-
Notifications
You must be signed in to change notification settings - Fork 15
/
ddom.py
121 lines (105 loc) · 5.04 KB
/
ddom.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# from torrequest import TorRequest
import argparse
from modules.malshare import malshare
from modules.malcode import malcode
from modules.cymon import cymon
from modules.google import google
from modules.colors import bcolors
# User-Agent
headers = {
'User-Agent': "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
}
choices = ["cymon", "malshare", "malcode", "google"]
choices_cymon = ["vxvault", "malcode", "cct", "ponyc2"]
parser = argparse.ArgumentParser(description='Daily dose of malware')
group = parser.add_mutually_exclusive_group()
parser.add_argument('-s', '--source', type=str, default="", choices=choices, nargs="*",
help='source of feed. Allowed values are ' + ', '.join(choices), metavar='')
parser.add_argument('-cs', '--cymonsource', type=str, metavar="", default=[],
help='Additional source for Cymon. Allowed values are ' + ",".join(choices_cymon), nargs="*")
group.add_argument('-d', '--download', help='download malware', action='store_true')
group.add_argument('-o', '--output', help='print to console', action='store_true')
group.add_argument('-e', '--export', help='export to text file', action='store_true')
args = parser.parse_args()
# def tor_req():
# with TorRequest() as tr:
# response = tr.get('http://ipecho.net/plain')
# print(response.text) # not your IP address
#
# tr.reset_identity()
#
# response = tr.get('http://ipecho.net/plain')
# print(response.text) # another IP address, not yours
# def minotr():
# req = requests.get("https://minotr.net/data/recentsamples", headers=headers)
# soup = BeautifulSoup(req.text)
# table = soup.findAll("div", {"class": "col-lg-12 col-md-12 col-sm-12 col-xs-12", "style": "word-break:break-word;"})
#
# print "Brought to you by The Minotaur Project\n" \
# "The Minotaur Project is an ongoing research project by the team at NovCon Solutions.\n" \
# "It is being built as a hub for security professionals, researchers and enthusiasts to discover new threats and discuss mitigations.\n" \
# "It is a combination of 3rd-party opensource software, local datasets, new analysis tools, and more." \
# "http://minotr.net"
# print "++++++++++++++++++++++++++++++++++++"
#
# for i in table:
# print i.contents[2].strip()
# print i.contents[4].strip()
# print i.contents[6].strip()
#
# print "-----------------------------------"
def help():
print(bcolors.OKGREEN + """. . Daily dose of malware. . . .
. . : . .. :. .___---------___.
Script lets you gather:.. ._".^ .^ ^. '.. :"-_. .+..:.
malicious software ...:/ . .^ :.:\.
and c&c servers .:. :: /: . . . . . .:\:..
from Open Source :: /: . ^ . . .:\:.
platforms like: :.:. /. . .:\.
Malshare, Malcode,..|: . . ^. .:|
Google,. : ..::... | . . . !:|
Cymon - vxvault:. ::\( . :)/
cybercrime tracker,.|. ###### .#######::|
and pony c2 : . ::|.####### ..########:|
.. ::. :.... ... :\ ######## :######## :/
You are dealing :. -.:\ ######## . ########.:/:
with real malware,. :.:\. ####### #######..:/..
BE CAREFUL! . . : .:..:.\ . . ..:/..::
. . . .. : -::::.\. | | . .:/::...
++..: :::. ... :.":. + ::.\ ..:/...::+.
github.com/woj-ciech: .:::.:.\. .:/::..+...
. . . : : ....::_:..:\ ___ :/..:: ..::.
python ddom.py -h for help :.:.:\ :/.:.:...::::
Detailed usage on github .. .:.|\ .:/|asciiworld.com
. + . . ...:: ..| --.:|:::..+:...::
example: . . . . . ... :..:.."(....)"..:..: ...:.
python ddom.py -s cymon -cs vxvault ponyc2 --output
python ddom.py -s malshare malcode google --export""" +bcolors.ENDC)
help()
calldict = {"malcode": malcode, "cymon": cymon, "malshare": malshare, "google": google}
if "cymon" in args.source and len(args.cymonsource) > 0:
if args.download:
calldict["cymon"](args.cymonsource, download_bool=True)
elif args.output:
calldict["cymon"](args.cymonsource, output_bool=True)
elif args.export:
calldict["cymon"](args.cymonsource, export_bool=True)
else:
print("\nError Please specify: --download or --export or --output")
elif "cymon" in args.source and len(args.cymonsource) == 0:
print("Provide additional feed for Cymon source -cs. Choose from c2 CCPM malcode vxvault")
elif args.source == "":
"Provide source. Choose from cymon google malshare malcode"
else:
try:
for i in args.source:
if args.download:
calldict[i](download_bool=True)
elif args.export:
calldict[i](export_bool=True)
elif args.output:
calldict[i](output_bool=True)
else:
print("\nError Please specify: --download or --export or --output")
except TypeError as e:
print(e)