Comments (9)
Rurik
commented on September 6, 2024
I apologize for this. I added a slight aesthetic modification that caused
that issue. I'm not sure exactly why it error'd, and will look into that,
but I have added error handling to prevent it from crashing.
Please try the new version that I just committed and see if it works.
On Tue, Apr 28, 2015 at 7:29 AM, dbosanzio [email protected] wrote:
Hi, thanks for your tool.
Your work is much appreciated
I'm trying to start it but I get the following error:
C:\Python34>python.exe c:\Noriben-master\Noriben.py
--===[ Noriben v1.6.2 ]===--
Traceback (most recent call last):
File "c:\Noriben-master\Noriben.py", line 1202, in
main()
File "c:\Noriben-master\Noriben.py", line 997, in main
print(header2 % (' ' * (padding / 2), ' ' * (padding / 2)))
TypeError: can't multiply sequence by non-int of type 'float'C:\Python34>
I test on windows 7 64 bit with Python 3.4.3 (64 bit version) and Python
3.2.5.1 32 bit version, getting the same error.
May you help me to fix this error?Thanks a lot.
—
Reply to this email directly or view it on GitHub
https://github.com/Rurik/Noriben/issues/5.
from noriben.
dbosanzio
commented on September 6, 2024
Thanks.
Now I get the following error:
C:\Python34>python.exe c:\Noriben-master\Noriben.py
File "c:\Noriben-master\Noriben.py", line 1000
print '--==[ Noriben v%s ]==--' % VERSION
^
SyntaxError: Missing parentheses in call to 'print'
Thanks for your help.
from noriben.
Rurik
commented on September 6, 2024
I'm very sorry. I made a quick fix but didn't actually test it. I've
resolved that error. The new one fixes that mistake.
On Tue, Apr 28, 2015 at 9:01 AM, dbosanzio [email protected] wrote:
Thanks.
Now I get the following error:
C:\Python34>python.exe c:\Noriben-master\Noriben.py
File "c:\Noriben-master\Noriben.py", line 1000
print '--==[ Noriben v%s ]==--' % VERSION
^
SyntaxError: Missing parentheses in call to 'print'Thanks for your help.
—
Reply to this email directly or view it on GitHub
https://github.com/Rurik/Noriben/issues/5#issuecomment-97118825.
from noriben.
dbosanzio
commented on September 6, 2024
Thanks.
Now I get the following error:
C:\Python34>python.exe c:\Noriben-master\Noriben.py
--===[ Noriben v1.6.2 ]===--
--==[ Noriben v1.6.2 ]==--
[!] Filter file ProcmonConfiguration.PMC not found. Continuing without filters.
[!] Unable to find Procmon (procmon.exe) in path.
I copied the procmon.exe in the Noriben-master folder where ther's the Noriben.py:
C:\Python34>python.exe c:\Noriben-master\Noriben.py
--===[ Noriben v1.6.2 ]===--
--==[ Noriben v1.6.2 ]==--
[!] Filter file ProcmonConfiguration.PMC not found. Continuing without filters.
[!] Unable to find Procmon (procmon.exe) in path.
C:\Python34>cd c:\Noriben-master
c:\Noriben-master>dir
Directory di c:\Noriben-master
Directory di c:\Noriben-master
29/04/2015 10:29
.29/04/2015 10:29 ..
29/04/2015 10:29 51.337 Noriben.py
31/03/2015 19:20 2.044.552 Procmon.exe
29/04/2015 10:29 6.470 ProcmonConfiguration.pmc
29/04/2015 10:29 9.297 README.md
29/04/2015 10:29 Sample
29/04/2015 10:36 64 virustotal.api
from noriben.
Rurik
commented on September 6, 2024
This is due to how Noriben checks for procmon.exe.
It will first check to see if procmon is in the current working directory,
then check each directory in the system PATH. In your case, you're running
Noriben from the C:\Python34 directory, so it's expecting Procmon to be
there.
I have not yet added the ability for the program to resolve its called
directory and look for files there, but it is in my TODO list.
For now I'd recommend either adding the executable to a folder in your path
or running Python from the Noriben folder:
C:\Noriben-master> C:\Python34\Python.exe Noriben.py
On Wed, Apr 29, 2015 at 1:37 AM, dbosanzio [email protected] wrote:
Thanks.
Now I get the following error:
C:\Python34>python.exe c:\Noriben-master\Noriben.py
--===[ Noriben v1.6.2 ]===--
--==[ Noriben v1.6.2 ]==--
[!] Filter file ProcmonConfiguration.PMC not found. Continuing without
filters.
[!] Unable to find Procmon (procmon.exe) in path.I copied the procmon.exe in the Noriben-master folder where ther's the
Noriben.py:C:\Python34>python.exe c:\Noriben-master\Noriben.py
--===[ Noriben v1.6.2 ]===--
--==[ Noriben v1.6.2 ]==--
[!] Filter file ProcmonConfiguration.PMC not found. Continuing without
filters.
[!] Unable to find Procmon (procmon.exe) in path.C:\Python34>cd c:\Noriben-master
c:\Noriben-master>dir
Directory di c:\Noriben-master
Directory di c:\Noriben-master
29/04/2015 10:29
.
29/04/2015 10:29 ..
29/04/2015 10:29 51.337 Noriben.py
31/03/2015 19:20 2.044.552 Procmon.exe
29/04/2015 10:29 6.470 ProcmonConfiguration.pmc
29/04/2015 10:29 9.297 README.md
29/04/2015 10:29 Sample
29/04/2015 10:36 64 virustotal.api—
Reply to this email directly or view it on GitHub
https://github.com/Rurik/Noriben/issues/5#issuecomment-97352493.
from noriben.
dbosanzio
commented on September 6, 2024
Thanks. Now it works.
There is just still a problem .
It is not displayed the network traffic data
despite having surfed with firefox (for example)
Network Traffic:
Unique Hosts:
ERRORS DETECTED
The following items could not be parsed correctly:
"13:18:57,8034577","firefox.exe","3288","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings","SUCCESS","Type: REG_BINARY, Length: 1.336, Data: 46 00 00 00 D5 01 00 00 09 00 00 00 00 00 00 00","4324"
from noriben.
Rurik
commented on September 6, 2024
This will be slightly difficult to troubleshoot. Ultimately, Procmon is not
collecting the data for some reason. The way to verify this is to
grep/search the original Noriben CSV file for "TCP Send" or "TCP Receive".
These are the key words that Noriben picks up on to collect network
indicators.
If there are no entries with those then likely Procmon is just not
collecting it. The quickest way to check this is to run Noriben and then
click on the minimized Procmon window in the task bar. Towards the upper
right will be five icons that indicate each category of logging. Ensure
that the third one is select (stacked computer icon) to enable network
monitoring. You can then run your applications (Firefox) and close Noriben
as normal.
If that resolves it, you should be good. That setting should remain set in
the registry and work in the future. However, if Procmon is still not
creating TCP Send or TCP Receive events, there's little I can do.
On Wed, Apr 29, 2015 at 5:03 AM, dbosanzio [email protected] wrote:
Thanks. Now it works.
There is just still a problem .
It is not displayed the network traffic data
despite having surfed with firefox (for example)
Network Traffic: Unique Hosts:ERRORS DETECTED
The following items could not be parsed correctly:
"13:18:57,8034577","firefox.exe","3288","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\SavedLegacySettings","SUCCESS","Type: REG_BINARY,
Length: 1.336, Data: 46 00 00 00 D5 01 00 00 09 00 00 00 00 00 00 00","4324"—
Reply to this email directly or view it on GitHub
https://github.com/Rurik/Noriben/issues/5#issuecomment-97401687.
from noriben.
dbosanzio
commented on September 6, 2024
Thanks for your help.
I resetted the filter of procmon than I checked that selecting only the network icon there was traffic displayed. After that I enabled all monitoring icons an than save and overwrite the procmon config file "ProcmonConfiguration.pmc". Now all work good and the netwrok traffic is displayed.
Best regard. This case is close for me.
Thanks a lot.
PS: it may be useful, I made Noriben portable using Python Portable:
1)Download Python Portable from http://portablepython.com/wiki/PortablePython3.2.5.1/
- Download Python module setuptools "https://pypi.python.org/packages/source/s/setuptools/setuptools-15.2.zip" an copied and extracted in "C:\Portable Python 3.2.5.1\setuptools-15.2"
3)I installed setuptool with the following command:
"c:\Portable Python 3.2.5.1\App\python.exe" "c:\Portable Python 3.2.5.1\setuptools-15.2\setup.py" install
4)I installed pip with the following command:
"c:\Portable Python 3.2.5.1\App\Scripts\easy_install.exe" pip
5)I Installed the requests module with the following command:
"c:\Portable Python 3.2.5.1\App\Scripts\pip.exe" install requests
- I copied the folder Noriben-master in "C:\Portable Python 3.2.5.1"
7)I started the Noriben sandbox with the following command:
C:\Portable Python 3.2.5.1\Noriben-master>"c:\Portable Python 3.2.5.1\App\python.exe" Noriben.py
--===[ Noriben v1.6.2 ]===--
--==[ Noriben v1.6.2 ]==--
[] Using filter file: ProcmonConfiguration.PMC
[+] Features: (Debug: False YARA: False VirusTotal: True)
[] Using procmon EXE: procmon.exe
[] Procmon session saved to: Noriben_30_Apr_15__09_25_14_833000.pml
[] Launching Procmon ...
[] Procmon is running. Run your executable now.
[] When runtime is complete, press CTRL+C to stop logging.
from noriben.
Rurik
commented on September 6, 2024
Glad to hear it's working, thank you for bringing the issues to my attention (and I'll fix that double version header that I see). And awesome about the portable solution. I'm going to use that to share with others!
from noriben.
Related Issues (20)
- Shutting down VM after analysis HOT 2
- Procmon needs permisison to "make changes on this computer" HOT 1
- Non-PE File (e.g. Malicious Office Files) Support on Sandbox HOT 3
- Registry lenght exceeded HOT 14
- question regarding procmon.pmc configuration file name and extenstion HOT 1
- How to whitelist System:4 process? HOT 4
- I've kept the ProcmonConfiguration.PMC name because that's what SysInternals has always referred to it as. I don't want people to think that this is using an entirely new file format when they may already have PMC's lying around. HOT 3
- Malware - encrypting the.pml HOT 2
- Chinese characters in log HOT 2
- Noriben can't load the CSVfile made by procmon HOT 13
- Empty text and timeline file generated by Noriben HOT 16
- Pledgie Link HOT 1
- procmon.exe path problem HOT 3
- PML file being encrypted by malware HOT 2
- ValueError: could not convert string to float: '3\xa0256' HOT 14
- I've been playing with this issue for awhile, and apologies for the lengthy delay. It's an issue of the backing file being encrypted, but Procmon does have the ability to use virtual memory for the live data. Do you have a sample that you can test against, or provide hash for so I can test? HOT 10
- New issue - VM running Windows 11 Pro HOT 5
- Exiting with error code: 8: Error creating PML HOT 3
- hashlist and csv creation issues HOT 1
- this issue is back. See below HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from noriben.