diff --git a/READme.md b/READme.md index a7d10e6..ea22cb2 100644 --- a/READme.md +++ b/READme.md @@ -1,15 +1,147 @@ +Here’s a consolidated version of the `README.md` that includes **installation**, **dependencies**, **API setup**, **usage**, and **testing** all in one document: + +--- + +```markdown # Malware Scanner Tool -A Python-based malware scanning tool for Windows. It uses VirusTotal, YARA rules, and heuristics to detect and map damaged areas of the system. +A Python-based malware scanning tool for Windows. This tool leverages VirusTotal, YARA rules, and heuristics to identify malicious files, suspicious registry entries, and anomalous processes. Additionally, it generates a visual map of damaged system areas. + +--- ## Features -- **File scanning**: Detects malicious files using hash comparison and YARA rules. -- **Registry scanning**: Identifies suspicious registry entries. -- **Process scanning**: Monitors running processes for anomalies. -- **Visualization**: Generates a visual map of damaged areas using Matplotlib. +- **File Scanning**: Detects malicious files using SHA256 hashes and YARA rules. +- **Registry Scanning**: Identifies suspicious registry entries for further inspection. +- **Process Scanning**: Monitors active processes for anomalous activity. +- **Visualization**: Creates a graphical representation of damaged system areas using Matplotlib. + +--- + +## Step-by-Step Guide + +### 1. Install Dependencies +To use the Malware Scanner Tool, install the required Python libraries: +```bash +pip install psutil requests matplotlib yara-python +``` + +Alternatively, use the `requirements.txt` file to install dependencies: +```bash +pip install -r requirements.txt +``` + +### 2. Set Up VirusTotal API Key +The scanner uses VirusTotal's API to validate file hashes. Follow these steps to set up: +1. **Obtain a VirusTotal API Key**: + - Go to [VirusTotal](https://www.virustotal.com/) and create a free account. + - Navigate to your account settings and copy your API key. -## Installation -1. Clone the repository: +2. **Add Your API Key**: + - Open `scanner.py` in any text editor. + - Locate the following line: + ```python + VIRUSTOTAL_API_KEY = "your_api_key_here" + ``` + - Replace `"your_api_key_here"` with your actual API key. + +--- + +### 3. Usage Instructions +1. **Run the Scanner**: + Start the scanner by running the following command in the terminal: ```bash - git clone https://github.com/your-username/malware-scanner.git + python scanner.py + ``` + +2. **Provide the Directory to Scan**: + When prompted, enter the directory you wish to scan (e.g., `C:\` for the entire C drive). + +3. **View Scan Results**: + - **Log File**: All findings will be logged in `system_scan.log`. + - **Visual Map**: A graphical visualization of affected areas will be saved as `damaged_areas_map.png`. + +--- + +### Example Workflow +```plaintext +> python scanner.py +Enter the directory to scan (e.g., C:\): C:\Users +Scanning directory: C:\Users +Suspicious file detected: C:\Users\example\malicious.exe +Malicious process detected: explorer.exe (C:\Windows\explorer.exe) +Registry entry flagged: Software\Microsoft\Windows\CurrentVersion\Run\example +Scan completed. Check system_scan.log for details. +``` + +--- + +## Testing the Tool +To ensure safe and reliable execution: +1. **Test in a Virtual Machine**: Run the tool in a sandboxed environment to mitigate risks. +2. **Customize YARA Rules**: + - Add or edit YARA rules in the `yara_rules/` directory. + - Example rule (`rules.yara`): + ```yara + rule SuspiciousExecutable { + strings: + $malicious = "malware" + condition: + $malicious + } + ``` + - Reload the tool to apply updated rules. + +3. **Simulate Suspicious Files**: + Create harmless test files that match YARA rules or hashes to validate detection accuracy. + +--- + +## Troubleshooting +### Common Issues +1. **Missing Dependencies**: + - Ensure all libraries are installed: + ```bash + pip install -r requirements.txt + ``` +2. **VirusTotal API Key Errors**: + - Verify your API key is correctly set in `scanner.py`. + - Ensure your VirusTotal account has not exceeded the daily request limit (500 for free accounts). + +3. **Permission Errors**: + - Run the script as an administrator to access restricted files or registry keys: + ```bash + python scanner.py + ``` + +--- + +## Contributing +We welcome contributions! To contribute: +1. **Fork the repository** on GitHub. +2. **Clone your forked repository**: + ```bash + git clone https://github.com//malware-scanner.git cd malware-scanner + ``` +3. Create a new branch for your feature: + ```bash + git checkout -b feature-name + ``` +4. Make your changes, commit, and push: + ```bash + git add . + git commit -m "Add feature description" + git push origin feature-name + ``` +5. **Submit a Pull Request** on GitHub. + +--- + +## Disclaimer +This tool is for **educational purposes only**. It should be used responsibly and in compliance with applicable laws. Testing on unauthorized systems is prohibited. + +--- + +## License +This project is licensed under the [MIT License](LICENSE). +```