py file|grep -E "suspicious|malicious" >> readme.log)

Check out the new exampleImport.py script, now available in the project's google code svn site.

If you review the main code for the exampleImport.py script, you will see that it defines a function that allows you to directly pass JavaScript... for example:
main('eval("var a=123;");')

Then you can see these loops in the main function:

        for type,hash,data in js.rooturl[url].files:
print 'file type=%s, hash=%s, data=%d bytes' % (type,hash,len(data))
for printable,impact,msg in js.rooturl[url].msg:
print 'output message printable=%d, impact=%d, msg=%s' % (printable,impact,msg)


The point of this post is to show you that you can directly access these files and perform decoding using jsunpackn.py as a python library. If you need examples for how to operate on more than just JavaScript as the exampleImport.py shows, then try looking at the main function of jsunpackn.py, and you'll see how I process the various different types of input.

Cheers,

No comments:

Post a Comment