Added an unauthorized check for Polyswarm and additional sanity check…

…s on responses from AssemblyLine.
xorhex · Jan 30, 2024 · 6aa9225 · 6aa9225
1 parent 553069a
commit 6aa9225
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 30 deletions.
diff --git a/README.md b/README.md
@@ -30,36 +30,15 @@
 
 Use mlget to query multiple sources for a given malware hash and download it.  The thought is to save time querying each source individually.
 
-Currently queries:
+### Usage Instructions
 
-  - cp (Cape Sandbox)
-  - fs (FileScanIO)
-  - ha (Hybrid Analysis)
-  - iq (Inquest Labs)
-  - js (Joe Sandbox)
-  - mp (Malpedia)
-  - ms (Malshare)
-  - mb (Malware Bazaar)
-  - mw (Malware Database)
-  - os (Objective-See)
-  - ps (PolySwarm)
-  - tg (Triage)
-  - us (URLScanIO)
-  - um (UnpacMe)
-  - vt (VirusTotal)
-  - vx (VxShare)
-
-Only Malware Bazaar and Objective-See does not require a key, the rest require a key.  The config file needs to be placed in the user's home directory (essentially where `os.UserHomeDir()` resolves to).
-
-### Overview + Build + Usage Instructions
-
-[Mlget Blog Post](https://blog.xorhex.com/blog/mlget-for-all-your-malware-download-needs/)
+[Mlget Blog Post](https://blog.xorhex.com/blog/mlget/)
 
 ### License
 
 MIT License
 
-Copyright (c) 2022 @xorhex
+Copyright (c) 2024 @xorhex
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/download.go b/download.go
@@ -612,7 +612,7 @@ func polyswarmDownload(uri string, api string, hash Hash) (bool, string) {
 		}
 		fmt.Printf("    [+] Downloaded %s\n", hash.Hash)
 		return true, hash.Hash
-	} else if response.StatusCode == http.StatusForbidden {
+	} else if response.StatusCode == http.StatusForbidden || response.StatusCode == http.StatusUnauthorized {
 		fmt.Printf("    [!] Not authorized.  Check the URL and APIKey in the config.\n")
 		return false, ""
 	} else {
@@ -1384,9 +1384,14 @@ func assemblyline(uri string, user string, api string, ignoretlserrors bool, has
 		if data.Response.AL == nil {
 			return false, ""
 		}
-		hash.Hash = data.Response.AL.Items[0].Data.Sha256
-		hash.HashType = sha256
-		fmt.Printf("    [-] Using hash %s\n", hash.Hash)
+
+		if len(data.Response.AL.Items) > 0 {
+			hash.Hash = data.Response.AL.Items[0].Data.Sha256
+			hash.HashType = sha256
+			fmt.Printf("    [-] Using hash %s\n", hash.Hash)
+		} else {
+			return false, ""
+		}
 	}
 
 	return assemblylineDownload(uri, user, api, ignoretlserrors, hash)

diff --git a/mlget-test-config/samples.yaml b/mlget-test-config/samples.yaml
@@ -51,7 +51,7 @@ test 17:
   hash: 5b027ada26a610e97ab4ef9efb1118b377061712acec6db994d6aa1c78a332a8
 test 19:
   name: TestAssemblyLine
-  hash: 7cbf6cb53214f11904e63bb7493999a3b2e88b62
+  hash: b78e786091f017510b44137961f3074fe7d5f950
 test 20:
   name: TestTriageV2
   hash: 5eaaf8ac2d358c2d7065884b7994638fee3987f02474e54467f14b010a18d028

diff --git a/mlget.go b/mlget.go
@@ -34,7 +34,7 @@ var uploadToAssemblyLineFlag bool
 var uploadToAssemblyLineAndDeleteFlag bool
 var forceResubmission bool
 
-var version string = "3.4.0"
+var version string = "3.4.1"
 
 func usage() {
 	fmt.Println("mlget - A command line tool to download malware from a variety of sources")