Skip to content

PimmyTrousers/malpedia_cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
cmd
cmd
 
 
images
images
 
 
types
types
 
 
util
util
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

malpedia_cli

Go Report Card Build Status

Malpedia_cli is a tool to interact with the malpedia service. Some of the endpoints commands require an api key due to restrictions with the service itself but the tool will tell you if you need one or not for the request. Its goal is to simplify usage and allows users to seamlessly work with the resources contained with the malpedia service.

Malpedia_cli can be used for getting information about a actor, getting information about a malware family, acquiring samples, uploading yara rules, downloading yara rules, and uploading samples to be scanned against their malware corpus.

Configuration of the tool

The application requires an API for some of the endpoints, which can be passed by arugment or a YAML file at $HOME/.malpedia_cli.yaml. Currently it only allows for an apikey, so an example would look like the following

apikey: <apikey>

Currently supported features

  • download samples via hash
  • get a list of all tracked actors
  • get information about a specific actor
  • get a list of all tracked malware families
  • get information about a specific malware family
  • download yara rules by TLP level
  • download yara rules by family
  • scan malpedia's malware catalog against a yara rule
  • validate API keys
  • get the malpedia version
  • get all hashes for a family
  • download all samples from a family

Images

Ursnif output

FIN7 output

Yara scan results

TODO

  • Command to download all samples from a family
  • Scan malpedia's malware catalog against a yara rule
  • Remove apikey argument from functions that don't need it
  • Upload a file to be checked against yara rules (in the works)
  • Generic search (will return a family or actor)
  • Download all samples from an actor
  • Verbose logging
  • Enable user choice if multiple results are returned for fuzzy search
  • Support contexts
  • Reject commands that require an API key when one isnt applied

Examples

- malpedia_cli version
- malpedia_cli getYaraRules white
- malpedia_cli getYaraRules amber -z -o yara_rules.zip
- malpedia_cli getSample 12f38f9be4df1909a1370d77588b74c60b25f65a098a08cf81389c97d3352f82 -p infected123 -o samples.zip
- malpedia_cli getSample 12f38f9be4df1909a1370d77588b74c60b25f65a098a08cf81389c97d3352f82 -r 
- malpedia_cli actors --json
- malpedia_cli actor apt28
- malpedia_cli scanYara RAT_Nanocore.yar
- malpedia_cli families
- malpedia_cli downloadFamily ursnif
- malpedia_cli downloadYara ursnif 
- malpedia_cli downloadYara njrat -o njrat.zip
- malpedia_cli scanYaraAgainstFamily carbanak myRule.yar

Build Instructions

Create a binary file at your current directory

go build -o ./malpedia_cli

Create a binary file and install it in your path

go install

About

Commandline utility to interact with the Malpedia service

Topics

golang command-line-tool malware-analysis malware-research yara

Resources

Readme

License

Apache-2.0 license
Activity

Stars

22 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases 2

v0.2.0 Latest
Sep 14, 2019
+ 1 release

Packages

No packages published

Languages