Created
November 12, 2023 00:16
-
-
Save cristianzsh/2e88b3c33f58a9b83e268d0050eadbdb to your computer and use it in GitHub Desktop.
MalwareBazaar API consumption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import sys | |
import requests | |
from prettytable import PrettyTable | |
class MalwareBazaar(): | |
def __init__(self): | |
self.url = "https://mb-api.abuse.ch/api/v1/" | |
self.samples_folder = "samples" | |
def query(self, tag): | |
table = PrettyTable(["SHA-1", "Signature", "Type", "Size", "File name"]) | |
sha256_hashes = [] | |
data = {"query" : "get_taginfo", "tag" : tag} | |
response = requests.post(self.url, data=data).json() | |
if response["query_status"] != "ok": | |
print("Tag not found") | |
exit(1) | |
for malware in response["data"]: | |
sha1 = malware["sha1_hash"] | |
signature = malware["signature"] | |
ftype = malware["file_type"] | |
size = malware["file_size"] | |
filename = malware["file_name"] | |
table.add_row([sha1, signature, ftype, size, filename]) | |
sha256_hashes.append(malware["sha256_hash"]) | |
print(table) | |
return sha256_hashes | |
def download(self, sha256_hashes): | |
if not os.path.exists(self.samples_folder): | |
os.makedirs(self.samples_folder) | |
for sha256 in sha256_hashes: | |
download_data = {"query" : "get_file", "sha256_hash" : sha256} | |
response = requests.post(self.url, data=download_data) | |
file_path = "{}/{}.zip".format(self.samples_folder, sha256) | |
print("[*] Downloading {}".format(file_path)) | |
with open(file_path, "wb") as malware: | |
malware.write(response.content) | |
if __name__ == "__main__": | |
if len(sys.argv) < 2: | |
print("Usage:\tpython3 mb_api.py tag") | |
print("\tpython3 mb_api.py tag -d") | |
exit(1) | |
mb = MalwareBazaar() | |
files = mb.query(sys.argv[1]) | |
if len(sys.argv) == 3 and sys.argv[2] == "-d": | |
mb.download(files) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment