Cyfare Live Malware Downloader is a powerful and user-friendly command-line utility designed for bulk downloading and meticulous tracking of live malware samples from the Cyfare malware engine. This tool is specifically tailored for users of Cyfare Enterprise API plans, enabling efficient retrieval and management of malware data for research and analysis.

Leveraging asynchronous operations for speed and a rich terminal interface for real-time feedback, the downloader ensures a smooth and informative experience. It intelligently tracks progress, handles errors gracefully, and allows for resumption of downloads, saving you time and effort.

Check out Cyfare Enterprise API for more details: https://cyfare.net/enterprise/api/

Key Features

• Bulk Downloads: Efficiently download multiple malware samples based on SHA256 hashes provided in a CSV file.
• Asynchronous Operations: Utilizes asyncio and aiohttp for high-performance, concurrent downloads, maximizing your bandwidth usage.
• Intelligent Download Tracking:
  • Maintains a persistent JSON tracker (download_tracker.json) to log the status of each download (pending, success, specific errors).
  • Automatically resumes downloads, skipping files that are already successfully downloaded and verified.
  • Re-queues files for download if they were previously marked as downloaded but are found to be missing.
• Rich Terminal User Interface:
  • Powered by the rich library, providing a dynamic and visually informative display.
  • Live progress bars showing overall progress and status of individual file operations.
  • Real-time statistics table including total files, queued, successful, skipped, failed, and remaining downloads.
  • Color-coded console output for clear distinction of status messages, warnings, and errors.
• Robust Error Handling:
  • Gracefully handles a wide range of potential issues including network errors, API errors (e.g., invalid key, file not found), HTTP errors, file system errors, and timeouts.
  • Detailed error messages are logged in the tracker for each affected file.
• Data Integrity: Includes basic cleaning for hash values from the input CSV to ensure correct API querying.
• Organized Output: Saves downloaded malware samples (as ZIP archives from the API) into a configurable download folder (default: CYFARE_MALWARE_SYNC).
• Graceful Shutdown: Supports Ctrl+C interruption for a graceful shutdown, attempting to cancel ongoing tasks and save progress.
• Configuration: Easily configure essential parameters such as your API_KEY, API_ENDPOINT_URL, CSV_FILE_PATH, DOWNLOAD_FOLDER, TRACKER_FILE, and MAX_CONCURRENT_DOWNLOADS directly within the script.

Setup & Configuration

Prerequisites

• Python 3.7+
• Access to Cyfare Enterprise API and a valid API Key.

Installation

1. Clone the repository:

   cd ~
   git clone https://github.com/CYFARE/Cyfare-Live-Malware-Downloader.git
   cd Cyfare-Live-Malware-Downloader

2. Create and activate a virtual environment (recommended):

   python3 -m venv venv
   # On Linux/macOS
   source venv/bin/activate
   # On Windows (Git Bash or cmd)
   # venv\Scripts\activate

3. Install dependencies:

   python -m pip install --upgrade pip
   python -m pip install -r requirements.txt

Configuration

Before running the script, you need to configure it with your Cyfare Enterprise API key and other preferences:

1. Open the down.py script in a text editor.
2. Locate the configuration section near the top of the file:

   # --- Configuration ---
   API_KEY = "YOUR_CYFARE_API_KEY"  # Replace with your actual API key
   API_ENDPOINT_URL = "https://cyfare.net/enterprise/api/query.php" # Default endpoint
   CSV_FILE_PATH = "full.csv" # Path to your CSV file with sha256_hash column
   DOWNLOAD_FOLDER = "CYFARE_MALWARE_SYNC" # Folder to save downloaded malware
   TRACKER_FILE = "download_tracker.json" # File to track download progress
   MAX_CONCURRENT_DOWNLOADS = 10  # Adjust based on your network and API limits

3. Crucially, replace "YOUR_CYFARE_API_KEY" with your actual Cyfare Enterprise API key.
4. Adjust other parameters like CSV_FILE_PATH, DOWNLOAD_FOLDER, and MAX_CONCURRENT_DOWNLOADS as needed.

Usage

1. Prepare your CSV file:

   • Ensure you have a CSV file (e.g., full.csv, or update CSV_FILE_PATH in the script) in the script's directory.
   • This file must contain a column named sha256_hash listing the SHA256 hashes of the malware samples you wish to download. Other columns can be present but sha256_hash is essential.

2. Run the downloader:

   python down.py

The script will start processing the CSV, displaying a live dashboard with progress and statistics. Downloaded files (as ZIP archives) will be saved in the specified DOWNLOAD_FOLDER. Download progress and any errors will be recorded in download_tracker.json.

If the script is interrupted or stopped, you can simply run it again. It will use the download_tracker.json to resume from where it left off, skipping already downloaded files.

Support

Boost Cyfare by spreading the word and considering your support: https://cyfare.net/apps/Social/

For issues or feature requests related to this script, please open an issue on the GitHub repository.

License

This project is licensed under the GPLv3.0 License. See the LICENSE file for details.