Code Monkey home page Code Monkey logo

ransomware-tracker's Introduction

Python API for http://ransomwaretracker.abuse.ch/tracker/

Install requirements

pip install -r requirements.txt

Import the classes:

from ransomwareTrackerAPI import RansomwareTracker
from ransomwareTrackerAPI import Threat
from ransomwareTrackerAPI import Malware

Then, you can start querying!

Usage

Fetching results from the front page

# will fetch the results on the first page
res = RansomwareTracker(True).retrieve_results()
print res

The output will be something like:

$ python API_example.py | python -m simplejson.tool
{
    "matches": [
        {
            "date_added": "2017-02-03 06:53",
            "domain_registrar": "Eranet International Limited",
            "host": "p27dokhpz2n7nvgr.15jznv.top",
            "ip_adress": "23.163.0.113 ( United States)",
            "malware": "Cerber",
            "threat": "Payment Site"
        },
        {
            "date_added": "2017-02-02 22:10",
            "domain_registrar": "Eranet International Limited",
            "host": "p27dokhpz2n7nvgr.1cbcpy.top",
            "ip_adress": "23.163.0.113 ( United States)",
            "malware": "Cerber",
            "threat": "Payment Site"
        },
        ......
    ],
    "total": 100        
}

Fetching the second page:

# will fetch the second page
res = RansomwareTracker(True).retrieve_results(page=2)
print res

The output will be in the exactly same format.

Filtering by Malware

# will fetch results for TesclaCrypt malwares
res = RansomwareTracker(True).retrieve_results(filter_with=Malware.TeslaCrypt)
print res

The output will be something like:

$ python API_example.py | python -m simplejson.tool
{
    "matches": [
        {
            "date_added": "2016-05-08 21:29",
            "domain_registrar": "GODADDY.COM, LLC",
            "host": "jdebrains.com",
            "ip_adress": "23.229.155.72 ( United States)",
            "malware": "TeslaCrypt",
            "threat": "Botnet C&C"
        },
        {
            "date_added": "2016-05-08 21:29",
            "domain_registrar": "PDR LTD. D/B/A PUBLICDOMAINREGIS[...]",
            "host": "chaliawala.com",
            "ip_adress": "64.22.112.34 ( United States)",
            "malware": "TeslaCrypt",
            "threat": "Botnet C&C"
        },
        .......
    ],
    "total": 256        
}

The complete list (implemented as an Enum) of Malware is listed here:

TeslaCrypt
CryptoWall
TorrentLocker
PadCrypt
Locky
CTB_Locker
FAKBEN
PayCrypt
DMALocker
Cerber

Filtering by Threat

# will fetch C&C threats
res = RansomwareTracker(True).retrieve_results(filter_with=Threat.c2)
print res

The output will be something like:

$ python API_example.py | python -m simplejson.tool
{
    "matches": [
        {
            "date_added": "2017-02-01 16:28",
            "domain_registrar": "",
            "host": "93.170.123.185",
            "ip_adress": "93.170.123.185 ( Czech Republic)",
            "malware": "Locky",
            "threat": "Botnet C&C"
        },
        {
            "date_added": "2017-01-29 01:18",
            "domain_registrar": "",
            "host": "88.214.237.45",
            "ip_adress": "88.214.237.45 ( Russian Federation)",
            "malware": "Locky",
            "threat": "Botnet C&C"
        },
        .......
    ],
    "total": 649
}

The complete list (implemented as an Enum) of Threat is listed here:

c2
payment_sites
distribution_sites

Contributing

Feel free to open issues, contribute and submit your Pull Requests. Released under MIT License. You can also ping me on Twitter (@PaulWebSec)

ransomware-tracker's People

Contributors

paulsec avatar notdodo avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.