In this second release we will include some of the features which we consider to be relevant:
- The Neto console. Is the main use included within this version. It deals with a small interface of commands which we invoke with
neto consoleand from that we can execute different analysis commands in an interactive way which we will see further on in this post.
- The folder settings. In this prerelease we have also included a series of file settings which will generate during the installation. In systems GNU/Linux the folder settings will be created in
/home//.config/ElevenPaths/Netoand furthermore, will be the place in which we store the main folder settings and some of the backups, a reference folder where we can store the analysis results. In Windows systems this folder will be created in
- Visualisation of the analyses’ characteristics carried out in CLI. Thus, the analyst can check from the command line the main extracted characteristics from the analysis, such as the hash extension, the permissions used, the scripts which load in each tab or in the background and also the valuation which Virustotal does from the archive; without the need of manually exploring the JSON. The JSON will continue to be generated with the complete data.
pip3 install neto
pip3 install neto --upgrade
sudoif we are not administrators and we do not have privileges to add it, use
--'user'in order to install it only for the actual user.
neto console, which will open an interactive interface.
helpcommand, in order to see which options we have.
'help' commandto see the available help and some examples of how to use it:
- analyse. The main analysis command. It will be followed by the key words «local» or «remote» depending on whether the extension which we are going to analyze is stored locally or if we provide a remote URL. If we select the local option, we can autocomplete the contained extension names in the
'working_directory'which we have defined.
- delete. A command utilized to delete the analyses which have been carried out. It is in charge of deleting the analysis files which have not been useful. We can make reference to the analysis by carrying it out with the reserved words ALL or SELECTED, as well as by the extension name. It must be used with caution in order to avoid any issues.
- deselect. It is the reverse command to
deselect. It will highlight an extension as selected if you specify the same name in a literal form. You can also use the reserved word «ALL».
- details. Shows the most relevant extension information which we can select using the autocomplete functions. It deals with the same information which we would see after carrying out the analysis using the CLI. If we want the complete details of the JSON we can use
- exit. Closes the console.
- full_details. Shows the corresponding JSON for the selected extension.
- grep. A literal search command in the already stored analyses. The extension names will be returned which contain the chain’s literal text which we have included below with the name. By default, the search will be carried out only on the extensions which have been selected. In the case that none of them have been selected, it will carry it out on all of them.
- help. The command which gives support.
- list. With this we will list the analyses which have been carried out. We can also utilize the reserved words «ALL» and «SELECTED», the wildcard
«*» in order to indicate extensions which start by a determined text chain (e. g.:
- select. Is a command used to select some of the extensions which we have previously seen (for example, in order to erase them or to search for them).
- set. It deals with a command which we will use to modify some specific values of the interface options, such as the working directory.
- show. We will utilize this command only to show the tool’s information, such as its generic data (using
show info) or the interface options (using
- update. Update the list of known extensions. This is useful if whilst we maintain the interface open we have another process behind (for example, the CLI launched with
neto analyse -e miextension.xpi) which continues adding extensions.
Although the state of the Neto development is still clearly a work in progress, our Innovation Laboratory at ElevenPaths wants to continue enhancing the tool’s characteristics. In the next few weeks we will talk about how to develop new analysis plugins in order to add new characteristics which we will find in the extensions, and in some cases in those in which the tool can be helpful in analyzing the extension’s characteristics at a glance. Meanwhile, in order to continue improving little by little you can always let us know any doubts which you may have in respect to how it functions and also any issues within the Github project. Any feedback will be well received.