MalSys is a versatile toolkit designed to assist in your malware analysis endeavors. As of now, it primarily leverages the , to retrieve information pertinent to a given file or hash. In essence, MalSys functions as a command line interface (CLI) tool that encapsulates most of the features available on the MalwareBazar API.
git clone https://github.com/UncleJ4ck/MalSys
cd MalSys
pip3 install -r requirements.txt
python3 main.py
python3 main.py <operation> <arguments>- Download a sample from malware bazar
python3 main.py download_sample --hash <SHA256 hash of the malware sampleThis command will download, unzip, and store the sample as a .exe or .bin file (or another format depending on the sample's filetype).
- Scans a file using a specified file path or hash
python3 main.py scan_file --hash 'hash of the sample'python3 main.py scan_file --file 'path of the sample'
- Query an icon dhash using a specified file or hash
python3 main.py query_icon_dhash --hash 'hash'This command will query the hash using the MalwareBazar API.
python3 main.py query_icon_dhash --file 'sample'
The features within MalSys mirror those available on the MalwareBazar API website, and this holds true across all operations.
docker run -it malsys:latest
docker run -it malsys:latest python3 main.py 'operation' 'arguments'
- Addition of other free API services such as AlienVault, etc.
- Implementation of features like IOC scanning and Yara Generation
- Bug fixes
- Incorporation of live dynamic analysis via sandboxing and other methods