Skip to content

Added checks (Malwr, ThreatExpert) #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
digital4rensics wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Added checks (Malwr, ThreatExpert) #1

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
62c8992
Added Malwr.com Check
digital4rensics Nov 29, 2012
997f885
Added ThreatExpert Detection
digital4rensics Nov 30, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 41 additions & 8 deletions FileLookup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,7 @@ def main():
# Verify supplied path exists or die
if not os.path.exists(args['Path']):
print "[!] The supplied path does not exist"
sys.exit()

# Verify supplied path exists or die
if not os.path.exists(args['Path']):
print "[!] The supplied path does not exist"
sys.exit()
sys.exit()

def doWork(file):
results = []
Expand All @@ -64,7 +59,9 @@ def doWork(file):
results.append("VirusTotal:\t\t%s" % virustotal(file))
results.append("Cymru:\t\t\t%s" % cymru(file))
results.append("ShadowServer A/V:\t%s" % ss_av(file))
results.append("ShadowServer Known:\t%s" % ss_known(file))
results.append("ShadowServer Known:\t%s" % ss_known(file))
results.append("Malwr Known:\t\t%s" % malwr(file))
results.append("ThreatExpert Known:\t%s" % threatexpert(file))
results.append("")

print '\n'.join(results)
Expand Down Expand Up @@ -246,7 +243,43 @@ def cymru(file):
except socket.error:
result = "Error"

return result
return result

# Added 11/29/2012 by Keith Gilbert - @digital4rensics
def malwr(file):
"""
Return existence of Report in Malwr database.
site : http://www.malwr.com
"""
hash = md5(file)
url = 'http://malwr.com/analysis/' + hash + '/'
try:
present = urllib2.urlopen(url).read()
for line in present.split('\n'):
if line.find("Malwr - Analysis") == 1:
return "Matching Report"
else:
return "No Match"
except:
return "Error"

# Added 11/29/2012 by Keith Gilbert - @digital4rensics Note: Greatly increases time required
def threatexpert(file):
"""
Return existence of report in ThreatExpert database.
site : http://www.threatexpert.com
"""
hash = md5(file)
url = 'http://threatexpert.com/report.aspx?md5=' + hash
try:
page = urllib2.urlopen(url).read()
for line in page.split('\n'):
if line.find("Submission Summary:") == 1:
return "Matching Report"
else:
return "No Match"
except:
return "Error"

if __name__ == "__main__":
main()