forked from PaulSec/API-malwr.com
-
Notifications
You must be signed in to change notification settings - Fork 0
/
malwr-cli.py
executable file
·102 lines (97 loc) · 3.43 KB
/
malwr-cli.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#! /usr/bin/env python2
from MalwrAPI import MalwrAPI
import argparse
import ConfigParser
import os
import hashlib
def md5(fname):
hash_md5 = hashlib.md5()
with open(fname, "rb") as f:
for chunk in iter(lambda: f.read(4096), b""):
hash_md5.update(chunk)
return hash_md5.hexdigest()
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='CLI interface for malwr.com')
parser.add_argument('-S', '--submit', help='Submit the file')
parser.add_argument('-s', '--search', help='Search for the string or the file')
parser.add_argument(
'-d', '--domains', help='List recent domains',
action="store_true"
)
parser.add_argument(
'-t', '--tags', help='List public tags',
action="store_true"
)
parser.add_argument(
'-r', '--recent', help='List recent analyses',
action="store_true"
)
parser.add_argument(
'-p', '--private', help='Submit file as private',
action="store_true"
)
parser.add_argument(
'-n', '--no-share', help='Do not shared the submitted file',
action="store_false"
)
args = parser.parse_args()
# Read the config file
authentication = None
try:
# FIXME : authenticate only if needed
config = ConfigParser.RawConfigParser()
config.read(os.path.expanduser('~/.malwr'))
apikey = config.get('Malwr', 'apikey')
user = config.get('Malwr', 'user')
pwd = config.get('Malwr', 'password')
authentication = {
'apikey': apikey,
'user': user,
'password': pwd
}
api = MalwrAPI(verbose=True, username=user, password=pwd)
except:
print('Trouble with ~/.malwr config file, authenticated features unavailable')
api = MalwrAPI(verbose=True)
if args.search is not None:
if os.path.isfile(args.search):
fhash = md5(args.search)
print('Search for hash %s (file %s)' % (fhash, args.search))
res = api.search(fhash)
else:
print('Search for %s' % args.search)
res = api.search(args.search)
if res is False:
print('failed login')
else:
if res == []:
print('No results')
else:
for d in res:
print(
'%s\t%s\t%s\thttps://malwr.com%s' % (
d['submission_time'], d['file_name'],
d['hash'], d['submission_url']
)
)
elif args.submit is not None:
res = api.submit_sample(
filepath=args.submit, share=args.no_share,
private=args.private
)
print('File submitted : https://malwr.com%s for %s (hash: %s)' % (res['analysis_link'], res['file'], res['md5']))
elif args.domains:
res = api.get_recent_domains()
print('Recent domains:')
for d in res:
print('%s -> https://malwr.com%s' % (d['domain_name'], d['url_analysis']))
elif args.tags:
res = api.get_public_tags()
print('Public tags:')
for t in res:
print(t)
elif args.recent:
res = api.get_recent_analyses()
print('Recent analyses:')
for d in res:
print('%s -> https://malwr.com%s' % (d['hash'], d['submission_url']))