malwareharvester

Tool for collecting and cataloging malware samples.

Collects malware samples from URL black lists or from the filesystem. Crawls commonly used URL blacklists. Also downloads and archives samples from malshare. Collected samples are scanned using VirusTotal, and metadata are stored in a MySQL database.

Database schema

Malware metadata are stored in a MySQL database in a table named malware.

The table must have, at a minimum, the following columns. Columns for the AV results are automatically created.

CREATE TABLE `malware` (
  `MD5` char(32) DEFAULT NULL,
  `SHA1` char(40) NOT NULL DEFAULT '',
  `Detectors` int(11) DEFAULT NULL,
  `Detections` int(11) DEFAULT NULL,
  `Verification` int(11) DEFAULT NULL,
  `DateAdded` datetime DEFAULT NULL,
  `TrID` text,
  `SourceURL` text,
  `Source` text,
  `Filename` text,
  `ScanDate` datetime DEFAULT NULL,
  `FirstSeen` datetime DEFAULT NULL,
  `LastSeen` datetime DEFAULT NULL,
  `LastUpdated` datetime DEFAULT NULL,
  PRIMARY KEY (`SHA1`),
) ENGINE=InnoDB DEFAULT CHARSET=latin1

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
databaseinterface.py		databaseinterface.py
malwareharvester.py		malwareharvester.py
virustotalinterface.py		virustotalinterface.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

malwareharvester

Database schema

About

Releases

Packages

Languages

License

rcanzanese/malwareharvester

Folders and files

Latest commit

History

Repository files navigation

malwareharvester

Database schema

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages