-
Notifications
You must be signed in to change notification settings - Fork 1
/
mquery.py
executable file
·37 lines (27 loc) · 1.31 KB
/
mquery.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/python3
'''
MQuery CLI Utility
'''
import sys
import argparse
from providers.libquery import MalQuery
if __name__ == "__main__":
print("[================[ >MQuery< ]==================]\n")
parser = argparse.ArgumentParser()
parser.add_argument("--provider", help="Specify provider (malshare, hba, " \
"vt, caesar).", choices=['caesar', 'virustotal', 'malshare', 'hba'],
required=False, default="all")
parser.add_argument("-i", "--ioc", help="Specify artifact (IP/hash/domain/etc...)",
required=False)
parser.add_argument("--action", choices=['download', 'search', 'list', 'info', 'daily-download'],
help="specify request type.", required=True)
parser.add_argument("-d", "--dir", default="", help="specify download dirrectory.",
required=False)
args = parser.parse_args()
if (args.action == "search" or args.action == "download") and args.ioc is None:
print("\t[!] Hash not specified!\n")
sys.exit(1)
if args.action == "daily-download" and args.provider not in ["hba", "malshare", "all"]:
print("\t[!] Invalid provider for daily feed download!\n")
sys.exit(1)
query = MalQuery(args.provider.lower(), args.action, args.ioc, args.dir)