Standardized Malware Analysis Tool

Related tags

Data Structures SMAT
Overview

S.M.A.T

Standardized Malware Analysis Toolkit

Capabilities

Unpac.me

  • sample submission
  • download results
  • check if already submitted

MWDB

  • query for config entries of samples
  • file upload
  • file download
  • config upload

Triage

  • get all JA3s and JA3 for a family
  • get config details for a sample
  • get pcaps from a malware family (meant to use in conjunction with PCAP processing tools)
  • submit samples to the Tria.ge platform

Malware Bazaar

  • check if samples exist in the respository
  • get medata for all samples in a family over the last 24 hours
  • upload samples to the platform

URLHaus

  • upload URLs to the platform
  • check if the URL exists in the dataset

ThreatFox

  • pull all C2s over the last seven days

Setup

All the routing and auth is controlled via environment variables. To use all of the platforms, the following environment varialbes will have to be set

export TRIAGE_KEY=""
export BAZA_KEY=""
export URLHAUS=""
export MWDB_KEY=""
export MWDB_HOST="mwdb.cert.pl"
export MWDB_PROTO="<https://><http://>"

Examples

SMAT allows for anaylysts to quickly extract information about malware families, download samples, upload samples, download pcaps and extract config details from common malware families.

Usage:
  smat [command]

Available Commands:
  bazaar      all subcommands relating to the malware bazaar platform
  fox         all subcommands relating to the threatfox platform
  help        Help about any command
  mwdb        all subcommands relating to CERT.PLs MWDB platform
  triage      all subcommands relating to the triage platform
  urlhaus     all subcommands relating to the urlhaus platform

Flags:
  -h, --help   help for smat

Use "smat [command] --help" for more information about a command.

all subcommands relating to the malware bazaar platform

Usage:
  smat bazaar [command]

Available Commands:
  check       checks if a sample exists within malware bazaar
  get_family  returns metadata for all samples uploaded for a family within the last 24 hours
  upload      uploads a sample or samples to malware bazaar

Flags:
  -h, --help          help for bazaar
  -t, --tags string   comma split list of tags to apply

Use "smat bazaar [command] --help" for more information about a command.
all subcommands relating to the triage platform

Usage:
  smat triage [command]

Available Commands:
  get_JA3s    returns all ja3 and ja3s signatures for specific malware family
  get_config  returns all config details for the malware if it exists
  get_pcaps   returns all pcap ng files for a specific family
  submit      submits a file to the Hatching triage platform

Flags:
  -h, --help   help for triage

Use "smat triage [command] --help" for more information about a command.

all subcommands relating to the urlhaus platform

Usage:
  smat urlhaus [command]

Available Commands:
  check       checks if a url or set of urls exists within urlhaus
  submit      uploads the list of URLs to urlhaus

Flags:
  -h, --help   help for urlhaus

Use "smat urlhaus [command] --help" for more information about a command.
Issues
Owner
Myrtus
Malware researcher focusing on family analysis
Myrtus
Dasel - Select, put and delete data from JSON, TOML, YAML, XML and CSV files with a single tool.

Select, put and delete data from JSON, TOML, YAML, XML and CSV files with a single tool. Supports conversion between formats and can be used as a Go package.

Tom Wright 3.3k Jun 24, 2022
A Connected Graph Generator tool that construct graphs of some given size

graph graph is a Connected Graph Generator tool that construct graphs of some given size. Notice that it generates all possible connected, undirected

Nicolas A Perez 0 Nov 5, 2021
Spanner - A handy tool for visualising Datadog traces

Spanner A minimal tool for visualising Datadog traces ?? Installation You can in

Marcus Crane 0 Jan 2, 2022
Mapreduce - A in-process MapReduce tool to help you to optimize service response time.

mapreduce English | 简体中文 Why we have this repo? mapreduce is part of go-zero, but a few people asked if mapreduce can be used separately. But I recomm

Kevin Wan 99 Jun 22, 2022
All-in-one Network Gateway for Malware analysis

aio-gw [EXPERIMENTAL]: All-in-one Network Gateway for Malware analysis. currently at Alpha stage. HELP NEEDED: if you're keen to contribute to aio-gw,

Ali Mosajjal 2 Jan 30, 2022
Tool for monitoring your Ethereum clients. Client-agnostic as it queries the standardized JSON-RPC APIs

e7mon Tool for monitoring your Ethereum clients. Client-agnostic as it queries the standardized JSON-RPC APIs. However, the execution client should be

null 24 May 28, 2022
Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

Kube-Knark Project Trace your kubernetes runtime !! Kube-Knark is an open source tracer uses pcap & ebpf technology to perform runtime tracing on a de

Chen Keinan 30 May 21, 2022
A golang CLI tool to download malware from a variety of sources.

mlget _____ _____ _____ _____ _____ /\ \

null 84 Jun 15, 2022
Preventing 3rd Party DLLs from Injecting into your Malware

Doge-BlockDLLs Preventing 3rd Party DLLs from Injecting into your Malware ACG(Arbitrary Code Guard)的方式等大佬来实现 Ref https://www.ired.team/offensive-secur

TimWhite 21 Jan 27, 2022
Simple 'UserKit' for Malware written in Go. Startup, Hidden Files, Critical Process and Registry Watcher

GoUserKit Simple UserKit for Malware written in Go Features Makes Process Critical (NtSetInformationProcess) Hides Files Simple Add to Startup (HKCU R

SaturnsVoid 8 May 9, 2022
Ransomware: a type of malware that prevents or limits users from accessing their system

Ransomware Note 1: This project is purely academic, use at your own risk. I do not encourage in any way the use of this software illegally or to attac

null 1 Nov 17, 2021
firedrill is a malware simulation harness for evaluating your security controls

firedrill ?? Malware simulation harness. Build native binaries for Windows, Linux and Mac simulating malicious behaviours. Test the effectiveness of y

FourCore Labs 65 Jun 15, 2022
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Ederson Brilhante 76 Mar 22, 2022
bodyclose is a static analysis tool which checks whether res.Body is correctly closed.

bodyclose is a static analysis tool which checks whether res.Body is correctly closed. Install You can get bodyclose by go get command. $ go

Seiji Takahashi 226 Jun 28, 2022
This static analysis tool works to ensure your program's data flow does not spill beyond its banks.

Go Flow Levee This static analysis tool works to ensure your program's data flow does not spill beyond its banks. An input program's data flow is expl

Google 126 Jun 7, 2022
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

reviewdog - A code review dog who keeps your codebase healthy. reviewdog provides a way to post review comments to code hosting service, such as GitHu

reviewdog 5.2k Jun 27, 2022
A Golang tool that does static analysis, unit testing, code review and generate code quality report.

goreporter A Golang tool that does static analysis, unit testing, code review and generate code quality report. This is a tool that concurrently runs

360 Enterprise Security Group, Endpoint Security, inc. 3k Jun 26, 2022
pprof is a tool for visualization and analysis of profiling data

Introduction pprof is a tool for visualization and analysis of profiling data. pprof reads a collection of profiling samples in profile.proto format a

Google 5.5k Jun 29, 2022
Spaghetti: a dependency analysis tool for Go packages

Spaghetti is an interactive web-based tool to help you understand the dependencies of a Go program, and to explore and evaluate various possible efforts to eliminate dependencies.

Alan Donovan 708 Jun 23, 2022
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox ?? ?? DalFox is a fast, powerful parameter analysis and XSS scanner, bas

HAHWUL 1.9k Jun 30, 2022
Analyzer: zapvet is static analysis tool for zap

zapvet zapvet is static analysis tool for zap. fieldtype: fieldtype finds confliction type of field Install You can get zapvet by go install command (

GoStaticAnalysis 4 Aug 12, 2021
a simple golang SSA viewer tool use for code analysis or make a linter

ssaviewer A simple golang SSA viewer tool use for code analysis or make a linter ssa.html generate code modify from src/cmd/compile/internal/ssa/html.

null 7 May 17, 2022
Retnilnil is a static analysis tool to detect `return nil, nil`

retnilnil retnilnil is a static analysis tool for Golang that detects return nil, nil in functions with (*T, error) as the return type. func f() (*T,

neglect-yp 3 Jun 9, 2022
tfacon is a CLI tool for connecting Test Management Platforms and Test Failure Analysis Classifier.

Test Failure Classifier Connector Description tfacon is a CLI tool for connecting Test Management Platforms and Test Failure Analysis Classifier. Test

Red Hat Quality Engineering 3 Jun 23, 2022
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

reviewdog - A code review dog who keeps your codebase healthy. reviewdog provides a way to post review comments to code hosting service, such as GitHu

reviewdog 5.2k Jun 23, 2022
Bodyclose: a static analysis tool which checks whether res.Body is correctly closed

bodyclose bodyclose is a static analysis tool which checks whether res.Body is correctly closed. Install You can get bodyclose by go get command. $ go

Seiji Takahashi 210 Dec 9, 2021
Metrics go: CudgX indicator management tool, which integrates monitoring and data analysis indicator capabilities

Metrics-Go metrics-go 是cudgx指标打点工具,它集成了监控和数据分析指标能力。 数据流程 指标数据流程为: 用户代码调用打点 SDK指标

Galaxy-Future 10 Mar 1, 2022