malware-analysis/theZoo
1
0
Fork 0
mirror of https://github.com/ytisf/theZoo.git synced 2026-02-21 11:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

So, Python3 as well

Browse Source
This commit is contained in:
Yuval Nativ
2016-12-14 16:03:35 +07:00
parent d0e2a7e310
commit 23fbcb54a8
10 changed files with 102 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
.gitignore vendored
View File

@@ -1,195 +1,23 @@
#################
## Eclipse
#################
*.pydevproject
.project
.metadata
bin/
tmp/
*.idea/
*.tmp
*.bak
*.swp
*~.nib
local.properties
.classpath
.settings/
.loadpath
# External tool builders
.externalToolBuilders/
# Locally stored "Eclipse launch configurations"
*.launch
# CDT-specific
.cproject
# PDT-specific
.buildpath
#################
## Visual Studio
#################
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.sln.docstates
# Build results
[Dd]ebug/
[Rr]elease/
x64/
build/
[Bb]in/
[Oo]bj/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
*_i.c
*_p.c
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.log
*.scc
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
*.cachefile
# Visual Studio profiler
*.psess
*.vsp
*.vspx
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
*.ncrunch*
.*crunch*.local.xml
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.Publish.xml
*.pubxml
# NuGet Packages Directory
## TODO: If you have NuGet Package Restore enabled, uncomment the next line
#packages/
# Windows Azure Build Output
csx
*.build.csdef
# Windows Store app package directory
AppPackages/
# Others
*.pydevproject
*.pyd
*.pyc
.DS_Store
__pycache__
sql/
*.Cache
ClientBin/
[Ss]tyle[Cc]op.*
~$*
*~
*.dbmdl
*.[Pp]ublish.xml
*.pfx
*.publishsettings
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file to a newer
# Visual Studio version. Backup files are not needed, because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
App_Data/*.mdf
App_Data/*.ldf
#############
## Windows detritus
#############
# Windows image file caches
Thumbs.db
ehthumbs.db
# Folder config file
Desktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
Desktop.ini
conf/eula_run.conf
# Mac crap
.DS_Store
# Egg
logo/
#############
## Python
#############
*.py[co]
# Packages
*.egg
*.egg-info
@@ -204,13 +32,3 @@ develop-eggs/
# Installer logs
pip-log.txt
# Unit test / coverage reports
.coverage
.tox
#Translations
*.mo
#Mr Developer
.mr.developer.cfg

12
imports/db_handler.py
View File

@@ -10,7 +10,7 @@ class DBHandler:
self.con = lite.connect(globals.vars.db_path)
self.cur = self.con.cursor()
except lite.Error as e:
print "An error occurred:", e.args[0]
print("An error occurred:", e.args[0])
sys.exit()
def get_full_details(self):
@@ -21,7 +21,7 @@ class DBHandler:
def get_mal_list(self):
return self.cur.execute("SELECT ID, NAME, TYPE From Malwares").fetchall()
def get_mal_names(self):
# Sqlite3 returns a tuple even if a single value is returned
@@ -36,14 +36,14 @@ class DBHandler:
def query(self, query, param=''):
if globals.vars.DEBUG_LEVEL is 2:
print locals()
print(locals())
try:
if param is not '':
return self.cur.execute(query, param if type(param) is list else [param]).fetchall()
else:
return self.cur.execute(query).fetchall()
except lite.Error as e:
print "An error occurred:", e.args[0]
print("An error occurred:", e.args[0])
sys.exit()
def close_connection(self):
@@ -52,7 +52,7 @@ class DBHandler:
self.con.close()
return
except lite.Error as e:
print "An error occurred:", e.args[0]
print("An error occurred:", e.args[0])
sys.exit()
def renew_connection(self):
@@ -60,5 +60,5 @@ class DBHandler:
self.con = lite.connect(globals.vars.db_path)
self.cur = self.con.cursor()
except lite.Error as e:
print "An error occurred:", e.args[0]
print("An error occurred:", e.args[0])
sys.exit()

4
imports/eula_handler.py
View File

@@ -50,12 +50,12 @@ class EULA:
notice += '|you can control and know how to handle. Running them on a live system will |\n'
notice += '|infect you machines will live and dangerous malwares!. |\n'
notice += '|___________________________________________________________________________|\n'
print red(notice)
print(red(notice))
eula_answer = raw_input(
'Type YES in captial letters to accept this EULA.\n > ')
if eula_answer == 'YES':
new = open(globals.vars.eula_file, 'a')
new.write(eula_answer)
else:
print 'You need to accept the EULA.\nExiting the program.'
print('You need to accept the EULA.\nExiting the program.')
sys.exit(0)

18
imports/globals.py
View File

@@ -27,8 +27,10 @@ class init:
appname = "theZoo"
codename = "Moat"
authors = "Yuval Nativ, Lahad Ludar, 5fingers"
maintainers = [ "Shahak Shalev", "Yuval Nativ" ]
github_add = "https://www.github.com/ytisf/theZoo"
licensev = "GPL v3.0"
fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
fulllicense = appname + " Copyright (C) 2016 " + authors + "\n"
fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + \
sys.argv[0] + " -w'.\n"
fulllicense += "This is free software, and you are welcome to redistribute it."
@@ -65,6 +67,8 @@ class vars:
version = "0.6.0 'Moat'"
appname = "Malware DB"
authors = "Yuval Nativ, Lahad Ludar, 5fingers"
maintainers = [ "Shahak Shalev", "Yuval Nativ" ]
github_add = "https://www.github.com/ytisf/theZoo"
licensev = "GPL v3.0"
############ DEBUGGING ###############
@@ -75,7 +79,7 @@ class vars:
# DEBUG_LEVEL 2 = DEBUG SQL QUERIES
DEBUG_LEVEL = 0
fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
fulllicense = appname + " Copyright (C) 2016 " + authors + "\n"
fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + \
sys.argv[0] + " -w'.\n"
fulllicense += "This is free software, and you are welcome to redistribute it."
@@ -98,7 +102,7 @@ class vars:
giturl_dl = 'https://github.com/ytisf/theZoo/raw/master/'
giturl = 'https://github.com/ytisf/theZoo'
with file(maldb_ver_file) as f:
with open(maldb_ver_file, 'r') as f:
db_ver = f.read()
# ASCII Art is a must...
@@ -118,7 +122,9 @@ class vars:
maldb_banner += " NMM- sMMy``````````````sMMy .MMM\n"
maldb_banner += " ooo. :ooooooo+ +ooooooo/ `ooo\n"
maldb_banner += " /MMMMN mMMMM+ \n"
maldb_banner += " Authors: " + authors + "\n"
maldb_banner += " authors: " + authors + "\n"
maldb_banner += " maintained by: " + ', '.join(maintainers) + "\n"
maldb_banner += " github: " + giturl + "\n\n"
elif screen is 2:
maldb_banner = " ____.----. \n"
@@ -149,4 +155,6 @@ class vars:
maldb_banner += " /_/ /_/\__,_/_/ |__/|__/\__,_/_/ \___/ /_____/_____/\n\n"
maldb_banner += " version: " + version + "\n"
maldb_banner += " db_version: " + db_ver + "\n"
maldb_banner += " built by: " + authors + "\n\n"
maldb_banner += " built by: " + authors + "\n"
maldb_banner += " maintained by: " + ', '.join(maintainers) + "\n"
maldb_banner += " github: " + giturl + "\n\n"

6
imports/manysearches.py
View File

@@ -45,7 +45,7 @@ class MuchSearch(object):
self.ar = self.db.query(self.prequery + self.query, [self.param])
self.print_payloads(self.ar)
else:
print red("[!]") + " Filter did not match any malware :(\n"
print(red("[!]") + " Filter did not match any malware :(\n")
return self.hits
@@ -65,5 +65,5 @@ class MuchSearch(object):
table.align = "l"
for malware in m:
table.add_row(malware)
print table
print bold(green("[+]")) + " Total records found: %s" % len(m) + "\n"
print(table)
print(bold(green("[+]")) + " Total records found: %s" % len(m) + "\n")

25
imports/muchmuchstrings.py
View File

@@ -22,21 +22,22 @@ from imports import globals
class banners:
def print_license(self):
print ""
print globals.vars.fulllicense
print ""
print("")
print(globals.vars.fulllicense)
print("")
def versionbanner(self):
print ""
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
print "\t\t " + globals.vars.appname + ' v' + globals.vars.version
print "Built by:\t\t" + globals.vars.authors
print "Is licensed under:\t" + globals.vars.licensev
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
print globals.vars.fulllicense
print globals.vars.usage
print("")
print("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~")
print("\t\t " + globals.vars.appname + ' v' + globals.vars.version)
print("Built by:\t\t" + globals.vars.authors)
print("Maintained by:\t\t" + ', '.join(globals.vars.maintainers))
print("Is licensed under:\t" + globals.vars.licensev)
print("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~")
print(globals.vars.fulllicense)
print(globals.vars.usage)
def print_available_payloads(self, array):
answer = str(array[globals.vars.column_for_uid]) + "\t" + str(array[globals.vars.column_for_name]) + "\t" + str(array[globals.vars.column_for_version]) + "\t\t"
answer += str(array[globals.vars.column_for_location]) + "\t\t" + str(array[globals.vars.colomn_for_time])
print answer
print(answer)

55
imports/terminal_handler.py
View File

@@ -1,17 +1,25 @@
import sys
import re
import sys
import rlcompleter
try:
import readline
except ImportError:
from imports import winreadline as readline
import globals
from imports import globals
from imports import manysearches
from imports.update_handler import Updater
from imports import db_handler
from imports.colors import *
# Compatilibility to Python3
if sys.version_info.major == 3:
raw_input = input
elif sys.version_info.major == 2:
pass
else:
sys.stderr.write("What kind of sorcery is this?!\n")
class Controller:
@@ -59,7 +67,7 @@ class Controller:
cmd = raw_input(
bold(green('mdb ')) + green('#> ')).strip()
except KeyboardInterrupt:
print bold(blue("\n\n[*]")) + " Hope you enjoyed your visit at" + bold(red(" theZoo")) + "!"
print(bold(blue("\n\n[*]")) + " Hope you enjoyed your visit at" + bold(red(" theZoo")) + "!")
exit()
self.actOnCommand(cmd)
@@ -67,14 +75,13 @@ class Controller:
def actOnCommand(self, cmd):
try:
while cmd == "":
# print 'no cmd'
return
if cmd == 'help':
print " Available commands:\n"
print(" Available commands:\n")
for (cmd, desc) in self.commands:
print "\t%s\t%s" % ('{0: <12}'.format(cmd), desc)
print ''
print("\t%s\t%s" % ('{0: <12}'.format(cmd), desc))
print('')
return
# Checks if normal or freestyle search
@@ -84,7 +91,7 @@ class Controller:
args = cmd.rsplit(' ')[1:]
manySearch.sort(args)
except:
print red('[!]') + 'Uh oh, Invalid query.'
print(red('[!]') + 'Uh oh, Invalid query.')
return
if cmd == 'exit':
@@ -121,15 +128,15 @@ class Controller:
email = "info"
email += "\x40"
email += "morirt\x2ecom"
print "-------------- Begin of theZoo Report --------------"
print report
print "-------------- Ending of theZoo Report --------------"
print "To avoid compromising your privacy we have chose this method of reporting."
print "If you have not stated your name we will not write a thanks in our README."
print "Your email will remain private in scenario and will not be published."
print ""
print "Please create an archive file with the structure described in the README file"
print "And attach it to the email. "
print("-------------- Begin of theZoo Report --------------")
print(report)
print("-------------- Ending of theZoo Report --------------")
print("To avoid compromising your privacy we have chose this method of reporting.")
print("If you have not stated your name we will not write a thanks in our README.")
print("Your email will remain private in scenario and will not be published.")
print("")
print("Please create an archive file with the structure described in the README file")
print("And attach it to the email. ")
print("Please send this report to %s" % email)
return
@@ -139,7 +146,7 @@ class Controller:
try:
update_handler.get_malware(self.currentmodule)
except:
print red('[-] ') + 'Error getting malware.'
print(red('[-] ') + 'Error getting malware.')
return
# If used the 'use' command
if re.match('^use', cmd):
@@ -148,20 +155,20 @@ class Controller:
self.currentmodule = int(cmd[1])
cmd = ''
except TypeError:
print 'Please enter malware ID'
print('Please enter malware ID')
except:
print 'The use method needs an argument.'
print('The use method needs an argument.')
return
if cmd == 'list all':
print "\nAvailable Payloads:"
print("\nAvailable Payloads:")
manySearch = manysearches.MuchSearch()
manySearch.print_payloads(self.db.get_mal_list(), ["%", "Name", "Type"])
return
if cmd == 'info':
if self.currentmodule is None:
print red("[!] ") + "First select a malware using the \'use\' command"
print(red("[!] ") + "First select a malware using the \'use\' command")
return
m = self.db.get_mal_info(self.currentmodule)
manySearch = manysearches.MuchSearch()
@@ -169,9 +176,9 @@ class Controller:
return
if cmd == 'quit':
print ":("
print(":(")
sys.exit(1)
except KeyboardInterrupt:
print ("\n\nI'll just go now...")
print("\n\nI'll just go now...")
sys.exit()

33
imports/update_handler.py
View File

@@ -18,7 +18,16 @@
import sys
from os import remove, rename
import urllib2
# Compatilibility to Python3
if sys.version_info.major == 3:
from urllib.request import urlopen
elif sys.version_info.major == 2:
from urllib2 import urlopen
import urllib2
else:
sys.stderr.write("What kind of sorcery is this?!\n")
from imports import globals
from imports import db_handler
from imports.colors import *
@@ -46,16 +55,16 @@ class Updater:
:return:
'''
if globals.vars.DEBUG_LEVEL is 1:
print locals()
response = urllib2.urlopen(
print(locals())
response = urlopen(
globals.vars.giturl_dl + globals.vars.maldb_ver_file)
new_maldb_ver = response.read()
if new_maldb_ver == curr_db_version:
print green('[+]') + " theZoo is up to date.\n" + green('[+]') + " You are at " + new_maldb_ver + " which is the latest version."
print(green('[+]') + " theZoo is up to date.\n" + green('[+]') + " You are at " + new_maldb_ver + " which is the latest version.")
return
print red('[+]') + " A newer version is available: " + new_maldb_ver + "!"
print red('[+]') + " Updating..."
print(red('[+]') + " A newer version is available: " + new_maldb_ver + "!")
print(red('[+]') + " Updating...")
# Get the new DB and update it
@@ -84,11 +93,11 @@ class Updater:
self.download_from_repo(loc, '.pass')
self.download_from_repo(loc, '.md5')
self.download_from_repo(loc, '.sha256')
print bold(green("[+]")) + " Successfully downloaded a new friend.\n"
print(bold(green("[+]")) + " Successfully downloaded a new friend.\n")
def download_from_repo(self, filepath, suffix=''):
if globals.vars.DEBUG_LEVEL is 1:
print locals()
print(locals())
file_name = filepath.rsplit('/')[-1] + suffix
# Dirty way to check if we're downloading a malware
@@ -97,11 +106,11 @@ class Updater:
url = globals.vars.giturl_dl + filepath + '/' + file_name
else:
url = globals.vars.giturl_dl + filepath
u = urllib2.urlopen(url)
u = urlopen(url)
f = open(file_name, 'wb')
meta = u.info()
file_size = int(meta.getheaders("Content-Length")[0])
print "Downloading: %s Bytes: %s" % (file_name, file_size)
print("Downloading: %s Bytes: %s" % (file_name, file_size))
file_size_dl = 0
block_sz = 8192
while True:
@@ -115,4 +124,4 @@ class Updater:
status = status + chr(8) * (len(status) + 1)
sys.stdout.write('\r' + status)
f.close()
print "\n"
print("\n")

1
requirements.txt Normal file
View File

@@ -0,0 +1 @@
urllib2

6
theZoo.py
View File

@@ -82,7 +82,7 @@ def main():
# Check if version flag is on
if arguments.ver_bol == 1:
print vars.maldb_banner
print(vars.maldb_banner)
sys.exit(1)
# Check if license flag is on
@@ -92,13 +92,13 @@ def main():
if len(arguments.mal_filter) > 0:
manySearch = manysearches.MuchSearch()
print vars.maldb_banner
print(vars.maldb_banner)
manySearch.sort(arguments.mal_filter)
sys.exit(1)
# Initiate normal run. No arguments given.
os.system('cls' if os.name == 'nt' else 'clear')
print vars.maldb_banner
print(vars.maldb_banner)
while 1:
terminalHandler.MainMenu()
sys.exit(1)