-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathBlue-Kit.py
351 lines (276 loc) · 11.9 KB
/
Blue-Kit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
import psutil
import subprocess
import csv
import hashlib
import click
import json
import pandas
import pandas as pd
import matplotlib.pyplot as plt
import os
import requests
from rich.console import Console
import shodan
import re
import base64
import keyboard
import readline
import zipfile
import pyzipper
import binascii
import subprocess
VIRUSTOTAL_API_KEY = "YOUR_API_KEY"
SHODAN_API_KEY = "YOUR_API_KEY"
ABUSEIPDB_API_KEY ="YOUR_API_KEY"
ABUSEIPDB_URL = 'https://api.abuseipdb.com/api/v2/check'
MALWARE_BAZAAR_API_ENDPOINT = "https://mb-api.abuse.ch/api/v1/"
def print_banner():
# Function to print the tool banner
console = Console()
console.print(r"""
____ _ _ ___ _
| __ )| |_ _ ___| |/ (_) |_
| _ \| | | | |/ _ \ ' /| | __|
| |_) | | |_| | __/ . \| | |_
|____/|_|\__,_|\___|_|\_\_|\__|
_____________
/ __ /|
/ __/ /_ / /
/ /_ __/ / //
/ /_/ / //
/_____________/ //
|______&______|//
|_____________|
[*] Combination Of Tools For Daily Tasks Malware Analysts , SOC Analysts , Threat Hunters
[*] This Tool Created By Zyad Elzyat
""", style="bold cyan")
def clear_terminal():
# Function to clear the terminal screen
os.system("clear" if os.name == "posix" else "cls")
csv_columns = ['ipAddress', 'isPublic', 'ipVersion', 'isWhitelisted', 'abuseConfidenceScore',
'countryCode', 'usageType', 'isp', 'domain', 'hostnames', 'totalReports',
'numDistinctUsers', 'lastReportedAt', 'isTor']
def read_ip_addresses_from_csv(csv_file):
try:
df = pd.read_csv(csv_file)
ip_addresses = df['IP'].tolist()
return ip_addresses
except Exception as e:
print("Error reading CSV file:", str(e))
return []
def abuseipdb_check(ip_addresses, output_csv, output_json):
results = []
try:
csv_columns = ['ipAddress', 'isPublic', 'ipVersion', 'isWhitelisted', 'abuseConfidenceScore',
'countryCode', 'usageType', 'isp', 'domain', 'hostnames', 'totalReports',
'numDistinctUsers', 'lastReportedAt', 'isTor']
for ip_address in ip_addresses:
parameters = {
'ipAddress': ip_address,
'maxAgeInDays': '90'
}
headers = {
'Accept': 'application/json',
'Key': ABUSEIPDB_API_KEY
}
response = requests.get(url=ABUSEIPDB_URL, headers=headers, params=parameters)
json_data = json.loads(response.content)
json_main = json_data["data"]
results.append(json_main)
# Save results in CSV
with open(output_csv, "w", newline='') as filecsv:
writer = csv.DictWriter(filecsv, fieldnames=csv_columns)
writer.writeheader()
for result in results:
writer.writerow(result)
# Save results in JSON
with open(output_json, "w") as json_file:
json.dump(results, json_file, indent=4)
print(f"AbuseIPDB check completed for {len(ip_addresses)} IP addresses. Results saved to {output_csv} and {output_json}")
except Exception as e:
print("An error occurred:", str(e))
def query_virustotal(resource):
# Function to query VirusTotal API and return the response
url = f"https://www.virustotal.com/api/v3/files/{resource}"
headers = {"x-apikey": VIRUSTOTAL_API_KEY}
response = requests.get(url, headers=headers)
return response.json()
def query_shodan(ip_address):
# Function to query Shodan API and return the response
api = shodan.Shodan(SHODAN_API_KEY)
try:
result = api.host(ip_address)
return result
except shodan.APIError as e:
print("Shodan Error:", e)
return None
def check_and_decode_base64_in_file(file_path, output_file):
with open(file_path, 'rb') as file:
content = file.read()
try:
decoded_content = base64.b64decode(content)
decoded_text = decoded_content.decode('utf-8') # Assuming the content is text
with open(output_file, 'w') as output_file:
output_file.write(decoded_text)
return "Base64 content decoded and saved correctly"
except base64.binascii.Error:
return "No Base64 encoded content found in the file."
def download_sample(sha256_hash):
url = MALWARE_BAZAAR_API_ENDPOINT
data = {
"query": "get_file",
"sha256_hash": sha256_hash
}
response = requests.post(url, data=data)
if response.status_code == 200:
file_content = response.content
file_name = f"{sha256_hash}.zip"
with open(file_name, "wb") as f:
f.write(file_content)
print(f"Sample downloaded and saved as {file_name}")
else:
print("Sample download failed")
def save_output(filename, data, output_format="json"):
# Function to save the output in CSV, JSON, or PNG format
if output_format == "json":
with open(filename + ".json", "w") as f:
json.dump(data, f, indent=4)
print("JSON Output saved to", filename + ".json")
elif output_format == "csv":
if "data" in data and "attributes" in data["data"]:
attributes = data["data"]["attributes"]
if "last_analysis_stats" in attributes:
stats = attributes["last_analysis_stats"]
if "malicious" in stats and "undetected" in stats:
total_scans = stats["malicious"] + stats["undetected"]
else:
total_scans = 0
else:
total_scans = 0
else:
total_scans = 0
if "data" in data and "attributes" in data["data"]:
attributes = data["data"]["attributes"]
if "last_analysis_results" in attributes:
results = attributes["last_analysis_results"]
else:
results = {}
else:
results = {}
df = pd.DataFrame(results).T
df["Malicious"] = df["category"].apply(lambda x: 1 if x == "malicious" else 0)
df.to_csv(filename + ".csv", index=False)
print(f"CSV Output saved to {filename}.csv. Total Scans: {total_scans}, Malicious: {df['Malicious'].sum()}")
return df
def hex_editor(file_path):
try:
output_file = file_path + "_hex_dump.txt"
hex_command = f"hexdump -C {file_path} > {output_file}"
subprocess.run(["bash", "-c", hex_command])
print(f"Hex dump saved to {output_file}")
except FileNotFoundError:
print("File not found")
def extract_strings_from_file(file_path):
try:
output_file = file_path + "_strings.txt"
strings_command = f"strings {file_path} > {output_file}"
subprocess.run(["bash", "-c", strings_command])
print(f"Strings extracted and saved to {output_file}")
except FileNotFoundError:
print("File not found")
def calculate_file_hashes(file_path):
try:
with open(file_path, "rb") as file:
content = file.read()
hash_md5 = hashlib.md5(content).hexdigest()
hash_sha1 = hashlib.sha1(content).hexdigest()
hash_sha256 = hashlib.sha256(content).hexdigest()
return hash_md5, hash_sha1, hash_sha256
except FileNotFoundError:
print("File not found")
def save_hashes_to_file(file_path, hashes):
with open(file_path, "w") as file:
file.write("MD5 Hash: " + hashes[0] + "\n")
file.write("SHA-1 Hash: " + hashes[1] + "\n")
file.write("SHA-256 Hash: " + hashes[2] + "\n")
def print_options():
print("Choose an option:")
print("-----------------")
print("[1]. Perform VirusTotal Query")
print("[2]. Perform Shodan Query")
print("[3]. AbuseAbuseIPDB")
print("[4]. Calculate File Hash")
print("[5]. Extract Strings from File")
print("[6]. Decode Base64")
print("[7]. Check Magic Number Using Hex Editor")
print("[8]. MalwareBazzar Password IS >> infected")
print("[0]. Exit")
def cli():
clear_terminal()
print_banner()
while True:
print_options()
choice = input("Enter your choice: ")
if choice == '0':
break
if choice == '1':
query = input("Enter Hash or IP or Domain or URL: ")
result_virustotal = query_virustotal(query)
if "error" in result_virustotal:
print("VirusTotal Error:", result_virustotal["error"]["message"])
else:
save_output("virustotal_output", result_virustotal, "csv")
save_output("virustotal_output", result_virustotal, "json")
elif choice == '2':
query = input("Enter IP: ")
result_shodan = query_shodan(query)
if result_shodan is not None:
save_output("shodan_output", result_shodan, "json")
elif choice == '3':
input_type = input("Enter '1' to enter IP addresses manually or '2' to provide a CSV file: ")
if input_type == '1':
ip_addresses = input("Enter a comma-separated list of IP addresses to scan or one IP: ").split(',')
elif input_type == '2':
csv_file = input("Enter the path to the CSV file containing IP addresses: ")
ip_addresses = read_ip_addresses_from_csv(csv_file)
else:
print("Invalid input type.")
continue
output_csv = input("Enter the output CSV file name: ")
output_json = input("Enter the output JSON file name: ")
abuseipdb_check(ip_addresses, output_csv, output_json)
elif choice == '4':
file_path = input("Enter the path to the file you want to calculate hashes for: ")
file_path = file_path.strip()
hashes = calculate_file_hashes(file_path)
print("MD5 Hash:", hashes[0])
print("SHA-1 Hash:", hashes[1])
print("SHA-256 Hash:", hashes[2])
save_hashes = input("Do you want to save the hashes to a file? (y/n): ")
if save_hashes.lower() == 'y':
output_file = input("Enter the name of the output file: ")
save_hashes_to_file(output_file, hashes)
print("Hashes saved to", output_file)
elif choice == '5':
file_path = input("Enter the path to the file you want to extract strings from: ")
file_path = file_path.strip()
extract_strings_from_file(file_path)
elif choice == '6':
file_path = input("Enter the path to the file you want to check: ")
file_path = file_path.strip()
output_file = input("Enter the output file name to save the decoded content: ")
decoded_result = check_and_decode_base64_in_file(file_path, output_file)
print(decoded_result)
elif choice == '7':
file_path = input("Enter the path to the file you want to edit in hex: ")
file_path = file_path.strip()
hex_editor(file_path)
elif choice == '8':
sha256_hash = input("Enter the SHA-256 hash of the sample: ")
download_sample(sha256_hash)
elif choice == '-':
continue # This will continue to the next iteration of the loop
else:
print("Invalid choice. Please choose a valid option.")
if __name__ == "__main__":
cli()