Merge pull request #68 from alexandreborges/dev

Update for Malwoverview 6.1.1
alexandreborges · Dec 13, 2024 · d5fc570 · d5fc570
2 parents 5d730d5 + fbaeef3
commit d5fc570
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 54 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Malwoverview
 
-[<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/alexandreborges/malwoverview?color=red&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases/tag/v6.1.0) [<img alt="GitHub last commit" src="https://img.shields.io/github/last-commit/alexandreborges/malwoverview?color=Yellow&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases) [<img alt="GitHub Release Date" src="https://img.shields.io/github/release-date/alexandreborges/malwoverview?label=Release%20Date&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases) [<img alt="GitHub" src="https://img.shields.io/github/license/alexandreborges/malwoverview?style=for-the-badge">](https://github.com/alexandreborges/malwoverview/blob/master/LICENSE) 
+[<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/alexandreborges/malwoverview?color=red&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases/tag/v6.1.1) [<img alt="GitHub last commit" src="https://img.shields.io/github/last-commit/alexandreborges/malwoverview?color=Yellow&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases) [<img alt="GitHub Release Date" src="https://img.shields.io/github/release-date/alexandreborges/malwoverview?label=Release%20Date&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases) [<img alt="GitHub" src="https://img.shields.io/github/license/alexandreborges/malwoverview?style=for-the-badge">](https://github.com/alexandreborges/malwoverview/blob/master/LICENSE) 
 [<img alt="GitHub stars" src="https://img.shields.io/github/stars/alexandreborges/malwoverview?logoColor=Red&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/stargazers)
 [<img alt="Twitter Follow" src="https://img.shields.io/twitter/follow/ale_sp_brazil?style=for-the-badge&logo=X&color=blueviolet">](https://twitter.com/ale_sp_brazil)
 [<img alt="Downloads/Last Month" src="https://img.shields.io/pypi/dm/malwoverview?color=blue&style=for-the-badge&label=Last%20Month">](https://pypistats.org/packages/malwoverview)
@@ -55,6 +55,8 @@
 ![Alt text](pictures/picture_46.jpg?raw=true "Title")
 ![Alt text](pictures/picture_47.jpg?raw=true "Title")
 ![Alt text](pictures/picture_48.jpg?raw=true "Title")
+![Alt text](pictures/picture_49.jpg?raw=true "Title")
+![Alt text](pictures/picture_50.jpg?raw=true "Title")
 
       Copyright (C)  2018-2025 Alexandre Borges (https://exploitreversing.com) 
 
@@ -71,7 +73,7 @@
       See GNU Public License on <http://www.gnu.org/licenses/>.
 
 
-## Current Version: 6.1.0
+## Current Version: 6.1.1
 
      Important note:  Malwoverview does NOT submit samples to any endpoint by default, 
      so it respects possible Non-Disclosure Agreements (NDAs). There're specific options
@@ -87,17 +89,17 @@ from several endpoints. In few words, it works as a client to main existing sand
 
 This tool aims to : 
 
-1. Determine similar executable malware samples (PE/PE+) according to the import table (imphash) and group 
-   them by different colors (pay attention to the second column from output). Thus, colors matter!
-2. Show hash information on Virus Total, Hybrid Analysis, Malshare, Polyswarm, URLhaus, Alien Vault, 
-   Malpedia and ThreatCrowd engines. 
-3. Determining whether the malware samples contain overlay and, if you want, extract it. 
-4. Check suspect files on Virus Total, Hybrid Analysis and Polyswarm.
-5. Check URLs on Virus Total, Malshare, Polyswarm, URLhaus engines and Alien Vault. 
-6. Download malware samples from Hybrid Analysis, Malshare, URLHaus, Polyswarm and Malpedia engines.
-7. Submit malware samples to VirusTotal, Hybrid Analysis and Polyswarm.
-8. List last suspected URLs from URLHaus.
-9. List last payloads from URLHaus. 
+01. Determine similar executable malware samples (PE/PE+) according to the import table (imphash) and group 
+    them by different colors (pay attention to the second column from output). Thus, colors matter!
+02. Show hash information on Virus Total, Hybrid Analysis, Malshare, Polyswarm, URLhaus, Alien Vault, 
+    Malpedia and ThreatCrowd engines. 
+03. Determining whether the malware samples contain overlay and, if you want, extract it. 
+04. Check suspect files on Virus Total, Hybrid Analysis and Polyswarm.
+05. Check URLs on Virus Total, Malshare, Polyswarm, URLhaus engines and Alien Vault. 
+06. Download malware samples from Hybrid Analysis, Malshare, URLHaus, Polyswarm and Malpedia engines.
+07. Submit malware samples to VirusTotal, Hybrid Analysis and Polyswarm.
+08. List last suspected URLs from URLHaus.
+09. List last payloads from URLHaus. 
 10. Search for specific payloads on the Malshare.
 11. Search for similar payloads (PE32/PE32+) on Polyswarm engine.
 12. Classify all files in a directory searching information on Virus Total and Hybrid Analysis. 
@@ -128,9 +130,9 @@ This tool aims to :
 
 ## CONTRIBUTORS
 
-      Alexandre Borges (project owner)
-      Artur Marzano (https://github.com/Macmod)
-      Corey Forman (https://github.com/digitalsleuth)
+      Alexandre Borges (https://github.com/alexandreborges) | project owner and main developer
+      Artur Marzano (https://github.com/Macmod) | co-main developer
+      Corey Forman (https://github.com/digitalsleuth) | responsible for REMnux integration
       Christian Clauss (https://github.com/cclauss)
 
 ## HOW TO CONTRIBUTE TO THIS PROJECT
@@ -174,22 +176,30 @@ AFTER having installed Malwoverview:
 
       * python-magic is NOT installed. (pip show python-magic)
       * python-magic-bin IS installed. (pip show python-magic-bin)
-      
-To use Malwoverview you should insert VirusTotal, Hybrid Analysis, URLHaus, Malshare, Polyswarm,
-Alien Vault, Malpedia  and Triage into the .malwapi.conf configuration file 
-(the default one at the home directory (/home/[username] or /root) -- if the file doesn't exist,
-so you should create it) or you could create a custom configuration file and indicate it by 
+
+#### Note: It is recommended to save the .malwapi.conf before any update!
+
+
+## REQUIRED APIs
+
+Malwoverview does not require to insert all APIs anymore. Therefore, professionals can 
+us it without having registered such APIs. Obviously, to use certain options is necessary to 
+add respective API into .malwapi.conf file, whose format is shown below. 
+
+To use all options of Malwoverview you must insert respective API of the following services:
+VirusTotal, Hybrid Analysis, URLHaus, Malshare, Polyswarm, Alien Vault, Malpedia, Triage, 
+InQuest, Virus Exchange and APInfo into the .malwapi.conf configuration file, which must be present 
+(or created) in the home directory (/home/[username] or /root on Linux, and C:\Users\[username] 
+on Windows. Alternatively, users could create a custom configuration file and indicate it by 
 using the -c option.
 
-Nonetheless, starting on version 4.4.2, it isn't longer necessary to insert all APIs into 
-.malwapi.conf file before using Malwoverview. Therefore, users can only insert few APIs 
-and use the respective options to these APIs.
+To highlight: if the .malwapi.conf file does not exist in your home directory, so you must 
+create it!
 
 * A special note about the Alien Vault: it is necessary to subscribe to pulses on Alien Vault 
 website before using -n 1 option.
 
-The .malwapi.conf configuration file (from the the home directory -- /home/[username] or /root) 
-has the following format:
+The .malwapi.conf configuration file has the following format:
 
       [VIRUSTOTAL]
       VTAPI = 
@@ -243,6 +253,7 @@ The APIs can be requested on the respective service websites:
 13. IPInfo: https://ipinfo.io/ 
 14. BGPView: ihttps://bgpview.docs.apiary.io/
 
+
 ----------------------------------------------------
 A special note about API requests to the MALPEDIA:
 ----------------------------------------------------
@@ -254,7 +265,6 @@ you provided further information about you (LinkedIn account, Twitter and so on)
 because it would make simpler to proof your identity, professional profile and 
 legitimacy, so making quicker the approval of your request.  
 
------------------------------------------------------
 
 ----------------------------------------------------
 Additional explanation about Triage:
@@ -265,7 +275,6 @@ use the "-x 1 -X \<attribute\>:\<value\>" to search for the correct ID of the ar
 so use this ID information with the remaining Triage options (-x [2-7]) for getting 
 further threat hunting information from Triage endpoint.
 
------------------------------------------------------
 
 ----------------------------------------------------
 Note about background color of the terminal:
@@ -278,8 +287,6 @@ light background.
 
 -----------------------------------------------------
 
-On Linux and MacOS systems, create the .malwapi.conf file within
-/home/\[username\] directory (Linux home user directory -- /home/[username] or /root).
 
 To check the installation, execute:
 
@@ -291,11 +298,12 @@ Further information is available on:
        (Github) https://github.com/alexandreborges/malwoverview
 
 If you want to perform the manual installation (it is not usually necessary), so few steps 
-should be executed:
+should be executed, as shown in the next sub-section. 
+
 
 ## MANUAL INSTALLATION (REMnux and Ubuntu)
 
-1. Python version 3.8 or later (Only Python 3.x !!! It does NOT work using Python 2.7) 
+1. Python version 3.11 or later (Only Python 3.x !!! It does NOT work using Python 2.7) 
 
        $ apt-get install python3.11  (for example)
 
@@ -779,6 +787,13 @@ Malwoverview is a first response tool for threat hunting written by Alexandre Bo
 ## HISTORY
 
 
+Version 6.1.1:
+
+      This version:
+
+            * Modifies the code to not require to registers all APIs at the first usage.
+            * Add a new section in the README (this file) about required APIs.
+
 Version 6.1.0:
 
       This version:

diff --git a/malwoverview/malwoverview.py b/malwoverview/malwoverview.py
@@ -21,7 +21,7 @@
 # Christian Clauss (https://github.com/cclauss)
 # Artur Marzano (https://github.com/Macmod)
 
-# Malwoverview.py: version 6.1.0
+# Malwoverview.py: version 6.1.1
 
 import os
 import argparse
@@ -56,7 +56,7 @@
 __author__ = "Alexandre Borges"
 __copyright__ = "Copyright 2018-2025, Alexandre Borges"
 __license__ = "GNU General Public License v3.0"
-__version__ = "6.1.0"
+__version__ = "6.1.1"
 __email__ = "reverseexploit at proton.me"
 
 def finish_hook(signum, frame):
@@ -115,17 +115,24 @@ def main():
     config_file = configparser.ConfigParser()
     config_file.read(args.config)
     config_dict = config_file
-    VTAPI = config_dict.get('VIRUSTOTAL', 'VTAPI')
-    HAAPI = config_dict.get('HYBRID-ANALYSIS', 'HAAPI')
-    MALSHAREAPI = config_dict.get('MALSHARE', 'MALSHAREAPI')
-    HAUSSUBMITAPI = config_dict.get('HAUSSUBMIT', 'HAUSSUBMITAPI')
-    POLYAPI = config_dict.get('POLYSWARM', 'POLYAPI')
-    ALIENAPI = config_dict.get('ALIENVAULT', 'ALIENAPI')
-    MALPEDIAAPI = config_dict.get('MALPEDIA', 'MALPEDIAAPI')
-    TRIAGEAPI = config_dict.get('TRIAGE', 'TRIAGEAPI')
-    INQUESTAPI = config_dict.get('INQUEST', 'INQUESTAPI')
-    VXAPI = config_dict.get('VIRUSEXCHANGE', 'VXAPI')
-    IPINFOAPI = config_dict.get('IPINFO', 'IPINFOAPI')
+
+    def getoption(section, name):
+        if config_dict.has_option(section,name):
+            return config_dict.get(section,name)
+        else:
+            return ''
+
+    VTAPI = getoption('VIRUSTOTAL', 'VTAPI')
+    HAAPI = getoption('HYBRID-ANALYSIS', 'HAAPI')
+    MALSHAREAPI = getoption('MALSHARE', 'MALSHAREAPI')
+    HAUSSUBMITAPI = getoption('HAUSSUBMIT', 'HAUSSUBMITAPI')
+    POLYAPI = getoption('POLYSWARM', 'POLYAPI')
+    ALIENAPI = getoption('ALIENVAULT', 'ALIENAPI')
+    MALPEDIAAPI = getoption('MALPEDIA', 'MALPEDIAAPI')
+    TRIAGEAPI = getoption('TRIAGE', 'TRIAGEAPI')
+    INQUESTAPI = getoption('INQUEST', 'INQUESTAPI')
+    VXAPI = getoption('VIRUSEXCHANGE', 'VXAPI')
+    IPINFOAPI = getoption('IPINFO', 'IPINFOAPI')
 
     optval = range(2)
     optval1 = range(3)
@@ -194,7 +201,10 @@ def main():
         args.backg not in optval,
         args.malsharelist not in optval8,
         args.virustotaloption not in optval9,
-        args.vtpubpremium not in optval
+        args.vtpubpremium not in optval,
+        args.vxoption not in optval1,
+        args.ipoption not in optval4,
+        args.androidoption not in optval5
     ]
 
     MIN_OPTIONS = [

diff --git a/malwoverview/modules/ipinfo.py b/malwoverview/modules/ipinfo.py
@@ -1,16 +1,19 @@
 import malwoverview.modules.configvars as cv
-from malwoverview.utils.colors import mycolors
+from malwoverview.utils.colors import mycolors, printc
 import requests
 
 class IPInfoExtractor:
     def __init__(self, IPINFOAPI):
         self.IPINFOAPI = IPINFOAPI
 
+    """
+    IPInfo API can be used anonymously up to 1000 requests per day
     def requestIPINFOAPI(self):
-        if self.IPINFOAPI == '':
-            print(mycolors.foreground.red + "\nTo use IPInfo.io services, you must create the .malwapi.conf file under your user home directory (on Linux is $HOME\\.malwapi.conf and on Windows is in C:\\Users\\[username]\\.malwapi.conf) and insert the IPInfo API key according to the format shown on the Github website." + mycolors.reset + "\n")
-            exit(1)
-
+            if self.IPINFOAPI == '':
+                print(mycolors.foreground.red + "\nTo use IPInfo.io services, you must create the .malwapi.conf file under your user home directory (on Linux is $HOME\\.malwapi.conf and on Windows is in C:\\Users\\[username]\\.malwapi.conf) and insert the IPInfo API key according to the format shown on the Github website." + mycolors.reset + "\n")
+                exit(1)
+    """
+
     def _raw_ip_info(self, ip_address):
         url = f"https://ipinfo.io/{ip_address}?token={self.IPINFOAPI}"
 
@@ -21,7 +24,7 @@ def _raw_ip_info(self, ip_address):
             return {'error': e}
 
     def get_ip_details(self, ip_address):
-        self.requestIPINFOAPI()
+#        self.requestIPINFOAPI()
 
         data = self._raw_ip_info(ip_address)
 

diff --git a/malwoverview/modules/multipleip.py b/malwoverview/modules/multipleip.py
@@ -1,11 +1,15 @@
-from malwoverview.utils.colors import mycolors, printr
+from malwoverview.utils.colors import mycolors, printr, printc
 import malwoverview.modules.configvars as cv
 
 class MultipleIPExtractor:
     def __init__(self, extractors):
         self.extractors = extractors
 
     def get_multiple_ip_details(self, ip_address):
+        if ip_address is None:
+            printc("A valid IP address is required.", mycolors.foreground.error(cv.bkg))
+            return
+
         for extractor in self.extractors:
             extractor_obj = self.extractors[extractor]
             if extractor == "IPInfo":

diff --git a/pictures/picture_49.jpg b/pictures/picture_49.jpg
diff --git a/pictures/picture_50.jpg b/pictures/picture_50.jpg
diff --git a/setup.py b/setup.py
@@ -11,7 +11,7 @@
 
 setup(
     name="malwoverview",
-    version="6.1.0",
+    version="6.1.1",
     author="Alexandre Borges",
     author_email="reverseexploit@proton.me",
     license="GNU GPL v3.0",