通过谷歌搜索恶意软件家族详细信息的python脚本
在仅仅给家族名字的情况下,我希望知道恶意软件的种类信息。例如:
Dorkbot 家族,搜索谷歌:
Dorkbot (malware) - Wikipedia(https://en.wikipedia.org/wiki/Dorkbot_(malware))
Worm:W32/Dorkbot.A Description | F-Secure Labs(https://www.f-secure.com/v-descs/worm_w32_dorkbot_a.shtml)
DorkBot: An Investigation - Check Point Research(https://research.checkpoint.com/2018/dorkbot-an-investigation/)
ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces ...(https://threatpost.com/threatlist-6-year-old-dorkbot-banking-malware-resurfaces-as-big-threat/133898/)
Dorkbot | CISA - US-CERT(https://us-cert.cisa.gov/ncas/alerts/TA15-337A)
可以知道是蠕虫,还主要针对banking类。
下面是代码:
import requests
from bs4 import BeautifulSoup
def goole_search(query, topk=5):
query = query.replace(' ', '+')
# URL = f"https://google.com/search?q={query}"
url = f"https://www.google.com.hk/search?q={query}"
# desktop user-agent
USER_AGENT = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:65.0) Gecko/20100101 Firefox/65.0"
headers = {"user-agent": USER_AGENT}
resp = requests.get(url, headers=headers)
results = []
if resp.status_code == 200:
soup = BeautifulSoup(resp.content, "html.parser")
for g in soup.find_all('div', class_='g'):
anchors = g.find_all('a')
if anchors:
try:
link = anchors[0]['href']
title = g.find('h3').text
item = {
"title": title,
"link": link
}
results.append(item)
if len(results) == topk:
break
except Exception as e:
continue
return results[:topk]
if __name__ == "__main__":
mal_str = "Tofsee,Noancooe,Bladabindi,Gbot"
arr = mal_str.split(",")
for i, mal_class in enumerate(arr):
print(i, mal_class)
mal_info = goole_search(mal_class + " malware")
readable_inf = "\n".join(["{}({})".format(inf["title"], inf["link"]) for inf in mal_info])
print(readable_inf)
print("*"*88)
结果:
0 Tofsee
Backdoor:W32/Tofsee Description | F-Secure Labs(https://www.f-secure.com/v-descs/backdoor_w32_tofsee.shtml)
Tofsee (Malware Family) - Malpedia(https://malpedia.caad.fkie.fraunhofer.de/details/win.tofsee)
Backdoor.Tofsee | Malwarebytes Labs | Detections(https://blog.malwarebytes.com/detections/backdoor-tofsee/)
Threat description search results - Microsoft Security Intelligence(https://www.microsoft.com/en-us/wdsi/threats/threat-search?query=Trojan:Win32/Tofsee.GB!MTB)
Alibaba Cloud Researchers Uncover Tofsee Malware Using ...(https://blogs.infoblox.com/security/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns/)
****************************************************************************************
1 Noancooe
Backdoor.MSIL.NOANCOOE.AOOI - Threat Encyclopedia(https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.msil.noancooe.aooi/)
Backdoor:Win32/Noancooe.A threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Noancooe.A&ThreatID=2147742686)
Backdoor:MSIL/Noancooe.A - How To Fix Guide(https://howtofix.guide/backdoormsil-noancooe-a/)
Backdoor:MSIL/Noancooe.A - Virus Removal Guide(https://malwarefixes.com/threats/backdoormsil-noancooe-a/)
Backdoor:MSIL/Noancooe!MSR - Virus Removal Guide(https://applefixes.com/threat-encyclopedia/backdoormsil-noancooemsr/)
****************************************************************************************
2 Bladabindi
Backdoor.Bladabindi | Malwarebytes Labs | Detections(https://blog.malwarebytes.com/detections/backdoor-bladabindi/)
BLADABINDI Backdoor - Malware removal ... - PCrisk(https://www.pcrisk.com/removal-guides/18907-bladabindi-backdoor)
Backdoor:Win32/Bladabindi!rfn threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Bladabindi!rfn&ThreatID=2147766996)
nJRAT Report: Bladabindi - Cynet(https://www.cynet.com/attack-techniques-hands-on/njrat-report-bladabindi/)
Backdoor.MSIL.BLADABINDI.IND - Энциклопедия угроз(https://www.trendmicro.com/vinfo/ru/threat-encyclopedia/malware/backdoor.msil.bladabindi.ind)
****************************************************************************************
3 Gbot
GBOT - Threat Encyclopedia - Trend Micro(https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/gbot)
Riskware/Gbot - Threat Encyclopedia | FortiGuard(https://www.fortiguard.com/encyclopedia/virus/8151189)
Backdoor:Win32/Gbot!rfn threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Gbot!rfn&ThreatID=2147744002)
BackDoor.Gbot.2667 — How to quickly look up a virus in the ...(https://vms.drweb.com/virus/?i=5811072)
Cisco 4Q10 Global Threat Report(https://www.cisco.com/c/dam/en_us/about/security/intelligence/reports/Cisco_Global_Threat_Report_4Q10.pdf)