sudosecure.net

Over the weekend I was working on some long over due tasks that desperately needed my attention on my honeypot, and wrote a short Perl script to allow me to submit files to the ThreatExpert sandnet for analysis. It is a fairly simple script that will accept wildcards to submit several files or a specific file name to submit individual files. With a wrapper script or some simple modifications it could easily be modified to run via a cron job or in a never ending while loop to submit new files as they are seen by your honeypot. My version does this, but I didn't want to realase that code just in case someone used it to cause a DOS attack on ThreatExpert by submiting hundreds of files without realizing what they were doing.

I can't guarantee this script will run tomorrow, because if ThreatExpert decides to modify there web form submission structure this script will begin to fail. I don't really see them doing this as they offer a free Windows GUI to do this same task and a modification would break that application as well.

Anyways you can get the script here: ThreatExpert Submit Script, just change the extension from ".txt" to ".pl". Here are a few examples of how to run it:

submit the three specified files to ThreatExpert.com and receive an email report at my.email@notta.com
./threatExpert_submit.pl -e my.email@notta.com -f badFile1 badFile2 badFile3

submit the entire directory /malware to ThreatExpert and receive an email report at my.email@notta.com
./threatExpert_submit.pl -e my.email@notta.com -f /malware/*

submit all files that start with "bad" to ThreatExpert and receive an email at my.email@notta.com
./threatExpert_submit.pl -e my.email@notta.com -f bad*

If you have any issues running it or just have questions feel free to contact me at jeremy [at] sudosecure [dot] net anytime.