-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9c2a604
commit 2a09193
Showing
1 changed file
with
140 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,147 @@ | ||
| Here’s a consolidated version of the `README.md` that includes **installation**, **dependencies**, **API setup**, **usage**, and **testing** all in one document: | ||
|
|
||
| --- | ||
|
|
||
| ```markdown | ||
| # Malware Scanner Tool | ||
|
|
||
| A Python-based malware scanning tool for Windows. It uses VirusTotal, YARA rules, and heuristics to detect and map damaged areas of the system. | ||
| A Python-based malware scanning tool for Windows. This tool leverages VirusTotal, YARA rules, and heuristics to identify malicious files, suspicious registry entries, and anomalous processes. Additionally, it generates a visual map of damaged system areas. | ||
|
|
||
| --- | ||
|
|
||
| ## Features | ||
| - **File scanning**: Detects malicious files using hash comparison and YARA rules. | ||
| - **Registry scanning**: Identifies suspicious registry entries. | ||
| - **Process scanning**: Monitors running processes for anomalies. | ||
| - **Visualization**: Generates a visual map of damaged areas using Matplotlib. | ||
| - **File Scanning**: Detects malicious files using SHA256 hashes and YARA rules. | ||
| - **Registry Scanning**: Identifies suspicious registry entries for further inspection. | ||
| - **Process Scanning**: Monitors active processes for anomalous activity. | ||
| - **Visualization**: Creates a graphical representation of damaged system areas using Matplotlib. | ||
|
|
||
| --- | ||
|
|
||
| ## Step-by-Step Guide | ||
|
|
||
| ### 1. Install Dependencies | ||
| To use the Malware Scanner Tool, install the required Python libraries: | ||
| ```bash | ||
| pip install psutil requests matplotlib yara-python | ||
| ``` | ||
|
|
||
| Alternatively, use the `requirements.txt` file to install dependencies: | ||
| ```bash | ||
| pip install -r requirements.txt | ||
| ``` | ||
|
|
||
| ### 2. Set Up VirusTotal API Key | ||
| The scanner uses VirusTotal's API to validate file hashes. Follow these steps to set up: | ||
| 1. **Obtain a VirusTotal API Key**: | ||
| - Go to [VirusTotal](https://www.virustotal.com/) and create a free account. | ||
| - Navigate to your account settings and copy your API key. | ||
|
|
||
| ## Installation | ||
| 1. Clone the repository: | ||
| 2. **Add Your API Key**: | ||
| - Open `scanner.py` in any text editor. | ||
| - Locate the following line: | ||
| ```python | ||
| VIRUSTOTAL_API_KEY = "your_api_key_here" | ||
| ``` | ||
| - Replace `"your_api_key_here"` with your actual API key. | ||
|
|
||
| --- | ||
|
|
||
| ### 3. Usage Instructions | ||
| 1. **Run the Scanner**: | ||
| Start the scanner by running the following command in the terminal: | ||
| ```bash | ||
| git clone https://github.com/your-username/malware-scanner.git | ||
| python scanner.py | ||
| ``` | ||
|
|
||
| 2. **Provide the Directory to Scan**: | ||
| When prompted, enter the directory you wish to scan (e.g., `C:\` for the entire C drive). | ||
|
|
||
| 3. **View Scan Results**: | ||
| - **Log File**: All findings will be logged in `system_scan.log`. | ||
| - **Visual Map**: A graphical visualization of affected areas will be saved as `damaged_areas_map.png`. | ||
|
|
||
| --- | ||
|
|
||
| ### Example Workflow | ||
| ```plaintext | ||
| > python scanner.py | ||
| Enter the directory to scan (e.g., C:\): C:\Users | ||
| Scanning directory: C:\Users | ||
| Suspicious file detected: C:\Users\example\malicious.exe | ||
| Malicious process detected: explorer.exe (C:\Windows\explorer.exe) | ||
| Registry entry flagged: Software\Microsoft\Windows\CurrentVersion\Run\example | ||
| Scan completed. Check system_scan.log for details. | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ## Testing the Tool | ||
| To ensure safe and reliable execution: | ||
| 1. **Test in a Virtual Machine**: Run the tool in a sandboxed environment to mitigate risks. | ||
| 2. **Customize YARA Rules**: | ||
| - Add or edit YARA rules in the `yara_rules/` directory. | ||
| - Example rule (`rules.yara`): | ||
| ```yara | ||
| rule SuspiciousExecutable { | ||
| strings: | ||
| $malicious = "malware" | ||
| condition: | ||
| $malicious | ||
| } | ||
| ``` | ||
| - Reload the tool to apply updated rules. | ||
| 3. **Simulate Suspicious Files**: | ||
| Create harmless test files that match YARA rules or hashes to validate detection accuracy. | ||
| --- | ||
| ## Troubleshooting | ||
| ### Common Issues | ||
| 1. **Missing Dependencies**: | ||
| - Ensure all libraries are installed: | ||
| ```bash | ||
| pip install -r requirements.txt | ||
| ``` | ||
| 2. **VirusTotal API Key Errors**: | ||
| - Verify your API key is correctly set in `scanner.py`. | ||
| - Ensure your VirusTotal account has not exceeded the daily request limit (500 for free accounts). | ||
| 3. **Permission Errors**: | ||
| - Run the script as an administrator to access restricted files or registry keys: | ||
| ```bash | ||
| python scanner.py | ||
| ``` | ||
| --- | ||
| ## Contributing | ||
| We welcome contributions! To contribute: | ||
| 1. **Fork the repository** on GitHub. | ||
| 2. **Clone your forked repository**: | ||
| ```bash | ||
| git clone https://github.com/<Astralchemist>/malware-scanner.git | ||
| cd malware-scanner | ||
| ``` | ||
| 3. Create a new branch for your feature: | ||
| ```bash | ||
| git checkout -b feature-name | ||
| ``` | ||
| 4. Make your changes, commit, and push: | ||
| ```bash | ||
| git add . | ||
| git commit -m "Add feature description" | ||
| git push origin feature-name | ||
| ``` | ||
| 5. **Submit a Pull Request** on GitHub. | ||
|
|
||
| --- | ||
|
|
||
| ## Disclaimer | ||
| This tool is for **educational purposes only**. It should be used responsibly and in compliance with applicable laws. Testing on unauthorized systems is prohibited. | ||
|
|
||
| --- | ||
|
|
||
| ## License | ||
| This project is licensed under the [MIT License](LICENSE). | ||
| ``` |