From 7e0c2c10787d50107cc85c8c03d10291941c7511 Mon Sep 17 00:00:00 2001 From: "Derek.Thomas2" Date: Tue, 17 Aug 2021 12:33:14 -0700 Subject: [PATCH] removing natively zip cracking --- src/python/strelka/scanners/scan_zip.py | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/src/python/strelka/scanners/scan_zip.py b/src/python/strelka/scanners/scan_zip.py index 6ca26f16..1e8253ea 100644 --- a/src/python/strelka/scanners/scan_zip.py +++ b/src/python/strelka/scanners/scan_zip.py @@ -18,28 +18,18 @@ class ScanZip(strelka.Scanner): password_file: Location of passwords file for zip archives. Defaults to /etc/strelka/passwords.dat. """ - def init(self): - self.passwords = [] def scan(self, data, file, options, expire_at): file_limit = options.get('limit', 1000) - password_file = options.get('password_file', '/etc/strelka/passwords.dat') self.event['total'] = {'files': 0, 'extracted': 0} - if not self.passwords: - if os.path.isfile(password_file): - with open(password_file, 'rb') as f: - for line in f: - self.passwords.append(line.strip()) - with io.BytesIO(data) as zip_io: try: with zipfile.ZipFile(zip_io) as zip_obj: name_list = zip_obj.namelist() self.event['total']['files'] = len(name_list) - password = b'' for i, name in enumerate(name_list): if not name.endswith('/'): if self.event['total']['extracted'] >= file_limit: @@ -53,19 +43,6 @@ def scan(self, data, file, options, expire_at): if i == 0: self.flags.append('encrypted') - if not password: - for pw in self.passwords: - try: - extract_data = zip_obj.read(name, pw) - if extract_data: - password = pw - break - - except (RuntimeError, zipfile.BadZipFile, zlib.error): - pass - else: - extract_data = zip_obj.read(name, password) - else: extract_data = zip_obj.read(name)