-
Notifications
You must be signed in to change notification settings - Fork 156
Use Cases and Examples
This page gives examples of the different types of ways that Laika BOSS can be used including sample output from the usage. We highly recommend using jq to parse the Laika JSON output. It will make reading and manipulating the output much easier. All examples on this page will be parsed with jq.
A standalone instance of Liaka means that the files that need to be scanned are located on the scanner itself. A single command, laika.py, is used for the scan.
A network instance of Liaka means that files are located on a client and sent to a server using the Liaka code. On the client, the command cloudscan.py is used to send the file to the server which is running the Liaka daemon (laikad.py).
From the directory containing the framework code, you may run the standalone scanner, laika.py, against any file you choose.
Note: If you move laika.py from its installed directory, then you'll have to specify various config locations. By default it uses the configurations in the ./etc directory.
The below is an example of running laika.py against a SWF file that is then parsed with jq.
$ ./laika.py ~/test_files/testfile.cws.swf | jq '.scan_result[] | { "file type" : .fileType, "flags" : .flags, "md5" : .objectHash }'
100%[############################################] Processed: 1/1 total files (Elapsed Time: 0:00:00) Time: 0:00:00
{
"md5": "dffcc2464911077d8ecd352f3d611ecc",
"flags": [],
"file type": [
"cws",
"swf"
]
}
{
"md5": "587c8ac651011bc23ecefecd4c253cd4",
"flags": [],
"file type": [
"fws",
"swf"
]
}In the network instance, you must first start the laika daemon laikad.py which will listen for connections from the client. Configuration for client listen port is found in etc/laikad/laikad.conf.
$ ./laikad.pyThe client using cloudscan.py sends the file to the server. The client must be configured to point to the IP address and port of the server running laikad.py. The "broker_host" should be changed in file etc/cloudscan/cloudscan.conf to point to the correct destination. For example, the below points cloudscan to IP 10.1.1.200 port 5558:
'broker_host': 'tcp://10.1.1.200:5558',
The below is an example scan of a SWF file that is then parsed with jq. The scanning of the file itself is occurring on the server running the laika daemon.
$ ./cloudscan.py ~/test_files/testfile.cws.swf | jq '.scan_result[] | { "file type" : .fileType, "flags" : .flags, "md5" : .objectHash }'
{
"md5": "dffcc2464911077d8ecd352f3d611ecc",
"flags": [],
"file type": [
"cws",
"swf"
]
}
{
"md5": "587c8ac651011bc23ecefecd4c253cd4",
"flags": [],
"file type": [
"fws",
"swf"
]
}