Add files via upload

akajhon · Jul 3, 2023 · 8e78e3a · 8e78e3a
1 parent 50daec5
commit 8e78e3a
Show file tree

Hide file tree

Showing 7 changed files with 233 additions and 214 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,12 @@
-FROM python:3.8
+FROM python:3.10
 
 ENV TZ=America/Sao_Paulo
 
-RUN adduser -D mhd
+RUN adduser mhd
 
 COPY /mhd/requirements.txt ./tmp/
-RUN apk add --no-cache gcc musl-dev && \
+
+RUN apt-get update && apt-get install -y gcc musl-dev && \
     pip install --no-cache-dir -r /tmp/requirements.txt
 
 WORKDIR /usr/src/mhd
@@ -16,4 +17,4 @@ COPY mhd/ .
 
 EXPOSE 8080
 
-ENTRYPOINT ["python", "/usr/src/mhd/server.py", "-b", "0.0.0.0"]
+ENTRYPOINT ["python", "/usr/src/mhd/server.py", "-b", "0.0.0.0"]
diff --git a/mhd/modules/email_checker.py b/mhd/modules/email_checker.py
@@ -5,33 +5,41 @@
 import concurrent.futures
 
 def query_hunterio(email, hunterio_key):
-    url = f"https://api.hunter.io/v2/email-verifier?email={email}&api_key={hunterio_key}"
-    response = httpx.get(url)
-    if response.status_code == 200:
-        hunterio_response = response.json()
-        score = hunterio_response["data"]["score"]
-        gibberish = hunterio_response["data"]["gibberish"]
-        email_status = hunterio_response["data"]["status"]
-        if email_status != 'valid' or score <= 50:
-            return 'Malicious'
-        elif gibberish:
-            return 'Suspicious'
-        return "Safe"
-    return "Not Found"
+    try:
+        url = f"https://api.hunter.io/v2/email-verifier?email={email}&api_key={hunterio_key}"
+        response = httpx.get(url)
+        if response.status_code == 200:
+            hunterio_response = response.json()
+            score = hunterio_response["data"]["score"]
+            gibberish = hunterio_response["data"]["gibberish"]
+            email_status = hunterio_response["data"]["status"]
+            if email_status != 'valid' or score <= 50:
+                return 'Malicious'
+            elif gibberish:
+                return 'Suspicious'
+            return "Safe"
+        return "Not Found"
+    except Exception as e:
+        print(f"[!] Error in query_hunterio: {e}")
+        return "Error"
 
 def query_ipqualityscore(email, ipqualityscore_key):
-    url = f"https://www.ipqualityscore.com/api/json/email/{ipqualityscore_key}/{email}"
-    response = httpx.get(url)
-    if response.status_code == 200:
-        ipquality_response = response.json()
-        fraud_score = ipquality_response["fraud_score"]
-        if fraud_score >= 75 and fraud_score < 90:
-            return 'Suspicious'
-        elif fraud_score >= 90:
-            return 'Malicious'
-        else:
-            return 'Safe'
-    return "Not Found"
+    try:
+        url = f"https://www.ipqualityscore.com/api/json/email/{ipqualityscore_key}/{email}"
+        response = httpx.get(url)
+        if response.status_code == 200:
+            ipquality_response = response.json()
+            fraud_score = ipquality_response["fraud_score"]
+            if fraud_score >= 75 and fraud_score < 90:
+                return 'Suspicious'
+            elif fraud_score >= 90:
+                return 'Malicious'
+            else:
+                return 'Safe'
+        return "Not Found"
+    except Exception as e:
+        print(f"[!] Error in query_ipqualityscore: {e}")
+        return "Error"
 
 def query_email_services(email):
     dotenv_path = join(dirname(__file__), '.env')
@@ -53,5 +61,5 @@ def query_email_services(email):
         return results
 
     except Exception as e:
-        print(e)
-        return "error"
+        print(f"[!] Error in query_email_services: {e}")
+        return "Error"
diff --git a/mhd/modules/hash_verify.py b/mhd/modules/hash_verify.py
@@ -5,75 +5,80 @@
 import concurrent.futures
 
 def query_virustotal(hash, API_KEY):
-    headers_vt = {"accept": "application/json","X-Apikey": API_KEY}
-    base_url = "https://www.virustotal.com/api/v3/"
-    url = base_url + "search?query=" + hash
-    vt_response = httpx.get(url, headers=headers_vt)
-    if vt_response.status_code == 200:
-        vt_response = vt_response.json()
-        if not vt_response['data']: # se 'data' estiver vazio
-            return "Not Found"
-        else:
-            attributes = vt_response["data"][0]["attributes"] # assume que o primeiro elemento existe
-            reputation = attributes.get("reputation") # usa get para evitar KeyError
-            total_votes = attributes.get("total_votes") # usa get para evitar KeyError
-            if reputation is not None:
-                if reputation >= 95:
-                    reputation_result = 'Safe'
-                elif 75 <= reputation < 95:
-                    reputation_result = 'Suspicious'
-                else:
-                    reputation_result = 'Malicious'
+    try:
+        headers_vt = {"accept": "application/json","X-Apikey": API_KEY}
+        base_url = "https://www.virustotal.com/api/v3/"
+        url = base_url + "search?query=" + hash
+        vt_response = httpx.get(url, headers=headers_vt)
+        if vt_response.status_code == 200:
+            vt_response = vt_response.json()
+            if not vt_response['data']:
+                return "Not Found"
             else:
-                reputation_result = "Not found on VT"
-            # verifica votos da comunidade
-            if total_votes is not None and isinstance(total_votes, dict): # verifica se total_votes é um dicionário
-                malicious_votes = total_votes.get('malicious', 0) # usa get para evitar KeyError, assume 0 se não existir
-                harmless_votes = total_votes.get('harmless', 0) # usa get para evitar KeyError, assume 0 se não existir
-                if malicious_votes > harmless_votes:
-                    votes_result = 'Malicious'
-                elif harmless_votes > malicious_votes:
-                    votes_result = 'Safe'
+                attributes = vt_response["data"][0]["attributes"]
+                reputation = attributes.get("reputation")
+                total_votes = attributes.get("total_votes")
+                if reputation is not None:
+                    if reputation >= 95:
+                        reputation_result = 'Safe'
+                    elif 75 <= reputation < 95:
+                        reputation_result = 'Suspicious'
+                    else:
+                        reputation_result = 'Malicious'
+                else:
+                    reputation_result = "Not found on VT"
+                if total_votes is not None and isinstance(total_votes, dict):
+                    malicious_votes = total_votes.get('malicious', 0)
+                    harmless_votes = total_votes.get('harmless', 0)
+                    if malicious_votes > harmless_votes:
+                        votes_result = 'Malicious'
+                    elif harmless_votes > malicious_votes:
+                        votes_result = 'Safe'
+                    else:
+                        votes_result = 'Undetermined'
                 else:
                     votes_result = 'Undetermined'
-            else:
-                votes_result = 'Undetermined'
-            if reputation_result == votes_result:
-                return reputation_result
-            else:
-                if 'Undetermined' in [reputation_result, votes_result] or 'Not found on VT' in [reputation_result, votes_result]:
-                    return 'Suspicious'
+                if reputation_result == votes_result:
+                    return reputation_result
                 else:
-                    return 'Suspicious'
-    return "No Data from VT"
-
-
+                    if 'Undetermined' in [reputation_result, votes_result] or 'Not found on VT' in [reputation_result, votes_result]:
+                        return 'Suspicious'
+                    else:
+                        return 'Suspicious'
+        return "No Data from VT"
+    except Exception as e:
+        print(f"[!] Error in query_virustotal: {e}")
+        return "Error"
 
 def query_hybrid_analysis(hash, API_KEY):
-    headers_ha = {
-        'accept': 'application/json',
-        'user-agent': 'Falcon Sandbox',
-        'api-key': API_KEY,
-        'Content-Type': 'application/x-www-form-urlencoded'
-    }
-    url_ha = 'https://www.hybrid-analysis.com/api/v2/search/hash'
-    data_ha = {'hash': hash}
-    response = httpx.post(url_ha, headers=headers_ha, data=data_ha)
-    if response.status_code == 200:
-        result = response.json()
-        if result: 
-            threat_score = result[0].get('threat_score', None)
-            if threat_score is not None:
-                if threat_score >= 30:
-                    return 'Safe'
-                elif 30 < threat_score <= 70:
-                    return 'Suspicious'
+    try:
+        headers_ha = {
+            'accept': 'application/json',
+            'user-agent': 'Falcon Sandbox',
+            'api-key': API_KEY,
+            'Content-Type': 'application/x-www-form-urlencoded'
+        }
+        url_ha = 'https://www.hybrid-analysis.com/api/v2/search/hash'
+        data_ha = {'hash': hash}
+        response = httpx.post(url_ha, headers=headers_ha, data=data_ha)
+        if response.status_code == 200:
+            result = response.json()
+            if result: 
+                threat_score = result[0].get('threat_score', None)
+                if threat_score is not None:
+                    if threat_score >= 30:
+                        return 'Safe'
+                    elif 30 < threat_score <= 70:
+                        return 'Suspicious'
+                    else:
+                        return 'Malicious'
                 else:
-                    return 'Malicious'
-            else:
-                return "Not Found"
+                    return "Not Found"
+            return "Not Found"
         return "Not Found"
-    return "Not Found"
+    except Exception as e:
+        print(f"[!] Error in query_hybrid_analysis: {e}")
+        return "Error"
 
 def query_hash_services(hash):
     dotenv_path = join(dirname(__file__), '.env')
@@ -87,19 +92,11 @@ def query_hash_services(hash):
             virustotal_future = executor.submit(query_virustotal, hash, vt_key)
             hybrid_analysis_future = executor.submit(query_hybrid_analysis, hash, ha_key)
 
-        results = {
-            "vt": virustotal_future.result(),
-            "ha": hybrid_analysis_future.result()
-        }
-        return results
-
+            results = {
+                "vt": virustotal_future.result(),
+                "ha": hybrid_analysis_future.result()
+            }
+            return results
     except Exception as e:
-        print(f"Erro ao processar o hash: {e}")
-        results = {
-            "vt": 'No data from VT',
-            "ha": 'No data from HA'
-        }
-        return results
-
-# analysis_256 = query_hash_services('463b5477ff96ab86a01ba49bcc02b539')
-# print(analysis_256)
+        print(f"[!] Error in query_hash_services: {e}")
+        return 'Error'