Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/uppusaikiran/malware-organiser
A simple tool to organise large malicious/benign files into a organised Structure.
https://github.com/uppusaikiran/malware-organiser
clean-file malicious malware malware-analysis malware-research mime-types
Last synced: about 2 months ago
JSON representation
A simple tool to organise large malicious/benign files into a organised Structure.
- Host: GitHub
- URL: https://github.com/uppusaikiran/malware-organiser
- Owner: uppusaikiran
- License: mit
- Created: 2017-11-21T19:24:15.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2018-09-19T12:07:26.000Z (over 6 years ago)
- Last Synced: 2024-08-09T13:31:05.037Z (6 months ago)
- Topics: clean-file, malicious, malware, malware-analysis, malware-research, mime-types
- Language: Python
- Homepage: https://uppusaikiran.github.io/malware-organiser/
- Size: 23.4 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-malware-analysis - Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure. (Miscellaneous / Other Resources)
- fucking-awesome-malware-analysis - Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure. (Miscellaneous / Other Resources)
README
# Malware Organiser Tool
A simple tool to organise large malicious/benign files into a organised Structure.
# Usage:
## PreRequsite
### Creation of Table
```
CREATE TABLE `file_meta` (
`md5` varchar(40) NOT NULL,
`sha256` varchar(80) NOT NULL,
`mime` varchar(100) NOT NULL,
`severity` varchar(10) NOT NULL,
`timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`file_source` varchar(15) NOT NULL,
`file_size` varchar(30) NOT NULL,
`file_path` varchar(200) NOT NULL,
`file_new_location` varchar(200) NOT NULL,
`file_name` varchar(100) NOT NULL,
`author` varchar(30) NOT NULL,
`tags` varchar(250) NOT NULL,
PRIMARY KEY (`md5`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1
```
### Update Database Fields in the script file.
Edit the variable in the config.json file.
### Application Usage
```
$ sudo python app.py -h
usage: app.py [-h] -f FOLDER -src SOURCE -sev {malicious,clean} [-d DELETE] -a
AUTHOR [-t TAGS]
optional arguments:
-h, --help show this help message and exit
-f FOLDER, --folder FOLDER
Samples Folder/File
-src SOURCE, --source SOURCE
Source from which malware is downloaded
-sev {malicious,clean}, --severity {malicious,clean}
Benign or Malicious
-d DELETE, --delete DELETE
Delete files from source folder after copying
-a AUTHOR, --author AUTHOR
Author name
-t TAGS, --tags TAGS Tags to classify the samples
```
### Index samples based on the Condition
```
$ python query.py -h
usage: database.py [-h] -m MIME [-s SIZE] -src SOURCE -sev {malicious,clean}
-a AUTHOR [-t TAGS]
optional arguments:
-h, --help show this help message and exit
-m MIME, --mime MIME Mime Type of Files for query
-s SIZE, --size SIZE Size query of files (Specify Range in MB like 1,2 or 1 )
-src SOURCE, --source SOURCE
Source from which malware is downloaded
-sev {malicious,clean}, --severity {malicious,clean}
Benign or Malicious
-a AUTHOR, --author AUTHOR
Author name
-t TAGS, --tags TAGS Tags to classify the samples
```
Featues:
1. Ability to classify malware/benign files based on the mime_type
2. Index records in Database to fetch files which match different conditions like
* All pdf files with size less than 1MB and collected from Virustotal(Source)
* All clean files which are collected yesterday and are fresh files.
3. Tagging different files based on family_name,source etc is implemented.