Caution
Caution, this program downloads real malware samples. Always use this in a secure and isolated environment.
A minimal Python wrapper for the MalwareBazaar API π§ͺ, designed to simplify interaction with the malware sample repository provided by abuse.ch.
- π Search for malware samples by:
- π·οΈ Tag
- File Type
- Hash (SHA256)
- π₯ Download malware samples
The lib need 7z Command Line tool:
sudo apt install 7zipInstall the lib via pip:
pip install Create a new bazaar Instance:
from mawarebazaar import Bazaar
bazaar = Bazaar(api_key='your-api-key')Use functions like query_tag:
bazaar.query_tag('mirai', 100)| Feature | Supported |
|---|---|
| Submission Policy | β |
| Submit (upload) a malware sample | β |
| Retrieve (download) a malware sample | β |
| Query a malware sample (hash) | β (Only SHA256) |
| Query tag | β |
| Query signature | β |
| Query filetype | β |
| Query ClamAV signature | β |
| Query imphash | β |
| Query TLSH | β |
| Query telfhash | β |
| Query gimphash | β |
| Query icon dhash | β |
| Query YARA rule | β |
| Query Code Signing Certificates (by Issuer CN) | β |
| Query Code Signing Certificates (by Subject CN) | β |
| Query Code Signing Certificates (by Serial Number) | β |
| Update an entry | β |
| Add a comment | β |
| Query latest malware samples (recent additions) | β |
| Query Code Signing Certificate Blocklist (CSCB) | β |
Contributions are very welcome! π Whether it's fixing a bug π, improving the docs π, or adding a new feature π β feel free to submit a pull request.