zwned · January 3, 2012 01:23
diff --git a/CuckooMon.py b/CuckooMon.py
 #!/usr/bin/env python

 import sys, time, os, shelve, hashlib
 from cuckoo.core.db import CuckooDatabase
 
 MALWARE_DIR = "/Users/zwned/Dropbox/malware/"  

 SLEEP_TIME = 60

 HISTORY_FILE = "cuckooMon_hist"

 class Monitor:
             
    def process( self ):
        newMalware = self.grabNewMalware()
        self.processed = shelve.open( MALWARE_DIR + HISTORY_FILE )
        for malware in newMalware:
            self.processMalware( malware )
        self.processed.close()
        
    def grabNewMalware( self ):
        malware = []
        malwares = os.walk( MALWARE_DIR )
        for specimens in malwares:
            (dirpath, dirnames, filenames) = specimens
            for f in filenames :
                ext = f.lower().split(".")[-1]
                if ( ext == "exe" or ext == "pdf"):
                    malware.append( os.path.normpath( dirpath + "/" + f ) )
        malware.sort()
        return malware
   
    def processMalware( self, malware ):
        if ( not self.processed.has_key(self.md5Checksum( malware )) ):
            db = CuckooDatabase()
            print "[-] Processing ", malware
            try:
                db.add_task( malware )
                print "[+] Successful"
                print "[+] Adding malware to history"
                self.processed[self.md5Checksum( malware )] = malware
            except:
                print "[!] FAILURE ", str(sys.exc_info())
        else:
            print "[!] Already in database, removing..."
            os.remove( malware )

    def md5Checksum(self, malware):
        fh = open(malware, 'rb')
        m = hashlib.md5()
        while True:
            data = fh.read(8192)
            if not data:
                break
            m.update(data)
        return m.hexdigest()
       
    def monitor( self ):
        while ( True ):
            self.process()
            print "[-] Checked last at: " , str( time.asctime(time.localtime()))
            time.sleep( SLEEP_TIME )
      
 if __name__ == "__main__":
    malware = Monitor()
    malware.monitor()
	#!/usr/bin/env python

	import sys, time, os, shelve, hashlib
	from cuckoo.core.db import CuckooDatabase

	MALWARE_DIR = "/Users/zwned/Dropbox/malware/"

	SLEEP_TIME = 60

	HISTORY_FILE = "cuckooMon_hist"

	class Monitor:

	def process( self ):
	newMalware = self.grabNewMalware()
	self.processed = shelve.open( MALWARE_DIR + HISTORY_FILE )
	for malware in newMalware:
	self.processMalware( malware )
	self.processed.close()

	def grabNewMalware( self ):
	malware = []
	malwares = os.walk( MALWARE_DIR )
	for specimens in malwares:
	(dirpath, dirnames, filenames) = specimens
	for f in filenames :
	ext = f.lower().split(".")[-1]
	if ( ext == "exe" or ext == "pdf"):
	malware.append( os.path.normpath( dirpath + "/" + f ) )
	malware.sort()
	return malware

	def processMalware( self, malware ):
	if ( not self.processed.has_key(self.md5Checksum( malware )) ):
	db = CuckooDatabase()
	print "[-] Processing ", malware
	try:
	db.add_task( malware )
	print "[+] Successful"
	print "[+] Adding malware to history"
	self.processed[self.md5Checksum( malware )] = malware
	except:
	print "[!] FAILURE ", str(sys.exc_info())
	else:
	print "[!] Already in database, removing..."
	os.remove( malware )

	def md5Checksum(self, malware):
	fh = open(malware, 'rb')
	m = hashlib.md5()
	while True:
	data = fh.read(8192)
	if not data:
	break
	m.update(data)
	return m.hexdigest()

	def monitor( self ):
	while ( True ):
	self.process()
	print "[-] Checked last at: " , str( time.asctime(time.localtime()))
	time.sleep( SLEEP_TIME )

	if __name__ == "__main__":
	malware = Monitor()
	malware.monitor()
No results found