Skip to content

Mili-NT/BinBot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

313 Commits
utils
utils
 
 
yara_rules
yara_rules
 
 
.gitignore
.gitignore
 
 
BinBot.py
BinBot.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
classes.py
classes.py
 
 
collectors.py
collectors.py
 
 
lib.py
lib.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

BinBot

BinBot is a script designed to aggregate data from multiple *bin sources, and flexibly classify and sort that data using YARA rules.

YARA Rules:

By utilizing YARA pattern matching, BinBot is capable of:

  • Detecting common indicators of malware
  • Applying sets of regular expressions to documents
  • Blacklisting documents that are not of interest
  • Searching for keywords or phrases in documents

To add YARA rules, simply place the .yar or .yara file in yara_rules/general_rules to be ran on text files or yara_rules/binary_rules to be ran on executable files.

Make sure to customize your blacklist.yar and keywords.yar file.

Currently Supported Services:

Usage:

python3 BinBot.py <path to configuration file>

If no path is passed, binbot will run a manual setup.

Credits:

  • Binary rules found here and credited individually in the rule files.
  • KindredSec's pastebin video was an inspiration for the base64 rules
  • r/learnpython, as always

Planned Features and TODO:

  • Fix error in service multithreading that causes runs to immediately end

About

A scraper written in python to scrape the public pastebin archive and filter with customizable and extensible YARA rules

Resources

Readme

License

GPL-3.0 license
Activity

Stars

46 stars

Watchers

4 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages