admin管理员组文章数量:1530842
2024年3月7日发(作者:)
从virustotal上下载病毒样本
#!/usr/bin/env pythonimport osimport csv#import Queueimport zipfileimport requestsimport argparseimport multiprocessing# TODO: Don't hardcode the relative path?samples_path = "gym_malware/envs/utils/samples/"hashes_path = "gym_malware/envs/utils/sample_"vturl = "/intelligence/download"def get_sample_hashes(): hash_rows = [] with open(hashes_path) as csvfile: for row in ader(csvfile): hash_(row) return hash_rowsdef vt_download_sample(sha256, sample_path, vtapikey): tries = 0 success = False while not success and tries < 10: resp = (vturl, params={"hash": sha256, "apikey": vtapikey}) if not : tries += 1 continue else: success = True if not success: return False with open(sample_path, "wb") as ofile: (t) return Truedef download_worker_function(download_queue, vtapikey): while True: try: sha256 = download_() except : continue if sha256 == "STOP": download__done() return True print("{} downloading".format(sha256)) sample_path = (samples_path, sha256) success = vt_download_sample(sha256, sample_path, vtapikey) if not success: print("{} had a problem".format(sha256)) print("{} done".format(sha256)) download__done()def use_virustotal(args): """ Use Virustotal to download the environment malware """ m = r() download_queue = leQueue(rrent) archive_procs = [ s( target=download_worker_function,
args=(download_queue, ey)) for i in range(rrent) ] for w in archive_procs: () for row in get_sample_hashes(): download_(row["sha256"]) for i in range(veprocs): download_("STOP") download_() for w in archive_procs: ()def use_virusshare(args): """ Use VirusShare zip files as the source for the envirnment malware """ pwd = bytes(epassword, "ascii") md5_to_sha256_dict = {d["md5"]: d["sha256"] for d in get_sample_hashes()} for path in e: z = e(path) for f in st(): z_object_md5 = ("_")[1] if z_object_md5 in md5_to_sha256_dict: sample_bytez = (f, "r", pwd).read() with open(md5_to_sha256_dict[z_object_md5], "wb") as ofile: (sample_bytez) print("Extracted {}".format(md5_to_sha256_dict[z_object_md5]))if __name__ == '__main__': prog = "download_samples" descr = "Download the samples that define the malware gym environment" parser = ntParser(prog=prog, description=descr) _argument( "--virustotal", default=False, action="store_true", help="Use Virustotal to download malware samples") _argument( "--vtapikey", type=str, default=None, help="Virustotal API key") _argument( "--nconcurrent", type=int, default=6, help="Maximum concurrent downloads from Virustotal") _argument( "--virusshare", default=False, action="store_true", help="Use malware samples from VirusShare torrents") _argument( "--zipfile", type=str, nargs="+", help="The path of VirusShare zipfile 290 or 291") _argument( "--zipfilepassword", type=str, default=None, help="Password for the VirusShare zipfiles 290 or 291") args = _args() if not otal and not hare: ("Must use either Virustotal or VirusShare") if hare: if len(e) == 0: ("Must the paths for one or more Virusshare zip files") if epassword is None: ("Must enter a password for the VirusShare zip files") use_virusshare(args) if otal: if ey is None: ("Must enter a VirusTotal API key")
版权声明:本文标题:从virustotal上下载病毒样本 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dianzi/1709770788a235299.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论