MalwareZ is a project for visualizing malware activity on earth map. Current ersion is v0.2a.
The aim was to provide real time visualization of malware activities with historical data.
Here is a sample demo: http://malwarez.comu.edu.tr:8001
At the demo site v0.2a has two visualizations. One of them is the 2D map that displays number of malwares detected depending on the geographic location. The data is gathered from distributed honeypots using Hpfeeds. Clicking on the countries will cause 3D map display. You will see the per country basis malware hits by observing the bar heights.
Second visualization is the heatmap display. Either looking at the diversities or the malware counts, the heatmap is regenerated.
Both the 2D map and heatmap is working in live mode, that is you will see either yellow or green dots that means a new malware hit detected at this point. Depending on the channel frequency used with hpfeeds, the more dots may be seen.
Some statistical knowledge als can be gathered by clicking at the left side arrow. The sliding panel will display top ports and IP numbers.
How to install
- Before installation please make sure that your system has necessary packages installed.
For Ubuntu run the below command at the terminal window:
$ sudo apt-get install build-essential python-dev libevent-dev libmysqlclient-dev python-virtualenv
Then you will need virtual environment to install the required packaes at a single directory.
$ virtualenv env-demo --no-site-packages (tested with version 1.9.1) $ cd env-demo $ source bin/activate
Clone the cource code
$ git clone https://github.com/YakindanEgitim/malwarez.git $ cd malwarez $ git checkout devel
Install Python dependencies
$ pip install -r pip_requirements.txt
You need to create a database and create a user for it. Open prepareDB.sh and set root username (password will be prompted during execution) also set the variables to create new db and user, such as hostname, database, username and password
update settings.py with info from prepareDB.sh
Let the Django DB API create required tables by running the below command
$ ./manage.py syncdb
Run the server and feeder for live data. You need Hpfriends user ident and key with a shared channel. Update ./scripts/hpfeeds/hpfeeds.json with your information before running the below command.
$ ./run.py & $ ./scripts/hpfeeds/feedReader.py &
How to run
By default it is running on port 80. just open localhost on your browser and that's it.
How to change port number of server?
- 2 files should be changed. Both of the following variable values should be same otherwise new events does not shows up.
- run.py: change the value of PORT variable
- scripts/hpfeeds/feedReader.py: change the value of socketIOPort
I added a script but can not find modules although they are installed in virtualenv.
- check the python interpreter line. don not use #!/usr/bin/python which is system's interpreter not the virtual-env's. Use #!/usr/bin/env python
This project uses following libraries/projects. Thanks for their great work...
Showing Fancy SVG maps
- Kartograph.js: (http://kartograph.org/docs/kartograph.js/)
- Raphaël: (http://raphaeljs.com/")
- Chroma: (https://github.com/gka/chroma.js)
Realtime Data Support
- Socket.io: (http://socket.io/)
For web front-end:
- Django: (https://www.djangoproject.com/)
- MySQL-Python: (https://github.com/farcepest/MySQLdb1)
Socket.io Django Integration
- Gevent: (http://www.gevent.org/)
- Gevent-Socketio: (https://github.com/abourget/gevent-socketio)
- Gevent-Websocket: (https://github.com/abourget/gevent-websocket)
- Django-Tastypie: (http://tastypieapi.org/)
Collecting hpfeeds data and sending realtime data to server over socket.io
- Hpfeeds: (https://github.com/rep/hpfeeds)
- SocketIO-Client: (https://pypi.python.org/pypi/socketIO-client)
Generating both 2D and 3D SVG maps
- Kartograph.py: (http://kartograph.org/docs/kartograph.py/)
- This product includes GeoLite data created by MaxMind, available from (http://www.maxmind.com)
- Pygeoip: (http://code.google.com/p/pygeoip/)
General Purpose :)
Nice Layout :)