Skip to content
Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cybercrime tracker and c2 for Pony.
Branch: master
Clone or download
woj-ciech Merge pull request #2 from redmed666/py3_adapt
Adapted ddom and its modules to python3
Latest commit 0726a03 Jan 20, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
modules Adapted ddom and its modules to python3 Jan 16, 2018
README.md Merge pull request #2 from redmed666/py3_adapt Jan 20, 2018
ddom.py

README.md

Daily dose of malware

DDOM or Daily Dose of Malware allows you to gather malware and c&c from open source intelligence.
It can display info, export results to text file or download malicious software.
I want to make it as fresh as possible, that's why all malwares are dated on few days back.
Cymon displays last ten records, Google shows only first page and Malcode only main page.
Malshare API is updated, if new sample appears.

Supported platforms:
Malcode
Malshare (You need to get api key)
Google dorks
Cymon
-Vx vault
-CyberCrime tracker
-CybeCrime tracker for Pony malware (mostly c2 servers)
-Malcode

Installation

First clone this repo
git clone
For google dorks:
pip install selenium
pip install pyvirtualdisplay

and you need Mozilla Geckodriver https://github.com/mozilla/geckodriver/releases

for Malcode:

pip install bs4

You can run the tool with python ddom.py

usage: ddom.py [-h] [-s [[...]]] [-cs [[...]]] [-d | -o | -e]

Daily dose of malware

optional arguments:

-h, --help            show this help message and exit
-s [ [ ...]], --source [ [ ...]]
                        source of feed. Allowed values are cymon, malshare,
                        malcode, google
-cs [ [ ...]], --cymonsource [ [ ...]]
                        Additional source for Cymon. Allowed values are
                        vxvault,malcode,cct,ponyc2
-d, --download        download malware
-o, --output          print to console
-e, --export          export to text file

Examples

Display info from malcode and malshare
dom.py -s malcode malshare --output

++++++++++++++++++++++++++++++++++++
Brought to you by Malc0de
https://twitter.com/malc0de
http://malc0de.com
++++++++++++++++++++++++++++++++++++
------------------
2018-01-10
aba2d86ed17f587eb6d57e6c75f64f05
xxx.xxx.xxx.xxx/Photo.scr
-----------------
2018-01-10
6c29b80a61ff5ca7f5d8db8b002e9631
xxx.xxx/32nP30h187Z
[...]
++++++++++++++++++++++++++++++++++++
Brought to you by Malshare
A free Malware repository providing researchers access to samples, malicous feeds, and Yara results.
http://malshare.com
++++++++++++++++++++++++++++++++++++
http://xxx.xxx/kjdfhg874
http://xxx.xxx/error/error/tc.exe
http://xxx.xxx/images/rn.php
http://xxx.xxx.xxx.xxx/bprocess.exe
http://xxx.xxx.xxx.xxx/64Kilences.exe
[..]

Download files from vxvault and malcode (--download works for malshare, malcode and vxvault) (it connects to malicious, be careful)
ddom.py -s cymon -cs vxvault malcode --download

Cymon is the largest open tracker of malware, phishing, botnets, spam, and more. Brought to you by eSentire.
Downloading file http://xxx.xxx/rn.php
Downloaded malcode2018-01-13/rn.php
---------------------------
Downloading file http://xxx.xxx.xxx.xxx/32Kilences.exe
Downloaded malcode2018-01-13/32Kilences.exe
---------------------------
Downloading file http://xxx.xxx/dfjkgy7
Downloaded malcode2018-01-13/dfjkgy7

It creates directory named 'source + timestamp' and then download malware into it.

Export results from google dorks: ddom.py -s google --export

++++++++++++++++++++++++++++++++++
Google dorks
++++++++++++++++++++++++++++++++++
Exported to google2018-01-13.txt

It creates text file named 'source + timestamp' with information inside.

IMPORTANT

  1. You are dealing with real malware, which may harm your computer badly. I'm not responsible for any caused damages. Be careful and think.
  2. For Google dorks please make sure to use newest firefox and geckodriver. It simulates browser, so it may not working sometimes because of google captcha. My advice is to connect and reconnect your vpn.
  3. To use Malshare, you have to register and obtain api key. Then paste it to modules/malshare.py - line 21
  4. If you know more public and open source platforms for retrieving malware, let me know.
  5. If this script violates terms of service from any used service, let me know and I will delete it.
  6. Not all of google dorks are perfect, you may encounter on some false positives.

Licence

Do whatever you want to do with this tool.
If you know how to develop or have any idea, let me know.

You can’t perform that action at this time.