Skip to content
/ malware-organiser Public

A simple tool to organise large malicious/benign files into a organised Structure.

uppusaikiran.github.io/malware-organiser/

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

uppusaikiran/malware-organiser

BranchesTags

Repository files navigation

Malware Organiser Tool

A simple tool to organise large malicious/benign files into a organised Structure.

Usage:

PreRequsite

Creation of Table

CREATE TABLE `file_meta` (
 `md5` varchar(40) NOT NULL,
 `sha256` varchar(80) NOT NULL,
 `mime` varchar(100) NOT NULL,
 `severity` varchar(10) NOT NULL,
 `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
 `file_source` varchar(15) NOT NULL,
 `file_size` varchar(30) NOT NULL,
 `file_path` varchar(200) NOT NULL,
 `file_new_location` varchar(200) NOT NULL,
 `file_name` varchar(100) NOT NULL,
 `author` varchar(30) NOT NULL,
 `tags` varchar(250) NOT NULL,
 PRIMARY KEY (`md5`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1

Update Database Fields in the script file.

Edit the variable in the config.json file.

Application Usage

$ sudo python app.py  -h
usage: app.py [-h] -f FOLDER -src SOURCE -sev {malicious,clean} [-d DELETE] -a
              AUTHOR [-t TAGS]

optional arguments:
  -h, --help            show this help message and exit
  -f FOLDER, --folder FOLDER
                        Samples Folder/File
  -src SOURCE, --source SOURCE
                        Source from which malware is downloaded
  -sev {malicious,clean}, --severity {malicious,clean}
                        Benign or Malicious
  -d DELETE, --delete DELETE
                        Delete files from source folder after copying
  -a AUTHOR, --author AUTHOR
                        Author name
  -t TAGS, --tags TAGS  Tags to classify the samples

Index samples based on the Condition

$ python query.py -h
usage: database.py [-h] -m MIME [-s SIZE] -src SOURCE -sev {malicious,clean}
                   -a AUTHOR [-t TAGS]

optional arguments:
  -h, --help            show this help message and exit
  -m MIME, --mime MIME  Mime Type of Files for query
  -s SIZE, --size SIZE  Size query of files (Specify Range in MB like 1,2 or 1 )
  -src SOURCE, --source SOURCE
                        Source from which malware is downloaded
  -sev {malicious,clean}, --severity {malicious,clean}
                        Benign or Malicious
  -a AUTHOR, --author AUTHOR
                        Author name
  -t TAGS, --tags TAGS  Tags to classify the samples

Featues:

  1. Ability to classify malware/benign files based on the mime_type
  2. Index records in Database to fetch files which match different conditions like
    • All pdf files with size less than 1MB and collected from Virustotal(Source)
    • All clean files which are collected yesterday and are fresh files.
  3. Tagging different files based on family_name,source etc is implemented.

About

A simple tool to organise large malicious/benign files into a organised Structure.

uppusaikiran.github.io/malware-organiser/

Topics

malware mime-types malware-analysis malware-research malicious clean-file

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages