Pyrus: Live Malware Scanner 🦠🔍

Pyrus is a lightweight, Python-based malware scanning tool. It dynamically fetches the most recent malware SHA-256 signatures from the MalwareBazaar API and scans a specified local directory to detect potential threats based on file hashes.

📑 Table of Contents

• Features
• Prerequisites
• Installation
• Usage
• Technologies Used
• Contributing
• License
• Disclaimer

🚀 Features

• Live Signature Updates: Automatically fetches the latest malware hashes from MalwareBazaar before every scan.
• Local Directory Scanning: Recursively scans user-defined directories and subdirectories.
• SHA-256 Hashing: Securely calculates the SHA-256 hash of local files for comparison.
• Real-Time Alerts: Triggers critical alerts in the console if a local file matches a known malware signature.
• Error Handling: Gracefully skips system files or files with restricted permissions without crashing.

📋 Prerequisites

Ensure you have the following installed on your system:

• Python 3.6 or higher
• pip (Python package installer)

🛠️ Installation

1. Clone the repository to your local machine:

   git clone [https://github.com/yourusername/postgrad-pyrus.git](https://github.com/yourusername/postgrad-pyrus.git)

2. Navigate to the project directory:

   cd postgrad-pyrus

3. Install the required dependencies:

   pip install requests

💻 Usage

1. Run the script from your terminal:

   python pyrus.py

2. The script will first connect to the MalwareBazaar API to load recent threat signatures. Once successful, it will prompt you for a directory to scan:

   --- Connecting to MalwareBazaar API ---
   Successfully loaded 100 recent malware signatures.
   
   Enter the directory path to scan: 
   

3. Provide the absolute or relative path to the folder you wish to inspect (e.g., C:\Users\Public\Downloads or ./test_folder).

4. Review the scan results in your terminal.

🧰 Technologies Used

• Python 3: Core logic and scripting.
• Requests: Handling HTTP POST requests to the API.
• Hashlib: Built-in Python library for generating SHA-256 file hashes.
• MalwareBazaar API: Source for up-to-date threat intelligence.

🤝 Contributing

Contributions, issues, and feature requests are welcome!

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

📄 License

Distributed under the MIT License. See LICENSE for more information.

⚠️ Disclaimer

This tool relies on known hash signatures and is intended for educational and basic screening purposes. It does not utilize heuristics or behavioral analysis and should not replace a comprehensive Endpoint Detection and Response (EDR) or Antivirus solution.