{"id":31780720,"url":"https://github.com/malwaredb/malwaredb-rs","last_synced_at":"2026-03-01T02:19:55.055Z","repository":{"id":80634695,"uuid":"603913544","full_name":"malwaredb/malwaredb-rs","owner":"malwaredb","description":"MalwareDB: bookkeeping for malware, goodware, and unknown files with relationship discovery","archived":false,"fork":false,"pushed_at":"2025-10-08T02:20:50.000Z","size":4096,"stargazers_count":53,"open_issues_count":31,"forks_count":6,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-10-08T04:15:16.405Z","etag":null,"topics":["cybersecurity","forensics-tools","hacktoberfest","malware","malware-analysis","malware-research"],"latest_commit_sha":null,"homepage":"https://malwaredb.net","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/malwaredb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"malwaredb","liberapay":"rjzak"}},"created_at":"2023-02-19T23:14:47.000Z","updated_at":"2025-10-08T02:20:53.000Z","dependencies_parsed_at":"2023-07-05T11:30:31.707Z","dependency_job_id":"bfa71192-ca80-48cb-a64e-6503b3c2f9b9","html_url":"https://github.com/malwaredb/malwaredb-rs","commit_stats":null,"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/malwaredb/malwaredb-rs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredb%2Fmalwaredb-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredb%2Fmalwaredb-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredb%2Fmalwaredb-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredb%2Fmalwaredb-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/malwaredb","download_url":"https://codeload.github.com/malwaredb/malwaredb-rs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredb%2Fmalwaredb-rs/sbom","scorecard":{"id":614710,"data":{"date":"2025-08-21T02:02:03Z","repo":{"name":"github.com/malwaredb/malwaredb-rs","commit":"961831ea4255e662024ff18857dc537468b2da02"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":8.2,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/10 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":9,"reason":"dependency not pinned by hash detected -- score normalized to 9","details":["Warn: pipCommand not pinned by hash: .github/workflows/test.yml:50","Info:  66 out of  66 GitHub-owned GitHubAction dependencies pinned","Info:  34 out of  34 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/python_release.yml:252","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:319","Info: topLevel 'contents' permission set to 'read': .github/workflows/commisery.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/coverage.yml:4","Info: topLevel permissions set to 'read-all': .github/workflows/dco.yml:3","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/python_release.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:4"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (20) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/python_release.yml:240"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: malwaredb-client_0.1.1-1_amd64.deb.minisig: https://github.com/malwaredb/malwaredb-rs/releases/tag/v0.1.1","Info: signed release artifact: malwaredb-client_0.1.0-1_amd64.deb.minisig: https://github.com/malwaredb/malwaredb-rs/releases/tag/v0.1.0","Info: signed release artifact: malwaredb-client_0.0.22-1_amd64.deb.minisig: https://github.com/malwaredb/malwaredb-rs/releases/tag/v0.0.22","Info: signed release artifact: malwaredb-client_0.0.21-1_amd64.deb.minisig: https://github.com/malwaredb/malwaredb-rs/releases/tag/v0.0.21","Info: signed release artifact: malwaredb-client_0.0.20-1_amd64.deb.minisig: https://github.com/malwaredb/malwaredb-rs/releases/tag/v0.0.20a","Warn: release artifact v0.1.1 does not have provenance: https://api.github.com/repos/malwaredb/malwaredb-rs/releases/236131600","Warn: release artifact v0.1.0 does not have provenance: https://api.github.com/repos/malwaredb/malwaredb-rs/releases/228974583","Warn: release artifact v0.0.22 does not have provenance: https://api.github.com/repos/malwaredb/malwaredb-rs/releases/222202839","Warn: release artifact v0.0.21 does not have provenance: https://api.github.com/repos/malwaredb/malwaredb-rs/releases/215631369","Warn: release artifact v0.0.20a does not have provenance: https://api.github.com/repos/malwaredb/malwaredb-rs/releases/209482996"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/malwaredb/.github/SECURITY.md:1","Info: Found linked content: github.com/malwaredb/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/malwaredb/.github/SECURITY.md:1","Info: Found text in security policy: github.com/malwaredb/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Contributors","score":10,"reason":"project has 5 contributing companies or organizations","details":["Info: found contributions from: bsidesnova2022-supplychain, enarx, golang-haiku, malwaredb, profianinc"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"20 out of 20 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2024-0436"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T03:35:43.718Z","repository_id":80634695,"created_at":"2025-08-21T03:35:43.718Z","updated_at":"2025-08-21T03:35:43.718Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003301,"owners_count":26083555,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","forensics-tools","hacktoberfest","malware","malware-analysis","malware-research"],"created_at":"2025-10-10T08:18:23.899Z","updated_at":"2026-02-03T07:05:02.228Z","avatar_url":"https://github.com/malwaredb.png","language":"Rust","funding_links":["https://github.com/sponsors/malwaredb","https://liberapay.com/rjzak"],"categories":[],"sub_categories":[],"readme":"## Malware DB\n[![Test](https://github.com/malwaredb/malwaredb-rs/actions/workflows/test.yml/badge.svg)](https://github.com/malwaredb/malwaredb-rs/actions/workflows/test.yml)[![Lint](https://github.com/malwaredb/malwaredb-rs/actions/workflows/lint.yml/badge.svg)](https://github.com/malwaredb/malwaredb-rs/actions/workflows/lint.yml)[![Cross](https://github.com/malwaredb/malwaredb-rs/actions/workflows/release.yml/badge.svg)](https://github.com/malwaredb/malwaredb-rs/actions/workflows/release.yml)[![Crates.io Version](https://img.shields.io/crates/v/malwaredb)](https://crates.io/crates/malwaredb)[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/malwaredb/malwaredb-rs/badge)](https://securityscorecards.dev/viewer/?uri=github.com/malwaredb/malwaredb-rs)[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8234/badge)](https://www.bestpractices.dev/projects/8234)\n\nInspired by [VXCage](https://github.com/botherder/vxcage) and [VirusTotal](https://www.virustotal.com/), Malware DB is a malware knowledge management system which handles the bookkeeping regarding malware/goodware samples: hashes, origination, similarity, file types, and more. Its intention is to help malware/cybersecurity researchers, forensic investigators, and others who have a need to handle malware, or other files of potentially unknown origin. This is very much a **work in progress** and **beta-quality** project at present. Additionally, this program is not designed to prevent adverse issues which may arise from storing, handling, or allowing access to malware samples; use at your own risk. Be sure to follow best practices. There are no warranties or guarantees, expressed or implied.\n\nMalware DB was presented at [Shmoocon](https://www.shmoocon.org) 2025: [Slides](https://github.com/rjzak/malwaredb_shmoocon_2025/releases/download/v1/MalwareDB_Shmoocon_Firetalk.pdf)\n\n### Key Features:\n* Store malicious, benign, or unknown file samples.\n* Categorize samples by:\n  * Labels, build your own custom hierarchical taxonomy.\n  * Origin, the source of the sample.\n* Permissions by group, access to file based on users' group membership\n* Fetch samples by hash\n* Search based on file similarity (requires the Postgres plugins mentioned below) or by Yara rules\n* Parse the files for features which may be useful for machine learning models (in the future)\n* Works on any modern operating system\n* Allow encrypting the files on disk so the server does not cause problems with endpoint security or antivirus software\n* Supports the [CaRT](https://github.com/CybercentreCanada/cart) format using the [default key](https://github.com/CybercentreCanada/cart-rs/blob/7ad548143bb85b64f364804e90cfada6c31cf902/cart_container/src/cipher.rs#L14-L17).\n\n### Requirements:\n* [Postgres](http://postgresql.org/) database server, preferred over [SQLite](https://sqlite.org).\n* [Rust](https://www.rust-lang.org/) to compile from source. Or install a released binary from the [releases page](https://github.com/malwaredb/malwaredb-rs/releases/).\n* [libmagic](https://www.darwinsys.com/file/) which is the `file` command. Install `libmagic-dev` on Linux, or `brew install libmagic` on macOS with [Homebrew](https://brew.sh/).\n  * On Windows: `cargo install cargo-vcpkg; vcpkg install libmagic; vcpkg integrate install`\n  * The `MAGIC` environment variable may be used to specify the paths for the libmagic database.\n* Similarity hash extensions for Postgres:\n  * [LZJD](https://github.com/malwaredb/LZJD)\n  * [SSDeep](https://github.com/malwaredb/ssdeep_psql)\n  * [TLSH](https://github.com/malwaredb/tlsh_pg)\n* Alternatively, use [docker](https://github.com/malwaredb/docker) which provides a container with the Postgres extensions already installed (though they still have to be activated, see the [readme](https://github.com/malwaredb/docker/blob/main/README.md)).\n\n### Installation\nThere are a few installation options:\n\n* Install a binary from the [latest release](https://github.com/malwaredb/malwaredb-rs/releases/latest). There are Debian packages for ARM and x86. Binaries are available for Linux, macOS, and Windows (ARM and x86). If you need a 32-bit binary, or a binary for a different operating system, you'll have to compile from source.\n* Install from source:\n  * [Install Rust](https://rust-lang.org/tools/install/) if you don't have it already.\n  * `git clone https://github.com/malwaredb/malwaredb-rs.git`\n  * `cd malwaredb-rs`\n  * `cargo build --release --features=admin,admin-gui,sqlite,vt,yara`\n\n* Install from source by building from crates.io:\n  * [Install Rust](https://rust-lang.org/tools/install/) if you don't have it already.\n  * `cargo install malwaredb-client`\n  * `cargo install malwaredb --features=admin,admin-gui,sqlite,vt,yara` (activates all the features, requires some external dependencies)\n\nThe Python client is available on [PyPI](https://pypi.org/project/malwaredb/):\n* `pip install malwaredb` to get the Python module\n\n#### Features\nServer Features (which are all opt-in):\n  * `admin`: command-line administrative functionality, needed to configure the server, at least initially.\n  * `admin-gui`: [Slint](https://slint.dev/)-powered GUI, tested and works on macOS, Linux, Windows, might work elsewhere?\n  * `sqlite`: Allow the use of [SQLite](https://www.sqlite.org/) as a database backend. This is primarily for testing but should be fine for smaller environments.\n  * `vt`: Allow (but still must be enabled) the Virus Total functionality (cache AV data for contained samples, optionally submit samples to VT if VT hasn't seen them before).\n  * `yara`: Enable searching for files using [YARA](https://virustotal.github.io/yara/) rules.\n\n### Future\n* Planned features:\n  * Web interface as a separate application\n  * GUI applications\n  * Support for [Confidential Computing](https://en.wikipedia.org/wiki/Confidential_computing)\n    * Initially for Enarx: [Website](https://enarx.dev/), [Code](https://github.com/enarx/enarx)\n    * Learn more at the [Confidential Computing Consortium](https://confidentialcomputing.io/) website.\n  * Encrypting samples, if stored, so the antivirus on host system doesn't trigger alerts, or allow for accidental infection.\n  * Train ML models based on features of the malicious \u0026 benign files:\n    * Domain-specific features (parsed features from specific file types)\n    * Type-agnostic features (information about any sequence of bytes, such as n-grams, entropy, length, etc)\n    * Use user input for tags/labels\n    * Labels from Virus Total information for labels with tools like `ClarAVy` ([Code](https://github.com/NeuromorphicComputationResearchProgram/ClarAVy), [Paper](https://arxiv.org/abs/2310.11706)) or [AVClass2](https://arxiv.org/abs/2006.10615).\n* Potential features:\n  * File storage backends for HDFS, S3, others?\n* Something missing? Get in touch: file an [issue](https://github.com/malwaredb/malwaredb-rs/issues/new) or start a [discussion](https://github.com/orgs/malwaredb/discussions)!\n\n### Getting Started:\n0. Compile from source, ideally with `--features=admin,sqlite`.\n1. Create your configuration file. Compile with the `sqlite` feature to use `SQLite`. This is more for testing and evaluation than using in a real environment. See the example file in the root of the repository for an example.\n  * If the storage section is empty (it's optional), then Malware DB will only store the metadata about the files, and will not store the samples. That means getting the original file will not be available.\n2. Place the config file in `/etc/mdb_server/mdb_config.toml` on Linux, or `/usr/local/etc/mdb_server/mdb_config.toml` on FreeBSD for automatic config file detection. Otherwise, run with `mdb_server run load /path/to/file`, or `mdb_server run config` to specify arguments on the command line. Run with `--help` to see details.\n\n#### Postgres\nSome example commands which might be useful for creating the Postgres database:\n```sql\nCREATE USER malwaredb WITH PASSWORD 'PUT_YOUR_STRONG_PASWORD_HERE!';\n\n-- If you expect to have a large collection, consider making a Tablespace on a larger drive.\nCREATE TABLESPACE malwaredb LOCATION '/path/to/tablespace';\n\nCREATE DATABASE malwaredb OWNER malwaredb; -- Owner name must match above.\nCREATE DATABASE malwaredb OWNER malwaredb TABLESPACE malwaredb; -- Owner name must match above, use this option if you created a Tablespace.\n```\n\nThen, load the required extensions. See:\n* [LZJD](https://github.com/malwaredb/LZJD)\n* [SSDeep](https://github.com/malwaredb/ssdeep_psql)\n* [TLSH](https://github.com/malwaredb/tlsh_pg)\n\nFor each, you'll run the instllation command reference in the respective readme as the Postgres administative user (usually `postgres` on Linux) after connecting to the database. It might look something like this:\n```bash\nroot@localhost:~# su - postgres\npostgres@localhost:~$ psql malwaredb\npsql (17.6 (Debian 17.6-0+deb13u1))\nType \"help\" for help.\n\nmalwaredb=# CREATE OR REPLACE FUNCTION tlsh_compare(TEXT, TEXT) RETURNS INTEGER AS 'tlsh_psql.so', 'pg_tlsh_compare' LANGUAGE 'c';\nCREATE FUNCTION\nmalwaredb=# exit\npostgres@localhost:~$\n```\n\n### Administrative Items\n1. Since you compiled with the `admin` feature above, you can run `mdb_server admin --help` to see administrative options. Admin options require `-c /path/to/config.toml` to prevent making accidental changes. Note: using the `admin` command interactions with the database directly, so the server does not need to be running.\n2. List users with: `mdb_server admin -c /path/to/config.toml list users`. There is a default admin user, but no password is set. So let's set one.\n3. Reset Admin's password: `mdb_server admin -c /path/to/config.toml reset-password --uname admin`. You'll be prompted for the password and it won't echo. The admin user doesn't do anything special at the moment, but that will change.\n4. Files are organized by sources, and groups have access to sources. So groups and sources must be added and linked to be able to add files.\n  * Create a source, look at the command line options: `mdb_server admin -c /path/to/config.toml create source --help`\n  * Create a group, look at the command line options: `mdb_server admin -c /path/to/config.toml create group --help`\n  * Add the group to the source, look at the command line options: `mdb_server admin -c /path/to/config.toml add-group-to-source --help`\n  * Add the user to the group, look at the command line options: `mdb_server admin -c /path/to/config.toml add-user-to-group --help`\n5. Using the client to login with `mdb_client` while `mdb_server` is running: `mdb_client login http://localhost:8080 admin`, replacing the URL with the actual IP and port you chose in the server configuration file.\n6. Test that the client works with `mdb_client whoami`, it should show the user information and available groups and sources.\n\n### Loading Files\n* Files may be uploaded using the client: `mdb_client submit-samples -s SOURCE_ID /path/to/files_or_dirs`. Paths may be to files or directories, and more than one path may be specified. All items will be uploaded to the same source (specified by the ID). If the file is a Zip, it will be decompressed in memory and each file submitted individually as long as it's not a known document type (like MS Office .docx, .xlsx, etc.).\n* Files may also be uploaded using the admin command from the server: `mdb_server admin -c /path/to/config.toml -s SOURCE_ID -u USER_ID /path/to/files_or_dirs`. With the server admin function, a user ID must also be provided. Otherwise, this works the same way as the client, directories and files may be provided, they will be associated with the same source, and Zip files will be decompressed in memory and submitted individually if not a known MS Office format.\n\n### Downloading Files\n* Using the client, a sample may be retrieved using it's hash. Hash types are detected by length, and supported hashes are: MD5, SHA1, SHA256, SHA384, and SHA512.\n* `mdb_client retrieve-sample SPECIFY_HASH_HERE`. One hash per request, and it will be downloaded if it exists, and if the user has access to the group and source to which the sample is linked.\n\n### Searching for Similar Files\n* Using the client, similarity hashes are calculated and submitted to the server. The sample is not sent to the server! Just hashes.\n* `mdb_client find-similar /path/to/file.bin`. The same restriction with downloading applies: the user must have access to the group and source to which a potential similar file is linked. The output will be the hashes of the similar files, and by what means (similarity algorithm) the result is similar.\n\n### Misc. Client Commands\n* `mdb_client server-info` displays some statics about the server, including version numbers, database type, and total amount of files.\n* `mdb_client server-types` displays a list and magic numbers of supported file types.\n\n### Goals\nSome overall goals and design:\n* Malware DB shall be easy to use.\n* Malware DB shall be a place to store *your* data and use a simple database schema so that other applications may interact with the data directly.\n* Malware DB shall collect and enrich malicious and benign files so that some features may be used for machine learning models.\n* Malware DB should provide reusable components which may benefit other projects, even if not directly related.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalwaredb%2Fmalwaredb-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmalwaredb%2Fmalwaredb-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalwaredb%2Fmalwaredb-rs/lists"}