├── img └── malhunt.gif ├── pyproject.toml ├── README.md ├── malhunt.py └── poetry.lock /img/malhunt.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andreafortuna/malhunt/HEAD/img/malhunt.gif -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [project] 2 | name = "malhunt" 3 | version = "0.1.0" 4 | description = "" 5 | authors = [ 6 | {name = "Andrea Fortuna"} 7 | ] 8 | readme = "README.md" 9 | requires-python = ">=3.9" 10 | dependencies = [ 11 | "requests (>=2.32.4,<3.0.0)" 12 | ] 13 | 14 | 15 | [build-system] 16 | requires = ["poetry-core>=2.0.0,<3.0.0"] 17 | build-backend = "poetry.core.masonry.api" 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Malhunt 2 | 3 | Search malware in memory dumps using Volatiliy. 4 | 5 | ## Requirements 6 | 7 | - Python 8 | - Git 9 | - Volatility 10 | - Clamscan 11 | 12 | ## How it works 13 | 14 | ![Malhunt demo](/img/malhunt.gif) 15 | 16 | The script applies my workflow for malware analysis: 17 | 18 | - Performs image identification 19 | - Scans processes with yara rules, malfind and network blacklist in order to find suspicious artifacts 20 | - Saves memory dump and handles of suspicious processes 21 | - Scans saved processes with clamscan 22 | 23 | -------------------------------------------------------------------------------- /malhunt.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: utf-8 3 | 4 | import os,shutil,sys,time, requests 5 | 6 | 7 | global MALHUNTHOME, VOLATILITYBIN, EXCLUDEDWORDS 8 | MALHUNTHOME = os.path.expanduser("~/.malhunt") 9 | VOLATILITYBIN = os.popen("which volatility || which vol.py").read().rstrip() 10 | CLAMSCANBIN = os.popen("which clamscan").read().rstrip() 11 | EXCLUDEDWORDS = ['Str_Win32_', 'SurtrStrings'] 12 | 13 | 14 | class SProcess(object): 15 | def __init__(self, rule, process, pid): 16 | self.rule = rule 17 | self.process = process 18 | self.pid = pid 19 | 20 | 21 | 22 | def check_exclusions(line): 23 | if any(c in line for c in EXCLUDEDWORDS): 24 | return False 25 | return True 26 | 27 | def clean_up(): 28 | shutil.rmtree(MALHUNTHOME + "/rules", ignore_errors=True) 29 | if os.path.isfile(MALHUNTHOME + '/malware_rules.yar'): 30 | st=os.stat(MALHUNTHOME + "/malware_rules.yar") 31 | max_age = time.time() - (60 * 60 * 24) #One day 32 | mtime=st.st_mtime 33 | if mtime < max_age: 34 | os.unlink(MALHUNTHOME + "/malware_rules.yar") 35 | 36 | def get_rules_from_git(): 37 | clean_up() 38 | os.system("git clone https://github.com/Yara-Rules/rules.git " + MALHUNTHOME + "/rules") 39 | 40 | def list_yara_files(): 41 | all_yara_files = [] 42 | for root, directories, filenames in os.walk(MALHUNTHOME + "/rules/malware"): 43 | filenames.sort() 44 | for file_name in filenames: 45 | rule_filename, rule_file_extension = os.path.splitext(file_name) 46 | if rule_file_extension == ".yar" or rule_file_extension == ".yara": 47 | all_yara_files.append(os.path.join(root, file_name)) 48 | # BETA - Search for webshells 49 | for root, directories, filenames in os.walk(MALHUNTHOME + "/rules/Webshells"): 50 | filenames.sort() 51 | for file_name in filenames: 52 | rule_filename, rule_file_extension = os.path.splitext(file_name) 53 | if rule_file_extension == ".yar" or rule_file_extension == ".yara": 54 | all_yara_files.append(os.path.join(root, file_name)) 55 | 56 | 57 | 58 | return all_yara_files 59 | 60 | def remove_incompatible_imports(files): 61 | filtered_files = [] 62 | for yara_file in files: 63 | with open(yara_file, 'r') as fd: 64 | yara_in_file = fd.read() 65 | if not (("import \"math\"" in yara_in_file) or ("import \"cuckoo\"" in yara_in_file) or ("import \"hash\"" in yara_in_file) or ("imphash" in yara_in_file)): 66 | filtered_files.append(yara_file) 67 | return filtered_files 68 | 69 | def fix_duplicated_rules(files): 70 | filtered_files = [] 71 | first_elf = True 72 | to_delete = False 73 | for yara_file in files: 74 | with open(yara_file, 'r') as fd: 75 | yara_in_file = fd.readlines() 76 | for line in yara_in_file: 77 | if line.strip() == "private rule is__elf {": 78 | if first_elf: 79 | first_elf = False 80 | else: 81 | to_delete = True 82 | if not to_delete: 83 | filtered_files.append(line) 84 | if (not first_elf) and line.strip() == "}": 85 | to_delete = False 86 | filtered_files.append("\n") 87 | return filtered_files 88 | 89 | def merge_rules(all_rules): 90 | with open(MALHUNTHOME + "/malware_rules.yar", 'w') as fd: 91 | fd.write(''.join(all_rules)) 92 | 93 | def image_identification(filename): 94 | if os.path.isfile(MALHUNTHOME + "/" + os.path.basename(filename) + ".imageinfo"): 95 | with open(MALHUNTHOME + "/" + os.path.basename(filename) + ".imageinfo",'r') as f: 96 | output = f.read() 97 | return output.rstrip() 98 | volimageInfo = os.popen(VOLATILITYBIN + " -f " + filename + " imageinfo 2>/dev/null | grep \"Suggested Profile(s)\" | awk '{print $4 $5 $6}'").read() 99 | volimageInfo = volimageInfo.rstrip() 100 | volProfiles = volimageInfo.split(",") 101 | for volProfile in volProfiles: 102 | profileCheck = os.popen(VOLATILITYBIN + " -f " + filename + " --profile=" + volProfile + " pslist 2>/dev/null").read() 103 | print(" Check profile \033[1m" + volProfile + "\033[0m") 104 | if "Offset" in profileCheck: 105 | with open(MALHUNTHOME + "/" + os.path.basename(filename) + ".imageinfo", 'w') as f: 106 | f.write(volProfile) 107 | return volProfile 108 | return "" 109 | 110 | 111 | def maliciousIP(ipaddress): 112 | response = requests.get("http://check.getipintel.net/check.php?ip=" + ipaddress + "&contact=abuse@getipinterl.net") 113 | 114 | if response.text == "1": 115 | return True 116 | return False 117 | 118 | def yarascan(filename, volProfile, processList): 119 | if os.path.isfile(MALHUNTHOME + "/" + os.path.basename(filename) + '.malware_search'): 120 | with open(MALHUNTHOME + "/" + os.path.basename(filename) + '.malware_search', 'r') as f: 121 | volOutput = f.read() 122 | else: 123 | volOutput = os.popen(VOLATILITYBIN + " -f " + filename + " yarascan --profile=" + volProfile + " -y " + os.path.expanduser("~/.malhunt") + "/malware_rules.yar 2>/dev/null").read() 124 | #report = [] 125 | linereport = "" 126 | rule = "" 127 | process = "" 128 | pid = "" 129 | for line in volOutput.splitlines(): 130 | if line.startswith("Rule"): 131 | rule = line.split(":")[1].lstrip().rstrip() 132 | if line.startswith("Owner"): 133 | process = line.split(":")[1].lstrip().split()[1].lstrip().rstrip() 134 | pid = line.split(":")[1].lstrip().split()[3].lstrip().rstrip() 135 | singleProcess = SProcess(rule, process, pid) 136 | 137 | if check_exclusions(rule): 138 | if len([SProcess for SProcess in processList if SProcess.pid == pid]) == 0: 139 | #if singleProcess not in report: 140 | processList.append(singleProcess) 141 | rule = "" 142 | process = "" 143 | pid = "" 144 | with open(MALHUNTHOME + "/" + os.path.basename(filename) + '.malware_search', 'w') as f: 145 | f.write(volOutput) 146 | return processList 147 | 148 | def malfindscan(filename, volProfile, processList): 149 | if os.path.isfile(MALHUNTHOME + "/" + os.path.basename(filename) + '.malfind_search'): 150 | with open(MALHUNTHOME + "/" + os.path.basename(filename) + '.malfind_search', 'r') as f: 151 | volOutput = f.read() 152 | else: 153 | volOutput = os.popen(VOLATILITYBIN + " -f " + filename + " malfind --profile=" + volProfile + " 2>/dev/null | grep \"Process: \"" ).read() 154 | linereport = "" 155 | rule = "" 156 | process = "" 157 | pid = "" 158 | for line in volOutput.splitlines(): 159 | rule = "malfind" 160 | process = line.split(" ")[1].lstrip().rstrip() 161 | pid = line.split(" ")[3].lstrip().rstrip() 162 | singleProcess = SProcess(rule, process, pid) 163 | if len([SProcess for SProcess in processList if SProcess.pid == pid]) == 0: 164 | processList.append(singleProcess) 165 | with open(MALHUNTHOME + "/" + os.path.basename(filename) + '.malfind_search', 'w') as f: 166 | f.write(volOutput) 167 | return processList 168 | 169 | def networkscan(filename, volProfile, processList): 170 | 171 | volCommand = "netscan" 172 | volFilter = " | grep -v \"LISTENING\"" 173 | ipColumn = 3 174 | pidColumn = 5 175 | 176 | if volProfile.startswith("Win2003") or volProfile.startswith("WinXP"): 177 | volCommand = "connscan" 178 | volFilter = "" 179 | ipColumn = 2 180 | pidColumn = 3 181 | if os.path.isfile(MALHUNTHOME + "/" + os.path.basename(filename) + '.network_search'): 182 | with open(MALHUNTHOME + "/" + os.path.basename(filename) + '.network_search', 'r') as f: 183 | volOutput = f.read() 184 | else: 185 | volOutput = os.popen(VOLATILITYBIN + " -f " + filename + " " + volCommand + " --profile=" + volProfile + " 2>/dev/null " + volFilter).read() 186 | for line in volOutput.splitlines(): 187 | rule = "network" 188 | process = "N.A." 189 | ip = line.split()[ipColumn].lstrip().rstrip() 190 | pid = line.split()[pidColumn].lstrip().rstrip() 191 | if (ip == ""): 192 | continue 193 | if (maliciousIP(ip.split(":")[0].lstrip().rstrip())): 194 | singleProcess = SProcess(rule, process, pid) 195 | if len([SProcess for SProcess in processList if SProcess.pid == pid]) == 0: 196 | processList.append(singleProcess) 197 | with open(MALHUNTHOME + "/" + os.path.basename(filename) + '.network_search', 'w') as f: 198 | f.write(volOutput) 199 | return processList 200 | 201 | 202 | 203 | def dump_process(imagefile, profile, PID): 204 | if not os.path.isdir(os.getcwd() + "/" + os.path.basename(imagefile) + "_artifacts"): 205 | os.makedirs(os.getcwd() + "/" + os.path.basename(imagefile) + "_artifacts") 206 | savedFile = os.popen(VOLATILITYBIN + " -f " + imagefile + " --profile=" + profile + " procdump -D \"./" + os.path.basename(imagefile) + "_artifacts/\" -p " + PID + " 2>/dev/null | grep OK: | awk '{print $5}'").read().lstrip().rstrip() 207 | volOutput = os.popen(VOLATILITYBIN + " -f " + imagefile + " --profile=" + profile + " handles -p " + PID + " 2>/dev/null").read() 208 | with open(os.getcwd() + "/" + os.path.basename(imagefile) + '_artifacts/' + PID + '.handles', 'w') as f: 209 | f.write(volOutput) 210 | 211 | return savedFile 212 | 213 | def clamscan_artifact(imagefile, artifactfile): 214 | clamOutput = "" 215 | #print "DEBUG: " + os.getcwd() + "/" + os.path.basename(imagefile) + "_artifacts/" + artifactfile + " ------\n" 216 | clamOutput = os.popen(CLAMSCANBIN + " --no-summary " + os.getcwd() + "/" + os.path.basename(imagefile) + "_artifacts/" + artifactfile).read().lstrip().rstrip() 217 | 218 | #print "--- DEBUG:" + clamOutput + " ------" 219 | clamOutput = clamOutput.split(":")[1].rstrip().lstrip() 220 | return clamOutput.rstrip().lstrip() 221 | 222 | 223 | 224 | def banner_logo(): 225 | print(""" __ __ _ _ _ 226 | | \/ | | | | | | 227 | | \ / | __ _| | |__ _ _ _ __ | |_ 228 | | |\/| |/ _` | | '_ \| | | | '_ \| __| 229 | | | | | (_| | | | | | |_| | | | | |_ 230 | |_| |_|\__,_|_|_| |_|\__,_|_| |_|\__| 231 | 232 | Hunt malware with Volatility! 233 | 234 | Andrea Fortuna 235 | andrea@andreafortuna.org 236 | https://andreafortuna.org 237 | """) 238 | 239 | def banner_usage(): 240 | print(" Usage:") 241 | print(" " + sys.argv[0] + " imagefile") 242 | 243 | def check_env(): 244 | if not os.path.exists(MALHUNTHOME): 245 | os.makedirs(MALHUNTHOME) 246 | 247 | def main(): 248 | banner_logo() 249 | check_env() 250 | if len(sys.argv) < 2: 251 | banner_usage() 252 | return "" 253 | imageFile = sys.argv[1] 254 | clean_up() 255 | if CLAMSCANBIN == "": 256 | print("\033[41mClamscan not installed...\033[0m") 257 | if not os.path.isfile(MALHUNTHOME + '/malware_rules.yar'): 258 | print("\033[1m* \033[0mUpdate malware yara rules...") 259 | get_rules_from_git() 260 | all_yara_files = list_yara_files() 261 | all_yara_filtered_1 = remove_incompatible_imports(all_yara_files) 262 | all_yara_filtered_2 = fix_duplicated_rules(all_yara_filtered_1) 263 | merge_rules(all_yara_filtered_2) 264 | else: 265 | print("\033[1m* \033[0mUsing cached yara rules...") 266 | print("\033[1m** \033[0mStarting image identification for file \033[4m" + imageFile + "\033[0m...") 267 | volProfile = image_identification(imageFile) 268 | if (volProfile == ""): 269 | print("Image identification failed!") 270 | return "" 271 | print("Image \033[4m" + imageFile + "\033[0m identified as \033[1m" + volProfile + "\033[0m") 272 | 273 | scanresult = [] 274 | 275 | sys.stdout.write("\033[1m*** \033[0mStarting malware artifacts search...") 276 | sys.stdout.flush() 277 | sys.stdout.write("Yarascan...") 278 | sys.stdout.flush() 279 | scanresult = yarascan(imageFile, volProfile, scanresult) 280 | sys.stdout.write("Malfind...") 281 | sys.stdout.flush() 282 | scanresult = malfindscan(imageFile, volProfile, scanresult) 283 | sys.stdout.write("Network...") 284 | sys.stdout.flush() 285 | scanresult = networkscan(imageFile, volProfile, scanresult) 286 | sys.stdout.write("Done!\n") 287 | sys.stdout.flush() 288 | 289 | if (len(scanresult) > 0): 290 | print("\033[41m**** Suspicious processes ****\033[0m") 291 | for singleProcess in scanresult: 292 | sys.stdout.write("\t \033[1m" + singleProcess.rule + "\033[0m: \033[4m" + singleProcess.process + "\033[0m (" + singleProcess.pid + ")\n") 293 | sys.stdout.flush() 294 | sys.stdout.write('\t\tSaving process memory and handles...') 295 | sys.stdout.flush() 296 | artifactFile = dump_process(imageFile, volProfile, singleProcess.pid) 297 | if (artifactFile != ""): 298 | print("done!") 299 | else: 300 | print("\x1b[6;30;42mNo file!\x1b[6;30;0m") 301 | continue 302 | sys.stdout.write('\t\tScanning artifact with ClamScan...') 303 | sys.stdout.flush() 304 | clamscanOutput = clamscan_artifact(imageFile, artifactFile) 305 | if (clamscanOutput != "OK"): 306 | print(("\033[41m" + clamscanOutput + "\033[0m")) 307 | else: 308 | print("\x1b[6;30;42mOK\x1b[6;30;0m") 309 | print("\nArtifacts saved into " + os.getcwd() + "/" + os.path.basename(imageFile) + "_artifacts/") 310 | else: 311 | print("\033[92mNo artifacts found!\033[0m") 312 | 313 | print("Full scan results saved in \033[4m" + MALHUNTHOME + "/" + os.path.basename(imageFile) + ".malware_search\033[0m") 314 | 315 | # Main body 316 | if __name__ == '__main__': 317 | main() -------------------------------------------------------------------------------- /poetry.lock: -------------------------------------------------------------------------------- 1 | # This file is automatically @generated by Poetry 2.1.3 and should not be changed by hand. 2 | 3 | [[package]] 4 | name = "certifi" 5 | version = "2025.7.9" 6 | description = "Python package for providing Mozilla's CA Bundle." 7 | optional = false 8 | python-versions = ">=3.7" 9 | groups = ["main"] 10 | files = [ 11 | {file = "certifi-2025.7.9-py3-none-any.whl", hash = "sha256:d842783a14f8fdd646895ac26f719a061408834473cfc10203f6a575beb15d39"}, 12 | {file = "certifi-2025.7.9.tar.gz", hash = "sha256:c1d2ec05395148ee10cf672ffc28cd37ea0ab0d99f9cc74c43e588cbd111b079"}, 13 | ] 14 | 15 | [[package]] 16 | name = "charset-normalizer" 17 | version = "3.4.2" 18 | description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." 19 | optional = false 20 | python-versions = ">=3.7" 21 | groups = ["main"] 22 | files = [ 23 | {file = "charset_normalizer-3.4.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941"}, 24 | {file = "charset_normalizer-3.4.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b2d318c11350e10662026ad0eb71bb51c7812fc8590825304ae0bdd4ac283acd"}, 25 | {file = "charset_normalizer-3.4.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:9cbfacf36cb0ec2897ce0ebc5d08ca44213af24265bd56eca54bee7923c48fd6"}, 26 | {file = "charset_normalizer-3.4.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:18dd2e350387c87dabe711b86f83c9c78af772c748904d372ade190b5c7c9d4d"}, 27 | {file = "charset_normalizer-3.4.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8075c35cd58273fee266c58c0c9b670947c19df5fb98e7b66710e04ad4e9ff86"}, 28 | {file = "charset_normalizer-3.4.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5bf4545e3b962767e5c06fe1738f951f77d27967cb2caa64c28be7c4563e162c"}, 29 | {file = "charset_normalizer-3.4.2-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:7a6ab32f7210554a96cd9e33abe3ddd86732beeafc7a28e9955cdf22ffadbab0"}, 30 | {file = "charset_normalizer-3.4.2-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:b33de11b92e9f75a2b545d6e9b6f37e398d86c3e9e9653c4864eb7e89c5773ef"}, 31 | {file = "charset_normalizer-3.4.2-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:8755483f3c00d6c9a77f490c17e6ab0c8729e39e6390328e42521ef175380ae6"}, 32 | {file = "charset_normalizer-3.4.2-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:68a328e5f55ec37c57f19ebb1fdc56a248db2e3e9ad769919a58672958e8f366"}, 33 | {file = "charset_normalizer-3.4.2-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:21b2899062867b0e1fde9b724f8aecb1af14f2778d69aacd1a5a1853a597a5db"}, 34 | {file = "charset_normalizer-3.4.2-cp310-cp310-win32.whl", hash = "sha256:e8082b26888e2f8b36a042a58307d5b917ef2b1cacab921ad3323ef91901c71a"}, 35 | {file = "charset_normalizer-3.4.2-cp310-cp310-win_amd64.whl", hash = "sha256:f69a27e45c43520f5487f27627059b64aaf160415589230992cec34c5e18a509"}, 36 | {file = "charset_normalizer-3.4.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:be1e352acbe3c78727a16a455126d9ff83ea2dfdcbc83148d2982305a04714c2"}, 37 | {file = "charset_normalizer-3.4.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:aa88ca0b1932e93f2d961bf3addbb2db902198dca337d88c89e1559e066e7645"}, 38 | {file = "charset_normalizer-3.4.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d524ba3f1581b35c03cb42beebab4a13e6cdad7b36246bd22541fa585a56cccd"}, 39 | {file = "charset_normalizer-3.4.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:28a1005facc94196e1fb3e82a3d442a9d9110b8434fc1ded7a24a2983c9888d8"}, 40 | {file = "charset_normalizer-3.4.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fdb20a30fe1175ecabed17cbf7812f7b804b8a315a25f24678bcdf120a90077f"}, 41 | {file = "charset_normalizer-3.4.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0f5d9ed7f254402c9e7d35d2f5972c9bbea9040e99cd2861bd77dc68263277c7"}, 42 | {file = "charset_normalizer-3.4.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:efd387a49825780ff861998cd959767800d54f8308936b21025326de4b5a42b9"}, 43 | {file = "charset_normalizer-3.4.2-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:f0aa37f3c979cf2546b73e8222bbfa3dc07a641585340179d768068e3455e544"}, 44 | {file = "charset_normalizer-3.4.2-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:e70e990b2137b29dc5564715de1e12701815dacc1d056308e2b17e9095372a82"}, 45 | {file = "charset_normalizer-3.4.2-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:0c8c57f84ccfc871a48a47321cfa49ae1df56cd1d965a09abe84066f6853b9c0"}, 46 | {file = "charset_normalizer-3.4.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:6b66f92b17849b85cad91259efc341dce9c1af48e2173bf38a85c6329f1033e5"}, 47 | {file = "charset_normalizer-3.4.2-cp311-cp311-win32.whl", hash = "sha256:daac4765328a919a805fa5e2720f3e94767abd632ae410a9062dff5412bae65a"}, 48 | {file = "charset_normalizer-3.4.2-cp311-cp311-win_amd64.whl", hash = "sha256:e53efc7c7cee4c1e70661e2e112ca46a575f90ed9ae3fef200f2a25e954f4b28"}, 49 | {file = "charset_normalizer-3.4.2-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7"}, 50 | {file = "charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3"}, 51 | {file = "charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a"}, 52 | {file = "charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214"}, 53 | {file = "charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a"}, 54 | {file = "charset_normalizer-3.4.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd"}, 55 | {file = "charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981"}, 56 | {file = "charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c"}, 57 | {file = "charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b"}, 58 | {file = "charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d"}, 59 | {file = "charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f"}, 60 | {file = "charset_normalizer-3.4.2-cp312-cp312-win32.whl", hash = "sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c"}, 61 | {file = "charset_normalizer-3.4.2-cp312-cp312-win_amd64.whl", hash = "sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e"}, 62 | {file = "charset_normalizer-3.4.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0"}, 63 | {file = "charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf"}, 64 | {file = "charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e"}, 65 | {file = "charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1"}, 66 | {file = "charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c"}, 67 | {file = "charset_normalizer-3.4.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691"}, 68 | {file = "charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0"}, 69 | {file = "charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b"}, 70 | {file = "charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff"}, 71 | {file = "charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b"}, 72 | {file = "charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148"}, 73 | {file = "charset_normalizer-3.4.2-cp313-cp313-win32.whl", hash = "sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7"}, 74 | {file = "charset_normalizer-3.4.2-cp313-cp313-win_amd64.whl", hash = "sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980"}, 75 | {file = "charset_normalizer-3.4.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1cad5f45b3146325bb38d6855642f6fd609c3f7cad4dbaf75549bf3b904d3184"}, 76 | {file = "charset_normalizer-3.4.2-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b2680962a4848b3c4f155dc2ee64505a9c57186d0d56b43123b17ca3de18f0fa"}, 77 | {file = "charset_normalizer-3.4.2-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:36b31da18b8890a76ec181c3cf44326bf2c48e36d393ca1b72b3f484113ea344"}, 78 | {file = "charset_normalizer-3.4.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f4074c5a429281bf056ddd4c5d3b740ebca4d43ffffe2ef4bf4d2d05114299da"}, 79 | {file = "charset_normalizer-3.4.2-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c9e36a97bee9b86ef9a1cf7bb96747eb7a15c2f22bdb5b516434b00f2a599f02"}, 80 | {file = "charset_normalizer-3.4.2-cp37-cp37m-musllinux_1_2_aarch64.whl", hash = "sha256:1b1bde144d98e446b056ef98e59c256e9294f6b74d7af6846bf5ffdafd687a7d"}, 81 | {file = "charset_normalizer-3.4.2-cp37-cp37m-musllinux_1_2_i686.whl", hash = "sha256:915f3849a011c1f593ab99092f3cecfcb4d65d8feb4a64cf1bf2d22074dc0ec4"}, 82 | {file = "charset_normalizer-3.4.2-cp37-cp37m-musllinux_1_2_ppc64le.whl", hash = "sha256:fb707f3e15060adf5b7ada797624a6c6e0138e2a26baa089df64c68ee98e040f"}, 83 | {file = "charset_normalizer-3.4.2-cp37-cp37m-musllinux_1_2_s390x.whl", hash = "sha256:25a23ea5c7edc53e0f29bae2c44fcb5a1aa10591aae107f2a2b2583a9c5cbc64"}, 84 | {file = "charset_normalizer-3.4.2-cp37-cp37m-musllinux_1_2_x86_64.whl", hash = "sha256:770cab594ecf99ae64c236bc9ee3439c3f46be49796e265ce0cc8bc17b10294f"}, 85 | {file = "charset_normalizer-3.4.2-cp37-cp37m-win32.whl", hash = "sha256:6a0289e4589e8bdfef02a80478f1dfcb14f0ab696b5a00e1f4b8a14a307a3c58"}, 86 | {file = "charset_normalizer-3.4.2-cp37-cp37m-win_amd64.whl", hash = "sha256:6fc1f5b51fa4cecaa18f2bd7a003f3dd039dd615cd69a2afd6d3b19aed6775f2"}, 87 | {file = "charset_normalizer-3.4.2-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:76af085e67e56c8816c3ccf256ebd136def2ed9654525348cfa744b6802b69eb"}, 88 | {file = "charset_normalizer-3.4.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e45ba65510e2647721e35323d6ef54c7974959f6081b58d4ef5d87c60c84919a"}, 89 | {file = "charset_normalizer-3.4.2-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:046595208aae0120559a67693ecc65dd75d46f7bf687f159127046628178dc45"}, 90 | {file = "charset_normalizer-3.4.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:75d10d37a47afee94919c4fab4c22b9bc2a8bf7d4f46f87363bcf0573f3ff4f5"}, 91 | {file = "charset_normalizer-3.4.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6333b3aa5a12c26b2a4d4e7335a28f1475e0e5e17d69d55141ee3cab736f66d1"}, 92 | {file = "charset_normalizer-3.4.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e8323a9b031aa0393768b87f04b4164a40037fb2a3c11ac06a03ffecd3618027"}, 93 | {file = "charset_normalizer-3.4.2-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:24498ba8ed6c2e0b56d4acbf83f2d989720a93b41d712ebd4f4979660db4417b"}, 94 | {file = "charset_normalizer-3.4.2-cp38-cp38-musllinux_1_2_i686.whl", hash = "sha256:844da2b5728b5ce0e32d863af26f32b5ce61bc4273a9c720a9f3aa9df73b1455"}, 95 | {file = "charset_normalizer-3.4.2-cp38-cp38-musllinux_1_2_ppc64le.whl", hash = "sha256:65c981bdbd3f57670af8b59777cbfae75364b483fa8a9f420f08094531d54a01"}, 96 | {file = "charset_normalizer-3.4.2-cp38-cp38-musllinux_1_2_s390x.whl", hash = "sha256:3c21d4fca343c805a52c0c78edc01e3477f6dd1ad7c47653241cf2a206d4fc58"}, 97 | {file = "charset_normalizer-3.4.2-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:dc7039885fa1baf9be153a0626e337aa7ec8bf96b0128605fb0d77788ddc1681"}, 98 | {file = "charset_normalizer-3.4.2-cp38-cp38-win32.whl", hash = "sha256:8272b73e1c5603666618805fe821edba66892e2870058c94c53147602eab29c7"}, 99 | {file = "charset_normalizer-3.4.2-cp38-cp38-win_amd64.whl", hash = "sha256:70f7172939fdf8790425ba31915bfbe8335030f05b9913d7ae00a87d4395620a"}, 100 | {file = "charset_normalizer-3.4.2-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:005fa3432484527f9732ebd315da8da8001593e2cf46a3d817669f062c3d9ed4"}, 101 | {file = "charset_normalizer-3.4.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e92fca20c46e9f5e1bb485887d074918b13543b1c2a1185e69bb8d17ab6236a7"}, 102 | {file = "charset_normalizer-3.4.2-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:50bf98d5e563b83cc29471fa114366e6806bc06bc7a25fd59641e41445327836"}, 103 | {file = "charset_normalizer-3.4.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:721c76e84fe669be19c5791da68232ca2e05ba5185575086e384352e2c309597"}, 104 | {file = "charset_normalizer-3.4.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:82d8fd25b7f4675d0c47cf95b594d4e7b158aca33b76aa63d07186e13c0e0ab7"}, 105 | {file = "charset_normalizer-3.4.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b3daeac64d5b371dea99714f08ffc2c208522ec6b06fbc7866a450dd446f5c0f"}, 106 | {file = "charset_normalizer-3.4.2-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:dccab8d5fa1ef9bfba0590ecf4d46df048d18ffe3eec01eeb73a42e0d9e7a8ba"}, 107 | {file = "charset_normalizer-3.4.2-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:aaf27faa992bfee0264dc1f03f4c75e9fcdda66a519db6b957a3f826e285cf12"}, 108 | {file = "charset_normalizer-3.4.2-cp39-cp39-musllinux_1_2_ppc64le.whl", hash = "sha256:eb30abc20df9ab0814b5a2524f23d75dcf83cde762c161917a2b4b7b55b1e518"}, 109 | {file = "charset_normalizer-3.4.2-cp39-cp39-musllinux_1_2_s390x.whl", hash = "sha256:c72fbbe68c6f32f251bdc08b8611c7b3060612236e960ef848e0a517ddbe76c5"}, 110 | {file = "charset_normalizer-3.4.2-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:982bb1e8b4ffda883b3d0a521e23abcd6fd17418f6d2c4118d257a10199c0ce3"}, 111 | {file = "charset_normalizer-3.4.2-cp39-cp39-win32.whl", hash = "sha256:43e0933a0eff183ee85833f341ec567c0980dae57c464d8a508e1b2ceb336471"}, 112 | {file = "charset_normalizer-3.4.2-cp39-cp39-win_amd64.whl", hash = "sha256:d11b54acf878eef558599658b0ffca78138c8c3655cf4f3a4a673c437e67732e"}, 113 | {file = "charset_normalizer-3.4.2-py3-none-any.whl", hash = "sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0"}, 114 | {file = "charset_normalizer-3.4.2.tar.gz", hash = "sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63"}, 115 | ] 116 | 117 | [[package]] 118 | name = "idna" 119 | version = "3.10" 120 | description = "Internationalized Domain Names in Applications (IDNA)" 121 | optional = false 122 | python-versions = ">=3.6" 123 | groups = ["main"] 124 | files = [ 125 | {file = "idna-3.10-py3-none-any.whl", hash = "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"}, 126 | {file = "idna-3.10.tar.gz", hash = "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9"}, 127 | ] 128 | 129 | [package.extras] 130 | all = ["flake8 (>=7.1.1)", "mypy (>=1.11.2)", "pytest (>=8.3.2)", "ruff (>=0.6.2)"] 131 | 132 | [[package]] 133 | name = "requests" 134 | version = "2.32.4" 135 | description = "Python HTTP for Humans." 136 | optional = false 137 | python-versions = ">=3.8" 138 | groups = ["main"] 139 | files = [ 140 | {file = "requests-2.32.4-py3-none-any.whl", hash = "sha256:27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c"}, 141 | {file = "requests-2.32.4.tar.gz", hash = "sha256:27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422"}, 142 | ] 143 | 144 | [package.dependencies] 145 | certifi = ">=2017.4.17" 146 | charset_normalizer = ">=2,<4" 147 | idna = ">=2.5,<4" 148 | urllib3 = ">=1.21.1,<3" 149 | 150 | [package.extras] 151 | socks = ["PySocks (>=1.5.6,!=1.5.7)"] 152 | use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] 153 | 154 | [[package]] 155 | name = "urllib3" 156 | version = "2.5.0" 157 | description = "HTTP library with thread-safe connection pooling, file post, and more." 158 | optional = false 159 | python-versions = ">=3.9" 160 | groups = ["main"] 161 | files = [ 162 | {file = "urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc"}, 163 | {file = "urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760"}, 164 | ] 165 | 166 | [package.extras] 167 | brotli = ["brotli (>=1.0.9) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\""] 168 | h2 = ["h2 (>=4,<5)"] 169 | socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"] 170 | zstd = ["zstandard (>=0.18.0)"] 171 | 172 | [metadata] 173 | lock-version = "2.1" 174 | python-versions = ">=3.9" 175 | content-hash = "0fd9ae3571bfaa66431dc64de3d4189d56c16be9157dbcd86de3fd4c90725163" 176 | --------------------------------------------------------------------------------