#!/usr/bin/env python #Malware DB - the most awesome free malware database on the air #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5fingers #This program is free software: you can redistribute it and/or modify #it under the terms of the GNU General Public License as published by #the Free Software Foundation, either version 3 of the License, or #(at your option) any later version. #This program is distributed in the hope that it will be useful, #but WITHOUT ANY WARRANTY; without even the implied warranty of #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #GNU General Public License for more details. #You should have received a copy of the GNU General Public License #along with this program. If not, see . __version__ = "0.1 Alpha" __appname__ = "Malware DB" __authors__ = ["Yuval Nativ","Lahad Ludar","5fingers"] __licensev__ = "GPL v3.0" __maintainer = "Yuval Nativ" __status__ = "Development" import sys import getopt import os import inspect import subprocess import csv def main(): # Set general variables. version='0.1 Alpha' appname="Malware DB" authors="Yuval Nativ, Lahad Ludar, 5fingers" licensev="GPL v3.0" fulllicense = appname + " Copyright (C) 2014 " + authors + "\n" fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n" fulllicense += "This is free software, and you are welcome to redistribute it." useage='\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n' useage+='The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n -h --help\t\tShow this message\n -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n -s --search\t\tSearch query for name or anything. \n -v --version\tPrint the version information.\n -w\t\t\tPrint GNU license.\n' column_for_pl=6 column_for_type=2 column_for_location=1 colomn_for_time=7 column_for_version=4 column_for_name=3 column_for_uid=0 eula_file='eula_run.conf' def print_license(): print "" print fulllicense print "" def check_eula_file(): try: with open(eula_file): return 1 except IOError: return 0 def versionbanner(): print "" print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" print "\t\t " + appname + ' v' + version print "Built by:\t\t" + authors print "Is licensed under:\t" + licensev print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" print fulllicense print useage def checkresults(array): if len(array) == 0: print "No results found\n\n" sys.exit(1) def checkargs(): print "Type: " + type_of_mal print "Lang: " + pl print "Search: " + search def filter_array(array,colum,value): ret_array = [row for row in array if value in row[colum]] return ret_array def res_banner(): # A function to print banner header print "\nUID\tName\t\tVersion\t\tLocation\t\tTime" print "---\t----\t\t-------\t\t--------\t\t----" def print_results(array): # print_results will suprisingly print the results... answer = array[column_for_uid] + "\t" + array[column_for_name]+ "\t" + array[column_for_version] + "\t\t" answer += array[column_for_location] + "\t\t" + array[colomn_for_time] print answer options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:', ['type=', 'language=', 'search=', 'help', 'update', 'version' ]) # Zeroing everything type_of_mal = "" pl = "" search = "" new ="" update=0 m=[]; a=0 eula_answer='no' # Checking for EULA Agreement a = check_eula_file() if a == 0: print appname + ' v' + version print 'This program contain live and dangerous malware files' print 'This program is intended to be used only for malware analysis and research' print 'and by agreeing the EULA you agree to only use it for legal purposes and ' print 'studying malware.' print 'You understand that these file are dangerous and should only be run on VMs' print 'you can control and know how to handle. Running them on a live system will' print 'infect you machines will live and dangerous malwares!.' print '' eula_answer = raw_input('Type YES in captial letters to accept this EULA.\n') if eula_answer == 'YES': print 'you types YES' new = open(eula_file, 'a') new.write(eula_answer) else: print 'You need to accept the EULA.\nExiting the program.' sys.exit(1) # Get arguments for opt, arg in options: if opt in ('-h','--help'): print fulllicense print useage sys.exit(1) elif opt in ('-u', '--update'): update=1 elif opt in ('-v', '--version'): versionbanner() sys.exit(1) elif opt in ('-w'): print_license() sys.exit(1) elif opt in ('-t', '--type'): type_of_mal = arg elif opt in ('-p', '--language'): pl = arg elif opt in ('-s', '--search'): search = arg # Rebuild CSV if update == 1: subprocess.call("./Rebuild_CSV.sh", shell=True) sys.exit(1) # Take index.csv and convert into array m csvReader = csv.reader(open('index.csv', 'rb'), delimiter=','); for row in csvReader: m.append(row); # Filter by type if len(type_of_mal) > 0: m = filter_array(m,column_for_type,type_of_mal) # Filter by programming language if len(pl) > 0: m = filter_array(m,column_for_pl,pl) # Free search handler if len(search) > 0: res_banner() matching = [y for y in m if search in y] for line in matching: checkresults(matching) print_results(line) if len(search) <= 0: res_banner() for line in m: print_results(line) if __name__ == "__main__": main()