/
malshare_api
executable file
·152 lines (116 loc) · 3.91 KB
/
malshare_api
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/usr/bin/env python
# Copyright (C) 2013 - 2016 Malshare Developers.
# Multitool for MalShare API
import os
import re
import json
import argparse
import requests
BASE_HTTP_PATH = "http://malshare.com/"
API_PATHS = {
"MD5LIST" : "api.php?api_key=%s&action=getlistraw",
"SOURCES" : "api.php?api_key=%s&action=getsourcesraw",
"DOWNLOAD" : "api.php?api_key=%s&action=getfile&hash=%s",
"DETAILS" : "api.php?api_key=%s&action=details&hash=%s",
"TYPE" : "api.php?api_key=%s&action=type&type=%s",
}
api_key = ""
def main():
largs = parse_args()
if largs['details']:
uri = API_PATHS['DETAILS'] % (api_key, largs['details'])
r = api_call(uri)
if r is not None:
details = r.json()
print json.dumps(details, indent=4, sort_keys=True)
elif largs['download']:
uri = API_PATHS['DOWNLOAD'] % (api_key, largs['download'])
r = api_call(uri)
if r is not None:
try:
with open(str(largs['download']) + ".malshare", 'wb') as f:
f.write( r.content )
except Exception, e:
print "[X] Problem saving file"
print "[E] %s" % e
elif largs['type']:
uri = API_PATHS['TYPE'] % (api_key, largs['type'])
r = api_call(uri)
if r is not None:
for rhash in set(r.json()):
print rhash
elif largs['listmd5']:
uri = API_PATHS['MD5LIST'] % (api_key)
r = api_call(uri)
print r.text.strip()
elif largs['listsources']:
uri = API_PATHS['SOURCES'] % (api_key)
r = api_call(uri)
print r.text.strip()
def api_call(rpath):
global api_key
try:
user_agent = {'User-Agent': 'MalShare API Tool v/0.1 beta'}
r = requests.get(BASE_HTTP_PATH + rpath, headers=user_agent)
if r.status_code == 200:
if standard_error_check(r.content):
return r
else:
if standard_error_check(r.content):
print "[X] API Call Failed"
return None
else:
return None
except Exception, e:
print "[X] API Call Failed: %s" % e
return None
def standard_error_check(rtext):
if (rtext == "Sample not found"):
print "[X] Sample not Found"
return False
if (rtext == "ERROR! => Account not activated"):
print "[X] Bad API Key"
return False
if (rtext == "Invalid Hash"):
print "[X] Invalid Hash"
return False
if ( "Sample not found by hash" in rtext ):
print "[X] Hash not found"
return False
return True
def parse_args():
global api_key
parser = argparse.ArgumentParser()
parser.add_argument("-m", "--listmd5", help="Pull MD5 List", required=False, action='store_true')
parser.add_argument("-s", "--listsources", help="Pull MD5 List", required=False, action='store_true')
parser.add_argument("-d", "--download", help="Download File by Hash", required=False)
parser.add_argument("-l", "--details", help="List File Details", required=False)
parser.add_argument("-t", "--type", help="Search For Daily files by Type", required=False)
parser.add_argument("-a", "--apikey", help="Set API key for session", required=False)
args = parser.parse_args()
if stored_api_check() == False:
if args.apikey:
api_key = args.apikey
return vars(args)
# Read ~/.malshare and read the first line. This file only needs the API string in it.
def stored_api_check():
global api_key
try:
if ( os.path.exists(os.path.expanduser('~') + '/.malshare' ) ):
with open( os.path.expanduser('~') + '/.malshare' ) as handle_api_file:
api_key = func_parse_api_key(handle_api_file.readlines())
return True
elif ( os.path.exists('.malshare' ) ):
with open( '.malshare' ) as handle_api_file:
api_key = func_parse_api_key(handle_api_file.readlines())
return True
except IOError:
pass
return False
# Parse the API key and exit if the API key contains any non [A-Za-z0-9]+
def func_parse_api_key(lst_tmp_key):
str_tmp_key = "".join(lst_tmp_key).rstrip()
if re.match("^[A-Za-z0-9]+$", str_tmp_key):
return str_tmp_key
if __name__ == "__main__":
main()