Git Product home page Git Product logo

malware_finder's Introduction

Malware Finder

Malware Finder is a Python-based tool designed to scan file directories for suspicious malware signatures. This powerful script uses regular expressions stored in a database to identify malware patterns in files. This tool is especially handy for system administrators and security professionals who need to quickly audit large volumes of files.

Features

  • Signature Based Scanning: Utilizes a database of regular expression patterns to identify potential malware.
  • Multiprocessing: Makes use of Python's multiprocessing capabilities to scan multiple files concurrently.
  • Flexible: Can scan individual files or entire directories. Files can also be scanned based on their extension.
  • Whitelisting: Provides an option to ignore certain files or directories during the scan.
  • Quarantine Option: Detected files can be moved to a different location to prevent their execution.
  • Verbose and Debug Modes: Additional output options for more information during the scan process.

How to Use

  1. Clone this repository or download the malware_finder.py script.
  2. Ensure you have Python 3.3 or later installed on your machine.
  3. Update the signatures.db file with the malware signatures you wish to scan for. These should be valid regular expressions.
  4. If you wish to use the whitelist functionality, update the whitelist.db file with the paths of files or directories you wish to ignore during the scan.
  5. Run the script from the command line as shown below:
python3 malware_finder.py -d /path/to/directory -f outputfile.txt -w

Command Line Options

  • -d, --directory: Path to directory to scan.
  • -i, --individual: Path to individual file to scan.
  • -v, --verbose: Increase output verbosity.
  • -f, --file: Output file name.
  • -e, --extension: File extension to scan for.
  • --debug: Enable debug mode (Show benchmark info).
  • -q, --quarantine: Enable quarantine mode (Rename detected files).
  • -w, --whitelist: Enable whitelist mode (Ignore files in whitelist).

For additional information or help, use:

python3 malware_finder.py --help

Author

  • Alberto Ferrer

Feel free to reach out or contribute to this project.

malware_finder's People

Contributors

bet0x avatar

Watchers

avatar avatar

Forkers

redwanthedeveloper

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.