Skip to content
Python Malware Crawler for Zoos and Repositories
Branch: master
Clone or download
Ricardo Dias
Ricardo Dias script commit
Latest commit 0e83052 Oct 12, 2012
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Initial commit Oct 11, 2012
README.md first commit Oct 12, 2012
mwcrawler.py script commit Oct 12, 2012

README.md

mwcrawler

mwcrawler is a simple python script that parses malicious url lists from well known websites (i.e. MDL, Malc0de) in order to automatically download the malicious code. It can be used to populate malware repositories or zoos.

Currently the script parses the following sources:

The downloaded content is stored in /opt/malware/unsorted/ by default, so you need to create this folder first, or change the source code otherwise. Sub-folders will be created, based on the magic numbers of the downloaded content (i.e. PE32, PDF, ZIP). For the sake of simplicity note that the script splits the file description string and only use the first 'token'.

The file name is set based on the calculated MD5 hash, which is also used to check if the file exists, thus avoiding duplicate entries in the directories. Please note that the original file name (set in the url or http header) is ignored.

Additionally if you have Angelo Dell'Aera's thug installed, you can enable html code for low interaction analysis.

Requirements:

Usage:

$ python mwcrawler.py

Use '-t' for thug analysis $ python mwcrawler.py -t

References:

thug repository - http://github.com/buffer/thug

You can’t perform that action at this time.