From 807248f9343a4cabb48c3be1a512b27f6377e871 Mon Sep 17 00:00:00 2001 From: Julien Voisin Date: Tue, 3 Mar 2015 15:58:59 +0100 Subject: First commit! --- scanner.py | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 scanner.py (limited to 'scanner.py') diff --git a/scanner.py b/scanner.py new file mode 100644 index 0000000..bbd5fa2 --- /dev/null +++ b/scanner.py @@ -0,0 +1,44 @@ +import argparse +import os +import glob +import imp +import sys +import logging +import time +logging.basicConfig(level=logging.INFO) + +import modules.grep_count as grep_module +import modules.entropy as entropy_module +import modules.whitelist as whitelist_module +import modules.libfuzzy as fuzzy_module + +parser = argparse.ArgumentParser(description='Fuzzy matching for malwares') +group = parser.add_mutually_exclusive_group(required=True) +group.add_argument('--save', '-s', help='Path to save the databases', default=None) +group.add_argument('--filenames', '-f', nargs='*', help='Files to check') +parser.add_argument('--sleep', '-t', type=int, default=0, help='Sleep between files processing') +args = parser.parse_args() + + +grep = grep_module.GrepCount() +entropy = entropy_module.Entropy() +whitelist = whitelist_module.HashWhitelist() +fuzzy = fuzzy_module.FuzzyMatcher() + +if args.save: # Save the computed database + for m in [whitelist, fuzzy]: + m.save(args.save + '.' + m.name) +else: + for f in args.filenames: + for root, _, filenames in os.walk(f): + for filename in filenames: + fpath = os.path.join(root, filename) + + grep_results = grep.is_malware(fpath) + entropy_results = entropy.is_malware(fpath) + fuzzy_results = fuzzy.is_malware(fpath) + if grep_results or entropy_results or fuzzy_results: + if whitelist.is_malware(fpath) and '/.git/' not in fpath: # Not in whitelist + logging.info('MALWARE: ' + fpath) + + time.sleep(args.sleep) -- cgit v1.3