diff --git a/conf/index.csv b/conf/index.csv
index eae91aa..7b2c006 100644
--- a/conf/index.csv
+++ b/conf/index.csv
@@ -1,28 +1,27 @@
-1,Source/Original/Dokan - Dec 2008/index.log,__,Dokan,unknown,unknown,c,12/2008,
-2,Source/Original/NBot - July 2008/index.log,botnet,NBot,unknown,unknown,cpp,07/2008,
-3,Source/Original/ShadowBot v3 - March 2007/index.log,botnet,ShadowBot,3,unknown,cpp,03/2007,
-4,Source/Original/rBot 0.3.3 - May 2004/index.log,botnet,rBot,0.3.3,unknown,cpp,05/2004,
-5,Source/Original/ZeuS 2.0.8.9 - Feb 2013/index.log,botnet,ZeuS,2.0.8.9,unknown,c,02/2013,
-6,Source/Original/X0R-USB - Virus Version - Jan 2009/index.log,virus,X0R-USB-Virus,unknown,unknown,c,01/2009,
-7,Source/Original/LoexBot1.3 - Sep 2008/index.log,botnet,LoexBot,1.3,unknown,cpp,09/2008,
-8,Source/Original/ZunkerBot 1.4.5 - Sep 2007/index.log,botnet,ZunkerBot,1.4.5,unknown,php,09/2007,
-9,Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/index.log,botnet,DopeBot-UnCrippled,0.22,unknown,cpp,02/2007,
-10,Source/Original/vbBot - Jan 2007/index.log,botnet,vbBot,unknown,unknown,vb,01/2007,
-11,Source/Original/xTBot 0.0.2 - 2 Feb 2002/index.log,botnet,xTBot,0.0.2,unknown,cpp,02/2002,
-12,Source/Original/VBS.Win32.Vabian - Unknown/index.log,VBS-Worm,VBS.Win32.Vabian,unknown,unknown,vb,unknown,
-13,Source/Original/DopeBot v0.22 Crippled- Feb 2007/index.log,botnet,DopeBot-Crippled,0.22,unknown,cpp,02/2007,
-14,Source/Original/Win32.MiniPig - Nov 2006/index.log,Worm,Win32.MiniPig,unknown,unknown,c,11/2006,
-15,Source/Original/HellBot v3.0 - 10 June 2005/index.log,botnet,Hellbot,3.0,unknown,cpp,06/2005,
-16,Source/Original/Win32.ogw0rm - Nov 2008/index.log,Worm,Win32.ogwOrm,unknown,unknown,cpp,11/2008,
-17,Source/Original/DopeBot.B - Dec 2004/index.log,botnet,DopeBot.B,unknown,unknown,cpp,12/2004,
-18,Source/Original/LiquidBot - May 2005/index.log,botnet,LiquidBot,unknown,unknown,cpp,05/2005,
-19,Source/Original/SpazBot 2.12 - June 2007/index.log,botnet,SpazBot,2.12,unknown,vb,06/2007,
-20,Source/Original/DBot v3.1 - March 2007/index.log,botnet,DBot,3.1,unknown,c,03/2007,
-21,Source/Original/CyberBot v2.2 - October 2006/index.log,botnet,CyberBot,2.2,unknown,cpp,10/2006,
-22,Source/Original/DopeBot.A - Dec 2004/index.log,botnet,DopeBot.A,unknown,unknown,cpp,12/2004,
-23,Source/Original/MyDoom.A - Jan 2004/index.log,__,MyDoom.A,unknown,unknown,c,01/2004,
-24,Source/Original/ShadowBot - Sep 2008/index.log,botnet,ShadowBot,unknown,unknown,cpp,09/2008,
-25,Binaries/CryptoLocker Ransomware 20th Nov 2013/index.log,3,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,
-26,Binaries/CryptoLocker Ransomware 10th Sep 2013/index.log,2,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,
-27,Binaries/IllusionBot - May 2007/index.log,4,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,
-28,Binaries/AndroRat - 6 Dec 2013/index.log,1,botnet,AndroRat,Unknown,Unknown,java,06/12/2013,
+1,Source/Original/Dokan - Dec 2008/index.log,__,Dokan,unknown,unknown,c,12/2008,x86,win32
+2,Source/Original/NBot - July 2008/index.log,botnet,NBot,unknown,unknown,cpp,07/2008,x86,win32
+3,Source/Original/ShadowBot v3 - March 2007/index.log,botnet,ShadowBot,3,unknown,cpp,03/2007,x86,win32
+4,Source/Original/rBot 0.3.3 - May 2004/index.log,botnet,rBot,0.3.3,unknown,cpp,05/2004,x86,win32
+5,Source/Original/ZeuS 2.0.8.9 - Feb 2013/index.log,botnet,ZeuS,2.0.8.9,unknown,c,02/2013,x86,win32
+6,Source/Original/X0R-USB - Virus Version - Jan 2009/index.log,virus,X0R-USB-Virus,unknown,unknown,c,01/2009,x86,win32
+7,Source/Original/LoexBot1.3 - Sep 2008/index.log,botnet,LoexBot,1.3,unknown,cpp,09/2008,x86,win32
+8,Source/Original/ZunkerBot 1.4.5 - Sep 2007/index.log,botnet,ZunkerBot,1.4.5,unknown,php,09/2007,x86,win32
+9,Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/index.log,botnet,DopeBot-UnCrippled,0.22,unknown,cpp,02/2007,x86,win32
+10,Source/Original/vbBot - Jan 2007/index.log,botnet,vbBot,unknown,unknown,vb,01/2007,x86,win32
+11,Source/Original/xTBot 0.0.2 - 2 Feb 2002/index.log,botnet,xTBot,0.0.2,unknown,cpp,02/2002,x86,win32
+12,Source/Original/VBS.Win32.Vabian - Unknown/index.log,VBS-Worm,VBS.Win32.Vabian,unknown,unknown,vb,unknown,x86,win32
+13,Source/Original/DopeBot v0.22 Crippled- Feb 2007/index.log,botnet,DopeBot-Crippled,0.22,unknown,cpp,02/2007,x86,win32
+14,Source/Original/Win32.MiniPig - Nov 2006/index.log,Worm,Win32.MiniPig,unknown,unknown,c,11/2006,x86,win32
+15,Source/Original/HellBot v3.0 - 10 June 2005/index.log,botnet,Hellbot,3.0,unknown,cpp,06/2005,x86,win32
+16,Source/Original/Win32.ogw0rm - Nov 2008/index.log,Worm,Win32.ogwOrm,unknown,unknown,cpp,11/2008,x86,win32
+17,Source/Original/DopeBot.B - Dec 2004/index.log,botnet,DopeBot.B,unknown,unknown,cpp,12/2004,x86,win32
+18,Source/Original/LiquidBot - May 2005/index.log,botnet,LiquidBot,unknown,unknown,cpp,05/2005,x86,win32
+19,Source/Original/SpazBot 2.12 - June 2007/index.log,botnet,SpazBot,2.12,unknown,vb,06/2007,x86,win32
+20,Source/Original/DBot v3.1 - March 2007/index.log,botnet,DBot,3.1,unknown,c,03/2007,x86,win32
+21,Source/Original/CyberBot v2.2 - October 2006/index.log,botnet,CyberBot,2.2,unknown,cpp,10/2006,x86,win32
+22,Source/Original/DopeBot.A - Dec 2004/index.log,botnet,DopeBot.A,unknown,unknown,cpp,12/2004,x86,win32
+23,Source/Original/MyDoom.A - Jan 2004/index.log,__,MyDoom.A,unknown,unknown,c,01/2004,x86,win32
+24,Source/Original/ShadowBot - Sep 2008/index.log,botnet,ShadowBot,unknown,unknown,cpp,09/2008,x86,win32
+25,Binaries/CryptoLocker Ransomware 20th Nov 2013/index.log,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,x86,win32
+26,Binaries/CryptoLocker Ransomware 10th Sep 2013/index.log,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,x86,win32
+27,Binaries/IllusionBot - May 2007/index.log,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,x86,win32
\ No newline at end of file
diff --git a/malware-db.py b/malware-db.py
index f9f81b7..8397ad0 100644
--- a/malware-db.py
+++ b/malware-db.py
@@ -1,20 +1,20 @@
#!/usr/bin/env python
- #Malware DB - the most awesome free malware database on the air
- #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5fingers
+#Malware DB - the most awesome free malware database on the air
+#Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5fingers
- #This program is free software: you can redistribute it and/or modify
- #it under the terms of the GNU General Public License as published by
- #the Free Software Foundation, either version 3 of the License, or
- #(at your option) any later version.
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
- #This program is distributed in the hope that it will be useful,
- #but WITHOUT ANY WARRANTY; without even the implied warranty of
- #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- #GNU General Public License for more details.
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
- #You should have received a copy of the GNU General Public License
- #along with this program. If not, see .
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
__version__ = "0.2 Beta"
__appname__ = "Malware DB"
@@ -41,27 +41,54 @@ def main():
licensev = __licensev__
authors = "Yuval Nativ, Lahad Ludar, 5fingers"
fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
- fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
+ fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] + " -w'.\n"
fulllicense += "This is free software, and you are welcome to redistribute it."
- useage='\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
- useage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n -h --help\t\tShow this message\n -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n -s --search\t\tSearch query for name or anything. \n -v --version\tPrint the version information.\n -w\t\t\tPrint GNU license.\n'
+ useage = '\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
+ useage += 'The search engine can search by regular search or using specified arguments:\n\n'
+ useage += 'OPTIONS:\n'
+ useage += ' -h --help\t\tShow this message\n'
+ useage += ' -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n'
+ useage += ' -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n'
+ useage += ' -l --platform\tPlatform of malware. Can be win32/win64/arm.\n'
+ useage += ' -a --arch\t\tArchitecture of malware. Can be x86/x64/android/ios.\n'
+ useage += ' -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n'
+ useage += ' -s --search\t\tSearch query for name or anything. \n'
+ useage += ' -v --version\tPrint the version information.\n' # needs to print db version
+ useage += ' -w \t\t\tPrints license information. \n'
- column_for_pl = 6
- column_for_type = 2
- column_for_location = 1
- colomn_for_time = 7
- column_for_version = 4
- column_for_name = 3
+ # Basic configurations for later use
column_for_uid = 0
+ column_for_location = 1
+ column_for_type = 2
+ column_for_name = 3
+ column_for_version = 4
+ column_for_pl = 6
+ colomn_for_time = 7
column_for_arch = 8
column_for_plat = 9
+
conf_folder = 'conf'
eula_file = conf_folder + '/eula_run.conf'
maldb_ver_file = conf_folder + '/db.ver'
main_csv_file = conf_folder + '/index.csv'
giturl = 'https://raw.github.com/ytisf/theZoo/master/'
+ # Zeroing everything
+ type_of_mal = ""
+ pl = ""
+ search = ""
+ new = ""
+ update = 0
+ m = [];
+ a = 0
+ eula_answer = 'no'
+ f = ""
+ get_malware = 0
+ malware_index = 0
+ arch = ''
+ plat = ''
+
# Function to print license of malware-db
def print_license():
print ""
@@ -74,7 +101,7 @@ def main():
with open(eula_file):
return 1
except IOError:
- return 0
+ return 0
def get_maldb_ver():
try:
@@ -84,9 +111,10 @@ def main():
print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
return 0
+ # Download an updated version of the CSV from the git file.
def update_db():
curr_maldb_ver = get_maldb_ver()
- response = urllib2.urlopen(giturl+maldb_ver_file)
+ response = urllib2.urlopen(giturl + maldb_ver_file)
new_maldb_ver = response.read()
if new_maldb_ver == curr_maldb_ver:
print "No need for an update.\nYou are at " + new_maldb_ver + " which is the latest version."
@@ -113,7 +141,7 @@ def main():
file_size_dl += len(buffer)
f.write(buffer)
status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
- status = status + chr(8)*(len(status)+1)
+ status = status + chr(8) * (len(status) + 1)
print status,
f.close()
print "\nUpdates the malware DB."
@@ -123,10 +151,11 @@ def main():
def versionbanner():
print ""
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
- print "\t\t " + appname + ' v' + version
+ print "\n\t\t " + appname + ' v' + version + '\n'
print "Built by:\t\t" + authors
print "Is licensed under:\t" + licensev
- print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+ print "DB version:\t\t" + get_maldb_ver()
+ print "\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"
print fulllicense
print useage
@@ -141,9 +170,11 @@ def main():
print "Type: " + type_of_mal
print "Lang: " + pl
print "Search: " + search
+ print "Platform: " + plat
+ print "Architecture: " + arch
# Sort arrays
- def filter_array(array,colum,value):
+ def filter_array(array, colum, value):
ret_array = [row for row in array if value in row[colum]]
return ret_array
@@ -154,22 +185,12 @@ def main():
# print_results will surprisingly print the results...
def print_results(array):
- answer = array[column_for_uid] + "\t" + array[column_for_name]+ "\t" + array[column_for_version] + "\t\t"
+ answer = array[column_for_uid] + "\t" + array[column_for_name] + "\t" + array[column_for_version] + "\t\t"
answer += array[column_for_location] + "\t\t" + array[colomn_for_time]
print answer
- options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:', ['type=', 'language=', 'search=', 'help', 'update', 'version', 'dbv'])
-
- # Zeroing everything
- type_of_mal = ""
- pl = ""
- search = ""
- new = ""
- update = 0
- m=[];
- a = 0
- eula_answer = 'no'
- f = ""
+ options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:l:a:',
+ ['type=', 'language=', 'search=', 'help', 'update', 'version', 'dbv', 'platform=', 'arch='])
# Checking for EULA Agreement
a = check_eula_file()
@@ -199,7 +220,7 @@ def main():
print useage
sys.exit(1)
elif opt in ('-u', '--update'):
- update = 1
+ #update = 1 # removing the rebuild CSV function. in the move from 0.1 alpha to 0.2 beta
update_db()
elif opt in ('-v', '--version'):
versionbanner()
@@ -211,6 +232,10 @@ def main():
type_of_mal = arg
elif opt in ('-p', '--language'):
pl = arg
+ elif opt in ('-l', '--platform'):
+ plat = arg
+ elif opt in ('-a', '--arch'):
+ arch = arg
elif opt in ('-s', '--search'):
search = arg
elif opt in '--dbv':
@@ -235,11 +260,21 @@ def main():
# Filter by type
if len(type_of_mal) > 0:
- m = filter_array(m,column_for_type,type_of_mal)
+ m = filter_array(m, column_for_type, type_of_mal)
# Filter by programming language
if len(pl) > 0:
- m = filter_array(m,column_for_pl,pl)
+ m = filter_array(m, column_for_pl, pl)
+
+ # Filter by arch
+ if len(arch) > 0:
+ m = filter_array(m, column_for_arch, arch)
+
+ # Filter by platform
+ if len(plat) > 0:
+ m = filter_array(m, column_for_plat, plat)
+
+ checkargs()
# Free search handler
if len(search) > 0:
@@ -254,5 +289,6 @@ def main():
for line in m:
print_results(line)
+
if __name__ == "__main__":
main()
\ No newline at end of file