search

diogo-fernan / malsub

A Python RESTful API framework for online malware analysis and threat intelligence services.
Other
365 stars 83 forks source link

Improve verbosity level control and add a flag for ouput folder #16

Closed ITAYC0HEN closed 2 years ago

ITAYC0HEN commented 4 years ago

Hey! Thanks for a very nice tool :) The following pull request improves and implements the following features:

Better control for verbosity level The new implementation honors 4 levels of verbosity:

Example:


# quiet mode
$ python malsub.py -v 0 -a vt -d 5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd
[+]    info Sun 22 Mar 2020 12:15:56.797073 +0000 UTC: "VirusTotal" -- "download_file" completed:
downloaded "5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd"

# info mode

$ python malsub.py -v 1 -a vt -d 5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd 

<LOGO: truncated>

   malsub v1.2
   https://github.com/diogo-fernan/malsub

[+]    info Sun 22 Mar 2020 12:16:02.538370 +0000 UTC: "VirusTotal" -- "download_file" completed:
downloaded "5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd"

# verbose mode

$ python malsub.py -v 2 -a vt -d 5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd  

<LOGO: truncated>

   malsub v1.2
   https://github.com/diogo-fernan/malsub

[+]    info Sun 22 Mar 2020 12:16:07.785904 +0000 UTC: "VirusTotal" -- "download_file" completed:
downloaded "5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd"
[*] verbose Sun 22 Mar 2020 12:16:07.786609 +0000 UTC: malsub finished with results:
+---+---------------------------------------------------------------------------+------------+
| # | input                                                                     | VirusTotal |
+---+---------------------------------------------------------------------------+------------+
| 1 | 5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd (sha256) | successful |

# debug mode

<... lots of lots of info ...>

Support output directory for downloaded files Currently, users do not have a choice of where to save the downloaded files. To solve this, I created the -O --output <dir> CLI arg which the user can use to specify a directory to save the downloaded files in.

Example:

$ python malsub.py -v 0 -a vt -d 
5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd 58ffd8200db69cfbc048921e18d79aa1adc894af34db3e1782e53beab3b2d98f -O /tmp
[+]    info Sun 22 Mar 2020 12:25:46.920896 +0000 UTC: "VirusTotal" -- "download_file" completed:
downloaded "5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd"
[+]    info Sun 22 Mar 2020 12:25:48.853046 +0000 UTC: "VirusTotal" -- "download_file" completed:
downloaded "58ffd8200db69cfbc048921e18d79aa1adc894af34db3e1782e53beab3b2d98f"

$ ls /tmp
 58ffd8200db69cfbc048921e18d79aa1adc894af34db3e1782e53beab3b2d98f
 5f782447ff08ee2c36a5d3988dd4774674233f8ea0e1ad09dd766e842d785ddd
diogo-fernan commented 4 years ago

Thanks for this! Two comments below.

On verbosity, it looks cleaner and more intuitive to follow the standard practice of multiple v's for additional levels such as -v, -vv, -vvv and -vvvv respectively for the four levels.

On the file downloads, it is sufficient to update the value of DOWNL_PATH in https://github.com/diogo-fernan/malsub/blob/master/malsub/core/meta.py#L8 with the user-provided path after validating it once (verify or create) in https://github.com/diogo-fernan/malsub/blob/master/malsub/core/main.py#L14 as opposed to in every download. No need to specify a download directory path in each service module as the abstraction provided by the writef function (https://github.com/diogo-fernan/malsub/blob/master/malsub/common/rw.py#L41) makes it simpler.

What do you think?

ITAYC0HEN commented 4 years ago

On verbosity, it looks cleaner and more intuitive to follow the standard practice of multiple v's for additional levels such as -v, -vv, -vvv and -vvvv respectively for the four levels.

I am afraid that in such case, there is no way to silence the output via quiet mode. If the minimum option is -v it already stands for 'verbose'.

diogo-fernan commented 4 years ago

On verbosity, it looks cleaner and more intuitive to follow the standard practice of multiple v's for additional levels such as -v, -vv, -vvv and -vvvv respectively for the four levels.

I am afraid that in such case, there is no way to silence the output via quiet mode. If the minimum option is -v it already stands for 'verbose'.

Right! How does [-Q | --quiet] and -v[vv] sound for you then?

ITAYC0HEN commented 4 years ago

that could work! :) will make it mutual exclusive so - Q won't be passed with -v