Lib.rs

MalwareDB Client

This application submits and retrieves samples (binaries of any time which MalwareDB knows about) from the MalwareDB server over the http protocol.

Getting started

1. Install a MalwareDB instance, if you don't have one already. See the main repo for directions.
2. Have an account created on the server.
3. Login with your username, password, and server URL. Example: mdb_client login http://localhost:8080 myusername. You'll be prompted for your password.
4. Verify this works with mdb_client whoami. This will show your user information, including groups and sources you have access to.
5. Run mdb_client server-info to see some overall stats about the server.
6. Run mdb_client server-types to see which file types the server knows about, and will store samples of these types.

Submitting samples

1. Run mdb_client whoami to ensure you're logged in.
2. Submit one or more files by providing the paths for one or more files and/or directories, along with the ID number of the source: mdb_client submit-samples -s 1 /path/to/files/.
   • You may provide -p password and a Zip file to load files from a password-protected Zip file. There is logic to distinquish from a Zip file that's actually an MS Office document versus an archive of files.
   • You may only submit samples to sources that your group has access to.

Retrieving samples

1. Run mdb_client whoami to ensure you're logged in.
2. Run mdb_client retrieve-sample c8a9335b95774a30addf372395e9a148 to retrieve a sample by it's hash.
   • Hashes may be MD-5, SHA-1, SHA-256, SHA-384, or SHA-512. This is determined based on the hash length.
   • Files may be retrieved if you're part of a group which has access to a source containing the file you want to retrieve.

Finding similar files

1. Run mdb_client whoami to ensure you're logged in.
2. Run mdb_client find-similar /path/to/file. This will calculate the various similarity hashes for the file, and send them to the server to find samples which are similar.