Beispiel #1
0
def bot_scan_backend(community, redis, consumer_name, api_key):
    session = requests.Session()
    api = PolyswarmAPI(api_key, community=community)
    consumer = EventConsumer(['scan-requests'], 'bot-scan-backend',
                             consumer_name, get_walrus_db(redis), ScanRequest)
    producer = EventProducer('scan-results', get_walrus_db(redis))

    waiter = ResultWaiter(api, producer)

    with ThreadPoolExecutor() as pool:
        for event in consumer.iter_events():
            try:
                event = ScanRequest()
                if event.artifact_type == 'FILE':
                    stream = session.get(event.uri, stream=True).raw
                    result = api.submit(stream)
                elif event.artifact_type == 'URL':
                    result = api.submit(
                        event.uri, artifact_type=resources.ArtifactType.URL)
                else:
                    logger.warning(
                        'Unsupported artifact type %s, maybe update this backend',
                        event.artifact_type)
                    continue
                future = pool.submit(waiter.wait_for_result, result.id,
                                     event.context)

            except Exception as e:
                logger.exception('Exception occurred processing event %s: %s',
                                 event, e)
Beispiel #2
0
 def __init__(self, apikey):
     self.polyswarm_api = PolyswarmAPI(apikey)
     self.alert_output = {}
     self.alert_output['integration'] = INTEGRATION_NAME
     self.alert_output['polyswarm'] = {}
     self.alert_output['polyswarm']['found'] = 0
     self.alert_output['polyswarm']['malicious'] = 0
Beispiel #3
0
    def each_with_type(self, target, file_type):
        self.results = dict()

        poly = PolyswarmAPI(key=self.api_key)

        if file_type == 'url' or file_type == 'msg' or file_type == 'eml':
            pass
        else:
            positives = 0
            total = 0
            sha256 = None
            if file_type == "hash":
                sha256 = target.lower()
            else:
                sha256 = hashlib.sha256(open(target, 'r').read()).hexdigest()
                try:
                    response = poly.search(sha256)
                    self.results['scans'] = list()
                    for result in response:
                        if result.assertions:
                            for assertion in result.assertions:
                                if assertion.verdict:
                                    self.results['scans'].append({'av': assertion.author_name, 'veredict': 'Malware'})
                                    positives += 1
                                total += 1

                            self.results['total'] = "{0}/{1}".format(positives, total)
                            self.results['positives'] = positives
                            self.results['PolyScore'] = result.polyscore
                            self.results['permalink'] = result.permalink
                            self.results['message'] = "Hash found"
                            return True
                        else:
                            return False
                except NoResultsException:
                    return False
                except Exception as error:
                    return False