From 2e6de40bfc63b36e1379fde054f2daf2e94c9bda Mon Sep 17 00:00:00 2001
From: Alexandre Borges <alexandreborges@blackstormsecurity.com>
Date: Fri, 9 Apr 2021 16:13:38 -0400
Subject: [PATCH] Malwoverview 4.3.3

---
 README.md                    | 12 ++++++++++--
 malwoverview/malwoverview.py | 36 ++++++++++++++----------------------
 setup.py                     |  2 +-
 3 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/README.md b/README.md
index bd1925a..0a24c83 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Malwoverview
 
-[<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/alexandreborges/malwoverview?color=Red&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases/tag/4.3.2) [<img alt="GitHub last commit" src="https://img.shields.io/github/last-commit/alexandreborges/malwoverview?color=Yellow&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases) [<img alt="GitHub Release Date" src="https://img.shields.io/github/release-date/alexandreborges/malwoverview?label=Release%20Date&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases) [<img alt="GitHub" src="https://img.shields.io/github/license/alexandreborges/malwoverview?style=for-the-badge">](https://github.com/alexandreborges/malwoverview/blob/master/LICENSE) 
+[<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/alexandreborges/malwoverview?color=Red&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases/tag/4.3.3) [<img alt="GitHub last commit" src="https://img.shields.io/github/last-commit/alexandreborges/malwoverview?color=Yellow&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases) [<img alt="GitHub Release Date" src="https://img.shields.io/github/release-date/alexandreborges/malwoverview?label=Release%20Date&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/releases) [<img alt="GitHub" src="https://img.shields.io/github/license/alexandreborges/malwoverview?style=for-the-badge">](https://github.com/alexandreborges/malwoverview/blob/master/LICENSE) 
 [<img alt="GitHub stars" src="https://img.shields.io/github/stars/alexandreborges/malwoverview?logoColor=Red&style=for-the-badge">](https://github.com/alexandreborges/malwoverview/stargazers) [<img alt="Twitter Follow" src="https://img.shields.io/twitter/follow/ale_sp_brazil?color=blueviolet&style=for-the-badge">](https://twitter.com/ale_sp_brazil)
 [<img alt="PayPal" src="https://img.shields.io/badge/Donate-Paypal-brightgreen?style=for-the-badge&logo=appveyor">](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=M8F458EZH8UZE&source=url)
 
@@ -112,7 +112,7 @@
       See GNU Public License on <http://www.gnu.org/licenses/>.
 
 
-# Current Version: 4.3.2
+# Current Version: 4.3.3
 
      Important note:  Malwoverview does NOT submit samples to Virus Total or Hybrid 
      Analysis by default. It submits only hashes, so respecting Non-Disclosure 
@@ -738,6 +738,14 @@ optional arguments:
 # HISTORY
 
 
+Version 4.3.3:
+
+      This version:
+
+            * Fixes output formatting of option -y (Android package checking on VT and HA) 
+            * Fixes issue with option -y while using -o 0. 
+
+
 Version 4.3.2:
 
       This version:
diff --git a/malwoverview/malwoverview.py b/malwoverview/malwoverview.py
index f9666f7..cfe5277 100755
--- a/malwoverview/malwoverview.py
+++ b/malwoverview/malwoverview.py
@@ -20,7 +20,7 @@
 # Corey Forman (https://github.com/digitalsleuth)
 # Christian Clauss (https://github.com/cclauss)
 
-# Malwoverview.py: version 4.3.2
+# Malwoverview.py: version 4.3.3
 
 import os
 import sys
@@ -60,7 +60,7 @@
 __author__ = "Alexandre Borges"
 __copyright__ = "Copyright 2018-2021, Alexandre Borges"
 __license__ = "GNU General Public License v3.0"
-__version__ = "4.3.2"
+__version__ = "4.3.3"
 __email__ = "alexandreborges at blackstormsecurity.com"
 
 haurl = 'https://www.hybrid-analysis.com/api/v2'
@@ -7602,11 +7602,11 @@ def run(self):
         vtfinal = vtcheck(myhash, url, param)
     
         if (bkg == 1):
-            print((mycolors.foreground.orange +  "%-50s" % package1), end=' ')
+            print((mycolors.foreground.orange +  "%-70s" % package1), end=' ')
             print((mycolors.foreground.lightcyan +  "%-32s" % key1), end=' ')
             print((mycolors.reset + mycolors.foreground.lightgreen + "%8s" % vtfinal + mycolors.reset))
         else:
-            print((mycolors.foreground.green + "%-08s" % package1), end=' ')
+            print((mycolors.foreground.green + "%-70s" % package1), end=' ')
             print((mycolors.foreground.cyan + "%-32s" % key1), end=' ')
             print((mycolors.reset + mycolors.foreground.red + "%8s" % vtfinal + mycolors.reset))
 
@@ -7628,13 +7628,9 @@ def run(self):
         (final, verdict, avdetect, totalsignatures, threatscore, totalprocesses, networkconnections) =  quickhashowAndroid(myhash)
 
         if (bkg == 1):
-            print((mycolors.foreground.lightgreen + "%-50s" % package1), end=' ')
+            print((mycolors.foreground.lightgreen + "%-70s" % package1), end=' ')
             print((mycolors.foreground.yellow + "%-34s" % key1), end=' ')
             print((mycolors.foreground.lightcyan + "%9s" % final), end='')
-            if (verdict == "malicious"):
-                print((mycolors.foreground.lightred + "%20s" % verdict), end='')
-            else:
-                print((mycolors.foreground.yellow + "%20s" % verdict), end='')
             if(avdetect == 'None'):
                 print((mycolors.foreground.lightcyan + "%7s" % avdetect), end='')
             else:
@@ -7647,13 +7643,9 @@ def run(self):
             print((mycolors.foreground.lightgreen + "%6s" % totalprocesses), end='')
             print((mycolors.foreground.lightgreen + "%6s" % networkconnections + mycolors.reset))
         else:
-            print((mycolors.foreground.lightcyan + "%-50s" % key1), end=' ')
+            print((mycolors.foreground.lightcyan + "%-70s" % package1), end=' ')
             print((mycolors.foreground.green + "%-34s" % key1), end=' ')
             print((mycolors.foreground.cyan + "%9s" % final), end='')
-            if (verdict == "malicious"):
-                print((mycolors.foreground.red + "%20s" % verdict), end='')
-            else:
-                print((mycolors.foreground.green + "%20s" % verdict), end='')
             if (avdetect == 'None'):
                 print((mycolors.foreground.purple + "%7s" % avdetect), end='')
             else:
@@ -7683,11 +7675,11 @@ def checkandroidvt(key, package):
     key1 = key
     vtfinal = vtcheck(key1, url, param)
     if (bkg == 1):
-        print((mycolors.foreground.orange +  "%-50s" % package), end=' ')
+        print((mycolors.foreground.orange +  "%-70s" % package), end=' ')
         print((mycolors.foreground.lightcyan +  "%-32s" % key1), end=' ')
         print((mycolors.reset + mycolors.foreground.lightgreen + "%8s" % vtfinal + mycolors.reset))
     else:
-        print((mycolors.foreground.green + "%-08s" % package), end=' ')
+        print((mycolors.foreground.green + "%-70s" % package), end=' ')
         print((mycolors.foreground.cyan + "%-32s" % key1), end=' ')
         print((mycolors.reset + mycolors.foreground.red + "%8s" % vtfinal + mycolors.reset))
 
@@ -7752,15 +7744,15 @@ def checkandroid(engine):
     if(engine == 1):
 
         print(mycolors.reset + "\n")
-        print("Package".center(50) + "Hash".center(34) + "Found?".center(12) + "Verdict".center(23) + "AVdet".center(6) + "Sigs".center(5) + "Score".center(14) + "Procs".center(6) + "Conns".center(6))
+        print("Package".center(70) + "Hash".center(34) + "Found?".center(12) + "AVdet".center(10) + "Sigs".center(5) + "Score".center(14) + "Procs".center(6) + "Conns".center(6))
         print((160*'-').center(80))
         for key, value in dictAndroid.items():
             checkandroidha(value, key)
 
     if(engine == 2):
         print(mycolors.reset + "\n")
-        print("Package".center(50) +  "Hash".center(36) + "Virus Total".center(12))
-        print((100*'-').center(50))
+        print("Package".center(70) +  "Hash".center(36) + "Virus Total".center(12))
+        print((118*'-').center(59))
         for key, value in dictAndroid.items():
             tm1 = tm1 + 1
             if tm1 % 4 == 0:
@@ -7769,8 +7761,8 @@ def checkandroid(engine):
 
     if(engine == 3):
         print(mycolors.reset + "\n")
-        print("Package".center(50) +  "Hash".center(36) + "Virus Total".center(12))
-        print((100*'-').center(50))
+        print("Package".center(70) +  "Hash".center(36) + "Virus Total".center(12))
+        print((118*'-').center(59))
         for key, value in dictAndroid.items():
             checkandroidvtx(value, key)
 
@@ -8004,7 +7996,7 @@ def dirchecking(repo2):
     bazaar = 0
     bazaararg = ''
 
-    parser = argparse.ArgumentParser(prog=None, description="Malwoverview is a first response tool for threat hunting written by Alexandre Borges. This version is 4.3.2", usage= "python malwoverview.py -c <API configuration file> -d <directory> -f <fullpath> -o <0|1> -v <0|1|2|3> -a <0|1|2|3|4|5> -x <0|1> -w <0|1> -u <url> -H <hash file> -V <filename> -D <0|1> -e <0|1|2|3|4> -A <filename> -g <job_id> -r <domain> -t <0|1> -l <1-14> -L <hash> -U <url> -S <url> -z <tags> -K <0|1|2> -j <hash> -J <hash> -P <filename> -R <PE file, IP address, domain or URL> -G <0|1|2|3|4> -y <0|1|2|3> -Y <file name> -Y <file name> -T <file name> -W <tag> -k <signature> -I <ip address> -n <1|2|3|4|5> -N <argument> -M <1-8> -m <argument> -Q <1-5> -q <argument> -E <1|2|3|4|5> -C <argument> -b <'1|2|3|4|5|6|7|8|9|10> -B <arg>")
+    parser = argparse.ArgumentParser(prog=None, description="Malwoverview is a first response tool for threat hunting written by Alexandre Borges. This version is 4.3.3", usage= "python malwoverview.py -c <API configuration file> -d <directory> -f <fullpath> -o <0|1> -v <0|1|2|3> -a <0|1|2|3|4|5> -x <0|1> -w <0|1> -u <url> -H <hash file> -V <filename> -D <0|1> -e <0|1|2|3|4> -A <filename> -g <job_id> -r <domain> -t <0|1> -l <1-14> -L <hash> -U <url> -S <url> -z <tags> -K <0|1|2> -j <hash> -J <hash> -P <filename> -R <PE file, IP address, domain or URL> -G <0|1|2|3|4> -y <0|1|2|3> -Y <file name> -Y <file name> -T <file name> -W <tag> -k <signature> -I <ip address> -n <1|2|3|4|5> -N <argument> -M <1-8> -m <argument> -Q <1-5> -q <argument> -E <1|2|3|4|5> -C <argument> -b <'1|2|3|4|5|6|7|8|9|10> -B <arg>")
     parser.add_argument('-c', '--config', dest='config', type=str, metavar = "CONFIG FILE", default = (USER_HOME_DIR + '.malwapi.conf'), help='Use a custom config file to specify API\'s')
     parser.add_argument('-d', '--directory', dest='direct',type=str, metavar = "DIRECTORY", help='Specifies the directory containing malware samples.')
     parser.add_argument('-f', '--filename', dest='fpname',type=str, metavar = "FILENAME", default = '', help='Specifies a full path to a malware sample. It returns general information about the file (any filetype)')
diff --git a/setup.py b/setup.py
index 1d613bb..7ef8add 100644
--- a/setup.py
+++ b/setup.py
@@ -11,7 +11,7 @@
 
 setup(
     name="malwoverview",
-    version="4.3.2",
+    version="4.3.3",
     author="Alexandre Borges",
     author_email="alexandreborges@blackstormsecurity.com",
     license="GNU GPL v3.0",