https://github.com/arjunraj79/malware-detection-using-yara-advanced

https://github.com/arjunraj79/malware-detection-using-yara-advanced

Last synced: about 2 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/arjunraj79/malware-detection-using-yara-advanced
• Owner: arjunraj79
• Created: 2024-11-25T08:12:10.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2024-11-25T08:18:23.000Z (6 months ago)
• Last Synced: 2025-01-29T11:45:46.422Z (4 months ago)
• Language: Python
• Size: 81.1 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Advanced Malware Scanner with Yara

This is an advanced malware scanner implemented in Python using the Yara library. It provides the following features:

* **Recursive directory scanning:** Scans entire directories and subdirectories for malware.

* **Archive handling:**  Scans files within ZIP archives.

* **File type filtering:** Allows you to specify file extensions to include or exclude during the scan.

* **Hash calculation:** Calculates the SHA256 hash of detected files for further analysis.

* **Command-line arguments:** Provides flexibility to specify the path, rule file, and file extensions.

## Requirements

* Python 3.x

* Yara

* `yara-python` library

* `zipfile` (built-in Python module)

## Installation

1. **Install Python:** Download and install the latest version of Python from [python.org](https://www.python.org/).

2. **Install Yara:** Download the Yara binaries for your operating system from the official Yara website ([virustotal.github.io/yara/](https://virustotal.github.io/yara/)). Extract the downloaded archive and add the `bin` directory to your system's PATH environment variable.

3. **Install `yara-python`:** Open your terminal or command prompt and run:

   ```

   pip install yara-python

   ```

### Usage

```

python scanner.py  [-r ] [-e ]

```

: Path to the file or directory to scan.

-r : Path to the Yara rule file (default: rules.yara).

-e : List of file extensions to scan (e.g., exe dll pdf).

Examples

Scan a directory:

```

python scanner.py C:\Users\YourName\Downloads

```

### Scan a directory with a custom rule file:

```

python scanner.py C:\Users\YourName\Downloads -r my_rules.yara

```

### Scan a directory, filtering for specific file extensions:

```

python scanner.py C:\Users\YourName\Downloads -e exe dll pdf

```

### Output









### Note

This is an advanced example and can be further enhanced by integrating with online malware databases, implementing heuristic analysis, or using a sandbox environment for dynamic analysis.

### Contributions are Welcomed!