diff --git a/FileLookup.py b/FileLookup.py index b01acdd..1b254c1 100644 --- a/FileLookup.py +++ b/FileLookup.py @@ -49,12 +49,7 @@ def main(): # Verify supplied path exists or die if not os.path.exists(args['Path']): print "[!] The supplied path does not exist" - sys.exit() - - # Verify supplied path exists or die - if not os.path.exists(args['Path']): - print "[!] The supplied path does not exist" - sys.exit() + sys.exit() def doWork(file): results = [] @@ -64,7 +59,9 @@ def doWork(file): results.append("VirusTotal:\t\t%s" % virustotal(file)) results.append("Cymru:\t\t\t%s" % cymru(file)) results.append("ShadowServer A/V:\t%s" % ss_av(file)) - results.append("ShadowServer Known:\t%s" % ss_known(file)) + results.append("ShadowServer Known:\t%s" % ss_known(file)) + results.append("Malwr Known:\t\t%s" % malwr(file)) + results.append("ThreatExpert Known:\t%s" % threatexpert(file)) results.append("") print '\n'.join(results) @@ -246,7 +243,43 @@ def cymru(file): except socket.error: result = "Error" - return result + return result + +# Added 11/29/2012 by Keith Gilbert - @digital4rensics +def malwr(file): + """ + Return existence of Report in Malwr database. + site : http://www.malwr.com + """ + hash = md5(file) + url = 'http://malwr.com/analysis/' + hash + '/' + try: + present = urllib2.urlopen(url).read() + for line in present.split('\n'): + if line.find("Malwr - Analysis") == 1: + return "Matching Report" + else: + return "No Match" + except: + return "Error" + +# Added 11/29/2012 by Keith Gilbert - @digital4rensics Note: Greatly increases time required +def threatexpert(file): + """ + Return existence of report in ThreatExpert database. + site : http://www.threatexpert.com + """ + hash = md5(file) + url = 'http://threatexpert.com/report.aspx?md5=' + hash + try: + page = urllib2.urlopen(url).read() + for line in page.split('\n'): + if line.find("Submission Summary:") == 1: + return "Matching Report" + else: + return "No Match" + except: + return "Error" if __name__ == "__main__": main()