shadowserver 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -2,7 +2,7 @@
2
2
 
3
3
  The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. It is the mission of the Shadowserver Foundation to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers, and the spread of malware.
4
4
 
5
- This rubygem aueries various Shadowserver services for ASN information, malware hash lookups, and whitelist hash lookups
5
+ This rubygem queries various Shadowserver services for ASN information, malware hash lookups, and whitelist hash lookups
6
6
 
7
7
  == Usage
8
8
 
@@ -19,6 +19,36 @@ This rubygem aueries various Shadowserver services for ASN information, malware
19
19
  === Malware Query
20
20
  mr = Shadowserver::Malware.query("aca4aad254280d25e74c82d440b76f79")
21
21
  {"first_seen"=>"2010-06-15 03:09:41", "filetype"=>"exe", "avresults"=>{"TrendMicro"=>"TROJ_DLOADR.SMM", "AntiVir"=>"WORM/VB.NVA", "VirusBuster"=>"Worm.VB.FMYJ", "QuickHeal"=>"Worm.VB.at", "Clam"=>"Trojan.Downloader-50691", "VBA32"=>"Trojan.VBO.011858", "Sophos"=>"Troj/DwnLdr-HQY", "NOD32"=>"Win32/AutoRun.VB.JP", "Kaspersky"=>"Trojan.Win32.Cosmu.nyl", "Panda"=>"W32/OverDoom.A", "Vexira"=>"Trojan.DL.VB.EEDT", "G-Data"=>"Trojan.Generic.2609117", "Ikarus"=>"Trojan-Downloader.Win32.VB", "Norman"=>"Suspicious_Gen2.SKLJ", "McAfee"=>"Generic", "AVG7"=>"Downloader.Generic9.URM", "F-Secure"=>"Worm:W32/Revois.gen!A", "F-Prot6"=>"W32/Worm.BAOX", "DrWeb"=>"Win32.HLLW.Autoruner.6014", "Avast-Commercial"=>"Win32:Zbot-LRA"}, "ssdeep"=>"12288:gOqOB0v2eZJys73dOvXDpNjNe8NuMpX4aBaa48L/93zKnP6ppgg2HFZlxVPbZX:sOA2eZJ8NI8Nah8L/4PqmTVPlX", "sha1"=>"6fe80e56ad4de610304bab1675ce84d16ab6988e", "last_seen"=>"2010-06-15 03:09:41", "md5"=>"aca4aad254280d25e74c82d440b76f79"}
22
+
23
+ If you have access to the Extended API (see http://www.shadowserver.org/wiki/pmwiki.php/Services/Sandboxapi for details), then you can use the download, avresult, and ssdeep APIs.
24
+
25
+ mr = Shadowserver::Malware.download("aca4aad254280d25e74c82d440b76f79")
26
+ Digest::MD5.hexdigest(mr) == "aca4aad254280d25e74c82d440b76f79"
27
+
28
+ mr = Shadowserver::Malware.avresult("aca4aad254280d25e74c82d440b76f79")
29
+ {"TrendMicro"=>"TROJ_DLOADR.SMM",
30
+ "AntiVir"=>"WORM/VB.NVA",
31
+ "VirusBuster"=>"Worm.VB.FMYJ",
32
+ "QuickHeal"=>"Worm.VB.at",
33
+ "Clam"=>"Trojan.Downloader-50691",
34
+ "VBA32"=>"Trojan.VBO.011858",
35
+ "Sophos"=>"Troj/DwnLdr-HQY",
36
+ "NOD32"=>"Win32/AutoRun.VB.JP",
37
+ "Kaspersky"=>"Trojan.Win32.Cosmu.nyl",
38
+ "Panda"=>"W32/OverDoom.A",
39
+ "Vexira"=>"Trojan.DL.VB.EEDT",
40
+ "G-Data"=>"Trojan.Generic.2609117",
41
+ "Ikarus"=>"Trojan-Downloader.Win32.VB",
42
+ "Norman"=>"Suspicious_Gen2.SKLJ",
43
+ "McAfee"=>"Generic",
44
+ "AVG7"=>"Downloader.Generic9.URM",
45
+ "F-Secure"=>"Worm:W32/Revois.gen!A",
46
+ "F-Prot6"=>"W32/Worm.BAOX",
47
+ "DrWeb"=>"Win32.HLLW.Autoruner.6014",
48
+ "Avast-Commercial"=>"Win32:Zbot-LRA"}
49
+
50
+ mr = Shadowserver::Malware.ssdeep("768:iMgK0w6C07j107GjD9h73eVv+hu8XZXc7OZrxuZDJihVJvmtjP:ZZ0w70n4GjD9hbeaLXhcMxaDJQXvojP")
51
+ "3ae7fc35e4dd3dd1b2afe7a9a20fe8f8"
22
52
 
23
53
  === ASN Query
24
54
  a = Shadowserver::ASN.origin("4.2.2.5")
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.1.1
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{shadowserver}
8
- s.version = "0.1.0"
8
+ s.version = "0.1.1"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Chris Lee"]
@@ -1,6 +1,5 @@
1
1
  require 'helper'
2
2
  require 'digest/md5'
3
- require 'pp'
4
3
 
5
4
  class TestShadowserver < Test::Unit::TestCase
6
5
  should "return whitelist results for 0E53C14A3E48D94FF596A2824307B492" do
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shadowserver
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 25
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 0
10
- version: 0.1.0
9
+ - 1
10
+ version: 0.1.1
11
11
  platform: ruby
12
12
  authors:
13
13
  - Chris Lee