SkillAgentSearch skills...

Mbzr

A cli tool to interact with MalwareBazaar API

GenerateConvertImprove

Install / Use

/learn @andpalmier/Mbzr
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

mbzr - MalwareBazaar CLI Client

A command-line tool for interacting with the MalwareBazaar API.

Part of the abuse.ch CLI toolkit - This project is part of a collection of CLI tools for interacting with abuse.ch services:

  • urlhs - URLhaus (malware URL database)
  • tfox - ThreatFox (IOC database)
  • yrfy - YARAify (YARA scanning)
  • mbzr - MalwareBazaar (malware samples)

Go Report Card License: AGPL v3

Features

  • ✅ Uses only Go standard libraries
  • 📝 JSON output for easy parsing
  • ⚡️ Built-in rate limiting (10 req/s)
  • 🐳 Docker, Podman, and Apple container support

Installation

Using Homebrew

brew install andpalmier/tap/mbzr

Using Go

go install github.com/andpalmier/mbzr@latest

Using Container (Docker/Podman)

# Pull pre-built image
docker pull ghcr.io/andpalmier/mbzr:latest

# Or build locally
docker build -t mbzr .

From Source

git clone https://github.com/andpalmier/mbzr.git
cd mbzr
make build

Quick Start

  1. Get your API key from abuse.ch Authentication Portal

  2. Set your API key:

export ABUSECH_API_KEY="your_api_key_here"
  1. Query samples by tag:
mbzr query -tag Emotet -limit 10

Usage

Commands

| Command | Description | |---------|-------------| | query | Query samples by hash, tag, signature, file type, etc. | | download | Download a malware sample by SHA256 hash | | upload | Upload a file or directory to MalwareBazaar | | comment | Add a comment to a malware sample | | latest | Get latest malware samples | | cscb | Query the Code Signing Certificate Blocklist | | version | Show version information |

Query Samples

# By hash (SHA256, SHA1, or MD5)
mbzr query -hash ac25758feaf1ba3fe21e02e29681b2addc0246b507e4f6641a68d4baf73c9652

# By tag
mbzr query -tag Emotet -limit 50

# By signature
mbzr query -signature "Trojan.Generic"

# By file type
mbzr query -file_type exe

# By ClamAV signature
mbzr query -clamav "Win.Trojan.Agent"

# By YARA rule
mbzr query -yara rule_name

# By imphash
mbzr query -imphash 1234567890abcdef1234567890abcdef

# By TLSH
mbzr query -tlsh T1A5B...

Download Samples

mbzr download -sha256 ac25758feaf1ba3fe21e02e29681b2addc0246b507e4f6641a68d4baf73c9652

Note: Downloaded files are saved as <sha256>.zip (password: infected)

Upload Samples

# Single file
mbzr upload -file malware.exe -tags trojan,banker

# Directory
mbzr upload -dir /path/to/samples -tags malware

# Anonymous upload
mbzr upload -file sample.exe -anonymous

Get Latest Samples

# Last 60 minutes
mbzr latest

# Last 100 samples
mbzr latest -selector 100

Container Usage

# Run with Docker
docker run --rm -e ABUSECH_API_KEY="your_key" ghcr.io/andpalmier/mbzr query -tag Emotet

# Run with Podman
podman run --rm -e ABUSECH_API_KEY="your_key" ghcr.io/andpalmier/mbzr query -tag Emotet

# Run with Apple container
container run --rm -e ABUSECH_API_KEY="your_key" ghcr.io/andpalmier/mbzr query -tag Emotet

# Mount volume for downloads
docker run --rm -e ABUSECH_API_KEY="your_key" -v $(pwd):/data ghcr.io/andpalmier/mbzr download -sha256 <hash>

Environment Variables

| Variable | Description | |----------|-------------| | ABUSECH_API_KEY | Your abuse.ch API key (required) |

License

This project is licensed under the AGPLv3 License - see the LICENSE file for details.

Acknowledgments

andpalmier

View profile

View on GitHub
GitHub Stars5
CategoryDevelopment
Updated1d ago
Forks3
andpalmier/mbzr

Languages

Go

Security Score

90/100

Audited on Mar 25, 2026

No findings