Main Function (used as entry point) :return:
()
| 16 | |
| 17 | |
| 18 | def main(): |
| 19 | """ |
| 20 | Main Function (used as entry point) |
| 21 | :return: |
| 22 | """ |
| 23 | # Parse Arguments |
| 24 | parser = argparse.ArgumentParser(description='Valhalla-CLI') |
| 25 | parser.add_argument('-k', help='API KEY', metavar='apikey', default=ValhallaAPI.DEMO_KEY) |
| 26 | parser.add_argument('-c', help='Config file (see README for details)', metavar='config-file', |
| 27 | default=os.path.join(str(Path.home()), ".valhalla")) |
| 28 | parser.add_argument('-o', help='output file', metavar='output-file', default=ValhallaAPI.DEFAULT_OUTPUT_FILE) |
| 29 | parser.add_argument('--check', action='store_true', default=False, |
| 30 | help='Check subscription info and total rule count') |
| 31 | parser.add_argument('--debug', action='store_true', default=False, help='Debug output') |
| 32 | |
| 33 | group_proxy = parser.add_argument_group( |
| 34 | '=======================================================================\nProxy') |
| 35 | group_proxy.add_argument('-p', help='proxy URL (e.g. https://my.proxy.net:8080)', metavar='proxy-url', default='') |
| 36 | group_proxy.add_argument('-pu', help='proxy user', metavar='proxy-user', default='') |
| 37 | group_proxy.add_argument('-pp', help='proxy password', metavar='proxy-pass', default='') |
| 38 | |
| 39 | group_filter = parser.add_argument_group( |
| 40 | '=======================================================================\nFilter') |
| 41 | group_filter.add_argument('-fp', help='filter product (valid products are: %s)' % |
| 42 | ", ".join(ValhallaAPI.PRODUCT_IDENTIFIER), |
| 43 | metavar='product', default='') |
| 44 | group_filter.add_argument('-fv', help='get rules that support the given YARA version and lower', |
| 45 | metavar='yara-version', default='') |
| 46 | group_filter.add_argument('-fm', help='set a list of modules that your product supports (e.g. "-fm pe hash") ' |
| 47 | '(setting no modules means that all modules are supported by your product)', |
| 48 | action='append', nargs='+', metavar='modules') |
| 49 | group_filter.add_argument('-ft', help='set a list of tags to receive (e.g. "-ft APT MAL")', |
| 50 | action='append', nargs='+', metavar='tags') |
| 51 | group_filter.add_argument('-fs', help='minimum score of rules to retrieve (e.g. "-fs 75")', |
| 52 | metavar='score', default=0) |
| 53 | group_filter.add_argument('-fq', help='get only rules that match a certain keyword in name or description ' |
| 54 | '(e.g. "-fq Mimikatz")', metavar='query', default='') |
| 55 | group_filter.add_argument('--nocrypto', help='filter all rules that require YARA to be compiled with crypto ' |
| 56 | 'support (OpenSSL)', action='store_false', default=True) |
| 57 | |
| 58 | group_proxy = parser.add_argument_group( |
| 59 | '=======================================================================\nLookups') |
| 60 | group_proxy.add_argument('-lr', help='Lookup a certain rule (returns matching samples)', metavar='lookup-rule', |
| 61 | default='') |
| 62 | group_proxy.add_argument('-lh', help='Lookup a certain sample hash (sha256) (returns matching rules)', |
| 63 | metavar='lookup-hash', default='') |
| 64 | group_proxy.add_argument('-lk', help='Lookup rules with a certain keyword (returns matching rules)', |
| 65 | metavar='lookup-keyword', default='') |
| 66 | group_proxy.add_argument('-lkm', help='Lookup hashes of samples on which rules have matches that contain a certain ' |
| 67 | 'keyword (returns matching sample hashes)', |
| 68 | metavar='lookup-keyword', default='') |
| 69 | group_proxy.add_argument('-lo', help='Output file for the lookup output', metavar='lookup-output', default='') |
| 70 | |
| 71 | args = parser.parse_args() |
| 72 | |
| 73 | print(" ") |
| 74 | print("===========================================================") |
| 75 | print(" _ __ ____ ____ _______ ____ ") |
no test coverage detected