maltrieve
maltrieve copied to clipboard
krmaxwell
A tool to retrieve malware directly from the source for security researchers.
``` (venv)kmaxwell@newton:~/src/maltrieve(master)$ caniusepython3 -r requirements.txt Finding and checking dependencies ... [WARNING] Stale overrides: set([u'python-neutronclient']) You need 2 projects to transition to Python 3. Of those 2 projects, 1 has no...
white_list = application/pdf,application/x-dosexec,application/x-rar-compressed,application/octet-stream,application/zip,application/x-zip-compressed,application/x-zip,application/msword,application/msexcel,application/msaccess,application/java-archive,application/postscript,application/rtf,application/x-macbinary,application/x-sh
A user recently mentioned an interesting use case to me, where they use Maltrieve to monitor for appearance of specific new hashes. They throw everything else away. We could support...
Make sure we're logging the right things at the right times. For example, when discarding a download because the md5 sum matched an existing piece of malware.
When the archives are downloaded, it would be nice to maintain the original file extension, so it is easier to use them later.
Minotaur seems to be live again, but the URL has changed.
http://www.malwareblacklist.com/showMDL.php should be added later when it functions correctly
Setting logheaders in the configuration file actually has no effect. We should log this.
Does it have some sort of download size filter? So we can avoid downloading a 1GB file?