Advertisement
opexxx

Malc0de.py

Nov 13th, 2014
298
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 9.75 KB | None | 0 0
  1. #!/usr/bin/env python
  2.  
  3. ##### License:
  4. # - no warranty express or implied
  5. # - free to use if you don't use-it to gain money
  6. #
  7. ##### Warning:
  8. # - downloaded files may harm your computer.
  9. #
  10. ##### Config:
  11. # If want to use proxy option:
  12. #   - create a file named "banned_country.txt" and put there banned country name, one per line
  13. #   - create a file named "proxy.txt" and put there your proxyes, ip:port, one per line
  14. #
  15. ##### Usage examples:
  16. # - download 100 samples:
  17. # python this_scrypt.py 100
  18. # - download 100 samples, using 55 threads:
  19. # python this_scrypt.py 100 -t 55
  20. # - download 100 samples using proxy
  21. # python this_scrypt.py 100 -p proxy.txt
  22. #
  23.  
  24. import re
  25. import urllib2
  26. import hashlib
  27. import os
  28. import random
  29. import Queue
  30. import threading
  31. import argparse
  32. import time
  33.  
  34. print """
  35. Malc0de.com Malware sample downloader IV
  36.               )\._.,--....,'``.      
  37.  .b--.        /;   _.. \  _\ (`._ ,.
  38. `=,-,-'~~~   `----(,_..'--(,_..'`-.;.'
  39. http://virii.tk    http://twitter.com/ViRiiTk
  40. """
  41.  
  42. parser = argparse.ArgumentParser(description="Malc0de.com Malware sample downloader IV")
  43.  
  44. parser.add_argument("nr_samples", type=int,
  45.                     help= "Number of samples you want to download")
  46.  
  47. parser.add_argument("-t", "--nr_threads", metavar="threads", type=int, default=200,
  48.                     help= "Threads number (Default: 200)")
  49.  
  50. parser.add_argument("-a", "--agent", default="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36",
  51.                     help= "User Agent used to download samples")
  52.  
  53. parser.add_argument("-d", "--dldfolder", default = "C:\malware\\",
  54.                     help= "Local folder to download samples (Default: C:\malware\\ )")
  55.  
  56. parser.add_argument("-i", "--info", default = "_files.txt",
  57.                     help = "file to store info about downloaded samples (Default: _files.txt)")
  58.  
  59. parser.add_argument("-e", "--error", default = "_errors.txt",
  60.                     help = "file to store errors (Default: _errors.txt)")
  61.  
  62. parser.add_argument("-u", "--malurl", default = "_mal_url.txt",
  63.                     help = "file to store malware urls (Default: _mal_url.txt)")
  64.  
  65. parser.add_argument("-p", "--proxy",
  66.                     help = """use proxy to get malware urls (proxy.txt)
  67.                    Ex:
  68.                        127.0.0.1:80
  69.                        127.0.0.2:80
  70.                        ...""")
  71. args = parser.parse_args()
  72.  
  73. # user agents
  74. dldagent  = {'User-Agent' : args.agent}
  75. useragent = {'User-Agent' : 'Malc0de.com Malware sample downloader IV, more info on: http://ViRii.Tk'}
  76.  
  77. # create download folder if not exist
  78. if not os.path.isdir(args.dldfolder):
  79.     os.mkdir(args.dldfolder)
  80.  
  81. # remove sample nr errors
  82. if args.nr_samples < 0:
  83.     print "You want to download %i ?? I can't do that" %(args.nr_samples)
  84.     exit()
  85.  
  86. # limit the number of download samples
  87. if args.nr_samples > 10000:
  88.     print "You need very Very VERY many samples, 5k is enough for you"
  89.     args.nr_samples = 4999  
  90.  
  91. # remove useless threads
  92. if args.nr_threads >= args.nr_samples:
  93.     args.nr_threads = args.nr_samples
  94.      
  95. print "Try to download latest %i samples" %(args.nr_samples)
  96. print "Threads: %i" %(args.nr_threads)
  97. print "Malware samples will be downloaded to %s" %(args.dldfolder), "\n"
  98.  
  99. # remove proxy from banned country
  100. banned = []  
  101. proxylist =[]
  102.  
  103. # exit if proxy option is selected and file not found
  104. if args.proxy and not os.path.isfile(args.proxy):
  105.     exit("Option proxy: %s not found" % (args.proxy))
  106.      
  107. if args.proxy and os.path.isfile(args.proxy):
  108.      
  109.     # load banned country list
  110.     with open("banned_country.txt", "r") as handle:
  111.         for country in handle.read().split("\n"):
  112.             banned.append(country.strip())
  113.                  
  114.     # get proxy from proxy.txt      
  115.     listaproxytemp = open(args.proxy, "r").read()
  116.     listaproxytemp = re.findall("[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}.[\d]{1,3}:[\d]{2,5}", listaproxytemp)
  117.     listaproxytemp = list(set(listaproxytemp))
  118.        
  119.     # test proxy
  120.     print "Testing proxy: %d" %(len(listaproxytemp))
  121.     url = 'http://www.geoips.com/en/geolocation'
  122.     for p in listaproxytemp:
  123.         try:
  124.             proxy = urllib2.ProxyHandler({'http': p})
  125.             opener = urllib2.build_opener(proxy)
  126.             tester = opener.open(url ,timeout = 2)
  127.                
  128.             country = re.search("\<strong\>Country:\<\/strong\>([a-z A-Z ]{1,30})",tester.read())
  129.             if country:
  130.                 if str(country.group(1))[1:] not in banned:
  131.                     print str(p) + "\t" + str(country.group(1))[1:]
  132.                     proxylist.append(p)
  133.         except :
  134.             pass
  135.         print "Alive proxy: %d" %(len(proxylist))
  136.     with open ("good_proxy.txt" , "a") as good_p:
  137.         good_p.write("--->" + time.strftime("%c") + "<---\n")
  138.         for w_p in proxylist:
  139.             good_p.write(w_p + "\n")
  140.  
  141. # exit if no working proxy was found
  142. if args.proxy and (len(proxylist) == 0):
  143.     exit("Working proxy: None")
  144.      
  145. # queue
  146. q = Queue.Queue()
  147.  
  148. # generate random string
  149. def get_random_word(a):
  150.     word = ''
  151.     for i in range(a):
  152.         word += random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
  153.     return word
  154.  
  155. # md5 file
  156. def md5Checksum(filePath):
  157.     fh = open(filePath, 'rb')
  158.     m = hashlib.md5()
  159.     while True:
  160.         data = fh.read(8192)
  161.         if not data:
  162.             break
  163.         m.update(data)
  164.     return m.hexdigest()
  165.  
  166. # nr paginilor ce trebuie vizitate
  167. counter = 0
  168. if args.nr_samples % 50 == 0:
  169.     pages = args.nr_samples / 50
  170. else :
  171.     pages = (args.nr_samples / 50) + 1
  172.  
  173. # find all malware address on curent page
  174. def getmalware(pagina):
  175.     global counter
  176.     b = re.findall("<td>[\d]{4}-[\d]{2}-[\d]{2}<\/td>\n.+\n", pagina)
  177.     if b:
  178.         for i in b:
  179.             data = re.search("<td>([\d]{4}-[\d]{2}-[\d]{2})<\/td>", i)
  180.             malware = re.search("\t<td>(.+)<\/td>", i)
  181.             if data and malware:
  182.                 malware= re.sub("<br\/>", "",malware.group(1) )
  183.                 #print data.group(1), malware
  184.                 if counter >= args.nr_samples:
  185.                     return
  186.                 else:
  187.                     q.put(malware)
  188.                     counter += 1
  189.                      
  190. #browsing pages
  191. print "Browsing pages:"
  192. for i in range(1, pages + 1):
  193.     adresa = "http://malc0de.com/database/?&page=" + str(i)
  194.     print "Searching on:", adresa,
  195.  
  196.     try:
  197.         if len(proxylist) > 0:
  198.              
  199.             # choose proxy
  200.             p = random.choice(proxylist)
  201.             print p
  202.             proxy = urllib2.ProxyHandler({'http': p})      
  203.             opener = urllib2.build_opener(proxy)
  204.             urllib2.install_opener(opener)
  205.          
  206.         # set useragent
  207.         req = urllib2.Request(adresa, None, useragent)
  208.          
  209.         # access malc0de
  210.         continut = urllib2.urlopen(req, timeout =  30).read()
  211.          
  212.         # extract sample url's
  213.         getmalware(continut)
  214.          
  215.     except Exception as e:
  216.         print str(e) + "\t maybe your ip is banned or proxy(if use) not work"
  217.         pass
  218.      
  219. # download malware samples
  220. def dld_mal(url_mal):
  221.      
  222.     # write address of this sample
  223.     with open(args.dldfolder + args.malurl, "a") as handle:
  224.         handle.write(url_mal + "\n")
  225.         handle.close()
  226.     url_mal = re.sub(" ", "%20", url_mal)
  227.      
  228.     #get file name  
  229.     file_name = url_mal.split("/")[-1]
  230.      
  231.     # remove bad characters from file name
  232.     if len(file_name)==0 or re.search("\?", file_name) or re.search("\&", file_name):
  233.         file_name =  "No_name" + str(get_random_word(8))
  234.      
  235.     # try to download sample  
  236.     try:
  237.         # check if url start with "http://
  238.         if url_mal[:7] != "http://":
  239.             url_mal = "http://" + url_mal
  240.          
  241.         if len(proxylist) >0 :
  242.              
  243.             # choose proxy
  244.             p = random.choice(proxylist)
  245.             proxy = urllib2.ProxyHandler({'http': p})      
  246.             opener = urllib2.build_opener(proxy)
  247.             urllib2.install_opener(opener)
  248.          
  249.         # set download useragent
  250.         req = urllib2.Request(url_mal, None, dldagent)
  251.         u = urllib2.urlopen(req, timeout =  137) #timeout
  252.          
  253.         # make every filename uniq: "Malware_original_filename" + "_" + 3 random characters
  254.         f_name = args.dldfolder + str(file_name) +"_" + get_random_word(3)
  255.          
  256.         # write to file
  257.         f = open(f_name, 'wb')
  258.         block_sz = 8192
  259.         while True:
  260.             buffer = u.read(block_sz)
  261.             if not buffer:
  262.                 break
  263.             f.write(buffer)
  264.         f.close()
  265.          
  266.         # write info to _files.txt
  267.         with open(args.dldfolder + args.info, "a") as handle:
  268.             md5hash = md5Checksum(f_name)
  269.             handle.write(str(md5Checksum(f_name)) +"\t" + str(file_name)+ "\t" + url_mal + "\n")
  270.             handle.close
  271.          
  272.         print "\n" + "Am descarcat: " + file_name,
  273.          
  274.     except Exception as e:
  275.         # adding error to _errors.txt
  276.         with open(args.dldfolder + args.error, "a") as handle:
  277.             handle.write(url_mal + "\t" + str(e) + "\n")
  278.             handle.close()
  279.         pass
  280.  
  281. # get malware address from queue and download files
  282. print "Downloading:",
  283. def worker():
  284.     while True:
  285.         if not q.empty():
  286.             try:
  287.                 item = q.get()
  288.                 dld_mal(item)
  289.                 q.task_done()
  290.             except Exception as e:
  291.                 print e
  292.  
  293. # threads number limit          
  294. for i in range(args.nr_threads):
  295.     t = threading.Thread(target=worker)
  296.     t.daemon = True
  297.     t.start()
  298.  
  299. q.join()
  300. exit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement