# ThreatHunter
A python malware detection, analysis and reverse ngineering toolkit.
This is a Linux command-line interface (CLI) utility that use YARA , Capstone ,Redare2 among otheres to detect analyze and reverse engineer malware.
This is still a work in progress version, great things are underway.
## Installation
1. Install via pip:
```shell
pip install ThreatHunter
```
2. Install from github:
```shell
pip install git+https://github.com/skye-cyber/ThreatHunter.git
```
## Usage
To run the CLI app, use the following command:
```shell
ThreatHunter [option]
```
Replace `[options]` with the appropriate command-line options.
## Available Options
- `-p/--path`:path to directory or file to scan
- `-v/--verbose`: Show all infor. By default screen clering is on so only one line of output show per time,
pass verbose to prevent screen cleaning.
verbose mode can be useful when work to e done is minimal
## Examples
1. Example command 1:
```shell
ThreatHunter -p /home/user/Documents/
```
```shell
ThreatHunter -p /home/user/Documents/ -v
```
The toolkit will scan all the files and folder in the `/home/user/Documents/` directory and it's nested
files and folders to the last child.
`-p` also accepts file input
2. Scan working directory
```shell
ThreatHunter
```
```shell
ThreatHunter -v
```
Giving no option as in the above case, the toolkit will recursively scan the current directory (working directory)
## Adding rule(s) to the existing rules
```shell
ThreatHunter --add @foo
```
where ``@foo`` is the rule file, folder or even rule in text form
## Using exclusive rule
You may also want to rune scan using a given rule only, that case, you can follow this format
```shell
ThreatHunter --use @foo -p
```
where ``@foo`` is the rule file, folder or rule itself.
if ``-u/--use`` is used, then ``-p/--path`` must be provided
## Contributing
Feel free to submit any suggestions!
Contributions are welcome! If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request.
## License
This project is an open source software. Under GPL-3.0 license
Feel free to modify and customize this template according to your specific project requirements and add any additional sections or information that you think would be helpful for users.
Raw data
{
"_id": null,
"home_page": null,
"name": "ThreatHunter",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3",
"maintainer_email": null,
"keywords": "MalwareDART, ThreatHunter, malware, malware-analysis, malware-scan, malware-detection, trojan, virus",
"author": "Wambua aka Bullet Angel",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/e9/51/1f0b733bb0c1e17de1bfe417bd86e4de421866f1eee2e29888512877d507/ThreatHunter-1.1.4.tar.gz",
"platform": null,
"description": "# ThreatHunter\nA python malware detection, analysis and reverse ngineering toolkit.\nThis is a Linux command-line interface (CLI) utility that use YARA , Capstone ,Redare2 among otheres to detect analyze and reverse engineer malware.\nThis is still a work in progress version, great things are underway.\n\n## Installation\n\n1. Install via pip:\n\n ```shell\n pip install ThreatHunter\n ```\n2. Install from github:\n\n ```shell\n pip install git+https://github.com/skye-cyber/ThreatHunter.git\n ```\n## Usage\n\nTo run the CLI app, use the following command:\n\n```shell\nThreatHunter [option]\n```\n\nReplace `[options]` with the appropriate command-line options.\n\n## Available Options\n\n- `-p/--path`:path to directory or file to scan\n- `-v/--verbose`: Show all infor. By default screen clering is on so only one line of output show per time,\npass verbose to prevent screen cleaning.\nverbose mode can be useful when work to e done is minimal\n\n## Examples\n\n1. Example command 1:\n\n ```shell\n ThreatHunter -p /home/user/Documents/\n ```\n\n ```shell\n ThreatHunter -p /home/user/Documents/ -v\n ```\n\n The toolkit will scan all the files and folder in the `/home/user/Documents/` directory and it's nested\n files and folders to the last child.\n `-p` also accepts file input\n\n2. Scan working directory\n ```shell\n ThreatHunter\n ```\n ```shell\n ThreatHunter -v\n ```\nGiving no option as in the above case, the toolkit will recursively scan the current directory (working directory)\n\n## Adding rule(s) to the existing rules\n```shell\nThreatHunter --add @foo\n```\nwhere ``@foo`` is the rule file, folder or even rule in text form\n\n## Using exclusive rule\nYou may also want to rune scan using a given rule only, that case, you can follow this format\n```shell\nThreatHunter --use @foo -p\n```\nwhere ``@foo`` is the rule file, folder or rule itself.\nif ``-u/--use`` is used, then ``-p/--path`` must be provided\n## Contributing\nFeel free to submit any suggestions!\n\nContributions are welcome! If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request.\n\n## License\n\nThis project is an open source software. Under GPL-3.0 license\n\n\nFeel free to modify and customize this template according to your specific project requirements and add any additional sections or information that you think would be helpful for users.\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": null,
"version": "1.1.4",
"project_urls": null,
"split_keywords": [
"malwaredart",
" threathunter",
" malware",
" malware-analysis",
" malware-scan",
" malware-detection",
" trojan",
" virus"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "ae5a602685fbadf672ebca36a73e6464c926331654c986791bde49e0069404d0",
"md5": "bcb51eaa6f1a6516e784a5c491a900b0",
"sha256": "ae426628e148554484c7e38e02d833a4f5e8b04c6a81f1e3739020ba7379e31c"
},
"downloads": -1,
"filename": "ThreatHunter-1.1.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "bcb51eaa6f1a6516e784a5c491a900b0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3",
"size": 12662185,
"upload_time": "2024-06-29T12:53:27",
"upload_time_iso_8601": "2024-06-29T12:53:27.418402Z",
"url": "https://files.pythonhosted.org/packages/ae/5a/602685fbadf672ebca36a73e6464c926331654c986791bde49e0069404d0/ThreatHunter-1.1.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e9511f0b733bb0c1e17de1bfe417bd86e4de421866f1eee2e29888512877d507",
"md5": "c95bd50b825598d850673451c554a0cb",
"sha256": "2e08ab6ed938c962aee66a682fb95d9d5a151f2f748d3d9fb1128cdb68575106"
},
"downloads": -1,
"filename": "ThreatHunter-1.1.4.tar.gz",
"has_sig": false,
"md5_digest": "c95bd50b825598d850673451c554a0cb",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3",
"size": 1479093,
"upload_time": "2024-06-29T12:53:41",
"upload_time_iso_8601": "2024-06-29T12:53:41.917426Z",
"url": "https://files.pythonhosted.org/packages/e9/51/1f0b733bb0c1e17de1bfe417bd86e4de421866f1eee2e29888512877d507/ThreatHunter-1.1.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-29 12:53:41",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "threathunter"
}
JSON