cowrie/cowrie
1
0
Fork 0
mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

add MalShare.com integration (#684)

Browse Source 
* add MalShare.com integration

allows submit sampels to malshare

* no apikey is required anumore

* disabled by default

* single quotes for config
This commit is contained in:
doomedraven
2018-03-02 19:47:15 +01:00
committed by Michel Oosterhof
parent 4a89b7d504
commit 1cfec0dbf4
2 changed files with 110 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cowrie.cfg.dist
View File

@ -501,6 +501,10 @@ logfile = log/cowrie.json
# force will upload duplicated files to cuckoo
#force = 0
# upload to MalShare
#[output_malshare]
#enabled = false
#[output_slack]
# This will produce a _lot_ of messages - you have been warned....
#channel = channel_that_events_should_be_posted_in

106
cowrie/output/malshare.py Normal file
View File

@ -0,0 +1,106 @@
# Copyright (c) 2015 Michel Oosterhof <michel@oosterhof.net>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. The names of the author(s) may not be used to endorse or promote
# products derived from this software without specific prior written
# permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS`` AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
"""
Send files to https://malshare.com/
More info https://malshare.com/doc.php
"""
from __future__ import division, absolute_import
import os
try:
from urllib.parse import urlparse, urljoin
except ImportError:
from urlparse import urlparse, urljoin
import requests
import cowrie.core.output
from cowrie.core.config import CONFIG
class Output(cowrie.core.output.Output):
"""
"""
def __init__(self):
self.enabled = CONFIG.getboolean('output_malshare', 'enabled')
cowrie.core.output.Output.__init__(self)
def start(self):
"""
Start output plugin
"""
pass
def stop(self):
"""
Stop output plugin
"""
pass
def write(self, entry):
"""
"""
if entry["eventid"] == "cowrie.session.file_download":
print("Sending file to MalShare")
p = urlparse(entry["url"]).path
if p == "":
fileName = entry["shasum"]
else:
b = os.path.basename(p)
if b == "":
fileName = entry["shasum"]
else:
fileName = b
self.postfile(entry["outfile"], fileName)
elif entry["eventid"] == "cowrie.session.file_upload":
print("Sending file to MalShare")
self.postfile(entry["outfile"], entry["filename"])
def postfile(self, artifact, fileName):
"""
Send a file to MalShare
"""
if self.enabled:
try:
res = requests.post("https://malshare.com/api.php?mode=cli",
files={fileName: open(artifact, "rb")},
verify=False
)
if res and res.ok:
print("Submited to MalShare")
else:
print("MalShare Request failed: {}".format(res.status_code))
except Exception as e:
print("MalShare Request failed: {}".format(e))
return