A collection of tools to analyze malware.
Versatile and efficient tool designed to streamline the organization and analysis of malware samples. This script automates the process of creating an inventory for each malware sample, capturing essential information such as file names, hashes, and additional metadata. Features:
- Input: It takes the path to the malware sample.
- Hash calculation: Generates MD5, SHA-1, SHA-256, and SSDeep hashes for the provided malware sample.
- Structured inventory: Organizes information in a clear and structured manner, creating a 'names.txt' file with the base name of the malware sample and storing hashes in separate files.
- README.md creation: Creates a README.md file for additional details and instructions, prompting users to add relevant information before placing the folder in the appropriate directory.
- Rules directory: Creates a 'rules' directory to accommodate any rule files associated with the malware sample.
- Zip archives: Archives the original malware sample with a password (infected) and saves it in the 'samples' directory. This ensures secure storage and easy retrieval while preventing accidental execution.
- Cleanup: Removes the original malware file, leaving behind a neatly organized directory structure containing all relevant information.
Usage: ./inventory.sh path/to/malware_sample