Uploaded Docker Files

akajhon · Jun 30, 2023 · d574a70 · d574a70
1 parent f4fee52
commit d574a70
Show file tree

Hide file tree

Showing 13 changed files with 218 additions and 49 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,6 @@
-FROM python:3.9-alpine
+FROM python:3.8
+
+ENV TZ=America/Sao_Paulo
 
 RUN adduser -D mhd
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,10 +1,9 @@
-version: "3.8"
+version: '3.1'
 
 services:
   mhd:
     container_name: mhd
     build: .
-    image: mhd:latest
     restart: unless-stopped
     ports:
      - "8080:8080"

diff --git a/mhd/modules/__pycache__/email_checker.cpython-310.pyc b/mhd/modules/__pycache__/email_checker.cpython-310.pyc
diff --git a/mhd/modules/__pycache__/hash_verify.cpython-310.pyc b/mhd/modules/__pycache__/hash_verify.cpython-310.pyc
diff --git a/mhd/modules/__pycache__/ip_checker.cpython-310.pyc b/mhd/modules/__pycache__/ip_checker.cpython-310.pyc
diff --git a/mhd/modules/__pycache__/url_checker.cpython-310.pyc b/mhd/modules/__pycache__/url_checker.cpython-310.pyc
diff --git a/mhd/modules/email_checker.py b/mhd/modules/email_checker.py
@@ -9,14 +9,29 @@ def query_hunterio(email, hunterio_key):
     response = httpx.get(url)
     if response.status_code == 200:
         hunterio_response = response.json()
-        return hunterio_response["data"]["score"] if 'score' in hunterio_response else "Not found on Hunter.io"
+        score = hunterio_response["data"]["score"]
+        gibberish = hunterio_response["data"]["gibberish"]
+        email_status = hunterio_response["data"]["status"]
+        if email_status != 'valid' or score <= 50:
+            return 'Malicious'
+        elif gibberish:
+            return 'Suspicious'
+        return "Safe"
+    return "Not Found"
 
 def query_ipqualityscore(email, ipqualityscore_key):
     url = f"https://www.ipqualityscore.com/api/json/email/{ipqualityscore_key}/{email}"
     response = httpx.get(url)
     if response.status_code == 200:
         ipquality_response = response.json()
-        return ipquality_response["fraud_score"] if 'fraud_score' in ipquality_response else "Not found on IpQualityScore"
+        fraud_score = ipquality_response["fraud_score"]
+        if fraud_score >= 75 and fraud_score < 90:
+            return 'Suspicious'
+        elif fraud_score >= 90:
+            return 'Malicious'
+        else:
+            return 'Safe'
+    return "Not Found"
 
 def query_email_services(email):
     dotenv_path = join(dirname(__file__), '.env')
@@ -38,4 +53,5 @@ def query_email_services(email):
         return results
 
     except Exception as e:
+        print(e)
         return "error"
diff --git a/mhd/modules/hash_verify.py b/mhd/modules/hash_verify.py
@@ -8,12 +8,46 @@ def query_virustotal(hash, API_KEY):
     headers_vt = {"accept": "application/json","X-Apikey": API_KEY}
     base_url = "https://www.virustotal.com/api/v3/"
     url = base_url + "search?query=" + hash
-    response = httpx.get(url, headers=headers_vt)
-    if response.status_code == 200:
-        result = response.json()
-        if result['data']:  # verificar se a lista 'data' não está vazia
-            return result['data'][0]['attributes']['last_analysis_stats']['malicious'] if 'malicious' in result['data'][0]['attributes']['last_analysis_stats'] else "Not found on VT"
-    return "No data from VT"  # retornar alguma coisa se a lista 'data' estiver vazia
+    vt_response = httpx.get(url, headers=headers_vt)
+    if vt_response.status_code == 200:
+        vt_response = vt_response.json()
+        if not vt_response['data']: # se 'data' estiver vazio
+            return "Not Found"
+        else:
+            attributes = vt_response["data"][0]["attributes"] # assume que o primeiro elemento existe
+            reputation = attributes.get("reputation") # usa get para evitar KeyError
+            total_votes = attributes.get("total_votes") # usa get para evitar KeyError
+            if reputation is not None:
+                if reputation >= 95:
+                    reputation_result = 'Safe'
+                elif 75 <= reputation < 95:
+                    reputation_result = 'Suspicious'
+                else:
+                    reputation_result = 'Malicious'
+            else:
+                reputation_result = "Not found on VT"
+            # verifica votos da comunidade
+            if total_votes is not None and isinstance(total_votes, dict): # verifica se total_votes é um dicionário
+                malicious_votes = total_votes.get('malicious', 0) # usa get para evitar KeyError, assume 0 se não existir
+                harmless_votes = total_votes.get('harmless', 0) # usa get para evitar KeyError, assume 0 se não existir
+                if malicious_votes > harmless_votes:
+                    votes_result = 'Malicious'
+                elif harmless_votes > malicious_votes:
+                    votes_result = 'Safe'
+                else:
+                    votes_result = 'Undetermined'
+            else:
+                votes_result = 'Undetermined'
+            if reputation_result == votes_result:
+                return reputation_result
+            else:
+                if 'Undetermined' in [reputation_result, votes_result] or 'Not found on VT' in [reputation_result, votes_result]:
+                    return 'Suspicious'
+                else:
+                    return 'Suspicious'
+    return "No Data from VT"
+
+
 
 def query_hybrid_analysis(hash, API_KEY):
     headers_ha = {
@@ -27,11 +61,19 @@ def query_hybrid_analysis(hash, API_KEY):
     response = httpx.post(url_ha, headers=headers_ha, data=data_ha)
     if response.status_code == 200:
         result = response.json()
-        if result:  # verificar se a lista 'result' não está vazia
-            threat_score = result[0]['threat_score']
-            return threat_score if 'threat_score' in result[0] else "Not found on HA"
-    return "No data from HA"  # retornar alguma coisa se a lista 'result' estiver vazia
-
+        if result: 
+            threat_score = result[0].get('threat_score', None)
+            if threat_score is not None:
+                if threat_score >= 30:
+                    return 'Safe'
+                elif 30 < threat_score <= 70:
+                    return 'Suspicious'
+                else:
+                    return 'Malicious'
+            else:
+                return "Not Found"
+        return "Not Found"
+    return "Not Found"
 
 def query_hash_services(hash):
     dotenv_path = join(dirname(__file__), '.env')
@@ -53,11 +95,11 @@ def query_hash_services(hash):
 
     except Exception as e:
         print(f"Erro ao processar o hash: {e}")
-        # results = {
-        #     "vt": None,
-        #     "ha": None
-        # }
-        # return results
+        results = {
+            "vt": 'No data from VT',
+            "ha": 'No data from HA'
+        }
+        return results
 
 # analysis_256 = query_hash_services('463b5477ff96ab86a01ba49bcc02b539')
 # print(analysis_256)
diff --git a/mhd/modules/ip_checker.py b/mhd/modules/ip_checker.py
@@ -11,26 +11,74 @@ def query_abuseipdb(ip, abuseipdb_key):
     response = httpx.get(url, headers=headers)
     if response.status_code == 200:
         abuseipdb_response = response.json()
-        return abuseipdb_response["data"]["abuseConfidenceScore"] if 'abuseConfidenceScore' in abuseipdb_response else "Not found on AbuseIPDB"
+        confidence_score = abuseipdb_response["data"]["abuseConfidenceScore"]
+        if confidence_score > 1 and confidence_score <=25:
+            return 'Suspicious'
+        elif confidence_score > 25 and confidence_score <=100:
+            return 'Malicious'
+        else:
+            return 'Safe'
+    return "Not Found"
 
 def query_ipqualityscore(ip, ipqualityscore_key):
     url = f"https://ipqualityscore.com/api/json/ip/{ipqualityscore_key}/{ip}"
     response = httpx.get(url)
     if response.status_code == 200:
         ipquality_response = response.json()
-        return ipquality_response["fraud_score"] if 'fraud_score' in ipquality_response else "Not found on IpQualityScore"
+        fraud_score = ipquality_response["fraud_score"]
+        if fraud_score >= 75 and fraud_score < 88:
+            return 'Suspicious'
+        elif fraud_score >= 88:
+            return 'Malicious'
+        else:
+            return 'Safe'
+    return "Not Found"
 
 def query_vt(ip, vt_key):
     url = f"https://virustotal.com/api/v3/ip_addresses/{ip}"
     headers = {"accept": "application/json", "x-apikey": vt_key}
     response = httpx.get(url, headers=headers)
     if response.status_code == 200:
         vt_response = response.json()
-        return vt_response["data"]["attributes"]["reputation"] if 'reputation' in vt_response else "Not found on VT"
+        reputation = vt_response["data"]["attributes"]["reputation"]
+        total_votes = vt_response["data"]["attributes"]["total_votes"]
+        # verifica reputation
+        if reputation is not None:
+            if reputation >= 95:
+                reputation_result = 'Safe'
+            elif 75 <= reputation < 95:
+                reputation_result = 'Suspicious'
+            else:
+                reputation_result = 'Malicious'
+        else:
+            reputation_result = "Not Found"
+        # verifica votos da comunidade
+        if total_votes['malicious'] > total_votes['harmless']:
+            votes_result = 'Malicious'
+        elif total_votes['harmless'] > total_votes['malicious']:
+            votes_result = 'Safe'
+        else:
+            votes_result = 'Undetermined'
+        if reputation_result == votes_result:
+            return reputation_result
+        else:
+            if 'Undetermined' in [reputation_result, votes_result] or 'Not found on VT' in [reputation_result, votes_result]:
+                return 'Suspicious'
+            else:
+                return 'Suspicious'
+    return "Not Found"
 
 def query_maltiverse(ip, maltiverse_api):
     maltiverse_response = maltiverse_api.ip_get(ip)
-    return maltiverse_response["classification"] if 'classification' in maltiverse_response else "Not Found on Maltiverse"
+    maltiverse_classification = maltiverse_response["classification"]
+    if maltiverse_classification == 'malicious':
+        return 'Malicious'
+    elif maltiverse_classification == 'suspicious':
+        return 'Suspicious'
+    elif maltiverse_classification == 'unknown':
+        return "Not Found"
+    else:
+        return 'Safe'
 
 def query_ip_services(ip):
     dotenv_path = join(dirname(__file__), '.env')
@@ -58,4 +106,5 @@ def query_ip_services(ip):
         return results
 
     except Exception as e:
+        print(e)
         return "error"
diff --git a/mhd/modules/url_checker.py b/mhd/modules/url_checker.py
@@ -7,25 +7,71 @@
 import concurrent.futures
 
 def query_vt(url, vt_key):
-    url_id = base64.urlsafe_b64encode(url.encode()).decode().strip("=")
-    url_vt = f"https://virustotal.com/api/v3/urls/{url_id}"
-    headers = {"accept": "application/json", "x-apikey": vt_key}
-    response = httpx.get(url_vt, headers=headers)
-    if response.status_code == 200:
-        vt_response = response.json()
-        return vt_response["data"]["attributes"]["last_analysis_stats"]["malicious"] if 'malicious' in vt_response else "Not found on VT"
+    try: 
+        url_id = base64.urlsafe_b64encode(url.encode()).decode().strip("=")
+        url_vt = f"https://virustotal.com/api/v3/urls/{url_id}"
+        headers = {"accept": "application/json", "x-apikey": vt_key}
+        response = httpx.get(url_vt, headers=headers)
+        if response.status_code == 200:
+            vt_response = response.json()
+            reputation = vt_response["data"]["attributes"]["reputation"]
+            total_votes = vt_response["data"]["attributes"]["total_votes"]
+            # verifica reputation
+            if reputation is not None:
+                if reputation >= 95:
+                    reputation_result = 'Safe'
+                elif 75 <= reputation < 95:
+                    reputation_result = 'Suspicious'
+                else:
+                    reputation_result = 'Malicious'
+            else:
+                reputation_result = "Not found"
+            # verifica votos da comunidade
+            if total_votes['malicious'] > total_votes['harmless']:
+                votes_result = 'Malicious'
+            elif total_votes['harmless'] > total_votes['malicious']:
+                votes_result = 'Safe'
+            else:
+                votes_result = 'Undetermined'
+            if reputation_result == votes_result:
+                return reputation_result
+            else:
+                if 'Undetermined' in [reputation_result, votes_result] or 'Not found' in [reputation_result, votes_result]:
+                    return 'Suspicious'
+                else:
+                    return 'Suspicious'
+        return "Not Found"
+    except Exception as e:
+        print(e)
 
 def query_phishtank(url):
     phishtank_url = 'https://checkurl.phishtank.com/checkurl/'
     phishtank_params = {'url': {url}, 'format': 'json'}
     response = httpx.post(phishtank_url, data=phishtank_params)
     if response.status_code == 200:
         phishtank_response = response.json()
-        return phishtank_response['results']['in_database'] if 'in_database' in phishtank_response else "Not found on Phishtank"
+        in_database = phishtank_response['results']['in_database']
+        if in_database:
+            return 'Reported'
+        else:
+            return 'Not Reported'
+    return "Not Found"
 
 def query_maltiverse(url, maltiverse_api):
     maltiverse_response = maltiverse_api.url_get(url)
-    return maltiverse_response["classification"] if 'classification' in maltiverse_response else "Not found on Maltiverse"
+
+    if 'Not Found' in maltiverse_response['message']:
+        return "Not found"
+    else:
+        maltiverse_classification = maltiverse_response["classification"]
+        if maltiverse_classification == 'malicious':
+            return 'Malicious'
+        elif maltiverse_classification == 'suspicious':
+            return 'Suspicious'
+        elif maltiverse_classification == 'unknown':
+            return "Not found"
+        else:
+            return 'Safe'
 
 def query_url_services(url):
     dotenv_path = join(dirname(__file__), '.env')
@@ -49,4 +95,5 @@ def query_url_services(url):
         return results
 
     except Exception as e:
+        #print(e)
         return "error"
diff --git a/mhd/server.py b/mhd/server.py
@@ -7,8 +7,6 @@
 from modules.url_checker import query_url_services
 from modules.email_checker import query_email_services
 from modules.hash_verify import query_hash_services
-from datetime import datetime
-from time import struct_time
 from IPy import IP
 import email
 import mimetypes

diff --git a/mhd/static/css/starter-template.css b/mhd/static/css/starter-template.css
@@ -32,3 +32,15 @@ body {
   color: #fff;
   font-family: 'Roboto' sans-serif;
 }
+
+.red {
+  color: red;
+}
+
+.yellow {
+  color: rgb(204, 204, 0); /* amarelo mais escuro usando RGB */
+}
+
+.green {
+  color: green;
+}