Custom script to upload malware sample(s) to a Viper instance with the web API. (mostly useful for bulk uploads) Will tag the sample (if PE) with the imphash, which makes it searchable.

viper_upload.py

import sys
import os
from os import listdir
from os.path import isfile, join
import hashlib
import magic
import re
import pefile
import requests

VIPER_AUTH_TOKEN = 'Token PUTYOURTOKENHERE'
VIPER_UPLOAD_URL = "http://localhost:8080/api/v3/project/default/malware/upload/"#adjust this for wherever you need, local or other
req_header = {'Authorization': VIPER_AUTH_TOKEN}
MALWARE_DIR = '/malstuff/upload/'

path = MALWARE_DIR

def files(path):
    for file in os.listdir(path):
        if os.path.isfile(os.path.join(path, file)):
            yield file

def sha256hash(file):
    BSIZE = 65536
    hnd = open(file, 'rb')
    hash256 = hashlib.sha256()
    while True:
        info = hnd.read(BSIZE)
        if not info:
            break
        hash256.update(info)
    return hash256.hexdigest()

for each_file in files(path):
    file = os.path.join(path, each_file)
    magictype = magic.from_file(file)
    if re.match(r'^PE[0-9]{2}\s\S*\s\([A-Z]{3}\)|^PE[0-9]{2}\+\s\S*\s\([a-z]{6}\)|^PE[0-9]{2}\+\s\S*\s\([A-Z]{3}\)', magictype):
        p = pefile.PE(file)
        imphash = p.get_imphash()
        fhash = sha256hash(file)
        print(each_file, "-", fhash, imphash, magictype)
        payload = { "tag_list": imphash }
    else:
        print(each_file)
    
    files = {'file': (each_file.split('/')[-1], open(file, 'rb'))}
    response = requests.post(
        url=VIPER_UPLOAD_URL, headers=req_header, data=payload, files=files, verify=False)
    print(f'Upload: {response.json()!r}')