Initial malware-encyclopedias with Symantec import

README.md

@@ -0,0 +1,6 @@
+malware encyclopedias
+=====================
+
+malware-encyclopedias is a set of tools to gather malware names and descriptions. The objective
+is to have structured and machine-readable information about malware names.
+

bin/fetcher.py

@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+# coding=utf-8
+#
+# malware-encyclopedias is a set of tools to gather malware names and descriptions
+#
+# Software is free software released under the "Modified BSD license"
+#
+# Copyright (c) 2015-2016    Alexandre Dulaunoy - a@foo.be
+
+
+import requests
+import feedparser
+import string
+import json
+import datetime
+import os
+
+vendors = ['symantec']
+symantec_url = "http://www.symantec.com/xml/rss/azlistings.jsp?azid="
+symantec_listings = ['_1234567890']
+rawdir = '../raw'
+
+date_handler = lambda obj: (
+        obj.isoformat()
+        if isinstance(obj, datetime.datetime)
+        or isinstance(obj, datetime.date)
+        else None
+)
+
+def symantec_parsing(doc = False):
+    if not doc:
+        return False
+    return feedparser.parse(doc)
+
+def json_save(vendor = False, dump=False, part=None):
+    if not vendor or not dump:
+        return False
+    fd = open(os.path.join(rawdir, vendor+"/"+part+".json"), 'w')
+    fd.write(json.dumps(dump, default=date_handler))
+    fd.close()
+
+for e in list(string.ascii_uppercase):
+    symantec_listings.append(e)
+
+for vendor in vendors:
+    for d in symantec_listings:
+        r = requests.get(symantec_url+d)
+        if r.status_code == 200:
+            json_save(vendor = vendor, dump=symantec_parsing(doc=r.text), part=d)

raw/symantec/Q.json

@@ -0,0 +1 @@
+{"feed": {"subtitle": "The Threat Explorer is a comprehensive resource for daily, accurate and up-to-date information on the latest threats, risks and vulnerabilities.", "language": "en-us", "links": [{"href": "http://www.symantec.com/business/landing/azlisting.jsp", "type": "text/html", "rel": "alternate"}], "title": "RSS Feed - Symantec Corp.", "subtitle_detail": {"base": "", "type": "text/html", "value": "The Threat Explorer is a comprehensive resource for daily, accurate and up-to-date information on the latest threats, risks and vulnerabilities.", "language": null}, "title_detail": {"base": "", "type": "text/plain", "value": "RSS Feed - Symantec Corp.", "language": null}, "link": "http://www.symantec.com/business/landing/azlisting.jsp"}, "encoding": "utf-8", "bozo": 0, "version": "rss20", "namespaces": {}, "entries": [{"summary_detail": {"base": "", "type": "text/html", "value": "Risk Level: Very Low.  Type: Virus.", "language": null}, "published_parsed": null, "links": [{"href": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121517-5900-99&om_rssid=sr-", "type": "text/html", "rel": "alternate"}], "title": "QRry", "summary": "Risk Level: Very Low.  Type: Virus.", "guidislink": false, "title_detail": {"base": "", "type": "text/plain", "value": "QRry", "language": null}, "link": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121517-5900-99&om_rssid=sr-", "published": "Fri, 15 Dec 2000 00:00:00 -0800", "id": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121517-5900-99&om_rssid=sr-"}, {"summary_detail": {"base": "", "type": "text/html", "value": "Risk Level: Very Low.  Type: Virus.", "language": null}, "published_parsed": null, "links": [{"href": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121909-5951-99&om_rssid=sr-", "type": "text/html", "rel": "alternate"}], "title": "Quandary", "summary": "Risk Level: Very Low.  Type: Virus.", "guidislink": false, "title_detail": {"base": "", "type": "text/plain", "value": "Quandary", "language": null}, "link": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121909-5951-99&om_rssid=sr-", "published": "Tue, 19 Dec 2000 00:00:00 -0800", "id": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121909-5951-99&om_rssid=sr-"}, {"summary_detail": {"base": "", "type": "text/html", "value": "Risk Level: Very Low.  Type: Virus.", "language": null}, "published_parsed": null, "links": [{"href": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121910-1035-99&om_rssid=sr-", "type": "text/html", "rel": "alternate"}], "title": "Quiver", "summary": "Risk Level: Very Low.  Type: Virus.", "guidislink": false, "title_detail": {"base": "", "type": "text/plain", "value": "Quiver", "language": null}, "link": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121910-1035-99&om_rssid=sr-", "published": "Tue, 19 Dec 2000 00:00:00 -0800", "id": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121910-1035-99&om_rssid=sr-"}, {"summary_detail": {"base": "", "type": "text/html", "value": "Risk Level: Very Low.  Type: Virus.", "language": null}, "published_parsed": null, "links": [{"href": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121910-2628-99&om_rssid=sr-", "type": "text/html", "rel": "alternate"}], "title": "Quox", "summary": "Risk Level: Very Low.  Type: Virus.", "guidislink": false, "title_detail": {"base": "", "type": "text/plain", "value": "Quox", "language": null}, "link": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121910-2628-99&om_rssid=sr-", "published": "Tue, 19 Dec 2000 00:00:00 -0800", "id": "http://www.symantec.com/security_response/writeup.jsp?docid=2000-121910-2628-99&om_rssid=sr-"}]}

requirements.txt

@@ -0,0 +1,2 @@
+requests
+feedparser