This is a python program I am developing to allow easy analysis of malware. Future iterations of this program will include a Flask web server displaying information obtained from the scans.
- Finish registry baselineing (Check more than just startup) - In work
- Network baseline
- Is there a faster way other than using sockets to check all 65535 ports?
- Intergrate Flask web framework - In work
- Docker / cloud intergration
- Fix the way it gets strings of the binary
- Check for packed binary
- Create tests
- Change to a package type system for easier imports from different directories?
For flask setup in powershell:
$env:FLASK_APP = ".\webserver.py"
$env:FLASK_ENV=development
For using analyze_malware
import analyze_malware
malware = AnalyzeMalware("filename.exe")
md5 = malware.get_hash()
for item in malware.search_strings():
print(f"String: {item}")
for item in test.registry_baseline():
print(f"Startup Registry: {item}")
network_test = test.network_baseline()
print(network_test)