Metadata-Version: 2.1
Name: malwarebazaar
Version: 0.0.2
Summary: CLI wrapper for malware bazaar API (bazaar.abuse.ch)
Home-page: https://github.com/3c7/bazaar
License: MIT
Author: 3c7
Author-email: 3c7@posteo.de
Requires-Python: >=3.8,<4.0
Classifier: Development Status :: 3 - Alpha
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Topic :: Security
Requires-Dist: PyYAML (>=5.4.1,<6.0.0)
Requires-Dist: click (>=8.0.1,<9.0.0)
Requires-Dist: pyzipper (>=0.3.5,<0.4.0)
Requires-Dist: requests (>=2.25.1,<3.0.0)
Requires-Dist: rich (>=10.2.2,<11.0.0)
Project-URL: Repository, https://github.com/3c7/bazaar
Description-Content-Type: text/markdown

# (Malware)Bazaar
**A [MalwareBazaar](https://bazaar.abuse.ch) API wrapper and CLI**

## Installation
```
pip install malwarebazaar
```

## Usage
### Python
```python
from malwarebazaar.api import Bazaar

bazaar = Bazaar("myapikey")
response = bazaar.query_hash("Hash to search for.")
file = bazaar.download_file("Sha256 hash for file to donwload.")
```

### CLI
```commandline
$ bazaar init myapikey
Successfully set API-Key!
$ bazaar query hash f670080b1f42d1b70a37adda924976e6d7bd62bf77c35263aff97e7968291807
Filename:       03891ab57eb301579005f62953dfd21e.exe
MD5:            03891ab57eb301579005f62953dfd21e
SHA1:           41efd56ea49b72c6dd53b5341f295e549b1b64a5
SHA256:         f670080b1f42d1b70a37adda924976e6d7bd62bf77c35263aff97e7968291807
Imphash:        f34d5f2d4577ed6d9ceec516c1f5a744
Signature:      RedLineStealer
Tags:           exe, RedLineStealer
$ bazaar download f670080b1f42d1b70a37adda924976e6d7bd62bf77c35263aff97e7968291807
$ file f670080b1f42d1b70a37adda924976e6d7bd62bf77c35263aff97e7968291807.zip 
f670080b1f42d1b70a37adda924976e6d7bd62bf77c35263aff97e7968291807.zip: Zip archive data, at least v5.1 to extract
$ bazaar download f670080b1f42d1b70a37adda924976e6d7bd62bf77c35263aff97e7968291807 --unzip
$ file f670080b1f42d1b70a37adda924976e6d7bd62bf77c35263aff97e7968291807.exe 
f670080b1f42d1b70a37adda924976e6d7bd62bf77c35263aff97e7968291807.exe: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
```
