malpedia_cli

command module

v0.2.0 Latest Latest Go to latest Published: Sep 14, 2019 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pimmytrousers/malpedia_cli

Links

Open Source Insights

README ¶

malpedia_cli

Malpedia_cli is a tool to interact with the malpedia service located here. Some of the endpoints commands require an api key due to restrictions with the service itself. It simplifies some of the endpoints and exposes the features that I beleive are the most important.

Configuration of the tool

The application requires an API for some of the endpoints, which can be passed by arugment or a YAML file at $HOME/.malpedia_cli.yaml. Currently it only allows for an apikey, so an example would look like the following

apikey: <apikey>

Currently supported commands

get samples via hash
get a list of all tracked actors
get information about a specific actor
get a list of all tracked malware families
get information about a specific malware family
get yara rules by TLP level
get yara rule by family
get the malpedia version
get all hashes for a family

Images

Ursnif output

FIN7 output

TODO

Command to download all samples from a family
Scan malpedia's malware catalog against a yara rule
Upload a file to be checked against yara rules (in the works)
Generic search (will return a family or actor)
Download all samples from an actor
Verbose logging
Enable user choice if multiple results are returned for fuzzy search
Support contexts
Reject commands that require an API key when one isnt applied

Examples

- malpedia_cli version
- malpedia_cli getYaraRules white
- malpedia_cli getYaraRules amber -z -o yara_rules.zip
- malpedia_cli getSample 12f38f9be4df1909a1370d77588b74c60b25f65a098a08cf81389c97d3352f82 -p infected123 -o samples.zip
- malpedia_cli getSample 12f38f9be4df1909a1370d77588b74c60b25f65a098a08cf81389c97d3352f82 -r 
- malpedia_cli getActors --json
- malpedia_cli getActor apt28
- malpedia_cli getFamilies
- malpedia_cli getFamily ursnif
- malpedia_cli getYara ursnif 
- malpedia_cli getYara njrat -o njrat.zip
- malpedia_cli scanYara myRule.yar
- malpedia_cli scanYaraBYFamily carbanak myRule.yar

Build Instructions

Create a binary file at your current directory

go build -o ./malpedia_cli

Create a binary file and install it in your path

go install

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
types
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL