Malware Scanner is a Python program that scans a directory or a set of directories for known malware using their hashes. You can also find the use of the tool on my youtube address.
- Clone the repository:
git clone https://github.com/HalilDeniz/MalwareScanner.git - Install the required packages:
pip install -r requirements.txt
- Run the program:
python malwarescanner.py - The program will ask for the directory or directories to scan.
- The program will then scan the specified directories and output any identified malware to the console.
The program calculates the MD5, SHA1, and SHA256 hashes of each file in the specified directories. It then compares the hashes to a list of known malware hashes. If a file matches a known malware hash, the program outputs the name of the file and the type of malware it is associated with.
The list of known malware hashes is stored in the hashes.txt file. You can add or remove hashes from this file to update the list of known malware.
The program categorizes malware based on its hash. The malware_classification dictionary in the malwarescanner.py file maps hash values to malware types. You can add or remove mappings from this dictionary to classify additional types of malware.
The directories_to_scan list in the malwarescanner.py file determines which directories the program will scan for malware. By default, the list includes the root directory of the C: drive on Windows and the root directory of the filesystem on Linux.
Contributions are welcome! To contribute to MalwareScanner, follow these steps:
- Fork the repository.
- Create a new branch for your feature or bug fix.
- Make your changes and commit them.
- Push your changes to your forked repository.
- Open a pull request in the main repository.
- LinkedIn: https://www.linkedin.com/in/halil-ibrahim-deniz/
- TryHackMe: https://tryhackme.com/p/halilovic
- Instagram: https://www.instagram.com/deniz.halil333/
- YouTube: https://www.youtube.com/c/HalilDeniz
- Denizhalil: https://denizhalil.com/
- Email: [email protected]
