shadowserver 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +31 -1
- data/VERSION +1 -1
- data/shadowserver.gemspec +1 -1
- data/test/test_shadowserver.rb +0 -1
- metadata +3 -3
data/README.rdoc
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. It is the mission of the Shadowserver Foundation to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers, and the spread of malware.
|
|
4
4
|
|
|
5
|
-
This rubygem
|
|
5
|
+
This rubygem queries various Shadowserver services for ASN information, malware hash lookups, and whitelist hash lookups
|
|
6
6
|
|
|
7
7
|
== Usage
|
|
8
8
|
|
|
@@ -19,6 +19,36 @@ This rubygem aueries various Shadowserver services for ASN information, malware
|
|
|
19
19
|
=== Malware Query
|
|
20
20
|
mr = Shadowserver::Malware.query("aca4aad254280d25e74c82d440b76f79")
|
|
21
21
|
{"first_seen"=>"2010-06-15 03:09:41", "filetype"=>"exe", "avresults"=>{"TrendMicro"=>"TROJ_DLOADR.SMM", "AntiVir"=>"WORM/VB.NVA", "VirusBuster"=>"Worm.VB.FMYJ", "QuickHeal"=>"Worm.VB.at", "Clam"=>"Trojan.Downloader-50691", "VBA32"=>"Trojan.VBO.011858", "Sophos"=>"Troj/DwnLdr-HQY", "NOD32"=>"Win32/AutoRun.VB.JP", "Kaspersky"=>"Trojan.Win32.Cosmu.nyl", "Panda"=>"W32/OverDoom.A", "Vexira"=>"Trojan.DL.VB.EEDT", "G-Data"=>"Trojan.Generic.2609117", "Ikarus"=>"Trojan-Downloader.Win32.VB", "Norman"=>"Suspicious_Gen2.SKLJ", "McAfee"=>"Generic", "AVG7"=>"Downloader.Generic9.URM", "F-Secure"=>"Worm:W32/Revois.gen!A", "F-Prot6"=>"W32/Worm.BAOX", "DrWeb"=>"Win32.HLLW.Autoruner.6014", "Avast-Commercial"=>"Win32:Zbot-LRA"}, "ssdeep"=>"12288:gOqOB0v2eZJys73dOvXDpNjNe8NuMpX4aBaa48L/93zKnP6ppgg2HFZlxVPbZX:sOA2eZJ8NI8Nah8L/4PqmTVPlX", "sha1"=>"6fe80e56ad4de610304bab1675ce84d16ab6988e", "last_seen"=>"2010-06-15 03:09:41", "md5"=>"aca4aad254280d25e74c82d440b76f79"}
|
|
22
|
+
|
|
23
|
+
If you have access to the Extended API (see http://www.shadowserver.org/wiki/pmwiki.php/Services/Sandboxapi for details), then you can use the download, avresult, and ssdeep APIs.
|
|
24
|
+
|
|
25
|
+
mr = Shadowserver::Malware.download("aca4aad254280d25e74c82d440b76f79")
|
|
26
|
+
Digest::MD5.hexdigest(mr) == "aca4aad254280d25e74c82d440b76f79"
|
|
27
|
+
|
|
28
|
+
mr = Shadowserver::Malware.avresult("aca4aad254280d25e74c82d440b76f79")
|
|
29
|
+
{"TrendMicro"=>"TROJ_DLOADR.SMM",
|
|
30
|
+
"AntiVir"=>"WORM/VB.NVA",
|
|
31
|
+
"VirusBuster"=>"Worm.VB.FMYJ",
|
|
32
|
+
"QuickHeal"=>"Worm.VB.at",
|
|
33
|
+
"Clam"=>"Trojan.Downloader-50691",
|
|
34
|
+
"VBA32"=>"Trojan.VBO.011858",
|
|
35
|
+
"Sophos"=>"Troj/DwnLdr-HQY",
|
|
36
|
+
"NOD32"=>"Win32/AutoRun.VB.JP",
|
|
37
|
+
"Kaspersky"=>"Trojan.Win32.Cosmu.nyl",
|
|
38
|
+
"Panda"=>"W32/OverDoom.A",
|
|
39
|
+
"Vexira"=>"Trojan.DL.VB.EEDT",
|
|
40
|
+
"G-Data"=>"Trojan.Generic.2609117",
|
|
41
|
+
"Ikarus"=>"Trojan-Downloader.Win32.VB",
|
|
42
|
+
"Norman"=>"Suspicious_Gen2.SKLJ",
|
|
43
|
+
"McAfee"=>"Generic",
|
|
44
|
+
"AVG7"=>"Downloader.Generic9.URM",
|
|
45
|
+
"F-Secure"=>"Worm:W32/Revois.gen!A",
|
|
46
|
+
"F-Prot6"=>"W32/Worm.BAOX",
|
|
47
|
+
"DrWeb"=>"Win32.HLLW.Autoruner.6014",
|
|
48
|
+
"Avast-Commercial"=>"Win32:Zbot-LRA"}
|
|
49
|
+
|
|
50
|
+
mr = Shadowserver::Malware.ssdeep("768:iMgK0w6C07j107GjD9h73eVv+hu8XZXc7OZrxuZDJihVJvmtjP:ZZ0w70n4GjD9hbeaLXhcMxaDJQXvojP")
|
|
51
|
+
"3ae7fc35e4dd3dd1b2afe7a9a20fe8f8"
|
|
22
52
|
|
|
23
53
|
=== ASN Query
|
|
24
54
|
a = Shadowserver::ASN.origin("4.2.2.5")
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.1
|
data/shadowserver.gemspec
CHANGED
data/test/test_shadowserver.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shadowserver
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 25
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.1.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Chris Lee
|