def processLines(lines, resultFile, nocsv=False, debug=False):
"""
Process the input file line by line
"""
# Infos of the current batch
infos = []
printHighlighted("[+] Processing %d lines ..." % len(lines))
# Sorted
if args.sort:
lines = sorted(lines)
for i, line in enumerate(lines):
# Measure time (used for VT request throttling)
start_time = time.time()
# Process the line
info, cooldown_time = processLine(line, debug)
# Empty result
if not info or (info['md5'] == "-" and info['sha1'] == "-"
and info['sha256'] == "-"):
continue
# Print result
printResult(info, i, len(lines))
# Comment on Sample
if args.comment and info['sha256'] != "-":
munin_vt.commentVTSample(info['sha256'],
"%s %s" % (args.p, info['comment']))
# Download Samples
if args.download and 'sha256' in info:
downloadHybridAnalysisSample(info['sha256'])
downloadMalwareBazarSample(info['sha256'])
elif args.debug and args.download:
print("[D] Didn't start download: No sha256 hash found!")
# Print to CSV
if not nocsv:
writeCSV(info, resultFile)
# Add to infos list
infos.append(info)
# Comparison Checks
peChecks(info, infos)
# Platform Checks
platformChecks(info)
# Wait the remaining cooldown time
time.sleep(cooldown_time)
return infos
def main():
init(autoreset=False)
print(Style.RESET_ALL)
print(Fore.BLACK + Back.WHITE)
print(" _ _ _ _ ______ _____ ______ ".ljust(80))
print(" | | | | | | | | | | ____ | | | | \ \ (.\\ ".ljust(80))
print(" | |--| | | | | | | | | | | | | | | | |/(\\ ".ljust(80))
print(" |_| |_| \_|__|_| |_|__|_| _|_|_ |_| |_| \\ \\\\".ljust(80))
print(
" \" \"'\\ ".ljust(80))
print(" ".ljust(80))
print(" Result Checker for Virustotal Retrohunts".ljust(80))
print((" " + __AUTHOR__ + " - " + __VERSION__ + "").ljust(80))
print(" ".ljust(80) + Style.RESET_ALL)
print(Style.RESET_ALL + " ")
parser = argparse.ArgumentParser(description='Retrohunt Checker')
parser.add_argument('-r',
help='Name for the queried retrohunt',
metavar='retrohunt-name',
default='')
parser.add_argument('-i',
help='Name of the ini file that holds the VT API key',
metavar='ini-file',
default=os.path.dirname(os.path.abspath(__file__)) +
'/munin.ini')
parser.add_argument('--csv-path',
help='Write a CSV with the results',
default='retrohunt_results.csv')
parser.add_argument('--debug',
action='store_true',
default=False,
help='Debug output')
parser.add_argument('--comments',
help='Download VirusTotal comments',
action='store_true',
default=False)
parser.add_argument(
'--no-comments',
help='Deprecated - set by default, doesn\'t do anything',
default=False)
args = parser.parse_args()
# PyMISP error handling > into Nirvana
logger = logging.getLogger("pymisp")
logger.setLevel(logging.CRITICAL)
if args.debug:
logger.setLevel(logging.DEBUG)
# Read the config file
config = configparser.ConfigParser()
try:
config.read(args.i)
munin_vt.VT_PUBLIC_API_KEY = config['DEFAULT']['VT_PUBLIC_API_KEY']
try:
connections.setProxy(config['DEFAULT']['PROXY'])
except KeyError as e:
print(
"[E] Your config misses the PROXY field - check the new munin.ini template and add it to your "
"config to avoid this error.")
except Exception as e:
traceback.print_exc()
print(
"[E] Config file '%s' not found or missing field - check the template munin.ini if fields have "
"changed" % args.i)
print("[+] Retrieving Retrohunt results ...")
found_files = munin_vt.getRetrohuntResults(args.r, not args.comments,
args.debug)
print("[+] Retrohunt results retrieved")
csv_filename = args.csv_path
writeCSVHeader(csv_filename)
for i, file_info in enumerate(found_files):
printResult(file_info, i, len(found_files))
writeCSV(file_info, csv_filename)