6.0.2

README.rst

@@ -1,28 +1,9 @@
 =============
-PEframe 6.0.1
+PEframe 6.0.2
 =============
 
 PEframe is a open source tool to perform static analysis on `Portable Executable <http://en.wikipedia.org/wiki/Portable_Executable>`_ malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, macro and much more information about the suspicious files.
 
-Usage
------
-
-.. code-block:: bash
-
-    python3 peframe-cli.py <filename>            Short output analysis
-
-    python3 peframe-cli.py -i <filename>         Interactive mode
-
-    python3 peframe-cli.py -j <filename>         Full output analysis JSON format
-    
-    python3 peframe-cli.py -x STRING <filename>  Search xored string
-    
-    python3 peframe-cli.py -s <filename>         Strings output
-    
-You can edit `config-peframe.json <https://github.com/guelfoweb/peframe/blob/master/config/config-peframe.json>`_ file in "config" folder to configure virustotal API key.
-
-
-
 
 Install
 -------
@@ -42,17 +23,30 @@ Install
 
    git clone https://github.com/guelfoweb/peframe.git
 
-**Install using PyPI**
+**Install**
 
 .. code-block::
 
-   pip3 install -r requirements.txt
+   python3 setup.py install
 
-**Install on Debian/Ubuntu**
 
-.. code-block::
+Usage
+-----
+
+.. code-block:: bash
+
+    peframe <filename>            Short output analysis
+
+    peframe -i <filename>         Interactive mode
+
+    peframe -j <filename>         Full output analysis JSON format
+    
+    peframe -x STRING <filename>  Search xored string
+    
+    peframe -s <filename>         Strings output
+    
+You can edit "config-peframe.json" file in "config" folder to configure virustotal API key. After installation you can use "peframe -h" to find api_config path.
 
-   bash install.sh
 
 How to work
 -----------

peframe.py → peframe/peframe.py

@@ -5,24 +5,42 @@
 
 import os
 import re
+import sys
 import json
 import magic
 import pefile
 import hashlib
 from datetime import datetime
 
-from modules import directories
-from modules import features
-from modules import apialert
-from modules import yara_check
-from modules import meta
-from modules import virustotal
-from modules import sections
-from modules import fileurl
-from modules import macro
+portable = False
+for path in sys.path:
+	if os.sep+'peframe'+os.sep+'peframe' in path:
+		portable = True
+if portable:
+	from modules import directories
+	from modules import features
+	from modules import apialert
+	from modules import yara_check
+	from modules import meta
+	from modules import virustotal
+	from modules import sections
+	from modules import fileurl
+	from modules import macro
+else:
+	from peframe.modules import directories
+	from peframe.modules import features
+	from peframe.modules import apialert
+	from peframe.modules import yara_check
+	from peframe.modules import meta
+	from peframe.modules import virustotal
+	from peframe.modules import sections
+	from peframe.modules import fileurl
+	from peframe.modules import macro
+
+
 
 def version():
-	return "6.0.1"
+	return "6.0.2"
 
 def get_datetime_now():
 	return datetime.now()

peframe-cli.py → peframe/peframecli.py

@@ -6,19 +6,29 @@
 import os
 import sys
 import json
-import peframe
 import readline
 import argparse
 from argparse import RawTextHelpFormatter
-from modules import autocomplete
-from modules import virustotal
-from modules import features
+
+portable = False
+for path in sys.path:
+	if os.sep+'peframe'+os.sep+'peframe' in path:
+		portable = True
+if portable:
+	import peframe
+	from modules import autocomplete
+	from modules import virustotal
+	from modules import features
+else:
+	from peframe import peframe
+	from peframe.modules import autocomplete
+	from peframe.modules import virustotal
+	from peframe.modules import features
 
 # TODO
 # [ ] get_data_by_offset
-# [ ] setuptools
 
-__version__ = '6.0.1'
+__version__ = peframe.version()
 
 def header(title):
 	print ('\n')
@@ -166,7 +176,6 @@ def show_config():
 	intro = 'Path(s) to configuration file(s):'
 	message = '\napi_config: '+api_config+'\nstring_match: '+string_match+'\nyara_plugins: '+yara_plugins
 	return message
-	#sys.exit()
 
 def get_info():
 	header('File Information (time: ' + str(result['time']) + ')')
@@ -268,7 +277,7 @@ def get_info():
 )
 
 parser.add_argument("file", help="sample to analyze")
-parser.add_argument("-v", "--version", action='version', version='%(prog)s 6.0.1')
+parser.add_argument("-v", "--version", action='version', version='%(prog)s '+str(__version__))
 parser.add_argument("-i", "--interactive", help="join in interactive mode", action='store_true', required=False)
 parser.add_argument("-x", "--xorsearch", help="search xored string", required=False)
 parser.add_argument("-j", "--json", help="export short report in JSON", action='store_true', required=False)
@@ -416,3 +425,5 @@ def get_info():
 		header('Fuzzing')
 		for k, v in result['strings']['fuzzing'].items():
 			print (k)
+
+sys.exit()

setup.py

@@ -0,0 +1,75 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# ----------------------------------------------------------------------
+# This file is part of peframe
+# ----------------------------------------------------------------------
+
+from setuptools import setup
+from codecs import open  # To use a consistent encoding
+from os import path
+
+from peframe import peframe
+
+#here = path.abspath(path.dirname(__file__))
+
+with open('requirements.txt') as f:
+	required = f.read().splitlines()
+
+setup(
+	name='peframe',
+	version=peframe.version(),
+
+	description='PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.',
+	url='https://github.com/guelfoweb/peframe',
+
+	author='Gianni \'guelfoweb\' Amato',
+	author_email='guelfoweb@gmail.com',
+
+	license='GNU',
+
+	# See https://pypi.python.org/pypi?%3Aaction=list_classifiers
+	classifiers=[
+		# How mature is this project? Common values are
+		#   3 - Alpha
+		#   4 - Beta
+		#   5 - Production/Stable
+		'Development Status :: 3 - Production/Stable',
+
+		# Indicate who your project is intended for
+		'Intended Audience :: Developers',
+		'Topic :: Software Development :: Build Tools',
+
+		# Pick your license as you wish (should match "license" above)
+		'License :: OSI Approved :: GNU General Public License (GPL)',
+
+		# Specify the Python versions you support here. In particular, ensure
+		# that you indicate whether you support Python 2, Python 3 or both.
+		'Programming Language :: Python :: 3',
+		'Programming Language :: Python :: 3.6',
+		'Programming Language :: Python :: 3.7',
+	],
+
+	keywords='peframe',
+
+	packages=["peframe", "peframe.modules"],
+	package_data={
+		'peframe': [
+			'config/config-peframe.json',
+			'signatures/stringsmatch.json',
+			'signatures/yara_plugins/doc/*.yar',
+			'signatures/yara_plugins/pdf/*.yar',
+			'signatures/yara_plugins/pe/*.yar',
+			'signatures/yara_plugins/pe/*.yara',
+			], 
+	},
+
+	install_requires=required,
+
+	entry_points={
+		'console_scripts': [
+			'peframe=peframe.peframecli',
+		],
+	},
+
+)