feature to download by hash from any available services

[psifertex]

My primary use-case for malwoverview would be to download a hash by name from whatever services had it available. I'd love to have an option to simply provide the sha256 and have the script try all services for which I have API keys included until a download is found. Is this a feature you'd consider accepting a PR for or adding yourself?

Unrelated (happy to file a separate issue but don't want to spam you with too many requests!): have you considered using pathlib.Path so you don't have to do things like https://github.com/alexandreborges/malwoverview/blob/master/malwoverview/malwoverview.py#L68-L74 ?

[alexandreborges]

Dear psifertex,

Good afternoon. The idea is good, but we have reservations. For example, we already receive a proposal of using malwoverview for scanning directories recursively, but we didn't accept it because people would use it as an AV, and that is not the idea. Anyway, we will consider it and soon we return a comment about it.

The pathlib.Path is an option, and we only need to assure that it will work in any case.

Thank you for your message and have a good day.

[psifertex]

I'm happy to write the code myself as I mentioned before, just didn't want to submit something you wouldn't be interested in.

[alexandreborges]

Jordan, good morning.

Ok, let's move on with your proposal. To coordinate things, let's establish a baseline:

1. We will probably release a new version of Malwoverview (6.0.1), which will include only one fix.

2. Please write your code taking advantage of the existence of dark and light background colors in terminals (option -o 0 and -o 1).

3. Please be careful with the formatting of the output. One of my main concerns about the Malwoverview version was to keep the output organized and clear.

4. Since you are proposing an "aggregator" for downloading samples, consider creating a similar aggregator, but for malware classification, which would provide an output showing the sample's classification from Virus Total, Triage, Hybrid Analysis, URL Haus, and so on. This evaluation could be "malicious" or "not malicious", or even a classification, if one is offered.

This topic 4 would be an idea for the future, and would be very similar to your aggregator, but only presenting the malware classification and eventually indicating whether or not the download is available.

If everything is ok and reasonable for you, let me know, and welcome to the team.

Have a great day, Jordan.

Alexandre.

[psifertex]

That sounds perfect. I'll probably implement only the downloader initially as that scratches my particular itch but I will keep the fourth item in mind so that any changes I make wouldn't conflict with a future feature like that.

[alexandreborges]

Hi Jordan,

Good evening. That's perfect.

Please, pay attention to two aspects:

1. Do initial commits to development (dev) branch.
2. Pay attention to eventual new options being implemented in this period.

Welcome to the team, and I hope you are doing and in a good health.