-
Notifications
You must be signed in to change notification settings - Fork 2
/
gomalshare.go
248 lines (228 loc) · 6.01 KB
/
gomalshare.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
package gomalshare
import (
"bytes"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"log"
"mime/multipart"
"net/http"
"os"
"github.com/pkg/errors"
)
// LimitKey struct for unmarshal limits of API
type LimitKey struct {
Limit string `json:"limit,omitempty"`
Remaining string `json:"remaining,omitempty"`
}
// HashList struct for unmarshal general hash fields
type HashList struct {
Md5 string `json:"md5,omitempty"`
Sha1 string `json:"sha1,omitempty"`
Sha256 string `json:"sha256,omitempty"`
}
// FileDetails unmarshal special fields
type FileDetails struct {
HashList
Ssdeep string `json:"ssdeep,omitempty"`
FType string `json:"f_type,omitempty"`
Sources []string `json:"sources,omitempty"`
}
// Client main struct
type Client struct {
apiKey string
url string
conn *http.Client
}
// SearchDetails return searching result
type SearchDetails struct {
HashList
TypeSample string `json:"type,omitempty"`
Added uint64 `json:"added,omitempty"`
Source string `json:"source,omitempty"`
YaraHits struct {
Yara []string `json:"yara,omitempty"`
} `json:"yarahits,omitempty"`
Parentfiles []interface{} `json:"parentfiles,omitempty"`
Subfiles []interface{} `json:"subfiles,omitempty"`
}
const defaultURL = "http://www.malshare.com/"
// New constructor function
func New(apiKey string, url string) (*Client, error) {
client := &http.Client{}
if url == "" {
url = defaultURL
}
if apiKey == "" {
return nil, errors.New("didn't find API key")
}
return &Client{
conn: client,
apiKey: apiKey,
url: url,
}, nil
}
func (c *Client) query(url string) ([]byte, error) {
req, err := http.NewRequest("GET", url, nil)
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", "application/json")
resp, err := c.conn.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}
return body, nil
}
// GetSearchResult return details form search sample hashes, sources and file names
func (c *Client) GetSearchResult(str string) (*[]SearchDetails, error) {
url := fmt.Sprintf("%sapi.php?api_key=%s&action=search&query=%s", c.url, c.apiKey, str)
body, err := c.query(url)
if err != nil {
return nil, err
}
dec := json.NewDecoder(bytes.NewBuffer(body))
var searches []SearchDetails
for {
var s SearchDetails
if err := dec.Decode(&s); err == io.EOF {
break
} else if err != nil {
log.Fatal(err)
}
searches = append(searches, s)
}
return &searches, nil
}
// GetLimitKey return allocated number of API key requests per day and remaining
func (c *Client) GetLimitKey() (*LimitKey, error) {
url := fmt.Sprintf("%sapi.php?api_key=%s&action=getlimit", c.url, c.apiKey)
body, err := c.query(url)
if err != nil {
return nil, err
}
var limit LimitKey
err = json.Unmarshal(body, &limit)
if err != nil {
return nil, err
}
return &limit, nil
}
// GetListOfTypesFile24 return list of file types & count from the past 24 hours
func (c *Client) GetListOfTypesFile24() (map[string]uint64, error) {
var filetypes map[string]uint64
url := fmt.Sprintf("%sapi.php?api_key=%s&action=gettypes", c.url, c.apiKey)
body, err := c.query(url)
if err != nil {
return nil, err
}
err = json.Unmarshal(body, &filetypes)
if err != nil {
return nil, err
}
return filetypes, nil
}
// GetStoredFileDetails return stored file details
func (c *Client) GetStoredFileDetails(hash string) (*FileDetails, error) {
url := fmt.Sprintf("%sapi.php?api_key=%s&action=details&hash=%s", c.url, c.apiKey, hash)
body, err := c.query(url)
if err != nil {
return nil, err
}
var details FileDetails
err = json.Unmarshal(body, &details)
if err != nil {
return nil, err
}
return &details, nil
}
// GetListOfHash24Type return list MD5/SHA1/SHA256 hashes of a specific type from the past 24 hours
func (c *Client) GetListOfHash24Type(typeFile string) (*[]HashList, error) {
url := fmt.Sprintf("%sapi.php?api_key=%s&action=type&type=%s", c.url, c.apiKey, typeFile)
body, err := c.query(url)
if err != nil {
return nil, err
}
var hashes []HashList
err = json.Unmarshal(body, &hashes)
if err != nil {
return nil, err
}
return &hashes, nil
}
// GetListOfSource24 return list of sample sources from the past 24 hours
func (c *Client) GetListOfSource24() (*[]string, error) {
url := fmt.Sprintf("%sapi.php?api_key=%s&action=getsources", c.url, c.apiKey)
body, err := c.query(url)
if err != nil {
return nil, err
}
var sources []string
err = json.Unmarshal(body, &sources)
if err != nil {
return nil, err
}
return &sources, nil
}
// GetListOfHash24 return list hashes from the past 24 hours
func (c *Client) GetListOfHash24() (*[]HashList, error) {
url := fmt.Sprintf("%sapi.php?api_key=%s&action=getlist", c.url, c.apiKey)
body, err := c.query(url)
if err != nil {
return nil, err
}
var hashes []HashList
err = json.Unmarshal(body, &hashes)
if err != nil {
return nil, err
}
return &hashes, nil
}
// DownloadFileFromHash return file for specific hash
func (c *Client) DownloadFileFromHash(hash string) ([]byte, error) {
url := fmt.Sprintf("%sapi.php?api_key=%s&action=getfile&hash=%s", c.url, c.apiKey, hash)
body, err := c.query(url)
if err != nil {
return nil, err
}
return body, nil
}
// UploadFile used for upload using FormData field "upload"
func (c *Client) UploadFile(filename string) error {
bodyBuf := &bytes.Buffer{}
bodyWriter := multipart.NewWriter(bodyBuf)
fileWriter, err := bodyWriter.CreateFormFile("upload", filename)
if err != nil {
log.Println("error writing to buffer")
return err
}
fh, err := os.Open(filename)
if err != nil {
log.Println("error opening file")
return err
}
defer fh.Close()
_, err = io.Copy(fileWriter, fh)
if err != nil {
return err
}
bodyWriter.Close()
url := fmt.Sprintf("%sapi.php?api_key=%s&action=upload", c.url, c.apiKey)
req, err := http.NewRequest("POST", url, bodyBuf)
if err != nil {
return err
}
req.Header.Set("Content-Type", "multipart/form-data")
resp, err := c.conn.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
return nil
}