Skip to content

mtepenner/pyrus

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
Β 
Β 
Β 
Β 

Repository files navigation

Pyrus: Live Malware Scanner πŸ¦ πŸ”

Pyrus is a lightweight, Python-based malware scanning tool. It dynamically fetches the most recent malware SHA-256 signatures from the MalwareBazaar API and scans a specified local directory to detect potential threats based on file hashes.

πŸ“‘ Table of Contents

πŸš€ Features

  • Live Signature Updates: Automatically fetches the latest malware hashes from MalwareBazaar before every scan.
  • Local Directory Scanning: Recursively scans user-defined directories and subdirectories.
  • SHA-256 Hashing: Securely calculates the SHA-256 hash of local files for comparison.
  • Real-Time Alerts: Triggers critical alerts in the console if a local file matches a known malware signature.
  • Error Handling: Gracefully skips system files or files with restricted permissions without crashing.

πŸ“‹ Prerequisites

Ensure you have the following installed on your system:

  • Python 3.6 or higher
  • pip (Python package installer)

πŸ› οΈ Installation

  1. Clone the repository to your local machine:

    git clone [https://github.com/yourusername/postgrad-pyrus.git](https://github.com/yourusername/postgrad-pyrus.git)
  2. Navigate to the project directory:

    cd postgrad-pyrus
  3. Install the required dependencies:

    pip install requests

πŸ’» Usage

  1. Run the script from your terminal:

    python pyrus.py
  2. The script will first connect to the MalwareBazaar API to load recent threat signatures. Once successful, it will prompt you for a directory to scan:

    --- Connecting to MalwareBazaar API ---
    Successfully loaded 100 recent malware signatures.
    
    Enter the directory path to scan: 
    
  3. Provide the absolute or relative path to the folder you wish to inspect (e.g., C:\Users\Public\Downloads or ./test_folder).

  4. Review the scan results in your terminal.

🧰 Technologies Used

  • Python 3: Core logic and scripting.
  • Requests: Handling HTTP POST requests to the API.
  • Hashlib: Built-in Python library for generating SHA-256 file hashes.
  • MalwareBazaar API: Source for up-to-date threat intelligence.

🀝 Contributing

Contributions, issues, and feature requests are welcome!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

πŸ“„ License

Distributed under the MIT License. See LICENSE for more information.

⚠️ Disclaimer

This tool relies on known hash signatures and is intended for educational and basic screening purposes. It does not utilize heuristics or behavioral analysis and should not replace a comprehensive Endpoint Detection and Response (EDR) or Antivirus solution.

About

A lightweight Python malware scanner that fetches live threat signatures from the MalwareBazaar API to detect malicious files in local directories.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages