• This repository has been archived on 16/Dec/2017
  • Stars
    star
    557
  • Rank 79,968 (Top 2 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created almost 12 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool to retrieve malware directly from the source for security researchers.

Stories in Ready Stories in In Progress Circle CI Coverage Status Code Health

 _______ _______        _______  ______ _____ _______ _    _ _______
 |  |  | |_____| |         |    |_____/   |   |______  \  /  |______
 |  |  | |     | |_____    |    |    \_ __|__ |______   \/   |______

Maltrieve

Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites. Currently we crawl the following:

Other improvements include:

  • Proxy support
  • Multithreading for improved performance
  • Logging of source URLs
  • Multiple user agent support
  • Better error handling
  • VxCage, Viper and Cuckoo Sandbox support

Installation

Maltrieve requires the following dependencies:

With the exception of the Python header files, these can all be found in requirements.txt. On Debian-based distributions, run sudo apt-get install python-dev. On Red Hat-based distributions, run sudo yum install python-devel. After that, just pip install -e .. You may need to prepend that with sudo if not running in a virtual environment, but using such an environment is highly encouraged.

Alternately, avoid all of that by using the Docker image

Usage

Basic execution: maltrieve (if installed normally) or python maltrieve.py (if just downloaded and run)

Options

usage: maltrieve [-h] [-p PROXY] [-d DUMPDIR] [-l LOGFILE] [-x] [-v] [-c] [-s]

optional arguments:
  -h, --help            show this help message and exit
  -p PROXY, --proxy PROXY
                        Define HTTP proxy as address:port
  -d DUMPDIR, --dumpdir DUMPDIR
                        Define dump directory for retrieved files
  -l LOGFILE, --logfile LOGFILE
                        Define file for logging progress
  -x, --vxcage          Dump the files to a VxCage instance
  -v, --viper           Dump the files to a Viper instance
  -r, --crits           Dump the file and domain to a CRITs instance
  -c, --cuckoo          Enable Cuckoo analysis
  -s, --sort_mime       Sort files by MIME type

Configuration File

Many of Maltrieve's command line options can be specified in maltrieve.cfg.

Automated Execution (Optional)

Cron can be used to automate the execution of Maltrieve. The following example is provided to help get you started. It will create a cron job that will run Maltrieve every day at 2:01 as a standard user. That said, we recommend enhancing this by creating a custom script for production environments.

Ubuntu

As a user, execute

crontab -e

If installed normally, add the following to the end of the file.

01 02 * * * maltrieve <optional flags>

If downloaded to a folder and executed, add the following to the end of the file.

01 02 * * * cd </folder/location> && /usr/bin/python maltrieve.py <optional flags>

Red Hat

Red Hat systems will need to ensure that the user is added to the /etc/cron.allow file.

Other Tools

Maltrieve doesn't do analysis. In addition to the integrations listed above, we can recommend using VirusTotalApi for working with VirusTotal. Malwr is a similar site based on Cuckoo Sandbox.

License

Released under GPL version 3. See the LICENSE file for full details.

Known bugs

We list all the bugs we know about (plus some things we know we need to add) at the GitHub issues page.

How you can help

Aside from pull requests, non-developers can open issues on GitHub. Things we'd really appreciate:

  • Bug reports, preferably with error logs
  • Suggestions of additional sources for malware lists
  • Descriptions of how you use it and ways we can improve it for you

Check the contributing guide for details.

More Repositories

1

coding-entertainment

Puzzles, challenges, games, CTFs, and other entertainment via coding
197
star
2

tinfoleak

Get detailed information about a Twitter user activity
Python
99
star
3

dns-exfiltration

Exfiltrate files via DNS
Python
97
star
4

donjon

Free code from http://donjon.bin.sh/code/
C
30
star
5

konig

Graph-theoretical investigation of a corpus of malware obtained from the web
Python
22
star
6

spyonweb

Python wrapper for the Spyonweb API. Not affiliated with SpyOnWeb.com or DevHQ.
Python
19
star
7

osint-scripts

Python
12
star
8

megahal

This is a python port of the MegaHAL project (an eliza-like bot that utilizes a 4th-order Markov algorithm to learn from input it receives and generate random responses). Copied from https://code.google.com/p/halpy/
Python
11
star
9

cryptopals

Matasano crypto challenges
Python
11
star
10

Dripper

Dripper.c is a fast, asynchronous DNS scanner; it can be used for enumerating subdomains and enumerating boxes via reverse DNS.
C
11
star
11

TRX

Maltego library
Python
9
star
12

scigen

Fork of SCIgen - An Automatic CS Paper Generator http://pdos.csail.mit.edu/scigen/
TeX
9
star
13

xorthis

XOR cryptanalysis tools for experimentation and education. Unsuitable for anything serious.
Python
7
star
14

incident-patterns

Data and scripts to support the incident patterns presentation
Game Maker Language
5
star
15

floorwalker

Python
5
star
16

lpthw

Learn Python the Hard Way (exercises)
Python
4
star
17

DwarfChronicler

Another Legends viewer for Dwarf Fortress
Scheme
3
star
18

4th_XOR

XOR data by the Fourth Amendment :)
3
star
19

classic-ciphers

Scripts for breaking classic ciphers
Python
2
star
20

General

Just for messing around and learning
Python
2
star
21

netfor-dc2013

Writeup and data from Network Forensics Contest 2013
CSS
1
star
22

aoc2021

Advent of Code 2021
Go
1
star
23

insult-creator

Insult creator
1
star
24

krypto

Implementation of math game Krypto
Python
1
star
25

krmaxwell.github.io

Blog
SCSS
1
star
26

lrthw

Learn Ruby the Hard Way (exercises)
Ruby
1
star
27

flail

Tool for manually searching Combine harvest data
Python
1
star
28

natureofcode.com

Book from natureofcode.com
JavaScript
1
star
29

algorithms

Simple algorithms as described in Grokking Algorithms (Bhargava 2016)
Go
1
star
30

monty-hall

Code to demonstrate the Monty Hall Problem
Python
1
star
31

hunting-tutorial-preso

For teaching others how to do this
1
star