Pyth3rNalisis is a powerful and modular Python-based analysis tool aimed at file analysis with a focus on malware detection. It is designed to be easily extensible, allowing users to add custom functionality through additional modules.
- Automated Malware Detection: Automatically detect potential malware based on file signatures and patterns.
- Metadata Extraction: Extract and analyze metadata from various file formats.
- Comprehensive Logging: Keep detailed logs of all analysis processes for audit and review purposes.
- Modular Design: Custom modules can be integrated into the tool to extend its functionality.
- Cross-Platform: Works on both Windows and Unix-based systems.
The project is organized as follows:
Pyth3rNalisis/
│
├── docs/ # Documentation files
│
├── examples/ # Example scripts and files demonstrating the tool’s usage
│
├── src/ # Source code of the project
│ ├── Pyth3rNalisis.py # Main script to run the analysis tool
│ └── modules/ # Directory for additional modules
│
└── tests/ # Test files for validating the tool’s functionality
├── malware/ # Test files containing malware-like signatures
└── not_malware/ # Test files that do not contain malware
pip install Pyth3rNalisis- Clone the repository:
git clone https://github.com/Pyth3rEx/Pyth3rNalisis.git
- Navigate to the project directory:
cd Pyth3rNalisis - Create and activate a virtual environment:
python3 -m venv env source env/bin/activate # On Windows use \`env\Scripts\activate\`
- Install dependencies:
pip install -r src/requirements.txt
To run the analysis tool and display it's options, execute the main script:
Pyth3rNalisis -h -h, --help Show the help message for the app
-f FILE, --file FILE File to perform analisis on
-H, --hashing Perform hashing analisis on the file | Will check the file's hash against publicly known malware hashes on online databases
-e, --extension Check for extension anomaly | Will perform both a magic number analisis and a filetype analisis and present the results against the declared filetype
-E, --entropy Check for unusal entropy in file | High entropy can indicate obfuscation or encryption of data in the file
-C, --CommandAndControl Check for command and control elements embedded in the file | High entropy can indicate obfuscation or encryption of data in the file
-m, --metadata Check for metadata anomaly | Will return data dependent on the file type provided, will overline anomalies such as incoherent dates, author names and such
Pyth3rNalisis -f exampleFile.abc -eE | Check extensions and entropy of file exampleFile.abc
Pyth3rNalisis -f exampleFile.bin -C | Check for emails and IPs in binary file exampleFile.bin
For more detailed usage, refer to the documentation in the `docs/` directory.
Contributions are welcome! Please see the CONTRIBUTING for details.
This project is licensed under the GNU V3 License - see the LICENSE file for details.