Maltrieve - Tool To Retrieve Malware Directly From the Source


Maltrieve is a python tool that allows you to retrieve malware directly from the sources as listed at a number of sites.

Currently it can crawl the following:

It requires the following dependencies:

Usage:

maltrieve [-h] [-p PROXY] [-d DUMPDIR] [-l LOGFILE] [-x] [-v] [-c] [-s]
optional arguments:
-h, --help            show this help message and exit
-p PROXY, --proxy PROXY
                        Define HTTP proxy as address:port
-d DUMPDIR, --dumpdir DUMPDIR
                        Define dump directory for retrieved files
-l LOGFILE, --logfile LOGFILE
                        Define file for logging progress
-x, --vxcage          Dump the files to a VxCage instance
-v, --viper           Dump the files to a Viper instance
-r, --crits           Dump the file and domain to a CRITs instance
-c, --cuckoo          Enable Cuckoo analysis
-s, --sort_mime       Sort files by MIME type
Cron can be used to automate the execution of Maltrieve. The following example is provided to help get you started. It will create a cron job that will run Maltrieve every day at 2:01 as a standard user.

Ubuntu:
As a user, execute
crontab -e

If installed normally, add the following to the end of the file.
01 02 * * * maltrieve <optional flags>

If downloaded to a folder and executed, add the following to the end of the file.
01 02 * * * cd </folder/location> && /usr/bin/python maltrieve.py <optional flags>

Note: Red Hat systems will need to ensure that the user is added to the /etc/cron.allow file.




No comments

Powered by Blogger.