Last active
October 29, 2024 19:48
-
-
Save fr0gger/51a065ff9cc42c0e3f4180850783e3a7 to your computer and use it in GitHub Desktop.
Threat Info Lookup: Retrieve Microsoft Defender signature details from the Threat Encyclopedia
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # Author: Thomas Roccia, @fr0gger_ | |
| """Threat Encyclopedia Lookup, retrieve Defender Signature information. | |
| This script will retrieve the information related to the specified signature. | |
| Usage: | |
| python threatinfo.py [options] | |
| Requirements: | |
| pip install beautifulsoup4==4.11.1 requests==2.26.0 tabulate==0.8.10 | |
| """ | |
| import sys | |
| import os | |
| import textwrap | |
| import argparse | |
| import requests | |
| from bs4 import BeautifulSoup | |
| from tabulate import tabulate | |
| # Threat Encyclopedia URL | |
| URL = "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=" | |
| # Get single threat info | |
| def get_threat_info(threat): | |
| """Get information about a specified Defender signature | |
| Parameters: | |
| threat (list): a list of strings containing the signature names | |
| Returns: | |
| table: Returning a table of information about the signature | |
| """ | |
| # wrapper for printing | |
| wrapper = textwrap.TextWrapper(width=50) | |
| # to store the data | |
| table = [] | |
| # request the webpage | |
| for threat in threat: | |
| try: | |
| result = requests.get(URL + threat) | |
| soup = BeautifulSoup(result.text, 'html.parser') | |
| except requests.exceptions.RequestException as err: | |
| raise SystemExit(err) from err | |
| # Parsing web page for the data | |
| threatname = soup.find('h1', attrs={'class':'c-heading-3'}) | |
| alias = soup.find('span', attrs={'class':'also-detected'}) | |
| summary = soup.find('div', attrs={'class':'summaryText'}) | |
| #whatto = soup.find('div', attrs={'class':'whattodoText'}) | |
| symptoms = soup.find('div', attrs={'class':'tech-info-content'}) | |
| try: | |
| threatname = threatname.get_text().strip() | |
| alias = alias.get_text().strip() | |
| summary = summary.get_text().strip() | |
| symptoms = symptoms.get_text() | |
| symptoms = os.linesep.join([s for s in symptoms.splitlines() if s]) | |
| except Exception: | |
| pass | |
| if symptoms is None: | |
| symptoms = "No information available." | |
| table.append([threatname, alias, wrapper.fill(text=summary), wrapper.fill(text=symptoms)]) | |
| print(tabulate(table, ["Threat Names", "Alias", "Description", "Symptoms"], tablefmt="grid")) | |
| def main(): | |
| parser = argparse.ArgumentParser(description='''Threat Encyclopedia Lookup, | |
| retrieve Defender Signature information.''') | |
| parser.add_argument('--signame', '-s', metavar='HackTool:Win32/Keygen', | |
| type=str, dest='signame', nargs="*", | |
| help='Signature to retrieve information for') | |
| args = parser.parse_args() | |
| if len(sys.argv) == 1: | |
| parser.print_help(sys.stderr) | |
| elif args.signame: | |
| get_threat_info(args.signame) | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment