Skip to main content

Shadow Server - Binary Whitelist and MD5/SHA1 AV Service API

Project description

https://raw.githubusercontent.com/blacktop/shadow-server-api/master/doc/logo.png

shadow-server-api

travisci version downloads tip

Shadow Server - Binary Whitelist and MD5/SHA1 AV Service API

https://www.shadowserver.org

Installation

$ pip install shadow-server-api

Usage

MD5/SHA1 AV Service

import json
from shadow_server_api import ShadowServerApi

ss = ShadowServerApi()

response =  ss.get_av('039ea049f6d0f36f55ec064b3b371c46')
print json.dumps(response, sort_keys=False, indent=4)

Output:

{
    "sha1": "ada0f47d8a52d664a5548bf67aa4a28c1d7dbf15",
    "last_seen_date_utc": "2013-12-12 15:11:38",
    "file_type": "exe",
    "response_code": 200,
    "av": {
        "DrWeb": "BackDoor.Kuluoz.4",
        "FSecure": "Suspicious:W32/Malware!Online",
        "Clam": "PUA.Win32.Packer.Upx-53",
        "Symantec": "Trojan.Fakeavlock",
        "TrendMicro": "TROJ_SPNR.11LC13",
        "Avast": "Win32:Malware-gen",
        "GData": "Trojan.GenericKD.1449455",
        "Kaspersky": "Trojan-Downloader.Win32.Dofoil.rmy",
        "BitDefender": "Trojan.GenericKD.1449455",
        "McAfee": "RDN/Downloader.a!og",
        "Eset": "Win32/Kryptik.BQYU",
        "Avira": "TR/Crypt.ZPACK.Gen8",
        "Sunbelt": "Trojan.Win32.Dofoil.qtz",
        "K7": "Trojan ( 004912141 )",
        "Fortinet": "W32/DOFOIL.LF!tr",
        "Microsoft": "TrojanDownloader:Win32/Kuluoz.D",
        "AVG": "Generic_r.DHD",
        "K7GW": "Trojan ( 004912141 )",
        "Emsisoft": "Trojan.GenericKD.1449455",
        "QuickHeal": "TrojanDownloader.Kuluoz.aob",
        "Comodo": "UnclassifiedMalware"
    },
    "ssdeep": "",
    "first_seen_date_utc": "2013-12-12 15:11:38",
    "md5": "039ea049f6d0f36f55ec064b3b371c46"
}

Binary Whitelist

import json
from shadowserver.shadow_server_api import ShadowServerApi

ss = ShadowServerApi()

response =  ss.get_bintest('5e28284f9b5f9097640d58a73d38ad4c')
print json.dumps(response, sort_keys=False, indent=4)

Output:

{
    "response_code": 200,
    "results": {
        "os_mfg": "Microsoft Corporation",
        "fileversion": "5.1.2600.5512",
        "reference": "os_patches_all",
        "application_type": "exe",
        "filetimestamp": "04/14/2008 12:00:00",
        "sig_timestamp": "04/14/2008 02:07:47",
        "language_code": "1033",
        "source_version": "1.6",
        "dirname": "c:\\WINDOWS\\system32",
        "binary": "1",
        "source": "AppInfo",
        "product_version": "5.1.2600.5512",
        "mfg_name": "Microsoft Corporation",
        "filename": "notepad.exe",
        "os_version": "5.1",
        "sig_trustfile": "C:\\WINDOWS\\system32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\NT5.CAT",
        "filesize": "69120",
        "sha256": "865F34FE7BA81E9622DDBDFC511547D190367BBF3DAD21CEB6DA3EEC621044F5",
        "sha512": "CB7218CFEA8813AE8C7ACF6F7511AECBEB9D697986E0EB8538065BF9E3E9C6CED9C29270EB677F5ACF08D2E94B21018D8C4A376AA646FA73CE831FC87D448934",
        "product_name": "Microsoft Windows Operating System",
        "os_name": "Microsoft Windows XP Professional Service Pack 3 (build 2600)",
        "description": "Notepad",
        "trusted_signature": "1",
        "crc32": "877EA041",
        "bit": "32",
        "md5": "5E28284F9B5F9097640D58A73D38AD4C",
        "sha1": "7A90F8B051BC82CC9CADBCC9BA345CED02891A6C",
        "language": "English",
        "signer": "Microsoft Windows Component Publisher",
        "strongname_signed": "0"
    }
}

Testing

To run the tests:

$ ./tests

Contributing

  1. Fork it.

  2. Create a branch (git checkout -b my_shadow_server_api)

  3. Commit your changes (git commit -am “Added Something Cool”)

  4. Push to the branch (git push origin my_shadow_server_api)

  5. Open a [Pull Request](https://github.com/blacktop/shadow-server-api/pulls)

  6. Wait for me to figure out what the heck a pull request is…

Release History

1.0.4 (2014-05-18)

Fixes

  • Fixing error in README

1.0.2 (2014-05-18)

API Changes

  • Changing folder structure so when people import it it is not dumb :(

1.0.1 (2014-04-14)

Bugfixes

  • Trying to fix setup.py for deploying to PYPI.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

shadow-server-api-1.0.4.tar.gz (18.7 kB view details)

Uploaded Source

File details

Details for the file shadow-server-api-1.0.4.tar.gz.

File metadata

File hashes

Hashes for shadow-server-api-1.0.4.tar.gz
Algorithm Hash digest
SHA256 e2ea77c0dfb1fea6a85154a941fdbefab8335e11c43e6bfcdd3139b0a943b479
MD5 030be2fd88d08d1d4a757c80fb299b09
BLAKE2b-256 fb2494400e7c821a76a611451e47ac0e8ed84918f3d9d36caa07a071f54b7a00

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page