-
Notifications
You must be signed in to change notification settings - Fork 0
/
check.py
82 lines (71 loc) · 2.25 KB
/
check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/usr/bin/python
import json
import requests
import subprocess
import sys
def get_links(url):
command = "phantomjs --ignore-ssl-errors=true /tmp/check.js " + url
proc = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
result = proc.stdout.read().split("\n")
return filter(None, result)
def get_link_results(links, api_key):
threat_entries = []
for link in links:
threat_entries.append({"url": link})
data = {
"client": {
"clientId": "securitysquadwebifier",
"clientVersion": "1.0"
},
"threatInfo": {
"threatTypes": [
"MALWARE",
"SOCIAL_ENGINEERING",
"UNWANTED_SOFTWARE",
"POTENTIALLY_HARMFUL_APPLICATION"
],
"platformTypes": ["ANY_PLATFORM"],
"threatEntryTypes": ["URL"],
"threatEntries": threat_entries
}
}
headers = {"Content-type": "application/json"}
url = "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=" + api_key
response = requests.post(url, json=data, headers=headers)
return json.loads(response.content)
def format_result(response, url, links_length):
if not response.get("matches", []):
return {
"result": "CLEAN",
"info": {
"matches": []
}
}
matches = list(match['threat']['url'] for match in response['matches'])
if url in matches or len(matches)/links_length > 0.4:
result = "MALICIOUS"
else:
result = "SUSPICIOUS"
return {
"result": result,
"info": {
"matches": matches
}
}
if __name__ == "__main__":
if len(sys.argv) == 4:
prefix = sys.argv[1]
url = sys.argv[2]
api_key = sys.argv[3]
links = get_links(url)
links.insert(0, url)
print links
response = get_link_results(links, api_key)
print response
if response.get("error", False):
print response.get("error")
else:
result = format_result(response, url, len(links))
print '{}: {}'.format(prefix, json.dumps(result))
else:
print "prefix, url or api_key missing"