Skip to content

Python Malware Crawler for Zoos and Repositories

Notifications You must be signed in to change notification settings

elhoim/mwcrawler

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

mwcrawler

mwcrawler is a simple python script that parses malicious url lists from well known websites (i.e. MDL, Malc0de) in order to automatically download the malicious code. It can be used to populate malware repositories or zoos.

Currently the script parses the following sources:

The downloaded content is stored in /opt/malware/unsorted/ by default, so you need to create this folder first, or change the source code otherwise. Sub-folders will be created, based on the magic numbers of the downloaded content (i.e. PE32, PDF, ZIP). For the sake of simplicity note that the script splits the file description string and only use the first 'token'.

The file name is set based on the calculated MD5 hash, which is also used to check if the file exists, thus avoiding duplicate entries in the directories. Please note that the original file name (set in the url or http header) is ignored.

Additionally if you have Angelo Dell'Aera's thug installed, you can enable html code for low interaction analysis.

Requirements:

Usage:

$ python mwcrawler.py

Use '-t' for thug analysis $ python mwcrawler.py -t

References:

thug repository - http://github.com/buffer/thug

About

Python Malware Crawler for Zoos and Repositories

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published