-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathmalware-2-hash.py
128 lines (98 loc) · 4.64 KB
/
malware-2-hash.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
import hashlib
import os
import json
import argparse
import time
__ascii__ = '''
███╗ ███╗ █████╗ ██╗ ██╗ ██╗ █████╗ ██████╗ ███████╗██████╗ ██╗ ██╗ █████╗ ███████╗██╗ ██╗
████╗ ████║██╔══██╗██║ ██║ ██║██╔══██╗██╔══██╗██╔════╝╚════██╗██║ ██║██╔══██╗██╔════╝██║ ██║
██╔████╔██║███████║██║ ██║ █╗ ██║███████║██████╔╝█████╗ █████╔╝███████║███████║███████╗███████║
██║╚██╔╝██║██╔══██║██║ ██║███╗██║██╔══██║██╔══██╗██╔══╝ ██╔═══╝ ██╔══██║██╔══██║╚════██║██╔══██║
██║ ╚═╝ ██║██║ ██║███████╗╚███╔███╔╝██║ ██║██║ ██║███████╗███████╗██║ ██║██║ ██║███████║██║ ██║
╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ (v{version})
'''
__version__ = "1.0"
# Colors class
class Colors:
RED = '\033[91m'
GREEN = '\033[92m'
BLUE = '\033[94m'
YELLOW = '\033[93m'
MAGENTA = '\033[95m'
CYAN = '\033[96m'
WHITE = '\033[97m'
RESET = '\033[0m'
# Text styles
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
# By default, poll every thirty minutes
DEFAULT_POLL_TIME = 30
parser = argparse.ArgumentParser(prog = 'Malware-2-Hash',description='Script to automate the hashing and creation of malware IOCs!', epilog='Text at the bottom of help')
parser.add_argument("-f", "--filepath", help="Malware file to hash")
parser.add_argument("-n", "--name", help="Malware name")
args = parser.parse_args()
if args.filepath == None:
print("Argument -f (--filepath) is required!")
os._exit(0)
#Find file
if not(os.path.isfile(args.filepath)):
print("Invalid filepath! please try again")
os._exit(0)
file = args.filepath
# The size of each read from the file
BLOCK_SIZE = 65536
#Start timer
startTime = time.time()
# Create the hash objects
md5_obj = hashlib.md5()
sha1_obj = hashlib.sha1()
sha256_obj = hashlib.sha256()
sha512_obj = hashlib.sha512()
with open(file, 'rb') as f:
fileblock = f.read(BLOCK_SIZE)
while len(fileblock) > 0:
md5_obj.update(fileblock)
sha1_obj.update(fileblock)
sha256_obj.update(fileblock)
sha512_obj.update(fileblock)
fileblock = f.read(BLOCK_SIZE)
f.close()
if args.name == None:
getFileName = os.path.basename(file)
#print(getFileName)
filename = getFileName.split(".")
name = filename[0]
#print(name)
# Get Absolute Path of fileName
fullFilePath = os.path.abspath(file)
else:
# Get Absolute Path of fileName
fullFilePath = os.path.abspath(file)
# Set as fileName args given name
name = args.name
print (__ascii__.format(version=__version__))
print(f"[+] Full File Path: {Colors.BOLD}{Colors.CYAN}{fullFilePath}{Colors.RESET}\n")
print(f"[+] Hashes: \n"
f" MD5: {Colors.BOLD}{Colors.RED}{md5_obj.hexdigest()}{Colors.RESET}\n"
f" SHA1: {Colors.BOLD}{Colors.YELLOW}{sha1_obj.hexdigest()}{Colors.RESET}\n"
f" SHA256: {Colors.BOLD}{Colors.GREEN}{sha256_obj.hexdigest()}{Colors.RESET}\n"
f" SHA512: {Colors.BOLD}{Colors.MAGENTA}{sha512_obj.hexdigest()}{Colors.RESET}\n")
ioc = {
"name" : name,
"file_hash" : sha256_obj.hexdigest(),
"poll_time" : DEFAULT_POLL_TIME,
"MD5" : md5_obj.hexdigest(),
"SHA1" : sha1_obj.hexdigest(),
"SHA256" : sha256_obj.hexdigest(),
"SHA512" : sha512_obj.hexdigest()
}
json_object = json.dumps(ioc, indent=4)
with open("ioc/" + name + ".json", "w") as outfile:
outfile.write(json_object)
outfile.close()
#End timer
endTime = time.time()
# Determibe execution time
executionTime = (endTime - startTime) * 1000
print(f"[+] IOC file saved: {Colors.BOLD}{Colors.CYAN}ioc/{name}.json{Colors.RESET}\n")
print(f"[+] Completed in: {Colors.BOLD}{Colors.WHITE}{executionTime:.2f}{Colors.RESET} ms\n")