diff --git a/.gitignore b/.gitignore
index ccb0ded..6195c6d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,3 +33,6 @@ develop-eggs/
# Installer logs
pip-log.txt
+
+imports/*.pyd
+imports/*.pyc
diff --git a/imports/terminal_handler.py b/imports/terminal_handler.py
index 9830f24..21928b0 100644
--- a/imports/terminal_handler.py
+++ b/imports/terminal_handler.py
@@ -2,9 +2,9 @@ import re
import sys
import rlcompleter
try:
- import readline
+ import readline
except ImportError:
- from imports import winreadline as readline
+ from imports import winreadline as readline
from imports import globals
from imports import manysearches
@@ -14,171 +14,180 @@ from imports.colors import *
# Compatilibility to Python3
if sys.version_info.major == 3:
- raw_input = input
+ raw_input = input
elif sys.version_info.major == 2:
- pass
+ pass
else:
- sys.stderr.write("What kind of sorcery is this?!\n")
+ sys.stderr.write("What kind of sorcery is this?!\n")
class Controller:
- def __init__(self):
- self.modules = None
- self.currentmodule = None
- self.db = db_handler.DBHandler()
- self.commands = [("search", "Search for malwares according to a filter,\n\t\t\te.g 'search cpp worm'."),
- ("list all", "Lists all available modules"),
- ("use", "Selects a malware by ID"),
- ("info", "Retreives information about malware"),
- ("get", "Downloads selected malware"),
- ("report-mal", "Report a malware you found"),
- ("update-db", "Updates the databse"),
- ("help", "Displays this help..."),
- ("exit", "Exits...")]
+ def __init__(self):
+ self.modules = None
+ self.currentmodule = None
+ self.db = db_handler.DBHandler()
+ self.commands = [("search", "Search for malwares according to a filter,\n\t\t\te.g 'search cpp worm'."),
+ ("list all", "Lists all available modules"),
+ ("use", "Selects a malware by ID"),
+ ("info", "Retreives information about malware"),
+ ("get", "Downloads selected malware"),
+ ("report-mal", "Report a malware you found"),
+ ("update-db", "Updates the databse"),
+ ("help", "Displays this help..."),
+ ("exit", "Exits...")]
- self.commandsWithoutDescription = {'search': '', 'list all': '', 'use': '', 'info': '',
- 'get': '', 'report-mal': '', 'update-db': '', 'help': '', 'exit': ''}
+ self.commandsWithoutDescription = {'search': '', 'list all': '', 'use': '', 'info': '',
+ 'get': '', 'report-mal': '', 'update-db': '', 'help': '', 'exit': ''}
- self.searchmeth = [("arch", "which architecture etc; x86, x64, arm7 so on..."),
- ("plat",
- "platform: win32, win64, mac, android so on..."),
- ("lang", "c, cpp, vbs, bin so on..."),
- ("vip", "1 or 0")]
+ self.searchmeth = [("arch", "which architecture etc; x86, x64, arm7 so on..."),
+ ("plat",
+ "platform: win32, win64, mac, android so on..."),
+ ("lang", "c, cpp, vbs, bin so on..."),
+ ("vip", "1 or 0")]
- self.modules = self.GetPayloads()
- completer = globals.Completer(self.commandsWithoutDescription)
+ self.modules = self.GetPayloads()
+ completer = globals.Completer(self.commandsWithoutDescription)
- readline.parse_and_bind("tab: complete")
- readline.set_completer(completer.complete)
+ readline.parse_and_bind("tab: complete")
+ readline.set_completer(completer.complete)
- def GetPayloads(self):
- return self.db.get_full_details()
+ def GetPayloads(self):
+ return self.db.get_full_details()
- def MainMenu(self):
- # This will give you the nice prompt you like so much
- while (True): # Dont hate, affiliate
- try:
- if self.currentmodule is not None:
- just_print = self.db.query("SELECT NAME FROM Malwares WHERE ID=?", self.currentmodule)[0][0]
- cmd = raw_input(
- bold(green('mdb ')) + bold(blue(just_print)) + green('#> ')).strip()
- else:
- cmd = raw_input(
- bold(green('mdb ')) + green('#> ')).strip()
- except KeyboardInterrupt:
- print(bold(blue("\n\n[*]")) + " Hope you enjoyed your visit at" + bold(red(" theZoo")) + "!")
- exit()
+ def MainMenu(self):
+ # This will give you the nice prompt you like so much
+ while (True): # Dont hate, affiliate
+ try:
+ if self.currentmodule is not None:
+ try:
+ just_print = self.db.query("SELECT NAME FROM Malwares WHERE ID=?", self.currentmodule)[0][0]
+ cmd = raw_input(
+ bold(green('mdb ')) + bold(blue(just_print)) + green('#> ')).strip()
+ except:
+ self.currentmodule = None
+ print("You have chosen an index that is out of scope...")
+ break
+
+ else:
+ cmd = raw_input(
+ bold(green('mdb ')) + green('#> ')).strip()
+ except KeyboardInterrupt:
+ print(bold(blue("\n\n[*]")) + " Hope you enjoyed your visit at" + bold(red(" theZoo")) + "!")
+ exit()
- self.actOnCommand(cmd)
+ self.actOnCommand(cmd)
- def actOnCommand(self, cmd):
- try:
- while cmd == "":
- return
+ def actOnCommand(self, cmd):
+ try:
+ while cmd == "":
+ return
- if cmd == 'help':
- print(" Available commands:\n")
- for (cmd, desc) in self.commands:
- print("\t%s\t%s" % ('{0: <12}'.format(cmd), desc))
- print('')
- return
+ if cmd == 'help':
+ print(" Available commands:\n")
+ for (cmd, desc) in self.commands:
+ print("\t%s\t%s" % ('{0: <12}'.format(cmd), desc))
+ print('')
+ return
- # Checks if normal or freestyle search
- if re.match('^search', cmd):
- manySearch = manysearches.MuchSearch()
- try:
- args = cmd.rsplit(' ')[1:]
- manySearch.sort(args)
- except:
- print(red('[!]') + 'Uh oh, Invalid query.')
- return
+ # Checks if normal or freestyle search
+ if re.match('^search', cmd):
+ manySearch = manysearches.MuchSearch()
+ try:
+ args = cmd.rsplit(' ')[1:]
+ manySearch.sort(args)
+ except:
+ print(red('[!]') + 'Uh oh, Invalid query.')
+ return
- if cmd == 'exit':
- sys.exit(1)
+ if cmd == 'exit':
+ sys.exit(1)
- if cmd == 'update-db':
- update_handler = Updater()
- db_ver = update_handler.get_maldb_ver()
- update_handler.update_db(db_ver)
- return
+ if cmd == 'update-db':
+ update_handler = Updater()
+ db_ver = update_handler.get_maldb_ver()
+ update_handler.update_db(db_ver)
+ return
- if cmd == 'report-mal':
- rprt_name = raw_input("Name of malware: ")
- rprt_type = raw_input("Type of malware: ")
- rprt_version = raw_input("Version: ")
- rprt_lang = raw_input("Language: ")
- rprt_src = raw_input("Source / Binary (s/b): ")
- rprt_arch = raw_input("Win32, ARM etc. ? ")
- rprt_reporter = raw_input(
- "Your name for a thank you note on theZoo.\n"
- "Please notice that this will be public!\n\nName: ")
- rprt_comments = raw_input("Comments? ")
+ if cmd == 'report-mal':
+ rprt_name = raw_input("Name of malware: ")
+ rprt_type = raw_input("Type of malware: ")
+ rprt_version = raw_input("Version: ")
+ rprt_lang = raw_input("Language: ")
+ rprt_src = raw_input("Source / Binary (s/b): ")
+ rprt_arch = raw_input("Win32, ARM etc. ? ")
+ rprt_reporter = raw_input(
+ "Your name for a thank you note on theZoo.\n"
+ "Please notice that this will be public!\n\nName: ")
+ rprt_comments = raw_input("Comments? ")
- report = ("//%s//\n" % rprt_name)
- report += ("///type/%s///\n" % rprt_type)
- report += ("///ver/%s///\n" % rprt_version)
- report += ("///lang/%s///\n" % rprt_lang)
- report += ("///src/%s///\n" % rprt_src)
- report += ("///arch/%s///\n" % rprt_arch)
- report += ("//reporter/%s//\n" % rprt_reporter)
- report += ("//comments/%s//\n" % rprt_comments)
+ report = ("//%s//\n" % rprt_name)
+ report += ("///type/%s///\n" % rprt_type)
+ report += ("///ver/%s///\n" % rprt_version)
+ report += ("///lang/%s///\n" % rprt_lang)
+ report += ("///src/%s///\n" % rprt_src)
+ report += ("///arch/%s///\n" % rprt_arch)
+ report += ("//reporter/%s//\n" % rprt_reporter)
+ report += ("//comments/%s//\n" % rprt_comments)
- # Just to avoid bots spamming us...
- email = "info"
- email += "\x40"
- email += "morirt\x2ecom"
- print("-------------- Begin of theZoo Report --------------")
- print(report)
- print("-------------- Ending of theZoo Report --------------")
- print("To avoid compromising your privacy we have chose this method of reporting.")
- print("If you have not stated your name we will not write a thanks in our README.")
- print("Your email will remain private in scenario and will not be published.")
- print("")
- print("Please create an archive file with the structure described in the README file")
- print("And attach it to the email. ")
- print("Please send this report to %s" % email)
+ # Just to avoid bots spamming us...
+ email = "info"
+ email += "\x40"
+ email += "morirt\x2ecom"
+ print("-------------- Begin of theZoo Report --------------")
+ print(report)
+ print("-------------- Ending of theZoo Report --------------")
+ print("To avoid compromising your privacy we have chose this method of reporting.")
+ print("If you have not stated your name we will not write a thanks in our README.")
+ print("Your email will remain private in scenario and will not be published.")
+ print("")
+ print("Please create an archive file with the structure described in the README file")
+ print("And attach it to the email. ")
+ print("Please send this report to %s" % email)
- return
+ return
- if cmd == 'get':
- update_handler = Updater()
- try:
- update_handler.get_malware(self.currentmodule)
- except:
- print(red('[-] ') + 'Error getting malware.')
- return
- # If used the 'use' command
- if re.match('^use', cmd):
- try:
- cmd = re.split('\s+', cmd)
- self.currentmodule = int(cmd[1])
- cmd = ''
- except TypeError:
- print('Please enter malware ID')
- except:
- print('The use method needs an argument.')
- return
+ if cmd == 'get':
+ update_handler = Updater()
+ try:
+ update_handler.get_malware(self.currentmodule)
+ except:
+ print(red('[-] ') + 'Error getting malware.')
+ return
+ # If used the 'use' command
+ if re.match('^use', cmd):
+ try:
+ cmd = re.split('\s+', cmd)
+ try:
+ self.currentmodule = int(cmd[1])
+ except IndexError:
+ print("You have chosen an index that is out of DB scale.")
+ cmd = ''
+ except TypeError:
+ print('Please enter malware ID')
+ except:
+ print('The use method needs an argument [int].')
+ return
- if cmd == 'list all':
- print("\nAvailable Payloads:")
- manySearch = manysearches.MuchSearch()
- manySearch.print_payloads(self.db.get_mal_list(), ["%", "Name", "Type"])
- return
+ if cmd == 'list all':
+ print("\nAvailable Payloads:")
+ manySearch = manysearches.MuchSearch()
+ manySearch.print_payloads(self.db.get_mal_list(), ["%", "Name", "Type"])
+ return
- if cmd == 'info':
- if self.currentmodule is None:
- print(red("[!] ") + "First select a malware using the \'use\' command")
- return
- m = self.db.get_mal_info(self.currentmodule)
- manySearch = manysearches.MuchSearch()
- manySearch.print_payloads(m, ["%", "Name", "Ver.", "Author", "Lang", "Date", "Arch.", "Plat.", "Tags"])
- return
+ if cmd == 'info':
+ if self.currentmodule is None:
+ print(red("[!] ") + "First select a malware using the \'use\' command")
+ return
+ m = self.db.get_mal_info(self.currentmodule)
+ manySearch = manysearches.MuchSearch()
+ manySearch.print_payloads(m, ["%", "Name", "Ver.", "Author", "Lang", "Date", "Arch.", "Plat.", "Tags"])
+ return
- if cmd == 'quit':
- print(":(")
- sys.exit(1)
+ if cmd == 'quit':
+ print(":(")
+ sys.exit(1)
- except KeyboardInterrupt:
- print("\n\nI'll just go now...")
- sys.exit()
+ except KeyboardInterrupt:
+ print("\n\nI'll just go now...")
+ sys.exit()
diff --git a/imports/update_handler.py b/imports/update_handler.py
index 188c977..ea2ed39 100644
--- a/imports/update_handler.py
+++ b/imports/update_handler.py
@@ -1,32 +1,33 @@
#!/usr/bin/env python
- # Malware DB - the most awesome free malware database on the air
- # Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+ # Malware DB - the most awesome free malware database on the air
+ # Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
- # This program is free software: you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation, either version 3 of the License, or
- #(at your option) any later version.
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ #(at your option) any later version.
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ # GNU General Public License for more details.
- # You should have received a copy of the GNU General Public License
- # along with this program. If not, see .
+ # You should have received a copy of the GNU General Public License
+ # along with this program. If not, see .
import sys
+
from os import remove, rename
# Compatilibility to Python3
if sys.version_info.major == 3:
- from urllib.request import urlopen
+ from urllib.request import urlopen
elif sys.version_info.major == 2:
- from urllib2 import urlopen
- import urllib2
+ from urllib2 import urlopen
+ import urllib2
else:
- sys.stderr.write("What kind of sorcery is this?!\n")
+ sys.stderr.write("What kind of sorcery is this?!\n")
from imports import globals
from imports import db_handler
@@ -34,94 +35,104 @@ from imports.colors import *
class Updater:
- def __init__(self):
- self.db = db_handler.DBHandler()
+ def __init__(self):
+ self.db = db_handler.DBHandler()
- def get_maldb_ver(self):
- '''
- Get current malwareDB version and see if we need an update
- '''
- try:
- with file(globals.vars.maldb_ver_file) as f:
- return f.read()
- except IOError:
- print(
- "No malware DB version file found.\nPlease try to git clone the repository again.\n")
- return 0
+ def get_maldb_ver(self):
+ '''
+ Get current malwareDB version and see if we need an update
+ '''
+ try:
+ with file(globals.vars.maldb_ver_file) as f:
+ return f.read()
+ except IOError:
+ print(
+ "No malware DB version file found.\nPlease try to git clone the repository again.\n")
+ return 0
- def update_db(self, curr_db_version):
- '''
- Just update the database from GitHub
- :return:
- '''
- if globals.vars.DEBUG_LEVEL is 1:
- print(locals())
- response = urlopen(
- globals.vars.giturl_dl + globals.vars.maldb_ver_file)
- new_maldb_ver = response.read()
- if new_maldb_ver == curr_db_version:
- print(green('[+]') + " theZoo is up to date.\n" + green('[+]') + " You are at " + new_maldb_ver + " which is the latest version.")
- return
+ def update_db(self, curr_db_version):
+ '''
+ Just update the database from GitHub
+ :return:
+ '''
+ if globals.vars.DEBUG_LEVEL is 1:
+ print(locals())
+ response = urlopen(
+ globals.vars.giturl_dl + globals.vars.maldb_ver_file)
+ new_maldb_ver = response.read()
+ if new_maldb_ver == curr_db_version:
+ print(green('[+]') + " theZoo is up to date.\n" + green('[+]') + " You are at " + new_maldb_ver + " which is the latest version.")
+ return
- print(red('[+]') + " A newer version is available: " + new_maldb_ver + "!")
- print(red('[+]') + " Updating...")
+ print(red('[+]') + " A newer version is available: " + new_maldb_ver + "!")
+ print(red('[+]') + " Updating...")
- # Get the new DB and update it
+ # Get the new DB and update it
- self.download_from_repo(globals.vars.db_path)
- self.db.close_connection()
- remove(globals.vars.db_path)
- rename("maldb.db", globals.vars.db_path)
- self.db.renew_connection()
+ self.download_from_repo(globals.vars.db_path)
+ self.db.close_connection()
+ remove(globals.vars.db_path)
+ rename("maldb.db", globals.vars.db_path)
+ self.db.renew_connection()
- # Write the new DB version into the file
+ # Write the new DB version into the file
- f = open(globals.vars.maldb_ver_file, 'w')
- f.write(new_maldb_ver)
- f.close()
- return
+ f = open(globals.vars.maldb_ver_file, 'w')
+ f.write(new_maldb_ver)
+ f.close()
+ return
- def get_malware(self, id):
+ def get_malware(self, id):
- # get mal location
+ # get mal location
- loc = self.db.query("SELECT LOCATION FROM MALWARES WHERE ID=?", id)[0][0]
+ loc = self.db.query("SELECT LOCATION FROM MALWARES WHERE ID=?", id)[0][0]
- # get from git
+ # get from git
+ if self.download_from_repo(loc, '.zip') is False:
+ return False
+ if self.download_from_repo(loc, '.pass') is False:
+ return False
+ if self.download_from_repo(loc, '.md5') is False:
+ return False
+ if self.download_from_repo(loc, '.sha256') is False:
+ return False
+ print(bold(green("[+]")) + " Successfully downloaded a new friend.\n")
- self.download_from_repo(loc, '.zip')
- self.download_from_repo(loc, '.pass')
- self.download_from_repo(loc, '.md5')
- self.download_from_repo(loc, '.sha256')
- print(bold(green("[+]")) + " Successfully downloaded a new friend.\n")
+ def download_from_repo(self, filepath, suffix=''):
+ if globals.vars.DEBUG_LEVEL is 1:
+ print(locals())
+ file_name = filepath.rsplit('/')[-1] + suffix
- def download_from_repo(self, filepath, suffix=''):
- if globals.vars.DEBUG_LEVEL is 1:
- print(locals())
- file_name = filepath.rsplit('/')[-1] + suffix
+ # Dirty way to check if we're downloading a malware
- # Dirty way to check if we're downloading a malware
-
- if suffix is not '':
- url = globals.vars.giturl_dl + filepath + '/' + file_name
- else:
- url = globals.vars.giturl_dl + filepath
- u = urlopen(url)
- f = open(file_name, 'wb')
- meta = u.info()
- file_size = int(meta.getheaders("Content-Length")[0])
- print("Downloading: %s Bytes: %s" % (file_name, file_size))
- file_size_dl = 0
- block_sz = 8192
- while True:
- buffer = u.read(block_sz)
- if not buffer:
- break
- file_size_dl += len(buffer)
- f.write(buffer)
- status = r"%10d [%3.2f%%]" % (
- file_size_dl, file_size_dl * 100. / file_size)
- status = status + chr(8) * (len(status) + 1)
- sys.stdout.write('\r' + status)
- f.close()
- print("\n")
+ if suffix is not '':
+ url = globals.vars.giturl_dl + filepath + '/' + file_name
+ else:
+ url = globals.vars.giturl_dl + filepath
+ try:
+ u = urlopen(url)
+ except:
+ print(bold(red("[!]")) + " Probably path name in git vs. sqlite does not match.")
+ print(bold(red("[!]")) + " Please try and go to %s or report the malware ID so we can fix it." % url)
+ return False
+
+ f = open(file_name, 'wb')
+ meta = u.info()
+ file_size = int(meta.getheaders("Content-Length")[0])
+ print("Downloading: %s Bytes: %s" % (file_name, file_size))
+ file_size_dl = 0
+ block_sz = 8192
+ while True:
+ buffer = u.read(block_sz)
+ if not buffer:
+ break
+ file_size_dl += len(buffer)
+ f.write(buffer)
+ status = r"%10d [%3.2f%%]" % (
+ file_size_dl, file_size_dl * 100. / file_size)
+ status = status + chr(8) * (len(status) + 1)
+ sys.stdout.write('\r' + status)
+ f.close()
+ print("\n")
+ return True
diff --git a/malwares/Binaries/OSX.AdWare.MacSecurity/OSX.MacSecurity.md5 b/malwares/Binaries/OSX.MacSecurity/OSX.MacSecurity.md5
similarity index 100%
rename from malwares/Binaries/OSX.AdWare.MacSecurity/OSX.MacSecurity.md5
rename to malwares/Binaries/OSX.MacSecurity/OSX.MacSecurity.md5
diff --git a/malwares/Binaries/OSX.AdWare.MacSecurity/OSX.MacSecurity.pass b/malwares/Binaries/OSX.MacSecurity/OSX.MacSecurity.pass
similarity index 100%
rename from malwares/Binaries/OSX.AdWare.MacSecurity/OSX.MacSecurity.pass
rename to malwares/Binaries/OSX.MacSecurity/OSX.MacSecurity.pass
diff --git a/malwares/Binaries/OSX.AdWare.MacSecurity/OSX.MacSecurity.sha b/malwares/Binaries/OSX.MacSecurity/OSX.MacSecurity.sha
similarity index 100%
rename from malwares/Binaries/OSX.AdWare.MacSecurity/OSX.MacSecurity.sha
rename to malwares/Binaries/OSX.MacSecurity/OSX.MacSecurity.sha
diff --git a/malwares/Binaries/OSX.AdWare.MacSecurity/OSX.MacSecurity.zip b/malwares/Binaries/OSX.MacSecurity/OSX.MacSecurity.zip
similarity index 100%
rename from malwares/Binaries/OSX.AdWare.MacSecurity/OSX.MacSecurity.zip
rename to malwares/Binaries/OSX.MacSecurity/OSX.MacSecurity.zip