通过谷歌搜索恶意软件家族详细信息【python脚本】

通过谷歌搜索恶意软件家族详细信息的python脚本

在仅仅给家族名字的情况下，我希望知道恶意软件的种类信息。例如：

Dorkbot 家族，搜索谷歌：
Dorkbot (malware) - Wikipedia(https://en.wikipedia.org/wiki/Dorkbot_(malware))
Worm:W32/Dorkbot.A Description | F-Secure Labs(https://www.f-secure.com/v-descs/worm_w32_dorkbot_a.shtml)
DorkBot: An Investigation - Check Point Research(https://research.checkpoint.com/2018/dorkbot-an-investigation/)
ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces ...(https://threatpost.com/threatlist-6-year-old-dorkbot-banking-malware-resurfaces-as-big-threat/133898/)
Dorkbot | CISA - US-CERT(https://us-cert.cisa.gov/ncas/alerts/TA15-337A)

可以知道是蠕虫，还主要针对banking类。

下面是代码：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

import requests from bs4 import BeautifulSoup     def goole_search(query, topk=5):     query = query.replace(' ', '+')       # URL = f"https://google.com/search?q={query}"     url = f"https://www.google.com.hk/search?q={query}"     # desktop user-agent     USER_AGENT = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:65.0) Gecko/20100101 Firefox/65.0"       headers = {"user-agent": USER_AGENT}     resp = requests.get(url, headers=headers)       results = []     if resp.status_code == 200:         soup = BeautifulSoup(resp.content, "html.parser")         for g in soup.find_all('div', class_='g'):             anchors = g.find_all('a')             if anchors:                 try:                     link = anchors[0]['href']                     title = g.find('h3').text                     item = {                         "title": title,                         "link": link                     }                     results.append(item)                       if len(results) == topk:                         break                   except Exception as e:                     continue       return results[:topk]     if __name__ == "__main__":     mal_str = "Tofsee,Noancooe,Bladabindi,Gbot"     arr = mal_str.split(",")     for i, mal_class in enumerate(arr):         print(i, mal_class)         mal_info = goole_search(mal_class + " malware")         readable_inf = "\n".join(["{}({})".format(inf["title"], inf["link"]) for inf in mal_info])         print(readable_inf)         print("*"*88)

　　

结果：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

0 Tofsee Backdoor:W32/Tofsee Description | F-Secure Labs(https://www.f-secure.com/v-descs/backdoor_w32_tofsee.shtml) Tofsee (Malware Family) - Malpedia(https://malpedia.caad.fkie.fraunhofer.de/details/win.tofsee) Backdoor.Tofsee | Malwarebytes Labs | Detections(https://blog.malwarebytes.com/detections/backdoor-tofsee/) Threat description search results - Microsoft Security Intelligence(https://www.microsoft.com/en-us/wdsi/threats/threat-search?query=Trojan:Win32/Tofsee.GB!MTB) Alibaba Cloud Researchers Uncover Tofsee Malware Using ...(https://blogs.infoblox.com/security/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns/) **************************************************************************************** 1 Noancooe Backdoor.MSIL.NOANCOOE.AOOI - Threat Encyclopedia(https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.msil.noancooe.aooi/) Backdoor:Win32/Noancooe.A threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Noancooe.A&ThreatID=2147742686) Backdoor:MSIL/Noancooe.A - How To Fix Guide(https://howtofix.guide/backdoormsil-noancooe-a/) Backdoor:MSIL/Noancooe.A - Virus Removal Guide(https://malwarefixes.com/threats/backdoormsil-noancooe-a/) Backdoor:MSIL/Noancooe!MSR - Virus Removal Guide(https://applefixes.com/threat-encyclopedia/backdoormsil-noancooemsr/) **************************************************************************************** 2 Bladabindi Backdoor.Bladabindi | Malwarebytes Labs | Detections(https://blog.malwarebytes.com/detections/backdoor-bladabindi/) BLADABINDI Backdoor - Malware removal ... - PCrisk(https://www.pcrisk.com/removal-guides/18907-bladabindi-backdoor) Backdoor:Win32/Bladabindi!rfn threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Bladabindi!rfn&ThreatID=2147766996) nJRAT Report: Bladabindi - Cynet(https://www.cynet.com/attack-techniques-hands-on/njrat-report-bladabindi/) Backdoor.MSIL.BLADABINDI.IND - Энциклопедия угроз(https://www.trendmicro.com/vinfo/ru/threat-encyclopedia/malware/backdoor.msil.bladabindi.ind) **************************************************************************************** 3 Gbot GBOT - Threat Encyclopedia - Trend Micro(https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/gbot) Riskware/Gbot - Threat Encyclopedia | FortiGuard(https://www.fortiguard.com/encyclopedia/virus/8151189) Backdoor:Win32/Gbot!rfn threat description - Microsoft(https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Gbot!rfn&ThreatID=2147744002) BackDoor.Gbot.2667 — How to quickly look up a virus in the ...(https://vms.drweb.com/virus/?i=5811072) Cisco 4Q10 Global Threat Report(https://www.cisco.com/c/dam/en_us/about/security/intelligence/reports/Cisco_Global_Threat_Report_4Q10.pdf)