This Python project is a project that combine between :
- basic file integrity monitor: which it takes two arguments: a directory to scan, and an output file for alerts. The script will recursively scan the given directory and its subdirectories, and will create alerts for any added, removed, or changed files. The script uses the os, sys, and pickle libraries to perform file system operations, as well as the datetime, hashlib, logging, and time libraries for other operations.
- malware detection using machine learning : it helps train a classifier to be able to detect PE files as either malicious or legitimate. It tries out 6 different classification algorithms before deciding which one to use for prediction by comparing their results.
This project uses some libraries that you need to install them first :
pip install -r requirements.txt
git clone https://github.com/da4nyy/ANTIVIRUSxML/
cd ANTIVIRUSxML
Clone the project
Go to the project directory
cd ANTIVIRUSxML/
Install dependencies
pip install -r requirements.txt
train the model ( you can skip this phase : you already find the files in the classifier directory
python3 Malware-detection-learning.py data.csv
Start the file monitor and malware detection handler
python3 antivirusXml.py -i <input directory to monitor> -o <output file>
- You may monitor the integrity of the files that may have PII. In this case, you can place the script where your files live, and create a crontab or use task scheduler to run the script.
- You can use the script to monitor the files stored in the web app and scan the added files.
- If you are in the Blue Team at a CCDC competition, you can use this script to monitor your server and easily see which files modified.
- scan x32 PE files
- scan x64 PE files
Contributions are always welcome!
kacem hakim - @DARNY - da4nyyy@proton.me
Project Link: https://github.com/