SkillAgentSearch skills...

MalwareBazaarHunter

MalwareBazaarHunter is a Python tool that leverages the MalwareBazaar and VirusTotal APIs to automatically filter low-detection malware samples, helping security researchers identify potentially overlooked threats.

GenerateConvertImprove

Install / Use

/learn @Fadouse/MalwareBazaarHunter
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

MalwareBazaarHunter

MalwareBazaarHunter is a Python-based security tool designed to fetch the latest malware samples from the MalwareBazaar API and then use the VirusTotal API to filter out samples based on their detection ratio. This helps security researchers quickly pinpoint potentially overlooked threats for further analysis.

Features

  • Sample Querying: Query the latest malware samples from the MalwareBazaar API using specified tags, numbers, and file types.
  • Detection Ratio Filtering: Retrieve detection statistics from the VirusTotal API and filter samples based on a user-defined threshold.
  • Sample Downloading: Automatically download filtered malware samples with support for streaming large files.
  • Efficient HTTP Requests: Utilizes requests.Session to reuse connections and improve performance.
  • Robust Logging: Implements detailed logging using Python's built-in logging module for easier debugging and error tracking.

Installation

  1. Clone the Repository

    git clone https://github.com/Fadouse/MalwareBazaarHunter.git
cd MalwareBazaarHunter

  2. Set Up a Virtual Environment and Install Dependencies

    It is recommended to use a virtual environment:

    python3 -m venv venv
# On Linux/MacOS:
source venv/bin/activate
# On Windows:
venv\Scripts\activate

    Install the required package:

    pip install requests

Configuration

Before running the tool, update the following parameters in the main() function of the script:

  • VT_API_KEY: Your VirusTotal API key.
  • MB_AUTH_KEY: Your MalwareBazaar Auth Key.
  • TAG: The malware tag to query (e.g., "rat").
  • TYPES: The malware file type to fittering (e.g, '["exe", "js", "ps1", "msi", "bat", "lnk", "vbs"]').
  • AMOUNT: The numbers of malware files retrieved from MalwareBazaar (default is 50).
  • MAX_DETECTION_RATIO: The maximum detection ratio threshold (e.g., 0.2 for 20%).
  • DOWNLOAD_DIR: The directory where downloaded samples will be stored (default is samples).

Make sure to replace the placeholder API key with your actual VirusTotal API key.

Usage

Run the main script directly:

python main.py

The tool will perform the following steps:

  1. Query the MalwareBazaar API for the latest malware samples based on the specified tag.
  2. Retrieve each sample's detection ratio from the VirusTotal API.
  3. Filter out samples whose detection ratio exceeds the specified threshold and save the sample data in a JSON file within the results directory.
  4. Automatically download the filtered samples into the samples directory.

Contributing

Contributions are welcome! Feel free to open issues or submit pull requests to help improve the project. Please adhere to the project's coding conventions and guidelines when contributing.

License

This project is licensed under the MIT License.

Note: This tool is intended for educational and security research purposes only. Please use it responsibly and in accordance with all applicable laws and regulations.

Fadouse

View profile

View on GitHub
GitHub Stars4
CategoryEducation
Updated6mo ago
Forks0
Fadouse/MalwareBazaarHunter

Languages

Python

Security Score

82/100

Audited on Sep 7, 2025

No findings