-
Notifications
You must be signed in to change notification settings - Fork 162
/
is_malicious.py
executable file
·70 lines (57 loc) · 2.07 KB
/
is_malicious.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/env python
# This script tells if a File, IP, Domain or URL may be malicious according to the data in OTX
from OTXv2 import OTXv2
import argparse
import get_malicious
import hashlib
# Your API key
API_KEY = ''
OTX_SERVER = 'https://otx.alienvault.com/'
otx = OTXv2(API_KEY, server=OTX_SERVER)
parser = argparse.ArgumentParser(description='OTX CLI Example')
parser.add_argument('-ip', help='IP eg; 4.4.4.4', required=False)
parser.add_argument('-host',
help='Hostname eg; www.alienvault.com', required=False)
parser.add_argument(
'-url', help='URL eg; http://www.alienvault.com', required=False)
parser.add_argument(
'-hash', help='Hash of a file eg; 7b42b35832855ab4ff37ae9b8fa9e571', required=False)
parser.add_argument(
'-file', help='Path to a file, eg; malware.exe', required=False)
args = vars(parser.parse_args())
if args['ip']:
alerts = get_malicious.ip(otx, args['ip'])
if len(alerts) > 0:
print('Identified as potentially malicious')
print(str(alerts))
else:
print('Unknown or not identified as malicious')
if args['host']:
alerts = get_malicious.hostname(otx, args['host'])
if len(alerts) > 0:
print('Identified as potentially malicious')
print(str(alerts))
else:
print('Unknown or not identified as malicious')
if args['url']:
alerts = get_malicious.url(otx, args['url'])
if len(alerts) > 0:
print('Identified as potentially malicious')
print(str(alerts))
else:
print('Unknown or not identified as malicious')
if args['hash']:
alerts = get_malicious.file(otx, args['hash'])
if len(alerts) > 0:
print('Identified as potentially malicious')
print(str(alerts))
else:
print('Unknown or not identified as malicious')
if args['file']:
hash = hashlib.md5(open(args['file'], 'rb').read()).hexdigest()
alerts = get_malicious.file(otx, hash)
if len(alerts) > 0:
print('Identified as potentially malicious')
print(str(alerts))
else:
print('Unknown or not identified as malicious')