Added ability to upload to AssemblyLine + Can detect already download…

…ed samples in the current diirectory.

download.go

@@ -1182,46 +1182,6 @@ func unpacmeDownload(uri string, api string, hash Hash) (bool, string) {
 	return true, hash.Hash
 }
 
-func anyrun(uri string, hash Hash) (bool, string) {
-	if uri == "" {
-		fmt.Println("    [!] !! Missing URI !!")
-		return false, ""
-	}
-
-	if hash.HashType != sha256 {
-		fmt.Printf("    [!] AnyRun only supports SHA256\n        Skipping\n")
-		return false, ""
-	}
-
-	return anyrunCheck(uri, hash)
-
-}
-
-func anyrunCheck(uri string, hash Hash) (bool, string) {
-	request, error := http.NewRequest("GET", uri+"/"+url.PathEscape(hash.Hash), nil)
-	if error != nil {
-		fmt.Println(error)
-		return false, ""
-	}
-
-	client := &http.Client{}
-	response, error := client.Do(request)
-	if error != nil {
-		fmt.Println(error)
-		return false, ""
-	}
-
-	defer response.Body.Close()
-
-	if response.StatusCode == 200 {
-		fmt.Println("    [$] Sample available on Any.Run at " + request.URL.String())
-		return true, ""
-	} else {
-		return false, ""
-
-	}
-}
-
 func urlscanio(uri string, api string, hash Hash) (bool, string) {
 	if api == "" {
 		fmt.Println("    [!] !! Missing Key !!")

hashes.go

@@ -18,10 +18,12 @@ type Hashes struct {
 }
 
 type Hash struct {
-	Hash     string
-	HashType HashTypeOption
-	Tags     []string
-	Comments []string
+	Hash      string
+	HashType  HashTypeOption
+	Tags      []string
+	Comments  []string
+	Local     bool   // True if found locally on the filesystem (used with the -precheckdir flag).  Default False
+	LocalFile string // Full file name if file found on local system (used with the -precheckdir flag)
 }
 
 type HashTypeOption int64
@@ -63,6 +65,15 @@ func addHash(hashes Hashes, hash Hash) (Hashes, error) {
 	return hashes, nil
 }
 
+func (hs Hashes) updateLocalFile(hash string, filename string) {
+	for idx, h := range hs.Hashes {
+		if h.Hash == hash {
+			hs.Hashes[idx].Local = true
+			hs.Hashes[idx].LocalFile = filename
+		}
+	}
+}
+
 func (hs Hashes) hashExists(hash string) bool {
 	for _, h := range hs.Hashes {
 		if h.Hash == hash {
@@ -73,9 +84,9 @@ func (hs Hashes) hashExists(hash string) bool {
 }
 
 func (hs Hashes) getByHash(hash string) (Hash, error) {
-	for _, h := range hs.Hashes {
+	for idx, h := range hs.Hashes {
 		if h.Hash == hash {
-			return h, nil
+			return hs.Hashes[idx], nil
 		}
 	}
 	return Hash{}, fmt.Errorf("Hash not found")

history.go

@@ -82,6 +82,8 @@ func parseFileForHashEntries(filename string) ([]Hash, error) {
 	var _filename string
 	var err error
 
+	fmt.Printf("Hashes Found in File:\n")
+
 	if isValidUrl(filename) {
 		_filename, err = downloadFromUrl(filename)
 		if err != nil {
@@ -180,6 +182,8 @@ func parseFileForHashEntries(filename string) ([]Hash, error) {
 		os.Remove(_filename)
 	}
 
+	fmt.Println("")
+
 	return hashes, nil
 }
 
@@ -205,7 +209,7 @@ func parseFileHashEntry(hash string, tags []string, comments []string) (Hash, er
 		fmt.Printf("\n Skipping %s because it's %s\n", hash, err)
 		return Hash{}, err
 	}
-	fmt.Printf("\nHash found: %s\n", hash) // token in unicode-char
+	fmt.Printf("  - %s\n", hash) // token in unicode-char
 	hashS := Hash{Hash: hash, HashType: ht}
 	if len(tags) > 0 {
 		hashS.Tags = tags

mlget-test-config/samples.yaml

@@ -1,6 +1,6 @@
 test 1:
   name: TestJoeSandbox
-  hash: e21ff9323365bca4131d8ec0a24b75521857776569316ffe3f7c97f327256d1b
+  hash: 40541a03e910b21df681bec69cfe59678ebba86c
 test 2:
   name: TestObjectiveSee
   hash: 458a9ac086116fa011c1a7bd49ac15f386cd95e39eb6b7cd5c5125aef516c78c
@@ -49,9 +49,6 @@ test 16:
 test 17:
   name: TestURLScanIo
   hash: 5b027ada26a610e97ab4ef9efb1118b377061712acec6db994d6aa1c78a332a8
-test 18:
-  name: TestAnyRun
-  hash: a78dbafaca4813307529cafbed554b53a622a639941f2e66520bbb92769ee960
 test 19:
   name: TestAssemblyLine
   hash: 7cbf6cb53214f11904e63bb7493999a3b2e88b62