Merge pull request #80 from colinvanniekerk/master

Updates to Virusshare analyzer
TheHive-Project · Sep 4, 2017 · 8ffd5ba · 8ffd5ba
2 parents 17f6b18 + 359bdd4
commit 8ffd5ba
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 2 deletions.
diff --git a/analyzers/Virusshare/getHashes.sh b/analyzers/Virusshare/getHashes.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# This script downloads all available Virusshare.com hash files using curl and wget. It can be called as: ./getHashes.sh PATH
+
+
+display_usage() { 
+    echo "getHashes v0.1" 
+    echo "  Fetch all Virusshare.com hashes" 
+    echo -e "\n  Usage: $0 <path> \n"
+} 
+
+if [  $# -ne 1 ]; then 
+    display_usage
+    exit 1
+fi
+
+if [ ! -d $1 ]; then
+    display_usage
+    echo -e "    Error: Directory not found: '$1'\n\n    :'(\n\n"
+    exit 1
+
+fi
+
+cd $1
+for u in `curl https://virusshare.com/hashes.4n6|grep hashes/|cut -d\" -f2`
+do
+    echo $u
+    wget https://virusshare.com/$u
+done | tee -a ../$0.log
+cd ..
diff --git a/analyzers/Virusshare/virusshare.py b/analyzers/Virusshare/virusshare.py
@@ -28,7 +28,7 @@ def summary(self, raw):
         value = "\"Unknown\""
 
         if raw["isonvs"]:
-            if raw["isonvs"] == "Unknown":
+            if raw["isonvs"] == "unknown":
                 value = "\"Not MD5\""
                 level = "suspicious"
             else:
@@ -67,7 +67,7 @@ def run(self):
                     # Skipping comments
                     if line[0] == '#':
                         continue
-                    if line.strip('\n') == searchhash:
+                    if searchhash.lower() in line:
                         self.report({'isonvs': True,
                                      'md5': searchhash})
         self.report({'isonvs': False,