Malware Finder is a Python-based tool designed to scan file directories for suspicious malware signatures. This powerful script uses regular expressions stored in a database to identify malware patterns in files. This tool is especially handy for system administrators and security professionals who need to quickly audit large volumes of files.
- Signature Based Scanning: Utilizes a database of regular expression patterns to identify potential malware.
- Multiprocessing: Makes use of Python's multiprocessing capabilities to scan multiple files concurrently.
- Flexible: Can scan individual files or entire directories. Files can also be scanned based on their extension.
- Whitelisting: Provides an option to ignore certain files or directories during the scan.
- Quarantine Option: Detected files can be moved to a different location to prevent their execution.
- Verbose and Debug Modes: Additional output options for more information during the scan process.
- Clone this repository or download the
malware_finder.pyscript. - Ensure you have Python 3.3 or later installed on your machine.
- Update the
signatures.dbfile with the malware signatures you wish to scan for. These should be valid regular expressions. - If you wish to use the whitelist functionality, update the
whitelist.dbfile with the paths of files or directories you wish to ignore during the scan. - Run the script from the command line as shown below:
python3 malware_finder.py -d /path/to/directory -f outputfile.txt -w-d,--directory: Path to directory to scan.-i,--individual: Path to individual file to scan.-v,--verbose: Increase output verbosity.-f,--file: Output file name.-e,--extension: File extension to scan for.--debug: Enable debug mode (Show benchmark info).-q,--quarantine: Enable quarantine mode (Rename detected files).-w,--whitelist: Enable whitelist mode (Ignore files in whitelist).
For additional information or help, use:
python3 malware_finder.py --help- Alberto Ferrer
Feel free to reach out or contribute to this project.