fr0gger/msthreatinfo.py

## msthreatinfo.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Author: Thomas Roccia, @fr0gger_
"""Threat Encyclopedia Lookup, retrieve Defender Signature information.
This script will retrieve the information related to the specified signature.

Usage:
python threatinfo.py [options]

Requirements:
pip install beautifulsoup4==4.11.1 requests==2.26.0 tabulate==0.8.10
"""

import sys
import os
import textwrap
import argparse
import requests
from bs4 import BeautifulSoup
from tabulate import tabulate

# Threat Encyclopedia URL
URL =  "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name="

# Get single threat info
def get_threat_info(threat):
    """Get information about a specified Defender signature

    Parameters:
    threat (list): a list of strings containing the signature names

    Returns:
    table: Returning a table of information about the signature
    """

    # wrapper for printing
    wrapper = textwrap.TextWrapper(width=50)

    # to store the data
    table = []

    # request the webpage
    for threat in threat:
        try:
            result = requests.get(URL + threat)
            soup = BeautifulSoup(result.text, 'html.parser')
        except requests.exceptions.RequestException as err:
            raise SystemExit(err) from err

        # Parsing web page for the data
        threatname = soup.find('h1', attrs={'class':'c-heading-3'})
        alias = soup.find('span', attrs={'class':'also-detected'})
        summary = soup.find('div', attrs={'class':'summaryText'})
        #whatto = soup.find('div', attrs={'class':'whattodoText'})
        symptoms = soup.find('div', attrs={'class':'tech-info-content'})

        try:
            threatname = threatname.get_text().strip()
            alias = alias.get_text().strip()
            summary = summary.get_text().strip()
            symptoms = symptoms.get_text()
            symptoms = os.linesep.join([s for s in symptoms.splitlines() if s])
        except Exception:
            pass

        if symptoms is None:
            symptoms = "No information available."

        table.append([threatname, alias, wrapper.fill(text=summary), wrapper.fill(text=symptoms)])

    print(tabulate(table, ["Threat Names", "Alias", "Description", "Symptoms"], tablefmt="grid"))


def main():
    parser = argparse.ArgumentParser(description='''Threat Encyclopedia Lookup,
    retrieve Defender Signature information.''')

    parser.add_argument('--signame', '-s', metavar='HackTool:Win32/Keygen',
                        type=str, dest='signame', nargs="*",
                        help='Signature to retrieve information for')
    args = parser.parse_args()

    if len(sys.argv) == 1:
        parser.print_help(sys.stderr)
    elif args.signame:
        get_threat_info(args.signame)

if __name__ == "__main__":
    main()
	#!/usr/bin/env python
	# -- coding: utf-8 --
	# Author: Thomas Roccia, @fr0gger_
	"""Threat Encyclopedia Lookup, retrieve Defender Signature information.
	This script will retrieve the information related to the specified signature.

	Usage:
	python threatinfo.py [options]

	Requirements:
	pip install beautifulsoup4==4.11.1 requests==2.26.0 tabulate==0.8.10
	"""

	import sys
	import os
	import textwrap
	import argparse
	import requests
	from bs4 import BeautifulSoup
	from tabulate import tabulate

	# Threat Encyclopedia URL
	URL = "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name="

	# Get single threat info
	def get_threat_info(threat):
	"""Get information about a specified Defender signature

	Parameters:
	threat (list): a list of strings containing the signature names

	Returns:
	table: Returning a table of information about the signature
	"""

	# wrapper for printing
	wrapper = textwrap.TextWrapper(width=50)

	# to store the data
	table = []

	# request the webpage
	for threat in threat:
	try:
	result = requests.get(URL + threat)
	soup = BeautifulSoup(result.text, 'html.parser')
	except requests.exceptions.RequestException as err:
	raise SystemExit(err) from err

	# Parsing web page for the data
	threatname = soup.find('h1', attrs={'class':'c-heading-3'})
	alias = soup.find('span', attrs={'class':'also-detected'})
	summary = soup.find('div', attrs={'class':'summaryText'})
	#whatto = soup.find('div', attrs={'class':'whattodoText'})
	symptoms = soup.find('div', attrs={'class':'tech-info-content'})

	try:
	threatname = threatname.get_text().strip()
	alias = alias.get_text().strip()
	summary = summary.get_text().strip()
	symptoms = symptoms.get_text()
	symptoms = os.linesep.join([s for s in symptoms.splitlines() if s])
	except Exception:
	pass

	if symptoms is None:
	symptoms = "No information available."

	table.append([threatname, alias, wrapper.fill(text=summary), wrapper.fill(text=symptoms)])

	print(tabulate(table, ["Threat Names", "Alias", "Description", "Symptoms"], tablefmt="grid"))


	def main():
	parser = argparse.ArgumentParser(description='''Threat Encyclopedia Lookup,
	retrieve Defender Signature information.''')

	parser.add_argument('--signame', '-s', metavar='HackTool:Win32/Keygen',
	type=str, dest='signame', nargs="*",
	help='Signature to retrieve information for')
	args = parser.parse_args()

	if len(sys.argv) == 1:
	parser.print_help(sys.stderr)
	elif args.signame:
	get_threat_info(args.signame)

	if __name__ == "__main__":
	main()