alexandreborges / malwoverview Goto Github PK

API configuration is ok，I want to solve this problem。

i have trying to run the tool one a example url and also try to get a report from a while but "Error While connecting to Viru Total" error is thrown

Cloning repo
Creating virtual env python 3.9.2(also tried with 3.12)
Installing requirements using pip install -r requirements.txt
then running
python .\malwoverview\malwoverview.py -d "c:\TestPath"

Its giving the error below, am I doing it wrong currently working to fix it but wanted to bring it up,
malwoverview\malwoverview.py", line 33, in
from malwoverview.modules.alienvault import AlienVaultExtractor
ModuleNotFoundError: No module named 'malwoverview.modules'; 'malwoverview' is not a package

Threatcrowd can not connect anymore. Is this because they are Alien vaults now? Will there be a fix for this?
Polyswarm also seems to have problem with the connection

I had a bunch of IP address which need to be scan. But I didn't found any command can do it. Am I missing the command or the script doesn't support it ?

Hi, this seems to be an awesome project! Congrats!

Would it be possible to add Any.Run for the following features:

• Show hash information
• Check suspect files
• Check URLs
• Download malware samples
• Submit malware samples (still unsure if this is a great idea as any.run main interest is to interact with malware submitted, but still...)
• List last suspected URLs
• List last payloads

Regards

I've registered for a Haus API key and added it to my .malwapi.conf file. I've tried running a query (-U) on a number of domains including the domain is the example:

malwoverview.py -U http://pusatppm.poltekkesbandung.com/wp-admin/report/b17892056589733xcz
cjkjvqctpr9v9sm/

The output from my queries is:

URLhaus Report

URL not found!

Queries using Virus Total (-u) works just fine. Any assistance would be appreciated. I look forward to using your tool!

Downloaded malwoverview-4.4.2.zip from the releases section @ github/alexandreborges/maloverview

PS> pip install -r requirements.txt
While installing dependencies on 3.10 in Windows 11 I got this error:

ERROR: Could not find a version that satisfies the requirement pathlib>=1.0.1 (from versions: 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.97, 1.0, 1.0.1)
ERROR: No matching distribution found for pathlib>=1.0.1

I am attempting to use pathlib2 instead (https://pypi.org/project/pathlib2/)

PS> pip install pathlib2

If you don't hear back from me I'll be knee-deep in malware samples.

That is all

Hi Alexander,

This is a great tool, and it can be improved quite a lot by refactoring and tweeking the code a little so that it can be easily maintainable and easy to follow up for someone who wants to improve.

As I'm going through the code I noticed a lot of places where the logics are shortcircuited, like in packed function, the condition n<3 will never reach, and the whole if conditions block can be replaced with a single return condition.

Also, in some functions there is a repeated code in both if and else conditions which can be easily refactored to make it less confusing and more self explanatory.

I'm making changes as I'm going through the code, so you can expect a pull request by tomorrow or day after tomorrow. Meanwhile I'm informing you for ensuring that you're not adding any new features or changing the existing code which can broke my pull request.

I've few more suggestions on how we can refactor the code into small pieces, which we can discuss if you're interested after I go through the complete code.

Have a good day.

Thanks & Regards,
Naveen Namani

When installing malwoverview, the .malwapi.conf file has typically been placed in lib/python3.8/site-packages/root/.malwapi.conf, however since v5.4.3, it's now located in lib/python3.8/site-packages/home/aborges/.malwapi.conf

This behavior is identical for 5.4.3 and 5.4.4, but does not exist in 5.4.2 or earlier. I believe this may have occurred during build time, where sudo may have been used previously, but was not for these builds.

Hi,

This is more of a question than an issue but malwoverview is just one massive file with what appears to be a bunch of different modules (VirusTotal, URLHaus, etc). Have you considered changing it to use a CLI framework such as Click or Typer to make it more modular and easier for people writing their own tools to use?

Greetings,
I am facing with the issue while trying to integrate my VT API key with the tool.

I inserted the API key in the config files in my home directory and everywhere else where malwapi.conf would be located just in case

Whenever I try to scan a hash it tells me that it can't connect VT database

The error message is as follows:

The problem code is as follows:

try to fix:


Operating normally:

running the cmd with both arg -u or -r returns back with error message "Error while connecting to Virus Total!" given that I am using Notebook terminal.

E.g.
https://developers.virustotal.com/reference/files-upload-url

I created a .malwapi.conf file in the home directory and now I get this :(

Originally posted by @streetracer87 in #17 (comment)

A suggestion (can support) to see if we could get the Wildfire service (Palo Alto Networks) added.
There is a maintain python package; https://pypi.org/project/pan-python/

And also lots of doco; https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-api/get-started-with-the-wildfire-api

e.g.

root@6842528c1fc7:~# panwfapi.py -K xxxxxxxxxxxxxxx --hash 0508558D3B683EE7A041B067FA80B5D5B51C56C2335F27549A2021905E7D8DCE --report -x

It would be great if the documentation from --help was included in the readme

Thank you!

Hi @alexandreborges,

Nice project 👍 I was looking at your project today and I have a small documentation proposal. I suggest having a dedicated changelog for the project. Would you be open to have one like it is documented in Keep a Changelog? It's easier to follow the changes and have a quick overview of the current changes, than scrolling through the readme, and it allows linking directly to the corresponding version's section.

What do you think?

Cheers
Andreas

command:
python malwoverview.py -v 6 -V 1.1.1.1 -c .malwapi.conf
output:

Traceback (most recent call last):
  File "malwoverview.py", line 11043, in <module>
    vtipwork(ipaddrvtx, urlipvt3)
  File "malwoverview.py", line 803, in vtipwork
    if('as_owner' in vttext['data']['attributes']):
KeyError: 'data'

Python 3.8.10

Python 2 will not be maintained past 2020 then I suggest swap for python 3.

This site: https://pythonconverter.com/ can help a lot!

While trying to execute malwoverview command on memorydump i.e .mem files the command to export to virus total doesnt seems to work.
Is there a way out such that the processes in a memory dump could be analyzed and exported to virus total or malshare?

Hello!
Why you used half of hybrid-analysis API with support SHA256 hash only? You can call first /search/hash API for all hash (MD5, SHA1, SHA256) to get SHA256 and use it for get /report/{SHA256}/summary.

See https://www.hybrid-analysis.com/docs/api/v2

flake8 testing of https://github.com/alexandreborges/malwoverview on Python 3.8.3

$ flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics

./malwoverview/malwoverview.py:1664:28: F821 undefined name 'polywarm'
                artifact = polywarm.download(DOWN_DIR, sha256)
                           ^
./malwoverview/malwoverview.py:5603:58: F821 undefined name 'package'
            print((mycolors.foreground.green + "%-08s" % package), end=' ')
                                                         ^
./malwoverview/malwoverview.py:6430:9: F821 undefined name 'alien_urls'
        alien_urls(urlalien,argx)
        ^
3     F821 undefined name 'polywarm'
3

https://flake8.pycqa.org/en/latest/user/error-codes.html

On the flake8 test selection, this PR does not focus on "style violations" (the majority of flake8 error codes that psf/black can autocorrect). Instead, these tests are focus on runtime safety and correctness:

• E9 tests are about Python syntax errors usually raised because flake8 can not build an Abstract Syntax Tree (AST). Often these issues are a sign of unused code or code that has not been ported to Python 3. These would be compile-time errors in a compiled language but in a dynamic language like Python, they result in the script halting/crashing on the user.
• F63 tests are usually about the confusion between identity and equality in Python. Use ==/!= to compare str, bytes, and int literals is the classic case. These are areas where a == b is True but a is b is False (or vice versa). Python >= 3.8 will raise SyntaxWarnings on these instances.
• F7 tests logic errors and syntax errors in type hints
• F82 tests are almost always undefined names which are usually a sign of a typo, missing imports, or code that has not been ported to Python 3. These also would be compile-time errors in a compiled language but in Python, a NameError is raised which will halt/crash the script on the user.

Nursing understudies face an extraordinary arrangement of difficulties that require a sensitive harmony between clinical practice and scholarly obligations. In this requesting climate, nursing composing administrations have arisen as a urgent emotionally supportive network, giving genuinely necessary help to understudies. These administrations offer masterfully made papers that satisfy scholarly guidelines as well as assist understudies with dealing with their time all the more really, upgrade how they might interpret complex points, and keep up with scholastic honesty. This paper investigates the multi-layered advantages of nursing composing administrations and their part in supporting nursing understudies' instructive and proficient excursions.

One of the essential benefits of nursing composing administrations is the arrangement of top caliber, well-informed scholastic papers. Nursing programs request a profound comprehension of clinical ideas and the capacity to verbalize these thoughts obviously recorded as a hard copy. Composing administrations utilize experts who are knowledgeable in nursing and scholastic composition, it is both precise and understandable to guarantee that the substance. This mastery permits understudies to submit papers that satisfy the thorough guidelines of their scholastic establishments, prompting better grades and a more profound comprehension of the topic.

Using time effectively is another basic region where nursing writing services demonstrate significant. Nursing understudies frequently shuffle clinical revolutions, talks, and individual responsibilities, allowing for broad examination and composing. The additional strain of fulfilling tight time constraints can prompt pressure and burnout. By re-appropriating composing undertakings to proficient administrations, understudies can save time to zero in on their clinical practice and other significant obligations. This designation assists understudies with fulfilling time constraints as well as advances a better balance between serious and fun activities, which is fundamental for their general prosperity and scholastic execution.

Additionally, nursing composing administrations offer customized help custom-made to the remarkable requirements of every understudy. Whether it is an exposition, research paper, contextual investigation, or exposition, these administrations furnish tweaked help that lines up with the particular prerequisites of the task. This individualized methodology is especially useful for understudies who might battle with specific parts of composing, like creating reasonable contentions, coordinating their papers, or complying to explicit arranging rules. By tending to these difficulties, composing administrations assist understudies with further developing their composing abilities and accomplish better scholarly results.

Nursing composing administrations likewise assume a critical part in advancing scholastic trustworthiness. Legitimate administrations accentuate the significance of innovation and appropriate reference, assisting understudies with staying away from counterfeiting and different types of scholarly wrongdoing. By giving direction on the most proficient method to reference sources accurately and foster unique substance, these administrations add to the scholarly and proficient uprightness of nursing understudies. This emphasis on moral composing rehearses is fundamental in cultivating a culture of trustworthiness and responsibility inside the nursing calling.

Also, nursing composing administrations offer important learning valuable open doors for understudies. Teaming up with proficient authors permits understudies to acquire bits of knowledge into powerful composing procedures, decisive reasoning, and scientific abilities. These abilities are fundamental for both scholarly achievement and expert practice. Clear and powerful correspondence is essential in nursing, whether it includes composing patient reports, creating care plans, or directing exploration. The mentorship and direction given by composing administrations can improve understudies' abilities to compose and set them up for fruitful professions in nursing.

All in all, nursing composing administrations are irreplaceable devices that help nursing understudies in their scholar and expert excursions. By giving superior grade, customized help, these administrations assist understudies with dealing with their time actually, diminish pressure, and make scholarly progress. They advance moral composing practices and proposition important opportunities for growth that add to the improvement of fundamental abilities. As the requests of nursing training keep on advancing, the help given by nursing composing administrations stays basic in assisting understudies with exploring their scholarly obligations and get ready for their future professions in medical care.

My primary use-case for malwoverview would be to download a hash by name from whatever services had it available. I'd love to have an option to simply provide the sha256 and have the script try all services for which I have API keys included until a download is found. Is this a feature you'd consider accepting a PR for or adding yourself?

Unrelated (happy to file a separate issue but don't want to spam you with too many requests!): have you considered using pathlib.Path so you don't have to do things like https://github.com/alexandreborges/malwoverview/blob/master/malwoverview/malwoverview.py#L68-L74 ?

Config file appears not being used in pip version of malwoverview (2.0.8), which forces end user to provide API keys directly in malwoverview to work with tool. (In my case it worked as temporary workaround)

Right now the app only performs one operation at a time and even with a private key for VirusTotal it is very time consuming to lookup say 100 files or even more so 5000 files.

It seems like the logic of what to do with a file/URL (which functions and checks to run) should be outside of main in their own Class(es) or Functions with the arguments on which functions to run passed along as kwargs or whatnot, and then let main handle dispatching files/URLs for multiprocessing or multithreading if the number of files is above some arbitrary or user defined limit.

Is this something you’d be interested in implementing? I can help with (or directly submit) the PR. Just think it’d be super useful to speed up private key lookups

good day!

please help me fix it(