cristianzsh/mb_api.py

## mb_api.py
import os
import sys
import requests
from prettytable import PrettyTable

class MalwareBazaar():

    def __init__(self):
        self.url = "https://mb-api.abuse.ch/api/v1/"
        self.samples_folder = "samples"

    def query(self, tag):
        table = PrettyTable(["SHA-1", "Signature", "Type", "Size", "File name"])
        sha256_hashes = []

        data = {"query" : "get_taginfo", "tag" : tag}
        response = requests.post(self.url, data=data).json()

        if response["query_status"] != "ok":
            print("Tag not found")
            exit(1)

        for malware in response["data"]:
            sha1 = malware["sha1_hash"]
            signature = malware["signature"]
            ftype = malware["file_type"]
            size = malware["file_size"]
            filename = malware["file_name"]
            table.add_row([sha1, signature, ftype, size, filename])
            sha256_hashes.append(malware["sha256_hash"])

        print(table)
        return sha256_hashes

    def download(self, sha256_hashes):
        if not os.path.exists(self.samples_folder):
            os.makedirs(self.samples_folder)

        for sha256 in sha256_hashes:
            download_data = {"query" : "get_file", "sha256_hash" : sha256}
            response = requests.post(self.url, data=download_data)
            file_path = "{}/{}.zip".format(self.samples_folder, sha256)

            print("[*] Downloading {}".format(file_path))
            with open(file_path, "wb") as malware:
                malware.write(response.content)


if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage:\tpython3 mb_api.py tag")
        print("\tpython3 mb_api.py tag -d")
        exit(1)

    mb = MalwareBazaar()
    files = mb.query(sys.argv[1])

    if len(sys.argv) == 3 and sys.argv[2] == "-d":
        mb.download(files)
	import os
	import sys
	import requests
	from prettytable import PrettyTable

	class MalwareBazaar():

	def __init__(self):
	self.url = "https://mb-api.abuse.ch/api/v1/"
	self.samples_folder = "samples"

	def query(self, tag):
	table = PrettyTable(["SHA-1", "Signature", "Type", "Size", "File name"])
	sha256_hashes = []

	data = {"query" : "get_taginfo", "tag" : tag}
	response = requests.post(self.url, data=data).json()

	if response["query_status"] != "ok":
	print("Tag not found")
	exit(1)

	for malware in response["data"]:
	sha1 = malware["sha1_hash"]
	signature = malware["signature"]
	ftype = malware["file_type"]
	size = malware["file_size"]
	filename = malware["file_name"]
	table.add_row([sha1, signature, ftype, size, filename])
	sha256_hashes.append(malware["sha256_hash"])

	print(table)
	return sha256_hashes

	def download(self, sha256_hashes):
	if not os.path.exists(self.samples_folder):
	os.makedirs(self.samples_folder)

	for sha256 in sha256_hashes:
	download_data = {"query" : "get_file", "sha256_hash" : sha256}
	response = requests.post(self.url, data=download_data)
	file_path = "{}/{}.zip".format(self.samples_folder, sha256)

	print("[*] Downloading {}".format(file_path))
	with open(file_path, "wb") as malware:
	malware.write(response.content)


	if __name__ == "__main__":
	if len(sys.argv) < 2:
	print("Usage:\tpython3 mb_api.py tag")
	print("\tpython3 mb_api.py tag -d")
	exit(1)

	mb = MalwareBazaar()
	files = mb.query(sys.argv[1])

	if len(sys.argv) == 3 and sys.argv[2] == "-d":
	mb.download(files)