Shadow Server - Binary Whitelist and MD5/SHA1 AV Service API
Project description
shadow-server-api
Shadow Server - Binary Whitelist and MD5/SHA1 AV Service API
Installation
$ pip install shadow-server-api
Usage
MD5/SHA1 AV Service
import json
from shadow_server_api import ShadowServerApi
ss = ShadowServerApi()
response = ss.get_av('039ea049f6d0f36f55ec064b3b371c46')
print json.dumps(response, sort_keys=False, indent=4)
Output:
{
"sha1": "ada0f47d8a52d664a5548bf67aa4a28c1d7dbf15",
"last_seen_date_utc": "2013-12-12 15:11:38",
"file_type": "exe",
"response_code": 200,
"av": {
"DrWeb": "BackDoor.Kuluoz.4",
"FSecure": "Suspicious:W32/Malware!Online",
"Clam": "PUA.Win32.Packer.Upx-53",
"Symantec": "Trojan.Fakeavlock",
"TrendMicro": "TROJ_SPNR.11LC13",
"Avast": "Win32:Malware-gen",
"GData": "Trojan.GenericKD.1449455",
"Kaspersky": "Trojan-Downloader.Win32.Dofoil.rmy",
"BitDefender": "Trojan.GenericKD.1449455",
"McAfee": "RDN/Downloader.a!og",
"Eset": "Win32/Kryptik.BQYU",
"Avira": "TR/Crypt.ZPACK.Gen8",
"Sunbelt": "Trojan.Win32.Dofoil.qtz",
"K7": "Trojan ( 004912141 )",
"Fortinet": "W32/DOFOIL.LF!tr",
"Microsoft": "TrojanDownloader:Win32/Kuluoz.D",
"AVG": "Generic_r.DHD",
"K7GW": "Trojan ( 004912141 )",
"Emsisoft": "Trojan.GenericKD.1449455",
"QuickHeal": "TrojanDownloader.Kuluoz.aob",
"Comodo": "UnclassifiedMalware"
},
"ssdeep": "",
"first_seen_date_utc": "2013-12-12 15:11:38",
"md5": "039ea049f6d0f36f55ec064b3b371c46"
}
Binary Whitelist
import json
from shadowserver.shadow_server_api import ShadowServerApi
ss = ShadowServerApi()
response = ss.get_bintest('5e28284f9b5f9097640d58a73d38ad4c')
print json.dumps(response, sort_keys=False, indent=4)
Output:
{
"response_code": 200,
"results": {
"os_mfg": "Microsoft Corporation",
"fileversion": "5.1.2600.5512",
"reference": "os_patches_all",
"application_type": "exe",
"filetimestamp": "04/14/2008 12:00:00",
"sig_timestamp": "04/14/2008 02:07:47",
"language_code": "1033",
"source_version": "1.6",
"dirname": "c:\\WINDOWS\\system32",
"binary": "1",
"source": "AppInfo",
"product_version": "5.1.2600.5512",
"mfg_name": "Microsoft Corporation",
"filename": "notepad.exe",
"os_version": "5.1",
"sig_trustfile": "C:\\WINDOWS\\system32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\NT5.CAT",
"filesize": "69120",
"sha256": "865F34FE7BA81E9622DDBDFC511547D190367BBF3DAD21CEB6DA3EEC621044F5",
"sha512": "CB7218CFEA8813AE8C7ACF6F7511AECBEB9D697986E0EB8538065BF9E3E9C6CED9C29270EB677F5ACF08D2E94B21018D8C4A376AA646FA73CE831FC87D448934",
"product_name": "Microsoft Windows Operating System",
"os_name": "Microsoft Windows XP Professional Service Pack 3 (build 2600)",
"description": "Notepad",
"trusted_signature": "1",
"crc32": "877EA041",
"bit": "32",
"md5": "5E28284F9B5F9097640D58A73D38AD4C",
"sha1": "7A90F8B051BC82CC9CADBCC9BA345CED02891A6C",
"language": "English",
"signer": "Microsoft Windows Component Publisher",
"strongname_signed": "0"
}
}
Testing
To run the tests:
$ ./tests
Contributing
Fork it.
Create a branch (git checkout -b my_shadow_server_api)
Commit your changes (git commit -am “Added Something Cool”)
Push to the branch (git push origin my_shadow_server_api)
Open a [Pull Request](https://github.com/blacktop/shadow-server-api/pulls)
Wait for me to figure out what the heck a pull request is…
Release History
1.0.4 (2014-05-18)
Fixes
Fixing error in README
1.0.2 (2014-05-18)
API Changes
Changing folder structure so when people import it it is not dumb :(
1.0.1 (2014-04-14)
Bugfixes
Trying to fix setup.py for deploying to PYPI.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
shadow-server-api-1.0.4.tar.gz
(18.7 kB
view hashes)