Malware Finder is a Python-based tool designed to scan file directories for suspicious malware signatures. This powerful script uses regular expressions stored in a database to identify malware patterns in files. This tool is especially handy for system administrators and security professionals who need to quickly audit large volumes of files.
- Signature Based Scanning: Utilizes a database of regular expression patterns to identify potential malware.
- Multiprocessing: Makes use of Python's multiprocessing capabilities to scan multiple files concurrently.
- Flexible: Can scan individual files or entire directories. Files can also be scanned based on their extension.
- Whitelisting: Provides an option to ignore certain files or directories during the scan.
- Quarantine Option: Detected files can be moved to a different location to prevent their execution.
- Verbose and Debug Modes: Additional output options for more information during the scan process.
- Clone this repository or download the
malware_finder.py
script. - Ensure you have Python 3.3 or later installed on your machine.
- Update the
signatures.db
file with the malware signatures you wish to scan for. These should be valid regular expressions. - If you wish to use the whitelist functionality, update the
whitelist.db
file with the paths of files or directories you wish to ignore during the scan. - Run the script from the command line as shown below:
python3 malware_finder.py -d /path/to/directory -f outputfile.txt -w
-d
,--directory
: Path to directory to scan.-i
,--individual
: Path to individual file to scan.-v
,--verbose
: Increase output verbosity.-f
,--file
: Output file name.-e
,--extension
: File extension to scan for.--debug
: Enable debug mode (Show benchmark info).-q
,--quarantine
: Enable quarantine mode (Rename detected files).-w
,--whitelist
: Enable whitelist mode (Ignore files in whitelist).
For additional information or help, use:
python3 malware_finder.py --help
- Alberto Ferrer
Feel free to reach out or contribute to this project.