Merge branch 'dev' into i98-moar-tests

Conflicts: maltrieve.py
krmaxwell · Apr 1, 2015 · 8e269d6 · 8e269d6
2 parents 1ae0509 + bf4f0f1
commit 8e269d6
Show file tree

Hide file tree

Showing 12 changed files with 179 additions and 479 deletions.
diff --git a/.gitignore b/.gitignore
@@ -53,3 +53,4 @@ archive
 grequests
 *.bak
 *.json
+screenlog*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -7,7 +7,7 @@
     -   id: check-yaml
     -   id: end-of-file-fixer
     -   id: flake8
-        args: [--max-line-length=140]
+        args: [--max-line-length=256]
     -   id: trailing-whitespace
 
 -   repo: git://github.com/ivanlei/pre-commit-python-sorter

diff --git a/README.md b/README.md
@@ -2,6 +2,8 @@
 [![Stories in In Progress](https://badge.waffle.io/krmaxwell/maltrieve.png?label=in%20progress&title=In%20Progress)](https://waffle.io/krmaxwell/maltrieve)
 [![Circle CI](https://circleci.com/gh/krmaxwell/maltrieve/tree/dev.svg?style=svg)](https://circleci.com/gh/krmaxwell/maltrieve/tree/dev)
 [![Coverage Status](https://coveralls.io/repos/krmaxwell/maltrieve/badge.svg?branch=dev)](https://coveralls.io/r/krmaxwell/maltrieve?branch=dev)
+[![Code Health](https://landscape.io/github/krmaxwell/maltrieve/dev/landscape.svg?style=flat)](https://landscape.io/github/krmaxwell/maltrieve/dev)
+
 ```
  _______ _______        _______  ______ _____ _______ _    _ _______
  |  |  | |_____| |         |    |_____/   |   |______  \  /  |______
@@ -48,6 +50,8 @@ Maltrieve requires the following dependencies:
 
 With the exception of the Python header files, these can all be found in [requirements.txt](./requirements.txt). On Debian-based distributions, run `sudo apt-get install python-dev`. On Red Hat-based distributions, run `sudo yum install python-devel`. After that, just `pip install -e .`.  You may need to prepend that with ```sudo``` if not running in a virtual environment, but using such an environment is highly encouraged.
 
+Alternately, avoid all of that by using the [Docker image](https://registry.hub.docker.com/u/technoskald/maltrieve/)
+
 ## Usage
 
 __Basic execution:__ `maltrieve` (if installed normally) or ```python maltrieve.py``` (if just downloaded and run)
@@ -66,6 +70,7 @@ optional arguments:
                         Define file for logging progress
   -x, --vxcage          Dump the files to a VxCage instance
   -v, --viper           Dump the files to a Viper instance
+  -r, --crits           Dump the file and domain to a CRITs instance
   -c, --cuckoo          Enable Cuckoo analysis
   -s, --sort_mime       Sort files by MIME type
 

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,47 +1,49 @@
 #
 # This Docker image encapsulates Maltrieve, a tool to retrieve malware
 # directly from the source for security researchers.
-# which was created by Kyle Maxwell (technoskald) and is
-# available at https://github.com/technoskald/maltrieve.
+# which was created by Kyle Maxwell (krmaxwell) and is
+# available at https://github.com/krmaxwell/maltrieve.
 #
 # The file below is based on ideas from Spenser Reinhardt's Dockerfile
 # (https://registry.hub.docker.com/u/sreinhardt/honeynet/dockerfile)
 # and on instructions outlined by M. Fields (@shakey_1).
 #
 # To run this image after installing Docker, use a command like this:
 #
-# sudo docker run --rm -it technoskald/maltrieve bash
-#
-# then run ./maltrieve.py with the desired parameters.
+# sudo docker run --rm -it technoskald/maltrieve
 
 FROM ubuntu:14.04
 MAINTAINER Michael Boman <michael@michaelboman.org>
 
 USER root
 RUN apt-get update && \
-  apt-get install -y --no-install-recommends \
+  apt-get dist-upgrade -y
+RUN apt-get install -y --no-install-recommends \
     gcc \
     git \
     libpython2.7-stdlib \
     python2.7 \
     python2.7-dev \
     python-pip \
-    python-setuptools && \
-
-  rm -rf /var/lib/apt/lists/* && \
-
+    python-setuptools
+RUN rm -rf /var/lib/apt/lists/* && \
+  pip install --upgrade pip && \
   groupadd -r maltrieve && \
   useradd -r -g maltrieve -d /home/maltrieve -s /sbin/nologin -c "Maltrieve User" maltrieve
 
 WORKDIR /home
-RUN git clone https://github.com/technoskald/maltrieve.git && \
+RUN git clone https://github.com/krmaxwell/maltrieve.git && \
   cd maltrieve && \
-  pip install -r requirements.txt && \
+  git checkout dev && \
+  pip install -e . && \
   chown -R maltrieve:maltrieve /home/maltrieve
 
+RUN mkdir /archive && \
+  chown maltrieve:maltrieve /archive
+
 USER maltrieve
 ENV HOME /home/maltrieve
 ENV USER maltrieve
 WORKDIR /home/maltrieve
-CMD ["./maltrieve.py"]
-
+ENTRYPOINT ["maltrieve"]
+CMD ["-d", "/archive/samples", "-l", "/archive/maltrieve.log"]
diff --git a/maltrieve.cfg b/maltrieve.cfg
@@ -7,7 +7,10 @@ User-Agent = Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
 #viper = http://127.0.0.1:8080
 #cuckoo = http://127.0.0.1:8090
 #vxcage = http://127.0.0.1:8080
-
+#crits = https://127.0.0.1
+#crits_user = maltrieve
+#crits_key = <api_key>
+#crits_source = maltrieve
 
 # Filter Lists are based on mime type NO SPACE BETWEEN ,
 #black_list = text/html,text/plain