01.03
I wanted to write a quick script to submit files placed in a DropBox directory to CuckooBox. My main objectives were to:
- Write more python
- Submit malware from anywhere
- Ensure that the malware submitted to CuckooBox was unique
#!/usr/bin/env python
import sys, time, os, shelve, hashlib
from cuckoo.core.db import CuckooDatabase
MALWARE_DIR = "/Users/zwned/Dropbox/malware/"
SLEEP_TIME = 60
HISTORY_FILE = "cuckooMon_hist"
class Monitor:
def process( self ):
newMalware = self.grabNewMalware()
self.processed = shelve.open( MALWARE_DIR + HISTORY_FILE )
for malware in newMalware:
self.processMalware( malware )
self.processed.close()
def grabNewMalware( self ):
malware = []
malwares = os.walk( MALWARE_DIR )
for specimens in malwares:
(dirpath, dirnames, filenames) = specimens
for f in filenames :
ext = f.lower().split(".")[-1]
if ( ext == "exe" or ext == "pdf"):
malware.append( os.path.normpath( dirpath + "/" + f ) )
malware.sort()
return malware
def processMalware( self, malware ):
if ( not self.processed.has_key(self.md5Checksum( malware )) ):
db = CuckooDatabase()
print "[-] Processing ", malware
try:
db.add_task( malware )
print "[+] Successful"
print "[+] Adding malware to history"
self.processed[self.md5Checksum( malware )] = malware
except:
print "[!] FAILURE ", str(sys.exc_info())
else:
print "[!] Already in database, removing..."
os.remove( malware )
def md5Checksum(self, malware):
fh = open(malware, 'rb')
m = hashlib.md5()
while True:
data = fh.read(8192)
if not data:
break
m.update(data)
return m.hexdigest()
def monitor( self ):
while ( True ):
self.process()
print "[-] Checked last at: " , str( time.asctime(time.localtime()))
time.sleep( SLEEP_TIME )
if __name__ == "__main__":
malware = Monitor()
malware.monitor()
The script can be found here.
No Comment.
Add Your Comment