version: 0.3.1,优化在线扫描结果展示

Author: a232319779

.gitignore

@@ -10,6 +10,7 @@ __pycache__/
 
 # tmp
 tmp/
+tools/
 
 # Distribution / packaging
 .Python

README.md

@@ -7,7 +7,7 @@ mmdt is a sensitive hash implementation that can be used to calculate file simil
 ## Pre-Install
 
 * `cmake`: 2.6 and above
-* `windows`: The current version (0.2.2) requires `minGW` to be installed on windows
+* `windows`: The current version (0.3.1) requires `minGW` to be installed on windows
 
 ## Install from Pypi
 
@@ -39,7 +39,7 @@ $ pip install python_mmdt-xxx.whl
 usage: python_mmdt malicious file scan tool [-h] [-s SCANS] [-t THRESHOLD]
                                             [-c CLASSIFY_TYPE]
 
-A malicious scanner tool based on mmdt_hash. Version 0.2.1
+A malicious scanner tool based on mmdt_hash. Version 0.3.1
 
 optional arguments:
   -h, --help            show this help message and exit
@@ -57,6 +57,61 @@ Use like:
     mmdt-classify -s $sample_path -t 0.95 -c 1
     2. use knn classify
     mmdt-classify -s $sample_path -t 0.95 -c 2
+
+# submit mmdt_hash
+➜ mmdt-scan-online .\test\2f04b8eb993ca4a3d98607824a10acfb
+{
+    "sha1": "a5ad744088e2739dc8b6a0622432106158d0abd8",
+    "md5": "2f04b8eb993ca4a3d98607824a10acfb",
+    "file_name": ".\\test\\2f04b8eb993ca4a3d98607824a10acfb",
+    "message": "查询任务已添加至查询队列，当前队列中还有0个任务",
+    "status": 20001,
+    "data": {}
+}
+
+# get check result
+➜ mmdt-scan-online .\test\2f04b8eb993ca4a3d98607824a10acfb
+{
+    "sha1": "a5ad744088e2739dc8b6a0622432106158d0abd8",
+    "md5": "2f04b8eb993ca4a3d98607824a10acfb",
+    "file_name": ".\\test\\2f04b8eb993ca4a3d98607824a10acfb",
+    "message": "success",
+    "status": 20000,
+    "data": {
+        "label": "APT28",
+        "labels": [
+            {
+                "label": "APT28",
+                "ratio": "20.00%"
+            },
+            {
+                "label": "virlock",
+                "ratio": "50.00%"
+            },
+            {
+                "label": "coinminer",
+                "ratio": "30.00%"
+            }
+        ],
+        "similars": [
+            {
+                "hash": "a5ad744088e2739dc8b6a0622432106158d0abd8",
+                "label": "APT28",
+                "sim": 1.0
+            },
+            {
+                "hash": "9001f4cfe62367a282efc08b072a13a5e2e403db",
+                "label": "APT28",
+                "sim": 0.9896245046624919
+            },
+            {
+                "hash": "0d3d452a7e8d7d328bfe9862cbcee33ad1ce4cf4",
+                "label": "virlock",
+                "sim": 0.8511449567066024
+            },
+            ...
+    }
+}
 ```
 
 ### python code
@@ -93,4 +148,8 @@ class Testmmdt(unittest.TestCase):
 ![](./pictures/python-mmdt.jpg)
 
 ### use classifier to detected malicious file
-![](./pictures/scan.png)
+![](./pictures/scan.png)
+
+### scan online
+![](./pictures/submit.jpg)
+![](./pictures/scan_online.jpg)

README_CN.md

@@ -5,7 +5,7 @@
 ## 安装预备
 
 * `cmake`：2.6以上版本
-* `windows`：当前版本(0.2.2)需单独安装 `minGW`
+* `windows`：当前版本(0.3.1)需单独安装 `minGW`
 
 ## PIP安装
 
@@ -33,7 +33,7 @@ $ mmdt-compare $file_path1 $file_path2
 usage: python_mmdt malicious file scan tool [-h] [-s SCANS] [-t THRESHOLD]
                                             [-c CLASSIFY_TYPE]
 
-A malicious scanner tool based on mmdt_hash. Version 0.2.1
+A malicious scanner tool based on mmdt_hash. Version 0.3.1
 
 optional arguments:
   -h, --help            show this help message and exit
@@ -51,6 +51,61 @@ Use like:
     mmdt-classify -s $sample_path -t 0.95 -c 1
     2. use knn classify
     mmdt-classify -s $sample_path -t 0.95 -c 2
+
+# submit mmdt_hash
+➜ mmdt-scan-online .\test\2f04b8eb993ca4a3d98607824a10acfb
+{
+    "sha1": "a5ad744088e2739dc8b6a0622432106158d0abd8",
+    "md5": "2f04b8eb993ca4a3d98607824a10acfb",
+    "file_name": ".\\test\\2f04b8eb993ca4a3d98607824a10acfb",
+    "message": "查询任务已添加至查询队列，当前队列中还有0个任务",
+    "status": 20001,
+    "data": {}
+}
+
+# get check result
+➜ mmdt-scan-online .\test\2f04b8eb993ca4a3d98607824a10acfb
+{
+    "sha1": "a5ad744088e2739dc8b6a0622432106158d0abd8",
+    "md5": "2f04b8eb993ca4a3d98607824a10acfb",
+    "file_name": ".\\test\\2f04b8eb993ca4a3d98607824a10acfb",
+    "message": "success",
+    "status": 20000,
+    "data": {
+        "label": "APT28",
+        "labels": [
+            {
+                "label": "APT28",
+                "ratio": "20.00%"
+            },
+            {
+                "label": "virlock",
+                "ratio": "50.00%"
+            },
+            {
+                "label": "coinminer",
+                "ratio": "30.00%"
+            }
+        ],
+        "similars": [
+            {
+                "hash": "a5ad744088e2739dc8b6a0622432106158d0abd8",
+                "label": "APT28",
+                "sim": 1.0
+            },
+            {
+                "hash": "9001f4cfe62367a282efc08b072a13a5e2e403db",
+                "label": "APT28",
+                "sim": 0.9896245046624919
+            },
+            {
+                "hash": "0d3d452a7e8d7d328bfe9862cbcee33ad1ce4cf4",
+                "label": "virlock",
+                "sim": 0.8511449567066024
+            },
+            ...
+    }
+}
 ```
 
 ### python代码
@@ -87,4 +142,8 @@ class Testmmdt(unittest.TestCase):
 ![](./pictures/python-mmdt.jpg)
 
 ### 利用分类器实现恶意代码识别
-![](./pictures/scan.png)
+![](./pictures/scan.png)
+
+### 在线扫描
+![](./pictures/submit.jpg)
+![](./pictures/scan_online.jpg)

pictures/scan_online.jpg

@@ -11,6 +11,7 @@
 import sys
 import shutil
 import argparse
+import json
 import requests
 from python_mmdt.mmdt.common import mmdt_load, mmdt_save, gen_md5, gen_sha1, mmdt_std as __mmdt_std__
 from python_mmdt.mmdt.mmdt import MMDT
@@ -40,7 +41,7 @@ def mmdt_classfiy():
     mmdt-classify -s $sample_path -t 0.95 -c 2
         """
         parser = argparse.ArgumentParser(prog='python_mmdt malicious file scan tool',
-                                        description='A malicious scanner tool based on mmdt_hash. Version 0.2.2',
+                                        description='A malicious scanner tool based on mmdt_hash. Version 0.3.1',
                                         epilog=epilog,
                                         formatter_class=argparse.RawDescriptionHelpFormatter
                                         )
@@ -118,8 +119,9 @@ def mmdt_scan_online():
         "mmdt": file_mmdt,
         "data": {}
     }
-    r = requests.post(url='http://mmdt.me/mmdt/scan', json=data)
-    print(r.text)
+    r = requests.post(url='http://146.56.242.184/mmdt/scan', json=data)
+    r_data = r.json()
+    print(json.dumps(r_data, indent=4, ensure_ascii=False))
 
 def mmdt_feature_merge():
     """