add MalShare.com integration (#684)

* add MalShare.com integration allows submit sampels to malshare * no apikey is required anumore * disabled by default * single quotes for config
2025-07-01 18:07:27 -04:00 · 2018-03-02 19:47:15 +01:00
parent 4a89b7d504
commit 1cfec0dbf4
2 changed files with 110 additions and 0 deletions
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@ -501,6 +501,10 @@ logfile = log/cowrie.json
 # force will upload duplicated files to cuckoo
 #force = 0
 # upload to MalShare
 #[output_malshare]
 #enabled = false
 #[output_slack]
 # This will produce a _lot_ of messages - you have been warned....
 #channel = channel_that_events_should_be_posted_in
--- a/cowrie/output/malshare.py
+++ b/cowrie/output/malshare.py
@ -0,0 +1,106 @@
 # Copyright (c) 2015 Michel Oosterhof <michel@oosterhof.net>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 #
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # 3. The names of the author(s) may not be used to endorse or promote
 #    products derived from this software without specific prior written
 #    permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS`` AND ANY EXPRESS OR
 # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 # IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 """
 Send files to https://malshare.com/
 More info https://malshare.com/doc.php
 """
 from __future__ import division, absolute_import
 import os
 try:
    from urllib.parse import urlparse, urljoin
 except ImportError:
    from urlparse import urlparse, urljoin
 import requests
 import cowrie.core.output
 from cowrie.core.config import CONFIG
 class Output(cowrie.core.output.Output):
    """
    """
    def __init__(self):
        self.enabled = CONFIG.getboolean('output_malshare', 'enabled')
        cowrie.core.output.Output.__init__(self)
    def start(self):
        """
        Start output plugin
        """
        pass
    def stop(self):
        """
        Stop output plugin
        """
        pass
    def write(self, entry):
        """
        """
        if entry["eventid"] == "cowrie.session.file_download":
            print("Sending file to MalShare")
            p = urlparse(entry["url"]).path
            if p == "":
                fileName = entry["shasum"]
            else:
                b = os.path.basename(p)
                if b == "":
                    fileName = entry["shasum"]
                else:
                    fileName = b
            self.postfile(entry["outfile"], fileName)
        elif entry["eventid"] == "cowrie.session.file_upload":
                print("Sending file to MalShare")
                self.postfile(entry["outfile"], entry["filename"])
    def postfile(self, artifact, fileName):
        """
        Send a file to MalShare
        """
        if self.enabled:
            try:
                res = requests.post("https://malshare.com/api.php?mode=cli",
                    files={fileName: open(artifact, "rb")},
                    verify=False
                )
                if res and res.ok:
                    print("Submited to MalShare")
                else:
                    print("MalShare Request failed: {}".format(res.status_code))
            except Exception as e:
                print("MalShare Request failed: {}".format(e))
        return