I made this project because I noticed if you look up things such as "Discord Tools", a bunch of hidden trojans pop up hidden inside real code. The purpose of this project is to find those repositories as well as get the data of anything inside of it. Unfortunately I didn't really look through any other language besides python, and this project only scans for obfuscated injectors. I am not an expert and I made this project purely to experiment with malware analysis.
Running this file will start the search for trojan projects. How it works is very simple.
- Look up a random phrase, in this case I have it set to "Discord Tool"
- Look through all the files
- Look for a line that contains an injector. Which normally has a bunch of spaces, a semi colon, and does some weird stuff.
Sometimes there will be false detections depending on your settings. You can configure how many pages to look through in 1 session, how many spaces to look for within the injector, and a search query.
Running this file will get everything it can (attempting to not anything malicious) and exports it to data.json. However due to my lack of knowledge within the "Fernet" checker, I use eval to get the returned data. This can lead to unintended injections so it is left off by default. You can turn it on within the code. If you are able to fix the issue I was having, please make a pull request.
The data will return any urls it finds, any code it finds, and anything else it can crawl through.
I made this project as a malware analysis tool. My code is not perfect and I know that, if you find any critical errors or anything that looks like it needs fixing, you are welcome to make a pull request. I will try to actively add features as I find out more about these github malware repositories.