A Swiss knife for blue teamers - I really got tired of having to check everything over and over on the browser
MalKnife is a Python script perfect for any blue teamers - analyst in SOC, on threat intelligence, on malware analysis. It provides the following options:
- Check a file using an absolute path
- Check an IP
- Check a hash
- Decode from Base64
- Whois search
MalKnife requires the following Python libraries:
pip install requests
pip install hashlib
pip install whois
You will need a VirusTotal API key. For getting one do the following:
- Go to VirusTotal
- Create an account / Log in
- Click on your name on the upper, right side of the window
- Click on 'API key'
- Copy it and paste it when the script asks you for it
Do the following:
- Go to AbuseIPDB website
- Log into your account. If you don't have one create one and confirm your email
- On your account dashboard you will see a row of buttons. Select 'API'
- When prompted, select 'Create key'
- Copy it and paste it when the script asks you for one
First, clone this repository on your computer
git clone https://github.com/HectorEspejo/MalKnife.git
Then just do the usual running method with Python scripts
python MalKnife.py
- Integration with other OSINTs like IBM X-Force, Talos (this will require API keys for each of them too)
- Add main option to check if IP is from VPN vendor with Spur.us
- Integration of Whois
- Base64 decoding
- Give option to check if there are any Any.run sandbox machines for that file
- Check reputation of website with AbuseIPDB
- Ability to send reports
- More