An advanced malware detection system with 8 real threat intelligence engines for comprehensive malware analysis and threat detection.
π LIVE DEPLOYMENT: https://mern-malware-checker-dv9mkfafd-aditya-pawades-projects.vercel.app
β Successfully deployed on Vercel with 8 real API integrations!
- π Multi-Engine Analysis: 8 real threat intelligence APIs working in parallel
- β‘ Instant Results: Real-time analysis from multiple security vendors
- π― High Accuracy: Cross-verification across multiple threat databases
- π Comprehensive Reports: Detailed analysis from each security engine
- π Engine Details: View individual engine results and capabilities
- VirusTotal: Community-based malware detection with 70+ engines
- MalwareBazaar: Fresh malware samples database
- AbuseIPDB: IP reputation and threat intelligence
- MetaDefender: Multi-scanning with 40+ anti-malware engines
- URLVoid: Website safety and reputation checking
- ThreatCrowd: Open source threat intelligence
- Static Analysis: PE file analysis and entropy calculation
- NeuroSec Scanner: Custom AI-powered detection engine
- Real-time Analysis: Parallel processing across all engines
- Engine Details Tab: View individual engine capabilities and results
- Professional UI: GitHub Dark theme with responsive design
- Progress Tracking: Real-time status updates during analysis
- Error Handling: Graceful handling of API timeouts and errors
- Cross-Platform: Works on Windows, Mac, and Linux
- Modern Web Browser (Chrome, Firefox, Safari, Edge)
- Internet Connection (for accessing the live deployment)
- Node.js (v14 or higher)
- API Keys for threat intelligence engines:
- VirusTotal API Key (free at VirusTotal)
- AbuseIPDB API Key (free at AbuseIPDB)
- MetaDefender API Key (free at MetaDefender)
- URLVoid API Key (free at URLVoid)
Simply visit: https://mern-malware-checker-dv9mkfafd-aditya-pawades-projects.vercel.app
- Upload a file or enter a URL for analysis
- Click "Analyze" to start multi-engine scanning
- View results from all 8 security engines
- Check "Engine Details" tab for individual engine information
- Download report if needed for documentation
# Run the automated installation script
INSTALL.bat
# Start both servers
START.batcd server
# Install Node.js dependencies
npm install
# Install Python dependencies
pip install -r requirements.txtcd client
# Install React dependencies
npm installCreate .env file in the server/ directory:
VIRUSTOTAL_API_KEY=your_virustotal_api_key_herecd server
npm start
# Server runs on http://localhost:5001cd client
npm start
# React app runs on http://localhost:3000The scanner requires these Python packages:
yara-python: YARA rule matchingpefile: PE file analysispython-magic: File type detectionargparse: Command line parsing
neurosec-malware-scanner/
βββ client/ # React frontend
β βββ src/
β β βββ App.js # Enhanced UI with structured JSON display
β β βββ App.css # GitHub dark theme styling
β βββ package.json
βββ server/ # Node.js backend
β βββ server.js # Enhanced Express server with toggle modes
β βββ scanner.py # Python static analysis with enhanced output
β βββ requirements.txt # Python dependencies
β βββ rules/ # YARA rules directory
β β βββ malware_detection.yar
β β βββ advanced_detection.yar
β βββ package.json
βββ test-files/ # Test files for validation
βββ docs/ # Comprehensive documentation
β βββ HOW_TO_RUN.md
β βββ PROJECT_OVERVIEW.md
β βββ ENHANCED_OUTPUT_FORMAT.md
βββ INSTALL.bat # Windows automated setup
βββ START.bat # Windows startup script
βββ README.md
- File Upload: User uploads a file through the React interface
- Mode Selection: Choose Fast Mode (scanner only, 30s) or Full Mode (VirusTotal + scanner, 3min)
- VirusTotal Analysis: Backend sends file to VirusTotal API (Full Mode only)
- Static Analysis: Python scanner analyzes file locally
- YARA Scanning: Applies custom detection rules
- Result Combination: Merges VirusTotal and scanner results
- Structured Display: Shows results with emoji formatting and clear labels
The system provides structured output with:
- π Testing File: File name and details
- β Status: Processing status (200 - Success)
- π‘οΈ Verdict: Clean/Suspicious/Malicious with color coding
β οΈ Threat Score: Percentage-based threat assessment- π·οΈ Family: Malware family classification
- π― Confidence: Analysis confidence percentage
- π Explanation: Detailed analysis reasoning
- Safe Analysis: Files are analyzed without execution
- Temporary Files: Uploaded files are automatically cleaned up
- YARA Rules: Custom detection patterns for various threats
- Multiple Detection: Combines community intelligence with static analysis
- Toggle Modes: Prevents timeout issues with flexible analysis options
The project includes comprehensive test files:
clean_file.txt- Known clean filesuspicious-script.js- JavaScript with suspicious patternsransomware-simulation.ps1- PowerShell ransomware simulationcrypto-miner.py- Cryptocurrency mining script- And 5 more test files for various scenarios
Create .yar files in server/rules/ directory:
rule MyCustomRule {
meta:
description = "Detects my custom pattern"
family = "MyMalware.Family"
severity = "high"
strings:
$pattern = "suspicious_string"
condition:
$pattern
}Modify server/scanner.py to add new analysis methods:
- Additional file format support
- New suspicious pattern detection
- Enhanced entropy analysis
- Network artifact detection
# Try updating pip first
python -m pip install --upgrade pip
# Install dependencies with verbose output
pip install -r requirements.txt -v# Install Visual C++ Build Tools if needed
# Then install YARA
pip install yara-python# Run with appropriate permissions
sudo pip install -r requirements.txt # Linux/Mac
# Or use --user flag
pip install --user -r requirements.txtThis project is licensed under the ISC License.
Aditya Pawade - adityapawade30@gmail.com
Suyash Jadhav - jadhavsuyash34@gmail.com
Final Year Project - Neurosec Malware Scanner
- Fork the repository
- Create your feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
This tool is for educational and research purposes. Always follow responsible disclosure practices when analyzing potentially malicious files.