First commit!

author: Julien Voisin 2015-03-03 15:58:59 +0100
committer: Julien Voisin 2015-03-03 15:58:59 +0100
commit: 807248f9343a4cabb48c3be1a512b27f6377e871 (patch)
tree: 20e8de5615e900c6bb312d2e8b9446630d4400c5 /scanner.py
1 files changed, 44 insertions, 0 deletions
diff --git a/scanner.py b/scanner.py
new file mode 100644
index 0000000..bbd5fa2
--- /dev/null
+++ b/scanner.py
@@ -0,0 +1,44 @@
+import argparse
+import os
+import glob
+import imp
+import sys
+import logging
+import time
+logging.basicConfig(level=logging.INFO)
+import modules.grep_count as grep_module
+import modules.entropy as entropy_module
+import modules.whitelist as whitelist_module
+import modules.libfuzzy as fuzzy_module
+parser = argparse.ArgumentParser(description='Fuzzy matching for malwares')
+group = parser.add_mutually_exclusive_group(required=True)
+group.add_argument('--save', '-s', help='Path to save the databases', default=None)
+group.add_argument('--filenames', '-f', nargs='*', help='Files to check')
+parser.add_argument('--sleep', '-t', type=int, default=0, help='Sleep between files processing')
+args = parser.parse_args()
+grep = grep_module.GrepCount()
+entropy = entropy_module.Entropy()
+whitelist = whitelist_module.HashWhitelist()
+fuzzy = fuzzy_module.FuzzyMatcher()
+if args.save:  # Save the computed database
+    for m in [whitelist, fuzzy]:
+        m.save(args.save + '.' + m.name)
+else:
+    for f in args.filenames:
+        for root, _, filenames in os.walk(f):
+            for filename in filenames:
+                fpath = os.path.join(root, filename)
+                grep_results = grep.is_malware(fpath)
+                entropy_results = entropy.is_malware(fpath)
+                fuzzy_results = fuzzy.is_malware(fpath)
+                if grep_results or entropy_results or fuzzy_results:
+                    if whitelist.is_malware(fpath) and '/.git/' not in fpath:  # Not in whitelist
+                        logging.info('MALWARE: ' + fpath)
+                time.sleep(args.sleep)
author	Julien Voisin	2015-03-03 15:58:59 +0100
committer	Julien Voisin	2015-03-03 15:58:59 +0100
commit	807248f9343a4cabb48c3be1a512b27f6377e871 (patch)
tree	20e8de5615e900c6bb312d2e8b9446630d4400c5 /scanner.py

diff --git a/scanner.py b/scanner.py new file mode 100644 index 0000000..bbd5fa2 --- /dev/null +++ b/scanner.py
@@ -0,0 +1,44 @@
	1	import argparse
	2	import os
	3	import glob
	4	import imp
	5	import sys
	6	import logging
	7	import time
	8	logging.basicConfig(level=logging.INFO)
	9
	10	import modules.grep_count as grep_module
	11	import modules.entropy as entropy_module
	12	import modules.whitelist as whitelist_module
	13	import modules.libfuzzy as fuzzy_module
	14
	15	parser = argparse.ArgumentParser(description='Fuzzy matching for malwares')
	16	group = parser.add_mutually_exclusive_group(required=True)
	17	group.add_argument('--save', '-s', help='Path to save the databases', default=None)
	18	group.add_argument('--filenames', '-f', nargs='*', help='Files to check')
	19	parser.add_argument('--sleep', '-t', type=int, default=0, help='Sleep between files processing')
	20	args = parser.parse_args()
	21
	22
	23	grep = grep_module.GrepCount()
	24	entropy = entropy_module.Entropy()
	25	whitelist = whitelist_module.HashWhitelist()
	26	fuzzy = fuzzy_module.FuzzyMatcher()
	27
	28	if args.save: # Save the computed database
	29	for m in [whitelist, fuzzy]:
	30	m.save(args.save + '.' + m.name)
	31	else:
	32	for f in args.filenames:
	33	for root, _, filenames in os.walk(f):
	34	for filename in filenames:
	35	fpath = os.path.join(root, filename)
	36
	37	grep_results = grep.is_malware(fpath)
	38	entropy_results = entropy.is_malware(fpath)
	39	fuzzy_results = fuzzy.is_malware(fpath)
	40	if grep_results or entropy_results or fuzzy_results:
	41	if whitelist.is_malware(fpath) and '/.git/' not in fpath: # Not in whitelist
	42	logging.info('MALWARE: ' + fpath)
	43
	44	time.sleep(args.sleep)