-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.py
51 lines (36 loc) · 1.22 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import sys
import os
import requests
from platform import platform
from dotenv import load_dotenv
if "Linux" not in platform():
print("Sorry, the script is only usable on Linux, because I'm lazy")
load_dotenv()
TOKEN = os.getenv("MALPEDIA_API_TOKEN")
URL = "https://malpedia.caad.fkie.fraunhofer.de"
SAMPLES_DIR = "./samples"
def main():
if len(sys.argv) != 2:
print("Usage: python main.py <malware family>")
print("eg: python main.py win.redline_stealer")
exit(1)
family = sys.argv[1]
os.system(f"mkdir -p {SAMPLES_DIR}")
res = get(f"/api/list/samples/{family}")
os.system(f"mkdir {SAMPLES_DIR}/{family}")
outdir = f"{SAMPLES_DIR}/{family}"
for sample in filter(lambda x: x["status"] == "unpacked", res):
hash = sample["sha256"]
os.system(f"""
curl -H "Authorization: apitoken {TOKEN}" https://malpedia.caad.fkie.fraunhofer.de/api/get/sample/{hash}/zip \
| jq -r '.["zipped"]' | base64 -d > {outdir}/{hash}.zip""")
def get(endpoint):
headers = {
"Authorization": f"apitoken {TOKEN}"
}
return requests.get(
url=f"{URL}{endpoint}",
headers=headers
).json()
if __name__ == "__main__":
main()