Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/uppusaikiran/generic-parser
A Single Library Parser to extract meta information,static analysis and detect macros within the files.
https://github.com/uppusaikiran/generic-parser
dynamic-analysis libmagic machine-learning malware-analysis mime office-files pdf-parsing pe-executable python rar reverse-engineering static-analysis zip
Last synced: 3 months ago
JSON representation
A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- Host: GitHub
- URL: https://github.com/uppusaikiran/generic-parser
- Owner: uppusaikiran
- License: mit
- Created: 2017-09-23T13:26:57.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2018-09-14T12:38:27.000Z (about 6 years ago)
- Last Synced: 2024-06-21T13:27:15.244Z (5 months ago)
- Topics: dynamic-analysis, libmagic, machine-learning, malware-analysis, mime, office-files, pdf-parsing, pe-executable, python, rar, reverse-engineering, static-analysis, zip
- Language: Python
- Homepage: https://uppusaikiran.github.io/malware/generic-file-parser/
- Size: 1.38 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-yara - generic-parser
- awesome-malware-analysis - Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files. (Detection and Classification / Other Resources)
- fucking-awesome-malware-analysis - Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files. (Detection and Classification / Other Resources)
README
# Generic Parser for Analyzing Malware Files to Detect Suspicious Behaviour.
A Single Library Parser to extract meta information,static analysis and detect macros within the files.
# Usage:
## PreRequsite
1. Clone the Repo
2. Create a virutalenv
```
virtualenv pyenv
```
3. Install the requirements.
```
pip install -r requirements.txt
```
### Script Usage
```
(pyenv) admin@cuckoo:~/generic-parser$ python app.py -h
usage: app.py [-h] -f PATH [-s STORE] -y YARA -e EXTRACT [--version]
optional arguments:
-h, --help show this help message and exit
-f PATH, --path PATH File Absolute Path
-s STORE, --store STORE
Store to DB
-y YARA, --yara YARA Apply Yara Matcher
-e EXTRACT, --extract EXTRACT
Extract Features
--version show program's version number and exit
```
1. PATH : This should point to the path of the malware file which you want to analyze.
2. STORE : Enable this flag if you want to store in a database.
3. YARA : Enable this flag to apply yara to match for suspicious indicators in the file.
4. version : Shows the version of the tool.
### Features:
1. Ability to Identify the Decomposition module selected based on the mime-type.
2. Apply PDF based decomposition to extract features from the pdf file.
3. Apply Office based decomposition to extract features of office files.
4. Web Based files are decomposed to get interesting strings etc.
5. Yara is applied on the entire file to get interesting matches which can help in identifying suspicious behaviour.
### Sample UseCases
- Please refer to [USECASES](USECASES.md)