Wikileaks has released a large set of e-mails leaked from the Turkish party AKP. Unfortunately, no processing of any kind has been performed on these e-mails – they are just a raw dump. Since many of the AKP members have been recipients of malware sent by e-mail (most likely random spam but could have also been targeted attacks), the received malware in the e-mails is also present in the dump. As a result, the Wikileaks site is hosting malware, which leads to various sites like Google and Facebook blocking it. For the record, I consider this to be extremely irresponsible on the part of Wikileaks. Malware distribution is not “journalism” by any definition of the term.
This script was written for the purpose of getting information about the attached files with suspicious extensions, so that they could be scanned – either by downloading them and scanning them locally, or by obtaining their MD5 hashes and submitting those to VirusTotal.
Usage And Download from git:
git clone https://github.com/bontchev/wlscrape && wlscrape
sudo pip install "requests[security]"
sudo pip install lxml
sudo pip install json
sudo pip install wget
sudo python2 wlscrape.py -d exe (example)