https://github.com/53845714nf/malwarebazaar

A minimal Python wrapper for the MalwareBazaar API 🧪, designed to simplify interaction with the malware sample repository provided by abuse.ch.
https://github.com/53845714nf/malwarebazaar

api cybersecurity malware python3 threat-intelligence wrapper

Last synced: about 1 year ago
JSON representation

A minimal Python wrapper for the MalwareBazaar API 🧪, designed to simplify interaction with the malware sample repository provided by abuse.ch.

• Host: GitHub
• URL: https://github.com/53845714nf/malwarebazaar
• Owner: 53845714nF
• Created: 2025-04-10T20:09:03.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-04-10T22:23:17.000Z (about 1 year ago)
• Last Synced: 2025-04-11T04:43:53.789Z (about 1 year ago)
• Topics: api, cybersecurity, malware, python3, threat-intelligence, wrapper
• Language: Python
• Homepage:
• Size: 16.6 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
> [!CAUTION]

> Caution, this program downloads real malware samples. Always use this in a secure and isolated environment.

# 🐍 MalwareBazaar Lib

A minimal Python wrapper for the [MalwareBazaar API](https://bazaar.abuse.ch/api/) 🧪, designed to simplify interaction with the malware sample repository provided by **abuse.ch**.

## ✨ Features

- 🔍 Search for malware samples by:

  - 🏷️ Tag

  - File Type

  - Hash (SHA256)

- 📥 Download malware samples

## 📦 Installation

The lib need `7z` Command Line tool:

```bash

sudo apt install 7zip

```

Install the lib via `pip`:

```bash

pip install 

```

## 🛠️ Usage 

Create a new bazaar Instance:

```python 

from mawarebazaar import Bazaar

bazaar = Bazaar(api_key='your-api-key')

```

Use functions like `query_tag`:

```python

bazaar.query_tag('mirai', 100)

```

## ✅ API Coverage

 Feature	                                        | Supported

 -------------------------------------------------- | ------------

Submission Policy                                   | ❌

Submit (upload) a malware sample                    | ❌

Retrieve (download) a malware sample                | ✅

Query a malware sample (hash)                       | ✅ (Only SHA256)

Query tag                                           | ✅

Query signature                                     | ❌

Query filetype                                      | ✅

Query ClamAV signature                              | ❌

Query imphash                                       | ❌

Query TLSH                                          | ❌

Query telfhash                                      | ❌

Query gimphash                                      | ❌

Query icon dhash                                    | ❌

Query YARA rule                                     | ❌

Query Code Signing Certificates (by Issuer CN)      | ❌

Query Code Signing Certificates (by Subject CN)     | ❌

Query Code Signing Certificates (by Serial Number)  | ❌

Update an entry                                     | ❌

Add a comment                                       | ❌

Query latest malware samples (recent additions)     | ❌

Query Code Signing Certificate Blocklist (CSCB)     | ❌

## 🤝 Contributing

Contributions are very welcome! 🎉

Whether it's fixing a bug 🐞, improving the docs 📝, or adding a new feature 🚀 — feel free to submit a pull request.