Spaces:
Sleeping
Sleeping
File size: 6,496 Bytes
a7c80d4 daa1a4a a7c80d4 534fb20 a7c80d4 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
import gradio as gr
from mcp_server import *
FANCY_OUTPUTS = [
"🔐 Calculate Hash", "🧵 Extract Strings", "📊 Calculate Entropy",
"🧬 Match Yara Rules", "🔍 Run Capa Analysis",
"🛡️ Get Results from 3rd party antivirus", "🧪 Get Sandbox Results"
]
OUTPUTS = [
"Calculate Hash", "Extract Strings", "Calculate Entropy",
"Match Yara Rules", "Run Capa Analysis",
"Get Results from 3rd party antivirus", "Get Sandbox Results"
]
def handle_file_upload(file, checked_features, email_address=None):
if file is None:
return "No file uploaded."
res = {}
file_hash = get_file_hash(file.name)
for i in OUTPUTS:
if i in checked_features:
if i == "Calculate Hash":
res[i] = get_file_hash(file.name)
elif i == "Extract Strings":
res[i] = extract_strings(file.name)
elif i == "Calculate Entropy":
res[i] = file_entropy(file.name)
elif i == "Match Yara Rules":
res[i] = run_compiled_yara(file.name)
elif i == "Get Results from 3rd party antivirus":
res[i] = get_antivirus_detailed_reports(file_hash)
elif i == "Get Sandbox Results":
res[i] = get_sandbox_detailed_reports(file_hash)
elif i == "Run Capa Analysis":
res[i] = capa_malware_analysis(file.name)
else:
res[i] = f"{i} not selected."
if email_address:
try:
send_email(email_address, str(res), f"Malware Analysis Results for {file.name}")
email_status = "Email sent successfully."
except Exception as e:
print(f"Error sending email: {str(e)}")
email_status = f"Failed to send email: {str(e)}"
else:
email_status = "Email not requested."
return [res[x] for x in OUTPUTS] + [email_status]
def create_interface():
with gr.Blocks() as demo:
gr.HTML("""
<style>
.selected input.svelte-1e02hys{
background-color:#0e203f!important;
color: white !important;
fill: white !important;
accent-color: white !important;
border-color: white !important;
}
#feature_checkbox_group {
padding: 10px;
border-radius: 10px;
background-color:#0e203f;
}
#static_analysis_accordion {
background-color: #0e203f !important;
color: black;
border-radius: 8px;
padding: 8px;
}
#capa_analysis_accordion {
background-color: #0e203f !important;
color: black;
border-radius: 8px;
padding: 8px;
}
#cyber_threat_intelligence_accordion {
background-color: #0e203f !important;
color: black;
border-radius: 8px;
padding: 8px;
}
#email_status_box {
background-color: #1b3d77 !important;
color: black;
border-radius: 8px;
padding: 8px;
}
#submit_button {
background-color: #0e203f !important;
color: white;
border-radius: 8px;
padding: 8px;
}
#submit_button:hover {
background-color: #1b3d77 !important;
color: white;
}
</style>
""")
gr.Markdown("# Malware Analysis Toolkit")
gr.Image("images/header.png", height=150, show_label=False, show_download_button=False, container=False, elem_id="logo")
gr.Markdown("Analyze files using CAPA, YARA, entropy, string extraction, and VirusTotal integrations.")
gr.Markdown("This is created in order to be used as a MCP for malware analysis. \
As a result this UI is not fully functional and is meant to be installed locally in addition to \
an LLM that supports MCP connections. In order to run the MCP server you need to install and run \
it locally, for instructions please refer to the README")
with gr.Row():
with gr.Column(elem_id="input_column"):
input_file = gr.File(label="File to be analysed")
feature_checklist = gr.CheckboxGroup(
choices=OUTPUTS,
label="Select Analysis Features",
elem_id="feature_checkbox_group"
)
send_email_checkbox = gr.Checkbox(label="Send results by email?")
email_input = gr.Textbox(label="Email Address", visible=False)
submit_button = gr.Button("Submit", elem_id="submit_button")
with gr.Column():
with gr.Accordion("Static Analysis", open=True, elem_id="static_analysis_accordion"):
output_hash = gr.Textbox(label=FANCY_OUTPUTS[0], interactive=False)
output_strings = gr.Textbox(label=FANCY_OUTPUTS[1], interactive=False)
output_entropy = gr.Textbox(label=FANCY_OUTPUTS[2], interactive=False)
output_yara = gr.Textbox(label=FANCY_OUTPUTS[3], interactive=False)
with gr.Accordion("Capa Analysis", open=False, elem_id="capa_analysis_accordion"):
output_capa = gr.Textbox(label=FANCY_OUTPUTS[4], interactive=False)
with gr.Accordion("Cyber Threat Intelligence", open=False, elem_id="cyber_threat_intelligence_accordion"):
output_antivirus = gr.Textbox(label=FANCY_OUTPUTS[5], interactive=False)
output_sandbox = gr.Textbox(label=FANCY_OUTPUTS[6], interactive=False)
output_boxes = [output_hash, output_strings, output_entropy, output_yara, output_capa, output_antivirus, output_sandbox]
email_status = gr.Textbox(label="Email Status", interactive=False, elem_id="email_status_box")
send_email_checkbox.change(
lambda checked: gr.update(visible=checked, interactive=checked),
inputs=send_email_checkbox,
outputs=email_input
)
submit_button.click(handle_file_upload,
inputs=[input_file, feature_checklist, email_input],
outputs=output_boxes+ [email_status])
return demo
def run_interface():
interface = create_interface()
interface.launch(server_port=7860)
|