Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge pull request #1 from ytisf/master #80

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ Thumbs.db
$RECYCLE.BIN/
Desktop.ini
conf/eula_run.conf
.git/

# Egg
logo/
Expand All @@ -33,6 +32,3 @@ develop-eggs/

# Installer logs
pip-log.txt

imports/*.pyd
imports/*.pyc
25 changes: 11 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
About
======
theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way.
theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.
theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.

**theZoo is open and welcoming visitors!**
Disclaimer
Expand All @@ -15,7 +15,7 @@ We recommend running them in a VM which has no internet connection (or an intern

GPL 3
======
theZoo - the most awesome free malware database on the air
theZoo - the most awesome free malware database on the air
Copyright (C) 2015, Yuval Nativ, Lahad Ludar, 5fingers

This program is free software: you can redistribute it and/or modify
Expand Down Expand Up @@ -54,10 +54,10 @@ Malware source code :)

## Directory Structure:
Each directory is composed of 4 files:
- Malware files in an encrypted ZIP archive.
- SHA256 sum of the 1st file.
- Malware files in an encrypted ZIP archive.
- SHA256 sum of the 1st file.
- MD5 sum of the 1st file.
- Password file for the archive.
- Password file for the archive.



Expand Down Expand Up @@ -86,22 +86,19 @@ An example line will look as follow:

Bugs and Reports
================
The repository holding all files is currently
The repository holding all files is currently
https://github.com/ytisf/theZoo

## Submit Malware
Get the file you want to submit and just run `python prep_file.py file_tosubmit.exe`. It will create a directory for you. Then just submit that along with the changes to the `conf/maldb.db` so that we know which malware it is.

## Change Log for v0.60:
- [x] Moved DB to SQLite3.
- [x] Searching overhaul to a freestyle fashion.
- [x] Fixed "get" command.
- [x] More & more malwares.

## Change Log for v0.50:
- [x] Better and easier UI.
- [x] Aligned printing of malwares.
- [x] Command line arguments are now working.
- [x] Better and easier UI.
- [x] Aligned printing of malwares.
- [x] Command line arguments are now working.
- [x] Added 10 more malwares (cool ones) to the DB.

## Change Log for v0.42:
Expand All @@ -127,7 +124,7 @@ Get the file you want to submit and just run `python prep_file.py file_tosubmit.
## Predicted Change Log for v1.0
- [X] Fix auto-complete for malware frameworks. (thanks to 5fingers)
- [X] Consider changing DB to XML or SQLite3. (Sheksa - done :))
- [X] Better UI features.
- [ ] Fix and make 'light' version without malwares with _MalwareFetch function.
- [ ] Move malwares to another repo.
- [ ] Better UI features.

If you have any suggestions or malware that you have indexed (in the manner laid out in the documentation) please send it to us to - yuval[]morirt [dot]com - so we can add it for everyones enjoyment.
2 changes: 1 addition & 1 deletion conf/db.ver
Original file line number Diff line number Diff line change
@@ -1 +1 @@
180210052018
105509082014
Binary file modified conf/maldb.db
Binary file not shown.
15 changes: 2 additions & 13 deletions imports/colors.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/usr/bin/env python

import os
import os

BOLD = ''
NORM = ''
Expand All @@ -24,17 +24,6 @@
BOLD = '\033[01m'
UNDERLINE = '\033[04m'

else:
PURPLE = ''
BLUE = ''
GREEN = ''
YELLOW = ''
RED = ''
WHITE = ''
MAGENTA = ''
BOLD = ''
UNDERLINE = ''


def bold(str):
return BOLD + str + WHITE
Expand All @@ -58,4 +47,4 @@ def yellow(str):
return YELLOW + str + WHITE

def white(str):
return WHITE + str + WHITE
return WHITE + str + WHITE
8 changes: 4 additions & 4 deletions imports/eula_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,13 @@ def prompt_eula(self):
notice += '| ATTENTION!!! ATTENTION!!! ATTENTION!!! |\n'
notice += '| ' + globals.vars.appname + ' v' + globals.vars.version + ' |\n'
notice += '|___________________________________________________________________________|\n'
notice += '|This program contains live and dangerous malware files. |\n'
notice += '|This program contains live and dangerous malware files |\n'
notice += '|This program is intended to be used only for malware analysis and research |\n'
notice += '|and by agreeing the EULA you agree to use it only for legal purposes and |\n'
notice += '|for studying malware. |\n'
notice += '|and by agreeing the EULA you agree to only use it for legal purposes and |\n'
notice += '|studying malware. |\n'
notice += '|You understand that these file are dangerous and should only be run on VMs |\n'
notice += '|you can control and know how to handle. Running them on a live system will |\n'
notice += '|infect your machines with live and dangerous malwares! |\n'
notice += '|infect you machines will live and dangerous malwares!. |\n'
notice += '|___________________________________________________________________________|\n'
print(red(notice))
eula_answer = raw_input(
Expand Down
88 changes: 2 additions & 86 deletions imports/globals.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,9 @@ class vars:
# DEBUG_LEVEL 0 = NO DEBUGGING
# DEBUG_LEVEL 1 = DEBUG DOWNLOADS
# DEBUG_LEVEL 2 = DEBUG SQL QUERIES

DEBUG_LEVEL = 0

fulllicense = appname + " Copyright (C) 2017 " + authors + "\n"
fulllicense = appname + " Copyright (C) 2016 " + authors + "\n"
fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + \
sys.argv[0] + " -w'.\n"
fulllicense += "This is free software, and you are welcome to redistribute it."
Expand All @@ -107,7 +106,7 @@ class vars:
db_ver = f.read()

# ASCII Art is a must...
screen = random.randrange(1, 6)
screen = random.randrange(1, 4)

if screen is 1:
maldb_banner = "\n"
Expand Down Expand Up @@ -159,86 +158,3 @@ class vars:
maldb_banner += " built by: " + authors + "\n"
maldb_banner += " maintained by: " + ', '.join(maintainers) + "\n"
maldb_banner += " github: " + giturl + "\n\n"

elif screen is 4:
maldb_banner = "\n"
maldb_banner += ". .. .\n"
maldb_banner += "|\ || /|\n"
maldb_banner += "| \ || / |\n"
maldb_banner += "| \ || / |\n"
maldb_banner += "| :\___JL___/ |\n"
maldb_banner += "| :|##XLJ: :| |\n"
maldb_banner += "'\ :|###||: X| /'\n"
maldb_banner += " \:|###||:X#| /\n"
maldb_banner += " |==========|\n"
maldb_banner += " |###XXX;;|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##Xn:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##Xn:: :|\n"
maldb_banner += " |##XX:: n|\n"
maldb_banner += " |##XX:: U|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##Xn:: :|\n"
maldb_banner += " |##XU:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: n|\n"
maldb_banner += " |##XX:: U|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##XX:: :|\n"
maldb_banner += " |##Xn:: :|\n"
maldb_banner += " |##XU:: :|\n"
maldb_banner += " |##Xn:: :|\ttheZoo " + version + "\n"
maldb_banner += " |##XU:: :|\t " + giturl + "\n"
maldb_banner += " |##XX:: :|\tauthors: " + authors + "\n"
maldb_banner += " |##XX:: :|\tmaintained by: " + ', '.join(maintainers) + "\n"
maldb_banner += " |##XX:: :|\tgithub: " + giturl + "\n"
maldb_banner += " |##,_,: :|\n"
maldb_banner += " |./ T \.:|\n"
maldb_banner += " || o|o |:|\n"
maldb_banner += " || | |:|\n"
maldb_banner += " .============.\n"
maldb_banner += " .==============.\n"
maldb_banner += ".================.\n\n"

elif screen is 5:
maldb_banner = "\n"
maldb_banner += "_______________________________________\n"
maldb_banner += "|\ ___________________________________ /|\n"
maldb_banner += "| | _ _ | |\n"
maldb_banner += "| |(+) _ _ (+)| |\n"
maldb_banner += "| | ~ _--/ \--_ ~ | |\n"
maldb_banner += "| | / / \ \ | |\n"
maldb_banner += "| | / | | \ | |\n"
maldb_banner += "| | / | | \ | |\n"
maldb_banner += "| | | | _______ | | | |\n"
maldb_banner += "| | | | \ / | | | |\n"
maldb_banner += "| | \ \_ | | _/ / | |\n"
maldb_banner += "| | \ -__| |__- / | |\n"
maldb_banner += "| | \_ _/ | |\n"
maldb_banner += "| | --__ __-- | |\n"
maldb_banner += "| | --| |-- | |\n"
maldb_banner += "| | | | | |\n"
maldb_banner += "| | | | | |\n"
maldb_banner += "| | | | |\n"
maldb_banner += "| | | |\n"
maldb_banner += "| | T H E Z O O | |\n"
maldb_banner += "| | I S G O O D F O R Y O U | |\n"
maldb_banner += "| | _ %s _ | |\n" % version
maldb_banner += "| |(+) (+)| |\n"
maldb_banner += "| | ~ ~ | |\n"
maldb_banner += "|/ ----------------------------------- \|\n"
maldb_banner += "---------------------------------------\n"
maldb_banner += "\tmaintained by: %s\n" % ', '.join(maintainers)
maldb_banner += "\tgiturl: %s\n" % giturl
maldb_banner += "\tauthors: %s\n" % authors
Loading