Skip to content
/ malrecon Public

MalRecon - Basic Malware Reconnaissance and Analysis Tool

License

Apache-2.0 license
26 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0utrider/malrecon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
install
install
 
 
malrecon
malrecon
 
 
update
update
 
 
version
version
 
 

Repository files navigation

MalRecon

Basic Malware Reconnaissance Tool by Outrider

Information

This is just a simple tool used to automate some of the more mundane tasks when obtaining malware. The final action is to compress/encrypt all of the files in a 7z for portability and analysis. It is designed to work out-of-the-box with Kali Linux, but should work with most 'nix distros with no problem.

I plan to add more features as I think of them - if you have any ideas, especially for more useful tools and outputs, please let me know!

Usage: Performs basic malware/download reconnaissance of URLs (curl, wget, hashing, etc.)

Syntax: malrecon or malrecon [URL] [Case Number] [Zip File Password]

Example: malrecon http://malwaredomain.org/payload1 IN123456 MalZippity!

Prerequisites

Installed via installer script - Note: FLOSS is still a manual install at this time, work in progress.

binutils      Contains the strings utility
p7zip-full    7zip file archiver
floss         FireEye Labs Obfuscated String Solver (FLOSS) - https://github.com/fireeye/flare-floss

File Outputs

.7z           Compressed & encrypted vault of all other outputs
.curl         Curls the URL provided
.floss        FLOSS output of the .malware file
.header       File header and hex values of the .malware file
.malware      The downloaded file/binary - this is the file that is analyzed by other tools
.md5          MD5sum of the .malware file
.password     Password to .7z file
.properties   Summarized file properties of the .malware file
.sha256       SHA256sum of the .malware file
.strings      Strings output of the .malware file
.url          URL used to operate the script / URL reconned
.wget         wget command log file of output

How To Install

This assumes you have Git installed and that you are using Kali Linux. Add 'sudo' before commands if you are not logged in as root, or using another distro.

mkdir -p [/install/path]
cd [/install/path]
git clone https://github.com/0utrider/malrecon
chmod +x install
./install

How to Update

Simply run the update script from within the malrecon directory.

cd [/install/path]/malrecon
./update

To-Do

  • Add 7zip support
  • Add dependency installer script - in progress
  • Move user-set variables to a homedir preferences file
  • Find additional tools to use for outputs

About

MalRecon - Basic Malware Reconnaissance and Analysis Tool

Resources

Readme

License

Apache-2.0 license
Activity

Stars

26 stars

Watchers

4 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages