malware-2-hash.py

import hashlib
import os
import json
import argparse

# By default, poll every thirty minutes
DEFAULT_POLL_TIME = 30

parser = argparse.ArgumentParser(prog = 'Malware-2-Hash',description='Script to automate the hashing and creation of malware IOCs!', epilog='Text at the bottom of help')

parser.add_argument("-f", "--filepath", help="malware file to hash")
parser.add_argument("-n", "--name", help="malware name")
args = parser.parse_args()

if args.filepath == None:
	print("Argument -f (--filepath) is required!")
	os._exit(0)


#Find file
if not(os.path.isfile(args.filepath)):
	print("Invalid filepath! please try again")
	os._exit(0)

file = args.filepath
# The size of each read from the file
BLOCK_SIZE = 65536

# Create the hash objects
md5_obj = hashlib.md5()
sha1_obj = hashlib.sha1()
sha256_obj = hashlib.sha256()

with open(file, 'rb') as f:
	fileblock = f.read(BLOCK_SIZE)
	while len(fileblock) > 0:
		md5_obj.update(fileblock)
		sha1_obj.update(fileblock)
		sha256_obj.update(fileblock)
		fileblock = f.read(BLOCK_SIZE)
f.close()

print("Hashes: \n MD5: {md5}\n SHA1: {sha1}\n SHA256: {sha256}\n".format(md5=md5_obj.hexdigest(), sha1=sha1_obj.hexdigest(), sha256=sha256_obj.hexdigest()))

if args.name == None:
	print(os.path.basename(file))
	filename = file.split(".")
	name = filename[0]
else:
	name = args.name

ioc = {
	"name" : name,
	"file_hash" : sha256_obj.hexdigest(),
	"poll_time" : DEFAULT_POLL_TIME,
	"MD5" : md5_obj.hexdigest(),
	"SHA1" : sha1_obj.hexdigest(),
	"SHA256" : sha256_obj.hexdigest()
}

json_object = json.dumps(ioc, indent=4)

with open("ioc/"+name+".json", "w") as outfile:
	outfile.write(json_object)
outfile.close()

print("IOC file saved under /ioc/{name}.json".format(name=name))