Giters

dcmorton / MalwareTools

Tools for malware collection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

MalwareTools

Some tools used by me for maintaining my malware collection

All tools licensed under the GPL, see LICENSE for more info

vt_results_to_mongo.py

Submits malware files to VirusTotal using version 2.0 of the VirusTotal Public API and saves results in a MongoDB collection.

######Usage overview:

$ python vt_results_to_mongo.py -h
usage: vt_results_to_mongo.py [-h] [-f FILENAME] [-d DIRNAME]

This is a script to submit samples to VirusTotal

optional arguments:
  -h, --help   show this help message and exit
  -f FILENAME
  -d DIRNAME

Before you get started you will need to define the following in the script:

# Define your VirusTotal API Key
API_KEY = ''

#Define your MongoDB connection deatils
MONGO_IP = ''
MONGO_PORT = 27017
MONGO_DB = ''
MONGO_COLLECTION = ''

######Examples:

Scan a single file:

python vt_results_to_mongo.py -f ./badfile.exe

Scan a single directory:

python vt_results_to_mongo.py -d ./infected_dir/

Scan a directory and a file:

python vt_results_to_mongo.py -d ./another_infected_dir/ -f ./yuckystuff.exe

vtsubmit.py

This is the old script; recommend using the vt_results_to_mongo.py instead.

Submits malware files to VirusTotal using version 1.0 of the VirusTotal Public API and saves results to a MySQL database.

See https://www.virustotal.com/documentation/public-api/v1/ for more VT API info.

######Usage instructions:

1) Create VirusTotal account, get your Public API key
2) Add your API key and MySQL connection info to the relevant parts of vtsumbit.py
3) Create the tables in the database by calling: 

python vtsubmit.py --init

4) Start adding files by running:

python vtsubmit.py -v -f <filename>

If a sample already exists in the database, use the "-o" option to resumbit it to retrive updated results from VirusTotal.

This script is based of Michael Ligh's avsubmit.py script from the Malware Analyst's Cookbook. The original script is available here: http://code.google.com/p/malwarecookbook/

mal_to_db.py

Add malware files and their hashes to a MySQL database, saving them as LONGBLOBs in the database structure

######Usage instructions:

1) Add your MySQL connection info to the relevant locations of mal_to_db.py
2) Create the table in the database by calling: 

python mal_to_db.py --init

3) Start adding files by running:

python mal_to_db.py -u -f <filename>

If a sample already exists in the database, use the "-o" option to delete the previous sample and re-add it.

About

Tools for malware collection

License:GNU General Public License v3.0

Languages

Language:Python 100.0%