forked from Malshare/MalShare-Toolkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
wget_malshare_daily
executable file
·183 lines (153 loc) · 6.43 KB
/
wget_malshare_daily
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
#! /usr/bin/env python
# Copyright (C) 2013 Malshare Developers.
# Pull All Daily MD5 Hashes
# 02/21/2014 Modified by Jun Xie <jxie2004@gmail.com>
# to download a single day: wget_malshare_daily -d 2014-01-27
# to download samples within a range: wget_malshare_daily -s 2014-01-27 -e 2014-02-07
#
# Sciprt will create the folder named by date automatically under current directory
import argparse
import logging
import requests
import sys
import os
import re
import sys
import string
from datetime import datetime, date, timedelta
api_key =""
logging.basicConfig(format='%(asctime)s %(levelname)s:%(message)s', level=logging.WARNING)
def main():
global api_key
parser = argparse.ArgumentParser()
parser.add_argument("-k", "--apikey", help="API Key", required=False)
parser.add_argument("-o", "--outfolder", help="Folder to save samples to", required=False)
parser.add_argument("-x", "--vxcage", help="VXCage server", required=False)
parser.add_argument("-d", "--date", type=str, help="Specify the date to download. If not specified, download today's. Format:yyyy-mm-dd.", required=False)
parser.add_argument("-s", "--sdate", type=str, help="Specify the start date to download. Format:yyyy-mm-dd.", required=False)
parser.add_argument("-e", "--edate", type=str, help="Specify the end date to download. Format:yyyy-mm-dd.", required=False)
global api_key
args = parser.parse_args()
if args.apikey:
api_key = args.apikey
if (not api_key):
logging.error("API Key not entered")
sys.exit(1)
if args.sdate and args.edate:
start_date = datetime.strptime(args.sdate, '%Y-%m-%d').date()
end_date = datetime.strptime(args.edate, '%Y-%m-%d').date()
if end_date < start_date:
print("end_date(%s) is earlier than start_date(%s)" % (str(end_date), str(start_date)))
sys.exit(1)
temp_date = start_date
if not args.outfolder:
args.outfolder="./"
while temp_date <= end_date:
temp_date_str = str(temp_date)
temp_date += timedelta(days=1)
print("%s" % temp_date_str)
sub_path = temp_date_str+'/malshare_fileList.'+temp_date_str+'.txt'
#if not args.outfolder:
outfolder = args.outfolder+temp_date_str
if (os.path.exists(outfolder)):
#if the directory exist, bypass it, cause we already downloaded this folder
continue
download_daily(args.vxcage, outfolder, sub_path)
sys.exit(0)
if args.date:
date_str = str(datetime.strptime(args.date, '%Y-%m-%d').date())
sub_path = date_str+'/malshare_fileList.'+date_str+'.txt'
# automatically create date directory under current directory if outfolder is not specified
if not args.outfolder:
args.outfolder = date_str
else:
sub_path = 'malshare.current.txt'
print "sub_path", sub_path
#sys.exit(0)
#download samples of this date
download_daily(args.vxcage, args.outfolder, sub_path)
def download_daily(vxcage, outfolder, sub_path):
if outfolder:
if (not os.path.exists(outfolder)):
os.makedirs(outfolder)
#os.chdir(args.outfolder)
for md5_hash in pull_daily_list(sub_path):
if "<!DOCTYPE HTML PUBLIC" in md5_hash:
print("%s doesn't exist! skip." % sub_path)
os.rmdir(outfolder)
break
if (md5_hash):
logging.info("Downloading %s" % md5_hash)
print md5_hash
pull_file(md5_hash, vxcage, outfolder)
def pull_daily_list(sub_path):
try:
url = "http://www.malshare.com/daily/"+sub_path
print url
user_agent = {'User-agent': 'wget_malshare daily 1.0'}
r = requests.get(url, headers=user_agent)
for line in r.content.split('\n'):
logging.debug("Yield line: %s" % line)
yield line
logging.debug("No more lines")
except Exception as e:
logging.error("Problem connecting. Please Try again.")
logging.exception(sys.exc_info())
logging.exception(type(e))
logging.exception(e.args)
logging.exception(e)
logging.error("Return None")
yield None
pass # in batch download mode, if one date doesn't exist, skip to next date
def pull_file(file_hash, vxcage, outfolder):
try:
if not outfolder:
outfolder = '.'
malshare_url = "http://malshare.com/sampleshare.php"
payload = {'action': 'getfile', 'api_key': api_key, 'hash' : file_hash }
user_agent = {'User-agent': 'wget_malshare daily 1.0'}
r = requests.get(malshare_url, params=payload, headers=user_agent)
sample = r.content
if (sample == "Sample not found"):
logging.error("Sample not Found")
return None
if (sample == "ERROR! => Account not activated"):
logging.error("Bad API Key")
return None
if outfolder:
open(os.path.join(outfolder, file_hash),"wb").write(sample)
logging.info("Saved %s" % file_hash)
if vxcage:
vxcage_url = vxcage + "/malware/add"
files = {'file': sample }
payload = {'tags' : 'malshare'}
r = requests.post(vxcage_url, files=files, data=payload, headers=user_agent)
if r.json()['message'] == 'added':
logging.info("Uploaded %s to VXCage" % file_hash)
except Exception as e:
logging.error("pull_file: Problem connecting. Please Try again.")
logging.exception(sys.exc_info())
logging.exception(type(e))
logging.exception(e.args)
logging.exception(e)
sys.exit(1)
def stored_api_check():
global api_key
try:
if ( os.path.exists(os.path.expanduser('~') + '/.malshare' ) ):
with open( os.path.expanduser('~') + '/.malshare' ) as handle_api_file:
api_key = func_parse_api_key(handle_api_file.readlines())
return True
elif ( os.path.exists('.malshare' ) ):
with open( '.malshare' ) as handle_api_file:
api_key = func_parse_api_key(handle_api_file.readlines())
return True
except IOError:
pass
return False
def func_parse_api_key(lst_tmp_key):
str_tmp_key = "".join(lst_tmp_key).rstrip()
if re.match("^[A-Za-z0-9]+$", str_tmp_key):
return str_tmp_key
if __name__ == "__main__":
main()