diff --git a/README.md b/README.md index 82599a6..dff2814 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ About ====== theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. -theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev. +theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev. **theZoo is open and welcoming visitors!** Disclaimer @@ -15,7 +15,7 @@ We recommend running them in a VM which has no internet connection (or an intern GPL 3 ====== -theZoo - the most awesome free malware database on the air +theZoo - the most awesome free malware database on the air Copyright (C) 2015, Yuval Nativ, Lahad Ludar, 5fingers This program is free software: you can redistribute it and/or modify @@ -54,10 +54,10 @@ Malware source code :) ## Directory Structure: Each directory is composed of 4 files: -- Malware files in an encrypted ZIP archive. -- SHA256 sum of the 1st file. +- Malware files in an encrypted ZIP archive. +- SHA256 sum of the 1st file. - MD5 sum of the 1st file. -- Password file for the archive. +- Password file for the archive. @@ -86,9 +86,12 @@ An example line will look as follow: Bugs and Reports ================ -The repository holding all files is currently +The repository holding all files is currently https://github.com/ytisf/theZoo +## Submit Malware +Get the file you want to submit and just run `python prep_file.py file_tosubmit.exe`. It will create a directory for you. Then just submit that along with the changes to the `conf/maldb.db` so that we know which malware it is. + ## Change Log for v0.60: - [x] Moved DB to SQLite3. - [x] Searching overhaul to a freestyle fashion. @@ -96,9 +99,9 @@ The repository holding all files is currently - [x] More & more malwares. ## Change Log for v0.50: -- [x] Better and easier UI. -- [x] Aligned printing of malwares. -- [x] Command line arguments are now working. +- [x] Better and easier UI. +- [x] Aligned printing of malwares. +- [x] Command line arguments are now working. - [x] Added 10 more malwares (cool ones) to the DB. ## Change Log for v0.42: diff --git a/prep_file.py b/prep_file.py new file mode 100644 index 0000000..bb4a824 --- /dev/null +++ b/prep_file.py @@ -0,0 +1,60 @@ +#!/usr/bin/python + +import os +import sys +import zipfile +import hashlib +import subprocess + + +OUTPUT_FOLDER = "OUTPUT" + + +def _help(): + print("Please run with '%s filename'." % sys.argv[0]) + return + +def _Do(file_path): + if not os.path.isfile(file_path): + _help() + print("Seems like '%s' is not a file." % file_path) + sys.exit(1) + + try: + os.mkdir(OUTPUT_FOLDER) + except OSError: + print("Folder exists. Please remove it before continuing.") + sys.exit(1) + + if "\\" in file_path: + filename = file_path.split("\\")[:-1] + elif "/" in file_path: + filename = file_path.split("/")[:-1] + else: + filename = file_path + + # Create ZIP Archive: + try: + rc = subprocess.call(['7z', 'a', '-pinfected', '-y', '%s/%s.zip' % (OUTPUT_FOLDER, filename)] + [file_path]) + except: + print("Seems like you don't have 7z in your path. Please install or add with:\n\tbrew install 7zip #(OSX)\n\tsudo apt-get install p7zip-full #(Linux)") + sys.exit(1) + + compressed_path = '%s/%s.zip' % (OUTPUT_FOLDER, filename) + print("Created ZIP Archive.") + md5sum = hashlib.md5(open(compressed_path, 'rb').read()).hexdigest() + sha1sum = hashlib.sha1(open(compressed_path, 'rb').read()).hexdigest() + open("%s/%s.md5" % (OUTPUT_FOLDER, filename), 'w').write(md5sum) + open("%s/%s.sha" % (OUTPUT_FOLDER, filename), 'w').write(sha1sum) + open("%s/%s.pass" % (OUTPUT_FOLDER, filename), 'w').write("infected") + return True + + +if __name__ == "__main__": + if len(sys.argv) != 2: + _help() + sys.exit(1) + _Do("README.md") + print("Please don't forget to add details to 'conf/maldb.db'.") + print("Thanks for helping us get this accessible to everyone.") + print("")