Basic Malware Reconnaissance Tool by Outrider
This is just a simple tool used to automate some of the more mundane tasks when obtaining malware. The final action is to compress/encrypt all of the files in a 7z for portability and analysis. It is designed to work out-of-the-box with Kali Linux, but should work with most 'nix distros with no problem.
I plan to add more features as I think of them - if you have any ideas, especially for more useful tools and outputs, please let me know!
Usage: Performs basic malware/download reconnaissance of URLs (curl, wget, hashing, etc.)
Syntax: malrecon
or malrecon [URL] [Case Number] [Zip File Password]
Example: malrecon http://malwaredomain.org/payload1 IN123456 MalZippity!
Installed via installer script - Note: FLOSS is still a manual install at this time, work in progress.
binutils Contains the strings utility
p7zip-full 7zip file archiver
floss FireEye Labs Obfuscated String Solver (FLOSS) - https://github.com/fireeye/flare-floss
.7z Compressed & encrypted vault of all other outputs
.curl Curls the URL provided
.floss FLOSS output of the .malware file
.header File header and hex values of the .malware file
.malware The downloaded file/binary - this is the file that is analyzed by other tools
.md5 MD5sum of the .malware file
.password Password to .7z file
.properties Summarized file properties of the .malware file
.sha256 SHA256sum of the .malware file
.strings Strings output of the .malware file
.url URL used to operate the script / URL reconned
.wget wget command log file of output
This assumes you have Git installed and that you are using Kali Linux. Add 'sudo' before commands if you are not logged in as root, or using another distro.
mkdir -p [/install/path]
cd [/install/path]
git clone https://github.com/0utrider/malrecon
chmod +x install
./install
Simply run the update script from within the malrecon directory.
cd [/install/path]/malrecon
./update
- Add 7zip support
- Add dependency installer script - in progress
- Move user-set variables to a homedir preferences file
- Find additional tools to use for outputs