AWSBucketDump
AWSBucketDump copied to clipboard
jordanpotti
Yara/Logging/Misc Fix Updates
Nice project. Fixed/Updated a couple of things for you:
- Fixed the grep list issue where it would error if you didn't include it (the help info suggests its optional)
- Adding a Yara scanning flag to search the downloaded files for things of interest. Only one Yara rule (PDF detection) in there at the moment
- Changed the logging functionality with some code from one of my other projects. Use the Python logging module to drop everything into a single log file with data timestamps included.
Thanks for the pull request, nice work! Can you take a look at the Travis CI Build results? I am getting the same results when I try to run the tool locally. The error message states:
OSError: /home/travis/virtualenv/python3.6.3/lib/libyara.so: cannot open shared object file: No such file or directory
https://travis-ci.org/jordanpotti/AWSBucketDump/builds/455816994?utm_source=github_status&utm_medium=notification
Ah I see the problem, I had Yara installed previously so it dropped the library on my system. Looks like it requires libyara to be installed on Ubuntu systems (simple apt-get install libyara should do the trick). Not sure how you'd like that documented though, LMK.
Thought just occurred to me. The Yara functionality needs to be truly optional especially given the opt-in command line switch. So I went ahead and added a graceful try-except that disables Yara if the import isn't graceful. We should still include a note somewhere in the instructions (I'll leave this up to your better discretion) but basically say "You need to fully install the Yara libraries to get this support"
