A collection of scripts and information for Malware Hunting.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
honeypot-vagrant txt to MD for some readme. Jun 15, 2017
honeypot Readme update. Nov 8, 2018
lokirun Update parameters. Jun 20, 2017
malware-crawler Updated alias. Nov 24, 2016
sandbox Updated sandbox notes. Oct 6, 2018
soc Add HAv2 analyzer. Graylog dashboard v1. Oct 2, 2018
spamtrap Italics. Jun 16, 2017
t-pot Pull my fork. Dec 2, 2018
volatility Add Volatility script. Aug 6, 2017
readme.md Typo and readme update. Nov 29, 2018

readme.md

       .__                           
______ |  |__ _____     ____   ____  
\____ \|  |  \\__  \   / ___\_/ __ \ 
|  |_> >   Y  \/ __ \_/ /_/  >  ___/ 
|   __/|___|  (____  /\___  / \___  >
|__|        \/     \//_____/      \/ 

Twitter: @phage_nz
GitHub: phage-nz
Blog: https://phage.nz

https://github.com/phage-nz/malware-hunting

A collection of scripts and information for Malware Hunting.

Current Inventory

\honeypot

  • autoinstall.sh - automatic install script for Dionaea, DionaeaFR, Cowrie and p0f.
  • dionaea-housekeeper.sh - cron script used to archive select Dionaea output on a daily basis.
  • cowrie.init - init.d script for Cowrie.
  • cowrie.logrotate - logrotate.d script for Cowrie.
  • dionaea.init - init.d script for Dionaea.
  • dionaea.logrotate - logrotate.d script for Dionaea.
  • dionaeafr.init - init.d script for DionaeaFR.
  • dionaeafr.logrotate - logrotate.d script for DionaeaFR.
  • generate_user_db.py - script to generate a random target user database for the Dionaea mysql service.
  • p0f.init - init.d script for p0f.
  • readme.txt - notes for the installation of Dionaea, p0f and Cowrie.
  • wordlist.txt - required by generate_user_db.py for the generation of plausible usernames and email addresses.

\lokirun

  • run.ps1 - PowerShell script to automate the operation of Loki IOC scanner.

\honeypot-vagrant

  • \scripts - location where the Vagrantfile sources the bootstrap.sh autoinstall script from.
  • aws.credentials - stores AWS credentials used by Vagrantfile.
  • readme.txt - notes for the installaion of Dionaea, p0f and Cowrie via Vagrant in AWS.
  • Vagrantfile - the Vagrantfile for automatic deployment of a honeypot.
  • vagrant-plugin.patch - a patch to fix a bug that prevents the installing of the vagrant-aws plugin.

\malware-crawler

  • readme.txt - reference to ph0neutria.

\sandbox

  • readme.md - A set of instructions to build hardened malware analysis VM's using VMCloak and FLARE VM.

\soc

  • \Cortex-Analyzers - Custom analyzers for Hive Project's Cortex.
  • \Graylog - Custom content packs for Graylog.

\spamtrap

  • readme.md - Instructions on setting up spam traps using Mail-in-a-Box and Shiva.

\t-pot

  • readme.md - Instructions on deploying T-Pot honeypot platform.

\volatility

  • autoinstall.sh - A script to automatically install Volatility, bulk_extractor and vshot by Crowd Strike.