This repository has been archived by the owner on Feb 22, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathmastiff.conf
169 lines (143 loc) · 4.68 KB
/
mastiff.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# This is the configuration file for mastiff.
#
# Comments are preceded by a # or ;
#
[Dir]
# log_dir is the base directory where the logs generated will
# be placed in.
#log_dir = /usr/local/mastiff/log
log_dir = ./work/log
# plugin_dir is a list of directories test plugins may be present in.
# should be comma-separated.
# This may be left blank.
# For example:
#plugin_dir = ./plugins, /etc/mastiff
plugin_dir =
# output_plugin_dir is a list of directories test output plugins may be present in.
# should be comma-separated.
# This may be left blank.
# For example:
#output_plugin_dir = ./plugins, /etc/mastiff
output_plugin_dir =
[Misc]
# verbose = [on|off]
verbose = off
# Make a copy of the analyzed file in the log directory with a .VIR extension.
# copy = [on|off]
copy = on
[Sqlite]
# Sqlite database options
# db_file = Name of the database file
db_file = mastiff.db
[File ID]
# trid is the location of the TrID binary
# trid_db is the location of the TrID database
#trid = /usr/local/bin/trid
trid =
trid_db =
[Fuzzy Hashing]
# compare decides whether or not to correlate previous fuzzy hashes
# compare = [on|off]
compare = on
[Hex Dump]
# Options for Hex Dump plug-in
# enabled = [on|off]
enabled = off
[Embedded Strings Plugin]
# Options for the Embedded Strings Plugin.
# strcmd is the path to the strings command
# DO NOT CHANGE THE FOLLOWING OPTIONS UNLESS YOU KNOW WHAT YOU ARE DOING!
# str_opts are the options to use for all strings operations
# str_uni_opts are the options to use to obtain UNICODE strings
strcmd = /usr/bin/strings
str_opts = -a -t d
str_uni_opts = -e l
[VirusTotal]
# Options for the VirusTotal Submission Plug-in.
# api_key is your API key from virustotal.com
# - Leave this empty if you wish to disable this plug-in
api_key =
# submit [on|off] - submit binary to VirusTotal
submit = off
[Metascan Online]
# Options for the Metascan Online Submission Plug-in.
# api_key is your API key from metascan-online.com
# - Leave this empty if you wish to disable this plug-in
api_key =
# submit [on|off] - submit binary to Metascan Online
submit = off
[MASTIFF Online]
# Options for submission to MASTIFF Online
# accept_terms_of_service [true|false] - To upload samples to MASTIFF Online,
# you agree to the terms of service and privacy policy located at
# https://mastiff-online.korelogic.com. Set the option below to true to
# indicate you agree to the terms.
accept_terms_of_service = false
# submit [on|off] - submit sample to MASTIFF Online
submit = off
[pdfid]
# Options to run Didier Stevens pdfid.py script
# pdfid_cmd = Path to the pdfid.py script
# - Leave blank if you want the script disabled.
# pdfid_opts = Options for program.
# - Do not put multiple options in quotes.
# Note: pdfid.py has bugs that may cause errors when examining
# malformed PDFs when using the -e option.
pdfid_cmd = /usr/local/bin/pdfid.py
#pdfid_opts = -e
pdfid_opts =
[pdf-parser]
# Options to run Didier Stevens pdf-parser.py script
# pdf_cmd = Path to pdf-parser.py.
# feedback: [on|off] - Feed extracted files back into the MASTIFF queue.
pdf_cmd = /usr/local/bin/pdf-parser.py
feedback = on
[PDF Metadata]
# Options for PDF Metadata script
# exiftool = path to exitfool
exiftool = /usr/bin/exiftool
[yara]
# Options for the Yara signature plug-in
# yara_sigs = Base path to Yara signatures. This path will be recursed
# to find additional signatures.
# Leave blank to disable the plug-in.
yara_sigs = /usr/local/yara
[Digital Signatures]
# Options to extract the digital signatures
#
# disitool - path to disitool.py script.
# openssl - path to openssl binary
disitool = /usr/local/bin/disitool.py
openssl = /usr/bin/openssl
[Office Metadata]
# Options for Office Metadata script
# exiftool = path to exitfool
exiftool = /usr/bin/exiftool
[Single-Byte Strings]
# options for single-byte string extraction plug-in
# length - Minimum length to extract
length = 3
# raw - print raw characters instead of formatted ones (e.g. \\n vs. \n)
raw = False
[ZipExtract]
# options for Zip archive file extraction plug-in
# enabled: [on|off] - Extract files or not
# password: Password to use for zip file. OK to leave blank.
# feedback: [on|off] - Feed extracted files back into the MASTIFF queue.
enabled = on
password =
feedback = on
[Office pyOLEScanner]
# olecmd = Path to pyOLEScanner.py
olecmd=/usr/local/src/pyOLEScanner/pyOLEScanner.py
################################
# Output Plug-in Configuration
################################
[Raw Output]
# enabled: [on|off] - Dump output in raw form or not
enabled = off
[Text Output]
# enabled = [on|off] - Dump output in raw form or not
# format = [multiple|single] - Put text output in individual files or one page.
enabled = on
format = multiple