Crate malwaredb_client

Source
Expand description

§MalwareDB Client

TestLintCrossDocumentationCrates.io Version

This application submits and retrieves samples (binaries of any time which MalwareDB knows about) from the MalwareDB server over the http protocol.

§Getting started

  1. Install a MalwareDB instance, if you don’t have one already. See the main repo for directions.
  2. Have an account created on the server.
  3. Login with your username, password, and server URL. Example: mdb_client login http://localhost:8080 myusername. You’ll be prompted for your password.
  4. Verify this works with mdb_client whoami. This will show your user information, including groups and sources you have access to.
  5. Run mdb_client server-info to see some overall stats about the server.
  6. Run mdb_client server-types to see which file types the server knows about, and will store samples of these types.

§Submitting samples

  1. Run mdb_client whoami to ensure you’re logged in.
  2. Submit one or more files by providing the paths for one or more files and/or directories, along with the ID number of the source: mdb_client submit-samples -s 1 /path/to/files/.
    • You may provide -p password and a Zip file to load files from a password-protected Zip file. There is logic to distinquish from a Zip file that’s actually an MS Office document versus an archive of files.
    • You may only submit samples to sources that your group has access to.

§Retrieving samples

  1. Run mdb_client whoami to ensure you’re logged in.
  2. Run mdb_client retrieve-sample c8a9335b95774a30addf372395e9a148 to retrieve a sample by it’s hash.
    • Hashes may be MD-5, SHA-1, SHA-256, SHA-384, or SHA-512. This is determined based on the hash length.
    • Files may be retrieved if you’re part of a group which has access to a source containing the file you want to retrieve.

§Finding similar files

  1. Run mdb_client whoami to ensure you’re logged in.
  2. Run mdb_client find-similar /path/to/file. This will calculate the various similarity hashes for the file, and send them to the server to find samples which are similar.

Structs§

MdbClient
MalwareDB Client Configuration and connection

Constants§

MDB_VERSION
MDB version

Functions§

decode_from_cart
Convenience function for decoding a CaRT file using the default key, returning the bytes plus the optional header & footer metadata, if present. See https://github.com/CybercentreCanada/cart for more information.
encode_to_cart
Convenience function for encoding bytes into a CaRT file using the default key. This also adds SHA-384 and SHA-512 hashes plus the entropy of the original file. See https://github.com/CybercentreCanada/cart for more information.
path_load_cert
Load a certificate from a path