lqhl/just-another-malware-analyzer
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
JAMA (Just Another Malware Analyzer) 0.1 ======================================== What is JAMA? JAMA is an open source malware analysis tool. To use this version of JAMA, you need to: 1) Run the XMLRPC server using xmlrpc_dumper.py (in a dedicated server or a virtual machine). Configure the path of tools in config.py before running the server. 2) Connect the server using xmlrpc_client.py Usage Example ============= Build a Windows guest using VMWare and forward the port 8000 between the guest and host. Run the XMLRPC server in the guest: $ python xmlrpc_dumper.py 8000 When the server is ready, execute the following commands in the host: $ cd $JAMA_PATH $ python xmlrpc_client.py http://localhost:8000 <your malware sample> <output directory> After a while a static report and a dynamic behavior's report will be found in the output directory. If you want to test the availability of the node or a list of nodes, edit the file servers.conf adding the corresponding nodes and execute the command: $ python xmlrpc_tester.py The file servers.conf is also used with xmlrpc_client.py to randomly select a node to connect to. The command to run would be the following: $ python xmlrpc_client.py auto <your malware sample> <output directory> Example batch usage =================== Suppose you have 3 nodes (node1, node2 and node3) and a directory with a lot of malware samples ($JAMA_PATH/samples, for this example). To analyze all of them, simply do following steps: 1) Edit servers.conf as: http://node1:8000/ http://node2:8000/ http://node3:8000/ 2) $ cd $JAMA_PATH $ xmlrpc_tester.py [Thu Dec 2 13:08:54 2010] Status of server http://node1:8000/ is [ALIVE] [Thu Dec 2 13:08:54 2010] Status of server http://node2:8000/ is [ALIVE] [Thu Dec 2 13:08:54 2010] Status of server http://node3:8000/ is [ALIVE] $ python batch_tester.py auto samples <output directory> License ======= Licensed under the GNU General Public License Version 3. Contact ======= Author: Qin Liu Email: lqgy2001 [AT] gmail [DOT] com
About
Automatically exported from code.google.com/p/just-another-malware-analyzer
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published