A command-line client to interact with the MalwareBazaar API
Project description
Malware Bazaar Client
This is bwbzcl
, a Python-based client for the bazaar.abuse.ch API.
Installation
The most recent release is available on the Python Package Index (PyPI):
pip install mwbzcl
This will also create an executable called mwbzcl
in the bin directory.
Example Usage
After setting the environment variable MALWARE_BAZAAR_API_KEY
to the value from your bazaar.abuse.ch profile, a
typical session might look like the following:
$ mwbzcl --json signature AgentTesla | jq -r "select(.tags[] | contains ("""exe""")) | .sha256"
1f71b476b9450a59fc8b76f1c3e0ddb8eab1dcd34a0cb451b1d1d2f1aa882ab2
a349d5cf195bf2126c239760539077607db536a57529957577b93ef58a44daf6
24c871a763e208ba82f7ce7df48fea42c962214954181dc72f17c9112cc74c5e
8d4cb50c1044910b9464e20dc05f2e61643cce2898348a0ede91330736a831df
5eb9b4d6d7e12e2b605adb64d332ec0ef196520106ee561a99b528c7f82f49ef
d69aa1932b2e702e5065ee19da9fc9cf2b05e7dbaa617141b14eaa501a14955e
$ mwbzcl download 1f71b476b9450a59fc8b76f1c3e0ddb8eab1dcd34a0cb451b1d1d2f1aa882ab2
[INFO] Downloaded 1 file(s), 0 skipped.
Development
I recommend creating a virtual environment to set up a local development environment:
python -m venv C:\path\to\venv
C:\path\to\venv\Scripts\activate.bat
pip install -r requirements.txt
SET PYTHONPATH=C:\path\to\repository\
Now you can call client.py
as you would otherwise call mwbzcl
.
Changelog
2023-05-13 - Version 1.0.6
- Allow to pass MD5 and SHA1 hashes for downloads:
$ mwbzcl download eb8d50fd5a3afa04fe7fb476f2df9e99 b915056524f1b25937074727cdf5f87c
[WARNING] Argument "eb8d50fd5a3afa04fe7fb476f2df9e99" not a valid SHA256 hash...
[WARNING] Translated to "3a60658cdbf960c135f07bd06d36124b5926b85c59a9c01948976b199e3959f8".
[WARNING] Argument "b915056524f1b25937074727cdf5f87c" not a valid SHA256 hash...
[ERROR] Query status of "hash_not_found"
[INFO] Downloaded 1 file(s), 0 skipped.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
mwbzcl-1.0.6.tar.gz
(5.6 kB
view hashes)
Built Distribution
mwbzcl-1.0.6-py3-none-any.whl
(6.2 kB
view hashes)