def sandbox_data(hash,malwr_user,malwr_pass):
# Hybrid-Analysis Report If There Is One
check = 'https://www.hybrid-analysis.com/sample/' + hash
if url_ok(check) == True:
hybrid_analysis_link = check
else:
hybrid_analysis_link = '-'
# Malwr Report
try:
api_authenticated = MalwrAPI(verbose=True, username=malwr_user, password=malwr_pass)
res = api_authenticated.search(search_word=hash)
# Remove The Dictionary From The List
tmp = res[0].copy()
res = tmp.copy()
# Add Domain
res['submission_url'] = 'https://malwr.com' + tmp['submission_url']
except:
res = {'submission_url': '-', 'file_name': '-', 'submission_time': '-'}
sandbox = {'hybrid_analysis_link':hybrid_analysis_link, 'malwr_link':res['submission_url'], 'malwr_file_name': res['file_name'], 'malwr_submission_time': res['submission_time']}
return sandbox
from MalwrAPI import MalwrAPI
import requests
from bs4 import BeautifulSoup
api_authenticated = MalwrAPI(verbose=True, username='******', password='******')
#api_authenticated = MalwrAPI(verbose=True)
#res = api_authenticated.submit_sample(filepath='/tmp/waga.exe')
#print res
res = api_authenticated.search(search_word='name:SimDisk_setup.exe')
exit()
#print res
for i in res:
print "HASH : ",i['hash']
headers = {'User-Agent': 'Mozila 5.0'}
url='https://malwr.com'+res[1]['submission_url']+'#network_http_tab'
r = requests.post(url, headers=headers)
soup = BeautifulSoup(r.text, "lxml")
print soup
from MalwrAPI import MalwrAPI
# Unauthenticated way, verbose mode ON
api_unauthenticated = MalwrAPI(verbose=True)
print "\nRecent domains"
res = api_unauthenticated.get_recent_domains()
print res
print "\nPublic tags"
res = api_unauthenticated.get_public_tags()
print res
print "\nRecent Analysis"
res = api_unauthenticated.get_recent_analyses()
print res
print "\nLast comments"
res = api_unauthenticated.get_latest_comments()
print res
res = api_unauthenticated.submit_sample('/tmp/test.txt')
print res
# Use the API the authenticated way
api_authenticated = MalwrAPI(verbose=True, username='******', password='******')
res = api_authenticated.submit_sample(filepath='/tmp/waga.exe')
print res
res = api_authenticated.search(search_word='string:kali')
# Read the config file
authentication = None
try:
# FIXME : authenticate only if needed
config = ConfigParser.RawConfigParser()
config.read(os.path.expanduser('~/.malwr'))
apikey = config.get('Malwr', 'apikey')
user = config.get('Malwr', 'user')
pwd = config.get('Malwr', 'password')
authentication = {
'apikey': apikey,
'user': user,
'password': pwd
}
api = MalwrAPI(verbose=True, username=user, password=pwd)
except:
print('Trouble with ~/.malwr config file, authenticated features unavailable')
api = MalwrAPI(verbose=True)
if args.search is not None:
if os.path.isfile(args.search):
fhash = md5(args.search)
print('Search for hash %s (file %s)' % (fhash, args.search))
res = api.search(fhash)
else:
print('Search for %s' % args.search)
res = api.search(args.search)
if res is False:
print('failed login')
else:
'--no-share',
help='Do not shared the submitted file',
action="store_false")
args = parser.parse_args()
# Read the config file
authentication = None
try:
# FIXME : authenticate only if needed
config = ConfigParser.RawConfigParser()
config.read(os.path.expanduser('~/.malwr'))
apikey = config.get('Malwr', 'apikey')
user = config.get('Malwr', 'user')
pwd = config.get('Malwr', 'password')
authentication = {'apikey': apikey, 'user': user, 'password': pwd}
api = MalwrAPI(verbose=True, username=user, password=pwd)
except:
print(
'Trouble with ~/.malwr config file, authenticated features unavailable'
)
api = MalwrAPI(verbose=True)
if args.search is not None:
if os.path.isfile(args.search):
fhash = md5(args.search)
print('Search for hash %s (file %s)' % (fhash, args.search))
res = api.search(fhash)
else:
print('Search for %s' % args.search)
res = api.search(args.search)
if res is False:
def main(self, input):
output = {"data": [], "state": []}
# Check on earlier submissions
for item in input["state"]:
if item["status"] == "completed":
continue
elif not item["status"] == "analyzed":
try:
payload = {"api_key": api_key, "uuid": item["job_id"]}
results = requests.get(
"https://malwr.com/api/analysis/status/",
params=payload)
if results == b'Unknown analysis UUID':
self.log(
"The UUID ({0}) for this submission is invalid. Please resubmit manually."
.format(item["job_id"]))
elif results.status_code is not "200":
self.log(
"Received HTTP status {0}".format(
results.status_code), "warn")
else:
try:
results = json.loads(str(results)[2:-1])
except:
self.log(
"Unable to parse Malwr.com response as JSON:\n{0}"
.format(results),
"fail",
force=True)
continue
# We only need to do anything if the status is "completed"
if results["status"] == "completed":
item["status"] = "analyzed"
output["state"].append(item.copy())
self.log("Analysis of {0} is {1}.".format(
item["sha256"][-20:], results["status"]))
except:
self.log(
"Progress check of job {0} didn't go so well.".format(
item["job_id"]))
if self.debug: raise
# Gather information on completed items
if item["status"] == "analyzed":
data = self.output().stored_properties
link = "http://malwr.com/analysis/{0}".format(item["job_id"])
try:
temp = requests.get(link)
temp = BeautifulSoup(temp.text, "lxml")
network = temp.find_all("div", id="network")
# This shouldn't happen, but might if something changes
if network == []:
ret = "Error"
self.log(
"Failed to obtain Malwr report for job {0}".format(
item["job_id"]), "warn")
else:
network = network[0].find_all("div",
class_="tab-content")
self.log(
"Obtained report information for job {0}".format(
item["job_id"]))
data["sha256"] = item["sha256"]
data["filename"] = item["filename"]
data["addresses"] = self.get_addresses(network)
data["domains"] = self.get_domains(network)
#data["packets"] = extract the packets somehow
data["link"] = link
data["adapter"] = "Malwr"
item["status"] = "completed"
output["data"].append(data)
output["state"].append(item)
return network
except:
self.log("Failed to obtain Malwr report")
if self.debug: raise
seen_items = [x["sha256"] for x in input["state"]]
# Submit new items
for item in input["data"]:
if item["sha256"] in seen_items:
continue
state = self.stored_properties
self.log("Submitting {0} for analysis.".format(item["filename"]))
api_authenticated = MalwrAPI(verbose=False)
res = api_authenticated.submit_sample(
filepath="{0}/{1}".format(item["filepath"], item["filename"]))
if not res:
self.log(
"Unable to submit sample {0}".format(item["filename"]),
"warn")
elif res == "Already submitted":
self.log(
"File analysis already in progress. I'll check again next run."
)
else:
state["status"] = "pending"
# Malwr.com only gives an analysis link, rather than giving the UUID directly
# So we have to do silly things to get the UUID... *grumble grumble*
uuid = str(res['analysis_link'])
uuid = uuid[uuid.find('/', 1) + 1:len(uuid) - 1]
state["job_id"] = uuid[uuid.find('/') + 1:]
state["sha256"] = item["sha256"]
state["filename"] = item["filename"]
output["state"].append(state)
return output
errMsg = "\nnon existant file or directory , maybe bad login or password\n\n"
sys.stderr.write(errMsg)
directoryToSubmit = None
except StandardError as e:
errMsg = "\nnon existant file or directory , maybe bad login or password\n\n"
sys.stderr.write(errMsg)
sys.stderr.write(str(e))
sys.stderr.write("\n\n")
sys.exit(3332)
if len(sys.argv) <= 6:
errMsg = "\nbad args\n\n" + "exec " + sys.argv[0] + " -h to get help\n\n"
sys.stderr.write(errMsg)
sys.exit(3333)
api_authenticated = MalwrAPI(verbose=False, username=login, password=password)
if fileToSubmit != None:
res = api_authenticated.submit_sample(fileToSubmit)
for key, value in res.items():
if key == "analysis_link":
fileUrl = "https://malwr.com" + value
if key == "file":
fileMsg = value + " -> " + fileUrl
print fileMsg
sys.exit(0)
if directoryToSubmit != None:
res = api_authenticated.submit_folder(directoryToSubmit)
for i in res:
for key, value in i.items():
if key == "analysis_link":
from MalwrAPI import MalwrAPI
res = MalwrAPI({'verbose': True}).get_recent_domains()
print res
res = MalwrAPI({'verbose': True}).get_public_tags()
print res
res = MalwrAPI({'verbose': True}).get_recent_analyses()
print res
res = MalwrAPI({'verbose': True}).get_latest_comments()
print res
res = MalwrAPI({'verbose': True}).submit_sample('/tmp/test.txt')
print res
res = MalwrAPI({
'verbose': True
}).search(LOGIN_MALWR, PASSWORD_MALWR, WORD_TO_SEARCH)
print res