A python malware detection, analysis and reverse ngineering toolkit. This is a Linux command-line interface (CLI) utility that use YARA , Capstone ,Redare2 among otheres to detect analyze and reverse engineer malware. This is still a work in progress version, great things are underway.
-
Install via pip:
pip install ThreatHunter
-
Install from github:
pip install git+https://github.com/skye-cyber/ThreatHunter.git
To run the CLI app, use the following command:
ThreatHunter [option]Replace [options] with the appropriate command-line options.
-p/--path:path to directory or file to scan-v/--verbose: Show all infor. By default screen clering is on so only one line of output show per time, pass verbose to prevent screen cleaning. verbose mode can be useful when work to e done is minimal
-
Example command 1:
ThreatHunter -p /home/user/Documents/
ThreatHunter -p /home/user/Documents/ -v
The toolkit will scan all the files and folder in the /home/user/Documents/ directory and it's nested
files and folders to the last child.
-p also accepts file input
- Scan working directory
ThreatHunter
ThreatHunter -v
Giving no option as in the above case, the toolkit will recursively scan the current directory (working directory)
ThreatHunter --add @foowhere @foo is the rule file, folder or even rule in text form
You may also want to rune scan using a given rule only, that case, you can follow this format
ThreatHunter --use @foo -pwhere @foo is the rule file, folder or rule itself.
if -u/--use is used, then -p/--path must be provided
Feel free to submit any suggestions!
Contributions are welcome! If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request.
This project is an open source software. Under GPL-3.0 license
Feel free to modify and customize this template according to your specific project requirements and add any additional sections or information that you think would be helpful for users.