_______ _______ _______ ______ _____ _______ _ _ _______
| | | |_____| | | |_____/ | |______ \ / |______
| | | | | |_____ | | \_ __|__ |______ \/ |______
Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites, including:
These lists will be implemented if/when they return to activity.
Other improvements include:
- Proxy support
- Multithreading for improved performance
- Logging of source URLs
- Multiple user agent support
- Better error handling
- VxCage, * Viper and Cuckoo Sandbox support
Maltrieve requires the following dependencies:
- Python 2 (2.6 should be sufficient)
- BeautifulSoup version 4
- feedparser
- python-magic
- Requests
These can all be found in requirements.txt. These can be installed locally using pip install -r requirements.txt. You may need to prepend that with sudo if not running in a virtual environment.
Basic execution: python maltrieve.py
usage: maltrieve.py [-h] [-p PROXY] [-d DUMPDIR] [-l LOGFILE] [-x] [-c] [-v]
optional arguments:
-h, --help show this help message and exit
-p PROXY, --proxy PROXY
Define HTTP proxy as address:port
-d DUMPDIR, --dumpdir DUMPDIR
Define dump directory for retrieved files
-l LOGFILE, --logfile LOGFILE
Define file for logging progress
-x, --vxcage Dump the file to a VxCage instance
-v, --viper Dump the file to a Viper instance
-c, --cuckoo Enable cuckoo analysis
Many of Maltrieve's command line options can be specified in maltrieve.cfg.
Released under GPL version 3. See the LICENSE file for full details.
We list all the bugs we know about (plus some things we know we need to add) at the Github issues page.
Aside from pull requests, non-developers can open issues on Github. Things we'd really appreciate:
- Bug reports, preferably with error logs
- Suggestions of additional sources for malware lists
- Descriptions of how you use it and ways we can improve it for you
Check the contributing guide for details. If you'd prefer not to open an issue, you can contact me on Twitter or email.