Beta of Beta

2026-02-20 13:50:45 +00:00 · 2014-01-20 10:21:05 +02:00
parent c666672135
commit e2ae3ccb25
5 changed files with 259 additions and 167 deletions
--- a/Rebuild_CSV.sh
+++ b/Rebuild_CSV.sh
@@ -8,22 +8,22 @@ red_min='\e[01;31m[-]\e[00m'
 # This file rebuilds the index.csv file based on the local index.log file in each folder.

 # Backup previous 
-mv index.csv Index.Backup.csv
+mv conf/index.csv conf/Index.Backup.csv

 # finds all index.log files:

 find `pwd` -name 'index.log' > /tmp/indexrebuild.tmp
-touch index.csv
+touch conf/index.csv
 i=1
 cat /tmp/indexrebuild.tmp | while read file ; do
 	let string="$i"
 	string="$string,`echo "$file"`,`cat "$file"`,"
 	echo -e "$green_plus $i was added successfully"
-	echo "$string" >> index.csv
+	echo "$string" >> conf/index.csv
 	let i=i+1
 done

-linesofdb=`wc -l < index.csv`
+linesofdb=`wc -l < conf/index.csv`

 if [ $linesofdb = 0 ]; then
 	echo ""
--- a/conf/db.ver
+++ b/conf/db.ver
@@ -0,0 +1 @@
+140120141400
--- a/conf/eula_run.conf
+++ b/conf/eula_run.conf
@@ -0,0 +1 @@
+YES
--- a/conf/index.csv
+++ b/conf/index.csv
@@ -0,0 +1,28 @@
+1,Source/Original/Dokan - Dec 2008/index.log,__,Dokan,unknown,unknown,c,12/2008,
+2,Source/Original/NBot - July 2008/index.log,botnet,NBot,unknown,unknown,cpp,07/2008,
+3,Source/Original/ShadowBot v3 - March 2007/index.log,botnet,ShadowBot,3,unknown,cpp,03/2007,
+4,Source/Original/rBot 0.3.3 - May 2004/index.log,botnet,rBot,0.3.3,unknown,cpp,05/2004,
+5,Source/Original/ZeuS 2.0.8.9 - Feb 2013/index.log,botnet,ZeuS,2.0.8.9,unknown,c,02/2013,
+6,Source/Original/X0R-USB - Virus Version - Jan 2009/index.log,virus,X0R-USB-Virus,unknown,unknown,c,01/2009,
+7,Source/Original/LoexBot1.3 - Sep 2008/index.log,botnet,LoexBot,1.3,unknown,cpp,09/2008,
+8,Source/Original/ZunkerBot 1.4.5 - Sep 2007/index.log,botnet,ZunkerBot,1.4.5,unknown,php,09/2007,
+9,Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/index.log,botnet,DopeBot-UnCrippled,0.22,unknown,cpp,02/2007,
+10,Source/Original/vbBot - Jan 2007/index.log,botnet,vbBot,unknown,unknown,vb,01/2007,
+11,Source/Original/xTBot 0.0.2 - 2 Feb 2002/index.log,botnet,xTBot,0.0.2,unknown,cpp,02/2002,
+12,Source/Original/VBS.Win32.Vabian - Unknown/index.log,VBS-Worm,VBS.Win32.Vabian,unknown,unknown,vb,unknown,
+13,Source/Original/DopeBot v0.22 Crippled- Feb 2007/index.log,botnet,DopeBot-Crippled,0.22,unknown,cpp,02/2007,
+14,Source/Original/Win32.MiniPig - Nov 2006/index.log,Worm,Win32.MiniPig,unknown,unknown,c,11/2006,
+15,Source/Original/HellBot v3.0 - 10 June 2005/index.log,botnet,Hellbot,3.0,unknown,cpp,06/2005,
+16,Source/Original/Win32.ogw0rm - Nov 2008/index.log,Worm,Win32.ogwOrm,unknown,unknown,cpp,11/2008,
+17,Source/Original/DopeBot.B - Dec 2004/index.log,botnet,DopeBot.B,unknown,unknown,cpp,12/2004,
+18,Source/Original/LiquidBot - May 2005/index.log,botnet,LiquidBot,unknown,unknown,cpp,05/2005,
+19,Source/Original/SpazBot 2.12 - June 2007/index.log,botnet,SpazBot,2.12,unknown,vb,06/2007,
+20,Source/Original/DBot v3.1 - March 2007/index.log,botnet,DBot,3.1,unknown,c,03/2007,
+21,Source/Original/CyberBot v2.2 - October 2006/index.log,botnet,CyberBot,2.2,unknown,cpp,10/2006,
+22,Source/Original/DopeBot.A - Dec 2004/index.log,botnet,DopeBot.A,unknown,unknown,cpp,12/2004,
+23,Source/Original/MyDoom.A - Jan 2004/index.log,__,MyDoom.A,unknown,unknown,c,01/2004,
+24,Source/Original/ShadowBot - Sep 2008/index.log,botnet,ShadowBot,unknown,unknown,cpp,09/2008,
+25,Binaries/CryptoLocker Ransomware 20th Nov 2013/index.log,3,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,
+26,Binaries/CryptoLocker Ransomware 10th Sep 2013/index.log,2,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,
+27,Binaries/IllusionBot - May 2007/index.log,4,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,
+28,Binaries/AndroRat - 6 Dec 2013/index.log,1,botnet,AndroRat,Unknown,Unknown,java,06/12/2013,
--- a/malware-db.py
+++ b/malware-db.py
@@ -16,179 +16,241 @@
    #You should have received a copy of the GNU General Public License
    #along with this program.  If not, see <http://www.gnu.org/licenses/>.

-__version__ = "0.1 Alpha"
+__version__ = "0.2 Beta"
 __appname__ = "Malware DB"
-__authors__ = ["Yuval Nativ","Lahad Ludar","5fingers"]
+__authors__ = ["Yuval Nativ", "Lahad Ludar", "5fingers"]
 __licensev__ = "GPL v3.0"
-__maintainer = "Yuval Nativ"
+__maintainer__ = "Yuval Nativ"
 __status__ = "Development"

-
 import sys
 import getopt
-import os
-import inspect
 import subprocess
 import csv
+import urllib2
+# import git
+#import os
+#import inspect
+

 def main():
-	
-	# Set general variables. 
-	version='0.1 Alpha'
-	appname="Malware DB"
-	authors="Yuval Nativ, Lahad Ludar, 5fingers"
-	licensev="GPL v3.0"
-	fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
-	fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
-	fulllicense += "This is free software, and you are welcome to redistribute it."
-	
-	useage='\nUsage: ' + sys.argv[0] +  ' -s search_query -t trojan -p vb\n\n'
-	useage+='The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n   -h  --help\t\tShow this message\n   -t  --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n   -p  --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n   -u  --update\t\tUpdate malware index. Rebuilds main CSV file. \n   -s  --search\t\tSearch query for name or anything. \n   -v  --version\tPrint the version information.\n   -w\t\t\tPrint GNU license.\n'
-	
-	column_for_pl=6
-	column_for_type=2
-	column_for_location=1
-	colomn_for_time=7
-	column_for_version=4
-	column_for_name=3
-	column_for_uid=0
-	column_for_arch=8
-	column_for_plat=9
-	eula_file='eula_run.conf'
-	
-	def print_license():
-		print ""
-		print fulllicense
-		print ""
-	
-	def check_eula_file():
-		try:
-			with open(eula_file):
-				return 1
-		except IOError:
-			return 0
-	
-	def versionbanner():
-		print ""
-		print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
-		print "\t\t    " + appname + ' v' + version
-		print "Built by:\t\t" + authors
-		print "Is licensed under:\t" + licensev
-		print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
-		print fulllicense
-		print useage
-	
-	def checkresults(array):
-		if len(array) == 0:
-			print "No results found\n\n"
-			sys.exit(1)
-	
-	def checkargs():
-		print "Type: " + type_of_mal 
-		print "Lang: " + pl 
-		print "Search: " + search
-		
-	def filter_array(array,colum,value):
-		ret_array = [row for row in array if value in row[colum]]
-		return ret_array
-		
-	def res_banner():
-		# A function to print banner header
-		print "\nUID\tName\t\tVersion\t\tLocation\t\tTime"
-		print "---\t----\t\t-------\t\t--------\t\t----"
-		
-	def print_results(array):
-		# print_results will suprisingly print the results...
-		answer = array[column_for_uid] + "\t" + array[column_for_name]+ "\t" + array[column_for_version] + "\t\t" 
-		answer += array[column_for_location] + "\t\t" + array[colomn_for_time]
-		print answer
-		
-	options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:', ['type=', 'language=', 'search=', 'help', 'update', 'version' ])
-	
-	# Zeroing everything
-	type_of_mal = ""
-	pl = ""
-	search = ""
-	new =""
-	update=0
-	m=[];
-	a=0
-	eula_answer='no'
-	
-	# Checking for EULA Agreement
-	a = check_eula_file()
-	if a == 0:
-		print appname + ' v' + version
-		print 'This program contain live and dangerous malware files' 
-		print 'This program is intended to be used only for malware analysis and research'
-		print 'and by agreeing the EULA you agree to only use it for legal purposes and '
-		print 'studying malware.'
-		print 'You understand that these file are dangerous and should only be run on VMs'
-		print 'you can control and know how to handle. Running them on a live system will'
-		print 'infect you machines will live and dangerous malwares!.'
-		print ''
-		eula_answer = raw_input('Type YES in captial letters to accept this EULA.\n')
-		if eula_answer == 'YES':
-			print 'you types YES'
-			new = open(eula_file, 'a')
-			new.write(eula_answer)
-		else:
-			print 'You need to accept the EULA.\nExiting the program.'
-			sys.exit(1)
-	
-	# Get arguments
-	for opt, arg in options:
-		if opt in ('-h','--help'):
-			print fulllicense
-			print useage
-			sys.exit(1)
-		elif opt in ('-u', '--update'):
-			update=1
-		elif opt in ('-v', '--version'):
-			versionbanner()
-			sys.exit(1)
-		elif opt in ('-w'):
-			print_license()
-			sys.exit(1)
-		elif opt in ('-t', '--type'):
-			type_of_mal = arg
-		elif opt in ('-p', '--language'):
-			pl = arg
-		elif opt in ('-s', '--search'):
-			search = arg
-	
-	# Rebuild CSV
-	if update == 1:
-		subprocess.call("./Rebuild_CSV.sh", shell=True)
-		sys.exit(1)
-		
-	# Take index.csv and convert into array m
-	csvReader = csv.reader(open('index.csv', 'rb'), delimiter=',');
-	for row in csvReader:
-		m.append(row);
-	
-	# Filter by type
-	if len(type_of_mal) > 0:
-		m = filter_array(m,column_for_type,type_of_mal)
-		
-	# Filter by programming language
-	if len(pl) > 0:
-		m = filter_array(m,column_for_pl,pl)
-		
-	# Free search handler
-	if len(search) > 0:
-		res_banner()
-		matching =  [y for y in m if search in y]
-		for line in matching:
-			checkresults(matching)
-			print_results(line)
-			
-	if len(search) <= 0:
-		res_banner()
-		for line in m:
-			print_results(line)

+    # Set general variables.
+    version = __version__
+    appname = __appname__
+    licensev = __licensev__
+    authors = "Yuval Nativ, Lahad Ludar, 5fingers"
+    fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
+    fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
+    fulllicense += "This is free software, and you are welcome to redistribute it."
+
+    useage='\nUsage: ' + sys.argv[0] +  ' -s search_query -t trojan -p vb\n\n'
+    useage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n   -h  --help\t\tShow this message\n   -t  --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n   -p  --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n   -u  --update\t\tUpdate malware index. Rebuilds main CSV file. \n   -s  --search\t\tSearch query for name or anything. \n   -v  --version\tPrint the version information.\n   -w\t\t\tPrint GNU license.\n'
+
+    column_for_pl = 6
+    column_for_type = 2
+    column_for_location = 1
+    colomn_for_time = 7
+    column_for_version = 4
+    column_for_name = 3
+    column_for_uid = 0
+    column_for_arch = 8
+    column_for_plat = 9
+    conf_folder = 'conf'
+    eula_file = conf_folder + '/eula_run.conf'
+    maldb_ver_file = conf_folder + '/db.ver'
+    main_csv_file = conf_folder + '/index.csv'
+    giturl = 'https://raw.github.com/ytisf/theZoo/master/'
+
+    # Function to print license of malware-db
+    def print_license():
+        print ""
+        print fulllicense
+        print ""
+
+    # Check if EULA file has been created
+    def check_eula_file():
+        try:
+            with open(eula_file):
+                return 1
+        except IOError:
+                return 0
+
+    def get_maldb_ver():
+        try:
+            with file(maldb_ver_file) as f:
+                return f.read()
+        except IOError:
+            print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
+            return 0
+
+    def update_db():
+        curr_maldb_ver = get_maldb_ver()
+        response = urllib2.urlopen(giturl+maldb_ver_file)
+        new_maldb_ver = response.read()
+        if new_maldb_ver == curr_maldb_ver:
+            print "No need for an update.\nYou are at " + new_maldb_ver + " which is the latest version."
+            sys.exit(1)
+
+        # Write the new DB version into the file
+        f = open(maldb_ver_file, 'w')
+        f.write(new_maldb_ver)
+        f.close()
+        
+        # Get the new CSV and update it
+        csvurl = giturl + main_csv_file
+        u = urllib2.urlopen(csvurl)
+        f = open(main_csv_file, 'wb')
+        meta = u.info()
+        file_size = int(meta.getheaders("Content-Length")[0])
+        print "Downloading: %s Bytes: %s" % (main_csv_file, file_size)
+        file_size_dl = 0
+        block_sz = 8192
+        while True:
+            buffer = u.read(block_sz)
+            if not buffer:
+                break
+            file_size_dl += len(buffer)
+            f.write(buffer)
+            status = r"%10d  [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
+            status = status + chr(8)*(len(status)+1)
+        print status,
+        f.close()
+
+    # prints version banner on screen
+    def versionbanner():
+        print ""
+        print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+        print "\t\t    " + appname + ' v' + version
+        print "Built by:\t\t" + authors
+        print "Is licensed under:\t" + licensev
+        print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+        print fulllicense
+        print useage
+
+    # Check if maybe no results have been found
+    def checkresults(array):
+        if len(array) == 0:
+            print "No results found\n\n"
+            sys.exit(1)
+
+    # Check to needed arguments - left for debugging
+    def checkargs():
+        print "Type: " + type_of_mal
+        print "Lang: " + pl
+        print "Search: " + search
+
+    # Sort arrays
+    def filter_array(array,colum,value):
+        ret_array = [row for row in array if value in row[colum]]
+        return ret_array
+
+    # A function to print banner header
+    def res_banner():
+        print "\nUID\tName\t\tVersion\t\tLocation\t\tTime"
+        print "---\t----\t\t-------\t\t--------\t\t----"
+
+    # print_results will surprisingly print the results...
+    def print_results(array):
+        answer = array[column_for_uid] + "\t" + array[column_for_name]+ "\t" + array[column_for_version] + "\t\t"
+        answer += array[column_for_location] + "\t\t" + array[colomn_for_time]
+        print answer
+
+    options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:', ['type=', 'language=', 'search=', 'help', 'update', 'version', 'dbv'])
+
+    # Zeroing everything
+    type_of_mal = ""
+    pl = ""
+    search = ""
+    new = ""
+    update = 0
+    m=[];
+    a = 0
+    eula_answer = 'no'
+    f = ""
+
+    # Checking for EULA Agreement
+    a = check_eula_file()
+    if a == 0:
+        print appname + ' v' + version
+        print 'This program contain live and dangerous malware files'
+        print 'This program is intended to be used only for malware analysis and research'
+        print 'and by agreeing the EULA you agree to only use it for legal purposes and '
+        print 'studying malware.'
+        print 'You understand that these file are dangerous and should only be run on VMs'
+        print 'you can control and know how to handle. Running them on a live system will'
+        print 'infect you machines will live and dangerous malwares!.'
+        print ''
+        eula_answer = raw_input('Type YES in capital letters to accept this EULA.\n')
+        if eula_answer == 'YES':
+            print 'you types YES'
+            new = open(eula_file, 'a')
+            new.write(eula_answer)
+        else:
+            print 'You need to accept the EULA.\nExiting the program.'
+            sys.exit(1)
+
+    # Get arguments
+    for opt, arg in options:
+        if opt in ('-h', '--help'):
+            print fulllicense
+            print useage
+            sys.exit(1)
+        elif opt in ('-u', '--update'):
+            update = 1
+            update_db()
+        elif opt in ('-v', '--version'):
+            versionbanner()
+            sys.exit(1)
+        elif opt in '-w':
+            print_license()
+            sys.exit(1)
+        elif opt in ('-t', '--type'):
+            type_of_mal = arg
+        elif opt in ('-p', '--language'):
+            pl = arg
+        elif opt in ('-s', '--search'):
+            search = arg
+        elif opt in '--dbv':
+            # Getting version of malware-DB's database
+            a = get_maldb_ver()
+            if a == 0:
+                sys.exit(0)
+            elif len(a) > 0:
+                print ''
+                print "Malware-DB Database's version is: " + a
+                sys.exit()
+
+    # Rebuild CSV
+    if update == 1:
+        subprocess.call("./Rebuild_CSV.sh", shell=True)
+        sys.exit(1)
+
+    # Take index.csv and convert into array m
+    csvReader = csv.reader(open(main_csv_file, 'rb'), delimiter=',');
+    for row in csvReader:
+        m.append(row)
+
+    # Filter by type
+    if len(type_of_mal) > 0:
+        m = filter_array(m,column_for_type,type_of_mal)
+
+    # Filter by programming language
+    if len(pl) > 0:
+        m = filter_array(m,column_for_pl,pl)
+
+    # Free search handler
+    if len(search) > 0:
+        res_banner()
+        matching = [y for y in m if search in y]
+        for line in matching:
+            checkresults(matching)
+            print_results(line)
+
+    if len(search) <= 0:
+        res_banner()
+        for line in m:
+            print_results(line)

 if __name__ == "__main__":
-	main()
-	
+    main()