search

krmaxwell / maltrieve

A tool to retrieve malware directly from the source for security researchers.
GNU General Public License v3.0
562 stars 184 forks source link

Maltrieve to Viper problem #172

Open TheCakesALie opened 9 years ago

TheCakesALie commented 9 years ago

So I'm trying to get Maltrieve to dump into my viper instance. When I first got Maltrieve set up, It worked fine just downloading the samples. Once I set up the IP in the maltrieve.cfg file, it gave me this error:

XXXX@XXXX-VirtualBox:~/Desktop/maltrieve$ python maltrieve.py Processing source URLs Completed source processing Downloading samples, check log for details Traceback (most recent call last): File "maltrieve.py", line 514, in main() File "maltrieve.py", line 503, in main if save_malware(each, cfg): File "maltrieve.py", line 327, in save_malware stored = upload_viper(response, md5, cfg) or stored File "maltrieve.py", line 289, in upload_viper response = requests.post(url, headers=headers, files=files, data=tags) File "/usr/lib/python2.7/dist-packages/requests/api.py", line 88, in post return request('post', url, data=data, _kwargs) File "/usr/lib/python2.7/dist-packages/requests/api.py", line 44, in request return session.request(method=method, url=url, _kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 421, in request prep = self.prepare_request(req) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 359, in prepare_request hooks=merge_hooks(request.hooks, self.hooks), File "/usr/lib/python2.7/dist-packages/requests/models.py", line 287, in prepare self.prepare_url(url, params) File "/usr/lib/python2.7/dist-packages/requests/models.py", line 338, in prepare_url "Perhaps you meant http://{0}?".format(url)) requests.exceptions.MissingSchema: Invalid URL u'True/file/add': No schema supplied. Perhaps you meant http://True/file/add?

There isn't anything outstanding in the .log file to point me in the right direction. I haven't found any sort of API key needed for Maltrieve to talk to Viper. My config file looks like this:

[Maltrieve] dumpdir = archive logfile = maltrieve.log logheaders = true User-Agent = Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)

I also tried just "viper = http://XX.X.XXX.X:9090"

viper = http://XX.X.XXX.X:9090/file/add

cuckoo = http://127.0.0.1:8090

vxcage = http://127.0.0.1:8080

crits = https://127.0.0.1

crits_user = maltrieve

crits_key =

crits_source = maltrieve

Filter Lists are based on mime type NO SPACE BETWEEN ,

black_list = text/html,text/plain

white_list = application/pdf,application/x-dosexec

I've tried it with Viper's web.py, api.py, and viper.py. Thanks for the help! Maltrieve is an awesome tool!

jrespeto commented 9 years ago

PR #177 was submitted to fix "Invalid URL u'True/file/add'"