-
Notifications
You must be signed in to change notification settings - Fork 0
/
md5search-condensed.py
72 lines (63 loc) · 2.69 KB
/
md5search-condensed.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/python
# search for 1 or more md5s given on command line
# returns json containing antivirus match/sdhash score and
# counts of the returns
import sys
import pymongo
import json
from collections import Counter
def main(args):
# If your database server is running in auth mode, you will need user and
# database info. Ex:
# mongodb_uri = 'mongodb://username:password@localhost:27017/dbname'
#
mongodb_uri = 'mongodb://localhost:27017'
db_name = 'malware'
# pymongo.Connection creates a connection directly from the URI, performing
# authentication using the provided user components if necessary.
#
try:
connection = pymongo.Connection(mongodb_uri)
database = connection[db_name]
except:
print('Error: Unable to connect to database.')
connection = None
if connection is not None:
party = database.malware.find({'md5': {'$in': sys.argv[1:] }})
hugeobject=[]
for foo in party:
reslist=[]
stringlist=[]
#print "Query " foo['filename'], foo['md5'], foo['clamav']
similars1=database.similar.find({'name1':foo['filename']})
for bar in similars1:
ans=database.malware.find({'filename':bar['name2']},{'filename':1,'clamav':1,'md5':1})
for an in ans:
if 'clamav' in an:
#print an['md5'], an['clamav'], bar['score']
result=dict(name=an['clamav'],size=bar['score'],md5=an['md5'])
res2="av: "+an['clamav'].replace('FOUND','')+" score: "+bar['score']
reslist.append(result)
stringlist.append(res2)
similars2=database.similar.find({'name2':foo['filename']})
for bar in similars2:
ans=database.malware.find({'filename':bar['name1']},{'filename':1,'clamav':1,'md5':1})
for an in ans:
if 'clamav' in an:
#print an['md5'], an['clamav'], bar['score']
result=dict(name=an['clamav'],size=bar['score'],md5=an['md5'])
res2="av: "+an['clamav'].replace('FOUND','')+" score: "+bar['score']
reslist.append(result)
stringlist.append(res2)
counted=Counter(stringlist)
#print c.items()
endlist=[]
for c in counted.items():
#print dict(name=c[0],size=c[1])
endlist.append(dict(name=c[0],size=c[1]))
#sorted(endlist,key=lambda k: k['size'])
hugeobject.append(dict(name=foo['filename'],children=sorted(endlist,key=lambda k: k['size'], reverse=True),size=len(endlist),md5=foo['md5']))
fin=dict(name="malware",children=hugeobject)
print json.dumps(fin)
if __name__ == '__main__':
main(sys.argv[1:])