diogo-fernan / malsub Goto Github PK

A Python RESTful API framework for online malware analysis and threat intelligence services.

License: Other

Python 99.84% Dockerfile 0.16%

api-client cybersecurity malware malware-analysis python restful restful-client virustotal

malsub's Introduction

Hi there 👋

I am a cybersecurity practitioner based in Europe doing DFIR, malware analysis and detection engineering for a number of years. My malsub and ir-rescue tools have been used by a number of cybersecurity teams and organizations across the world. If you like my work, you can support me with GitHub Sponsors.

🌱 I am currently looking to learn Rust;
🏔️ I enjoy swimming and mountain biking;
💬 Ask me about cybersecurity;
📫 How to reach me: [email protected];
⚡ Fun fact: I have lived and worked in five countries.

malsub's People

Contributors

Stargazers

Watchers

malsub's Issues

Error from Python 3

Hello,
i install malsub and met the requirements but i have an error
python3 malsub.py -vva vt -su yahoo.fr
Traceback (most recent call last):
File "malsub.py", line 56, in
from malsub.core import main
File "/var/tmp/malsub-master/malsub/core/main.py", line 25
out.error(f"input service(s) "{','.join(inv)}" unknown")
^
SyntaxError: invalid syntax
Could you help me ?

Regards,

Richard

Add Threatstream to apikey.yaml

Threatstream is missing from the apikey.yaml file, we simply need to add it:

ThreatStream:
    apikey:
        api_key: <apikey>
    user:
        username: <apiuser>

Add support for Triage

Support Triage, a great sandbox and extraction platform hosted on tria.ge.
Required registration and an API key.

Add support for URLhaus

Support URLhaus, a useful repository for malicious URLs:
https://urlhaus.abuse.ch/ maintained by abuse.ch.
It doesn't requires an API key

haveibeenpwned API needs to be updated from V2 to V3

The HIBP API is now V3 and the malsub module needs to be updated

Documentation: https://haveibeenpwned.com/API/v3

download sample

when i used the d parameter to fetch files from vendors (Openphish, malshare, or phishtank), i have a list of link but not the samples.

Add support for MalwareBazaar

Support MalwareBazaar, a useful repository for malicious samples:
https://bazaar.abuse.ch/ maintained by abuse.ch.
It doesn't required an API key

Upgrade metadefender API from v2 to v4

Support latest Metadefender API v4 (currently support v2)

Issue Installing and Running

I'm having troubles installing and running the malsub project.

I downloaded all the requirements in requirements.txt, then tried to run the setup.py script with the commands:
sudo python3 setup.py build
sudo python3 setup.py install

Both these commands give me errors. The error that appears in both is:
error: [Errno 21] Is a directory: 'malsub'

Do you have any more instructions for installing this project?

Add support for uploading larger files

https://developers.virustotal.com/reference/files-upload-url

issue with some api ?

hello !

I'm just a new user of this tool ! # great !!

I have an error when i try this command and api i think : python malsub.py -vva VirusTotal -su http://france.lachainemeteo.com

[] debug Fri 02 Jun 2017 05:27:14.535456 +0000 UTC: arg --
{ '--analysis': 'VirusTotal',
'--appl': False,
'--domain': False,
'--download': False,
'--find': False,
'--help': False,
'--ipaddr': False,
'--pause': '0',
'--quota': False,
'--recursive': False,
'--report': False,
'--servhelp': False,
'--submit': True,
'--test': False,
'--url': True,
'--verbose': 2,
'': ['http://france.lachainemeteo.com']}
[] debug Fri 02 Jun 2017 05:27:14.535958 +0000 UTC: ina --
['http://france.lachainemeteo.com']
[] debug Fri 02 Jun 2017 05:27:14.535958 +0000 UTC: _serv --
[ <class 'malsub.service.avcaesar.AVCaesar'> AVCaesar avc,
<class 'malsub.service.hybrid-analysis.HybridAnalysis'> HybridAnalysis ha,
<class 'malsub.service.malshare.MalShare'> MalShare ms,
<class 'malsub.service.maltracker.Maltracker'> Maltracker mt,
<class 'malsub.service.metadefender.Metadefender'> Metadefender md,
<class 'malsub.service.openphish.OpenPhish'> OpenPhish op,
<class 'malsub.service.pdf-examiner.PDFExaminer'> PDFExaminer pe,
<class 'malsub.service.phishtank.PhishTank'> PhishTank pt,
<class 'malsub.service.quicksand.QuickSand'> QuickSand qs,
<class 'malsub.service.safebrowsing.SafeBrowsing'> SafeBrowsing sb,
<class 'malsub.service.threatcrowd.ThreatCrowd'> ThreatCrowd tc,
<class 'malsub.service.urlvoid.URLVoid'> URLVoid uv,
<class 'malsub.service.virustotal.VirusTotal'> VirusTotal vt,
<class 'malsub.service.vxstream.VxStream'> VxStream vs]
[] debug Fri 02 Jun 2017 05:27:14.536459 +0000 UTC: anserv --
[<class 'malsub.service.virustotal.VirusTotal'> VirusTotal vt]
[*] debug Fri 02 Jun 2017 05:27:14.565035 +0000 UTC: apikey --
{'virustotal': {'apikey': {'apikey': ''}}}

malsub v1.2
https://github.com/diogo-fernan/malsub

[] debug Fri 02 Jun 2017 05:27:15.072886 +0000 UTC: res.headers --
{ 'Cache-Control': 'no-cache',
'Connection': 'close',
'Content-Length': '0',
'Content-Type': 'text/html; charset=utf-8',
'Date': 'Fri, 02 Jun 2017 05:27:17 GMT',
'Server': 'Google Frontend',
'X-Cloud-Trace-Context': 'd7fd11a19caba7892de324545aee5eeb'}
[] debug Fri 02 Jun 2017 05:27:15.073387 +0000 UTC: res.text
[!] warning Fri 02 Jun 2017 05:27:15.075392 +0000 UTC: "VirusTotal" -- "submit_url" error: 403 Client Error: Forbidden for url: https://www.virustotal.com/vtapi/v2/url/scan
Traceback (most recent call last):
File "D:\malsub-master\malsub\core\work.py", line 27, in exec
data = f.result()
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures_base.py", line 398, in result
return self.__get_result()
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures_base.py", line 357, in __get_result
raise self._exception
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures\thread.py", line 55, in run
result = self.fn(*self.args, **self.kwargs)
File "D:\malsub-master\malsub\service\virustotal.py", line 97, in submit_url
data, _ = request(self.api_subu)
File "D:\malsub-master\malsub\core\web.py", line 94, in request
apispec.verify, bin, json)
File "D:\malsub-master\malsub\core\web.py", line 77, in post
json_req, param, verify, bin, json)
File "D:\malsub-master\malsub\core\web.py", line 45, in _request
res.raise_for_status()
File "C:\Program Files (x86)\Python36-32\lib\site-packages\requests\models.py", line 893, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.virustotal.com/vtapi/v2/url/scan

[*] verbose Fri 02 Jun 2017 05:27:15.075894 +0000 UTC: malsub finished with results:
+---+---------------------------------+--------------+
| # | input | VirusTotal |
+---+---------------------------------+--------------+
| 1 | http://france.lachainemeteo.com | unsuccessful |
+---+---------------------------------+--------------+

I have also try a another command : python malsub.py -or france.lachainemeteo.com and i have also an error with some api i think

malsub v1.2
https://github.com/diogo-fernan/malsub

[!] warning Fri 02 Jun 2017 05:30:54.730730 +0000 UTC: "URLVoid" -- "report_dom" error: 404 Client Error: Not Found for url: http://api.urlvoid.com/%3Capiuser%3E/%3Capikey%3E/host/france.lachainemeteo.com/
Traceback (most recent call last):
File "D:\malsub-master\malsub\core\work.py", line 27, in exec
data = f.result()
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures_base.py", line 398, in result
return self.__get_result()
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures_base.py", line 357, in __get_result
raise self._exception
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures\thread.py", line 55, in run
result = self.fn(*self.args, **self.kwargs)
File "D:\malsub-master\malsub\service\urlvoid.py", line 57, in report_dom
data, _ = request(self.api_repd)
File "D:\malsub-master\malsub\core\web.py", line 94, in request
apispec.verify, bin, json)
File "D:\malsub-master\malsub\core\web.py", line 83, in get
json_req, param, verify, bin, json)
File "D:\malsub-master\malsub\core\web.py", line 45, in _request
res.raise_for_status()
File "C:\Program Files (x86)\Python36-32\lib\site-packages\requests\models.py", line 893, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: http://api.urlvoid.com/%3Capiuser%3E/%3Capikey%3E/host/france.lachainemeteo.com/

[!] warning Fri 02 Jun 2017 05:30:54.846539 +0000 UTC: "Maltracker" -- "report_dom" error: 403 Client Error: FORBIDDEN for url: http://api.maltracker.net:4700/c2/domain/france.lachainemeteo.com/?apikey=%3Capikey%3E
Traceback (most recent call last):
File "D:\malsub-master\malsub\core\work.py", line 27, in exec
data = f.result()
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures_base.py", line 398, in result
return self.__get_result()
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures_base.py", line 357, in __get_result
raise self._exception
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures\thread.py", line 55, in run
result = self.fn(*self.args, **self.kwargs)
File "D:\malsub-master\malsub\service\maltracker.py", line 71, in report_dom
data, _ = request(self.api_repd)
File "D:\malsub-master\malsub\core\web.py", line 94, in request
apispec.verify, bin, json)
File "D:\malsub-master\malsub\core\web.py", line 83, in get
json_req, param, verify, bin, json)
File "D:\malsub-master\malsub\core\web.py", line 45, in _request
res.raise_for_status()
File "C:\Program Files (x86)\Python36-32\lib\site-packages\requests\models.py", line 893, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: FORBIDDEN for url: http://api.maltracker.net:4700/c2/domain/france.lachainemeteo.com/?apikey=%3Capikey%3E

[!] warning Fri 02 Jun 2017 05:30:55.028021 +0000 UTC: "VirusTotal" -- "report_dom" error: 403 Client Error: Forbidden for url: https://www.virustotal.com/vtapi/v2/domain/report?apikey=%3Capikey%3E&domain=france.lachainemeteo.com
Traceback (most recent call last):
File "D:\malsub-master\malsub\core\work.py", line 27, in exec
data = f.result()
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures_base.py", line 398, in result
return self.__get_result()
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures_base.py", line 357, in __get_result
raise self._exception
File "C:\Program Files (x86)\Python36-32\lib\concurrent\futures\thread.py", line 55, in run
result = self.fn(*self.args, **self.kwargs)
File "D:\malsub-master\malsub\service\virustotal.py", line 78, in report_dom
data, _ = request(self.api_repd)
File "D:\malsub-master\malsub\core\web.py", line 94, in request
apispec.verify, bin, json)
File "D:\malsub-master\malsub\core\web.py", line 83, in get
json_req, param, verify, bin, json)
File "D:\malsub-master\malsub\core\web.py", line 45, in _request
res.raise_for_status()
File "C:\Program Files (x86)\Python36-32\lib\site-packages\requests\models.py", line 893, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.virustotal.com/vtapi/v2/domain/report?apikey=%3Capikey%3E&domain=france.lachainemeteo.com

[+] info Fri 02 Jun 2017 05:30:55.075648 +0000 UTC: "ThreatCrowd" -- "report_dom" completed:
{ 'emails': [],
'hashes': [],
'permalink': 'https://www.threatcrowd.org/domain.php?domain=france.lachainemeteo.com',
'references': [],
'resolutions': [ {'ip_address': '-', 'last_resolved': '2016-02-25'},
{ 'ip_address': '104.80.89.129',
'last_resolved': '2017-04-25'},
{ 'ip_address': '128.177.96.136',
'last_resolved': '2015-02-12'},
{ 'ip_address': '128.177.96.42',
'last_resolved': '2014-10-06'},
{ 'ip_address': '128.177.96.67',
'last_resolved': '2015-01-09'},
{ 'ip_address': '128.177.96.88',
'last_resolved': '2014-09-26'},
{ 'ip_address': '128.177.96.97',
'last_resolved': '2014-12-06'},
{ 'ip_address': '157.238.74.171',
'last_resolved': '2014-02-05'},
{ 'ip_address': '157.238.74.186',
'last_resolved': '2015-01-31'},
{ 'ip_address': '157.238.74.202',
'last_resolved': '2014-11-18'},
{ 'ip_address': '157.238.74.225',
'last_resolved': '2013-10-17'},
{ 'ip_address': '165.254.114.104',
'last_resolved': '2014-09-28'},
{ 'ip_address': '165.254.114.105',
'last_resolved': '2015-01-15'},
{ 'ip_address': '165.254.155.115',
'last_resolved': '2015-01-15'},
{ 'ip_address': '165.254.155.136',
'last_resolved': '2015-01-02'},
{ 'ip_address': '165.254.155.66',
'last_resolved': '2015-03-17'},
{ 'ip_address': '165.254.155.72',
'last_resolved': '2015-01-20'},
{ 'ip_address': '165.254.206.138',
'last_resolved': '2014-04-20'},
{ 'ip_address': '165.254.206.212',
'last_resolved': '2014-02-26'},
{ 'ip_address': '165.254.206.244',
'last_resolved': '2014-01-22'},
{ 'ip_address': '165.254.29.24',
'last_resolved': '2013-11-09'},
{ 'ip_address': '165.254.50.187',
'last_resolved': '2013-11-15'},
{ 'ip_address': '173.205.10.11',
'last_resolved': '2015-03-04'},
{ 'ip_address': '173.205.10.136',
'last_resolved': '2015-02-26'},
{ 'ip_address': '173.205.10.19',
'last_resolved': '2015-02-25'},
{ 'ip_address': '173.205.10.74',
'last_resolved': '2014-12-20'},
{ 'ip_address': '173.205.10.97',
'last_resolved': '2014-12-27'},
{ 'ip_address': '184.25.102.50',
'last_resolved': '2014-01-09'},
{ 'ip_address': '184.25.102.65',
'last_resolved': '2014-01-15'},
{ 'ip_address': '184.26.93.40',
'last_resolved': '2016-06-16'},
{ 'ip_address': '184.26.93.50',
'last_resolved': '2016-05-26'},
{ 'ip_address': '184.50.238.57',
'last_resolved': '2014-04-11'},
{ 'ip_address': '184.50.239.17',
'last_resolved': '2017-04-07'},
{ 'ip_address': '184.50.239.50',
'last_resolved': '2016-11-04'},
{ 'ip_address': '184.51.147.114',
'last_resolved': '2015-03-08'},
{ 'ip_address': '184.51.147.81',
'last_resolved': '2015-03-07'},
{ 'ip_address': '184.84.180.34',
'last_resolved': '2014-09-06'},
{ 'ip_address': '184.84.180.56',
'last_resolved': '2014-09-02'},
{ 'ip_address': '184.86.240.34',
'last_resolved': '2015-05-18'},
{ 'ip_address': '184.86.240.51',
'last_resolved': '2015-04-17'},
{ 'ip_address': '192.204.4.26',
'last_resolved': '2013-05-22'},
{ 'ip_address': '192.204.4.72',
'last_resolved': '2013-05-22'},
{ 'ip_address': '198.173.2.43',
'last_resolved': '2013-10-13'},
{ 'ip_address': '198.173.2.82',
'last_resolved': '2014-11-04'},
{ 'ip_address': '198.173.3.64',
'last_resolved': '2014-01-13'},
{ 'ip_address': '198.47.108.10',
'last_resolved': '2013-10-20'},
{ 'ip_address': '198.47.108.58',
'last_resolved': '2014-02-22'},
{ 'ip_address': '198.47.108.59',
'last_resolved': '2013-12-01'},
{ 'ip_address': '198.63.196.35',
'last_resolved': '2015-01-27'},
{ 'ip_address': '198.63.196.49',
'last_resolved': '2014-11-08'},
{'ip_address': '204.0.5.40', 'last_resolved': '2015-05-06'},
{ 'ip_address': '204.0.54.138',
'last_resolved': '2013-11-06'},
{ 'ip_address': '204.188.138.153',
'last_resolved': '2013-05-22'},
{ 'ip_address': '204.188.138.57',
'last_resolved': '2013-05-22'},
{ 'ip_address': '204.2.145.65',
'last_resolved': '2014-04-22'},
{ 'ip_address': '204.2.193.136',
'last_resolved': '2017-02-15'},
{ 'ip_address': '204.2.193.139',
'last_resolved': '2016-12-15'},
{ 'ip_address': '204.2.215.11',
'last_resolved': '2014-04-26'},
{'ip_address': '204.2.215.8', 'last_resolved': '2014-04-24'},
{ 'ip_address': '204.237.161.40',
'last_resolved': '2016-05-19'},
{ 'ip_address': '204.237.161.41',
'last_resolved': '2015-12-23'},
{ 'ip_address': '204.93.46.153',
'last_resolved': '2013-10-11'},
{ 'ip_address': '204.93.46.155',
'last_resolved': '2014-12-31'},
{ 'ip_address': '204.93.46.225',
'last_resolved': '2014-01-18'},
{ 'ip_address': '204.93.47.202',
'last_resolved': '2013-12-15'},
{ 'ip_address': '204.93.47.205',
'last_resolved': '2013-10-22'},
{ 'ip_address': '204.94.153.144',
'last_resolved': '2013-07-02'},
{ 'ip_address': '204.94.153.168',
'last_resolved': '2013-07-02'},
{ 'ip_address': '204.95.26.35',
'last_resolved': '2015-02-27'},
{ 'ip_address': '204.95.26.80',
'last_resolved': '2014-12-29'},
{ 'ip_address': '205.185.206.136',
'last_resolved': '2015-02-11'},
{ 'ip_address': '205.185.206.139',
'last_resolved': '2015-01-11'},
{ 'ip_address': '205.185.206.146',
'last_resolved': '2015-02-23'},
{ 'ip_address': '205.185.206.160',
'last_resolved': '2014-11-28'},
{ 'ip_address': '205.185.206.186',
'last_resolved': '2013-10-09'},
{ 'ip_address': '205.234.225.219',
'last_resolved': '2014-05-11'},
{ 'ip_address': '205.234.225.240',
'last_resolved': '2015-01-25'},
{ 'ip_address': '207.109.221.144',
'last_resolved': '2015-04-19'},
{ 'ip_address': '207.109.221.146',
'last_resolved': '2015-03-19'},
{ 'ip_address': '207.109.221.179',
'last_resolved': '2015-03-19'},
{ 'ip_address': '207.109.221.192',
'last_resolved': '2015-03-31'},
{ 'ip_address': '207.109.221.240',
'last_resolved': '2017-05-04'},
{ 'ip_address': '207.152.124.136',
'last_resolved': '2014-11-22'},
{ 'ip_address': '207.152.125.26',
'last_resolved': '2014-05-03'},
{ 'ip_address': '207.86.215.169',
'last_resolved': '2014-02-13'},
{ 'ip_address': '208.48.254.50',
'last_resolved': '2013-06-03'},
{ 'ip_address': '209.133.57.40',
'last_resolved': '2016-06-12'},
{ 'ip_address': '209.133.57.88',
'last_resolved': '2017-03-18'},
{ 'ip_address': '209.95.152.27',
'last_resolved': '2014-06-12'},
{ 'ip_address': '216.156.225.35',
'last_resolved': '2013-11-21'},
{ 'ip_address': '216.156.225.48',
'last_resolved': '2013-11-17'},
{ 'ip_address': '216.156.225.56',
'last_resolved': '2013-11-23'},
{ 'ip_address': '216.156.249.137',
'last_resolved': '2013-12-03'},
{ 'ip_address': '216.156.249.145',
'last_resolved': '2013-12-07'},
{ 'ip_address': '216.156.249.32',
'last_resolved': '2013-10-24'},
{ 'ip_address': '216.206.30.41',
'last_resolved': '2014-02-07'},
{'ip_address': '23.0.165.75', 'last_resolved': '2013-11-11'},
{ 'ip_address': '23.204.108.74',
'last_resolved': '2015-05-05'},
{ 'ip_address': '23.212.53.207',
'last_resolved': '2016-08-19'},
{ 'ip_address': '23.212.53.220',
'last_resolved': '2016-03-25'},
{ 'ip_address': '23.215.104.105',
'last_resolved': '2016-09-06'},
{ 'ip_address': '23.215.104.128',
'last_resolved': '2016-09-07'},
{ 'ip_address': '23.218.156.227',
'last_resolved': '2016-06-12'},
{ 'ip_address': '23.218.156.232',
'last_resolved': '2016-06-12'},
{'ip_address': '23.3.12.18', 'last_resolved': '2014-07-26'},
{'ip_address': '23.3.12.66', 'last_resolved': '2014-07-24'},
{'ip_address': '23.3.68.147', 'last_resolved': '2014-07-28'},
{'ip_address': '23.3.68.202', 'last_resolved': '2014-08-06'},
{'ip_address': '23.3.68.218', 'last_resolved': '2014-07-29'},
{ 'ip_address': '23.33.187.89',
'last_resolved': '2013-05-22'},
{ 'ip_address': '23.33.187.96',
'last_resolved': '2013-05-22'},
{ 'ip_address': '23.63.226.161',
'last_resolved': '2017-05-06'},
{ 'ip_address': '23.63.226.176',
'last_resolved': '2017-04-09'},
{ 'ip_address': '23.63.227.162',
'last_resolved': '2014-06-04'},
{ 'ip_address': '23.63.227.192',
'last_resolved': '2014-05-21'},
{'ip_address': '23.7.245.48', 'last_resolved': '2017-05-31'},
{'ip_address': '23.7.245.64', 'last_resolved': '2017-05-24'},
{'ip_address': '23.7.245.73', 'last_resolved': '2017-05-12'},
{ 'ip_address': '23.73.180.107',
'last_resolved': '2013-06-21'},
{ 'ip_address': '23.73.180.114',
'last_resolved': '2013-06-21'},
{'ip_address': '23.74.8.218', 'last_resolved': '2016-05-21'},
{'ip_address': '23.74.9.33', 'last_resolved': '2016-05-02'},
{'ip_address': '23.74.9.43', 'last_resolved': '2015-03-01'},
{ 'ip_address': '24.143.193.26',
'last_resolved': '2015-04-30'},
{ 'ip_address': '24.143.193.40',
'last_resolved': '2015-04-15'},
{ 'ip_address': '24.143.193.65',
'last_resolved': '2015-04-24'},
{ 'ip_address': '63.216.54.145',
'last_resolved': '2013-12-19'},
{ 'ip_address': '63.216.54.161',
'last_resolved': '2014-06-29'},
{ 'ip_address': '63.216.54.18',
'last_resolved': '2013-10-31'},
{ 'ip_address': '63.216.54.184',
'last_resolved': '2013-10-15'},
{ 'ip_address': '63.217.208.147',
'last_resolved': '2016-02-18'},
{ 'ip_address': '63.233.92.65',
'last_resolved': '2014-05-01'},
{ 'ip_address': '63.236.253.17',
'last_resolved': '2015-03-21'},
{ 'ip_address': '63.238.216.50',
'last_resolved': '2016-06-30'},
{'ip_address': '63.80.4.57', 'last_resolved': '2014-06-28'},
{'ip_address': '63.85.36.11', 'last_resolved': '2014-10-02'},
{'ip_address': '63.85.36.17', 'last_resolved': '2015-11-12'},
{'ip_address': '63.85.36.41', 'last_resolved': '2014-07-22'},
{'ip_address': '63.85.36.56', 'last_resolved': '2014-07-20'},
{ 'ip_address': '64.145.86.17',
'last_resolved': '2014-05-23'},
{ 'ip_address': '64.145.86.59',
'last_resolved': '2014-06-02'},
{ 'ip_address': '65.152.202.120',
'last_resolved': '2016-10-06'},
{ 'ip_address': '65.152.202.195',
'last_resolved': '2016-11-13'},
{ 'ip_address': '65.172.31.27',
'last_resolved': '2014-02-03'},
{ 'ip_address': '65.172.31.33',
'last_resolved': '2013-12-05'},
{ 'ip_address': '65.172.31.43',
'last_resolved': '2014-01-01'},
{ 'ip_address': '66.171.225.16',
'last_resolved': '2014-04-29'},
{ 'ip_address': '66.198.26.57',
'last_resolved': '2016-11-14'},
{ 'ip_address': '66.198.26.59',
'last_resolved': '2016-06-10'},
{ 'ip_address': '66.198.26.67',
'last_resolved': '2016-06-09'},
{ 'ip_address': '67.132.30.121',
'last_resolved': '2014-10-18'},
{ 'ip_address': '67.132.30.137',
'last_resolved': '2014-10-04'},
{ 'ip_address': '67.135.105.112',
'last_resolved': '2016-06-22'},
{ 'ip_address': '67.135.105.129',
'last_resolved': '2016-06-23'},
{ 'ip_address': '69.22.154.171',
'last_resolved': '2013-12-11'},
{ 'ip_address': '72.246.40.10',
'last_resolved': '2016-12-16'},
{ 'ip_address': '72.246.40.43',
'last_resolved': '2014-01-11'},
{ 'ip_address': '72.246.55.11',
'last_resolved': '2014-04-05'},
{ 'ip_address': '72.246.55.18',
'last_resolved': '2014-04-03'},
{ 'ip_address': '77.67.86.121',
'last_resolved': '2013-12-30'},
{ 'ip_address': '77.67.86.228',
'last_resolved': '2013-10-28'},
{'ip_address': '8.18.42.81', 'last_resolved': '2014-07-18'},
{ 'ip_address': '80.239.237.49',
'last_resolved': '2015-04-10'},
{'ip_address': '90.84.55.10', 'last_resolved': '2014-10-14'},
{'ip_address': '90.84.55.26', 'last_resolved': '2014-10-14'},
{'ip_address': '96.16.6.176', 'last_resolved': '2015-09-01'},
{'ip_address': '96.17.10.64', 'last_resolved': '2015-10-13'},
{'ip_address': '96.17.10.83', 'last_resolved': '2016-04-15'},
{'ip_address': '96.17.10.90', 'last_resolved': '2016-05-26'},
{ 'ip_address': '96.17.164.176',
'last_resolved': '2014-09-10'},
{ 'ip_address': '96.17.164.184',
'last_resolved': '2014-04-07'},
{'ip_address': '96.6.46.67', 'last_resolved': '2013-11-25'},
{'ip_address': '96.6.46.73', 'last_resolved': '2013-11-02'}],
'response_code': '1',
'subdomains': [],
'votes': 0}

Hybrid Analysis API needs to be updated from V1 to V2

On 3rd August 2021, API v1 reaches its EOL and will stop responding altogether. Thus malsub Hybrid Analysis integration will stop working.

does not work for me for HA and VT, is API key in URL still supported ?

I know the API keys work, because i use them with HA VxAPI en for VT with Curl (curl ... -F apikey=$VTAPI ...)
but malsub gives me errors. Could this be because the API keys are used in the URL and this method is not supported anymore ?

% python3 malsub.py -a ha -q -v

                                   
            ####             ##    
              ##             ##    
####   ###    ##  #### ## ## ####  
# # #    ##   ## ##    ## ## ## ## 
# # #  ####   ## ####  ## ## ## ## 
# # # ## ##   ##  #### ## ## ## ## 
# # # ## ##   ##    ## ## ## ## ## 
# # #  ## #   ## ####   ## # ####

   malsub v1.3
   https://github.com/diogo-fernan/malsub

[!] warning Wed 16 Sep 2020 16:24:56.559932 +0000 UTC: "HybridAnalysis" -- "quota" error: 403 Client Error: Forbidden for url: https://www.hybrid-analysis.com/api/quota?apikey=<<MyAPIkey>>&secret=%3Capiuser%3E
Traceback (most recent call last):
  File "/home/remnux/GIT/malsub/malsub/core/work.py", line 27, in exec
    data = f.result()
  File "/usr/lib/python3.6/concurrent/futures/_base.py", line 425, in result
    return self.__get_result()
  File "/usr/lib/python3.6/concurrent/futures/_base.py", line 384, in __get_result
    raise self._exception
  File "/usr/lib/python3.6/concurrent/futures/thread.py", line 56, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/remnux/GIT/malsub/malsub/service/hybrid-analysis.py", line 79, in quota
    data, _ = request(self.api_quot)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 97, in request
    apispec.verify, bin, json)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 86, in get
    json_req, param, verify, bin, json)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 49, in _request
    res.raise_for_status()
  File "/home/remnux/.local/lib/python3.6/site-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.hybrid-analysis.com/api/quota?apikey=<<MyAPIkey>>&secret=%3Capiuser%3E

[*] verbose Wed 16 Sep 2020 16:24:56.562787 +0000 UTC: malsub finished with results:
+---+-------+-----------------+
| # | input | Hybrid Analysis |
+---+-------+-----------------+
| 1 | —     | unsuccessful    |
+---+-------+-----------------+

The "-all" arg attempts to run on services without an API key, causing errors

For example if you run:

python3 malsub.py -a all -ri 8.8.8.8

Malsub will try to retrieve the IP Address report using all possible services, even those without an API Key present. This causes some errors in the output of the command. To fix this we should check which services do not have an API key present and exclude them.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.